diff --git a/bind-9.16-isc_hp-additional.patch b/bind-9.16-isc_hp-additional.patch new file mode 100644 index 0000000..63c633e --- /dev/null +++ b/bind-9.16-isc_hp-additional.patch @@ -0,0 +1,34 @@ +From beeb4527b25c8d48842bbc78f100b716df118699 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 9 Jul 2024 16:06:02 +0200 +Subject: [PATCH] Increase even further hazard pointers after KeyTrap + +Extends even more change Downstream specific changes related to KeyTrap, +which added safety guards into hazard pointers. Because it seems they +are not still enough. Add fixed base to accomodate common threads like +main app thread and ldap worker threads. Multiply one more, just to be +sure. We do not want to hit maximal limit again. +--- + lib/isc/managers.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/isc/managers.c b/lib/isc/managers.c +index 3bdca99..fffff78 100644 +--- a/lib/isc/managers.c ++++ b/lib/isc/managers.c +@@ -26,9 +26,10 @@ isc_managers_create(isc_mem_t *mctx, size_t workers, size_t quantum, + /* + * We have ncpus network threads, ncpus old network threads - make + * it 4x just to be on the safe side. One additional for slow netmgr +- * thread. ++ * thread. One extra to be safe. Add base for main application thread ++ * or bind-dyndb-ldap worker threads. + */ +- isc_hp_init(5 * workers); ++ isc_hp_init(6 + 6 * workers); + + REQUIRE(netmgrp != NULL && *netmgrp == NULL); + isc__netmgr_create(mctx, workers, &netmgr); +-- +2.45.2 + diff --git a/bind.spec b/bind.spec index 810b9c8..d2f0500 100644 --- a/bind.spec +++ b/bind.spec @@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.16.23 -Release: 20%{?dist} +Release: 21%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -152,6 +152,7 @@ Patch202: bind-9.16-isc-mempool-attach.patch Patch203: bind-9.16-isc_hp-CVE-2023-50387.patch # https://gitlab.isc.org/isc-projects/bind9/commit/1237d73cd1120b146ee699bbae7b2fe837cf2f98 Patch204: bind-9.16-CVE-2023-6516-test.patch +Patch205: bind-9.16-isc_hp-additional.patch %{?systemd_ordering} Requires: coreutils @@ -488,6 +489,7 @@ in HTML and PDF format. %patch202 -p1 -b .mempool-attach %patch203 -p1 -b .isc_hp-CVE-2023-50387 %patch204 -p1 -b .CVE-2023-6516-test +%patch205 -p1 -b .RHEL-39131 %if %{with PKCS11} %patch135 -p1 -b .config-pkcs11 @@ -1216,6 +1218,9 @@ fi; %endif %changelog +* Tue Jul 09 2024 Petr Menšík - 32:9.16.23-21 +- Increase size of hazard pointer array (RHEL-39131) + * Tue May 28 2024 Petr Menšík - 32:9.16.23-20 - Ensure bind CVE fixes hits public Stream repository