Dr. Werner Fink 2014-10-23 14:19:30 +00:00 committed by Git OBS Bridge
parent 624070f8ca
commit fb1d9caacf
9 changed files with 223 additions and 0 deletions

View File

@ -0,0 +1,35 @@
Based on 97569e154b80541cbad39d78231b7f360d4ff058 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 21 Oct 2014 14:01:28 +0200
Subject: [PATCH] strv: add an additional overflow check when enlarging
strv()s
https://bugs.freedesktop.org/show_bug.cgi?id=76745
---
src/shared/strv.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- src/shared/strv.c
+++ src/shared/strv.c 2014-10-23 00:00:00.000000000 +0000
@@ -361,13 +361,19 @@ char *strv_join_quoted(char **l) {
int strv_push(char ***l, char *value) {
char **c;
- unsigned n;
+ unsigned n, m;
if (!value)
return 0;
n = strv_length(*l);
- c = realloc(*l, sizeof(char*) * (n + 2));
+
+ /* increase and check for overflow */
+ m = n + 2;
+ if (m < n)
+ return -ENOMEM;
+
+ c = realloc(*l, sizeof(char*) * (size_t) m);
if (!c)
return -ENOMEM;

View File

@ -0,0 +1,42 @@
From fc1ae82cae69d8dbbd9e7a31938810a486fac782 Mon Sep 17 00:00:00 2001
From: Hans de Goede <hdegoede@redhat.com>
Date: Wed, 22 Oct 2014 14:09:21 +0200
Subject: [PATCH] hwdb: Add mapping for special keys on compaq ku 0133
keyboards
The compaq ku 0133 keyboard has 8 special keys at the top:
http://lackof.org/taggart/hacking/keyboard/cpqwireless.jpg
3 of these use standard HID usage codes from the consumer page, the 5
others use part of the reserved 0x07 - 0x1f range.
This commit adds mapping for this keyboard for these reserved codes, making
the other 5 keys work.
Cc: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
---
hwdb/60-keyboard.hwdb | 7 +++++++
1 file changed, 7 insertions(+)
diff --git hwdb/60-keyboard.hwdb hwdb/60-keyboard.hwdb
index 59f467b..06caba9 100644
--- hwdb/60-keyboard.hwdb
+++ hwdb/60-keyboard.hwdb
@@ -181,6 +181,13 @@ keyboard:dmi:bvn*:bvr*:bd*:svnCompaq*:pn*Evo*N*:pvr*
KEYBOARD_KEY_9e=email
KEYBOARD_KEY_9f=homepage
+keyboard:usb:v049Fp0051d*dc*dsc*dp*ic*isc*ip*in01*
+ KEYBOARD_KEY_0c0011=presentation
+ KEYBOARD_KEY_0c0012=addressbook
+ KEYBOARD_KEY_0c0013=info
+ KEYBOARD_KEY_0c0014=prog1
+ KEYBOARD_KEY_0c0015=messenger
+
###########################################################
# Dell
###########################################################
--
1.7.9.2

View File

@ -0,0 +1,41 @@
From f2a474aea8f82fa9b695515d4590f4f3398358a7 Mon Sep 17 00:00:00 2001
From: Juho Son <juho80.son@samsung.com>
Date: Thu, 11 Sep 2014 16:06:38 +0900
Subject: [PATCH] journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
systemd-journald check the cgroup id to support rate limit option for
every messages. so journald should be available to access cgroup node in
each process send messages to journald.
In system using SMACK, cgroup node in proc is assigned execute label
as each process's execute label.
so if journald don't want to denied for every process, journald
should have all of access rule for all process's label.
It's too heavy. so we could give special smack label for journald te get
all accesses's permission.
'^' label.
When assign '^' execute smack label to systemd-journald,
systemd-journald need to add CAP_MAC_OVERRIDE capability to get that smack privilege.
so I want to notice this information and set default capability to
journald whether system use SMACK or not.
because that capability affect to only smack enabled kernel
---
units/systemd-journald.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git units/systemd-journald.service.in units/systemd-journald.service.in
index 7013979..4de38fa 100644
--- units/systemd-journald.service.in
+++ units/systemd-journald.service.in
@@ -20,7 +20,7 @@ Restart=always
RestartSec=0
NotifyAccess=all
StandardOutput=null
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
WatchdogSec=1min
# Increase the default a bit in order to allow many simultaneous
--
1.7.9.2

