IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Specifically, I verified that *before* the previous patch to the
ed25519 C code, the last bit of code would fail with a SIGSEGV when
trying to read the empty signature.
The ed25519 signature verification code does not
check that the signature is a minimum/correct length.
As a result, if the signature is too short, libsodium will end up
reading a few bytes out of bounds.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
For historical reasons we have a fair bit of distinct sysroot
initialization going on. A lot of code is calling *just* the new
`ensure_writable()` API, which does basically what you'd expect...
except if we're not using a mount namespace.
Which is the case in unit tests and legacy setups.
Change this API to also ensure the sysroot is fully initialized
even in those cases. Specifically we'll have `self->sysroot_fd`.
For now, callers that need `/boot` also need to separately
call `_ensure_boot_fd()`.
This PR is followup from https://github.com/coreos/coreos-assembler/pull/2863
Summary of changes:
- Moved bls-append-except-default parsing logic to reload_sysroot_config()
- Made sure heap allocated memory is being freed
It's falliable, and in one place we were actually ignoring
the error and leaving a `NULL` repo object which is just a trap
for people coming along later since it's rarely nullable.
Quite a while ago we switched to loading the repo at the same time
as the sysroot; convert callers in the library to use this infallible
accessor.
Prep for another patch which will use the repo object.
After landing the new --commit-only functionality, we still noticed
exceedingly long pruning times in large repos. Lets add an optimization
that will only retrieve commit objects when --commit-only flag is used.
https://github.com/coreos/coreos-assembler/pull/2921 broke this
test which is intentionally causing a systemd unit to fail.
As they say, necessity is the mother of invention. They don't
say though that need always causes particularly *beautiful* things
to be invented...
The pattern this API uses in C is to allow the input parameters
pointer targets to be `NULL`, and it doesn't return values in that
case.
A further complexity here is that the API will still return `NULL`
for symbolic links.
But Rust can't express this pattern as is, so we were always
returning values but in `Option<T>` wrappers that the caller needed
to unwrap for the metadata.
(We really want an even more efficient API here that avoids the glib
objects entirely, e.g. no reason not to pass directly back a type
that lets Rust directly read from the fd for bare repos, but
that can come later)