Minor fix of reclimit test backport
Fix local rebuilds on Fedora. BIND 9.16 does not work well with fortify source level 3. Fix also DEFAULT_HMAC not properly set in tests, failing reclimit test. That was issue only of backport. Resolves: RHEL-50591
This commit is contained in:
parent
c099c3f187
commit
aec75c660e
27
bind-9.16-CVE-2024-1737-records-test2.patch
Normal file
27
bind-9.16-CVE-2024-1737-records-test2.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 7bc5e5abf5a3cd66f11cc649b6ecf4c39c92bd9e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 9 Aug 2024 12:32:20 +0200
|
||||
Subject: [PATCH] fixup! Add test for not-loading and not-transfering huge
|
||||
RRSets
|
||||
|
||||
---
|
||||
bin/tests/system/conf.sh.common | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common
|
||||
index 9fab00f..e617595 100644
|
||||
--- a/bin/tests/system/conf.sh.common
|
||||
+++ b/bin/tests/system/conf.sh.common
|
||||
@@ -301,6 +301,9 @@ DISABLED_ALGORITHM=ECDSAP384SHA384
|
||||
DISABLED_ALGORITHM_NUMBER=14
|
||||
DISABLED_BITS=384
|
||||
|
||||
+# Default HMAC algorithm.
|
||||
+export DEFAULT_HMAC=hmac-sha256
|
||||
+
|
||||
#
|
||||
# Useful functions in test scripts
|
||||
#
|
||||
--
|
||||
2.45.2
|
||||
|
@ -33,6 +33,9 @@
|
||||
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
|
||||
|
||||
%global selinuxbooleans named_write_master_zones=1
|
||||
|
||||
# BIND 9.16 does not work with fortify 3 level, make builds work on Fedora
|
||||
%global _fortify_level 2
|
||||
## The order of libs is important. See lib/Makefile.in for details
|
||||
%define bind_export_libs isc dns isccfg irs
|
||||
%{!?_export_dir:%global _export_dir /bind9-export/}
|
||||
@ -57,7 +60,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
||||
Name: bind9.16
|
||||
License: MPLv2.0
|
||||
Version: 9.16.23
|
||||
Release: 0.21%{?dist}
|
||||
Release: 0.22%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
@ -162,6 +165,8 @@ Patch210: bind-9.16-CVE-2024-1737-records-test.patch
|
||||
# https://gitlab.isc.org/isc-projects/bind9/commit/3f1826f2f78792e95f56da7af3a35c46b4d6d9af
|
||||
Patch211: bind-9.16-CVE-2024-1737-types.patch
|
||||
Patch212: bind-9.16-CVE-2024-1737-types-test.patch
|
||||
# backport issue fix
|
||||
Patch213: bind-9.16-CVE-2024-1737-records-test2.patch
|
||||
|
||||
%{?systemd_ordering}
|
||||
Requires: coreutils
|
||||
@ -494,6 +499,7 @@ in HTML and PDF format.
|
||||
%patch210 -p1 -b .CVE-2024-1737-records-test
|
||||
%patch211 -p1 -b .CVE-2024-1737-types
|
||||
%patch212 -p1 -b .CVE-2024-1737-types-test
|
||||
%patch213 -p1 -b .CVE-2024-1737-records-test2
|
||||
|
||||
%if %{with PKCS11}
|
||||
%patch135 -p1 -b .config-pkcs11
|
||||
@ -1218,6 +1224,9 @@ fi;
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Aug 09 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.22
|
||||
- Minor fix of reclimit test backport (CVE-2024-1737)
|
||||
|
||||
* Wed Aug 07 2024 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.21
|
||||
- Backport addition of max-records-per-type and max-records-per-type options
|
||||
(CVE-2024-1737)
|
||||
|
Loading…
Reference in New Issue
Block a user