Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#12042 closed enhancement (fixed)

polkit-0.116 (remove js52 from the book)

Reported by: Xi Ruoyao Owned by: blfs-book
Priority: normal Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Xi Ruoyao)

New point version.

https://www.freedesktop.org/software/polkit/releases/polkit-0.116.tar.gz

Highlights:
 Fix of CVE-2018-19788, high UIDs caused overflow in polkit;
 Fix of CVE-2019-6133, kernel vulnerability (Slowfork) allowed local privilege escalation.

Build requirements

 glib, gobject, gio    >= 2.32
 mozjs-60
 gobject-introspection >= 0.6.2 (optional)
 pam (optional)
 ConsoleKit OR systemd

Changes since polkit 0.115:

 Kyle Walker:
    Leaking zombie child processes

 Jan Rybar:
    Possible resource leak found by static analyzer
    Output messages tuneup
    Sanity fixes
    pkttyagent tty echo disabled on SIGINT

 Ray Strode:
    HACKING: add link to Code of Conduct

 Philip Withnall:
    polkitbackend: comment typos fix

 Zbigniew Jędrzejewski-Szmek:
    configure.ac: fix detection of systemd with cgroups v2
    CVE-2018-19788 High UIDs overflow fix

 Colin Walters:
    CVE-2019-6133 Slowfork vulnerability fix

 Matthew Leeds:
    Allow unset process-uid

 Emmanuele Bassi
    Port the JS authority to mozjs-60

 Göran Uddeborg:
    Use JS_EncodeStringToUTF8

Change History (4)

comment:1 by Xi Ruoyao, 2 years ago

Description: modified (diff)

comment:2 by Douglas R. Reno, 2 years ago

This might be a problem

ConsoleKit OR systemd

At the minimum, it'll require a dependency change in SysV. On the other hand, SysV has ConsoleKit2, which is API and ABI incompatible with the original ConsoleKit which is now unmaintained (the developer of that went on to write systemd-logind and abandoned the previous one).

comment:3 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: newclosed

Built and tested OK. Fixed at revision 21572.

comment:4 by Bruce Dubbs, 2 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.