ChangeLog - platform/external/libcap-ng - Git at Google

 0.8.5
 - Remove python global exception handler since it's deprecated
 - Make the utilities link against just built libraries
 - Remove unused macro in cap-ng.h

 0.8.4
 - In capng_change_id, clear PR_SET_KEEPCAPS if returning an error
 - pscap: add -p option for reporting a specified process (Masatake Yamato)
 - Annotate function prototypes to warn if results are unused
 - Drop python2 support

 0.8.3
 - Fix parameters to capng_updatev python bindings to be signed
 - Detect capability options at runtime to make containerization easier (ntkme)
 - Initialize the library when linked statically
 - Add gcc function attributes for deallocation

 0.8.2
 - In capng_apply, if we blew up in bounding set, allow setting capabilities
 - If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
 - Improve last_cap check

 0.8.1
 - If procfs is not available, leave last_cap as CAP_LAST_CAP
 - If bounding and ambient not found in status, try prctl method
 - In capng_apply, move ambient caps to the end of the transaction
 - In capng_apply, return errors more aggressively.
 - In capng_apply, if the action includes the bounding set,resync with the kernel
 - Fix signed/unsigned warning in cap-ng.c
 - In capng_apply, return a unique error code to diagnose any failure
 - In capng_have_capability, return 0 for failure
 - Add the libdrop_ambient admin tool

 0.8
 - Add vararg support to python bindings for capng_updatev
 - Add support for ambient capabilities
 - Add support for V3 filesystem capabilities

 0.7.11
 - Really clear bounding set if asked in capng_change_id
 - Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
 - Avoid malloc/free in capng_apply (Natanael Copa)
 - If procfs is not available, get bounding set via prctl
 - Cleanup some compiler warnings

 0.7.10
 - Update capng_change_id man page
 - Add capng_have_permitted_capabilities function
 - Update filecap to output which set the capabilities are in
 - Fix filecap to not output an error when a file has no capabilities
 - Add udplite support to netcap
 - Fix usage of pthread_atfork (Joe Orton)
 - Mark processes in child user namespaces with * (Danila Kiver)

 0.7.9
 - Fix byte compiling python3 bindings
 - Detect and output a couple errors in filecap
 - Use pthread_atfork to optionally reset the pid and related info on fork
 - Rework spec file to show new python2/3 separation

 0.7.8
 - Improve Python3 support
 - Fix the thread separation test
 - Correct typo in cap_pacct text
 - Update man page for captest
 - Fix sscanf string lengths in netcap
 - Correct linking of python3 module

 0.7.7
 - Make sure all types used in _lnode are defined in proc-llist.h
 - Fix python binding test for old kernels
 - Fix leaked FD in library init

 0.7.6
 - Fix python3 support

 0.7.5
 - Make python3 supported
 - In python bindings test, clamp CAP_LAST_CAP with /proc/.../cap_last_cap
 - Update table for 3.16 kernel

 0.7.4
 - In pscap, remove unused code
 - Add CAPNG_INIT_SUPP_GRP to capng_change_id
 - Drop CAP_COMPROMISE_KERNEL
 - Update the autotools components
 - Dynamically detect last capability (#895105)
 - Add PR_SET_NO_NEW_PRIVS to capng_lock if kernel supports it

 0.7.3
 - Make sure stderr is used consistently in utils
 - Fix logic causing file based capabilities to not be supported when it should

 0.7.1
 - Add CAP_COMPROMISE_KERNEL
 - Define FTW_CONTINUE in case its not defined in libc
 - Use glibc for xattr.h if available

 0.7
 - Make file opens use the cloexec flag (Cristian Rodríguez)
 - Add CAP_BLOCK_SUSPEND
 - Fix possible segfaults when CAP_LAST_CAP is larger than the lookup table
 - In pscap, don't drop capabilities when running with capabilities

 0.6.6
 - In netcap, make sure readlink is handled properly
 - Add CAP_SYSLOG
 - In netcap and pscap, ensure euid is initialized
 - Add CAP_WAKE_ALARM

 0.6.5
 - Fix self test build problem on clean system (Sterling X. Winter)
 - Only open regular files in filecap
 - Make building Python bindings optional
 - Python bindings update (arfrever.fta)
 - Fix filecap segfault when checking a specific file
 - Add define for missing XATTR_NAME_CAPS since 2.6.36 makes it private

