From 11a3e7ce6efc8f1f59b981671b3b3feba17458b5 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Sun, 4 Jun 2017 21:24:34 +0300
Subject: [PATCH] systemd: add upstream security fix

Fixes CVE-2017-9217: remote DoS (daemon crash) via a crafted DNS response with
an empty question section.

Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit dabd28a4be71e6d8f5a33d4fa34a3515e5fad177)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/systemd/systemd.hash | 1 +
 package/systemd/systemd.mk   | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/package/systemd/systemd.hash b/package/systemd/systemd.hash
index 0acaa3cdcd..2b7820795e 100644
--- a/package/systemd/systemd.hash
+++ b/package/systemd/systemd.hash
@@ -1,2 +1,3 @@
 # sha256 locally computed
 sha256 1172c7c7d5d72fbded53186e7599d5272231f04cc8b72f9a0fb2c5c20dfc4880  systemd-232.tar.gz
+sha256 eed8fef0045876e9efa0ba6725ed9ea93654bf24d67bb5aad467a341ad375883  a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index fce5d8411c..f1ddfaf440 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -19,6 +19,9 @@ SYSTEMD_DEPENDENCIES = \
 SYSTEMD_PROVIDES = udev
 SYSTEMD_AUTORECONF = YES
 
+SYSTEMD_PATCH = \
+	https://github.com/systemd/systemd/commit/a924f43f30f9c4acaf70618dd2a055f8b0f166be.patch
+
 # Make sure that systemd will always be built after busybox so that we have
 # a consistent init setup between two builds
 ifeq ($(BR2_PACKAGE_BUSYBOX),y)