From f94f5b01acfc4fc8584963f338bd3b7536692eba Mon Sep 17 00:00:00 2001
From: markeryang <yanglongkang@h-partners.com>
Date: Mon, 15 Dec 2025 06:10:03 +0000
Subject: [PATCH] backport patch to fix bug

---
 backport-Fix-bug-in-IABGetPID.patch | 44 +++++++++++++++++++++++++++++
 libcap.spec                         |  6 +++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 backport-Fix-bug-in-IABGetPID.patch

diff --git a/backport-Fix-bug-in-IABGetPID.patch b/backport-Fix-bug-in-IABGetPID.patch
new file mode 100644
index 0000000..9b26d55
--- /dev/null
+++ b/backport-Fix-bug-in-IABGetPID.patch
@@ -0,0 +1,44 @@
+From da06dc98d29740f1a6d12d3a932263e8f63f99dd Mon Sep 17 00:00:00 2001
+From: Garret Kelly <gkelly@gkel.ly>
+Date: Tue, 5 Aug 2025 20:01:34 -0400
+Subject: [PATCH] Fix bug in IABGetPID
+
+Using NewIAB ensures that common startup initialization happens before trying
+to use `words`. Also switch to using IAB.good to determine if the parsed IAB
+is valid.
+
+Addresses: https://bugzilla.kernel.org/show_bug.cgi?id=220420
+
+Signed-off-by: Garret Kelly <gkelly@gkel.ly>
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ cap/iab.go | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/cap/iab.go b/cap/iab.go
+index 663a339..fb04659 100644
+--- a/cap/iab.go
++++ b/cap/iab.go
+@@ -478,7 +478,7 @@ func IABGetPID(pid int) (*IAB, error) {
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-	iab := &IAB{}
++	iab := NewIAB()
+ 	for _, line := range strings.Split(string(d), "\n") {
+ 		if !strings.HasPrefix(line, "Cap") {
+ 			continue
+@@ -497,8 +497,8 @@ func IABGetPID(pid int) (*IAB, error) {
+ 			continue
+ 		}
+ 	}
+-	if len(iab.i) != words || len(iab.a) != words || len(iab.nb) != words {
+-		return nil, ErrBadValue
++	if err := iab.good(); err != nil {
++		return nil, err
+ 	}
+ 	return iab, nil
+ }
+-- 
+2.33.0
+
diff --git a/libcap.spec b/libcap.spec
index 69805d4..f1aea16 100644
--- a/libcap.spec
+++ b/libcap.spec
@@ -1,6 +1,6 @@
 Name:     libcap
 Version:  2.69
-Release:  5
+Release:  6
 Summary:  A library for getting and setting POSIX.1e draft 15 capabilities        
 License:  GPLv2
 URL:      https://sites.google.com/site/fullycapable
@@ -13,6 +13,7 @@ Patch3:   backport-getpcaps-fix-program-name-in-help-message.patch
 Patch4:   backport-Stop-using-_pam_overwrite-in-pam_cap.c.patch
 Patch5:   backport-CVE-2025-1390-pam_cap-Fix-potential-configuration-parsing-error.patch
 Patch6:   backport-Address-some-static-analysis-observations.patch
+Patch7:   backport-Fix-bug-in-IABGetPID.patch
 
 BuildRequires: libattr-devel pam-devel perl-interpreter gcc
 
@@ -75,6 +76,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_mandir}/man8/*.gz
 
 %changelog
+* Mon Dec 15 2025 yanglongkang <yanglongkang@h-partners.com> - 2.69-6
+- backport patch to fix bug
+
 * Thu Mar 13 2025 yixiangzhike <yixiangzhike007@163.com> - 2.69-5
 - backport upstream patch to address some static analysis observations
 
-- 
Gitee