IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If e.g., an [Address] section has an invalid setting, then
previously assigned settings in the section is freed, and
only later settings are stored. That may cause partially broken
section stored in Network object.
This makes if an invalid setting is found, then set 'invalid' flag
instead of freeing it. And invalid sections are dropped later by
network_verify().
Previously, the route is added when the .network config is assigned
to a Link. So, if multiple links match the .network file, the route
entry becomes duplicated in the corresponding Network object.
ProtectSystem=strict or ProtectKernelTunable=yes create implicit
read-write mounts, but they are not overridable by TemporaryFileSystem=.
This makes such implicit read-write mounts use the new mount mode.
So, they can be override by TemproraryFileSystem= now.
A typical usecase is that ProtectSystem=strict and ProtectHome=tmpfs.
Fixes#11276.
We have a few cases or reported issues which are about a timeout to parse
the input in 25 s. In all cases, the input is a few hundred kb. We don't really
care if the config parsers are super efficent, so let's set a limit on the input
size to avoid triggering such issues. The parsers often contain quadratic
algorithms. This is OK, because the numbers of elements are almost always very
small in real use. Rewriting the code to use more complicated data structures
to speed this up would not only complicate the code, but also pessimize behaviour
for the overwhelmingly common case of small samples. Note that in all those
cases, the input data is trusted. We care about memory correctness, and not
not so much about efficiency.
The size checks are done twice: using options for libfuzzer, and using an
internal check for afl. Those should be changed together. I didn't use a define,
because there is no easy mechanism to share the define between the two files.
Coverity was complaining in CID#1399407 that config->entries might be used
while NULL. Let's add an assert to make sure it's not.
Also, let's quit early if we have no entries to loop through. The code was
not incorrect, but it's cleaner to avoid any negative indices.
Coverity CID#1399116:
> Potentially overflowing expression
> gpt_header_buffer.gpt_header.SizeOfPartitionEntry * gpt_header_buffer.gpt_header.NumberOfPartitionEntries
> with type unsigned int (32 bits, unsigned) is evaluated using 32-bit
> arithmetic, and then used in a context that expects an expression of type
> UINTN (64 bits, unsigned).
Let's import the ALIGN_TO macro to sd-boot and use it to avoid the issue.
Things are currently fairly ugly in Fedora: we create $BOOT/$MACHINE_ID/$KERNEL_VERSION/,
and then 20-grub.install that is installed by grub2-common.rpm wants to remove that
directory before 50-dracut.install get a chance to run. 50-dracut.install
checks for the presence of that directory to decide where to install the
kernel. So let's make the creation of the directory conditional. Previous
commit changes bootctl install to create $BOOT/$MACHINE_ID, and this commit
makes kernel-install not create it. In effect, the entry directory will only be
created if 'bootctl install' or something else created the parent directory.
https://bugzilla.redhat.com/show_bug.cgi?id=1648907
"BOOT" is misleading, because it sounds like this refers to /boot or $BOOT,
when in fact it refers to some subdirectory. Those variable names are purely
interal, so we can change them. $BOOT_DIR_ABS was used in NEWS, but it should
not be (because it is an internal detail), so the old NEWS entry is reworded to
use "entry directory".
The string validation should always be done correctly, and not fail just
because EFI is turned off. After all an EFI loader entry name string
remains properly formatted regardless if EFI is on or off...
Fixes: #11948
