packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!861 Fix CVE-2023-7008

Browse Source 
From: @zhang-yao-2022 
Reviewed-by: @xujing99 
Signed-off-by: @xujing99
This commit is contained in:
openeuler-ci-bot 2025-04-28 06:13:59 +00:00 committed by Gitee
commit 4da536d9e0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
backport-CVE-2023-7008.patch Normal file
View File

@ -0,0 +1,39 @@
From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 20 Dec 2023 16:44:14 +0100
Subject: [PATCH] resolved: actually check authenticated flag of SOA
transaction
Fixes #25676
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1
---
src/resolve/resolved-dns-transaction.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 696fce532a..fe88e502e7 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -2808,7 +2808,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
if (r == 0)
continue;
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
@@ -2835,7 +2835,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
/* We found the transaction that was supposed to find the SOA RR for us. It was
* successful, but found no RR for us. This means we are not at a zone cut. In this
* case, we require authentication if the SOA lookup was authenticated too. */
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
--
2.33.0

6
systemd.spec
View File

@ -25,7 +25,7 @@
Name: systemd Name: systemd
Url: https://systemd.io/ Url: https://systemd.io/
Version: 255 Version: 255
Release: 40 Release: 41
License: MIT and LGPLv2+ and GPLv2+ License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -102,6 +102,7 @@ Patch6648: backport-shutdown-close-DM-block-device-before-issuing-DM_DEV.pa
Patch6649: backport-execute-free-syscall_log-hashmap-when-done.patch Patch6649: backport-execute-free-syscall_log-hashmap-when-done.patch
Patch6650: backport-logind-let-system-wide-idle-begin-at-the-time-logind.patch Patch6650: backport-logind-let-system-wide-idle-begin-at-the-time-logind.patch
Patch6651: backport-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch Patch6651: backport-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch
Patch6652: backport-CVE-2023-7008.patch
Patch9008: update-rtc-with-system-clock-when-shutdown.patch Patch9008: update-rtc-with-system-clock-when-shutdown.patch
Patch9009: udev-add-actions-while-rename-netif-failed.patch Patch9009: udev-add-actions-while-rename-netif-failed.patch
@ -1688,6 +1689,9 @@ fi
%{_unitdir}/veritysetup.target %{_unitdir}/veritysetup.target
%changelog %changelog
* Mon Apr 28 2025 zhangyao <zhangyao108@huawei.com> - 255-41
- actually check authenticated flag of SOA transaction in resolved
* Fri Apr 18 2025 wangyuhang <wangyuhang27@huawei.com> - 255-40 * Fri Apr 18 2025 wangyuhang <wangyuhang27@huawei.com> - 255-40
- sync patch from systemd community - sync patch from systemd community