systemd: Fix CVE-2023-7008

general.ent

@@ -78,6 +78,7 @@
 
 <!ENTITY lfs-root             "../../../../lfs/view/&lfs-version;">
 <!ENTITY lfs-dev              "../../../../lfs/view/development">
+<!ENTITY lfs-ticket-root      "https://wiki.&lfs-domainname;/lfs/ticket/">
 <!ENTITY gnu-http             "https://ftp.gnu.org/gnu">
 <!ENTITY gnu-ftp              "ftp://ftp.gnu.org/gnu">
 <!ENTITY gnupg-http           "https://www.gnupg.org/ftp/gcrypt">

general/sysutils/systemd.xml

@@ -167,13 +167,6 @@
 
   <sect2 role="installation">
     <title>Installation of systemd</title>
-<!--
-    <para>
-      First, fix a security issue in systemd-coredump:
-    </para>
-
-<screen><userinput>patch -Np1 -i ../systemd-&systemd-version;-security_fix-1.patch</userinput></screen>
--->
 
     <para>
       Remove two unneeded groups,
@@ -185,6 +178,14 @@
 <screen><userinput remap="pre">sed -i -e 's/GROUP="render"/GROUP="video"/' \
        -e 's/GROUP="sgx", //' rules.d/50-udev-default.rules.in</userinput></screen>
 
+    <para>
+      Now fix a security vulnerability in the DNSSEC verification of
+      <command>systemd-resolved</command>:
+    </para>
+
+    <screen><userinput>sed -e '/return FLAGS_SET.*AUTHENTICATED/s/(t/(dt/' \
+    -i src/resolve/resolved-dns-transaction.c</userinput></screen>
+
     <para>
       Rebuild <application>systemd</application> by running the
       following commands:

introduction/welcome/changelog.xml

@@ -38,6 +38,16 @@
       </itemizedlist>
     </listitem>
     -->
+    <listitem>
+      <para>December 31st, 2023</para>
+      <itemizedlist>
+        <listitem>
+          <para>[xry111] - Fix CVE-2023-7008 for systemd-255.  Addresses
+          <ulink url="&lfs-ticket-root;5405">LFS #5405</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>December 30th, 2023</para>
       <itemizedlist>