#12042 closed enhancement (fixed)
polkit-0.116 (remove js52 from the book)
| Reported by: | Xi Ruoyao | Owned by: | blfs-book |
|---|---|---|---|
| Priority: | normal | Milestone: | 9.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
New point version.
https://www.freedesktop.org/software/polkit/releases/polkit-0.116.tar.gz
Highlights:
Fix of CVE-2018-19788, high UIDs caused overflow in polkit;
Fix of CVE-2019-6133, kernel vulnerability (Slowfork) allowed local privilege escalation.
Build requirements
glib, gobject, gio >= 2.32
mozjs-60
gobject-introspection >= 0.6.2 (optional)
pam (optional)
ConsoleKit OR systemd
Changes since polkit 0.115:
Kyle Walker:
Leaking zombie child processes
Jan Rybar:
Possible resource leak found by static analyzer
Output messages tuneup
Sanity fixes
pkttyagent tty echo disabled on SIGINT
Ray Strode:
HACKING: add link to Code of Conduct
Philip Withnall:
polkitbackend: comment typos fix
Zbigniew Jędrzejewski-Szmek:
configure.ac: fix detection of systemd with cgroups v2
CVE-2018-19788 High UIDs overflow fix
Colin Walters:
CVE-2019-6133 Slowfork vulnerability fix
Matthew Leeds:
Allow unset process-uid
Emmanuele Bassi
Port the JS authority to mozjs-60
Göran Uddeborg:
Use JS_EncodeStringToUTF8
Change History (4)
comment:1 by , 6 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 6 years ago
comment:3 by , 6 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Built and tested OK. Fixed at revision 21572.
Note:
See TracTickets
for help on using tickets.
This might be a problem
At the minimum, it'll require a dependency change in SysV. On the other hand, SysV has ConsoleKit2, which is API and ABI incompatible with the original ConsoleKit which is now unmaintained (the developer of that went on to write systemd-logind and abandoned the previous one).