diff mbox series

[meta-oe,scarthgap,2/2] haveged: upgrade 1.9.20 -> 1.9.22

Message ID 20260630205157.1738428-2-venkatasainath.ravikanti@windriver.com
State Under Review
Delegated to: Anuj Mittal
Headers show
Series [meta-oe,scarthgap,1/2] haveged: upgrade 1.9.18 -> 1.9.20 | expand

Commit Message

Ravikanti, Venkatasainath June 30, 2026, 8:51 p.m. UTC
From: Wang Mingyu <wangmy@fujitsu.com>

Backport from wrynose (8bd9783601a9). Fixes CVE-2026-41054 (local
privilege escalation via command socket credential check bypass).

Changelog:
===========
* Add ReadWritePaths=/dev/shm to systemd service for semaphore creation
  under ProtectSystem=full sandboxing
* Fix privilege escalation via command socket (CVE-2026-41054)
* Check peer credentials before reading command (CVE-2026-41054)
* Handle failing opening of semaphore
* Fix /dev/shm permissions to use sticky bit
* Use chmod after mkdir to ensure correct /dev/shm permissions
* Update libtool: add lib64 search paths, remove dead code

Tested: Built core-image-full-cmdline for qemux86-64 (scarthgap,
bitbake 2.8). Booted in QEMU, verified haveged 1.9.22 starts and
provides entropy (entropy_avail=256, pool full).

(cherry picked from commit 8bd9783601a9470307fbedc06541677e5d62b1bb)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
Signed-off-by: Venkatasainath Ravikanti <venkatasainath.ravikanti@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Assisted-by: Kiro (Amazon)
Signed-off-by: Venkatasainath Ravikanti <venkatasainath.ravikanti@windriver.com>
---
 .../haveged/{haveged_1.9.20.bb => haveged_1.9.22.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-extended/haveged/{haveged_1.9.20.bb => haveged_1.9.22.bb} (94%)
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/haveged/haveged_1.9.20.bb b/meta-oe/recipes-extended/haveged/haveged_1.9.22.bb
similarity index 94%
rename from meta-oe/recipes-extended/haveged/haveged_1.9.20.bb
rename to meta-oe/recipes-extended/haveged/haveged_1.9.22.bb
index 65e017a810..3fb6e2ca39 100644
--- a/meta-oe/recipes-extended/haveged/haveged_1.9.20.bb
+++ b/meta-oe/recipes-extended/haveged/haveged_1.9.22.bb
@@ -6,7 +6,7 @@  HOMEPAGE = "https://www.issihosts.com/haveged/index.html"
 LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
-SRCREV = "e2d96806273caa9ce7457e2f8669a3c40517ca27"
+SRCREV = "21bad00a09233855fbea14ac062bc72b5eabc9a6"
 SRC_URI = "git://github.com/jirka-h/haveged.git;branch=master;protocol=https \
 "
 S = "${WORKDIR}/git"