* [Buildroot] [PATCH] systemd: add upstream security fix
@ 2017-06-04 18:24 Baruch Siach
2017-06-05 9:18 ` Thomas Petazzoni
0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2017-06-04 18:24 UTC (permalink / raw)
To: buildroot
Fixes CVE-2017-9217: remote DoS (daemon crash) via a crafted DNS response with
an empty question section.
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
package/systemd/systemd.hash | 1 +
package/systemd/systemd.mk | 3 +++
2 files changed, 4 insertions(+)
diff --git a/package/systemd/systemd.hash b/package/systemd/systemd.hash
index 17f4c0f89063..b5cb1ca0c572 100644
--- a/package/systemd/systemd.hash
+++ b/package/systemd/systemd.hash
@@ -1,2 +1,3 @@
# sha256 locally computed
sha256 8b3e99da3d4164b66581830a7f2436c0c8fe697b5fbdc3927bdb960646be0083 systemd-233.tar.gz
+sha256 eed8fef0045876e9efa0ba6725ed9ea93654bf24d67bb5aad467a341ad375883 a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 5112d537e396..0b62cf043e9e 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -19,6 +19,9 @@ SYSTEMD_DEPENDENCIES = \
SYSTEMD_PROVIDES = udev
SYSTEMD_AUTORECONF = YES
+SYSTEMD_PATCH = \
+ https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch
+
# Make sure that systemd will always be built after busybox so that we have
# a consistent init setup between two builds
ifeq ($(BR2_PACKAGE_BUSYBOX),y)
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] systemd: add upstream security fix
2017-06-04 18:24 [Buildroot] [PATCH] systemd: add upstream security fix Baruch Siach
@ 2017-06-05 9:18 ` Thomas Petazzoni
2017-06-05 9:27 ` Baruch Siach
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Petazzoni @ 2017-06-05 9:18 UTC (permalink / raw)
To: buildroot
Hello,
On Sun, 4 Jun 2017 21:24:34 +0300, Baruch Siach wrote:
> Fixes CVE-2017-9217: remote DoS (daemon crash) via a crafted DNS response with
> an empty question section.
>
> Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
> package/systemd/systemd.hash | 1 +
> package/systemd/systemd.mk | 3 +++
> 2 files changed, 4 insertions(+)
Applied to master, thanks. Peter: I guess this should go to the LTS
branch. Baruch, can you confirm it applies to the systemd version we
have in the LTS branch?
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] systemd: add upstream security fix
2017-06-05 9:18 ` Thomas Petazzoni
@ 2017-06-05 9:27 ` Baruch Siach
2017-06-06 11:36 ` Peter Korsgaard
0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2017-06-05 9:27 UTC (permalink / raw)
To: buildroot
Hi Thomas,
On Mon, Jun 05, 2017 at 11:18:29AM +0200, Thomas Petazzoni wrote:
> On Sun, 4 Jun 2017 21:24:34 +0300, Baruch Siach wrote:
> > Fixes CVE-2017-9217: remote DoS (daemon crash) via a crafted DNS response with
> > an empty question section.
> >
> > Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
> > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> > ---
> > package/systemd/systemd.hash | 1 +
> > package/systemd/systemd.mk | 3 +++
> > 2 files changed, 4 insertions(+)
>
> Applied to master, thanks. Peter: I guess this should go to the LTS
> branch. Baruch, can you confirm it applies to the systemd version we
> have in the LTS branch?
Cherry-pick of systemd commit a924f43f30f9c applies cleanly to systemd v232
that we have in the LTS branch. I didn't build/test though.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] systemd: add upstream security fix
2017-06-05 9:27 ` Baruch Siach
@ 2017-06-06 11:36 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2017-06-06 11:36 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Hi Thomas,
> On Mon, Jun 05, 2017 at 11:18:29AM +0200, Thomas Petazzoni wrote:
>> On Sun, 4 Jun 2017 21:24:34 +0300, Baruch Siach wrote:
>> > Fixes CVE-2017-9217: remote DoS (daemon crash) via a crafted DNS response with
>> > an empty question section.
>> >
>> > Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
>> > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
>> > ---
>> > package/systemd/systemd.hash | 1 +
>> > package/systemd/systemd.mk | 3 +++
>> > 2 files changed, 4 insertions(+)
>>
>> Applied to master, thanks. Peter: I guess this should go to the LTS
>> branch. Baruch, can you confirm it applies to the systemd version we
>> have in the LTS branch?
> Cherry-pick of systemd commit a924f43f30f9c applies cleanly to systemd v232
> that we have in the LTS branch. I didn't build/test though.
Thanks, committed to 2017.05.x and 2017.02.x after doing a build test.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-06-06 11:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-04 18:24 [Buildroot] [PATCH] systemd: add upstream security fix Baruch Siach
2017-06-05 9:18 ` Thomas Petazzoni
2017-06-05 9:27 ` Baruch Siach
2017-06-06 11:36 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox