Stop crashes at masterformat system tests

Fix of CVE-2023-6516 has changed format of map file and masterformat has
started crashing. Adjust test values to pass cleanly.

Related: RHEL-25375
; Related: CVE-2023-6516

bind-9.16-CVE-2023-6516-test.patch

@@ -0,0 +1,52 @@
+From e91ab7758bed0cf3dcf8ed745f91063d7ec4011c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
+Date: Thu, 4 Jan 2024 13:39:27 +0100
+Subject: [PATCH] Fix map offsets in the "masterformat" system test
+
+The "masterformat" system test attempts to check named-checkzone
+behavior when it is fed corrupt map-format zone files.  However, despite
+the RBTDB and RBT structures having evolved over the years, the offsets
+at which a valid map-format zone file is malformed by the "masterformat"
+test have not been updated accordingly, causing the relevant checks to
+introduce a different type of corruption than they were originally meant
+to cause:
+
+  - the "bad node header" check originally mangled the 'type' member of
+    the rdatasetheader_t structure for cname.example.nil,
+
+  - the "bad node data" check originally mangled the 'serial' and
+    'rdh_ttl' members of the rdatasetheader_t structure for
+    aaaa.example.nil.
+
+Update the offsets at which the map-format zone file is malformed at by
+the "masterformat" system test so that the relevant checks fulfill their
+original purpose again.
+---
+ bin/tests/system/masterformat/tests.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bin/tests/system/masterformat/tests.sh b/bin/tests/system/masterformat/tests.sh
+index 364a0d2..bb4e6ec 100755
+--- a/bin/tests/system/masterformat/tests.sh
++++ b/bin/tests/system/masterformat/tests.sh
+@@ -295,7 +295,7 @@ status=$((status+ret))
+ echo_i "checking corrupt map files fail to load (bad node header) ($n)"
+ ret=0
+ cp map.5 badmap
+-stomp badmap 2754 2 99
++stomp badmap 3706 2 99
+ $CHECKZONE -D -f map -F text -o text.5 example.nil badmap > /dev/null
+ [ $? = 1 ] || ret=1
+ n=$((n+1))
+@@ -305,7 +305,7 @@ status=$((status+ret))
+ echo_i "checking corrupt map files fail to load (bad node data) ($n)"
+ ret=0
+ cp map.5 badmap
+-stomp badmap 2897 5 127
++stomp badmap 3137 5 127
+ $CHECKZONE -D -f map -F text -o text.5 example.nil badmap > /dev/null
+ [ $? = 1 ] || ret=1
+ n=$((n+1))
+-- 
+2.44.0
+

bind.spec

@@ -51,7 +51,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.23
-Release:  17%{?dist}
+Release:  18%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -150,6 +150,8 @@ Patch201: bind-9.16-system-test-cds.patch
 Patch202: bind-9.16-isc-mempool-attach.patch
 # Downstream only change, complements patch 198
 Patch203: bind-9.16-isc_hp-CVE-2023-50387.patch
+# https://gitlab.isc.org/isc-projects/bind9/commit/1237d73cd1120b146ee699bbae7b2fe837cf2f98
+Patch204: bind-9.16-CVE-2023-6516-test.patch
 
 %{?systemd_ordering}
 Requires:       coreutils
@@ -482,6 +484,7 @@ in HTML and PDF format.
 %patch201 -p1 -b .test-variant-def
 %patch202 -p1 -b .mempool-attach
 %patch203 -p1 -b .isc_hp-CVE-2023-50387
+%patch204 -p1 -b .CVE-2023-6516-test
 
 %if %{with PKCS11}
 %patch135 -p1 -b .config-pkcs11
@@ -1210,6 +1213,9 @@ fi;
 %endif
 
 %changelog
+* Mon Mar 25 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-18
+- Prevent crashing at masterformat system test (CVE-2023-6516)
+
 * Mon Feb 19 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-17
 - Import tests for large DNS messages fix
 - Add downstream change complementing CVE-2023-50387