1*8dd5e09dSSadaf Ebrahimi0.8.5 2*8dd5e09dSSadaf Ebrahimi- Remove python global exception handler since it's deprecated 3*8dd5e09dSSadaf Ebrahimi- Make the utilities link against just built libraries 4*8dd5e09dSSadaf Ebrahimi- Remove unused macro in cap-ng.h 5*8dd5e09dSSadaf Ebrahimi 6*8dd5e09dSSadaf Ebrahimi0.8.4 7*8dd5e09dSSadaf Ebrahimi- In capng_change_id, clear PR_SET_KEEPCAPS if returning an error 8*8dd5e09dSSadaf Ebrahimi- pscap: add -p option for reporting a specified process (Masatake Yamato) 9*8dd5e09dSSadaf Ebrahimi- Annotate function prototypes to warn if results are unused 10*8dd5e09dSSadaf Ebrahimi- Drop python2 support 11*8dd5e09dSSadaf Ebrahimi 12*8dd5e09dSSadaf Ebrahimi0.8.3 13*8dd5e09dSSadaf Ebrahimi- Fix parameters to capng_updatev python bindings to be signed 14*8dd5e09dSSadaf Ebrahimi- Detect capability options at runtime to make containerization easier (ntkme) 15*8dd5e09dSSadaf Ebrahimi- Initialize the library when linked statically 16*8dd5e09dSSadaf Ebrahimi- Add gcc function attributes for deallocation 17*8dd5e09dSSadaf Ebrahimi 18*8dd5e09dSSadaf Ebrahimi0.8.2 19*8dd5e09dSSadaf Ebrahimi- In capng_apply, if we blew up in bounding set, allow setting capabilities 20*8dd5e09dSSadaf Ebrahimi- If PR_CAP_AMBIENT is not available, do not build libdrop_ambient 21*8dd5e09dSSadaf Ebrahimi- Improve last_cap check 22*8dd5e09dSSadaf Ebrahimi 23*8dd5e09dSSadaf Ebrahimi0.8.1 24*8dd5e09dSSadaf Ebrahimi- If procfs is not available, leave last_cap as CAP_LAST_CAP 25*8dd5e09dSSadaf Ebrahimi- If bounding and ambient not found in status, try prctl method 26*8dd5e09dSSadaf Ebrahimi- In capng_apply, move ambient caps to the end of the transaction 27*8dd5e09dSSadaf Ebrahimi- In capng_apply, return errors more aggressively. 28*8dd5e09dSSadaf Ebrahimi- In capng_apply, if the action includes the bounding set,resync with the kernel 29*8dd5e09dSSadaf Ebrahimi- Fix signed/unsigned warning in cap-ng.c 30*8dd5e09dSSadaf Ebrahimi- In capng_apply, return a unique error code to diagnose any failure 31*8dd5e09dSSadaf Ebrahimi- In capng_have_capability, return 0 for failure 32*8dd5e09dSSadaf Ebrahimi- Add the libdrop_ambient admin tool 33*8dd5e09dSSadaf Ebrahimi 34*8dd5e09dSSadaf Ebrahimi0.8 35*8dd5e09dSSadaf Ebrahimi- Add vararg support to python bindings for capng_updatev 36*8dd5e09dSSadaf Ebrahimi- Add support for ambient capabilities 37*8dd5e09dSSadaf Ebrahimi- Add support for V3 filesystem capabilities 38*8dd5e09dSSadaf Ebrahimi 39*8dd5e09dSSadaf Ebrahimi0.7.11 40*8dd5e09dSSadaf Ebrahimi- Really clear bounding set if asked in capng_change_id 41*8dd5e09dSSadaf Ebrahimi- Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE 42*8dd5e09dSSadaf Ebrahimi- Avoid malloc/free in capng_apply (Natanael Copa) 43*8dd5e09dSSadaf Ebrahimi- If procfs is not available, get bounding set via prctl 44*8dd5e09dSSadaf Ebrahimi- Cleanup some compiler warnings 45*8dd5e09dSSadaf Ebrahimi 46*8dd5e09dSSadaf Ebrahimi0.7.10 47*8dd5e09dSSadaf Ebrahimi- Update capng_change_id man page 48*8dd5e09dSSadaf Ebrahimi- Add capng_have_permitted_capabilities function 49*8dd5e09dSSadaf Ebrahimi- Update filecap to output which set the capabilities are in 50*8dd5e09dSSadaf Ebrahimi- Fix filecap to not output an error when a file has no capabilities 51*8dd5e09dSSadaf Ebrahimi- Add udplite support to netcap 52*8dd5e09dSSadaf Ebrahimi- Fix usage of pthread_atfork (Joe Orton) 53*8dd5e09dSSadaf Ebrahimi- Mark processes in child user namespaces with * (Danila Kiver) 54*8dd5e09dSSadaf Ebrahimi 55*8dd5e09dSSadaf Ebrahimi0.7.9 56*8dd5e09dSSadaf Ebrahimi- Fix byte compiling python3 bindings 