diff options
author | Dan Tran <dantran@microsoft.com> | 2019-09-25 17:12:49 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-10-05 08:58:45 -0700 |
commit | 6f4dcd00ce677d9df3fed7e12d87a4588dc65661 (patch) | |
tree | ee49dea3546c93f0bac83c898da29136b94c6a67 /meta-oe | |
parent | 0d053082ab13a2668ecc94adbc6d6dd862be1c41 (diff) | |
download | meta-openembedded-6f4dcd00ce677d9df3fed7e12d87a4588dc65661.tar.gz |
polkit: Fix CVE-2018-19788
Signed-off-by: Dan Tran <dantran@microsoft.com>
[Fixup for warrior context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe')
4 files changed, 408 insertions, 4 deletions
diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch new file mode 100644 index 000000000..32ea0bacc --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p1.patch | |||
@@ -0,0 +1,194 @@ | |||
1 | From cd80aa29c85745ca073cf0581ccdcf2f80aa30db Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||
3 | Date: Mon, 3 Dec 2018 10:28:58 +0100 | ||
4 | Subject: [PATCH 1/3] Allow negative uids/gids in PolkitUnixUser and Group | ||
5 | objects | ||
6 | |||
7 | (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since | ||
8 | there should be no users with such number, see | ||
9 | https://systemd.io/UIDS-GIDS#special-linux-uids. | ||
10 | |||
11 | (uid_t) -1 is used as the default value in class initialization. | ||
12 | |||
13 | When a user or group above INT32_MAX is created, the numeric uid or | ||
14 | gid wraps around to negative when the value is assigned to gint, and | ||
15 | polkit gets confused. Let's accept such gids, except for -1. | ||
16 | |||
17 | A nicer fix would be to change the underlying type to e.g. uint32 to | ||
18 | not have negative values. But this cannot be done without breaking the | ||
19 | API, so likely new functions will have to be added (a | ||
20 | polkit_unix_user_new variant that takes a unsigned, and the same for | ||
21 | _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will | ||
22 | require a bigger patch. | ||
23 | |||
24 | Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. | ||
25 | |||
26 | CVE: CVE-2018-19788 | ||
27 | Upstream-Status: Backport | ||
28 | [https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379] | ||
29 | |||
30 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
31 | --- | ||
32 | src/polkit/polkitunixgroup.c | 15 +++++++++++---- | ||
33 | src/polkit/polkitunixprocess.c | 12 ++++++++---- | ||
34 | src/polkit/polkitunixuser.c | 13 ++++++++++--- | ||
35 | 3 files changed, 29 insertions(+), 11 deletions(-) | ||
36 | |||
37 | diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c | ||
38 | index c57a1aa..309f689 100644 | ||
39 | --- a/src/polkit/polkitunixgroup.c | ||
40 | +++ b/src/polkit/polkitunixgroup.c | ||
41 | @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, | ||
42 | static void | ||
43 | polkit_unix_group_init (PolkitUnixGroup *unix_group) | ||
44 | { | ||
45 | + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ | ||
46 | } | ||
47 | |||
48 | static void | ||
49 | @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, | ||
50 | GParamSpec *pspec) | ||
51 | { | ||
52 | PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); | ||
53 | + gint val; | ||
54 | |||
55 | switch (prop_id) | ||
56 | { | ||
57 | case PROP_GID: | ||
58 | - unix_group->gid = g_value_get_int (value); | ||
59 | + val = g_value_get_int (value); | ||
60 | + g_return_if_fail (val != -1); | ||
61 | + unix_group->gid = val; | ||
62 | break; | ||
63 | |||
64 | default: | ||
65 | @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) | ||
66 | g_param_spec_int ("gid", | ||
67 | "Group ID", | ||
68 | "The UNIX group ID", | ||
69 | - 0, | ||
70 | + G_MININT, | ||
71 | G_MAXINT, | ||
72 | - 0, | ||
73 | + -1, | ||
74 | G_PARAM_CONSTRUCT | | ||
75 | G_PARAM_READWRITE | | ||
76 | G_PARAM_STATIC_NAME | | ||
77 | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) | ||
78 | */ | ||
79 | void | ||
80 | polkit_unix_group_set_gid (PolkitUnixGroup *group, | ||
81 | - gint gid) | ||
82 | + gint gid) | ||
83 | { | ||
84 | g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); | ||
85 | + g_return_if_fail (gid != -1); | ||
86 | group->gid = gid; | ||
87 | } | ||
88 | |||
89 | @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, | ||
90 | PolkitIdentity * | ||
91 | polkit_unix_group_new (gint gid) | ||
92 | { | ||
93 | + g_return_val_if_fail (gid != -1, NULL); | ||
94 | + | ||
95 | return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, | ||
96 | "gid", gid, | ||
97 | NULL)); | ||
