From 08e0fcb856636fb32a309a42b1e460cd7b6f164a Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 2 Apr 2024 10:45:20 -0300 Subject: [PATCH] bind-dyndb-ldap release 11.6-5 - Rebuild due to Bind ABI changes. Resolves: RHEL-28842 Signed-off-by: Rafael Guterres Jeffman --- ...-dyndb-ldap-11.9-bind-CVE-2023-50387.patch | 37 +++++++++++++++++++ bind-dyndb-ldap.spec | 9 ++++- 2 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch diff --git a/0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch b/0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch new file mode 100644 index 0000000..67accb3 --- /dev/null +++ b/0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch @@ -0,0 +1,37 @@ +From d2864db744849736243dd92c9cdb8a96cb4c26f1 Mon Sep 17 00:00:00 2001 +From: Petr Menšík +Date: Thu, 22 Feb 2024 17:44:31 +0100 +Subject: Rebuild required for BIND changes for KeyTrap change +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +; Related: CVE-2023-50387 CVE-2023-50868 +Related: RHEL-25396 RHEL-25385 + +Signed-off-by: Petr Menšík + +diff --git a/src/mldap.c b/src/mldap.c +index 92a330c..79efddb 100644 +--- a/src/mldap.c ++++ b/src/mldap.c +@@ -50,18 +50,7 @@ + static unsigned char uuid_rootname_ndata[] + = { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 }; + static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 }; +-static dns_name_t uuid_rootname = +-{ +- DNS_NAME_MAGIC, +- uuid_rootname_ndata, +- sizeof(uuid_rootname_ndata), +- sizeof(uuid_rootname_offsets), +- DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, +- uuid_rootname_offsets, +- NULL, +- { (void *)-1, (void *)-1 }, +- { NULL, NULL } +-}; ++static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets); + + struct mldapdb { + isc_mem_t *mctx; diff --git a/bind-dyndb-ldap.spec b/bind-dyndb-ldap.spec index cedf483..8f4f368 100644 --- a/bind-dyndb-ldap.spec +++ b/bind-dyndb-ldap.spec @@ -1,6 +1,6 @@ %define VERSION %{version} -%define bind_version 32:9.11.26-1 +%define bind_version 32:9.11.36-14 %if 0%{?fedora} >= 31 || 0%{?rhel} >= 9 %global openssl_pkcs11_version 0.4.10-2 @@ -11,7 +11,7 @@ Name: bind-dyndb-ldap Version: 11.6 -Release: 4%{?dist} +Release: 5%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries @@ -22,6 +22,7 @@ Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.a Patch0001: 0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch Patch0002: 0002-add-rwlock-before-include-zt-h.patch +Patch0003: 0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} BuildRequires: krb5-devel @@ -114,6 +115,10 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf %changelog +* Tue Apr 02 2024 Rafael Jeffman - 11.6-5 +- Rebuild due to Bind ABI changes. + Resolves: RHEL-28842 + * Thu Oct 13 2022 Rafael Jeffman - 11.6-4 - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877