Adding debian version 1:2.44-1.debian/1%2.44-1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

33 files changed, 1885 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..98a6ec8
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,656 @@
+libcap2 (1:2.44-1) unstable; urgency=medium
+
+  * New upstream release.
+    - Refresh patches
+  * d/rules: Use new upstream solution for setting -Ox
+
+ -- Christian Kastner <ckk@debian.org>  Wed, 14 Oct 2020 23:49:40 +0200
+
+libcap2 (1:2.43-1) unstable; urgency=medium
+
+  * New upstream release.
+    - Refresh patches
+    - Drop patches included upstream
+
+ -- Christian Kastner <ckk@debian.org>  Sun, 23 Aug 2020 22:23:14 +0200
+
+libcap2 (1:2.42-2) unstable; urgency=medium
+
+  * New upstream version 2.42
+    - Refresh patches
+    - Add Move-mkdir-to-common-install-target.patch
+  * Drop Debian-specific man page for getpcaps
+
+ -- Christian Kastner <ckk@debian.org>  Fri, 07 Aug 2020 00:14:04 +0200
+
+libcap2 (1:2.36-1) unstable; urgency=medium
+
+  * New upstream version 2.36
+    - Drop patches included upstream
+      + Syntax-fixes-for-man-pages.patch
+      + Avoid-sys-capability.h-on-build-architecture.patch
+      + Spelling-fixes.patch
+      + pam_cap-Honor-PAM_REINITIALIZE_CRED.patch
+      + Fixes-for-man-page-typos.patch
+
+ -- Christian Kastner <ckk@debian.org>  Sat, 20 Jun 2020 23:27:24 +0200
+
+libcap2 (1:2.34-2) unstable; urgency=medium
+
+  * Bump shlibs version to 2.33 (new symbols)
+    This was overlooked in the 2.33 release, where only the symbols file was
+    updated.
+
+ -- Christian Kastner <ckk@debian.org>  Sat, 16 May 2020 10:20:58 +0200
+
+libcap2 (1:2.34-1) unstable; urgency=medium
+
+  * New upstream release.
+    - Refresh patches
+    - Override changed PKGCONFIGDIR in d/rules
+    - Drop symbol _cap_names from libcap2.symbols.
+      It was never part of the API, and its definition has now been fixed
+
+ -- Christian Kastner <ckk@debian.org>  Wed, 13 May 2020 01:46:31 +0200
+
+libcap2 (1:2.33-1) unstable; urgency=medium
+
+  * New upstream release.
+    - Refresh patches
+    - Add new symbols to libcap2.symbols
+
+ -- Christian Kastner <ckk@debian.org>  Fri, 27 Mar 2020 12:58:42 +0100
+
+libcap2 (1:2.32-1) unstable; urgency=medium
+
+  * New upstream release.
+    - Refresh patches
+    - Fixes an issue introduced in 2.31 that breaks fakeroot. (Closes: #951492)
+
+ -- Christian Kastner <ckk@debian.org>  Mon, 17 Feb 2020 13:44:20 +0100
+
+libcap2 (1:2.31-1) unstable; urgency=medium
+
+  * New upstream release.
+    - Refresh patches
+    - Update symbols file (symbols added)
+  * Bump Standards-Version to 4.5.0 (no changes needed)
+  * Add lintian-override for orig-tarball-missing-upstream-signature
+
+ -- Christian Kastner <ckk@debian.org>  Sun, 09 Feb 2020 14:52:11 +0100
+
+libcap2 (1:2.27-1) unstable; urgency=medium
+
+  * New upstream release. (Closes: #911509)
+
+  [ Kevin Locke ]
+  * d/rules: Conditionalize tests on DEB_GAIN_ROOT_COMMAND
+    Unfortunately, for the tests, fakeroot does not suffice
+  * d/libcap2.symbols: Add new symbols in 2.26
+  * d/patches:
+    - Add Use-DEB_GAIN_ROOT_CMD-for-make-test.patch
+      Use $DEB_GAIN_ROOT_CMD for make test
+    - Add Make.Rules-Allow-overriding-DYNAMIC.patch
+      Always build using dynamic linking. Upstream builds statically when
+      building in a git repo, which conflicts with git-buildpackage.
+
+  [ Christian Kastner ]
+  * d/gbp.conf: Move branches to debian/master and upstream/latest (DEP-14)
+  * d/control: Bump Standards-Version to 4.4.1.
+    No changes were needed from 4.3.0 to 4.4.1, but Kevin Locke noticed that
+    previously, in going to 4.3.0, the Root-Requires-Root field had not been
+    set
+  * Add Build-Depends-Package field to libcap2.symbols
+  * Bump shlibs version to 2.26 (new symbols)
+  * Add pam_cap-Honor-PAM_REINITIALIZE_CRED.patch.
+    Thanks, for the report and analysis, Daniel Gröber! (Closes: #935921)
+  * Refresh patches
+
+ -- Christian Kastner <ckk@debian.org>  Mon, 28 Oct 2019 10:39:04 +0100
+
+libcap2 (1:2.25-2) unstable; urgency=medium
+
+  * Acknowledge NMUs.
+    Thanks, Matthias Klose and Helmut Grohne!
+
+  * d/upstream/signing-key.asc:
+    - Add Andrew G. Morgan's public OpenPGP key
+  * d/watch:
+    - Update to format version 4
+    - Check vor a valid signature
+  * d/control:
+    - Bump Standards-Version to 4.3.0
+    - Drop Priority of libcap2
+      Priority for this library should be "optional", which is already the
+      Priority of the source package
+    - Switch Build-Depends from debhelper to debhelper-compat
+    - Bump Build-Depends for debhelper to 12
+    - Update Vcs-* URLs to point to Salsa
+    - Switch Homepage to https
+  * d/compat:
+    - Drop, as made obsolete by debhelper-compat
+  * d/rules:
+    - Switch from dh_install to dh_missing
+    - Drop override_dh_strip
+      It was only needed for the dbgsym migration
+  * d/tests/executables:
+    - Rename ADTTMP to AUTOPKGTEST_TMP
+      ADT* variables were renamed in autopkgtest (4.0)
+  * d/manpages/getpcaps.1:
+    - Reproduce section "TEXTUAL REPRESENTATION" from cap_from_text(3)
+      Closes: #826733
+    - Fix program name get_pcaps -> getpcaps
+  * d/copyright:
+    - Add patches/*, and bump copyrights
+    - Switch MRCF Policy URI to https
+
+ -- Christian Kastner <ckk@debian.org>  Wed, 06 Feb 2019 21:12:36 +0100
+
+libcap2 (1:2.25-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Helmut Grohne ]
+  * Fix for FTCBFS, libcap.pc has bad libdir (Closes: #871714)
+
+ -- Manuel A. Fernandez Montecelo <mafm@debian.org>  Fri, 17 Nov 2017 00:35:52 +0100
+
+libcap2 (1:2.25-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix FTBFS with gperf 3.1 (Helmut Grohne). Closes: #869588.
+
+ -- Matthias Klose <doko@debian.org>  Wed, 11 Oct 2017 10:26:50 +0200
+
+libcap2 (1:2.25-1) unstable; urgency=medium
+
+  * New upstream release. LP: #1451601
+  * Drop package libcap2-dbg in favor of automatic dbgsym packages, as per
+    https://lists.debian.org/debian-devel/2015/12/msg00262.html.
+  * d/control:
+    - Bump Standards-Version to 3.9.8 (no changes needed)
+    - Increase Priority of libcap2{,-bin} to important. Closes: #815566
+    - Drop libattr1-dev from Build-Depends. Upstream no longer uses this
+      library and instead uses the kernel API directly
+    - Switch Vcs-Browser from gitweb to cgit
+    - Switch to secure URIs in Vcs-* fields
+  * d/rules:
+    - Add hardening=+all to DEB_BUILD_MAINT_OPTIONS
+  * d/tests:
+    - executables:
+      + Fix typos
+      + Don't mount over ADTTMP, use a subdir instead. ADTTMP could already be
+        a mount point for another filesystem, which could make things slightly
+        more confusing
+      + Improve output
+  * d/copyright:
+    - Bump copyright years
+  * d/patches (added):
+    - Avoid-sys-capability.h-on-build-architecture.patch
+      Fixes a FTCBFS on kFreeBSD. Thanks, Helmut Grohne! Closes: #809467
+    - Filter-out-PIE-flags-when-building-shared-objects.patch
+      Filters out -pie, -fpie, and -fPIE from CFLAGS/LDFLAGS when building the
+      shared library and the PAM module
+    - Spelling-fixes.patch
+  * d/patches (updated):
+    - setcap-error-message.patch
+    - Update Don-t-hardcode-build-flags.patch
+  * d/patches (dropped):
+    - Drop include-sys-xattr.patch
+      The reason it was initially created for ceased to exist in 2.25
+  * libcap2-bin:
+    -  lintian override for spelling-error-in-readme-debian (false positive)
+
+ -- Christian Kastner <ckk@debian.org>  Sat, 30 Apr 2016 14:30:26 +0200
+
+libcap2 (1:2.24-12) unstable; urgency=medium
+
+  * d/tests:
+    - Amend stderr redirection to fix autopkgtest failures
+
+ -- Christian Kastner <ckk@debian.org>  Fri, 02 Oct 2015 15:30:03 +0200
+
+libcap2 (1:2.24-11) unstable; urgency=medium
+
+  * d/rules:
+    - Provide BUILD_LDFLAGS and BUILD_CPPFLAGS. Thanks, Helmut Grohne!
+  * d/patches:
+    - Drop patch numbers from .patch filenames
+  * d/patches (updated):
+    - Don-t-hardcode-build-flags.patch
+      When using BUILD_CC, use BUILD_LDFLAGS and BUILD_CPPFLAGS instead of the
+      host ones. Thanks, Helmut Grohne! Closes: #796886
+  * Add package-specific d/gbp.conf
+
+ -- Christian Kastner <ckk@kvr.at>  Tue, 25 Aug 2015 20:40:33 +0200
+
+libcap2 (1:2.24-10) unstable; urgency=medium
+
+  * d/control:
+    - Drop XS-Testsuite. dpkg now recognizes the Testsuite header, and
+      dpkg-source automatically adds one when an autopkgtest suite is found
+    - Add gperf to Build-Depends. The build proceeds slightly differently when
+      gperf is present in the build environment, so make sure it is present in
+      all build environments
+    - Switch Maintainer email to my @debian.org address
+  * d/rules:
+    - Pass --version-info to dh_makeshlibs to match .symbols. Thanks, KiBi!
