libcap/cap_names.header | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 hide private symbols

Hide a symbol which is clearly meant to be private. This resolves a FTBFS in
combination with the new build dependency gperf.

Closes: #793311
Closes: #869588

Bug-Debian: https://bugs.debian.org/793311
Bug-Debian: https://bugs.debian.org/869588

libcap/Makefile | 4 4 + 0 - 0 !
pam_cap/Makefile | 4 4 + 0 - 0 !
2 files changed, 8 insertions(+)

 filter out pie flags when building shared objects

Filter out -pie, -fpie, and -fPIE when building the shared library and the PAM
module. This way, hardening=+all can be used unconditionally in debian/rules.

psx/psx.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 correct the check of pthread_create()'s return value.

This function returns a positive number (errno) on error, so the code
wasn't previously freeing some memory in this situation.

Discussion:

  https://stackoverflow.com/a/3581020/14760867

Credit for finding this bug in libpsx goes to David Gstir of
X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security
audit of the libcap source code in April of 2023. The audit
was sponsored by the Open Source Technology Improvement Fund
(https://ostif.org/).

Audit ref: LCAP-CR-23-01 (CVE-2023-2602)

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

libcap/cap_alloc.c | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 large strings can confuse libcap's internal strdup code.

Avoid something subtle with really long strings: 1073741823 should
be enough for anybody. This is an improved fix over something attempted
in libcap-2.55 to address some static analysis findings.

Reviewing the library, cap_proc_root() and cap_launcher_set_chroot()
are the only two calls where the library is potentially exposed to a
user controlled string input.

Credit for finding this bug in libcap goes to Richard Weinberger of
X41 D-Sec GmbH (https://x41-dsec.de/) who performed a security audit
of the libcap source code in April of 2023. The audit was sponsored
by the Open Source Technology Improvement Fund (https://ostif.org/).

Audit ref: LCAP-CR-23-02 (CVE-2023-2603)

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

pam_cap/pam_cap.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 pam_cap: fix potential configuration parsing error

The current configuration parsing does not actually skip user names
that do not start with @, but instead treats the name as a group
name for further parsing, which can result in matching unexpected
capability sets and may trigger potential security issues.  Only
names starting with @ should be parsed as group names.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

pam_cap/sudotest.conf | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 add a test for bad group prefix.

The previous commit fixed a bug with the config parsing in pam_cap.
This is a test that we don't regress against that fix.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>