57*8dd5e09dSSadaf Ebrahimi- Detect and output a couple errors in filecap 58*8dd5e09dSSadaf Ebrahimi- Use pthread_atfork to optionally reset the pid and related info on fork 59*8dd5e09dSSadaf Ebrahimi- Rework spec file to show new python2/3 separation 60*8dd5e09dSSadaf Ebrahimi 61*8dd5e09dSSadaf Ebrahimi0.7.8 62*8dd5e09dSSadaf Ebrahimi- Improve Python3 support 63*8dd5e09dSSadaf Ebrahimi- Fix the thread separation test 64*8dd5e09dSSadaf Ebrahimi- Correct typo in cap_pacct text 65*8dd5e09dSSadaf Ebrahimi- Update man page for captest 66*8dd5e09dSSadaf Ebrahimi- Fix sscanf string lengths in netcap 67*8dd5e09dSSadaf Ebrahimi- Correct linking of python3 module 68*8dd5e09dSSadaf Ebrahimi 69*8dd5e09dSSadaf Ebrahimi0.7.7 70*8dd5e09dSSadaf Ebrahimi- Make sure all types used in _lnode are defined in proc-llist.h 71*8dd5e09dSSadaf Ebrahimi- Fix python binding test for old kernels 72*8dd5e09dSSadaf Ebrahimi- Fix leaked FD in library init 73*8dd5e09dSSadaf Ebrahimi 74*8dd5e09dSSadaf Ebrahimi0.7.6 75*8dd5e09dSSadaf Ebrahimi- Fix python3 support 76*8dd5e09dSSadaf Ebrahimi 77*8dd5e09dSSadaf Ebrahimi0.7.5 78*8dd5e09dSSadaf Ebrahimi- Make python3 supported 79*8dd5e09dSSadaf Ebrahimi- In python bindings test, clamp CAP_LAST_CAP with /proc/.../cap_last_cap 80*8dd5e09dSSadaf Ebrahimi- Update table for 3.16 kernel 81*8dd5e09dSSadaf Ebrahimi 82*8dd5e09dSSadaf Ebrahimi0.7.4 83*8dd5e09dSSadaf Ebrahimi- In pscap, remove unused code 84*8dd5e09dSSadaf Ebrahimi- Add CAPNG_INIT_SUPP_GRP to capng_change_id 85*8dd5e09dSSadaf Ebrahimi- Drop CAP_COMPROMISE_KERNEL 86*8dd5e09dSSadaf Ebrahimi- Update the autotools components 87*8dd5e09dSSadaf Ebrahimi- Dynamically detect last capability (#895105) 88*8dd5e09dSSadaf Ebrahimi- Add PR_SET_NO_NEW_PRIVS to capng_lock if kernel supports it 89*8dd5e09dSSadaf Ebrahimi 90*8dd5e09dSSadaf Ebrahimi0.7.3 91*8dd5e09dSSadaf Ebrahimi- Make sure stderr is used consistently in utils 92*8dd5e09dSSadaf Ebrahimi- Fix logic causing file based capabilities to not be supported when it should 93*8dd5e09dSSadaf Ebrahimi 94*8dd5e09dSSadaf Ebrahimi0.7.1 95*8dd5e09dSSadaf Ebrahimi- Add CAP_COMPROMISE_KERNEL 96*8dd5e09dSSadaf Ebrahimi- Define FTW_CONTINUE in case its not defined in libc 97*8dd5e09dSSadaf Ebrahimi- Use glibc for xattr.h if available 98*8dd5e09dSSadaf Ebrahimi 99*8dd5e09dSSadaf Ebrahimi0.7 100*8dd5e09dSSadaf Ebrahimi- Make file opens use the cloexec flag (Cristian Rodríguez) 101*8dd5e09dSSadaf Ebrahimi- Add CAP_BLOCK_SUSPEND 102*8dd5e09dSSadaf Ebrahimi- Fix possible segfaults when CAP_LAST_CAP is larger than the lookup table 103*8dd5e09dSSadaf Ebrahimi- In pscap, don't drop capabilities when running with capabilities 104*8dd5e09dSSadaf Ebrahimi 105*8dd5e09dSSadaf Ebrahimi0.6.6 106*8dd5e09dSSadaf Ebrahimi- In netcap, make sure readlink is handled properly 107*8dd5e09dSSadaf Ebrahimi- Add CAP_SYSLOG 108*8dd5e09dSSadaf Ebrahimi- In netcap and pscap, ensure euid is initialized 109*8dd5e09dSSadaf Ebrahimi- Add CAP_WAKE_ALARM 110*8dd5e09dSSadaf Ebrahimi 111*8dd5e09dSSadaf Ebrahimi0.6.5 112*8dd5e09dSSadaf Ebrahimi- Fix self test build problem on clean system (Sterling X. Winter) 113*8dd5e09dSSadaf Ebrahimi- Only open regular files in filecap 114*8dd5e09dSSadaf Ebrahimi- Make building Python bindings optional 115*8dd5e09dSSadaf Ebrahimi- Python bindings update (arfrever.fta) 116*8dd5e09dSSadaf Ebrahimi- Fix filecap segfault when checking a specific file 117*8dd5e09dSSadaf Ebrahimi- Add define for missing XATTR_NAME_CAPS since 2.6.36 makes it private 118*8dd5e09dSSadaf Ebrahimi 119*8dd5e09dSSadaf Ebrahimi0.6.4 120*8dd5e09dSSadaf Ebrahimi- Update