From c814e5e56d7c11d1f9a875237c4522d14f98be1e Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Wed, 27 May 2026 17:47:15 +0800 Subject: [PATCH] haveged: upgrade 1.9.20 -> 1.9.22 Changelog: =========== * Add ReadWritePaths=/dev/shm to systemd service for semaphore creation under ProtectSystem=full sandboxing * Fix privilege escalation via command socket (CVE-2026-41054) * Check peer credentials before reading command (CVE-2026-41054) * Handle failing opening of semaphore * Fix /dev/shm permissions to use sticky bit * Use chmod after mkdir to ensure correct /dev/shm permissions * Update libtool: add lib64 search paths, remove dead code Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --- .../haveged/{haveged_1.9.20.bb => haveged_1.9.22.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-extended/haveged/{haveged_1.9.20.bb => haveged_1.9.22.bb} (91%) diff --git a/meta-oe/recipes-extended/haveged/haveged_1.9.20.bb b/meta-oe/recipes-extended/haveged/haveged_1.9.22.bb similarity index 91% rename from meta-oe/recipes-extended/haveged/haveged_1.9.20.bb rename to meta-oe/recipes-extended/haveged/haveged_1.9.22.bb index 2ea12b3977..281fe1c2c9 100644 --- a/meta-oe/recipes-extended/haveged/haveged_1.9.20.bb +++ b/meta-oe/recipes-extended/haveged/haveged_1.9.22.bb @@ -6,8 +6,8 @@ HOMEPAGE = "https://www.issihosts.com/haveged/index.html" LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRCREV = "e2d96806273caa9ce7457e2f8669a3c40517ca27" -SRC_URI = "git://github.com/jirka-h/haveged.git;branch=master;protocol=https \ +SRCREV = "21bad00a09233855fbea14ac062bc72b5eabc9a6" +SRC_URI = "git://github.com/jirka-h/haveged.git;branch=master;protocol=https;tag=v${PV} \ " UPSTREAM_CHECK_URI = "https://github.com/jirka-h/haveged/releases"