In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.
(From OE-Core rev: 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is exposed by musl, on glibc sys/types.h comes as indirect include
from other include myriad.
(From OE-Core rev: 7a55d298376b83248a4a35f3c01f3fd163908046)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The licence checksum is modified according to the change of doc/LICENCE.
In specific, file://lib/util/reallocarray.c is added to LIC_FILES_CHECKSUM.
Fix out of tree builds, and explicitly enable/disable tmpfiles.d support based
on the systemd DISTRO_FEATURE to avoid non-deterministic packaging.
Based on a patch by Chen Qi <Qi.Chen@windriver.com>
(From OE-Core rev: ef2a842d06b3a9ee6036af06247c7c022f8c720d)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
