Re: bind9 LTS
Hi
I have now made the package build.
Cheers
// Ola
On Wed, 17 Apr 2024 at 23:20, Ola Lundqvist <ola@inguza.com> wrote:
>
> Hi Sean, all
>
> I'm starting to lean toward your idea, to release a snapshot version,
> but I have a concern about that.
> To me it looks like 9.11 track have actually an ABI change. It is not
> so visible but a data structure is changed to increase the size and
> I'm not 100% sure this is ABI compatible. I could be wrong.
>
> In any case, the work effort needed to fix the current CVEs is large.
> Considering the size of the changes there is quite a significant risk
> in backporting. The patches are large and rather intrusive. I see a
> significant risk in breaking something regardless whether we take the
> snapshot version or backport individual things.
>
> In any case I have found out the following:
> - The correction for CVE-2023-4408 is intrusive. This is where I think
> we have a potential ABI change. There is an API backport and if the
> API changes the ABI is likely to change too. But maybe it is not. I'm
> not an expert on bind9. The total size of this patch is over 3000
> lines so it is large.
> - The correction for CVE-2023-50868 and CVE-2023-50387 takes a lot of
> time to make. I have now waded through a lot of patch apply failures
> and fixed them all. I have fixed build failures in validator.c and I'm
> now working on task.c build failures. There are some potential ABI
> changes too, but I have not checked those details too much yet. This
> patch file is 677 lines long so it is quite large.
>
> Before I continue this path, I think I should ask you one thing. You
> mentioned that "applying 88ff84ae2a first" means less rebasing. But I
> do not find such a commit. I find the other ones, but not that one. Do
> you happen to have a copy? Maybe it can help me to reduce the work of
> fixing all build errors. There are quite a few and in task.c they will
> require quite a lot more.
>
> Also did you try to compile after you applied? Just checking to see if
> I can re-use some of your work.
>
> Thank you in advance.
>
> Cheers
>
> // Ola
>
> On Sun, 14 Apr 2024 at 06:22, Sean Whitton <spwhitton@spwhitton.name> wrote:
> >
> > Hello,
> >
> > On Sun 14 Apr 2024 at 10:14am +08, Sean Whitton wrote:
> >
> > > Hello,
> > >
> > > On Sat 13 Apr 2024 at 10:04am +02, Ola Lundqvist wrote:
> > >
> > >> Do you happen to have reference to specific commits to look at?
> > >> You seem to have that since you refer to them as too big to backport.
> > >
> > > Yes, here you go, hopefully this format is helpful:
> > >
> > > * 92b4f88bc8..: Michał Kępień 2024-02-22 Merge branch
> > > '4234-use-hashmap-when-parsing-9.11' into 'bind-9.11'
> > > |\
> > > | * 1f9bbe1fe3..: Ondřej Surý 2024-02-11 Add a system test for mixed-case
> > > | data for the same owner
> > > | * 418b379359..: Ondřej Surý 2024-02-11 Fix case insensitive matching in
> > > | isc_ht hash table implementation
> > > | * c6026cbbaa..: Mark Andrews 2024-01-31 Apply various tweaks specific to BIND 9.11
> > > | * bbbcaf8b2e..: Evan Hunt 2024-01-29 fix another message parsing regression
> > > | * 98ab8c81cc..: Evan Hunt 2024-01-16 fix a message parsing regression
> > > | * 1296d37687..: Matthijs Mekking 2023-11-14 Fix windows build, remove external symbols
> > > | * 40a0656e6a..: Ondřej Surý 2023-10-11 Add CHANGES for [GL #4234]
> > > | * 2fc28056b3..: Ondřej Surý 2023-10-11 Backport isc_ht API changes from BIND 9.18
> > > | * 0ceed03ebe..: Ondřej Surý 2023-09-11 Use hashtable when parsing a message
> > > |/
> >
> > I also found that applying 88ff84ae2a first means less rebasing.
> >
> > --
> > Sean Whitton
>
>
>
> --
> --- Inguza Technology AB --- MSc in Information Technology ----
> | ola@inguza.com opal@debian.org |
> | http://inguza.com/ Mobile: +46 (0)70-332 1551 |
> ---------------------------------------------------------------
--
--- Inguza Technology AB --- MSc in Information Technology ----
| ola@inguza.com opal@debian.org |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
---------------------------------------------------------------
Reply to:
- Follow-Ups:
- Re: bind9 LTS
- From: Santiago Ruano Rincón <santiagorr@riseup.net>