meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00

Commit Graph

Author	SHA1	Message	Date
Changqing Li	d2054d5887	libblockdev: fix CVE-2025-6019 CVE-2025-6019: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system. Refer: https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2025-07-06 19:47:13 -04:00
alperak	050286a953	Use PYTHON_SITEPACKAGES_DIR instead of hard-coded site-packages directory path The following paths have been replaced with PYTHON_SITEPACKAGES_DIR: - "${libdir}/${PYTHON_DIR}/site-packages" - "${libdir}/python${PYTHON_BASEVERSION}/site-packages" - "${libdir}/python/site-packages" - "${libdir}/python3./site-packages" Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2024-04-21 10:52:39 -07:00
Wang Mingyu	6ad66be11f	libblockdev: upgrade 3.1.0 -> 3.1.1 Changelog: =========== - Use glib2 G_GNUC_UNUSED in place of UNUSED locally defined - Port to G_GNUC_INTERNAL for controlling symbols visibility - Fix some more occurrences of missing port to G_GNUC_UNUSED - dm_logging: Annotate redirect_dm_log() printf format - tests: Add NVMe persistent discovery controller tests - tests: Add NVMe controller type checks - Makefile: Fix bumpver to work with micro versions - tests: Manually remove removed PVs from LVM devices file - tests: Ignore LVM devices file for non-LVM tests - tests: Fix removing custom LVM devices file - nvme: Add bd_nvme_is_tech_avail to the API file - lvm-dbus: Fix passing size for pvresize over DBus Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2024-04-02 14:56:46 -07:00

Author

SHA1

Message

Date

Changqing Li

d2054d5887

libblockdev: fix CVE-2025-6019

CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.

Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2025-07-06 19:47:13 -04:00

alperak

050286a953

Use PYTHON_SITEPACKAGES_DIR instead of hard-coded site-packages directory path

The following paths have been replaced with PYTHON_SITEPACKAGES_DIR:

- "${libdir}/${PYTHON_DIR}/site-packages"
- "${libdir}/python${PYTHON_BASEVERSION}/site-packages"
- "${libdir}/python*/site-packages"
- "${libdir}/python3.*/site-packages"

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2024-04-21 10:52:39 -07:00

Wang Mingyu

6ad66be11f

libblockdev: upgrade 3.1.0 -> 3.1.1

Changelog:
===========
- Use glib2 G_GNUC_UNUSED in place of UNUSED locally defined
- Port to G_GNUC_INTERNAL for controlling symbols visibility
- Fix some more occurrences of missing port to G_GNUC_UNUSED
- dm_logging: Annotate redirect_dm_log() printf format
- tests: Add NVMe persistent discovery controller tests
- tests: Add NVMe controller type checks
- Makefile: Fix bumpver to work with micro versions
- tests: Manually remove removed PVs from LVM devices file
- tests: Ignore LVM devices file for non-LVM tests
- tests: Fix removing custom LVM devices file
- nvme: Add bd_nvme_is_tech_avail to the API file
- lvm-dbus: Fix passing size for pvresize over DBus

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2024-04-02 14:56:46 -07:00

3 Commits