+  * d/copyright:
+    - Bump copyright years
+  * d/tests:
+    - Add missing dependencies for gcc and libc-dev
+    - Test "executables": Redirect stderr to stdout on test with expected
+      failure
+  * d/patches (updated):
+    - 0004-Don-t-hardcode-build-flags
+      Add LDFLAGS to a target to silence a hardening flags warning, even though
+      the target is not shipped, but only used at build-time.
+  * d/patches (added):
+    - 0006-Hide-private-symbols.patch
+
+ -- Christian Kastner <ckk@debian.org>  Sun, 23 Aug 2015 23:16:07 +0200
+
+libcap2 (1:2.24-9) unstable; urgency=medium
+
+  [ Matthias Klumpp ]
+  * Add udeb package for libcap2 to be used in d-i, since
+    the libudev1-udeb package depends on libcap2 now.
+
+ -- Christian Kastner <debian@kvr.at>  Sun, 07 Jun 2015 18:38:54 +0200
+
+libcap2 (1:2.24-8) unstable; urgency=medium
+
+  * debian/libcap2-bin.maintscript:
+    - Drop, because using rm_conffile to clean up an obsolete conffile that
+      was moved to another package can lead to breakage, see:  Closes: #781050
+  * debian/watch:
+    - Drop stray empty opts= (invalid syntax breaks uscan checks)
+
+ -- Christian Kastner <debian@kvr.at>  Sun, 29 Mar 2015 15:00:39 +0200
+
+libcap2 (1:2.24-7) unstable; urgency=medium
+
+  * debian/libcap2-bin.maintscript:
+    - Remove obsolete conffile capability.conf. Closes: #768229
+  * debian/control:
+    - Add Breaks+Replaces for libcap-bin. libcap-bin was removed after lenny,
+      but the transition to libcap2-bin was not fully handled. Closes: #780411
+
+ -- Christian Kastner <debian@kvr.at>  Fri, 13 Mar 2015 21:28:23 +0100
+
+libcap2 (1:2.24-6) unstable; urgency=medium
+
+  * debian/rules:
+    - Use proper assignment for CC. It has a default value, so ?= assignment
+      does not make sense. Using := fixes a FTCBFS. Thanks, Helmut Grohne.
+      Closes: #762575
+  * debian/control:
+    - Add XS-Testsuite for autopkgtest
+  * debian/tests/executables:
+    - Add an autopkgtest for getcap(8) and setcap(8) functionality
+
+ -- Christian Kastner <debian@kvr.at>  Thu, 25 Sep 2014 01:41:47 +0200
+
+libcap2 (1:2.24-5) unstable; urgency=medium
+
+  * debian/libcap2-bin.lintian-overrides:
+    - Drop this file; it only contained an unused lintian override for
+      statically-linked-binary
+  * debian/control:
+    - Bump Standards-Version to 3.9.6 (no changes needed)
+    - Add binary package libcap2-dbg for debugging symbols
+  * debian/rules:
+    - Use dpkg/architecture.mk instead of manual assignment
+    - Rework the cross-compiling support. Less code, and less assumptions about
+      the environment
+    - Create dirs in override_dh_installdirs
+    - Simplify installation stage
+    - Add override_dh_strip to place symbols in libcap2-dbg
+  * Package libcap-dev:
+    - Move the static library from /lib/ to /usr/lib/, where development files
+      belong according to the FHS. /lib/ is only for essential shared
+      libraries.
+  * debian/TODO:
+    - Drop file (all items were either dropped or completed)
+
+ -- Christian Kastner <debian@kvr.at>  Fri, 19 Sep 2014 13:52:51 +0200
+
+libcap2 (1:2.24-4) unstable; urgency=low
+
+  * debian/control:
+    - Set myself to maintainer. Closes: #756091
+    - Drop redundant Section
+    - Drop redundant Priority fields
+    - Add Multi-Arch field for libcap2-bin
+    - Point Vcs-* URLs to collab-maint
+  * debian/rules:
+    - Drop dh_builddeb override, xz is now default
+    - Drop override_dh_makeshlibs; a symbols file is provided now
+  * debian/copyright:
+    - Add myself
+    - Add missing copyright for manpages
+    - Add missing copyright for contrib/*
+  * debian/symbols:
+    - Create symbols file
+  * debian/watch:
+    - Create watch file
+  * debian/manpages:
+    - Fix typo in manpage name (getcaps -> getpcaps)
+    - Drop capsh.8, upstream ships capsh.1 now
+  * debian/source/options:
+    - Remove, as xz is now the default compression algo
+  * debian/patches (refreshed):
+    - Update headers to play more nicely with gbp-pq
+  * debian/patches (added):
+    - 0004-Don-t-hardcode-build-flags
+      Needed so that hardening flags get honored
+    - 0005-Syntax-fixes-for-man-pages
+
+ -- Christian Kastner <debian@kvr.at>  Sat, 26 Jul 2014 20:06:24 +0200
+
+libcap2 (1:2.24-3) unstable; urgency=medium
+
+  * I don't care anymore, not worth it.. orphaning.
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Fri, 25 Jul 2014 20:51:41 +0200
+
+libcap2 (1:2.24-2) unstable; urgency=low
+
+  * Adding provides for libcap2-dev that got lost during rebase (Closes:
+    #755559).
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Tue, 22 Jul 2014 10:55:23 +0200
+
+libcap2 (1:2.24-1) unstable; urgency=low
+
+  * Merging upstream version 2.24 (Closes: #734633): - in sync with
+    current kernels (Closes: #689035)
+  * Dropping unused orig-tar.sh.
+  * Marking package as linux-any only (Closes: #745186).
+  * Moving local manpages to subdirectory.
+  * Applied patch from Loïc Minier <loic.minier@linaro.org> to fix cross-
+    building by passing CC and BUILD_CC to dh_auto_make, based on a patch
+    by Colin Watson for the previous CDBS packaging, but adapted for the
+    new dh-based packaging (Closes: #645908).
+  * Adding manpages for capability.conf, getcaps, and pam_cap from Scott
+    Schaefer <saschaefer@neurodiverse.org> (Closes: #504606).
+  * Using xz explizitly for source tarballs.
+  * Adding dpkg-source local options to abort on upstream changes.
+  * Moving local pam-configs to local subdirectory.
+  * Dropping watch file.
+  * Dropping old README.source.
+  * Updating to standards version 3.9.5.
+  * Sorting fields in control.
+  * Doubling some fields in control for binary packages in order to avoid
+    implicit use.
+  * Removing useless whitespaces at EOL/EOF.
+  * Dropping pre-wheezy conflicts/replaces etc.
+  * Updating to debhelper version 9.
+  * Wrapping build-depends.
+  * Wrapping and sorting depends.
+  * Adding vcs fields.
+  * Harmonizing package descriptions.
+  * Building debian binary packages explicitly with xz compression.
+  * Rewriting copyright file in copyright format 1.0.
+  * Reworking debhelper install files.
+  * Dropping pre-wheezy libcap2-bin.preinst.
+  * Reworking debhelper maintainer scripts.
+  * Adding todo file.
+  * Refreshing fix-Makefiles.patch.
+  * Refresh refine-setcap-error-message.patch.
+  * Renaming and renumbering patches consistently.
+  * Adding patch from Adam Conrad <adconrad@ubuntu.com> to include
+    sys/xattr.h in sys/capability.h.
+  * Using curly braces in rules where appropriate.
+  * Running dh_install with --fail-missing.
+  * Correctly moving .so symlink to /usr in libcap-dev where it should be.
+  * Dropping useless suggests on libcap-dev.
+  * Prefixing readme with package name.
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Fri, 18 Jul 2014 10:58:46 +0200
+
+libcap2 (1:2.22-2) unstable; urgency=low
+
+  * Taking over package from Torsten with thanks for his past work on it.
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Wed, 09 Jul 2014 11:26:11 +0200
+
+libcap2 (1:2.22-1.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add preinst script for libcap2-bin to properly remove PAM module
+    on upgrade from libcap2-bin <= 1:2.22-1. (Closes: #673770)
+
+ -- Tobias Hansen <tobias.han@gmx.de>  Fri, 06 Jul 2012 20:02:14 +0200
+
+libcap2 (1:2.22-1.1) unstable; urgency=low
+
+  * Non-maintainer upload with permission from Torsten Werner.
+  * Apply Multiarch patch from Kees Cook.  Closes: #653186.
+  * debian/{control,rules,compat}: Build for Multi-arch.
+  * debian/{control,libpam-cap.*}: Split PAM module into separate binary
+    package so it can be built for Multi-arch separate from the -bins pkg.
+
+ -- Mark Hymers <mhy@debian.org>  Sun, 13 May 2012 10:28:44 +0100
+
+libcap2 (1:2.22-1) unstable; urgency=low
+
+  * New upstream released
+
+ -- Zhi Li <lizhi1215@gmail.com>  Thu, 28 Jul 2011 12:50:30 +0800
+
+libcap2 (1:2.21-3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * 0003-refine-setcap-error-message.patch:refine setcap output on errors
+    (Closes: #633075)
+
+ -- Zhi Li <lizhi1215@gmail.com>  Wed, 20 Jul 2011 09:35:48 +0800
+
+libcap2 (1:2.21-2) unstable; urgency=low
+
+  [ Serge Hallyn ]
+  * 0002-support-getting-setting-capabilities-on-large-files.patch: patch from
+    upstream to enable setting capabilities on large files.
+    (Closes: #631134)
+
+  [ Torsten Werner ]
+  * Move package to alioth's collab-maint project.
+    * Use git instead of svn.
+    * Update Vcs-* headers in debian/control.
+
+  [ Zhi Li ]
+  * Modify long description in libcap2-bin/debian/control, remove those files that were not generated.
+    (Closes: #620345)
+
+ -- Torsten Werner <twerner@debian.org>  Mon, 11 Jul 2011 22:11:41 +0200
+
+libcap2 (1:2.21-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/patches/0001-fix-Makefiles.patch: link pam_cap against -lpam.
+    (Closes: #591410) (LP: #582769)
+
+ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 20 May 2011 08:28:55 -0500
+
+libcap2 (1:2.20-1) unstable; urgency=low
+
+  * New upstream release.
+  * Remove all patches because they have been included upstream.
+
+ -- Torsten Werner <twerner@debian.org>  Fri, 11 Feb 2011 20:31:45 +0100
+
+libcap2 (1:2.19-3) unstable; urgency=high
+
+  * Add a versioned dependency on libpam-runtime to libcap2-bin because
+    pam-auth-update is needed in postinst. (Closes: #593250)
+  * Set urgency to high because we are fixing a RC bug.
