Backport upstream patch

backport-Address-some-static-analysis-observations.patch

@@ -0,0 +1,53 @@
+From a044d8b496ef598c61f0634172c742bd52ccf776 Mon Sep 17 00:00:00 2001
+From: "Andrew G. Morgan" <morgan@kernel.org>
+Date: Fri, 15 Nov 2024 07:26:42 -0800
+Subject: [PATCH] Address some static analysis observations.
+
+These were reported by Carlos Rodriguez-Fernandez with respect
+to some analysis performed on the Fedora libcap-2.71 package.
+
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ libcap/execable.h | 1 +
+ pam_cap/pam_cap.c | 6 +++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libcap/execable.h b/libcap/execable.h
+index 7a2d247..89e61a3 100644
+--- a/libcap/execable.h
++++ b/libcap/execable.h
+@@ -38,6 +38,7 @@ static void __execable_parse_args(int *argc_p, char ***argv_p)
+ 	    char *new_mem = realloc(mem, size+1);
+ 	    if (new_mem == NULL) {
+ 		perror("unable to parse arguments");
++		fclose(f);
+ 		if (mem != NULL) {
+ 		    free(mem);
+ 		}
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index 3fe3b8c..24de329 100644
+--- a/pam_cap/pam_cap.c
++++ b/pam_cap/pam_cap.c
+@@ -170,7 +170,8 @@ static char *read_capabilities_for_user(const char *user, const char *source)
+ 
+ 	    int i;
+ 	    for (i=0; i < groups_n; i++) {
+-		if (!strcmp(groups[i], line+1)) {
++		const char *g = groups[i];
++		if (g != NULL && !strcmp(g, line+1)) {
+ 		    D(("user group matched [%s]", line));
+ 		    found_one = 1;
+ 		    break;
+@@ -283,6 +284,9 @@ static int set_capabilities(struct pam_cap_s *cs)
+ 	    goto cleanup_cap_s;
+ 	}
+ 	conf_caps = strdup(cs->fallback);
++	if (conf_caps == NULL) {
++	    goto cleanup_cap_s;
++	}
+ 	D(("user [%s] received fallback caps [%s]", cs->user, conf_caps));
+     }
+ 
+-- 
+2.33.0
+

libcap.spec

@@ -1,6 +1,6 @@
 Name:     libcap
 Version:  2.69
-Release:  4
+Release:  5
 Summary:  A library for getting and setting POSIX.1e draft 15 capabilities        
 License:  GPLv2
 URL:      https://sites.google.com/site/fullycapable
@@ -12,6 +12,7 @@ Patch2:   support-specify-cc.patch
 Patch3:   backport-getpcaps-fix-program-name-in-help-message.patch
 Patch4:   backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch
 Patch5:   backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch
+Patch6:   backport-Address-some-static-analysis-observations.patch
 
 BuildRequires: libattr-devel pam-devel perl-interpreter gcc
 
@@ -74,6 +75,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_mandir}/man8/*.gz
 
 %changelog
+* Thu Mar 13 2025 yixiangzhike <yixiangzhike007@163.com> - 2.69-5
+- backport upstream patch to address some static analysis observations
+
 * Tue Mar 04 2025 Linux_zhang <zhangruifang@h-partners.com> - 2.69-4
 - fix CVE-2025-1390