View File

@ -0,0 +1,30 @@
From 3bfd4e0c6341b0ef946d2198f089743fa99e0a97 Mon Sep 17 00:00:00 2001
From: WaLyong Cho <walyong.cho@samsung.com>
Date: Thu, 28 Aug 2014 21:33:03 +0900
Subject: [PATCH] journal: do server_vacuum for sigusr1
runtime journal is migrated to system journal when only
"/run/systemd/journal/flushed" exist. It's ok but according to this
the system journal directory size(max use) can be over the config. If
journal is not rotated during some time the journal directory can be
remained as over the config(or default) size. To avoid, do
server_vacuum just after the system journal migration from runtime.
---
src/journal/journald-server.c | 1 +
1 file changed, 1 insertion(+)
diff --git src/journal/journald-server.c src/journal/journald-server.c
index 52111f7..bf9cfcc 100644
--- src/journal/journald-server.c
+++ src/journal/journald-server.c
@@ -1224,6 +1224,7 @@ static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *
touch("/run/systemd/journal/flushed");
server_flush_to_var(s);
server_sync(s);
+ server_vacuum(s);
return 0;
}
--
1.7.9.2

View File

@ -0,0 +1,25 @@
From 0e2f14014c65b4d8b30146e414579154cfa932da Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Oct 2014 00:30:04 +0200
Subject: [PATCH] cryptsetup: fix an OOM check
---
src/cryptsetup/cryptsetup-generator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git src/cryptsetup/cryptsetup-generator.c src/cryptsetup/cryptsetup-generator.c
index 137b787..c7f30f6 100644
--- src/cryptsetup/cryptsetup-generator.c
+++ src/cryptsetup/cryptsetup-generator.c
@@ -387,7 +387,7 @@ int main(int argc, char *argv[]) {
if (k == 2 && streq(proc_uuid, device + 5)) {
free(options);
options = strdup(p);
- if (!proc_options) {
+ if (!options) {
log_oom();
goto cleanup;
}
--
1.7.9.2

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Thu Oct 23 14:05:08 UTC 2014 - werner@suse.de
- Add upstream patches
0001-strv-add-an-additional-overflow-check-when-enlarging.patch
0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
0004-journal-do-server_vacuum-for-sigusr1.patch
0005-cryptsetup-fix-an-OOM-check.patch
-------------------------------------------------------------------
Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de

View File

@ -964,6 +964,16 @@ Patch466: 0001-systemd-continue-switch-root-even-if-umount-fails.patch
Patch467: 0002-systemd-try-harder-to-bind-to-notify-socket.patch
# PATCH-FIX-SUSE added at 2014/10/15
Patch468: avoid-leaking-socket-descriptors.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch469: 0001-strv-add-an-additional-overflow-check-when-enlarging.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch470: 0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch471: 0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch472: 0004-journal-do-server_vacuum-for-sigusr1.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch473: 0005-cryptsetup-fix-an-OOM-check.patch
# UDEV PATCHES
# ============
@ -1778,6 +1788,11 @@ cp %{SOURCE7} m4/
%patch466 -p0
%patch467 -p0
%patch468 -p0
%patch469 -p0
%patch470 -p0
%patch471 -p0
%patch472 -p0
%patch473 -p0
# udev patches
%patch1001 -p1

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Thu Oct 23 14:05:08 UTC 2014 - werner@suse.de
- Add upstream patches
0001-strv-add-an-additional-overflow-check-when-enlarging.patch
0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
0004-journal-do-server_vacuum-for-sigusr1.patch
0005-cryptsetup-fix-an-OOM-check.patch
-------------------------------------------------------------------
Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de

View File

@ -959,6 +959,16 @@ Patch466: 0001-systemd-continue-switch-root-even-if-umount-fails.patch
Patch467: 0002-systemd-try-harder-to-bind-to-notify-socket.patch
# PATCH-FIX-SUSE added at 2014/10/15
Patch468: avoid-leaking-socket-descriptors.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch469: 0001-strv-add-an-additional-overflow-check-when-enlarging.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch470: 0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch471: 0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch472: 0004-journal-do-server_vacuum-for-sigusr1.patch
# PATCH-FIX-UPSTREAM added at 2014/10/23
Patch473: 0005-cryptsetup-fix-an-OOM-check.patch
# UDEV PATCHES
# ============
@ -1773,6 +1783,11 @@ cp %{SOURCE7} m4/
%patch466 -p0
%patch467 -p0
%patch468 -p0
%patch469 -p0
%patch470 -p0
%patch471 -p0
%patch472 -p0
%patch473 -p0
# udev patches
%patch1001 -p1