diff options
author | Marek Vasut <marex@denx.de> | 2023-10-11 00:47:48 +0200 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-10-16 05:07:13 -1000 |
commit | 6b4a583169ae40a8d51e7ffa33785409b5111a81 (patch) | |
tree | 3b4bf42719564b2f34102f60d2a00a901a098002 /meta/recipes-core/systemd/systemd_244.5.bb | |
parent | 844faa7c51ae8ec0966e9c5c3f70a1dbf2222c21 (diff) | |
download | openembedded-core-contrib-6b4a583169ae40a8d51e7ffa33785409b5111a81.tar.gz |
systemd: Backport systemd-resolved: use hostname for certificate validation in DoT
Widely accepted certificates for IP addresses are expensive and only
affordable for larger organizations. Therefore if the user provides
the hostname in the DNS= option, we should use it instead of the IP
address.
This fixes https://nvd.nist.gov/vuln/detail/CVE-2018-21029 per
suggestion https://github.com/systemd/systemd-stable/issues/72 .
CVE: CVE-2018-21029
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/systemd/systemd_244.5.bb')
-rw-r--r-- | meta/recipes-core/systemd/systemd_244.5.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb index bd66d82932..8b2f47b92f 100644 --- a/meta/recipes-core/systemd/systemd_244.5.bb +++ b/meta/recipes-core/systemd/systemd_244.5.bb @@ -31,6 +31,7 @@ SRC_URI += "file://touchscreen.rules \ file://network-fix-Link-reference-counter-issue.patch \ file://rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch \ file://rm-rf-optionally-fsync-after-removing-directory-tree.patch \ + file://CVE-2018-21029.patch \ file://CVE-2021-3997-1.patch \ file://CVE-2021-3997-2.patch \ file://CVE-2021-3997-3.patch \ |