[scarthgap] libcap: fix CVE-2025-1390

Message ID	20250220040516.24786-1-hprajapati@mvista.com
State	Under Review
Delegated to:	Steve Sakoman
Headers	show Return-Path: <hprajapati@mvista.com> ip: 209.85.214.170, mailfrom: hprajapati@mvista.com) From: Hitendra Prajapati <hprajapati@mvista.com> To: openembedded-core@lists.openembedded.org Cc: Hitendra Prajapati <hprajapati@mvista.com> Subject: [scarthgap][PATCH] libcap: fix CVE-2025-1390 Date: Thu, 20 Feb 2025 09:35:16 +0530 Message-Id: <20250220040516.24786-1-hprajapati@mvista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap] libcap: fix CVE-2025-1390 \| expand [scarthgap] libcap: fix CVE-2025-1390

Message ID

20250220040516.24786-1-hprajapati@mvista.com

State

Under Review

Delegated to:

Steve Sakoman

Headers

From: Hitendra Prajapati <hprajapati@mvista.com>
To: openembedded-core@lists.openembedded.org
Cc: Hitendra Prajapati <hprajapati@mvista.com>
Subject: [scarthgap][PATCH] libcap: fix CVE-2025-1390
Date: Thu, 20 Feb 2025 09:35:16 +0530
Message-Id: <20250220040516.24786-1-hprajapati@mvista.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap] libcap: fix CVE-2025-1390 | expand

Commit Message

Hitendra Prajapati Feb. 20, 2025, 4:05 a.m. UTC

Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 .../libcap/files/CVE-2025-1390.patch          | 36 +++++++++++++++++++
 meta/recipes-support/libcap/libcap_2.69.bb    |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-support/libcap/files/CVE-2025-1390.patch

diff --git a/meta/recipes-support/libcap/files/CVE-2025-1390.patch b/meta/recipes-support/libcap/files/CVE-2025-1390.patch
new file mode 100644
index 0000000000..a0f7dda503
--- /dev/null
+++ b/meta/recipes-support/libcap/files/CVE-2025-1390.patch
@@ -0,0 +1,36 @@ 
+From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Date: Mon, 17 Feb 2025 10:31:55 +0800
+Subject: pam_cap: Fix potential configuration parsing error
+
+The current configuration parsing does not actually skip user names
+that do not start with @, but instead treats the name as a group
+name for further parsing, which can result in matching unexpected
+capability sets and may trigger potential security issues.  Only
+names starting with @ should be parsed as group names.
+
+Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878]
+CVE: CVE-2025-1390
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ pam_cap/pam_cap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index b9419cb..18647a1 100644
+--- a/pam_cap/pam_cap.c
++++ b/pam_cap/pam_cap.c
+@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source)
+ 
+ 	    if (line[0] != '@') {
+ 		D(("user [%s] is not [%s] - skipping", user, line));
++		continue;
+ 	    }
+ 
+ 	    int i;
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libcap/libcap_2.69.bb b/meta/recipes-support/libcap/libcap_2.69.bb
index 92fa766d37..03975b44a0 100644
--- a/meta/recipes-support/libcap/libcap_2.69.bb
+++ b/meta/recipes-support/libcap/libcap_2.69.bb
@@ -15,6 +15,7 @@  DEPENDS = "hostperl-runtime-native gperf-native"
 SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \
            file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \
            file://0002-tests-do-not-run-target-executables.patch \
+           file://CVE-2025-1390.patch \
            "
 SRC_URI:append:class-nativesdk = " \
            file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \

[scarthgap] libcap: fix CVE-2025-1390

Commit Message

Patch