fix CVE-2020-13776 in 245.x

[flokli]

systemd version the issue has been seen with

245.x

Used distribution

N/A

The current systemd-stable release, 245.6 doesn't yet contain the fixes necessary to migitate CVE-2020-13776.

Can you please cherry-pick 156a5fd (and the prerequisite b934ac3) to the v245-stable and tag a new point release?

It seems most upstream distributions use these tags for their stable distributions: NixOS/nixpkgs#91048 (comment)

There have been some follow-up fixes in systemd/systemd#16033, but that patchset is quite big, so probably best to just pick the 2 above commits.

[eworm-de]

Prepared changes in #71...

[ht990332]

244 is not affected by this bug?

[flokli]

According to https://nvd.nist.gov/vuln/detail/CVE-2020-13776, up to and including 245 is affected. Not sure on the backporting policies for systemd-stable, though (as in, whether upstream backport patches, or downstream distros need to take care of it)

[ht990332]

I backported it manually to my 244.4 installation.
Thank you.
The distribution I use has 245.6 but I found 244.4 to be more stable in my work environment.

[keszybz]

This was fixed by #71.