!80 Backport upstream patch

From: @yixiangzhike 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

backport-Address-some-static-analysis-observations.patch

@@ -0,0 +1,53 @@
+From a044d8b496ef598c61f0634172c742bd52ccf776 Mon Sep 17 00:00:00 2001
+From: "Andrew G. Morgan" <morgan@kernel.org>
+Date: Fri, 15 Nov 2024 07:26:42 -0800
+Subject: [PATCH] Address some static analysis observations.
+
+These were reported by Carlos Rodriguez-Fernandez with respect
+to some analysis performed on the Fedora libcap-2.71 package.
+
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ libcap/execable.h | 1 +
+ pam_cap/pam_cap.c | 6 +++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libcap/execable.h b/libcap/execable.h
+index 7a2d247..89e61a3 100644
+--- a/libcap/execable.h
++++ b/libcap/execable.h
+@@ -38,6 +38,7 @@ static void __execable_parse_args(int *argc_p, char ***argv_p)
+ 	    char *new_mem = realloc(mem, size+1);
+ 	    if (new_mem == NULL) {
+ 		perror("unable to parse arguments");
++		fclose(f);
+ 		if (mem != NULL) {
+ 		    free(mem);
+ 		}
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index 3fe3b8c..24de329 100644
+--- a/pam_cap/pam_cap.c
++++ b/pam_cap/pam_cap.c
+@@ -170,7 +170,8 @@ static char *read_capabilities_for_user(const char *user, const char *source)
+ 
+ 	    int i;
+ 	    for (i=0; i < groups_n; i++) {
+-		if (!strcmp(groups[i], line+1)) {
++		const char *g = groups[i];
++		if (g != NULL && !strcmp(g, line+1)) {
+ 		    D(("user group matched [%s]", line));
+ 		    found_one = 1;
+ 		    break;
+@@ -283,6 +284,9 @@ static int set_capabilities(struct pam_cap_s *cs)
+ 	    goto cleanup_cap_s;
+ 	}
+ 	conf_caps = strdup(cs->fallback);
++	if (conf_caps == NULL) {
++	    goto cleanup_cap_s;
++	}
+ 	D(("user [%s] received fallback caps [%s]", cs->user, conf_caps));
+     }
+ 
+-- 
+2.33.0
+

backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch

@@ -0,0 +1,32 @@
+From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Date: Mon, 17 Feb 2025 10:31:55 +0800
+Subject: [PATCH] pam_cap: Fix potential configuration parsing error
+
+The current configuration parsing does not actually skip user names
+that do not start with @, but instead treats the name as a group
+name for further parsing, which can result in matching unexpected
+capability sets and may trigger potential security issues.  Only
+names starting with @ should be parsed as group names.
+
+Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ pam_cap/pam_cap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index 24de329..3ec99bb 100644
+--- a/pam_cap/pam_cap.c
++++ b/pam_cap/pam_cap.c
+@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source)
+ 
+ 	    if (line[0] != '@') {
+ 		D(("user [%s] is not [%s] - skipping", user, line));
++		continue;
+ 	    }
+ 
+ 	    int i;
+-- 
+2.33.0
+

backport-Correct-the-check-of-pthread_create-s-return-value.patch

@@ -1,41 +0,0 @@
-From bc6b36682f188020ee4770fae1d41bde5b2c97bb Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Wed, 3 May 2023 19:18:36 -0700
-Subject: [PATCH] Correct the check of pthread_create()'s return value.
-
-This function returns a positive number (errno) on error, so the code
-wasn't previously freeing some memory in this situation.
-
-Discussion:
-
-  https://stackoverflow.com/a/3581020/14760867
-
-Credit for finding this bug in libpsx goes to David Gstir of
-X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security
-audit of the libcap source code in April of 2023. The audit
-was sponsored by the Open Source Technology Improvement Fund
-(https://ostif.org/).
-
-Audit ref: LCAP-CR-23-01 (CVE-2023-2602)
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
----
- psx/psx.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/psx/psx.c b/psx/psx.c
-index d9c0485..65eb2aa 100644
---- a/psx/psx.c
-+++ b/psx/psx.c
-@@ -516,7 +516,7 @@ int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
-     pthread_sigmask(SIG_BLOCK, &sigbit, NULL);
- 
-     int ret = __real_pthread_create(thread, attr, _psx_start_fn, starter);
--    if (ret == -1) {
-+    if (ret > 0) {
- 	psx_new_state(_PSX_CREATE, _PSX_IDLE);
- 	memset(starter, 0, sizeof(*starter));
- 	free(starter);
--- 
-2.27.0
-

backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch

@@ -1,55 +0,0 @@
-From 422bec25ae4a1ab03fd4d6f728695ed279173b18 Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Wed, 3 May 2023 19:44:22 -0700
-Subject: [PATCH] Large strings can confuse libcap's internal strdup code.
-
-Avoid something subtle with really long strings: 1073741823 should
-be enough for anybody. This is an improved fix over something attempted
-in libcap-2.55 to address some static analysis findings.
-
-Reviewing the library, cap_proc_root() and cap_launcher_set_chroot()
-are the only two calls where the library is potentially exposed to a
-user controlled string input.
-
-Credit for finding this bug in libcap goes to Richard Weinberger of
-X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security audit
-of the libcap source code in April of 2023. The audit was sponsored
-by the Open Source Technology Improvement Fund (https://ostif.org/).
-
-Audit ref: LCAP-CR-23-02 (CVE-2023-2603)
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
----
- libcap/cap_alloc.c | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c
-index 59fe503..504abd2 100644
---- a/libcap/cap_alloc.c
-+++ b/libcap/cap_alloc.c
-@@ -106,15 +106,17 @@ __attribute__((visibility ("hidden"))) char *_libcap_strdup(const char *old)
- 	errno = EINVAL;
- 	return NULL;
-     }
--    len = strlen(old) + 1 + 2*sizeof(__u32);
--    if (len < sizeof(struct _cap_alloc_s)) {
--	len = sizeof(struct _cap_alloc_s);
--    }
--    if ((len & 0xffffffff) != len) {
-+
-+    len = strlen(old);
-+    if ((len & 0x3fffffff) != len) {
- 	_cap_debug("len is too long for libcap to manage");
- 	errno = EINVAL;
- 	return NULL;
-     }
-+    len += 1 + 2*sizeof(__u32);
-+    if (len < sizeof(struct _cap_alloc_s)) {
-+	len = sizeof(struct _cap_alloc_s);
-+    }
- 
-     raw_data = calloc(1, len);
-     if (raw_data == NULL) {
--- 
-2.27.0
-

backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch

@@ -0,0 +1,45 @@
+From ee20d385ef319f8523f1debc49f375c8eff257a6 Mon Sep 17 00:00:00 2001
+From: "Andrew G. Morgan" <morgan@kernel.org>
+Date: Fri, 22 Dec 2023 06:37:02 -0800
+Subject: Stop using _pam_overwrite() in pam_cap.c.
+
+It looks like the Linux-PAM folk have deprecated this macro. Compiler optimization
+is hard to account for: apparently this explicit deletion is no longer
+guaranteed to work. This function was marked deprecated in v1.5.3 of Linux-PAM.
+
+I've replaced its use with memset(). I'm not convinced that that will be honored
+either, but remain hopeful and prefer to leave the code explicit in its intent
+without a deprecation warning messing up the build log. Should some compiler
+optimize it away and it leads to an exploit of some sort, it can be revealed as
+a compilation bug.
+
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ pam_cap/pam_cap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index b9419cb..3fe3b8c 100644
+--- a/pam_cap/pam_cap.c
++++ b/pam_cap/pam_cap.c
+@@ -199,7 +199,7 @@ defer:
+     int i;
+     for (i = 0; i < groups_n; i++) {
+ 	char *g = groups[i];
+-	_pam_overwrite(g);
++	memset(g, 0, strlen(g));
+ 	_pam_drop(g);
+     }
+     if (groups != NULL) {
+@@ -440,7 +440,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ 	   small race associated with a redundant read of the
+ 	   config. */
+ 
+-	_pam_overwrite(conf_caps);
++	memset(conf_caps, 0, strlen(conf_caps));
+ 	_pam_drop(conf_caps);
+ 
+ 	return PAM_SUCCESS;
+-- 
+cgit 1.2.3-korg
+

backport-There-was-a-small-memory-leak-in-pam_cap.so-when-lib.patch

@@ -1,48 +0,0 @@
-From 917c8b5d3450870b4f25fd4a5a5198faa9de9aeb Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Wed, 3 May 2023 20:12:52 -0700
-Subject: [PATCH] There was a small memory leak in pam_cap.so when libpam
- returned an error.
-
-The function pam_set_data() takes ownership of a memory pointer if
-the call succeeds, but does not take that ownership if the function
-fails. Previously, the failure caused no deferred capability setting and
-a return code PAM_IGNORE. It continues to do that in this case, but no
-longer leaks the allocated iab memory.
-
-This bug was introduced with deferred IAB capability setting support in
-libcap-2.58.
-
-Credit for finding this bug in pam_cap.so goes to X41 D-Sec GmbH
-(https://x41-dsec.de/) who performed a security audit of the libcap
-source code in April of 2023. The audit was sponsored by the Open
-Source Technology Improvement Fund (https://ostif.org/).
-
-Audit ref: LCAP-CR-23-100
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
----
- pam_cap/pam_cap.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
-index 7e8cade..91278dc 100644
---- a/pam_cap/pam_cap.c
-+++ b/pam_cap/pam_cap.c
-@@ -290,7 +290,12 @@ static int set_capabilities(struct pam_cap_s *cs)
- 
-     if (cs->defer) {
- 	D(("configured to delay applying IAB"));
--	pam_set_data(cs->pamh, "pam_cap_iab", iab, iab_apply);
-+	int ret = pam_set_data(cs->pamh, "pam_cap_iab", iab, iab_apply);
-+	if (ret != PAM_SUCCESS) {
-+	    D(("unable to cache capabilities for delayed setting: %d", ret));
-+	    /* since ok=0, the module will return PAM_IGNORE */
-+	    cap_free(iab);
-+	}
- 	iab = NULL;
-     } else if (!cap_iab_set_proc(iab)) {
- 	D(("able to set the IAB [%s] value", conf_caps));
--- 
-2.27.0
-

