Stop crashes at masterformat system tests

Fix of CVE-2023-6516 has changed format of map file and masterformat has started crashing. Adjust test values to pass cleanly. Related: RHEL-25375 ; Related: CVE-2023-6516
2024-03-25 10:44:24 +01:00 · 2024-03-25 10:44:24 +01:00 · c3e15c4a64
commit c3e15c4a64
parent 02426200e2
2 changed files with 59 additions and 1 deletions
--- a/bind-9.16-CVE-2023-6516-test.patch
+++ b/bind-9.16-CVE-2023-6516-test.patch
@ -0,0 +1,52 @@
 From e91ab7758bed0cf3dcf8ed745f91063d7ec4011c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
 Date: Thu, 4 Jan 2024 13:39:27 +0100
 Subject: [PATCH] Fix map offsets in the "masterformat" system test
 The "masterformat" system test attempts to check named-checkzone
 behavior when it is fed corrupt map-format zone files.  However, despite
 the RBTDB and RBT structures having evolved over the years, the offsets
 at which a valid map-format zone file is malformed by the "masterformat"
 test have not been updated accordingly, causing the relevant checks to
 introduce a different type of corruption than they were originally meant
 to cause:
  - the "bad node header" check originally mangled the 'type' member of
    the rdatasetheader_t structure for cname.example.nil,
  - the "bad node data" check originally mangled the 'serial' and
    'rdh_ttl' members of the rdatasetheader_t structure for
    aaaa.example.nil.
 Update the offsets at which the map-format zone file is malformed at by
 the "masterformat" system test so that the relevant checks fulfill their
 original purpose again.
 ---
 bin/tests/system/masterformat/tests.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/bin/tests/system/masterformat/tests.sh b/bin/tests/system/masterformat/tests.sh
 index 364a0d2..bb4e6ec 100755
 --- a/bin/tests/system/masterformat/tests.sh
 +++ b/bin/tests/system/masterformat/tests.sh
@@ -295,7 +295,7 @@ status=$((status+ret))
 echo_i "checking corrupt map files fail to load (bad node header) ($n)"
 ret=0
 cp map.5 badmap
 -stomp badmap 2754 2 99
 +stomp badmap 3706 2 99
 $CHECKZONE -D -f map -F text -o text.5 example.nil badmap > /dev/null
 [ $? = 1 ] || ret=1
 n=$((n+1))
@@ -305,7 +305,7 @@ status=$((status+ret))
 echo_i "checking corrupt map files fail to load (bad node data) ($n)"
 ret=0
 cp map.5 badmap
 -stomp badmap 2897 5 127
 +stomp badmap 3137 5 127
 $CHECKZONE -D -f map -F text -o text.5 example.nil badmap > /dev/null
 [ $? = 1 ] || ret=1
 n=$((n+1))
 -- 
 2.44.0
--- a/bind.spec
+++ b/bind.spec
@ -51,7 +51,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.16.23
-Release:  17%{?dist}
+Release:  18%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -150,6 +150,8 @@ Patch201: bind-9.16-system-test-cds.patch
 Patch202: bind-9.16-isc-mempool-attach.patch
 # Downstream only change, complements patch 198
 Patch203: bind-9.16-isc_hp-CVE-2023-50387.patch
 # https://gitlab.isc.org/isc-projects/bind9/commit/1237d73cd1120b146ee699bbae7b2fe837cf2f98
 Patch204: bind-9.16-CVE-2023-6516-test.patch
 %{?systemd_ordering}
 Requires:       coreutils
@ -482,6 +484,7 @@ in HTML and PDF format.
 %patch201 -p1 -b .test-variant-def
 %patch202 -p1 -b .mempool-attach
 %patch203 -p1 -b .isc_hp-CVE-2023-50387
 %patch204 -p1 -b .CVE-2023-6516-test
 %if %{with PKCS11}
 %patch135 -p1 -b .config-pkcs11
@ -1210,6 +1213,9 @@ fi;
 %endif
 %changelog
 * Mon Mar 25 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-18
 - Prevent crashing at masterformat system test (CVE-2023-6516)
 * Mon Feb 19 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-17
 - Import tests for large DNS messages fix
 - Add downstream change complementing CVE-2023-50387