libpsx2-2.63-150400.3.3.1<>,;drp9|8p! n2 ߙwNuCUn b/kF39/qtd.~QD9S/,tr[p"Gܺđ&cp,l ʺ!0X ?UV mǹsR4=_uzUa(S}rK4> )@1|?1ld   K7 M^    L `p , a (89:>-@-F-G-H-I-X-Y.\.0].@^.kb.c/Rd/e/f/l/u/v0w0x0y0z1 11 1&1hClibpsx22.63150400.3.3.1Library for Capabilities (linux-privs) SupportCapabilities are a measure to limit the omnipotence of the superuser. Currently a program started by root or setuid root has the power to do anything. Capabilities (Linux-Privs) provide a more fine-grained access control. Without kernel patches, you can use this library to drop capabilities within setuid binaries. If you use patches, this can be done automatically by the kernel.dribs-arm-6XySUSE Linux Enterprise 15SUSE LLC BSD-3-Clause OR GPL-2.0-onlyhttps://www.suse.com/System/Librarieshttps://sites.google.com/site/fullycapable/linuxaarch64 XO!A큤dkdldq`*aaf785d39ebf0a48ed8187f1eaa15b8c92486e047d7491286daf972d8a497889f58c80bcce8c929db39a23c32e924876e3311f3ffa54f66076c38056d38fa59blibpsx.so.2.63rootrootrootrootrootrootrootrootlibcap-2.63-150400.3.3.1.src.rpmlibpsx.so.2()(64bit)libpsx2libpsx2(aarch-64)@@@@@@    /sbin/ldconfig/sbin/ldconfigld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3dcp@ba@a͟@a4aS`@`r`y|@`X`"y@`U_@__O@_+^G@^0"@^[^]qZX|@Xh@W#Tabergmann@suse.commeissner@suse.comdmueller@suse.comdmueller@suse.comandreas.stieger@gmx.deinfo@paolostivanin.comdmueller@suse.comchristophe@krop.frtiwai@suse.dedmueller@suse.comdmueller@suse.comdmueller@suse.comdmueller@suse.comdmueller@suse.comdmueller@suse.cominfo@paolostivanin.comtiwai@suse.detiwai@suse.dempluskal@suse.commpluskal@suse.commatthias.gerstner@suse.comfvogt@suse.commatwey.kornilov@gmail.comjengelh@inai.dedimstar@opensuse.orgp.drouand@gmail.com- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch - Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch- Use "or" in the license tag to avoid confusion (bsc#1180073)- update to 2.63: * restore errno to zero by the time main() is executed * Consistent psx handling (a panic) for syscalls that return thread dependent status Inconsistend behavior noticed by Lorenz Bauer * Add a test case for a deadlock under investigation in golang * Trim some of the #include file use to make the tree compile more efficiently- update to 2.62: * Bug fix for Go package "cap" and launching * Build cleanups * Documentation updates: cap_max_bits has a man page entry * Recognize default securebits as a libcap mode: HYBRID- libcap 2.61: * Better error handling of the numerical arguments for capsh and setcap * Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc) * Added an example of a shared library object with its own file capability * Fix the top-level include for Make.Rules in the contrib/sucap example application * Add support for running constructors at libcap.so start up time when running as stand alone binary. - includes changes from 2.60: * Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization * General improvement in thread safety for libcap and cap package * Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns. * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API * New features for capsh: --quiet, -+ and =+ arguments - add upstream signing key and verify source signature- update to 2.59: * Fixed a potential libcap memory leak by adding a destructor * Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now * Added libcap cap_proc_root() API function * Added color support to captree * Fixed contrib/sucap/su to correctly handle the Inheritable flag * capsh enhancements * getcap -r / now generates readable output * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries * The module pam_cap.so now contains support for a default= module argument * Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions * Added capsh --current support * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su * Fix for a corner case infinite loop handling long strings * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs * Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree.- update to 2.51: * Fix capsh installation * Add an autoauth module flag to pam_cap.so * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another. * --explain=cap_foo: describe what cap_foo does * --suggest=phrase: search all the cap descriptions and describe those that match the phrase * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) * extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics. * this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin. * Add a test case for recent kernel fix * Go pragma fix for convenience functions in "cap" module- Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to.- Add explicit dependency on libcap2 with version to libcap-progs (bsc#1184690)- update to 2.49: * Implement cap_func_launcher() and cap.FuncLauncher(). * More robust "psx" redirection for nocgo compilation - the documentation for the cgo implementation is now included in the nocgo one because the go.dev automated documentation builds the docs from the nocgo version. * Lots of documentation cleanups and added a few man pages: for IAB and Launching. * Some general no-op License changes that might cause folk to notice but only for formatting reasons. These were initially inspired by some lawyerly interactions, but I ended up rolling back half of them because they confused automated software infrastructure.