path: root/meta-oe/recipes-extended/polkit/polkit
Commit message (Collapse)AuthorAgeFilesLines
* polkit: Fix CVE-2018-19788Dan Tran2019-10-053-0/+400
| | | | | Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: Fix CVE-2019-6133Ovidiu Panait2019-01-231-0/+190
| | | | | | | | | | | | | | | | In PolicyKit (aka polkit) 0.115, the start time protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6133 Upstream patch: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: 0.113 -> 0.115Hongxu Jia2018-07-162-38/+36
| | | | | | | | | | | | - Rebase patches to 0.115 0001-make-netgroup-support-configurable.patch polkit-1_pam.patch - Add --disable-libelogind which OE does not have recipe libelogind Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* polkit: Fix build with muslKhem Raj2016-02-011-0/+107
| | | | | | | | | Make features like netgroup optional, these are not supported by posix secondly they are poked at during configure so nothing changes for glibc based systems but it helps compiling with musl Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: fix relocation of polkit binariesReinette Chatre2015-10-131-44/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Polkit is currently broken in images built with multilib and systemd. This is because the patch, 0001-do-not-hardcoded-libdir.patch, applied on top of the polkit source code modifies where the polkitd binary is installed, but it does not modify the polkit.service file to start the binary from its new location. At first it seemed reasonable to modify the systemd service file to search for the binary in the correct place. This change, as well as what the patch (0001-do-not-hardcoded-libdir.patch) already does was proposed to the polkit maintainers at https://bugs.freedesktop.org/show_bug.cgi?id=92094 During the discussion with the polkit maintainers it became apparent that the change to support multilib polkit should not be done with a patch to the polkit source code, but instead a change to the polkit recipe. Polkit correctly installs libraries when multilib is in use without any changes to its source code. What is being changed by 0001-do-not-hardcoded-libdir.patch is not where the polkit libraries are installed but where the binaries are installed. Installing binaries in /usr/lib when baselib is lib64 is acceptable (see http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s06.html ). So, instead of patching polkit to install its binaries under the same library directory as its libraries we maintain the design of the polkit installer to install the binaries in /usr/lib. This is the same as what is done in distros like Fedora that supports multilib. With this patch the polkit package, when built with multilib, installs files into /usr/lib* as follows: polkit/usr/lib64/libpolkit-agent-1.so.0 polkit/usr/lib64/libpolkit-gobject-1.so.0 polkit/usr/lib64/libpolkit-gobject-1.so.0.0.0 polkit/usr/lib64/libpolkit-agent-1.so.0.0.0 polkit/usr/lib polkit/usr/lib/polkit-1 polkit/usr/lib/polkit-1/polkitd polkit/usr/lib/polkit-1/polkit-agent-helper-1 Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: 0.112 -> 0.113Li xin2015-08-181-39/+0
| | | | | | | | Remove 0001-configure.ac-Check-only-for-libsystemd-not-libsystem.patch, it is not needed anymore. Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: do not hardcode the libdirChunrong Guo2015-05-131-0/+44
| | | | | | | libdir is defined as ${prefix}/lib/, but we want it to support multilib path Signed-off-by: Chunrong Guo <B40290@freescale.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: make it compatible with systemd-209Martin Jansa2014-03-191-0/+39
| | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* polkit: update to 0.111Andreas Müller2013-06-201-0/+23
note: this version's rules are written in jscript. The following tests were performed: * run-tests for gnome- and xfce-based image * update a package that installs a new rule to check if the restricted access rights for /etc/polkit-1/rules.d don't cause trouble Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>