From: Aydın Mercan <aydin@isc.org>
Date: Tue, 3 Jun 2025 15:05:10 +0000 (+0000)
Subject: [9.20] rem: pkg: Implement the systemd notification protocol manually to remove depen... 
X-Git-Tag: v9.20.10~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f7e806a12b9163c3fe9e4ea70e86e7f2d6e57da;p=thirdparty%2Fbind9.git

[9.20] rem: pkg: Implement the systemd notification protocol manually to remove dependency on libsystemd.

libsystemd, despite being useful, adds a huge surface area for just
using the sd_notify API. libsystemd's surface has been exploited in the
past [1].

Implement the systemd notification protocol by hand since it is just
sending newline-delimited datagrams to a UNIX socket. The code shouldn't
need more attention in the future since the notification protocol is
covered under systemd's stability promise [2].

We don't need to support VSOCK-backed service notifications since they
are only intended for virtual machine inits.

[1]: https://www.openwall.com/lists/oss-security/2024/03/29/4
[2]: https://systemd.io/PORTABILITY_AND_STABILITY/

Backport of MR https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/10263

Merge branch 'aydin/standalone-notification-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10454
---

4f7e806a12b9163c3fe9e4ea70e86e7f2d6e57da