systemd: add upstream security fix

Fixes CVE-2017-9217: remote DoS (daemon crash) via a crafted DNS response with
an empty question section.

Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/systemd/systemd.hash b/package/systemd/systemd.hash
index 17f4c0f89063b33f0c4d9adf4358c565c25d75b3..b5cb1ca0c57210e879e271da8ff36496b2972096 100644 (file)
--- a/package/systemd/systemd.hash
+++ b/package/systemd/systemd.hash
@@ -1,2 +1,3 @@
 # sha256 locally computed
 sha256 8b3e99da3d4164b66581830a7f2436c0c8fe697b5fbdc3927bdb960646be0083  systemd-233.tar.gz
+sha256 eed8fef0045876e9efa0ba6725ed9ea93654bf24d67bb5aad467a341ad375883  a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch

diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index 5112d537e3960a19bddbdbf6a74a8aca726791da..0b62cf043e9ecf099136bf684d15e120b34988f7 100644 (file)
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -19,6 +19,9 @@ SYSTEMD_DEPENDENCIES = \
 SYSTEMD_PROVIDES = udev
 SYSTEMD_AUTORECONF = YES
 
+SYSTEMD_PATCH = \
+       https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch
+
 # Make sure that systemd will always be built after busybox so that we have
 # a consistent init setup between two builds
 ifeq ($(BR2_PACKAGE_BUSYBOX),y)