mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
haveged: upgrade 1.9.20 -> 1.9.22
Backport from wrynose (8bd9783601). Fixes CVE-2026-41054 (local privilege escalation via command socket credential check bypass). Changelog: =========== * Add ReadWritePaths=/dev/shm to systemd service for semaphore creation under ProtectSystem=full sandboxing * Fix privilege escalation via command socket (CVE-2026-41054) * Check peer credentials before reading command (CVE-2026-41054) * Handle failing opening of semaphore * Fix /dev/shm permissions to use sticky bit * Use chmod after mkdir to ensure correct /dev/shm permissions * Update libtool: add lib64 search paths, remove dead code Tested: Built core-image-full-cmdline for qemux86-64 (scarthgap, bitbake 2.8). Booted in QEMU, verified haveged 1.9.22 starts and provides entropy (entropy_avail=256, pool full). (cherry picked from commit8bd9783601) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> Signed-off-by: Venkatasainath Ravikanti <venkatasainath.ravikanti@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> Assisted-by: Kiro (Amazon) Signed-off-by: Venkatasainath Ravikanti <venkatasainath.ravikanti@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
+1
-1
@@ -6,7 +6,7 @@ HOMEPAGE = "https://www.issihosts.com/haveged/index.html"
|
||||
LICENSE = "GPL-3.0-only"
|
||||
LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
|
||||
|
||||
SRCREV = "e2d96806273caa9ce7457e2f8669a3c40517ca27"
|
||||
SRCREV = "21bad00a09233855fbea14ac062bc72b5eabc9a6"
|
||||
SRC_URI = "git://github.com/jirka-h/haveged.git;branch=master;protocol=https \
|
||||
"
|
||||
S = "${WORKDIR}/git"
|
||||
Reference in New Issue
Block a user