+
+ -- Torsten Werner <twerner@debian.org>  Mon, 16 Aug 2010 23:13:50 +0200
+
+libcap2 (1:2.19-2) unstable; urgency=medium
+
+  * Add -lpam to LDLIBS. Thanks to Sebastian Ramacher for suggesting the patch!
+    (Closes: 591410)
+  * Set urgency to medium.
+  * Improve patch description.
+
+ -- Torsten Werner <twerner@debian.org>  Wed, 04 Aug 2010 05:22:23 +0200
+
+libcap2 (1:2.19-1) unstable; urgency=low
+
+  [ Kees Cook ]
+  * Add pam_cap.so to the default PAM auth stack. (Closes: #573089)
+
+  [ Torsten Werner ]
+  * New upstream release.
+  * Convert package to source format 3.0.
+  * Remove quilt from Build-Depends.
+  * Add static library to -dev package. Thanks to Stephan Sürken. (Closes:
+    #589840)
+  * Fix typo in Description. Thanks to Pascal De Vuyst. (Closes: #557496)
+  * Add a patch to fix the man page cap_from_text(3). Thanks to Roland
+    Koebler. (Closes: #567350)
+  * Update Standards-Version: 3.9.0 (no changes).
+
+ -- Torsten Werner <twerner@debian.org>  Thu, 22 Jul 2010 23:50:25 +0200
+
+libcap2 (1:2.17-2) unstable; urgency=low
+
+  * Explain in the long description of the -bin package that the manpage
+    cap_from_text(3) is part of -dev package. (Closes: #548080)
+
+ -- Torsten Werner <twerner@debian.org>  Sun, 18 Oct 2009 19:55:39 +0200
+
+libcap2 (1:2.17-1) unstable; urgency=low
+
+  * new upstream release
+  * Switch from cdbs to dh.
+  * Update Standards-Version: 3.8.3 (no changes).
+  * Use gbp-pq to edit quilt patch.
+  * Change Build-Depends: debhelper (>= 7.0.50~).
+  * Add README.source.
+  * Add man page capsh.8.
+
+ -- Torsten Werner <twerner@debian.org>  Wed, 30 Sep 2009 22:26:51 +0200
+
+libcap2 (1:2.16-5) unstable; urgency=low
+
+  * Remove reference to kernel version 2.2 in debian/control. (Closes:
+    #260005)
+  * Add Suggests: libcap-dev to binary package libcap2-bin. (Closes: #433782)
+
+ -- Torsten Werner <twerner@debian.org>  Wed, 01 Apr 2009 23:32:37 +0200
+
+libcap2 (1:2.16-4) unstable; urgency=low
+
+  * Add Conflicts: and Replaces: libcap2-dev to binary package libcap-dev.
+  * Add epoch to version number because the old package had an epoch.
+  * Add missing files to package libcap-dev which got lost in the previous
+    version.
+
+ -- Torsten Werner <twerner@debian.org>  Sun, 22 Mar 2009 21:23:50 +0100
+
+libcap2 (2.16-3) unstable; urgency=low
+
+  * Rename binary package libcap2-dev to libcap-dev as requested by the
+    release team to continue the transition from libcap1. (Closes: #520553)
+  * Add Provides: libcap2-dev to binary package libcap-dev to ease transition
+    from older versions of libcap2.
+  * Remove Conflicts: libcap-dev.
+
+ -- Torsten Werner <twerner@debian.org>  Sat, 21 Mar 2009 21:22:24 +0100
+
+libcap2 (2.16-2) unstable; urgency=low
+
+  * upload to unstable
+
+ -- Torsten Werner <twerner@debian.org>  Sun, 15 Feb 2009 22:09:04 +0100
+
+libcap2 (2.16-1) experimental; urgency=low
+
+  * new upstream release
+  * Always install libraries into /lib (never /lib64).
+    (Closes: #508315)
+
+ -- Torsten Werner <twerner@debian.org>  Sun, 14 Dec 2008 12:24:50 +0100
+
+libcap2 (2.15-3) experimental; urgency=low
+
+  * Set Priority: standard for binary package libcap2. (Closes: #507781)
+
+ -- Torsten Werner <twerner@debian.org>  Thu, 04 Dec 2008 14:15:48 +0100
+
+libcap2 (2.15-2) experimental; urgency=low
+
+  * Update shlibs file libcap2 (>= 2.10). (Closes: #464712)
+
+ -- Torsten Werner <twerner@debian.org>  Wed, 03 Dec 2008 23:42:19 +0100
+
+libcap2 (2.15-1) experimental; urgency=low
+
+  * new upstream release
+  * Add Homepage header.
+  * Bump Up Standards-Version: 3.8.0.
+  * Update patch build.diff.
+
+ -- Torsten Werner <twerner@debian.org>  Mon, 01 Dec 2008 00:26:09 +0100
+
+libcap2 (2.11-2) unstable; urgency=low
+
+  * Call dh_makeshlibs with -V. (Closes: #492467)
+  * Reformat debian/copyright.
+  * Add Build-Depends: libpam0g-dev to build the pam module.
+  * Ship the pam module in the package libcap2-bin.
+
+ -- Torsten Werner <twerner@debian.org>  Sat, 26 Jul 2008 15:40:42 +0200
+
+libcap2 (2.11-1) unstable; urgency=low
+
+  * new upstream release
+  * Remove patch bug487223.diff because it is not needed anymore.
+  * Refresh patch build.diff.
+
+ -- Torsten Werner <twerner@debian.org>  Thu, 24 Jul 2008 20:42:41 +0200
+
+libcap2 (2.10-3) unstable; urgency=low
+
+  * Add patch from upstream author to fix 'cap_copy_int() always returns NULL
+    (EINVAL)'. (Closes: #487223)
+
+ -- Torsten Werner <twerner@debian.org>  Mon, 07 Jul 2008 23:03:52 +0200
+
+libcap2 (2.10-2) unstable; urgency=medium
+
+  * Add Build-Depends: indent because it is needed on alpha. (Closes: #489477)
+  * Set urgency to medium because we are fixing a FTBFS bug.
+
+ -- Torsten Werner <twerner@debian.org>  Sun, 06 Jul 2008 11:34:15 +0200
+
+libcap2 (2.10-1) unstable; urgency=low
+
+  * new upstream release
+
+ -- Torsten Werner <twerner@debian.org>  Wed, 11 Jun 2008 23:37:06 +0200
+
+libcap2 (2.09-1) unstable; urgency=low
+
+  * new upstream release
+  * Change Priority: optional of package libcap2.
+
+ -- Torsten Werner <twerner@debian.org>  Sat, 10 May 2008 11:48:53 +0200
+
+libcap2 (2.08-2) unstable; urgency=low
+
+  * Do not install the old manpages capget(2) and capset(2) because the
+    package manpages-dev ships more recent ones.
+  * Replace Conflicts: manpages-dev by Suggests: manpages-dev.
+    (Closes: #473072)
+
+ -- Torsten Werner <twerner@debian.org>  Sat, 29 Mar 2008 10:19:58 +0100
+
+libcap2 (2.08-1) unstable; urgency=low
+
+  * Initial Release. (Closes: #464727)
+
+ -- Torsten Werner <twerner@debian.org>  Fri, 21 Mar 2008 16:26:04 +0100
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..eb52497
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,95 @@
+Source: libcap2
+Section: libs
+Priority: optional
+Maintainer: Christian Kastner <ckk@debian.org>
+Build-Depends:
+    debhelper-compat (= 12),
+    indent,
+    libpam0g-dev,
+    gperf (>= 3.1),
+Rules-Requires-Root: dpkg/target-subcommand
+Standards-Version: 4.5.0
+Homepage: https://sites.google.com/site/fullycapable/
+Vcs-Git: https://salsa.debian.org/debian/libcap2.git
+Vcs-Browser: https://salsa.debian.org/debian/libcap2
+
+Package: libcap2-bin
+Section: utils
+Priority: important
+Architecture: linux-any
+Multi-Arch: foreign
+Depends:
+    ${shlibs:Depends},
+    ${misc:Depends},
+Breaks: libcap-bin
+Replaces: libcap-bin
+Recommends: libpam-cap
+Description: POSIX 1003.1e capabilities (utilities)
+ Libcap implements the user-space interfaces to the POSIX 1003.1e capabilities
+ available in Linux kernels. These capabilities are a partitioning of the all
+ powerful root privilege into a set of distinct privileges.
+ .
+ This package contains additional utilities.
+
+Package: libcap2
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends:
+    ${misc:Depends},
+    ${shlibs:Depends},
+Description: POSIX 1003.1e capabilities (library)
+ Libcap implements the user-space interfaces to the POSIX 1003.1e capabilities
+ available in Linux kernels. These capabilities are a partitioning of the all
+ powerful root privilege into a set of distinct privileges.
+ .
+ This package contains the shared library.
+
+Package: libcap-dev
+Section: libdevel
+Architecture: linux-any
+Multi-Arch: same
+Depends:
+    ${misc:Depends},
+    ${shlibs:Depends},
+    libcap2 (= ${binary:Version}),
+Suggests: manpages-dev
+Provides: libcap2-dev
+Description: POSIX 1003.1e capabilities (development)
+ Libcap implements the user-space interfaces to the POSIX 1003.1e capabilities
+ available in Linux kernels. These capabilities are a partitioning of the all
+ powerful root privilege into a set of distinct privileges.
+ .
+ This package contains the development files.
+
+Package: libpam-cap
+Section: admin
+Architecture: linux-any
+Multi-Arch: same
+Depends:
+    ${misc:Depends},
+    ${shlibs:Depends},
+    libpam-runtime (>= 1.1.3-2~),
+Breaks: libcap2-bin (<< 1:2.22-1.1)
+Replaces: libcap2-bin (<< 1:2.22-1.1)
+Description: POSIX 1003.1e capabilities (PAM module)
+ Libcap implements the user-space interfaces to the POSIX 1003.1e capabilities
+ available in Linux kernels. These capabilities are a partitioning of the all
+ powerful root privilege into a set of distinct privileges.
+ .
+ This package contains the PAM module for enforcing capabilities on users and
+ groups at PAM session start time.
+
+Package: libcap2-udeb
+Section: debian-installer
+Architecture: linux-any
+Package-Type: udeb
+Depends:
+    ${shlibs:Depends},
+    ${misc:Depends},
+Description: POSIX 1003.1e capabilities (library)
+ Libcap implements the user-space interfaces to the POSIX 1003.1e capabilities
+ available in Linux kernels. These capabilities are a partitioning of the all
+ powerful root privilege into a set of distinct privileges.
