aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-extended/polkit/polkit_0.115.bb
AgeCommit message (Collapse)Author
2019-10-05polkit: Fix CVE-2018-19788Dan Tran
Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-01-23polkit: Fix CVE-2019-6133Ovidiu Panait
In PolicyKit (aka polkit) 0.115, the start time protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-6133 Upstream patch: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-07-16polkit: 0.113 -> 0.115Hongxu Jia
- Rebase patches to 0.115 0001-make-netgroup-support-configurable.patch polkit-1_pam.patch - Add --disable-libelogind which OE does not have recipe libelogind Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 20:36:42 +0000