use BIND macros when defining DNS names (CVE-2023-50387)

2024-04-12 16:35:12 +00:00 · 2024-04-12 16:35:12 +00:00 · 4e24428cc3
commit 4e24428cc3
parent d4b83b50b5
2 changed files with 43 additions and 1 deletions
--- a/SOURCES/0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
+++ b/SOURCES/0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
@ -0,0 +1,37 @@
+From dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Feb 14 2024 12:31:22 +0000
+Subject: use BIND macros when defining DNS names
+
+
+Fixes: https://pagure.io/bind-dyndb-ldap/issue/228
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+
+---
+
+diff --git a/src/mldap.c b/src/mldap.c
+index 92a330c..79efddb 100644
+--- a/src/mldap.c
+++ b/src/mldap.c
+@@ -50,18 +50,7 @@
+ static unsigned char uuid_rootname_ndata[]
+ 	= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
+ static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
+-static dns_name_t uuid_rootname =
+-{
+-	DNS_NAME_MAGIC,
+-	uuid_rootname_ndata,
+-	sizeof(uuid_rootname_ndata),
+-	sizeof(uuid_rootname_offsets),
+-	DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
+-	uuid_rootname_offsets,
+-	NULL,
+-	{ (void *)-1, (void *)-1 },
+-	{ NULL, NULL }
+-};
+static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
+ 
+ struct mldapdb {
+ 	isc_mem_t	*mctx;
+
--- a/SPECS/bind-dyndb-ldap.spec
+++ b/SPECS/bind-dyndb-ldap.spec
@ -11,7 +11,7 @@

 Name:           bind-dyndb-ldap
 Version:        11.6
-Release:        4%{?dist}
+Release:        5%{?dist}.alma.1
 Summary:        LDAP back-end plug-in for BIND

 Group:          System Environment/Libraries
@ -22,6 +22,8 @@ Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.a

 Patch0001:      0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch
 Patch0002:      0002-add-rwlock-before-include-zt-h.patch
+# https://pagure.io/bind-dyndb-ldap/c/dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c
+Patch0003:      0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch

 BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
 BuildRequires:  krb5-devel
@ -114,6 +116,9 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf


 %changelog
+* Fri Apr 12 2024 Andrew Lukoshko <alukoshko@almalinux.org> 11.6-5.alma.1
+- use BIND macros when defining DNS names (CVE-2023-50387)
+
 * Thu Oct 13 2022 Rafael Jeffman <rjeffman@redhat.com> - 11.6-4
 - Modify empty zone conflicts under exclusive mode
  Resolves: rhbz#2126877