+ .
+ This is a minimal version, only for use in the installation system.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..dd02b3b
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,112 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libcap
+Upstream-Contact: Andrew G. Morgan <morgan@kernel.org>
+Source: https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/
+
+Files: *
+Copyright: 1997-2016 Andrew G. Morgan <morgan@linux.kernel.org>
+License: BSD-3-clause or GPL-2
+
+Files: libcap/cap_text.c
+Copyright: 1997-2008 Andrew G. Morgan <morgan@linux.kernel.org>
+           1997 Andrew Main <zefram@dcs.warwick.ac.uk>
+License: BSD-3-clause or GPL-2
+
+Files: libcap/include/sys/capability.h
+Copyright: 1997-2008 Andrew G. Morgan <morgan@kernel.org>
+           1997 Aleph One
+License: BSD-3-clause or GPL-2
+
+Files: libcap/include/sys/securebits.h
+Copyright: 2010 Serge Hallyn <serue@us.ibm.com>
+License: BSD-3-clause or GPL-2
+
+Files: progs/old/sucap.c
+Copyright: 1998 Finn Arne Gangstad <finnag@guardian.no>
+License: BSD-3-clause or GPL-2
+
+Files: contrib/*
+Copyright: 2006, Matt Kern <matt.kern@undue.org>
+           2008, Andrew G. Morgan <morgan@linux.kernel.org>
+	   2008, Chris Friedhoff <chris@friedhoff.org>
+License: BSD-3-clause or GPL-2
+
+Files: debian/*
+Copyright: 2014, Daniel Baumann <mail@daniel-baumann.ch>
+           2014-2019, Christian Kastner <ckk@debian.org>
+License: BSD-3-clause or GPL-2+
+
+Files: debian/manpages/*
+Copyright: 1997-2014 Andrew G. Morgan <morgan@linux.kernel.org>
+           2011 Scott Schaefer <saschaefer@neurodiverse.org>
+License: BSD-3-clause or GPL-2
+
+Files: debian/patches/*
+Copyright: 2011, Andrew Straw <strawman@astraw.com>
+           2011, Zhi Li <lizhi1215@gmail.com>
+           2014-2016, Christian Kastner <ckk@debian.org>
+           2015, Helmut Grohne <helmut@subdivi.de>
+License: BSD-3-clause or GPL-2+
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms of libcap, with
+ or without modification, are permitted provided that the following
+ conditions are met:
+ .
+ 1. Redistributions of source code must retain any existing copyright
+    notice, and this entire permission notice in its entirety,
+    including the disclaimer of warranties.
+ .
+ 2. Redistributions in binary form must reproduce all prior and current
+    copyright notices, this list of conditions, and the following
+    disclaimer in the documentation and/or other materials provided
+    with the distribution.
+ .
+ 3. The name of any author may not be used to endorse or promote
+    products derived from this software without their specific prior
+    written permission.
+ .
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ DAMAGE.
+
+License: GPL-2
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2 of the License.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ The complete text of the GNU General Public License
+ can be found in /usr/share/common-licenses/GPL-2 file.
+
+License: GPL-2+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ The complete text of the GNU General Public License
+ can be found in /usr/share/common-licenses/GPL-2 file.
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..0ad7f02
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,10 @@
+[DEFAULT]
+pristine-tar = True
+debian-branch = debian/master
+upstream-branch = upstream/latest
+
+[buildpackage]
+sign-tags = True
+
+[pq]
+patch-numbers = False
diff --git a/debian/libcap-dev.install b/debian/libcap-dev.install
new file mode 100644
index 0000000..c635e4a
--- /dev/null
+++ b/debian/libcap-dev.install
@@ -0,0 +1,5 @@
+usr/include
+usr/lib/*/*.a
+usr/lib/*/*.so
+usr/lib/*/pkgconfig
+usr/share/man/man3
diff --git a/debian/libcap2-bin.README.Debian b/debian/libcap2-bin.README.Debian
new file mode 100644
index 0000000..eaa63e8
--- /dev/null
+++ b/debian/libcap2-bin.README.Debian
@@ -0,0 +1,45 @@
+Please check http://www.friedhoff.org/posixfilecaps.html to get more
+information on POSIX File Capabilities.
+
+
+Example: how to remove the SUID root bit from /bin/ping?
+--------------------------------------------------------
+
+Make sure you have kernel 2.6.24 or newer you have
+CONFIG_SECURITY_CAPABILITIES and CONFIG_SECURITY_FILE_CAPABILITIES
+enabled. The Debian kernels are fine.
+
+  $ ls -l /bin/ping
+  -rwsr-xr-x 1 root root 30736 2007-01-31 00:10 /bin/ping
+     ^
+That is not good.
+
+  $ sudo chmod 755 /bin/ping
+
+Or use dpkg-statoverride.
+
+  $ ls -l /bin/ping
+  -rwxr-xr-x 1 root root 30736 2007-01-31 00:10 /bin/ping
+
+That is better but ping fails.
+
+  $ ping -c1 localhost
+  ping: icmp open socket: Operation not permitted
+
+Now set the missing capability:
+
+  $ sudo setcap cap_net_raw+ep /bin/ping
+
+... and ping will work again.
+
+  $ ping -c1 localhost
+  PING localhost (127.0.0.1) 56(84) bytes of data.
+  64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.026 ms
+
+  --- localhost ping statistics ---
+  1 packets transmitted, 1 received, 0% packet loss, time 0ms
+  rtt min/avg/max/mdev = 0.026/0.026/0.026/0.000 ms
+
+
+
+Torsten Werner
diff --git a/debian/libcap2-bin.install b/debian/libcap2-bin.install
new file mode 100644
index 0000000..34f9033
--- /dev/null
+++ b/debian/libcap2-bin.install
@@ -0,0 +1,3 @@
+sbin
+usr/share/man/man1
+usr/share/man/man8
diff --git a/debian/libcap2-bin.lintian-overrides b/debian/libcap2-bin.lintian-overrides
new file mode 100644
index 0000000..7283f0f
--- /dev/null
+++ b/debian/libcap2-bin.lintian-overrides
@@ -0,0 +1,2 @@
+# ls -l produces "root root" as user and group names
+spelling-error-in-readme-debian root root (duplicate word) root
diff --git a/debian/libcap2-bin.manpages b/debian/libcap2-bin.manpages
new file mode 100644
index 0000000..2fb19fb
--- /dev/null
+++ b/debian/libcap2-bin.manpages
@@ -0,0 +1 @@
+debian/manpages/*
diff --git a/debian/libcap2-udeb.install b/debian/libcap2-udeb.install
new file mode 100644
index 0000000..8171246
--- /dev/null
+++ b/debian/libcap2-udeb.install
@@ -0,0 +1 @@
+lib/*/*.so.*
diff --git a/debian/libcap2.install b/debian/libcap2.install
new file mode 100644
index 0000000..8171246
--- /dev/null
+++ b/debian/libcap2.install
@@ -0,0 +1 @@
+lib/*/*.so.*
diff --git a/debian/libcap2.symbols b/debian/libcap2.symbols
new file mode 100644
index 0000000..782330f
--- /dev/null
+++ b/debian/libcap2.symbols
@@ -0,0 +1,60 @@
+libcap.so.2 libcap2 #MINVER#
+* Build-Depends-Package: libcap-dev
+ _libcap_strdup@Base 1:2.10
+ cap_clear@Base 1:2.10
+ cap_clear_flag@Base 1:2.10
+ cap_compare@Base 1:2.10
+ cap_copy_ext@Base 1:2.10
+ cap_copy_int@Base 1:2.10
+ cap_drop_bound@Base 1:2.10
+ cap_dup@Base 1:2.10
+ cap_free@Base 1:2.10
+ cap_from_name@Base 1:2.10
+ cap_from_text@Base 1:2.10
+ cap_get_ambient@Base 1:2.26
+ cap_get_bound@Base 1:2.10
+ cap_get_fd@Base 1:2.10
+ cap_get_file@Base 1:2.10
+ cap_get_flag@Base 1:2.10
+ cap_get_mode@Base 1:2.31
+ cap_get_nsowner@Base 1:2.26
+ cap_get_pid@Base 1:2.10
+ cap_get_proc@Base 1:2.10
+ cap_get_secbits@Base 1:2.31
+ cap_iab_fill@Base 1:2.33
+ cap_iab_from_text@Base 1:2.33
+ cap_iab_get_proc@Base 1:2.33
+ cap_iab_get_vector@Base 1:2.33
+ cap_iab_init@Base 1:2.33
+ cap_iab_set_proc@Base 1:2.33
+ cap_iab_set_vector@Base 1:2.33
+ cap_iab_to_text@Base 1:2.33
+ cap_init@Base 1:2.10
+ cap_launch@Base 1:2.33-1
+ cap_launcher_callback@Base 1:2.33
+ cap_launcher_set_chroot@Base 1:2.33
+ cap_launcher_set_iab@Base 1:2.33
+ cap_launcher_set_mode@Base 1:2.33
+ cap_launcher_setgroups@Base 1:2.33
+ cap_launcher_setuid@Base 1:2.33
+ cap_max_bits@Base 1:2.31
+ cap_mode_name@Base 1:2.31
+ cap_new_launcher@Base 1:2.33
+ cap_reset_ambient@Base 1:2.26
+ cap_set_ambient@Base 1:2.26
+ cap_set_fd@Base 1:2.10
+ cap_set_file@Base 1:2.10
+ cap_set_flag@Base 1:2.10
+ cap_set_mode@Base 1:2.31
+ cap_set_nsowner@Base 1:2.26
+ cap_set_proc@Base 1:2.10
+ cap_set_secbits@Base 1:2.31
+ cap_set_syscall@Base 1:2.31
+ cap_setgroups@Base 1:2.31
+ cap_setuid@Base 1:2.31
+ cap_size@Base 1:2.10
+ cap_to_name@Base 1:2.10
+ cap_to_text@Base 1:2.10
+ capgetp@Base 1:2.10
+ capsetp@Base 1:2.10
+ psx_load_syscalls@Base 1:2.31
diff --git a/debian/libpam-cap.install b/debian/libpam-cap.install
new file mode 100644
index 0000000..9961e3a
--- /dev/null
+++ b/debian/libpam-cap.install
@@ -0,0 +1,5 @@
+lib/*/security
+
+pam_cap/capability.conf		etc/security
+
+debian/local/pam-configs/*	usr/share/pam-configs
diff --git a/debian/libpam-cap.postinst b/debian/libpam-cap.postinst
new file mode 100644
index 0000000..b56d2a3
--- /dev/null
+++ b/debian/libpam-cap.postinst
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+	configure)
+		pam-auth-update --package
+		;;
+
+	abort-upgrade|abort-remove|abort-deconfigure)
+
+		;;
+
+	*)
+		echo "postinst called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/libpam-cap.prerm b/debian/libpam-cap.prerm
new file mode 100644
index 0000000..dd5aae0
--- /dev/null
+++ b/debian/libpam-cap.prerm
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+case "${1}" in
+	remove|upgrade|deconfigure)
+		pam-auth-update --package --remove capability
+		;;
+
+	failed-upgrade)
+
+		;;
+
+	*)
+		echo "prerm called with unknown argument \`${1}'" >&2
+		exit 1
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/local/pam-configs/capability b/debian/local/pam-configs/capability
new file mode 100644
index 0000000..68ea62e
--- /dev/null
+++ b/debian/local/pam-configs/capability
@@ -0,0 +1,6 @@
+Name: Inheritable Capabilities Management
+Default: yes
+Priority: 0
+Auth-Type: Additional
+Auth-Final:
+	optional			pam_cap.so
diff --git a/debian/manpages/capability.conf.5 b/debian/manpages/capability.conf.5
new file mode 100644
index 0000000..a94bd59
--- /dev/null
+++ b/debian/manpages/capability.conf.5
@@ -0,0 +1,106 @@
+'\" t
+.\"     Title: capability.conf
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
+.\"      Date: 09/23/2011
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "CAPABILITY\&.CONF" "5" "09/23/2011" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+capablity.conf \- configuration file for the pam_cap module
+.SH "DESCRIPTION"
+.PP
+Each line of the file consists of two fields; the fields define:
+.PP
+\fB<capability-list>\fR
+.sp
+.RS 4
+One or more comma-separated capabilities, specified as either the textual capability name,
+or numeric capability value.  Text name(s) and numeric value(s) may be intermixed.
