Release notes for libcap

Release notes for 2.25

posted Jan 31, 2016, 8:42 AM by Andrew G. Morgan

  • Recover gperf detection in make rules (thanks to Matthieu Crapet).
  • Man page typo fix (thanks to Omair Majid).
  • Tweak make rules to make packaging more straightforward (thanks to Benedikt Morbach).
  • Fix error explanation in setcap (thanks to Mike Frysinger).
  • Drop need to link with libattr. It turns out libcap wasn't actually using any code from that library, so linking to it was superfluous.

Release notes for 2.24

posted Jan 5, 2014, 5:26 PM by Andrew G. Morgan

  • Fix compilation problems (note to self, make distclean && make, before release)
    • Thanks to Tom Gundersen and Allan McRae for finding and fixing the issues.
  • Some make rule changes to make uploading a release to easier for me.
  • Tidied up some documented links. Patch from Xose Vazquez Perez.

Release notes for 2.23

posted Dec 24, 2013, 11:55 AM by Andrew G. Morgan

[884 days pass...]
  • get libcap to compile with modern kernels. This adds support for newer capabilities: CAP_WAKE_ALARM; CAP_BLOCK_SUSPEND.
  • include a libcap.pc file for package maintainers (thanks to Bryan Kadzban, and Thomas H.P. Anderson).
  • clear up some signed/unsigned comparison issues (thanks to Mark Wielaard @ Redhat and, more recently from Akhil Arora @ Intel)
  • add support for power-pc build (courtesy of Ivan Kabaivanov)
  • we can apparently no longer rely on the system util ping to assist with testing libcap/capsh/kernel combinations, so use capsh instead. (Thanks to Serge Hallyn @ Ubuntu for debugging help.)

Release notes for 2.22

posted Jul 24, 2011, 7:33 PM by Andrew G. Morgan

  • Clarified License file (with version 2 of the GPL)
  • Support getting/setting capabilities on large files (Patch courtesy of Mikhail Kulinich by way of Serge Hallyn).
  • After --chroot command, change working directory to "/". This follows a suggestion from Steve Grubb, who pointed out:

Release notes for 2.21

posted Apr 28, 2011, 8:17 PM by Andrew G Morgan

  • Introduce cap_get_bound() and cap_drop_bound() functions.
    • also include a macro CAP_IS_SUPPORTED(cap) for capabilities
  • Add a manual cross link from libcap(3) to capsh(1)

Release notes for 2.20

posted Jan 18, 2011, 9:15 PM by Andrew G Morgan

  • Latest kernel capabilites supported: now includes CAP_SYSLOG (patch from Sergey Senozhatsky)
  • $(CFLAGS) Makefile fixes from Torsten Werner
  • Default to installing setcap with an inheritable capability.
    • You can disable this feature with: make RAISE_SETFCAP=no install

Release notes for 2.19

posted Jan 13, 2010, 6:12 PM by Andrew G Morgan

  • Latest kernel header(s) - now include linux/securebits.h and linux/prctl.h copy
  • capsh
    • --print securebits in binary
    • support --drop=all
    • --print text usernames as well as numeric ids
    • add test for max lock-down state
  • New sys/securebits.h (from Serge)

Release notes for 2.18

posted Dec 25, 2009, 4:17 PM by Andrew G Morgan

  • Some documentation fixes from Mike Frysinger (getcap.8 and setcap.8)
  • Manual entry created for capsh.1
  • Added features to capsh:
    • --print supplementary group list
    • --user=<foo> argument to set user and groups to named user
    • --gid=<N> set gid of current user (N is numeric)
    • --groups=<g1>,<g2>,... to set supplementary group list

Release notes for 2.17

posted Dec 3, 2008, 11:12 PM by Andrew G Morgan   [ updated Aug 26, 2009, 10:10 PM ]

  • Fix some compilation problems (the hacky workarounds are gone now - thanks to many folk for pointing out that more recent kernels didn't like the hack that was there)
  • Fixed test for setuid-0 shell scripts. Namely, they should not get capabilities when executed by someone other than root.

Release notes for 2.16

posted Dec 3, 2008, 11:09 PM by Andrew G Morgan   [ updated Dec 3, 2008, 11:12 PM ]

  • The use of sed to extract capabilities from the kernel linux/capability.h header was proving problematic (it was dropping capabilities on older systems because \t wasn't correctly handled) leading to runtime seg-faults. As such, I've replaced the sed code with some perl code which appears to be more robust.

1-10 of 12