libcap: fix CVE-2025-1390

Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 (From OE-Core rev: 142715b83fb2c5f4dfeeab2c6e7feccecd1ca46f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2025-02-20 09:53:33 +0530
committer: Steve Sakoman <steve@sakoman.com> 2025-02-28 06:51:35 -0800
commit: be7617de69592027c36188460cfefb0df4eb6034 (patch)
tree: 277a00370c1dec0866c888eb939a45f31183f397
parent: ccfa191e396a804f63b62518bb452b45700194c0 (diff)
download: poky-be7617de69592027c36188460cfefb0df4eb6034.tar.gz
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-support/libcap/files/CVE-2025-1390.patch b/meta/recipes-support/libcap/files/CVE-2025-1390.patch
new file mode 100644
index 0000000000..339feaba92
--- /dev/null
+++ b/meta/recipes-support/libcap/files/CVE-2025-1390.patch
@@ -0,0 +1,36 @@
+From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Date: Mon, 17 Feb 2025 10:31:55 +0800
+Subject: pam_cap: Fix potential configuration parsing error
+The current configuration parsing does not actually skip user names
+that do not start with @, but instead treats the name as a group
+name for further parsing, which can result in matching unexpected
+capability sets and may trigger potential security issues.  Only
+names starting with @ should be parsed as group names.
+Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878]
+CVE: CVE-2025-1390
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ pam_cap/pam_cap.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index 7e8cade..7b3d2d1 100644
+--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
+@@ -143,6 +143,7 @@ static char *read_capabilities_for_user(const char *user, const char *source)
+ 
+            if (line[0] != '@') {
+                D(("user [%s] is not [%s] - skipping", user, line));
+               continue;
+            }
+ 
+            int i;
+-- 
+2.25.1
diff --git a/meta/recipes-support/libcap/libcap_2.66.bb b/meta/recipes-support/libcap/libcap_2.66.bb
index 7534063b7d..42dacb301e 100644
--- a/meta/recipes-support/libcap/libcap_2.66.bb
+++ b/meta/recipes-support/libcap/libcap_2.66.bb
@@ -18,6 +18,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${
           file://0002-tests-do-not-run-target-executables.patch \
           file://CVE-2023-2602.patch \
           file://CVE-2023-2603.patch \
+           file://CVE-2025-1390.patch \
           "
 SRC_URI:append:class-nativesdk = " \
           file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
author	Hitendra Prajapati <hprajapati@mvista.com>	2025-02-20 09:53:33 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-02-28 06:51:35 -0800
commit	be7617de69592027c36188460cfefb0df4eb6034 (patch)
tree	277a00370c1dec0866c888eb939a45f31183f397
parent	ccfa191e396a804f63b62518bb452b45700194c0 (diff)
download	poky-be7617de69592027c36188460cfefb0df4eb6034.tar.gz

diff --git a/meta/recipes-support/libcap/files/CVE-2025-1390.patch b/meta/recipes-support/libcap/files/CVE-2025-1390.patch new file mode 100644 index 0000000000..339feaba92 --- /dev/null +++ b/meta/recipes-support/libcap/files/CVE-2025-1390.patch
@@ -0,0 +1,36 @@
		1	From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
		2	From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
		3	Date: Mon, 17 Feb 2025 10:31:55 +0800
		4	Subject: pam_cap: Fix potential configuration parsing error
		5
		6	The current configuration parsing does not actually skip user names
		7	that do not start with @, but instead treats the name as a group
		8	name for further parsing, which can result in matching unexpected
		9	capability sets and may trigger potential security issues. Only
		10	names starting with @ should be parsed as group names.
		11
		12	Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
		13	Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
		14
		15	Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878]
		16	CVE: CVE-2025-1390
		17	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		18	---
		19	pam_cap/pam_cap.c \| 1 +
		20	1 file changed, 1 insertion(+)
		21
		22	diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
		23	index 7e8cade..7b3d2d1 100644
		24	--- a/pam_cap/pam_cap.c
		25	+++ b/pam_cap/pam_cap.c
		26	@@ -143,6 +143,7 @@ static char read_capabilities_for_user(const char user, const char *source)
		27
		28	if (line[0] != '@') {
		29	D(("user [%s] is not [%s] - skipping", user, line));
		30	+ continue;
		31	}
		32
		33	int i;
		34	--
		35	2.25.1
		36


diff --git a/meta/recipes-support/libcap/libcap_2.66.bb b/meta/recipes-support/libcap/libcap_2.66.bb index 7534063b7d..42dacb301e 100644 --- a/meta/recipes-support/libcap/libcap_2.66.bb +++ b/meta/recipes-support/libcap/libcap_2.66.bb
@@ -18,6 +18,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${
18	file://0002-tests-do-not-run-target-executables.patch \	18	file://0002-tests-do-not-run-target-executables.patch \
19	file://CVE-2023-2602.patch \	19	file://CVE-2023-2602.patch \
20	file://CVE-2023-2603.patch \	20	file://CVE-2023-2603.patch \
		21	file://CVE-2025-1390.patch \
21	"	22	"
22	SRC_URI:append:class-nativesdk = " \	23	SRC_URI:append:class-nativesdk = " \
23	file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \	24	file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \