From: Hitendra Prajapati <hprajap...@mvista.com> Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878
Signed-off-by: Hitendra Prajapati <hprajap...@mvista.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../libcap/files/CVE-2025-1390.patch | 36 +++++++++++++++++++ meta/recipes-support/libcap/libcap_2.69.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-support/libcap/files/CVE-2025-1390.patch diff --git a/meta/recipes-support/libcap/files/CVE-2025-1390.patch b/meta/recipes-support/libcap/files/CVE-2025-1390.patch new file mode 100644 index 0000000000..a0f7dda503 --- /dev/null +++ b/meta/recipes-support/libcap/files/CVE-2025-1390.patch @@ -0,0 +1,36 @@ +From 1ad42b66c3567481cc5fa22fc1ba1556a316d878 Mon Sep 17 00:00:00 2001 +From: Tianjia Zhang <tianjia.zh...@linux.alibaba.com> +Date: Mon, 17 Feb 2025 10:31:55 +0800 +Subject: pam_cap: Fix potential configuration parsing error + +The current configuration parsing does not actually skip user names +that do not start with @, but instead treats the name as a group +name for further parsing, which can result in matching unexpected +capability sets and may trigger potential security issues. Only +names starting with @ should be parsed as group names. + +Signed-off-by: Tianjia Zhang <tianjia.zh...@linux.alibaba.com> +Signed-off-by: Andrew G. Morgan <mor...@kernel.org> + +Upstream-Status: Backport [https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878] +CVE: CVE-2025-1390 +Signed-off-by: Hitendra Prajapati <hprajap...@mvista.com> +--- + pam_cap/pam_cap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c +index b9419cb..18647a1 100644 +--- a/pam_cap/pam_cap.c ++++ b/pam_cap/pam_cap.c +@@ -166,6 +166,7 @@ static char *read_capabilities_for_user(const char *user, const char *source) + + if (line[0] != '@') { + D(("user [%s] is not [%s] - skipping", user, line)); ++ continue; + } + + int i; +-- +2.25.1 + diff --git a/meta/recipes-support/libcap/libcap_2.69.bb b/meta/recipes-support/libcap/libcap_2.69.bb index 92fa766d37..03975b44a0 100644 --- a/meta/recipes-support/libcap/libcap_2.69.bb +++ b/meta/recipes-support/libcap/libcap_2.69.bb @@ -15,6 +15,7 @@ DEPENDS = "hostperl-runtime-native gperf-native" SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ file://0002-tests-do-not-run-target-executables.patch \ + file://CVE-2025-1390.patch \ " SRC_URI:append:class-nativesdk = " \ file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#211931): https://lists.openembedded.org/g/openembedded-core/message/211931 Mute This Topic: https://lists.openembedded.org/mt/111384948/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