backport-getpcaps-fix-program-name-in-help-message.patch

@@ -0,0 +1,27 @@
+From 17c5e89521fd0455a8f18563eb37e5ddbc7d34cb Mon Sep 17 00:00:00 2001
+From: Jakub Wilk <jwilk@jwilk.net>
+Date: Mon, 29 Jan 2024 11:33:40 +0100
+Subject: getpcaps: fix program name in help message
+
+Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ progs/getpcaps.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/progs/getpcaps.c b/progs/getpcaps.c
+index 7e14c36..b4cbda8 100644
+--- a/progs/getpcaps.c
++++ b/progs/getpcaps.c
+@@ -14,7 +14,7 @@
+ static void usage(int code)
+ {
+     fprintf(stderr,
+-"usage: getcaps [opts] <pid> [<pid> ...]\n\n"
++"usage: getpcaps [opts] <pid> [<pid> ...]\n\n"
+ "  This program displays the capabilities on the queried process(es).\n"
+ 	    "  The capabilities are displayed in the cap_from_text(3) format.\n"
+ 	    "\n"
+-- 
+cgit 1.2.3-korg
+

libcap.spec

@@ -1,16 +1,18 @@
 Name:     libcap
-Version:  2.66
+Version:  2.69
-Release:  3
+Release:  5
 Summary:  A library for getting and setting POSIX.1e draft 15 capabilities        
 License:  GPLv2
 URL:      https://sites.google.com/site/fullycapable
 Source0:  https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/%{name}-%{version}.tar.gz
 
 Patch0:   libcap-buildflags.patch
-Patch1:   backport-Correct-the-check-of-pthread_create-s-return-value.patch
+Patch1:   backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch 
-Patch2:   backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch
+Patch2:   support-specify-cc.patch
-Patch3:   backport-There-was-a-small-memory-leak-in-pam_cap.so-when-lib.patch 
+Patch3:   backport-getpcaps-fix-program-name-in-help-message.patch
-Patch4:   backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch 
+Patch4:   backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch
+Patch5:   backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch
+Patch6:   backport-Address-some-static-analysis-observations.patch
 
 BuildRequires: libattr-devel pam-devel perl-interpreter gcc
 
@@ -55,7 +57,6 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %files
 %defattr(-,root,root)
 %license License
-%doc doc/capability.notes
 %{_libdir}/*.so.*
 %{_sbindir}/*
 %{_libdir}/security/pam_cap.so
@@ -74,6 +75,23 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_mandir}/man8/*.gz
 
 %changelog
+* Thu Mar 13 2025 yixiangzhike <yixiangzhike007@163.com> - 2.69-5
+- backport upstream patch to address some static analysis observations
+
+* Tue Mar 04 2025 Linux_zhang <zhangruifang@h-partners.com> - 2.69-4
+- fix CVE-2025-1390
+
+* Wed Mar 27 2024 yanglongkang <yanglongkang@h-partners.com> - 2.69-3
+- backport upstream patches:
+  getpcaps: fix program name in help message
+  Stop using _pam_overwrite() in pam_cap.c
+
+* Sun Apr 16 2023 jammyjellyfish <jammyjellyfish255@outlook.com> - 2.69-2
+- Support specify CC
+
+* Thu Jul 20 2023 wangyunjia <yunjia.wang@huawei.com> - 2.69-1
+- update version to 2.69
+
 * Mon Jul 3 2023 wangyunjia <yunjia.wang@huawei.com> - 2.66-3
 - VFS_CAP_U32 can not ensure that XATTR_NAME_CAPS is defined, and failed to build
 

support-specify-cc.patch

@@ -0,0 +1,12 @@
+diff -up libcap-2.66/Make.Rules.orig2 libcap-2.66/Make.Rules
+--- libcap-2.66/Make.Rules.orig2	2023-04-16 17:46:55.922279005 +0800
++++ libcap-2.66/Make.Rules	2023-04-16 17:46:13.518097014 +0800
+@@ -66,7 +66,7 @@ DEFINES := -D_LARGEFILE64_SOURCE -D_FILE
+ SYSTEM_HEADERS = /usr/include
+ 
+ SUDO := sudo
+-CC := $(CROSS_COMPILE)gcc
++CC ?= $(CROSS_COMPILE)gcc
+ LD := $(CC) -Wl,-x -shared
+ AR := $(CROSS_COMPILE)ar
+ RANLIB := $(CROSS_COMPILE)ranlib