IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In the english language the first character of a sentence is supposed to
be uppercase. Let's make sure this also applies to the journal
verification error messages.
When a new journal file is created we write the header first, then sync
and only then create the data and field hash tables in them. That means
to other processes it might appear that the files have a valid header
but not data and field hash tables. Our reader code should be able to
deal with this.
With this change we'll not map the two hash tables right-away after
opening a file for reading anymore (because that will of course fail if
the objects are missing), but delay this until the first time we access
them. On top of that, when we want to look something up in the hash
tables and we notice they aren't initialized yet, we consider them
empty.
This improves handling of some journal files reported in #487.
so far, when we read something from /proc/$PID we would pass on the
ENOENT from the kernel as error, if the process was missing. With this
change we systematically convert this to ESRCH, which is the more
appropriate error code, and what all the other glibc/syscalls like
kill() use.
All code that calls these functions should be fine with this change. In
fact, one invocation of get_process_exe() in bus-creds.c already assumed
ESRCH would be returned if a process is missing, and this assumption is
now validated after the change.
Virtualbox 5.0 now supports kvm hypervisor. In this case cpuid
identidies as "kvm", which breaks units depending on
ConditionVirtualization=oracle.
So return "oracle" even with kvm hypervisor.
We can never read past the end of the packet, so this seems impossible
to exploit, but let's error out early as reading past the end of the
current RR is clearly an error.
Found by Lennart, based on patch by Daniel.
Most blobs (keys, signatures, ...) should have a specific size given by
the relevant algorithm. However, as we don't use/verify the algorithms
yet, let's just ensure that we don't read out zero-length data in cases
where this does not make sense.
The only exceptions, where zero-length data is allowed are in the NSEC3
salt field, and the generic data (which we don't know anything about,
so better not make any assumptions).
a) use memcmp() to compare bitmaps efficiently
b) use UINT64_C() macro instead of ULL suffixes to get right suffix for
uint64_t constants
c) add a few assert()s
d) when comparing integers with 0 we generally try to make this explicit
with "!= 0".
e) remove redundant bitmap_isset() if check, as we don't have it in
bitmap_isset() either.
f) It should be fine to invoke bitmap_unset() on a NULL bitmap
No need to actually reset the bitmap, we can just truncate it back zero
size. That not only makes bitmap_clear() quicker, but also subsequent
bitmap_isclear().
Let's make dns_packet_read_public_key() more generic by renaming it to
dns_packet_read_memdup() (which more accurately describes what it
does...). Then, patch all cases where we memdup() RR data to use this
new call.
This specifically checks for zero-length objects, and handles them
gracefully. It will set zero length payload fields as a result.
Special care should be taken to ensure that any code using this call
can handle the returned allocated field to be NULL if the size is
specified as 0!
Mounting devpts with a uid breaks pty allocation with recent glibc
versions, which expect that the kernel will set the correct owner for
user-allocated ptys.
The kernel seems to be smart enough to use the correct uid for root when
we switch to a user namespace.
This resolves#337.