 0.6.4
 - Update packet socket code to print interface
 - Fix effective capabilities read from file descriptor
 - Use thread ID for capget/set calls

 0.6.3
 - In netcap and pscap use the effective uid
 - In capng_change_id, only retain setpcap if clearing the bounding set

 0.6.2
 - Make pscap drop capabilities so its not listed in report
 - Review prctl calls to make sure we are passing 5 args
 - Add package config support

 0.6.1
 - In netcap, don't complain about missing udp or raw network files
 - Adjusted data read in for file based capabilities

 0.6
 - In netcap, don't complain about missing network files
 - Add python bindings
 - Add m4 macro file to help developers configure libcap-ng in their apps
 - Fake applying bounding set for old OS
 - Ignore setpcap for old OS when changing id
 - Remove capabilities v1 data handling from reading file attributes
 - Set the SECURE_NO_SETUID_FIXUP and LOCKED securebits flags in capng_lock

 0.5.1
 - Remove unnecessary uid check in change_uid when dropping supplemental groups
 - Add credential printout and other improvements to captest
 - In the init routine, set hdr.pid to current process
 - Use bit mask on effective capabilities check in have_capabilities
 - Numeric printing of bounding set bits were in wrong order
 - In update function, reverse the order of bounding set vs capabilities
 - Revise the tests used to determine if bounding set should be updated

 0.5
 - If attr/xattr.h is not available disable file system capabilities
 - Initialize capng_have_capability with capng_get_caps_process if unknown
 - Make capng_change_id drop the gid if given
 - Fixed cap_update for bounding set
 - Fix have_capability for bounding set
 - Added more tests to the make check target
 - Remove CAPNG_LOCK_PERMS for change_id flags
 - Added captest program

 0.4.2
 - Fix missing includes for various OS and platforms
 - Correct misplaced #ifdef for older OS
 - Reorder clearing of bounding set in capng_change_id
 - Make locking a noop in capng_change_id for the moment

 0.4.1
 - spec file clean ups
 - Man pages for all library functions

 0.4
 - Initial public release
	0.8.5
	- Remove python global exception handler since it's deprecated
	- Make the utilities link against just built libraries
	- Remove unused macro in cap-ng.h

	0.8.4
	- In capng_change_id, clear PR_SET_KEEPCAPS if returning an error
	- pscap: add -p option for reporting a specified process (Masatake Yamato)
	- Annotate function prototypes to warn if results are unused
	- Drop python2 support

	0.8.3
	- Fix parameters to capng_updatev python bindings to be signed
	- Detect capability options at runtime to make containerization easier (ntkme)
	- Initialize the library when linked statically
	- Add gcc function attributes for deallocation

	0.8.2
	- In capng_apply, if we blew up in bounding set, allow setting capabilities
	- If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
	- Improve last_cap check

	0.8.1
	- If procfs is not available, leave last_cap as CAP_LAST_CAP
	- If bounding and ambient not found in status, try prctl method
	- In capng_apply, move ambient caps to the end of the transaction
	- In capng_apply, return errors more aggressively.
	- In capng_apply, if the action includes the bounding set,resync with the kernel
	- Fix signed/unsigned warning in cap-ng.c
	- In capng_apply, return a unique error code to diagnose any failure
	- In capng_have_capability, return 0 for failure
	- Add the libdrop_ambient admin tool

	0.8
	- Add vararg support to python bindings for capng_updatev
	- Add support for ambient capabilities
	- Add support for V3 filesystem capabilities

	0.7.11
	- Really clear bounding set if asked in capng_change_id
	- Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
	- Avoid malloc/free in capng_apply (Natanael Copa)
	- If procfs is not available, get bounding set via prctl
	- Cleanup some compiler warnings

	0.7.10
	- Update capng_change_id man page
	- Add capng_have_permitted_capabilities function
	- Update filecap to output which set the capabilities are in
	- Fix filecap to not output an error when a file has no capabilities
	- Add udplite support to netcap
	- Fix usage of pthread_atfork (Joe Orton)
	- Mark processes in child user namespaces with * (Danila Kiver)

