1 files changed, 0 insertions, 32 deletions

diff --git a/sys-apps/systemd/files/255-dnssec-3.patch b/sys-apps/systemd/files/255-dnssec-3.patch
deleted file mode 100644
index 4fd231d6d157..000000000000
--- a/sys-apps/systemd/files/255-dnssec-3.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-https://github.com/systemd/systemd/pull/32593
-https://github.com/systemd/systemd-stable/commit/a1580223a5dd67ab61c5f888b114de43b65fffbf
-
-From a1580223a5dd67ab61c5f888b114de43b65fffbf Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Tue, 30 Apr 2024 13:19:14 -0700
-Subject: [PATCH] resolved: validate authentic insecure delegation to CNAME
-
-If the parent zone uses a non-opt-out method that provides authenticated
-negative DS replies, we still can't expect signatures from the child
-zone. sd-resolved was using the authenticated status of the DS reply to
-require signatures for CNAMEs, even though it had already proved that no
-signature exists.
-
-Fixes: 47690634f157 ("resolved: don't request the SOA for every dns label")
-(cherry picked from commit 414a9b8e5e1e772261b0ffaedc853f5c0aba5719)
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2863,7 +2863,12 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
-                         if (r == 0)
-                                 continue;
- 
--                        return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
-+                        if (!FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED))
-+                                return false;
-+
-+                        /* We expect this to be signed when the DS record exists, and don't expect it to be
-+                         * signed when the DS record is proven not to exist. */
-+                        return dns_answer_match_key(dt->answer, dns_transaction_key(dt), NULL);
-                 }
- 
-                 return true;