Dominique Leuenberger
2e6aa36589
- Import a better fix from upstream for bsc#1001765
- Added:
0001-pid1-more-informative-error-message-for-ignored-noti.patch
0001-pid1-process-zero-length-notification-messages-again.patch
- Updated (no code changes, only patch metadata)
0001-If-the-notification-message-length-is-0-ignore-the-m.patch
0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
- Re add back "udev: don't require nsserv and fillup"
Did this in the wrong project... it was a complicated day today ;)
- Added 2 patches to fix bsc#1001765
0001-If-the-notification-message-length-is-0-ignore-the-m.patch
0001-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
- Revert "udev: don't require nsserv and fillup"
It's been judged too late for being part of SLE12 final release.
Nevertheless it's part of Factory and will be reintroduced after the
final release is out (ie through an update).
- systemd-sysv-convert: make sure that
/var/lib/systemd/sysv-convert/database is always initialized (bsc#982211)
If "--save" command was used and the sysv init script wasn't enabled
at all the database file wasn't created at all. This makes the
subsequent call to "--apply" fail even though this should not
considered as an error.
- Added patches to fix journal with FSS protection enabled (bsc#1000435)
0001-journal-fix-HMAC-calculation-when-appending-a-data-o.patch
0001-journal-set-STATE_ARCHIVED-as-part-of-offlining-2740.patch
OBS-URL: https://build.opensuse.org/request/show/431464
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=241
55 lines
1.6 KiB
Diff
55 lines
1.6 KiB
Diff
From 6dac79e09ec1b45f05b3e9a5f1f445859b6eefd2 Mon Sep 17 00:00:00 2001
|
|
From: Franck Bui <fbui@suse.com>
|
|
Date: Fri, 23 Sep 2016 13:33:01 +0200
|
|
Subject: [PATCH 1/1] journal: fix HMAC calculation when appending a data
|
|
object
|
|
|
|
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
|
|
calculation of the HMAC is broken because the hash for a data object
|
|
including a field is done in the wrong order: the field object is
|
|
hashed before the data object is.
|
|
|
|
However during verification, the hash is done in the opposite order as
|
|
objects are scanned sequentially.
|
|
|
|
(cherry picked from commit 33685a5a3a98c6ded64d0cc25e37d0180ceb0a6a)
|
|
|
|
[fbui: fixes bsc#1000435]
|
|
---
|
|
src/journal/journal-file.c | 12 ++++++------
|
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
|
|
index a9882cf..a24d97d 100644
|
|
--- a/src/journal/journal-file.c
|
|
+++ b/src/journal/journal-file.c
|
|
@@ -1111,6 +1111,12 @@ static int journal_file_append_data(
|
|
if (r < 0)
|
|
return r;
|
|
|
|
+#ifdef HAVE_GCRYPT
|
|
+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
|
+ if (r < 0)
|
|
+ return r;
|
|
+#endif
|
|
+
|
|
/* The linking might have altered the window, so let's
|
|
* refresh our pointer */
|
|
r = journal_file_move_to_object(f, OBJECT_DATA, p, &o);
|
|
@@ -1135,12 +1141,6 @@ static int journal_file_append_data(
|
|
fo->field.head_data_offset = le64toh(p);
|
|
}
|
|
|
|
-#ifdef HAVE_GCRYPT
|
|
- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p);
|
|
- if (r < 0)
|
|
- return r;
|
|
-#endif
|
|
-
|
|
if (ret)
|
|
*ret = o;
|
|
|
|
--
|
|
2.10.0
|
|
|