summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/systemd/systemd_244.5.bb
diff options
context:
space:
mode:
authorMarek Vasut <marex@denx.de>2023-10-11 00:47:48 +0200
committerSteve Sakoman <steve@sakoman.com>2023-10-16 05:07:13 -1000
commit6b4a583169ae40a8d51e7ffa33785409b5111a81 (patch)
tree3b4bf42719564b2f34102f60d2a00a901a098002 /meta/recipes-core/systemd/systemd_244.5.bb
parent844faa7c51ae8ec0966e9c5c3f70a1dbf2222c21 (diff)
downloadopenembedded-core-contrib-6b4a583169ae40a8d51e7ffa33785409b5111a81.tar.gz
systemd: Backport systemd-resolved: use hostname for certificate validation in DoT
Widely accepted certificates for IP addresses are expensive and only affordable for larger organizations. Therefore if the user provides the hostname in the DNS= option, we should use it instead of the IP address. This fixes https://nvd.nist.gov/vuln/detail/CVE-2018-21029 per suggestion https://github.com/systemd/systemd-stable/issues/72 . CVE: CVE-2018-21029 Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core/systemd/systemd_244.5.bb')
-rw-r--r--meta/recipes-core/systemd/systemd_244.5.bb1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb
index bd66d82932..8b2f47b92f 100644
--- a/meta/recipes-core/systemd/systemd_244.5.bb
+++ b/meta/recipes-core/systemd/systemd_244.5.bb
@@ -31,6 +31,7 @@ SRC_URI += "file://touchscreen.rules \
file://network-fix-Link-reference-counter-issue.patch \
file://rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch \
file://rm-rf-optionally-fsync-after-removing-directory-tree.patch \
+ file://CVE-2018-21029.patch \
file://CVE-2021-3997-1.patch \
file://CVE-2021-3997-2.patch \
file://CVE-2021-3997-3.patch \
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-13 03:27:53 +0000