+.sp
+The special capability name \fBall\fR may be used to enable all capabilities known to the local system\&.
+.sp
+The special capability name \fBnone\fR may be used to disable all current inheritable capabilities\&.
+.RE
+.sp
+.RS 4
+\fBNOTE:\fR No whitespace is pemitted between the values\&.  The names all and none may not be combined with any other capabilities\&.
+.RE
+.PP
+\fB<username>\fR
+.sp
+.RS 4
+One or more whitespace-separated usernames, or the wildcard \fB*\fR\&.
+.RE
+.sp
+.RS 4
+\fBNOTE:\fR The first matching entry is used.  Thus, only a single matching username entry,
+and/or a single wildcard entry, may be used.  A matching username entry must \fIprecede\fR
+the wildcard entry in order to be effective\&.
+.RE
+.PP
+\fBIMPORTANT:\fR <capability-list> \fIreplaces\fR the current process' inherited capabilities;
+i.e. there is no provision for adding/subtracting from the current set.
+In most environments, the inheritable set of the process performing user authentication
+is 0 (empty)\&.
+.sp
+If any capability name or numeric value is invalid/unknown to the local
+system, the capabilities will be rejected, and the inheritable set will 
+\fBnot\fR be modified.
+.SH "EXAMPLES"
+.PP
+These are some example lines which might be specified in
+/etc/security/capability\&.conf\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# Simple
+cap_sys_ptrace               developer
+cap_net_raw                  user1
+
+# Multiple capablities
+cap_net_admin,cap_net_raw    jrnetadmin
+# Identical, but with numeric values
+12,13                        jrnetadmin
+
+# Combining names and numerics
+cap_sys_admin,22,25          jrsysadmin
+
+# Next line has no effect; user1 already matched above
+5,12,13                      user1
+
+# Insure any potential capailities from calling process are dropped
+none                         luser1 luser2
+
+# Allow anyone to manipulate capabilities
+# Will NOT apply to users matched above !
+cap_setpcap                  *
+   
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+
+\fBpam_cap\fR(8),
+\fBpam.d\fR(5),
+\fBpam\fR(7),
+\fBcapabilities\fR(7)
+.SH "AUTHOR"
+.PP
+pam_cap was initially written by Andrew G. Morgan <morgan@kernel\&.org>
diff --git a/debian/manpages/pam_cap.8 b/debian/manpages/pam_cap.8
new file mode 100644
index 0000000..a1b64dd
--- /dev/null
+++ b/debian/manpages/pam_cap.8
@@ -0,0 +1,103 @@
+'\" t
+.\"     Title: pam_cap
+.\"    Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
+.\"      Date: 09/23/2011
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_CAP" "8" "09/23/2011" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_cap \- PAM module to set inheritable capabilities
+.SH "SYNOPSIS"
+.HP \w'\fBpam_cap\&.so\fR\ 'u
+\fBpam_cap\&.so\fR [config=\fI/path/to/capability.conf\fR] [debug]
+.SH "DESCRIPTION"
+.PP
+The pam_cap PAM module sets the current process' inheritable capabilities\&.
+.PP
+Capabilities are read from the /etc/security/capability\&.conf
+config file\&, or alternate file specified with the config= option\&.
+.PP
+The module must not be called by a multithreaded application\&.
+.PP
+.SH "OPTIONS"
+.PP
+\fBconfig=\fR\fB\fI/path/to/capability\&.conf\fR\fR
+.RS 4
+Indicate an alternative capability\&.conf style configuration file to override the default\&.
+.RE
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+Only the \fBauthentication\fR module type is provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+The user is not known to the system\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+No capabilities found for this user\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+Indicates a PAM-Conversation failure\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Capabilities were set\&.
+.RE
+.SH "FILES"
+.PP
+/etc/security/capability\&.conf
+.RS 4
+Default configuration file
+.RE
+.SH "EXAMPLES"
+.PP
+Nearly all applications/daemons which use PAM for authentication contain a
+configuration line: \fI@include common-auth\fR.  Thus, to set inheritable capabilities
+in \fBall\fR of these applications, add the following as the last line to
+/etc/pam\&.d/common-auth
+.PP
+.RS 4
+auth      optional        pam_cap.so 
+.RE
+.PP
+To set inheritable capabilities for a user in a \fBspecific\fR application, 
+or in application(s) which do not @include common-auth, 
+add the line below to the application-specific file; e.g. /etc/pam\&.d/myapp
+.PP
+.RS 4
+auth      optional        pam_cap.so 
+.RE
+.PP
+.SH "SEE ALSO"
+.PP
+
+\fBcapability.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(7)\&.
+.SH "AUTHORS"
+.PP
+pam_cap was initially written by Andrew G. Morgan <morgan@kernel\&.org>
diff --git a/debian/patches/Don-t-hardcode-build-flags.patch b/debian/patches/Don-t-hardcode-build-flags.patch
new file mode 100644
index 0000000..1e4fdbb
--- /dev/null
+++ b/debian/patches/Don-t-hardcode-build-flags.patch
@@ -0,0 +1,84 @@
+From: Christian Kastner <ckk@debian.org>
+Date: Sat, 26 Jul 2014 18:22:40 +0200
+Subject: Don't hardcode build flags
+
+Remove upstream's hardcoded build flags in Makefiles so that the build flags
+passed on by dpkg-buildflags are honored. This enables hardening during build.
+
+Last-Update: 2020-02-09
+---
+ libcap/Makefile  | 10 +++++-----
+ pam_cap/Makefile |  4 ++--
+ progs/Makefile   |  4 ++--
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/libcap/Makefile b/libcap/Makefile
+index de6a28d..6ba7fcc 100644
+--- a/libcap/Makefile
++++ b/libcap/Makefile
+@@ -50,7 +50,7 @@ libpsx.pc: libpsx.pc.in
+ 		$< >$@
+ 
+ _makenames: _makenames.c cap_names.list.h
+-	$(BUILD_CC) $(BUILD_CFLAGS) $< -o $@
++	$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) $(BUILD_CPPFLAGS) $< -o $@
+ 
+ cap_names.h: _makenames
+ 	./_makenames > cap_names.h
+@@ -77,18 +77,18 @@ $(STAPSXLIBNAME): $(PSXOBJS)
+ 	$(RANLIB) $@
+ 
+ $(MINLIBNAME): $(CAPOBJS)
+-	$(LD) $(CFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJLIBNAME) -o $@ $^
++	$(LD) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJLIBNAME) -o $@ $^
+ 	ln -sf $(MINLIBNAME) $(MAJLIBNAME)
+ 	ln -sf $(MAJLIBNAME) $(LIBNAME)
+ 
+ %.o: %.c $(INCLS)
+-	$(CC) $(CFLAGS) $(IPATH) -c $< -o $@
++	$(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) -c $< -o $@
+ 
+ cap_text.o: cap_text.c $(USE_GPERF_OUTPUT) $(INCLS)
+-	$(CC) $(CFLAGS) $(IPATH) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@
++	$(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@
+ 
+ cap_test: cap_test.c libcap.h
+-	$(CC) $(CFLAGS) $(IPATH) $< -o $@
++	$(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) $< -o $@
+ 
+ test: cap_test
+ 	./cap_test
+diff --git a/pam_cap/Makefile b/pam_cap/Makefile
+index 638d793..a4c0e01 100644
+--- a/pam_cap/Makefile
++++ b/pam_cap/Makefile
+@@ -19,10 +19,10 @@ pam_cap.so: pam_cap.o
+ 	$(LD) -o pam_cap.so $< $(LIBCAPLIB) $(LDFLAGS) -lpam
+ 
+ pam_cap.o: pam_cap.c
+-	$(CC) $(CFLAGS) $(IPATH) -c $< -o $@
++	$(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) -c $< -o $@
+ 
+ test_pam_cap: test_pam_cap.c pam_cap.c
+-	$(CC) $(CFLAGS) $(IPATH) -o $@ test_pam_cap.c $(LIBCAPLIB) $(LDFLAGS) --static
++	$(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) -o $@ test_pam_cap.c $(LIBCAPLIB) $(LDFLAGS) --static
+ 
+ testlink: test.c pam_cap.o
+ 	$(CC) $(CFLAGS) -o $@ $+ -lpam -ldl $(LIBCAPLIB) $(LDFLAGS)
+diff --git a/progs/Makefile b/progs/Makefile
+index 9462a2f..5bfb8da 100644
+--- a/progs/Makefile
++++ b/progs/Makefile
+@@ -24,10 +24,10 @@ $(DEPS):
+ 	make -C ../libcap $(DEPSBUILD)
+ 
+ $(BUILD): %: %.o $(DEPS)
+-	$(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
++	$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
+ 
+ %.o: %.c $(INCS)
+-	$(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -c $< -o $@
++	$(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
+ 
+ install: all
+ 	mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR)
diff --git a/debian/patches/Filter-out-PIE-flags-when-building-shared-objects.patch b/debian/patches/Filter-out-PIE-flags-when-building-shared-objects.patch
new file mode 100644
index 0000000..bf37312
--- /dev/null
+++ b/debian/patches/Filter-out-PIE-flags-when-building-shared-objects.patch
@@ -0,0 +1,41 @@
+From: Christian Kastner <ckk@kvr.at>
+Date: Sat, 30 Apr 2016 14:12:45 +0200
+Subject: Filter out PIE flags when building shared objects
+
+Filter out -pie, -fpie, and -fPIE when building the shared library and the PAM
+module. This way, hardening=+all can be used unconditionally in debian/rules.