- update to 2.48: * More uniform use of $(MAKE) in Makefiles * No longer include symlinks in the git tree * Provide support for make GOLANG=no ... * Provide support for pointing at a specific build of the go binary * camelCase the contrib/seccomp/explore.go program * A number of documentation fixes to man pages and source code comments * Last use of GO major version 0- update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates- update to 2.46: * The bulk of this release concerns fixes and improvements to libpsx * Fix the capsh == argument handling and add a test case * Added build support for systems that do not support libpthread * Added build support for not building shared libraries- update to 2.44: Generally, this is a release to help package builders: no functional change to any of the generated code just documentation and make related fixes.- update to 2.43 * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets * Clean up a binary from the distribution * Added some more release time checks for non-git tracked files. * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder.- Update to version 2.42: * Closed a potential issue with "libcap/psx" Go package and errno * Documentation updates * Minor optimization for cap_to_text() and (*cap.Set).String() * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap * Multiple fixes * Support Go module abstraction * A new kernel capability: CAP_BPF * Better support for cross-compilation * pam_cap now honors PAM_REINITIALIZE_CRED * implements cap_launch functionality- Update to version 2.32: * Bug fix for fakeroot incompatibility (boo#1162014) * Slight perf improvement for cap_get_bound(). * C++ support for psx header inclusion. * Some new testing features for capsh- Update to version 2.31: * primarily a documentation update * fix libpam.pc to not require libpsx.pc * changed the text format of the default output of getpcap- Build using -ffat-lto-objects for static library- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460): * BUGFIX: arm and i386 fixes C and Go setgroups choice - used wrong syscall in 2.29. * cleaned up make clean and make install to actually work as intended * updated Gentoo libpsx.pc file from Lars Wendler * refactored the way libpsx linkage with libcap performed mutual discovery. * Previously (2.28) libpsx had an API call overridden by libcap using weak linkage function in libpsx. In 2.30 this is reversed, namely libpsx provides the stronger function and libcap has a weak "no-op" version. * a bit more consistency in handling the 'all' sets in libcap (C) and libcap/cap (Go). Namely, they both dynamically discover the number of capabilities named by the kernel and use this as the definition of 'all' for the current runtime. + libcap (C) exports cap_max_bit() to export the number of supported capabilities + libcap/cap (Go) exports cap.MaxBits() for this same value. - For changes for older releases see: * https://sites.google.com/site/fullycapable/release-notes-for-libcap - Add glibc-static-devel as build requirement as tests need it - Install libpsx.a as it seems to be needed in some cases: * https://bugs.gentoo.org/703912- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security wise.- Use %license (boo#1082318)- Enable PAM pam_cap.so module- RPM group association fix- Update to versison 2.25: + Recover gperf detection in make rules. + Man page typo fix. + Tweak make rules to make packaging more straightforward. + Fix error explanation in setcap. + Drop need to link with libattr. It turns out libcap wasn't actually using any code from that library, so linking to it was superfluous. - Drop libcap-nolibattr.patch: fixed upstream. - No longer add %{buildroot} to all variables for make install the Makefile learned about the meaning of DESTDIR.- Update to version 2.24 * Fix compilation problems (note to self, make distclean && make, before release) * Some make rule changes to make uploading a release to kernel.org easier for me. * Tidied up some documented links. - Update libcap-nolibattr.patch - Add pkg-config build requirement; libcap now provides a pkgconfig file - Clean up specfile - Move libraries and binaries to /usr because of #UsrMove/sbin/ldconfig/sbin/ldconfigibs-arm-6 16877919862.63-150400.3.3.12.63-150400.3.3.1libpsx.so.2libpsx.so.2.63libpsx2License/usr/lib64//usr/share/licenses//usr/share/licenses/libpsx2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:29616/SUSE_SLE-15-SP4_Update/acc1a57c9c21449596cf148fbbfeb63b-libcap.SUSE_SLE-15-SP4_Updatedrpmxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=8c0c97b644790b5ba2a3c67fd3686c8b841b38c6, strippeddirectoryASCII textPRRRRRR ѐj}hOutf-8ebf4313822f8c0480b965b02afaeb80841a67a6b91ad630e476c0f06f6500fe5?7zXZ !t/]"k%jjdvR(⒧D"}o@%F%A"ݚEƾ΂vV nǢئ.K JBaId"̪h AMc-l-wuxŖR%KȾ>9ARӳ6GO"8vfGWQӝ!f*v+()S֒oC7"Pjd w\PF߄h[љ/d6gڅGЅ*\(t)u_xG]}lulDa艶yϴW1t]XFXgez4|9ܐZ~dih%VBzbeoХV{7[g/_zm r}j~Nk3H< cע aF!n]êdQ=]g-*>:'V9F65ѽmZ/Z]t@"Rt MX֘é l _ps>$I Yۏ1Į CP~i&Xe%i)\, Ф]|j'}R-u@(rPz{=!DS| `h`㧶j3:iI#؇#Ƭ>զ&nsxY:[c/e${rPD*6K b?ST)SekWhQ PѣNO úR< ~LfTw`J!qn2d lVK"ݎ^G U1 rxƼ޺Pc2$?bB~FCFT-\o/1HDT]QT&6-Z:Z */W["fʦlj\ܓLXe]QLbg?vs%|䙢z0x,[&Ey_h/u@ֹ spPηjdm%7q>Ec| T}qʐ+.,~##͵c ixj9# mawo{] Ӹ /C|ji;y]|{Ө {RPw"L([}{ÚOQ:-æKI"jiDVtdi8S ڊT'O \i-:l4h$,OTn1kfPZ~eŝ1 R/m 0G5c,X_\L`#*wkȲ.`#tjt}Vfה#1-JAZ Q RF`_ muv[5oXJȭFN'dbJ -x\ YZ