rpms/bind
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Fix vulnerability test backport

Browse Source 
Vulnerability: CVE-2024-11187
Resolves: RHEL-76884
This commit is contained in:
Petr Menšík 2025-02-04 14:32:45 +01:00
parent fcee29f568
commit e092ec92b8
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bind-9.18-CVE-2024-11187-pre-test.patch
View File

@ -1,4 +1,4 @@
From 136101b0582341342eabf99b8b1250a43a769f9d Mon Sep 17 00:00:00 2001
From cc01143082bc688a371a7378ef284c898eedc9df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 7 Jan 2025 15:22:40 +0100
Subject: [PATCH] Isolate using the -T noaa flag only for part of the resolver
@ -31,16 +31,16 @@ index 3b121ad..0000000
-
-Add -T noaa.
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 711ee05..72e477a 100755
index 711ee05..2eae16f 100755
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -289,6 +289,10 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+stop_server ns4
+stop_server resolver ns4
+touch ns4/named.noaa
+start_server --noclean --restart --port ${PORT} ns4 || ret=1
+start_server --noclean --restart --port ${PORT} resolver ns4 || ret=1
+
n=`expr $n + 1`
echo_i "RT21594 regression test check setup ($n)"
@ -49,9 +49,9 @@ index 711ee05..72e477a 100755
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+stop_server ns4
+stop_server resolver ns4
+rm ns4/named.noaa
+start_server --noclean --restart --port ${PORT} ns4 || ret=1
+start_server --noclean --restart --port ${PORT} resolver ns4 || ret=1
+
n=`expr $n + 1`
echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"

5
bind.spec
View File

@ -54,7 +54,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.16.23
Release: 27%{?dist}
Release: 28%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -1202,6 +1202,9 @@ fi;
%endif
%changelog
* Sat Feb 15 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-28
- Fix test backport changes
* Wed Feb 05 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-27
- Limit additional section records CPU processing (CVE-2024-11187)