- Update from 0.8.2 to 0.8.3
- Update of rootfile not required
- Changelog
0.8.3
- Fix parameters to capng_updatev python bindings to be signed
- Detect capability options at runtime to make containerization easier (ntkme)
- Initialize the library when linked statically
- Add gcc function attributes for deallocation
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 0.7.9 to 0.8.2
- Update rootfile
- Changelog
0.8.2
- In capng_apply, if we blew up in bounding set, allow setting capabilities
- If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
- Improve last_cap check
0.8.1
- If procfs is not available, leave last_cap as CAP_LAST_CAP
- If bounding and ambient not found in status, try prctl method
- In capng_apply, move ambient caps to the end of the transaction
- In capng_apply, return errors more aggressively.
- In capng_apply, if the action includes the bounding set,resync with the kernel
- Fix signed/unsigned warning in cap-ng.c
- In capng_apply, return a unique error code to diagnose any failure
- In capng_have_capability, return 0 for failure
- Add the libdrop_ambient admin tool
0.8
- Add vararg support to python bindings for capng_updatev
- Add support for ambient capabilities
- Add support for V3 filesystem capabilities
0.7.11
- Really clear bounding set if asked in capng_change_id
- Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
- Avoid malloc/free in capng_apply (Natanael Copa)
- If procfs is not available, get bounding set via prctl
- Cleanup some compiler warnings
0.7.10
- Update capng_change_id man page
- Add capng_have_permitted_capabilities function
- Update filecap to output which set the capabilities are in
- Fix filecap to not output an error when a file has no capabilities
- Add udplite support to netcap
- Fix usage of pthread_atfork (Joe Orton)
- Mark processes in child user namespaces with * (Danila Kiver)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