packet socket code to print interface 121*8dd5e09dSSadaf Ebrahimi- Fix effective capabilities read from file descriptor 122*8dd5e09dSSadaf Ebrahimi- Use thread ID for capget/set calls 123*8dd5e09dSSadaf Ebrahimi 124*8dd5e09dSSadaf Ebrahimi0.6.3 125*8dd5e09dSSadaf Ebrahimi- In netcap and pscap use the effective uid 126*8dd5e09dSSadaf Ebrahimi- In capng_change_id, only retain setpcap if clearing the bounding set 127*8dd5e09dSSadaf Ebrahimi 128*8dd5e09dSSadaf Ebrahimi0.6.2 129*8dd5e09dSSadaf Ebrahimi- Make pscap drop capabilities so its not listed in report 130*8dd5e09dSSadaf Ebrahimi- Review prctl calls to make sure we are passing 5 args 131*8dd5e09dSSadaf Ebrahimi- Add package config support 132*8dd5e09dSSadaf Ebrahimi 133*8dd5e09dSSadaf Ebrahimi0.6.1 134*8dd5e09dSSadaf Ebrahimi- In netcap, don't complain about missing udp or raw network files 135*8dd5e09dSSadaf Ebrahimi- Adjusted data read in for file based capabilities 136*8dd5e09dSSadaf Ebrahimi 137*8dd5e09dSSadaf Ebrahimi0.6 138*8dd5e09dSSadaf Ebrahimi- In netcap, don't complain about missing network files 139*8dd5e09dSSadaf Ebrahimi- Add python bindings 140*8dd5e09dSSadaf Ebrahimi- Add m4 macro file to help developers configure libcap-ng in their apps 141*8dd5e09dSSadaf Ebrahimi- Fake applying bounding set for old OS 142*8dd5e09dSSadaf Ebrahimi- Ignore setpcap for old OS when changing id 143*8dd5e09dSSadaf Ebrahimi- Remove capabilities v1 data handling from reading file attributes 144*8dd5e09dSSadaf Ebrahimi- Set the SECURE_NO_SETUID_FIXUP and LOCKED securebits flags in capng_lock 145*8dd5e09dSSadaf Ebrahimi 146*8dd5e09dSSadaf Ebrahimi0.5.1 147*8dd5e09dSSadaf Ebrahimi- Remove unnecessary uid check in change_uid when dropping supplemental groups 148*8dd5e09dSSadaf Ebrahimi- Add credential printout and other improvements to captest 149*8dd5e09dSSadaf Ebrahimi- In the init routine, set hdr.pid to current process 150*8dd5e09dSSadaf Ebrahimi- Use bit mask on effective capabilities check in have_capabilities 151*8dd5e09dSSadaf Ebrahimi- Numeric printing of bounding set bits were in wrong order 152*8dd5e09dSSadaf Ebrahimi- In update function, reverse the order of bounding set vs capabilities 153*8dd5e09dSSadaf Ebrahimi- Revise the tests used to determine if bounding set should be updated 154*8dd5e09dSSadaf Ebrahimi 155*8dd5e09dSSadaf Ebrahimi0.5 156*8dd5e09dSSadaf Ebrahimi- If attr/xattr.h is not available disable file system capabilities 157*8dd5e09dSSadaf Ebrahimi- Initialize capng_have_capability with capng_get_caps_process if unknown 158*8dd5e09dSSadaf Ebrahimi- Make capng_change_id drop the gid if given 159*8dd5e09dSSadaf Ebrahimi- Fixed cap_update for bounding set 160*8dd5e09dSSadaf Ebrahimi- Fix have_capability for bounding set 161*8dd5e09dSSadaf Ebrahimi- Added more tests to the make check target 162*8dd5e09dSSadaf Ebrahimi- Remove CAPNG_LOCK_PERMS for change_id flags 163*8dd5e09dSSadaf Ebrahimi- Added captest program 164*8dd5e09dSSadaf Ebrahimi 165*8dd5e09dSSadaf Ebrahimi0.4.2 166*8dd5e09dSSadaf Ebrahimi- Fix missing includes for various OS and platforms 167*8dd5e09dSSadaf Ebrahimi- Correct misplaced #ifdef for older OS 168*8dd5e09dSSadaf Ebrahimi- Reorder clearing of bounding set in capng_change_id 169*8dd5e09dSSadaf Ebrahimi- Make locking a noop in capng_change_id for the moment 170*8dd5e09dSSadaf Ebrahimi 171*8dd5e09dSSadaf Ebrahimi0.4.1 172*8dd5e09dSSadaf Ebrahimi- spec file clean ups 173*8dd5e09dSSadaf Ebrahimi- Man pages for all library functions 174*8dd5e09dSSadaf Ebrahimi 175*8dd5e09dSSadaf Ebrahimi0.4 176*8dd5e09dSSadaf Ebrahimi- Initial public release 177