From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id EE4CA645AB for ; Mon, 20 Jul 2020 10:22:57 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DC0D2B41C for ; Mon, 20 Jul 2020 10:22:27 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id B3827B405 for ; Mon, 20 Jul 2020 10:22:26 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8175E431AE for ; Mon, 20 Jul 2020 10:22:26 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Mon, 20 Jul 2020 10:22:12 +0200 Message-Id: <20200720082213.1246052-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.100 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup 1/2] manifest: revert canonicalization to old behaviour X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2020 08:22:58 -0000 JSON keys MUST be quoted. this is a one-time break in signature validation for backups created with the broken canonicalization code. QEMU backups are not affected, as libproxmox-backup-qemu never linked the broken versions. Signed-off-by: Fabian Grünbichler --- Note: after this has been applied and proxmox-backup has been bumped, libproxmox-backup-qemu needs to be be re-built with the new code and bumped for restore to work again. src/backup/manifest.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backup/manifest.rs b/src/backup/manifest.rs index 2ee3d440..f90f1159 100644 --- a/src/backup/manifest.rs +++ b/src/backup/manifest.rs @@ -160,12 +160,12 @@ impl BackupManifest { keys.sort(); let mut iter = keys.into_iter(); if let Some(key) = iter.next() { - output.extend(key.as_bytes()); + Self::write_canonical_json(&key.into(), output)?; output.push(b':'); Self::write_canonical_json(&map[key], output)?; for key in iter { output.push(b','); - output.extend(key.as_bytes()); + Self::write_canonical_json(&key.into(), output)?; output.push(b':'); Self::write_canonical_json(&map[key], output)?; } -- 2.20.1