Age | Commit message (Collapse) | Author |
|
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In PolicyKit (aka polkit) 0.115, the start time protection mechanism can
be bypassed because fork() is not atomic, and therefore authorization
decisions are improperly cached. This is related to lack of uid checking
in polkitbackend/polkitbackendinteractiveauthority.c.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-6133
Upstream patch:
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- Rebase patches to 0.115
0001-make-netgroup-support-configurable.patch
polkit-1_pam.patch
- Add --disable-libelogind which OE does not have recipe
libelogind
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|