packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

actually check authenticated flag of SOA transaction in resolved

Browse Source 
(cherry picked from commit 1d960676d7f00f769a01a8d5deb9f5c96117b584)
This commit is contained in:
wangyuhang 2023-12-27 16:05:44 +08:00 committed by openeuler-sync-bot
parent 95f203418a
commit 606b0c6c92
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
backport-CVE-2023-7008.patch Normal file
View File

@ -0,0 +1,39 @@
From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 20 Dec 2023 16:44:14 +0100
Subject: [PATCH] resolved: actually check authenticated flag of SOA
transaction
Fixes #25676
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1
---
src/resolve/resolved-dns-transaction.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 696fce532a..fe88e502e7 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -2808,7 +2808,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
if (r == 0)
continue;
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
@@ -2835,7 +2835,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
/* We found the transaction that was supposed to find the SOA RR for us. It was
* successful, but found no RR for us. This means we are not at a zone cut. In this
* case, we require authentication if the SOA lookup was authenticated too. */
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
--
2.33.0

6
systemd.spec
View File

@ -21,7 +21,7 @@
Name: systemd Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 249 Version: 249
Release: 62 Release: 63
License: MIT and LGPLv2+ and GPLv2+ License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -611,6 +611,7 @@ Patch6562: backport-sd-bus-switch-to-a-manual-overflow-check-in.patch
Patch6563: backport-Use-dummy-allocator-to-make-accesses-defined-as-per-standard.patch Patch6563: backport-Use-dummy-allocator-to-make-accesses-defined-as-per-standard.patch
Patch6564: backport-rules-import-previous-SYSTEMD_READY-state-for-suspen.patch Patch6564: backport-rules-import-previous-SYSTEMD_READY-state-for-suspen.patch
Patch6565: backport-rules-go-to-the-end-of-rules-indeed-when-dm-is-suspe.patch Patch6565: backport-rules-go-to-the-end-of-rules-indeed-when-dm-is-suspe.patch
Patch6566: backport-CVE-2023-7008.patch
Patch9001: update-rtc-with-system-clock-when-shutdown.patch Patch9001: update-rtc-with-system-clock-when-shutdown.patch
Patch9002: udev-add-actions-while-rename-netif-failed.patch Patch9002: udev-add-actions-while-rename-netif-failed.patch
@ -2107,6 +2108,9 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
%{_libdir}/security/pam_systemd.so %{_libdir}/security/pam_systemd.so
%changelog %changelog
* Wed Dec 27 2023 wangyuhang <wangyuhang27@huawei.com> - 249-63
- actually check authenticated flag of SOA transaction in resolved
* Thu Dec 21 2023 xujing <xujing125@huawei.com> - 249-62 * Thu Dec 21 2023 xujing <xujing125@huawei.com> - 249-62
- backport: fix /boot unmounted issue when the device is suspended during boot time - backport: fix /boot unmounted issue when the device is suspended during boot time