fix(dnssec): validate short RSA DNSKEY blobs

[deepin-ci-robot]

Summary

Backport upstream fix to validate short RSA DNSKEY blobs in the DNSSEC resolver. Rejects malformed RSA DNSKEY data before reading the extended exponent header, preventing potential out-of-bounds read.

Changes

• Add debian/patches/fix-dnssec-validate-short-rsa-dnskey.patch
• Modify debian/patches/series
• Modify debian/changelog

Upstream

systemd/systemd@004401fd

Generated-By: glm-5-turbo
Co-Authored-By: jiabowen jiabowen@uniontech.com

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign liujianqiang-niu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• https:/raw.githubusercontent.com/deepin-community/template-repository/master/debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

TAG Bot

TAG: 255.2-4deepin31
EXISTED: no
DISTRIBUTION: unstable

[deepin-community-ci-bot]

TAG Bot

New tag: 255.2-4deepin32
DISTRIBUTION: unstable
Suggest: synchronizing this PR through rebase #63

[deepin-community-ci-bot]

TAG Bot

New tag: 255.2-4deepin33
DISTRIBUTION: unstable
Suggest: synchronizing this PR through rebase #64

[deepin-community-ci-bot]

TAG Bot

New tag: 255.2-4deepin34
DISTRIBUTION: unstable
Suggest: synchronizing this PR through rebase #65

[deepin-community-ci-bot]

TAG Bot

New tag: 255.2-4deepin35
DISTRIBUTION: unstable
Suggest: synchronizing this PR through rebase #66

[deepin-community-ci-bot]

TAG Bot

New tag: 255.2-4deepin36
DISTRIBUTION: unstable
Suggest: synchronizing this PR through rebase #67