From 8b4fb1245dcde0370bb84c2653e3e9bb01cbae87 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Sun, 31 Dec 2023 02:04:21 +0800
Subject: systemd: Fix CVE-2023-7008 (#5405)

---
 chapter01/changelog.xml | 4 ++++
 chapter08/systemd.xml   | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml
index fef105ece..756e9d5fc 100644
--- a/chapter01/changelog.xml
+++ b/chapter01/changelog.xml
@@ -43,6 +43,10 @@
     <listitem>
       <para>2023-12-31</para>
       <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2023-7008 for systemd-255.  Fixes
+          <ulink url='&lfs-ticket-root;5405'>#5405</ulink>.</para>
+        </listitem>
         <listitem>
           <para>[xry111] - Update to iana-etc-20231205.  Addresses
           <ulink url='&lfs-ticket-root;5006'>#5006</ulink>.</para>
diff --git a/chapter08/systemd.xml b/chapter08/systemd.xml
index 58ede8508..de5a668d1 100644
--- a/chapter08/systemd.xml
+++ b/chapter08/systemd.xml
@@ -48,6 +48,13 @@
  <screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
        -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
 
+    <!-- https://github.com/systemd/systemd/pull/30549 -->
+    <para>Now fix a security vulnerability in the DNSSEC verification of
+    <command>systemd-resolved</command>:</para>
+
+<screen><userinput remap='pre'>sed -e '/return FLAGS_SET.*AUTHENTICATED/s/(t/(dt/' \
+    -i src/resolve/resolved-dns-transaction.c</userinput></screen>
+
     <para>Prepare systemd for compilation:</para>
 
 <screen><userinput remap="configure">mkdir -p build
-- 
cgit v1.2.3-54-g00ecf