backport upstream patches

(cherry picked from commit 2b31d1b0a042cacb7ef7a158ac3b52b0603a4efd)

backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch

@@ -0,0 +1,45 @@
+From ee20d385ef319f8523f1debc49f375c8eff257a6 Mon Sep 17 00:00:00 2001
+From: "Andrew G. Morgan" <morgan@kernel.org>
+Date: Fri, 22 Dec 2023 06:37:02 -0800
+Subject: Stop using _pam_overwrite() in pam_cap.c.
+
+It looks like the Linux-PAM folk have deprecated this macro. Compiler optimization
+is hard to account for: apparently this explicit deletion is no longer
+guaranteed to work. This function was marked deprecated in v1.5.3 of Linux-PAM.
+
+I've replaced its use with memset(). I'm not convinced that that will be honored
+either, but remain hopeful and prefer to leave the code explicit in its intent
+without a deprecation warning messing up the build log. Should some compiler
+optimize it away and it leads to an exploit of some sort, it can be revealed as
+a compilation bug.
+
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ pam_cap/pam_cap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
+index b9419cb..3fe3b8c 100644
+--- a/pam_cap/pam_cap.c
++++ b/pam_cap/pam_cap.c
+@@ -199,7 +199,7 @@ defer:
+     int i;
+     for (i = 0; i < groups_n; i++) {
+ 	char *g = groups[i];
+-	_pam_overwrite(g);
++	memset(g, 0, strlen(g));
+ 	_pam_drop(g);
+     }
+     if (groups != NULL) {
+@@ -440,7 +440,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ 	   small race associated with a redundant read of the
+ 	   config. */
+ 
+-	_pam_overwrite(conf_caps);
++	memset(conf_caps, 0, strlen(conf_caps));
+ 	_pam_drop(conf_caps);
+ 
+ 	return PAM_SUCCESS;
+-- 
+cgit 1.2.3-korg
+

backport-getpcaps-fix-program-name-in-help-message.patch

@@ -0,0 +1,27 @@
+From 17c5e89521fd0455a8f18563eb37e5ddbc7d34cb Mon Sep 17 00:00:00 2001
+From: Jakub Wilk <jwilk@jwilk.net>
+Date: Mon, 29 Jan 2024 11:33:40 +0100
+Subject: getpcaps: fix program name in help message
+
+Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ progs/getpcaps.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/progs/getpcaps.c b/progs/getpcaps.c
+index 7e14c36..b4cbda8 100644
+--- a/progs/getpcaps.c
++++ b/progs/getpcaps.c
+@@ -14,7 +14,7 @@
+ static void usage(int code)
+ {
+     fprintf(stderr,
+-"usage: getcaps <pid> [<pid> ...]\n\n"
++"usage: getpcaps <pid> [<pid> ...]\n\n"
+ "  This program displays the capabilities on the queried process(es).\n"
+ 	    "  The capabilities are displayed in the cap_from_text(3) format.\n"
+ 	    "\n"
+-- 
+cgit 1.2.3-korg
+

libcap.spec

@@ -1,6 +1,6 @@
 Name:     libcap
 Version:  2.61
-Release:  6
+Release:  7
 Summary:  A library for getting and setting POSIX.1e draft 15 capabilities        
 License:  GPLv2
 URL:      https://sites.google.com/site/fullycapable
@@ -15,6 +15,8 @@ Patch5:   backport-Correct-the-check-of-pthread_create-s-return-value.patch
 Patch6:   backport-Large-strings-can-confuse-libcap-s-internal-strdup-c.patch
 Patch7:   backport-There-was-a-small-memory-leak-in-pam_cap.so-when-lib.patch 
 Patch8:   backport-libcap-Ensure-the-XATTR_NAME_CAPS-is-define.patch
+Patch9:   backport-getpcaps-fix-program-name-in-help-message.patch
+Patch10:  backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch
 
 BuildRequires: libattr-devel pam-devel perl-interpreter gcc
 
@@ -78,6 +80,11 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_mandir}/man8/*.gz
 
 %changelog
+* Mon Mar 25 2024 yanglongkang <yanglongkang@h-partners.com> - 2.61-7
+- backport upstream patches:
+  getcpcaps: fix program name in help message
+  Stop using _pam_overwrite() in pam_cap.c
+
 * Mon Jul 3 2023 wangyunjia <yunjia.wang@huawei.com> - 2.61-6
 - VFS_CAP_U32 can not ensure that XATTR_NAME_CAPS is defined, and failed to build