On Fri, 2016-10-07 at 08:10 +1100, Brian May wrote: > Ben Hutchings <b...@decadent.org.uk> writes: > > > 2. Fix for CVE-2016-7796 > > > Has undefined reference to IN_SET. > > I am guessing I don't need this part of the patch, right? > > - if (errno == EAGAIN || errno == EINTR) > + if (!IN_SET(errno, EAGAIN, EINTR))
I assume IN_SET(errno, EAGAIN, EINTR) somehow expands to the equivalent of the previous condition. But note there's also a negation in front of it, and that is needed - the error message should only be logged in the case where this function previously returned a negative value. > > 4. pid1-process-zero-length-notification-messages-again.patch > > > Just some comments on this patch. > > It looks like this patch does three things > > * It removes "assert(n > 0)". > > * It removes the now unused n parameter from the > manager_invoke_notify_message() function. > > * It removes the return(0) if n==0. This looks like the only relevant part. > > For the first two changes, it looks like the > manager_invoke_notify_message() function and hence the assert was only > introduced in systemd in the following commit, before tag v209. This was > not in the wheezy version, so I don't think these parts are required. [...] Right. Ben. -- Ben Hutchings Every program is either trivial or else contains at least one bug
signature.asc
Description: This is a digitally signed message part