systemd: Fix CVE-2023-7008 (#5405)

author: Xi Ruoyao <xry111@xry111.site> 2023-12-31 02:04:21 +0800
committer: Xi Ruoyao <xry111@xry111.site> 2023-12-31 02:35:25 +0800
commit: 8b4fb1245dcde0370bb84c2653e3e9bb01cbae87 (patch)
tree: 2b833cb569b364d6b966f7519d08c8be733247b0
parent: d4ce302c0e94aa2aea766eb14f78c965b823360c (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index fef105ece..756e9d5fc 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -44,6 +44,10 @@
       <para>2023-12-31</para>
       <itemizedlist>
         <listitem>
+          <para>[xry111] - Fix CVE-2023-7008 for systemd-255.  Fixes
+          <ulink url='&lfs-ticket-root;5405'>#5405</ulink>.</para>
+        </listitem>
+        <listitem>
           <para>[xry111] - Update to iana-etc-20231205.  Addresses
           <ulink url='&lfs-ticket-root;5006'>#5006</ulink>.</para>
         </listitem>
diff --git a/chapter08/systemd.xml b/chapter08/systemd.xml
index 58ede8508..de5a668d1 100644
--- a/chapter08/systemd.xml
+++ b/chapter08/systemd.xml
@@ -48,6 +48,13 @@
  <screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
        -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
 
+    <!-- https://github.com/systemd/systemd/pull/30549 -->
+    <para>Now fix a security vulnerability in the DNSSEC verification of
+    <command>systemd-resolved</command>:</para>
+
+<screen><userinput remap='pre'>sed -e '/return FLAGS_SET.*AUTHENTICATED/s/(t/(dt/' \
+    -i src/resolve/resolved-dns-transaction.c</userinput></screen>
+
     <para>Prepare systemd for compilation:</para>
 
 <screen><userinput remap="configure">mkdir -p build
author	Xi Ruoyao <xry111@xry111.site>	2023-12-31 02:04:21 +0800
committer	Xi Ruoyao <xry111@xry111.site>	2023-12-31 02:35:25 +0800
commit	8b4fb1245dcde0370bb84c2653e3e9bb01cbae87 (patch)
tree	2b833cb569b364d6b966f7519d08c8be733247b0
parent	d4ce302c0e94aa2aea766eb14f78c965b823360c (diff)