]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
systemd: Backport systemd-resolved: use hostname for certificate validation in DoT
authorMarek Vasut <marex@denx.de>
Tue, 10 Oct 2023 22:47:48 +0000 (00:47 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 16 Oct 2023 15:07:13 +0000 (05:07 -1000)
commit6b4a583169ae40a8d51e7ffa33785409b5111a81
tree3b4bf42719564b2f34102f60d2a00a901a098002
parent844faa7c51ae8ec0966e9c5c3f70a1dbf2222c21
systemd: Backport systemd-resolved: use hostname for certificate validation in DoT

Widely accepted certificates for IP addresses are expensive and only
affordable for larger organizations. Therefore if the user provides
the hostname in the DNS= option, we should use it instead of the IP
address.

This fixes https://nvd.nist.gov/vuln/detail/CVE-2018-21029 per
suggestion https://github.com/systemd/systemd-stable/issues/72 .

CVE: CVE-2018-21029
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/systemd/systemd/CVE-2018-21029.patch [new file with mode: 0644]
meta/recipes-core/systemd/systemd_244.5.bb