libcap2-32bit-2.63-150400.3.3.1<>,>dip9|L=kE69vr1w-VB.}/> C,A82BztYYqX2땊ZiPNs/0STD[H$oD FaY)D|b yRDzSISs0yhal&LLzMgp<%^S(ԈJ2ԡѝ2݇ Uh%!W{!u]:Z5frn!;C! +2̼k Om {>>0x?0hd " Q7 M^     &0T\(%8,9:~>-EG-PH-XI-`X-dY-p\-]-^-b-c.d/e/ f/ l/u/ v/(w/x/y/ 000"0dClibcap2-32bit2.63150400.3.3.1Library for Capabilities (linux-privs) SupportCapabilities are a measure to limit the omnipotence of the superuser. Currently a program started by root or setuid root has the power to do anything. Capabilities (Linux-Privs) provide a more fine-grained access control. Without kernel patches, you can use this library to drop capabilities within setuid binaries. If you use patches, this can be done automatically by the kernel.disheep61SUSE Linux Enterprise 15SUSE LLC BSD-3-Clause OR GPL-2.0-onlyhttps://www.suse.com/System/Librarieshttps://sites.google.com/site/fullycapable/linuxx86_64/sbin/ldconfigdidi9f58cbd1029150f352965f97e3754cb67a7345eb478c9eba232f29bbf07f7924libcap.so.2.63rootrootrootrootlibcap-2.63-150400.3.3.1.src.rpmlibcap.so.2libcap2-32bitlibcap2-32bit(x86-32)@@@@@@@@@@    /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libc.so.6(GLIBC_2.9)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3dcp@ba@a͟@a4aS`@`r`y|@`X`"y@`U_@__O@_+^G@^0"@^[^]qZX|@Xh@W#Tabergmann@suse.commeissner@suse.comdmueller@suse.comdmueller@suse.comandreas.stieger@gmx.deinfo@paolostivanin.comdmueller@suse.comchristophe@krop.frtiwai@suse.dedmueller@suse.comdmueller@suse.comdmueller@suse.comdmueller@suse.comdmueller@suse.comdmueller@suse.cominfo@paolostivanin.comtiwai@suse.detiwai@suse.dempluskal@suse.commpluskal@suse.commatthias.gerstner@suse.comfvogt@suse.commatwey.kornilov@gmail.comjengelh@inai.dedimstar@opensuse.orgp.drouand@gmail.com- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch - Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch- Use "or" in the license tag to avoid confusion (bsc#1180073)- update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently- update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID- libcap 2.61: * Better error handling of the numerical arguments for capsh and setcap * Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc) * Added an example of a shared library object with its own file capability * Fix the top-level include for Make.Rules in the contrib/sucap example application * Add support for running constructors at libcap.so start up time when running as stand alone binary. - includes changes from 2.60: * Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization * General improvement in thread safety for libcap and cap package * Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns. * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API * New features for capsh: --quiet, -+ and =+ arguments - add upstream signing key and verify source signature- update to 2.59: * Fixed a potential libcap memory leak by adding a destructor * Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now * Added libcap cap_proc_root() API function * Added color support to captree * Fixed contrib/sucap/su to correctly handle the Inheritable flag * capsh enhancements * getcap -r / now generates readable output * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries * The module pam_cap.so now contains support for a default= module argument * Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions * Added capsh --current support * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su * Fix for a corner case infinite loop handling long strings * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs * Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree.- update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module- Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to.- Add explicit dependency on libcap2 with version to libcap-progs (bsc#1184690)- update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure.- update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0- update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates- update to 2.46: * The bulk of this release concerns fixes and improvements to libpsx * Fix the capsh == argument handling and add a test case * Added build support for systems that do not support libpthread * Added build support for not building shared libraries- update to 2.44: Generally, this is a release to help package builders: no functional change to any of the generated code just documentation and make related fixes.- update to 2.43 * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets * Clean up a binary from the distribution * Added some more release time checks for non-git tracked files. * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.- Update to version 2.42: * Closed a potential issue with "libcap/psx" Go package and errno * Documentation updates * Minor optimization for cap_to_text() and (*cap.Set).String() * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap * Multiple fixes * Support Go module abstraction * A new kernel capability: CAP_BPF * Better support for cross-compilation * pam_cap now honors PAM_REINITIALIZE_CRED * implements cap_launch functionality- Update to version 2.32: * Bug fix for fakeroot incompatibility (boo#1162014) * Slight perf improvement for cap_get_bound(). * C++ support for psx header inclusion. * Some new testing features for capsh- Update to version 2.31: * primarily a documentation update * fix libpam.pc to not require libpsx.pc * changed the text format of the default output of getpcap- Build using -ffat-lto-objects for static library- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460): * BUGFIX: arm and i386 fixes C and Go setgroups choice - used wrong syscall in 2.29. * cleaned up make clean and make install to actually work as intended * updated Gentoo libpsx.pc file from Lars Wendler * refactored the way libpsx linkage with libcap performed mutual discovery. * Previously (2.28) libpsx had an API call overridden by libcap using weak linkage function in libpsx. In 2.30 this is reversed, namely libpsx provides the stronger function and libcap has a weak "no-op" version. * a bit more consistency in handling the 'all' sets in libcap (C) and libcap/cap (Go). Namely, they both dynamically discover the number of capabilities named by the kernel and use this as the definition of 'all' for the current runtime. + libcap (C) exports cap_max_bit() to export the number of supported capabilities + libcap/cap (Go) exports cap.MaxBits() for this same value. - For changes for older releases see: * https://sites.google.com/site/fullycapable/release-notes-for-libcap - Add glibc-static-devel as build requirement as tests need it - Install libpsx.a as it seems to be needed in some cases: * https://bugs.gentoo.org/703912- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security wise.- Use %license (boo#1082318)- Enable PAM pam_cap.so module- RPM group association fix- Update to versison 2.25: + Recover gperf detection in make rules. + Man page typo fix. + Tweak make rules to make packaging more straightforward. + Fix error explanation in setcap. + Drop need to link with libattr. It turns out libcap wasn't actually using any code from that library, so linking to it was superfluous. - Drop libcap-nolibattr.patch: fixed upstream. - No longer add %{buildroot} to all variables for make install the Makefile learned about the meaning of DESTDIR.- Update to version 2.24 * Fix compilation problems (note to self, make distclean && make, before release) * Some make rule changes to make uploading a release to kernel.org easier for me. * Tidied up some documented links. - Update libcap-nolibattr.patch - Add pkg-config build requirement; libcap now provides a pkgconfig file - Clean up specfile - Move libraries and binaries to /usr because of #UsrMove/bin/sh2.63-150400.3.3.12.63-150400.3.3.1libcap.so.2libcap.so.2.63/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:29616/SUSE_SLE-15-SP4_Update/acc1a57c9c21449596cf148fbbfeb63b-libcap.SUSE_SLE-15-SP4_Updatedrpmxz5x86_64-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=b75b2950b865c4227755853242d17cc856845f27, stripped PR RR RRRRRRRutf-8e1dc4ea7916650ada3d0c0bcaa4dfdfad7cf128ef40aac074851f4a52d02aeee? 7zXZ !t/ ]"k%ʽdB5BX,3^L7X=Dr_Mי03t7OH1[U=;Pg@l>t*X֞l%('Vn<#Isȿыc}IB:(j%i,w0&|Ahgo*%HIϕУ`}G\@[J}iZR؟п]}Fn@ъmzn0TAqrv‚a?ڟ- n#h]}!Qxiop[ڭH{}A1VNg*d2>T2^ziu4Ig Bޫ]=ڟa3(p]WDzC轾_&Q`5'l&ORĠa[%Kr_8cCiTњN60UV^B];f˫O߃\VkPѩa&zuh۷cPU>*NԝFq[y-0dQQntjw"3W9ϹqwKg{ף.|lOqTz" KUaD$.8T2L˷dsT]3r&ưYTC5IM; V釅5Ku0ҤopB DM3Xȇsz`N=]{'֍Re`s#2ʕ<3Xz]83|}X~Z ?ٞcš@SWh Ї.@L֐>FXa%"sqi=;Y`$̇zUUNN7`ﱕS_@M)mrL2Y[@Bo#s0X x_-'#*6|%ۋU[PK RB6O*U 벻KiFϞ]ͳ+9ǵiT[ LK$~2.ߛR/A ^q^1}[GhF{x@M8n5 ֠?sK%"fKE5`wsRhĉJ{<`?]UҮam +o.X6 =L}کwrEG4 4+9}ט57m=Jde]`v)b!K(mM=Xn> l77܎zF Q~P8LkrTq z9z&IB&w)}HvUlZm7 5s,s{&"?XYyĕ:y{(\AZr,Au>F =Ȍ?4 bqylVڡ'avZ,g۶iz$& YEu"*TsbP?׺AVLD#G=:ѧZœs3\bsڙRF?dx. ,KJ=uXRkU_(:# -Km'zAfG)Y?kZM >E["+18wەfBW&w',bPᓟ ;`Dix"x/>W9'JHBgJj[x_3qZQw94(bzMx[bɿt"ȡ@mwJP$u\\EM2%#ڠmnB[!l7ԕ4!MdWxQ [hq6_YREap='/`nz+Kw9" {lz>Unm)55`󃹣{ʞQAM#jS؉@ 0ն*d˙Hf8:U<1FZ:mpt+H"|-f)Mi|RiH7akrBǭmBpO}!۾M')Gny0ˋVWQP.P-t's>qwG$XqVӬ|_YpPؿZˇ+dզK'YV\˽)Vw]#250~)J}V$ ?a]@==G"j$Vn&鮳@H&څ{o؂8/HBkA!gBLv忟*׼`aeZktcYJUʓG6o73]UZڶ,][0)ꔼn e w@n5W YZ