	0.7.9
	- Fix byte compiling python3 bindings
	- Detect and output a couple errors in filecap
	- Use pthread_atfork to optionally reset the pid and related info on fork
	- Rework spec file to show new python2/3 separation

	0.7.8
	- Improve Python3 support
	- Fix the thread separation test
	- Correct typo in cap_pacct text
	- Update man page for captest
	- Fix sscanf string lengths in netcap
	- Correct linking of python3 module

	0.7.7
	- Make sure all types used in _lnode are defined in proc-llist.h
	- Fix python binding test for old kernels
	- Fix leaked FD in library init

	0.7.6
	- Fix python3 support

	0.7.5
	- Make python3 supported
	- In python bindings test, clamp CAP_LAST_CAP with /proc/.../cap_last_cap
	- Update table for 3.16 kernel

	0.7.4
	- In pscap, remove unused code
	- Add CAPNG_INIT_SUPP_GRP to capng_change_id
	- Drop CAP_COMPROMISE_KERNEL
	- Update the autotools components
	- Dynamically detect last capability (#895105)
	- Add PR_SET_NO_NEW_PRIVS to capng_lock if kernel supports it

	0.7.3
	- Make sure stderr is used consistently in utils
	- Fix logic causing file based capabilities to not be supported when it should

	0.7.1
	- Add CAP_COMPROMISE_KERNEL
	- Define FTW_CONTINUE in case its not defined in libc
	- Use glibc for xattr.h if available

	0.7
	- Make file opens use the cloexec flag (Cristian Rodríguez)
	- Add CAP_BLOCK_SUSPEND
	- Fix possible segfaults when CAP_LAST_CAP is larger than the lookup table
	- In pscap, don't drop capabilities when running with capabilities

	0.6.6
	- In netcap, make sure readlink is handled properly
	- Add CAP_SYSLOG
	- In netcap and pscap, ensure euid is initialized
	- Add CAP_WAKE_ALARM

	0.6.5
	- Fix self test build problem on clean system (Sterling X. Winter)
	- Only open regular files in filecap
	- Make building Python bindings optional
	- Python bindings update (arfrever.fta)
	- Fix filecap segfault when checking a specific file
	- Add define for missing XATTR_NAME_CAPS since 2.6.36 makes it private

	0.6.4
	- Update packet socket code to print interface
	- Fix effective capabilities read from file descriptor
	- Use thread ID for capget/set calls

	0.6.3
	- In netcap and pscap use the effective uid
	- In capng_change_id, only retain setpcap if clearing the bounding set

	0.6.2
	- Make pscap drop capabilities so its not listed in report
	- Review prctl calls to make sure we are passing 5 args
	- Add package config support

	0.6.1
	- In netcap, don't complain about missing udp or raw network files
	- Adjusted data read in for file based capabilities

	0.6
	- In netcap, don't complain about missing network files
	- Add python bindings
	- Add m4 macro file to help developers configure libcap-ng in their apps
	- Fake applying bounding set for old OS
	- Ignore setpcap for old OS when changing id
	- Remove capabilities v1 data handling from reading file attributes
	- Set the SECURE_NO_SETUID_FIXUP and LOCKED securebits flags in capng_lock

	0.5.1
	- Remove unnecessary uid check in change_uid when dropping supplemental groups
	- Add credential printout and other improvements to captest
	- In the init routine, set hdr.pid to current process
	- Use bit mask on effective capabilities check in have_capabilities
	- Numeric printing of bounding set bits were in wrong order
	- In update function, reverse the order of bounding set vs capabilities
	- Revise the tests used to determine if bounding set should be updated

	0.5
	- If attr/xattr.h is not available disable file system capabilities
	- Initialize capng_have_capability with capng_get_caps_process if unknown
	- Make capng_change_id drop the gid if given
	- Fixed cap_update for bounding set
	- Fix have_capability for bounding set
	- Added more tests to the make check target
	- Remove CAPNG_LOCK_PERMS for change_id flags
	- Added captest program

	0.4.2
	- Fix missing includes for various OS and platforms
	- Correct misplaced #ifdef for older OS
	- Reorder clearing of bounding set in capng_change_id
	- Make locking a noop in capng_change_id for the moment

	0.4.1
	- spec file clean ups
	- Man pages for all library functions

	0.4
	- Initial public release