+
+Forwarded: not-needed
+Last-Update: 2016-04-30
+---
+ libcap/Makefile  | 2 ++
+ pam_cap/Makefile | 3 +++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/libcap/Makefile b/libcap/Makefile
+index 6d96bf7..abf1e03 100644
+--- a/libcap/Makefile
++++ b/libcap/Makefile
+@@ -10,6 +10,8 @@ LIBNAME=$(LIBTITLE).so
+ STACAPLIBNAME=$(LIBTITLE).a
+ #
+ STAPSXLIBNAME=libpsx.a
++CFLAGS  := $(filter-out -fPIE,$(CFLAGS))
++LDFLAGS := $(filter-out -fPIE,$(filter-out -pie,$(LDFLAGS)))
+ 
+ CAPFILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_file
+ PSXFILES=../psx/psx
+diff --git a/pam_cap/Makefile b/pam_cap/Makefile
+index a4c0e01..caa98e3 100644
+--- a/pam_cap/Makefile
++++ b/pam_cap/Makefile
+@@ -10,6 +10,9 @@ install: all
+ 	mkdir -p -m 0755 $(FAKEROOT)$(LIBDIR)/security
+ 	install -m 0755 pam_cap.so $(FAKEROOT)$(LIBDIR)/security
+ 
++CFLAGS  := $(filter-out -fPIE,$(CFLAGS))
++LDFLAGS := $(filter-out -fPIE,$(filter-out -pie,$(LDFLAGS)))
++
+ # Note (as the author of much of the Linux-PAM library, I am confident
+ # that this next line does *not* require -lpam on it.) If you think it
+ # does, *verify that it does*, and if you observe that it fails as
diff --git a/debian/patches/Hide-private-symbols.patch b/debian/patches/Hide-private-symbols.patch
new file mode 100644
index 0000000..840495e
--- /dev/null
+++ b/debian/patches/Hide-private-symbols.patch
@@ -0,0 +1,32 @@
+From: Christian Kastner <ckk@debian.org>
+Date: Thu, 30 Jul 2015 11:46:37 +0200
+Subject: Hide private symbols
+
+Hide a symbol which is clearly meant to be private. This resolves a FTBFS in
+combination with the new build dependency gperf.
+
+Also update the signature of __cap_lookup_name for gperf 3.1.
+
+Closes: #793311
+Closes: #869588
+
+Bug-Debian: https://bugs.debian.org/793311
+Bug-Debian: https://bugs.debian.org/869588
+Last-Update: 2017-07-24
+---
+ libcap/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcap/Makefile b/libcap/Makefile
+index 6ba7fcc..6d96bf7 100644
+--- a/libcap/Makefile
++++ b/libcap/Makefile
+@@ -56,7 +56,7 @@ cap_names.h: _makenames
+ 	./_makenames > cap_names.h
+ 
+ $(GPERF_OUTPUT): cap_names.list.h
+-	perl -e 'print "struct __cap_token_s { const char *name; int index; };\n%{\nconst struct __cap_token_s *__cap_lookup_name(const char *, size_t);\n%}\n%%\n"; while ($$l = <>) { $$l =~ s/[\{\"]//g; $$l =~ s/\}.*// ; print $$l; }' < $< | gperf --ignore-case --language=ANSI-C --readonly --null-strings --global-table --hash-function-name=__cap_hash_name --lookup-function-name="__cap_lookup_name" -c -t -m20 $(INDENT) > $@
++	perl -e 'print "struct __cap_token_s { const char *name; int index; };\n%{\n#include <stdlib.h>\nstatic const struct __cap_token_s *__cap_lookup_name(const char *, size_t);\n%}\n%%\n"; while ($$l = <>) { $$l =~ s/[\{\"]//g; $$l =~ s/\}.*// ; print $$l; }' < $< | gperf --ignore-case --language=ANSI-C --readonly --null-strings --global-table --hash-function-name=__cap_hash_name --lookup-function-name="__cap_lookup_name" -c -t -m20 $(INDENT) > $@
+ 	sed -e 's/unsigned int len/size_t len/' -i $@
+ 
+ # Intention is that libcap keeps up with torvalds' tree, as reflected
diff --git a/debian/patches/Make.Rules-Allow-overriding-DYNAMIC.patch b/debian/patches/Make.Rules-Allow-overriding-DYNAMIC.patch
new file mode 100644
index 0000000..9d472db
--- /dev/null
+++ b/debian/patches/Make.Rules-Allow-overriding-DYNAMIC.patch
@@ -0,0 +1,26 @@
+From: Kevin Locke <kevin@kevinlocke.name>
+Date: Mon, 3 Dec 2018 11:41:43 -0700
+Subject: Make.Rules: Allow overriding DYNAMIC
+
+So that we can build dynamic binaries even when building from a git
+repo (e.g. with git-buildpackage).
+
+Forwarded: not-needed
+Last-Update: 2018-12-03
+---
+ Make.Rules | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Make.Rules b/Make.Rules
+index 5366f2d..4fe52ae 100644
+--- a/Make.Rules
++++ b/Make.Rules
+@@ -81,7 +81,7 @@ LDFLAGS += -L$(topdir)/libcap
+ CFLAGS += -Dlinux $(WARNINGS) $(DEBUG)
+ PAM_CAP ?= $(shell if [ -f /usr/include/security/pam_modules.h ]; then echo yes ; else echo no ; fi)
+ INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
+-DYNAMIC := $(shell if [ ! -d "$(topdir)/.git" ]; then echo yes; fi)
++DYNAMIC ?= $(shell if [ ! -d "$(topdir)/.git" ]; then echo yes; fi)
+ 
+ GO := go
+ GOLANG := $(shell if [ -n "$(shell $(GO) version 2>/dev/null)" ]; then echo yes ; else echo no ; fi)
diff --git a/debian/patches/Use-DEB_GAIN_ROOT_CMD-for-make-test.patch b/debian/patches/Use-DEB_GAIN_ROOT_CMD-for-make-test.patch
new file mode 100644
index 0000000..ea00228
--- /dev/null
+++ b/debian/patches/Use-DEB_GAIN_ROOT_CMD-for-make-test.patch
@@ -0,0 +1,56 @@
+From: Kevin Locke <kevin@kevinlocke.name>
+Date: Mon, 3 Dec 2018 08:53:43 -0700
+Subject: Use $DEB_GAIN_ROOT_CMD for make test
+
+The $DEB_GAIN_ROOT_CMD environment variable is the mechanism to run
+build/test commands as root, according to section 4.9.2 of the Debian
+Policy.  Use it instead of sudo (which is not guaranteed to be
+available, since it is not a build-dependency).
+
+Forwarded: not-needed
+Last-Update: 2019-10-28
+---
+ pam_cap/Makefile | 14 +++++++-------
+ progs/Makefile   |  4 ++--
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/pam_cap/Makefile b/pam_cap/Makefile
+index caa98e3..8478d27 100644
+--- a/pam_cap/Makefile
++++ b/pam_cap/Makefile
+@@ -34,13 +34,13 @@ test: pam_cap.so
+ 	make testlink
+ 
+ sudotest: test test_pam_cap
+-	sudo ./test_pam_cap root 0x0 0x0 0x0 config=./capability.conf
+-	sudo ./test_pam_cap root 0x0 0x0 0x0 config=./sudotest.conf
+-	sudo ./test_pam_cap alpha 0x0 0x0 0x0 config=./capability.conf
+-	sudo ./test_pam_cap alpha 0x0 0x1 0x80 config=./sudotest.conf
+-	sudo ./test_pam_cap beta 0x0 0x1 0x0 config=./sudotest.conf
+-	sudo ./test_pam_cap gamma 0x0 0x0 0x81 config=./sudotest.conf
+-	sudo ./test_pam_cap delta 0x41 0x80 0x41 config=./sudotest.conf
++	$(DEB_GAIN_ROOT_CMD) ./test_pam_cap root 0x0 0x0 0x0 config=./capability.conf
++	$(DEB_GAIN_ROOT_CMD) ./test_pam_cap root 0x0 0x0 0x0 config=./sudotest.conf
++	$(DEB_GAIN_ROOT_CMD) ./test_pam_cap alpha 0x0 0x0 0x0 config=./capability.conf
++	$(DEB_GAIN_ROOT_CMD) ./test_pam_cap alpha 0x0 0x1 0x80 config=./sudotest.conf
++	$(DEB_GAIN_ROOT_CMD) ./test_pam_cap beta 0x0 0x1 0x0 config=./sudotest.conf
++	$(DEB_GAIN_ROOT_CMD) ./test_pam_cap gamma 0x0 0x0 0x81 config=./sudotest.conf
++	$(DEB_GAIN_ROOT_CMD) ./test_pam_cap delta 0x41 0x80 0x41 config=./sudotest.conf
+ 
+ clean:
+ 	rm -f *.o *.so testlink test_pam_cap *~
+diff --git a/progs/Makefile b/progs/Makefile
+index 5bfb8da..1da7bff 100644
+--- a/progs/Makefile
++++ b/progs/Makefile
+@@ -43,8 +43,8 @@ test: $(PROGS)
+ tcapsh-static: capsh.c $(DEPS)
+ 	$(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static
+ 
+-sudotest: test tcapsh-static
+-	sudo $(LDPATH) ./quicktest.sh
++sudotest: test
++	$(DEB_GAIN_ROOT_CMD) ./quicktest.sh
+ 
+ clean:
+ 	$(LOCALCLEAN)
diff --git a/debian/patches/ldlibs.patch b/debian/patches/ldlibs.patch
new file mode 100644
index 0000000..5787144
--- /dev/null
+++ b/debian/patches/ldlibs.patch
@@ -0,0 +1,26 @@
+From: Andrew Straw <strawman@astraw.com>
+Date: Fri, 20 May 2011 08:28:55 -0500
+Subject: compile pam_cap with -lpam
+
+A similar fix was in Debian but appears to have been accidentally
+dropped. Drop this one if or when debian gets it back so we can
+directly sync (Closes: #591410).