98 | diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c | ||
99 | index 972b777..b02b258 100644 | ||
100 | --- a/src/polkit/polkitunixprocess.c | ||
101 | +++ b/src/polkit/polkitunixprocess.c | ||
102 | @@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, | ||
103 | polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); | ||
104 | break; | ||
105 | |||
106 | - case PROP_UID: | ||
107 | - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); | ||
108 | + case PROP_UID: { | ||
109 | + gint val; | ||
110 | + | ||
111 | + val = g_value_get_int (value); | ||
112 | + g_return_if_fail (val != -1); | ||
113 | + polkit_unix_process_set_uid (unix_process, val); | ||
114 | break; | ||
115 | + } | ||
116 | |||
117 | case PROP_START_TIME: | ||
118 | polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); | ||
119 | @@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) | ||
120 | g_param_spec_int ("uid", | ||
121 | "User ID", | ||
122 | "The UNIX user ID", | ||
123 | - -1, | ||
124 | + G_MININT, | ||
125 | G_MAXINT, | ||
126 | -1, | ||
127 | G_PARAM_CONSTRUCT | | ||
128 | @@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, | ||
129 | gint uid) | ||
130 | { | ||
131 | g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); | ||
132 | - g_return_if_fail (uid >= -1); | ||
133 | process->uid = uid; | ||
134 | } | ||
135 | |||
136 | diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c | ||
137 | index 8bfd3a1..234a697 100644 | ||
138 | --- a/src/polkit/polkitunixuser.c | ||
139 | +++ b/src/polkit/polkitunixuser.c | ||
140 | @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, | ||
141 | static void | ||
142 | polkit_unix_user_init (PolkitUnixUser *unix_user) | ||
143 | { | ||
144 | + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ | ||
145 | unix_user->name = NULL; | ||
146 | } | ||
147 | |||
148 | @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, | ||
149 | GParamSpec *pspec) | ||
150 | { | ||
151 | PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); | ||
152 | + gint val; | ||
153 | |||
154 | switch (prop_id) | ||
155 | { | ||
156 | case PROP_UID: | ||
157 | - unix_user->uid = g_value_get_int (value); | ||
158 | + val = g_value_get_int (value); | ||
159 | + g_return_if_fail (val != -1); | ||
160 | + unix_user->uid = val; | ||
161 | break; | ||
162 | |||
163 | default: | ||
164 | @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) | ||
165 | g_param_spec_int ("uid", | ||
166 | "User ID", | ||
167 | "The UNIX user ID", | ||
168 | - 0, | ||
169 | + G_MININT, | ||
170 | G_MAXINT, | ||
171 | - 0, | ||
172 | + -1, | ||
173 | G_PARAM_CONSTRUCT | | ||
174 | G_PARAM_READWRITE | | ||
175 | G_PARAM_STATIC_NAME | | ||
176 | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, | ||
177 | gint uid) | ||
178 | { | ||
179 | g_return_if_fail (POLKIT_IS_UNIX_USER (user)); | ||
180 | + g_return_if_fail (uid != -1); | ||
181 | user->uid = uid; | ||
182 | } | ||
183 | |||
184 | @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, | ||
185 | PolkitIdentity * | ||
186 | polkit_unix_user_new (gint uid) | ||
187 | { | ||
188 | + g_return_val_if_fail (uid != -1, NULL); | ||
189 | + | ||
190 | return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, | ||
191 | "uid", uid, | ||
192 | NULL)); | ||
193 | -- | ||
194 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||
diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch new file mode 100644 index 000000000..097dfd921 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p2.patch | |||
@@ -0,0 +1,153 @@ | |||
1 | From 17f18d9f81d99b014c680e7e50198d7f190b804e Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||
3 | Date: Mon, 3 Dec 2018 11:20:34 +0100 | ||
4 | Subject: [PATCH 2/3] tests: add tests for high uids | ||
5 | |||
6 | CVE: CVE-2018-19788 | ||
7 | Upstream-Status: Backport | ||
8 | [https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126] | ||
9 | |||
10 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
11 | --- | ||
12 | test/data/etc/group | 1 + | ||
13 | test/data/etc/passwd | 2 + | ||
14 | .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++ | ||
15 | .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++ | ||
16 | 4 files changed, 96 insertions(+) | ||
17 | |||
18 | diff --git a/test/data/etc/group b/test/data/etc/group | ||
19 | index 12ef328..b9acab9 100644 | ||
20 | --- a/test/data/etc/group | ||
21 | +++ b/test/data/etc/group | ||
22 | @@ -5,3 +5,4 @@ john:x:500: | ||
23 | jane:x:501: | ||
24 | sally:x:502: | ||
25 | henry:x:503: | ||
