Hi I have now made the package build.
Cheers // Ola On Wed, 17 Apr 2024 at 23:20, Ola Lundqvist <[email protected]> wrote: > > Hi Sean, all > > I'm starting to lean toward your idea, to release a snapshot version, > but I have a concern about that. > To me it looks like 9.11 track have actually an ABI change. It is not > so visible but a data structure is changed to increase the size and > I'm not 100% sure this is ABI compatible. I could be wrong. > > In any case, the work effort needed to fix the current CVEs is large. > Considering the size of the changes there is quite a significant risk > in backporting. The patches are large and rather intrusive. I see a > significant risk in breaking something regardless whether we take the > snapshot version or backport individual things. > > In any case I have found out the following: > - The correction for CVE-2023-4408 is intrusive. This is where I think > we have a potential ABI change. There is an API backport and if the > API changes the ABI is likely to change too. But maybe it is not. I'm > not an expert on bind9. The total size of this patch is over 3000 > lines so it is large. > - The correction for CVE-2023-50868 and CVE-2023-50387 takes a lot of > time to make. I have now waded through a lot of patch apply failures > and fixed them all. I have fixed build failures in validator.c and I'm > now working on task.c build failures. There are some potential ABI > changes too, but I have not checked those details too much yet. This > patch file is 677 lines long so it is quite large. > > Before I continue this path, I think I should ask you one thing. You > mentioned that "applying 88ff84ae2a first" means less rebasing. But I > do not find such a commit. I find the other ones, but not that one. Do > you happen to have a copy? Maybe it can help me to reduce the work of > fixing all build errors. There are quite a few and in task.c they will > require quite a lot more. > > Also did you try to compile after you applied? Just checking to see if > I can re-use some of your work. > > Thank you in advance. > > Cheers > > // Ola > > On Sun, 14 Apr 2024 at 06:22, Sean Whitton <[email protected]> wrote: > > > > Hello, > > > > On Sun 14 Apr 2024 at 10:14am +08, Sean Whitton wrote: > > > > > Hello, > > > > > > On Sat 13 Apr 2024 at 10:04am +02, Ola Lundqvist wrote: > > > > > >> Do you happen to have reference to specific commits to look at? > > >> You seem to have that since you refer to them as too big to backport. > > > > > > Yes, here you go, hopefully this format is helpful: > > > > > > * 92b4f88bc8..: Michał Kępień 2024-02-22 Merge branch > > > '4234-use-hashmap-when-parsing-9.11' into 'bind-9.11' > > > |\ > > > | * 1f9bbe1fe3..: Ondřej Surý 2024-02-11 Add a system test for > > > mixed-case > > > | data for the same owner > > > | * 418b379359..: Ondřej Surý 2024-02-11 Fix case insensitive > > > matching in > > > | isc_ht hash table implementation > > > | * c6026cbbaa..: Mark Andrews 2024-01-31 Apply various tweaks > > > specific to BIND 9.11 > > > | * bbbcaf8b2e..: Evan Hunt 2024-01-29 fix another message parsing > > > regression > > > | * 98ab8c81cc..: Evan Hunt 2024-01-16 fix a message parsing > > > regression > > > | * 1296d37687..: Matthijs Mekking 2023-11-14 Fix windows build, > > > remove external symbols > > > | * 40a0656e6a..: Ondřej Surý 2023-10-11 Add CHANGES for [GL #4234] > > > | * 2fc28056b3..: Ondřej Surý 2023-10-11 Backport isc_ht API changes > > > from BIND 9.18 > > > | * 0ceed03ebe..: Ondřej Surý 2023-09-11 Use hashtable when parsing a > > > message > > > |/ > > > > I also found that applying 88ff84ae2a first means less rebasing. > > > > -- > > Sean Whitton > > > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > | [email protected] [email protected] | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > --------------------------------------------------------------- -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
