From 10bcff5a628e7bc7bb6d4dfe0eb239930ab2f399 Mon Sep 17 00:00:00 2001 From: Shile Zhang Date: Tue, 18 Feb 2025 11:03:08 +0800 Subject: [PATCH] Fix CVE-2025-1390. backport upstream bugfix from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 Signed-off-by: Shile Zhang --- 100-libcap-cve-2025-1390.patch | 32 ++++++++++++++++++++++++++++++++ libcap.spec | 6 +++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 100-libcap-cve-2025-1390.patch diff --git a/100-libcap-cve-2025-1390.patch b/100-libcap-cve-2025-1390.patch new file mode 100644 index 0000000..839aed2 --- /dev/null +++ b/100-libcap-cve-2025-1390.patch @@ -0,0 +1,32 @@ +From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001 +From: Tianjia Zhang +Date: Mon, 17 Feb 2025 10:31:55 +0800 +Subject: pam_cap: Fix potential configuration parsing error + +The current configuration parsing does not actually skip user names +that do not start with @, but instead treats the name as a group +name for further parsing, which can result in matching unexpected +capability sets and may trigger potential security issues. Only +names starting with @ should be parsed as group names. + +Signed-off-by: Tianjia Zhang +Signed-off-by: Andrew G. Morgan +--- + pam_cap/pam_cap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c +index 24de329..3ec99bb 100644 +--- a/pam_cap/pam_cap.c ++++ b/pam_cap/pam_cap.c +@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source) + + if (line[0] != '@') { + D(("user [%s] is not [%s] - skipping", user, line)); ++ continue; + } + + int i; +-- +cgit 1.2.3-korg + diff --git a/libcap.spec b/libcap.spec index b56623b..5f98d37 100644 --- a/libcap.spec +++ b/libcap.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 Name: libcap Version: 2.48 Release: 6%{anolis_release}%{?dist} @@ -16,6 +16,7 @@ Patch4: %{name}-fix-prctl-usage.patch Patch5: %{name}-check-allocation.patch Patch6: %{name}-cve-2023-2603.patch Patch7: %{name}-cve-2023-2602.patch +Patch8: 100-%{name}-cve-2025-1390.patch BuildRequires: libattr-devel pam-devel perl-interpreter BuildRequires: make @@ -94,6 +95,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.* %{_libdir}/pkgconfig/libpsx.pc %changelog +* Tue Feb 18 2025 Shile Zhang - 2.48-6.0.2 +- Fix CVE-2025-1390 + * Tue Jan 23 2024 Chen Qiao - 2.48-6.0.1 - Fix CVE-2023-2603 -- Gitee