Minor fix of reclimit test backport

Fix local rebuilds on Fedora. BIND 9.16 does not work well with fortify
source level 3. Fix also DEFAULT_HMAC not properly set in tests, failing
reclimit test. That was issue only of backport.

Resolves: RHEL-50591
This commit is contained in:
Petr Menšík 2024-08-09 12:37:35 +02:00
parent c099c3f187
commit aec75c660e
2 changed files with 37 additions and 1 deletions

View File

@ -0,0 +1,27 @@
From 7bc5e5abf5a3cd66f11cc649b6ecf4c39c92bd9e Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 9 Aug 2024 12:32:20 +0200
Subject: [PATCH] fixup! Add test for not-loading and not-transfering huge
RRSets
---
bin/tests/system/conf.sh.common | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common
index 9fab00f..e617595 100644
--- a/bin/tests/system/conf.sh.common
+++ b/bin/tests/system/conf.sh.common
@@ -301,6 +301,9 @@ DISABLED_ALGORITHM=ECDSAP384SHA384
DISABLED_ALGORITHM_NUMBER=14
DISABLED_BITS=384
+# Default HMAC algorithm.
+export DEFAULT_HMAC=hmac-sha256
+
#
# Useful functions in test scripts
#
--
2.45.2

View File

@ -33,6 +33,9 @@
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
%global selinuxbooleans named_write_master_zones=1
# BIND 9.16 does not work with fortify 3 level, make builds work on Fedora
%global _fortify_level 2
## The order of libs is important. See lib/Makefile.in for details
%define bind_export_libs isc dns isccfg irs
%{!?_export_dir:%global _export_dir /bind9-export/}
@ -57,7 +60,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind9.16
License: MPLv2.0
Version: 9.16.23
Release: 0.21%{?dist}
Release: 0.22%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -162,6 +165,8 @@ Patch210: bind-9.16-CVE-2024-1737-records-test.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/3f1826f2f78792e95f56da7af3a35c46b4d6d9af
Patch211: bind-9.16-CVE-2024-1737-types.patch
Patch212: bind-9.16-CVE-2024-1737-types-test.patch
# backport issue fix
Patch213: bind-9.16-CVE-2024-1737-records-test2.patch
%{?systemd_ordering}
Requires: coreutils
@ -494,6 +499,7 @@ in HTML and PDF format.
%patch210 -p1 -b .CVE-2024-1737-records-test
%patch211 -p1 -b .CVE-2024-1737-types
%patch212 -p1 -b .CVE-2024-1737-types-test
%patch213 -p1 -b .CVE-2024-1737-records-test2
%if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11
@ -1218,6 +1224,9 @@ fi;
%endif
%changelog
* Fri Aug 09 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.22
- Minor fix of reclimit test backport (CVE-2024-1737)
* Wed Aug 07 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.21
- Backport addition of max-records-per-type and max-records-per-type options
(CVE-2024-1737)