From: Mikko Rapeli <mikko.rap...@bmw.de> polkit 0.121 will contain support for duktape but the patch applies to 0.119 already so use it to get rid of mozjs and free 20 Mb of space. Pick some CVE patches from master while at it.
Mikko Rapeli (2): polkit: add patches for CVE-2021-4034 and CVE-2021-4115 polkit: switch from mozjs to duktape javascript engine ...l-privilege-escalation-CVE-2021-4034.patch | 82 + ...0002-CVE-2021-4115-GHSL-2021-077-fix.patch | 86 + .../0002-jsauthority-port-to-mozjs-91.patch | 38 - ...ded-support-for-duktape-as-JS-engine.patch | 3460 +++++++++++++++++ ...re-to-call-JS_Init-and-JS_ShutDown-e.patch | 63 - .../recipes-extended/polkit/polkit_0.119.bb | 8 +- 6 files changed, 3633 insertions(+), 104 deletions(-) create mode 100644 meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch create mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch -- 2.20.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#96183): https://lists.openembedded.org/g/openembedded-devel/message/96183 Mute This Topic: https://lists.openembedded.org/mt/89995316/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