26 | +highuid2:x:4000000000: | ||
27 | diff --git a/test/data/etc/passwd b/test/data/etc/passwd | ||
28 | index 8544feb..5cf14a5 100644 | ||
29 | --- a/test/data/etc/passwd | ||
30 | +++ b/test/data/etc/passwd | ||
31 | @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash | ||
32 | jane:x:501:501:Jane Smith:/home/jane:/bin/bash | ||
33 | sally:x:502:502:Sally Derp:/home/sally:/bin/bash | ||
34 | henry:x:503:503:Henry Herp:/home/henry:/bin/bash | ||
35 | +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin | ||
36 | +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin | ||
37 | diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules | ||
38 | index 446e622..98bf062 100644 | ||
39 | --- a/test/data/etc/polkit-1/rules.d/10-testing.rules | ||
40 | +++ b/test/data/etc/polkit-1/rules.d/10-testing.rules | ||
41 | @@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) { | ||
42 | } | ||
43 | }); | ||
44 | |||
45 | +polkit.addRule(function(action, subject) { | ||
46 | + if (action.id == "net.company.john_action") { | ||
47 | + if (subject.user == "john") { | ||
48 | + return polkit.Result.YES; | ||
49 | + } else { | ||
50 | + return polkit.Result.NO; | ||
51 | + } | ||
52 | + } | ||
53 | +}); | ||
54 | + | ||
55 | +polkit.addRule(function(action, subject) { | ||
56 | + if (action.id == "net.company.highuid2_action") { | ||
57 | + if (subject.user == "highuid2") { | ||
58 | + return polkit.Result.YES; | ||
59 | + } else { | ||
60 | + return polkit.Result.NO; | ||
61 | + } | ||
62 | + } | ||
63 | +}); | ||
64 | + | ||
65 | + | ||
66 | // --------------------------------------------------------------------- | ||
67 | // variables | ||
68 | |||
69 | diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c | ||
70 | index b484a26..71aad23 100644 | ||
71 | --- a/test/polkitbackend/test-polkitbackendjsauthority.c | ||
72 | +++ b/test/polkitbackend/test-polkitbackendjsauthority.c | ||
73 | @@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = { | ||
74 | NULL, | ||
75 | POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, | ||
76 | }, | ||
77 | + | ||
78 | + { | ||
79 | + /* highuid1 is not a member of group 'users', see test/data/etc/group */ | ||
80 | + "group_membership_with_non_member(highuid22)", | ||
81 | + "net.company.group.only_group_users", | ||
82 | + "unix-user:highuid2", | ||
83 | + NULL, | ||
84 | + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, | ||
85 | + }, | ||
86 | + | ||
87 | + { | ||
88 | + /* highuid2 is not a member of group 'users', see test/data/etc/group */ | ||
89 | + "group_membership_with_non_member(highuid21)", | ||
90 | + "net.company.group.only_group_users", | ||
91 | + "unix-user:highuid2", | ||
92 | + NULL, | ||
93 | + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, | ||
94 | + }, | ||
95 | + | ||
96 | + { | ||
97 | + /* highuid1 is not a member of group 'users', see test/data/etc/group */ | ||
98 | + "group_membership_with_non_member(highuid24)", | ||
99 | + "net.company.group.only_group_users", | ||
100 | + "unix-user:2147483648", | ||
101 | + NULL, | ||
102 | + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, | ||
103 | + }, | ||
104 | + | ||
105 | + { | ||
106 | + /* highuid2 is not a member of group 'users', see test/data/etc/group */ | ||
107 | + "group_membership_with_non_member(highuid23)", | ||
108 | + "net.company.group.only_group_users", | ||
109 | + "unix-user:4000000000", | ||
110 | + NULL, | ||
111 | + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, | ||
112 | + }, | ||
113 | + | ||
114 | + { | ||
115 | + /* john is authorized to do this, see 10-testing.rules */ | ||
116 | + "john_action", | ||
117 | + "net.company.john_action", | ||
118 | + "unix-user:john", | ||
119 | + NULL, | ||
120 | + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, | ||
121 | + }, | ||
122 | + | ||
123 | + { | ||
124 | + /* only john is authorized to do this, see 10-testing.rules */ | ||
125 | + "jane_action", | ||
126 | + "net.company.john_action", | ||
127 | + "unix-user:jane", | ||
128 | + NULL, | ||
129 | + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, | ||
130 | + }, | ||
131 | + | ||
132 | + { | ||
133 | + /* highuid2 is authorized to do this, see 10-testing.rules */ | ||
134 | + "highuid2_action", | ||
135 | + "net.company.highuid2_action", | ||
136 | + "unix-user:highuid2", | ||
137 | + NULL, | ||
138 | + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, | ||
139 | + }, | ||
140 | + | ||
141 | + { | ||
142 | + /* only highuid2 is authorized to do this, see 10-testing.rules */ | ||
