rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Minor fix of reclimit test backport

Browse Source 
Fix local rebuilds on Fedora. BIND 9.16 does not work well with fortify
source level 3. Fix also DEFAULT_HMAC not properly set in tests, failing
reclimit test. That was issue only of backport.

Resolves: RHEL-49900
This commit is contained in:
Petr Menšík 2024-08-09 12:37:35 +02:00
parent 9f14cef3c2
commit 585cc3f41a
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
bind-9.16-CVE-2024-1737-records-test2.patch Normal file
View File

@ -0,0 +1,27 @@
From 7bc5e5abf5a3cd66f11cc649b6ecf4c39c92bd9e Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 9 Aug 2024 12:32:20 +0200
Subject: [PATCH] fixup! Add test for not-loading and not-transfering huge
RRSets
---
bin/tests/system/conf.sh.common | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common
index 9fab00f..e617595 100644
--- a/bin/tests/system/conf.sh.common
+++ b/bin/tests/system/conf.sh.common
@@ -301,6 +301,9 @@ DISABLED_ALGORITHM=ECDSAP384SHA384
DISABLED_ALGORITHM_NUMBER=14
DISABLED_BITS=384
+# Default HMAC algorithm.
+export DEFAULT_HMAC=hmac-sha256
+
#
# Useful functions in test scripts
#
--
2.45.2

11
bind.spec
View File

@ -33,6 +33,9 @@
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4 %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
%global selinuxbooleans named_write_master_zones=1 %global selinuxbooleans named_write_master_zones=1
# BIND 9.16 does not work with fortify 3 level, make builds work on Fedora
%global _fortify_level 2
## The order of libs is important. See lib/Makefile.in for details ## The order of libs is important. See lib/Makefile.in for details
%define bind_export_libs isc dns isccfg irs %define bind_export_libs isc dns isccfg irs
%{!?_export_dir:%global _export_dir /bind9-export/} %{!?_export_dir:%global _export_dir /bind9-export/}
@ -51,7 +54,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.16.23 Version: 9.16.23
Release: 23%{?dist} Release: 24%{?dist}
Epoch: 32 Epoch: 32
Url: https://www.isc.org/downloads/bind/ Url: https://www.isc.org/downloads/bind/
# #
@ -169,6 +172,8 @@ Patch211: bind-9.16-CVE-2024-1737-records-test.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/3f1826f2f78792e95f56da7af3a35c46b4d6d9af # https://gitlab.isc.org/isc-projects/bind9/commit/3f1826f2f78792e95f56da7af3a35c46b4d6d9af
Patch212: bind-9.16-CVE-2024-1737-types.patch Patch212: bind-9.16-CVE-2024-1737-types.patch
Patch213: bind-9.16-CVE-2024-1737-types-test.patch Patch213: bind-9.16-CVE-2024-1737-types-test.patch
# backport issue fix
Patch214: bind-9.16-CVE-2024-1737-records-test2.patch
%{?systemd_ordering} %{?systemd_ordering}
Requires: coreutils Requires: coreutils
@ -513,6 +518,7 @@ in HTML and PDF format.
%patch211 -p1 -b .CVE-2024-1737-records-test %patch211 -p1 -b .CVE-2024-1737-records-test
%patch212 -p1 -b .CVE-2024-1737-types %patch212 -p1 -b .CVE-2024-1737-types
%patch213 -p1 -b .CVE-2024-1737-types-test %patch213 -p1 -b .CVE-2024-1737-types-test
%patch214 -p1 -b .CVE-2024-1737-records-test2
%if %{with PKCS11} %if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11 %patch135 -p1 -b .config-pkcs11
@ -1241,6 +1247,9 @@ fi;
%endif %endif
%changelog %changelog
* Fri Aug 09 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-24
- Minor fix of reclimit test backport (CVE-2024-1737)
* Wed Aug 07 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-23 * Wed Aug 07 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-23
- Backport addition of max-records-per-type and max-records-per-type options - Backport addition of max-records-per-type and max-records-per-type options