rpms/bind
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Fix vulnerability test backport

Browse Source 
Vulnerability: CVE-2024-11187
Resolves: RHEL-76884
This commit is contained in:
Petr Menšík 2025-02-04 14:32:45 +01:00
parent fcee29f568
commit e092ec92b8
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bind-9.18-CVE-2024-11187-pre-test.patch
View File

@ -1,4 +1,4 @@
From 136101b0582341342eabf99b8b1250a43a769f9d Mon Sep 17 00:00:00 2001 From cc01143082bc688a371a7378ef284c898eedc9df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org> From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Tue, 7 Jan 2025 15:22:40 +0100 Date: Tue, 7 Jan 2025 15:22:40 +0100
Subject: [PATCH] Isolate using the -T noaa flag only for part of the resolver Subject: [PATCH] Isolate using the -T noaa flag only for part of the resolver
@ -31,16 +31,16 @@ index 3b121ad..0000000
- -
-Add -T noaa. -Add -T noaa.
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 711ee05..72e477a 100755 index 711ee05..2eae16f 100755
--- a/bin/tests/system/resolver/tests.sh --- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh
@@ -289,6 +289,10 @@ done @@ -289,6 +289,10 @@ done
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
+stop_server ns4 +stop_server resolver ns4
+touch ns4/named.noaa +touch ns4/named.noaa
+start_server --noclean --restart --port ${PORT} ns4 || ret=1 +start_server --noclean --restart --port ${PORT} resolver ns4 || ret=1
+ +
n=`expr $n + 1` n=`expr $n + 1`
echo_i "RT21594 regression test check setup ($n)" echo_i "RT21594 regression test check setup ($n)"
@ -49,9 +49,9 @@ index 711ee05..72e477a 100755
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
+stop_server ns4 +stop_server resolver ns4
+rm ns4/named.noaa +rm ns4/named.noaa
+start_server --noclean --restart --port ${PORT} ns4 || ret=1 +start_server --noclean --restart --port ${PORT} resolver ns4 || ret=1
+ +
n=`expr $n + 1` n=`expr $n + 1`
echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)" echo_i "check that replacement of additional data by a negative cache no data entry clears the additional RRSIGs ($n)"

5
bind.spec
View File

@ -54,7 +54,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.16.23 Version: 9.16.23
Release: 27%{?dist} Release: 28%{?dist}
Epoch: 32 Epoch: 32
Url: https://www.isc.org/downloads/bind/ Url: https://www.isc.org/downloads/bind/
# #
@ -1202,6 +1202,9 @@ fi;
%endif %endif
%changelog %changelog
* Sat Feb 15 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-28
- Fix test backport changes
* Wed Feb 05 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-27 * Wed Feb 05 2025 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-27
- Limit additional section records CPU processing (CVE-2024-11187) - Limit additional section records CPU processing (CVE-2024-11187)