+
+Last-Update: 2020-02-09
+---
+ pam_cap/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pam_cap/Makefile b/pam_cap/Makefile
+index 56604fd..638d793 100644
+--- a/pam_cap/Makefile
++++ b/pam_cap/Makefile
+@@ -16,7 +16,7 @@ install: all
+ # written (and you know why it fails), email me and explain why. Thanks!
+ 
+ pam_cap.so: pam_cap.o
+-	$(LD) -o pam_cap.so $< $(LIBCAPLIB) $(LDFLAGS)
++	$(LD) -o pam_cap.so $< $(LIBCAPLIB) $(LDFLAGS) -lpam
+ 
+ pam_cap.o: pam_cap.c
+ 	$(CC) $(CFLAGS) $(IPATH) -c $< -o $@
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e7fe154
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,7 @@
+ldlibs.patch
+setcap-error-message.patch
+Don-t-hardcode-build-flags.patch
+Hide-private-symbols.patch
+Filter-out-PIE-flags-when-building-shared-objects.patch
+Use-DEB_GAIN_ROOT_CMD-for-make-test.patch
+Make.Rules-Allow-overriding-DYNAMIC.patch
diff --git a/debian/patches/setcap-error-message.patch b/debian/patches/setcap-error-message.patch
new file mode 100644
index 0000000..eac3ab1
--- /dev/null
+++ b/debian/patches/setcap-error-message.patch
@@ -0,0 +1,54 @@
+From: Zhi Li <lizhi1215@gmail.com>
+Date: Wed, 20 Jul 2011 09:35:48 +0800
+Subject: refine setcap output on errors (Closes: #633075)
+
+The error message of setcap is a little confused. From the error message it is
+hard to detect what is wrong. I removed the last 'usage' function call,
+because at that code point the 'usage' can not provide any useful information.
+Instead, I added a function 'mystrerror' which shall provide more information.
+
+Last-Update: 2016-02-07
+---
+ progs/setcap.c | 22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/progs/setcap.c b/progs/setcap.c
+index 442685d..bf3b3c4 100644
+--- a/progs/setcap.c
++++ b/progs/setcap.c
+@@ -22,6 +22,25 @@ static void usage(void)
+     exit(1);
+ }
+ 
++static const char * mystrerror(int n)
++{
++  struct my_error {
++    int num;
++    const char *desp;
++  }db[] = {
++    { EINVAL, "The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file" },
++    { ENODATA, "Are you removing capabilities from a file? That file does not have any capability."},
++    {0, ""}
++  };
++
++  struct my_error *p = &db[0];
++  while (p->num) {
++    if ( n == p->num ) return p->desp;
++    p++;
++  }
++  return "";
++}
++
+ #define MAXCAP  2048
+ 
+ static int read_caps(int quiet, const char *filename, char *buffer)
+@@ -218,7 +237,8 @@ int main(int argc, char **argv)
+ 			"Failed to set capabilities on file `%s' (%s)\n",
+ 			argv[0], strerror(oerrno));
+ 		if (!explained) {
+-		    usage();
++			fprintf(stderr, "%s\n", mystrerror(errno));
++			exit(1);
+ 		}
+ 	    }
+ 	}
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..2c8d05e
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,84 @@
+#!/usr/bin/make -f
+
+# Pass this as version-info to dh_makeshlibs
+SHLIBS_MINVER = 1:2.33
+
+# Exports DEB_{BUILD,HOST}_* flags
+include /usr/share/dpkg/architecture.mk
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+
+# Support cross-compiling
+ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+CC := $(DEB_HOST_GNU_TYPE)-gcc
+endif
+
+# One upstream target, "_makenames", requires the BUILD compiler instead of HOST
+BUILD_CC ?= cc
+export BUILD_LDFLAGS = $(shell dpkg-architecture -a$(DEB_BUILD_ARCH) -c dpkg-buildflags --get LDFLAGS)
+export BUILD_CPPFLAGS = $(shell dpkg-architecture -a$(DEB_BUILD_ARCH) -c dpkg-buildflags --get CPPFLAGS)
+
+# Upstream's way of setting optimization
+ifneq (,$(filter noopt, $(DEB_BUILD_OPTIONS)))
+COPTS = COPTS=-O0
+endif
+
+%:
+	dh ${@}
+
+
+override_dh_auto_build:
+	dh_auto_build -- CC=$(CC) BUILD_CC=$(BUILD_CC) $(COPTS)
+
+
+override_dh_installdirs:
+	dh_installdirs
+	# While the PAM module and the library are in /lib, according to the
+	# FHS, development files must go into usr/lib/<triplet>.
+	mkdir -p debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)
+
+
+override_dh_auto_install:
+	dh_auto_install -- \
+		lib=lib/$(DEB_HOST_MULTIARCH) \
+		PKGCONFIGDIR=/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig \
+		RAISE_SETFCAP=no
+
+	# libcap-dev:
+	#   Move the development files from lib/ to usr/lib. dh_link will
+	#   later correct the link for us (from relative to absolute).
+	cd debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH) && \
+		mv    ../../../lib/$(DEB_HOST_MULTIARCH)/*.a . && \
+		ln -s ../../../lib/$(DEB_HOST_MULTIARCH)/libcap.so.*.* libcap.so
+	sed -i -e 's#^libdir=.*#libdir=/usr/lib/$(DEB_HOST_MULTIARCH)#' \
+		debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libcap.pc
+
+	# Remove unwanted/unused files (because of --fail-missing)
+	rm -f debian/tmp/lib/$(DEB_HOST_MULTIARCH)/*.so
+
+
+override_dh_auto_test:
+ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS)))
+ ifeq ($(DEB_RULES_REQUIRES_ROOT),dpkg/target-subcommand)
+  ifeq (,$(findstring fakeroot,$(DEB_GAIN_ROOT_CMD)))
+	make test
+  else
+	@echo 'Warning: Tests require real root, not fakeroot.  Skipping.' >&2
+  endif
+ else ifeq (0,$(shell id -u))
+	make test
+ else
+	@echo 'Warning: Tests require root.  Skipping.' >&2
+ endif
+endif
+
+
+override_dh_missing:
+	dh_missing --fail-missing
+
+
+override_dh_makeshlibs:
+	dh_makeshlibs -V'libcap2 (>= $(SHLIBS_MINVER))' -plibcap2 \
+		--add-udeb=libcap2-udeb -- -c4
+	dh_makeshlibs --remaining-packages -- -c4
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
new file mode 100644
index 0000000..7a25494
--- /dev/null
+++ b/debian/source/lintian-overrides
@@ -0,0 +1,3 @@
+# Upstream signs the uncompressed tarball. While this use case is already
+# supported by uscan, it is not yet supported by dpkg. See #882694
+libcap2 source: orig-tarball-missing-upstream-signature
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..2a8a29d
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,3 @@
+Tests: executables
+Restrictions: needs-root
+Depends: libcap2-bin, libc-dev, gcc
diff --git a/debian/tests/executables b/debian/tests/executables
new file mode 100644
index 0000000..e77c99e
--- /dev/null
+++ b/debian/tests/executables
@@ -0,0 +1,145 @@
+#!/bin/sh
+# Test getting and setting of capabilities using getcap(8) and setcap(8).
+# a simple test program. Assumes AUTOPKGTEST_TMP is set, see
+# /usr/share/doc/autopkgtest/README.package-tests.gz
+set -e
+
+echo "@@@ Running test for getcap/setcap... @@@"
+
+
+#########
+# Preconditions
+#########
+if [ `id -u` -ne 0 ]
+then
+	echo "This test must be run as root" >&2
+	exit 1
+elif [ -z "$AUTOPKGTEST_TMP" ]
+then
+	echo "This test requires that \$AUTOPKGTEST_TMP be set" >&2
+	exit 1
+fi
+
+# We will mount a tmpfs within AUTOPKGTEST_TMP. This is the only way to be sure that we
+# are on a filesystem mounted without the nosuid option
+test_tmpfs="$AUTOPKGTEST_TMP/tmpfs_executables"
+
+# Make sure that we undo all our changes to the system
+cleanup_testenv() {
+	cd /
+	if mountpoint -q "$test_tmpfs"
+	then
+		umount "$test_tmpfs"
+	fi
+	rmdir "$test_tmpfs"
+}
+trap cleanup_testenv EXIT HUP INT QUIT TERM
+
+
+#########
+# Set some names. We are modifying capabilities, so paths should be absolute.