143 | + "highuid1_action", | ||
144 | + "net.company.highuid2_action", | ||
145 | + "unix-user:highuid1", | ||
146 | + NULL, | ||
147 | + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, | ||
148 | + }, | ||
149 | }; | ||
150 | |||
151 | /* ---------------------------------------------------------------------------------------------------- */ | ||
152 | -- | ||
153 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||
diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch new file mode 100644 index 000000000..b97a6b06d --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2018-19788_p3.patch | |||
@@ -0,0 +1,53 @@ | |||
1 | From 0fd5884a943a92aa076fa3276bd83f502dcb934e Mon Sep 17 00:00:00 2001 | ||
2 | From: Matthew Leeds <matthew.leeds@endlessm.com> | ||
3 | Date: Tue, 11 Dec 2018 12:04:26 -0800 | ||
4 | Subject: [PATCH 3/3] Allow uid of -1 for a PolkitUnixProcess | ||
5 | |||
6 | Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and | ||
7 | PolkitUnixProcess to allow negative values for their uid/gid properties, | ||
8 | since these are values above INT_MAX which wrap around but are still | ||
9 | valid, with the exception of -1 which is not valid. However, | ||
10 | PolkitUnixProcess allows a uid of -1 to be passed to | ||
11 | polkit_unix_process_new_for_owner() which means polkit is expected to | ||
12 | figure out the uid on its own (this happens in the _constructed | ||
13 | function). So this commit removes the check in | ||
14 | polkit_unix_process_set_property() so that new_for_owner() can be used | ||
15 | as documented without producing a critical error message. | ||
16 | |||
17 | This does not affect the protection against CVE-2018-19788 which is | ||
18 | based on creating a user with a UID up to but not including 4294967295 | ||
19 | (-1). | ||
20 | |||
21 | CVE: CVE-2018-19788 | ||
22 | Upstream-Status: Backport | ||
23 | [https://gitlab.freedesktop.org/polkit/polkit/commit/c05472b86222a72505adc5eec460493980224ef8] | ||
24 | |||
25 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
26 | --- | ||
27 | src/polkit/polkitunixprocess.c | 9 ++------- | ||
28 | 1 file changed, 2 insertions(+), 7 deletions(-) | ||
29 | |||
30 | diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c | ||
31 | index b02b258..e2a3c03 100644 | ||
32 | --- a/src/polkit/polkitunixprocess.c | ||
33 | +++ b/src/polkit/polkitunixprocess.c | ||
34 | @@ -159,14 +159,9 @@ polkit_unix_process_set_property (GObject *object, | ||
35 | polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); | ||
36 | break; | ||
37 | |||
38 | - case PROP_UID: { | ||
39 | - gint val; | ||
40 | - | ||
41 | - val = g_value_get_int (value); | ||
42 | - g_return_if_fail (val != -1); | ||
43 | - polkit_unix_process_set_uid (unix_process, val); | ||
44 | + case PROP_UID: | ||
45 | + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); | ||
46 | break; | ||
47 | - } | ||
48 | |||
49 | case PROP_START_TIME: | ||
50 | polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); | ||
51 | -- | ||
52 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||
53 | |||
diff --git a/meta-oe/recipes-extended/polkit/polkit_0.115.bb b/meta-oe/recipes-extended/polkit/polkit_0.115.bb index 562a754b2..ca21c0387 100644 --- a/meta-oe/recipes-extended/polkit/polkit_0.115.bb +++ b/meta-oe/recipes-extended/polkit/polkit_0.115.bb | |||
@@ -23,10 +23,14 @@ PACKAGECONFIG[consolekit] = ",,,consolekit" | |||
23 | 23 | ||
24 | PAM_SRC_URI = "file://polkit-1_pam.patch" | 24 | PAM_SRC_URI = "file://polkit-1_pam.patch" |
25 | SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ | 25 | SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ |
26 | file://0001-make-netgroup-support-configurable.patch \ | 26 | file://0001-make-netgroup-support-configurable.patch \ |
27 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | 27 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ |
28 | file://0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch \ | 28 | file://0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch \ |
29 | " | 29 | file://CVE-2018-19788_p1.patch \ |
30 | file://CVE-2018-19788_p2.patch \ | ||
31 | file://CVE-2018-19788_p3.patch \ | ||
32 | " | ||
33 | |||
30 | SRC_URI[md5sum] = "f03b055d6ae5fc8eac76838c7d83d082" | 34 | SRC_URI[md5sum] = "f03b055d6ae5fc8eac76838c7d83d082" |
31 | SRC_URI[sha256sum] = "2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131" | 35 | SRC_URI[sha256sum] = "2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131" |
32 | 36 | ||