From eda2c7c523d858d25fe25052254a7f393767310b Mon Sep 17 00:00:00 2001
From: "Jason M. Bills" <jason.m.bills@linux.intel.com>
Date: Tue, 5 May 2020 15:31:17 -0700
Subject: Update to internal 0.53

Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
---
 .../systemd/0002-Disable-LLMNR-port-5355.patch     | 26 ++++++++++++++++++++++
 .../recipes-core/systemd/systemd_%.bbappend        |  1 +
 2 files changed, 27 insertions(+)
 create mode 100644 meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0002-Disable-LLMNR-port-5355.patch

(limited to 'meta-openbmc-mods/meta-common/recipes-core/systemd')

diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0002-Disable-LLMNR-port-5355.patch b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0002-Disable-LLMNR-port-5355.patch
new file mode 100644
index 000000000..8b978e4fb
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0002-Disable-LLMNR-port-5355.patch
@@ -0,0 +1,26 @@
+From 9fb05323291ccdfbf19ac0d9428e366d6023b408 Mon Sep 17 00:00:00 2001
+From: Karthick Sundarrajan <karthick.sundarrajan@intel.com>
+Date: Fri, 3 Apr 2020 10:23:41 -0700
+Subject: [PATCH] Disable LLMNR (port 5355)
+
+As part of OS hardening process, the port has to be
+disabled.
+
+Signed-off-by: Karthick Sundarrajan <karthick.sundarrajan@intel.com>
+---
+ src/resolve/resolved.conf.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in
+index 6898c78..a9125fd 100644
+--- a/src/resolve/resolved.conf.in
++++ b/src/resolve/resolved.conf.in
+@@ -15,7 +15,7 @@
+ #DNS=
+ #FallbackDNS=@DNS_SERVERS@
+ #Domains=
+-#LLMNR=yes
++LLMNR=no
+ #MulticastDNS=yes
+ #DNSSEC=@DEFAULT_DNSSEC_MODE@
+ #DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@
diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend
index d80714589..17f423dc3 100644
--- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend
@@ -5,6 +5,7 @@ LICENSE = "GPL-2.0"
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 
 SRC_URI += "file://0001-Modfiy-system.conf-DefaultTimeoutStopSec.patch \
+            file://0002-Disable-LLMNR-port-5355.patch \
             file://systemd-time-wait-sync.service \
            "
 
-- 
cgit v1.2.3