aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-extended/polkit/polkit_0.115.bb
Commit message (Collapse)AuthorAgeFilesLines
* polkit: Fix CVE-2018-19788Dan Tran2019-10-051-0/+3
| | | | | Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: Fix CVE-2019-6133Ovidiu Panait2019-01-231-0/+1
| | | | | | | | | | | | | | | | In PolicyKit (aka polkit) 0.115, the start time protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6133 Upstream patch: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* polkit: 0.113 -> 0.115Hongxu Jia2018-07-161-0/+55
- Rebase patches to 0.115 0001-make-netgroup-support-configurable.patch polkit-1_pam.patch - Add --disable-libelogind which OE does not have recipe libelogind Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>