-
Notifications
You must be signed in to change notification settings - Fork 38
/
ChangeLog
178 lines (149 loc) · 6 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
0.8.6
0.8.5
- Remove python global exception handler since it's deprecated
- Make the utilities link against just built libraries
- Remove unused macro in cap-ng.h
0.8.4
- In capng_change_id, clear PR_SET_KEEPCAPS if returning an error
- pscap: add -p option for reporting a specified process (Masatake Yamato)
- Annotate function prototypes to warn if results are unused
- Drop python2 support
0.8.3
- Fix parameters to capng_updatev python bindings to be signed
- Detect capability options at runtime to make containerization easier (ntkme)
- Initialize the library when linked statically
- Add gcc function attributes for deallocation
0.8.2
- In capng_apply, if we blew up in bounding set, allow setting capabilities
- If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
- Improve last_cap check
0.8.1
- If procfs is not available, leave last_cap as CAP_LAST_CAP
- If bounding and ambient not found in status, try prctl method
- In capng_apply, move ambient caps to the end of the transaction
- In capng_apply, return errors more aggressively.
- In capng_apply, if the action includes the bounding set,resync with the kernel
- Fix signed/unsigned warning in cap-ng.c
- In capng_apply, return a unique error code to diagnose any failure
- In capng_have_capability, return 0 for failure
- Add the libdrop_ambient admin tool
0.8
- Add vararg support to python bindings for capng_updatev
- Add support for ambient capabilities
- Add support for V3 filesystem capabilities
0.7.11
- Really clear bounding set if asked in capng_change_id
- Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
- Avoid malloc/free in capng_apply (Natanael Copa)
- If procfs is not available, get bounding set via prctl
- Cleanup some compiler warnings
0.7.10
- Update capng_change_id man page
- Add capng_have_permitted_capabilities function
- Update filecap to output which set the capabilities are in
- Fix filecap to not output an error when a file has no capabilities
- Add udplite support to netcap
- Fix usage of pthread_atfork (Joe Orton)
- Mark processes in child user namespaces with * (Danila Kiver)
0.7.9
- Fix byte compiling python3 bindings
- Detect and output a couple errors in filecap
- Use pthread_atfork to optionally reset the pid and related info on fork
- Rework spec file to show new python2/3 separation
0.7.8
- Improve Python3 support
- Fix the thread separation test
- Correct typo in cap_pacct text
- Update man page for captest
- Fix sscanf string lengths in netcap
- Correct linking of python3 module
0.7.7
- Make sure all types used in _lnode are defined in proc-llist.h
- Fix python binding test for old kernels
- Fix leaked FD in library init
0.7.6
- Fix python3 support
0.7.5
- Make python3 supported
- In python bindings test, clamp CAP_LAST_CAP with /proc/.../cap_last_cap
- Update table for 3.16 kernel
0.7.4
- In pscap, remove unused code
- Add CAPNG_INIT_SUPP_GRP to capng_change_id
- Drop CAP_COMPROMISE_KERNEL
- Update the autotools components
- Dynamically detect last capability (#895105)
- Add PR_SET_NO_NEW_PRIVS to capng_lock if kernel supports it
0.7.3
- Make sure stderr is used consistently in utils
- Fix logic causing file based capabilities to not be supported when it should
0.7.1
- Add CAP_COMPROMISE_KERNEL
- Define FTW_CONTINUE in case its not defined in libc
- Use glibc for xattr.h if available
0.7
- Make file opens use the cloexec flag (Cristian Rodríguez)
- Add CAP_BLOCK_SUSPEND
- Fix possible segfaults when CAP_LAST_CAP is larger than the lookup table
- In pscap, don't drop capabilities when running with capabilities
0.6.6
- In netcap, make sure readlink is handled properly
- Add CAP_SYSLOG
- In netcap and pscap, ensure euid is initialized
- Add CAP_WAKE_ALARM
0.6.5
- Fix self test build problem on clean system (Sterling X. Winter)
- Only open regular files in filecap
- Make building Python bindings optional
- Python bindings update (arfrever.fta)
- Fix filecap segfault when checking a specific file
- Add define for missing XATTR_NAME_CAPS since 2.6.36 makes it private
0.6.4
- Update packet socket code to print interface
- Fix effective capabilities read from file descriptor
- Use thread ID for capget/set calls
0.6.3
- In netcap and pscap use the effective uid
- In capng_change_id, only retain setpcap if clearing the bounding set
0.6.2
- Make pscap drop capabilities so its not listed in report
- Review prctl calls to make sure we are passing 5 args
- Add package config support
0.6.1
- In netcap, don't complain about missing udp or raw network files
- Adjusted data read in for file based capabilities
0.6
- In netcap, don't complain about missing network files
- Add python bindings
- Add m4 macro file to help developers configure libcap-ng in their apps
- Fake applying bounding set for old OS
- Ignore setpcap for old OS when changing id
- Remove capabilities v1 data handling from reading file attributes
- Set the SECURE_NO_SETUID_FIXUP and LOCKED securebits flags in capng_lock
0.5.1
- Remove unnecessary uid check in change_uid when dropping supplemental groups
- Add credential printout and other improvements to captest
- In the init routine, set hdr.pid to current process
- Use bit mask on effective capabilities check in have_capabilities
- Numeric printing of bounding set bits were in wrong order
- In update function, reverse the order of bounding set vs capabilities
- Revise the tests used to determine if bounding set should be updated
0.5
- If attr/xattr.h is not available disable file system capabilities
- Initialize capng_have_capability with capng_get_caps_process if unknown
- Make capng_change_id drop the gid if given
- Fixed cap_update for bounding set
- Fix have_capability for bounding set
- Added more tests to the make check target
- Remove CAPNG_LOCK_PERMS for change_id flags
- Added captest program
0.4.2
- Fix missing includes for various OS and platforms
- Correct misplaced #ifdef for older OS
- Reorder clearing of bounding set in capng_change_id
- Make locking a noop in capng_change_id for the moment
0.4.1
- spec file clean ups
- Man pages for all library functions
0.4
- Initial public release