2 files changed, 33 insertions, 0 deletions

diff --git a/recipes-core/swupd-server/swupd-server/0006-Always-use-xattrs-when.patch b/recipes-core/swupd-server/swupd-server/0006-Always-use-xattrs-when.patch
new file mode 100644
index 0000000..ddc8603
--- /dev/null
+++ b/recipes-core/swupd-server/swupd-server/0006-Always-use-xattrs-when.patch
@@ -0,0 +1,32 @@
+From 71e2abe1af2a8760701923071413da1314e44f4c Mon Sep 17 00:00:00 2001
+From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
+Date: Fri, 19 Feb 2016 18:52:45 +0200
+Subject: [PATCH] Always use xattrs when calculating file hashes
+
+Currently swupd-client includes xattrs to hash sums of all files.
+Therefore in order to avoid relaxing security and to prevent
+`swupd verify` from reporting hash mismatches for updated files
+it's better to include xattrs to hashes for all files.
+
+Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
+
+Upstream-Status: Accepted (v3.1.0+)
+
+---
+ src/manifest.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/manifest.c b/src/manifest.c
+index 38d386b..dcda18d 100644
+--- a/src/manifest.c
++++ b/src/manifest.c
+@@ -788,7 +788,8 @@ bool compute_hash_with_xattrs(const char *filename)
+ 		return true;
+ 	}
+ 
+-	return false;
++	/* Currently swupd-client includes xattrs to hash sums of all files */
++	return true;
+ }
+ 
+ /* Returns 0 == success, -1 == failure */
diff --git a/recipes-core/swupd-server/swupd-server_2.53.bb b/recipes-core/swupd-server/swupd-server_2.53.bb
index ebe32da..a57f2cf 100644
--- a/recipes-core/swupd-server/swupd-server_2.53.bb
+++ b/recipes-core/swupd-server/swupd-server_2.53.bb
@@ -12,6 +12,7 @@ SRC_URI = "\
     file://0003-Add-configure-option-to-re-enable-config-files-in-ma.patch \
     file://0004-Fix-regression-that-introduced-a-directory-named.patch \
     file://0005-xattrs.c-Avoid-freeing-dangling-pointers.patch \
+    file://0006-Always-use-xattrs-when.patch \
 "
 
 SRC_URI[md5sum] = "14f25677b5a4f0b33785910b03860939"