+#########
+testuser=nobody
+testfile="$test_tmpfs/testfile"
+testprog="$test_tmpfs/chown_testfile"
+testprog_src="${testprog}.c"
+
+
+#########
+# Step 1: Mount out tmpfs, and cd to it
+#########
+
+mkdir -p "$test_tmpfs"
+mount -t tmpfs -o size=10m tmpfs "$test_tmpfs"
+cd "$tmpfs"
+
+
+#########
+# Step 2: Prepare a trivial program that changes permissions of file $testfile
+#########
+
+cat > "$testprog_src" <<EOF
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+int main(int argc, char **argv)
+{
+	/* See if we can chown the given file */
+	if (chown("$testfile", getuid(), getgid()) != 0) {
+		perror("chown");
+		exit(EXIT_FAILURE);
+	}
+
+	printf("OK\n");
+	exit(EXIT_SUCCESS);
+}
+EOF
+
+gcc -Wall -o "$testprog" "$testprog_src"
+chmod 755 "$testprog"
+
+
+#########
+# Step 3: Ceate a file with root ownership
+#########
+
+touch "$testfile"
+
+
+#########
+# Step 4: Verify that our test program fails to chown the file due to
+#         insufficient permissions
+#########
+
+echo "Attempt to chown *without* CAP_CHOWN should fail:"
+if su -c "$testprog" -s /bin/sh nobody 2>&1
+then
+	echo "Test file chown was successful although it shouldn't have been" >&2
+	exit 1
+else
+	echo "OK, failed"
+fi
+
+
+#########
+# Step 5: Set CAP_CHOWN and ensure that our test program succeeds this time
+#########
+
+echo "Set CAP_CHOWN on test file:"
+if ! setcap cap_chown+ep "$testprog" 2>&1
+then
+	echo "Failed to set CAP_CHOWN on $testprog" >&2
+	exit 1
+elif ! setcap -v cap_chown+ep "$testprog" 2>&1
+then
+	echo "Setting CAP_CHOWN on $testprog succeeded but verification failed" >&2
+	exit 1
+else
+	echo "OK, set"
+fi
+
+echo "Attempt to chown *with* CAP_CHOWN should succeed:"
+if ! su -c "$testprog" -s /bin/sh nobody 2>&1
+then
+	echo "Test file chown failed although it shouldn't have" >&2
+	exit 1
+else
+	echo "OK, chown succeeded"
+fi
+
+
+#########
+# Step 6:
+#   Final verification
+#########
+
+if [ `stat -c '%u:%g' "$testfile"` != "`id -u $testuser`:`id -g $testuser`" ]
+then
+	echo "chown succeeded but resulting ownership doesn't match expecation" >&2
+	exit 1
+fi
+
+# End of test
+echo "@@@ Test: OK @@@"
diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
new file mode 100644
index 0000000..ac5205b
--- /dev/null
+++ b/debian/upstream/signing-key.asc
@@ -0,0 +1,64 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBE6OiBIBEADpdtUxC8Fmhn5UK6UCZdU7mFgZwN8U9cabFUPfUIkMqXULhCD0
+hG2/amuiiUoLollPjOopNqk4cc8LcZfszOdBFAYj7MeWzNySVw4KkWrVCEH/bZ0Q
+QzZH2qmoMT5CIrtcNxCAvukYsZLhyZYO0HdfuE05mVhVjtX9Btfxr7Ndvb7L4MRS
+3Qb6+nHTgfn/Oow92/koIWvi0YvskKdZypeU888TQL99E8xdgL2n2Ip3xYwBHRR2
+GPb5MGOuEItF3tJ0kkILW5mzkJq/iLzRphzKjdF76I9QVRP8dZ+uWHPubWePm/5c
+1H9lnlw00ZZ/ucQvSwTesUYk2aKkxzgm6X8fCdJXBLGgW5K6CkynpjN3qJ9KpcNY
+H55smUgp8BaiWuoHe4pLvuBhnN2wiYOe2j9UvGX1OaRstMXFx7YbBvkGgdoZthUe
+VPGAa4K+dnI2oy4wukzl/unAKrlMCBRsRoW2qjy3TDSXqwJhd34ilHzrdAdchrh/
+acBfbBtRzVlcDTnGltDNMuRTXzujaY9C3B0L2E+Jfrds8WcM8ASO4mHwJUTMrBwM
+b5sFSG+/X9Ufg/c2G086HQ7xMERUA5oz66P5ReHCph8WHQN2L5vtZwL7//hZB9hn
+G0K1210YEDXpFPijpis/54MKUSkWEFOLjUbiSPbwEfb79A00CcHojQQinwARAQAB
+tCRBbmRyZXcgRy4gTW9yZ2FuIDxtb3JnYW5Aa2VybmVsLm9yZz6JAjsEEwECACUC
+GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJOmRGPAhkBAAoJECnuhIrizPP0
+wK0P/RMvjmzeXbgoa36cBDvDKReAiC56Au4qGXkNah3984tNPT1hVUKCiwiUmULo
+NJbEI4qFJTtwsMi5QzE+daCA7t+ALJiC+PKiKFG1LDz7mxfhmBeS3XcYuqZdjyKr
+ATUFr0SHbsJxtRCslawGD2gKczLknFeBXL0997TfJS9ipLibqCtmvyryHn4EbZfo
+Jqcpj/RBN/izVGHNYI8BsZpO5F6z7vXoncDL0dKh65ndGaIbhVDUPsDBvzg3i+Ez
+hB51hYTTNKK0QpWbmsXfJBnvztinfLUsnO9HV8aRaygOI/DAKAtT7YPXORA1oFYt
+x69bzulqC+TXUmeV8YW8bETH4xHM9mQb0oNLPibR2nK2FSDiLp0/eEM5vgzfPVUX
+7WzBJUPsf0ah/e1yrXqudGUUZ0R+3VMOdxMryZBKLymkzyvu6a5DcLarqAt8y9ci
+RH67HKNnE1gvHf5K2Q37gwSecwmXCjpMlbVJnIarLKBcVRcYKtxgPxCv6483I8he
+SKF7PB/IFBmzT1cX7lhln9+62Ks/0Gs0pA0iNLaD+POPiqWrAwZsFvKjD9PDaCBD
+FRWjFqZLyJMsMi1qmP8jWsdQqPdUskQC0ftvw3Z6SiyyrriSAzglCjmmAcfdt+w4
+b/EO4SzSZUnd/ApkHkZx1Lbta15WKxGi7S8/5zNdaK721nUdtDBBbmRyZXcgRy4g
+TW9yZ2FuIChXb3JrIEFkZHJlc3MpIDxhZ21AZ29vZ2xlLmNvbT6JAjgEEwECACIF
+Ak6VD4ICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECnuhIrizPP0zNoQ
+AMDjx3iovvf0rpAYFvvAoPbzhEXcJ41/T+paxWOJm8SEg7fXnUHgXeTwW3RJPIp7
+PguctPogvKQV+7GcU5Dcg13DZO4nMrSsvInsLQkfeDVU/zl2MuHFOtBMpDp6iGcU
+wjS0bYbvl03fPj7ZXIML+I7OSyNeoZ/n2ztI9UiIBHovsHqZqYm4d7VOi4nVj1Y/
+Gak99sw3cLvUwq9f3i8ioNzynqBT7jA+GWFaeVJuGrOCBBBguIu0Ekg42NAZ2AR3
+2wQP5eEtlSAq8Il9RZzewa1v74loDNJOl+kW5/jQK6tGj2A9vlTqVzHUDmPZ9n6D
+s7h3wo2g3gzYX1cuM3spW9UsA8XUDNY2yNFYDC9IsAI09u18N7f89isG/yYh5MZp
+Jz2fx7cecHtwSVukTGHDsaoHTXMlfjQmVU5efORZJa6Bx0TkaSCwecem3q+3Ocdg
+W8XwPWik/5Wv8B3dJopMH1Mw3pRhirtTd6/88xNyLkJStptBDZvbqvB2nMmSiqgh
+0mPeslnwubxJ5/4FbP9zlLN7zp49RZHKDl/8EMSXGCjmG6UTxW6I3YpKdc4+yEd1
+9/UUtxqQOfbgFvlcbesQ5ILvLOzZidkS7y0v4i9rZBe/HEy3eG8z4s5dloBrpSBv
+KySwqWuuSDn3tMqw4Bz2Be3FgtYA4TnNy7shcFR2BMFouQINBE6OiBIBEAC0ufLy
+eXKvx/JgYChxDPRLjtr32f9fRWaDCjW2smwJdZs6unO3OdjwgVEr91GdEeIzAHFZ
+DgK91STanQzB5SI6OkQ3ttSb3aN4VcyvSGlAp/47gMwTEdLiHEvACucoW4CTZ6NF
+AZcFwSgy/XUuJTC7MVtZ1eoywDVNu4D5a8QGcVRgz/rE2Il5EhQiIbJ2EbXJrDwe
+s1YseeGFw59PrPkA7r2FlmIlpyn2lT/6Od6n8zjangnXvHzX4RKkl6Vp3BHRDFzS
+rE7JaJ03ug7mFKIETBTqVhCN1Dbelru03Wj3Q/2PI3acUER0G7YP+aLgNX/5VdRg
+c0TLe42GaYsbAyg9VaJm95GYbvj6d7sxXLHBv0QgXch6dLhPrl57V2Vm9qgzFSVR
+7yG0QrQKGtBk58hOz0zKNTChOItRWjeRB4yWL0ckRBc9GMeqSRntbrkuGQRWcdI8
+da221FIOS5li3N76F7XjYbMNJADd0XbPL+0ukFvkIDb0hNxBOymBXsC5XxhCoNnh
+dYexH0Cbnffg3zcReTaii6rGXuYpQHRWDq26M0IFJGfoDcJRoDb3D8zJODjPpjDo
+cPeKXUnw9xYSg7OqVSg93y0DmlxkJwqeCRed2leCxkKCgKC/H1Y1T4tSscF+ELdM
+suwjuIY7Um8uCGR6wpMBEXc7aFLfECF8ZnGfwwARAQABiQIfBBgBAgAJBQJOjogS
+AhsMAAoJECnuhIrizPP0dJgP/2GYSwm5KAAbDH84/B5i4MaQDblqMMC7n0unNNuM
+H/I5TWsNVS7dwwf5QTJoQaWFud4a8cXYOwQL2KX/x9Uvh5oT0Ramikiidid0ET3X
+5iIYc9OiLIpx2nQq5AzCbYQ0CIR/+oSusHY0udrjB9lTHmXO8Q4STdw0+Y3PYRHI
+w9ch56JD1UqnczOilaG8Ei0DIjPO7J0oq8kArMOhM4QvjDrSyUCmGPytUKxbjmTY
+C6tZQftUUzx7Ne6eJ4t7KAIZv5glkB63rJVcPdTCc1xYIZD7EpI+7IqufjEobQ3m
+DPGcYiH9L/sg6NFo1Hlf6l9Z3pjM32pRFR+Jea4tI9EcrgWV9qbiAwwe6X3AvpcF
+rIWjY1Q8FrGDhT0AICBInGAJM08IrCei95w6xGYgRIq1PUXeFtlFGBEaP9MN6klA
+18dLKT9lB+6gmCAExAskrMYgjjatvRb3RAsyTRLILN5vcs7fLI2IqmW42kmyXYip
+0EkTm3UvGEoOeO7omUXI9wYmc/92hO4NOOMvRX6C48AZVu6rSDaGS75mUnCMxK03
+Ac9bF6J+4MltBUinTFlsjl2N0cLyFUlf53T0nl6rQ+WAwSJ1zgX5W/6aYYmXQaI1
++GZNoAJJHNsjbn9uG+PbGHHwDYsQ65T/6fNiBDM9wWlrCJQ/XAGdOqL6ZrErHn/2
+J/Kv
+=tjPe
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..c60983d
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,4 @@
+version=4
+
+opts="pgpsigurlmangle=s%\.xz$%.sign%,decompress" \
+https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-(.+).tar.xz