From 6411036fba8abe36fe468266d57710a04c26d043 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 30 Apr 2024 19:45:24 +0000
Subject: [PATCH] import CS bind-dyndb-ldap-11.9-9.el9_4

---
 ...-dyndb-ldap-11.9-bind-CVE-2023-50387.patch | 24 +++++++++++++++++++
 SPECS/bind-dyndb-ldap.spec                    |  9 +++++--
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch

diff --git a/SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch b/SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
new file mode 100644
index 0000000..0272ebf
--- /dev/null
+++ b/SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
@@ -0,0 +1,24 @@
+diff --git a/src/mldap.c b/src/mldap.c
+index 92a330c..79efddb 100644
+--- a/src/mldap.c
++++ b/src/mldap.c
+@@ -50,18 +50,7 @@
+ static unsigned char uuid_rootname_ndata[]
+ 	= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
+ static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
+-static dns_name_t uuid_rootname =
+-{
+-	DNS_NAME_MAGIC,
+-	uuid_rootname_ndata,
+-	sizeof(uuid_rootname_ndata),
+-	sizeof(uuid_rootname_offsets),
+-	DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
+-	uuid_rootname_offsets,
+-	NULL,
+-	{ (void *)-1, (void *)-1 },
+-	{ NULL, NULL }
+-};
++static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
+ 
+ struct mldapdb {
+ 	isc_mem_t	*mctx;
diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec
index e004bba..0a076a9 100644
--- a/SPECS/bind-dyndb-ldap.spec
+++ b/SPECS/bind-dyndb-ldap.spec
@@ -1,7 +1,7 @@
 
 %define VERSION %{version}
 
-%define bind_version 32:9.11.17-1
+%define bind_version 32:9.16.23-19
 
 %if 0%{?fedora} >= 31 || 0%{?rhel} > 8
     %global openssl_pkcs11_version 0.4.10-6
@@ -12,7 +12,7 @@
 
 Name:           bind-dyndb-ldap
 Version:        11.9
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        LDAP back-end plug-in for BIND
 
 License:        GPLv2+
@@ -22,6 +22,8 @@ Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.a
 
 Patch1:         bind-dyndb-ldap-11.9-bind-9.16.17.patch
 Patch2:         0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch
+# https://pagure.io/bind-dyndb-ldap/pull-request/229
+Patch3:         https://pagure.io/bind-dyndb-ldap/raw/dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c#/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
 
 BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
 BuildRequires:  krb5-devel
@@ -117,6 +119,9 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 
 
 %changelog
+* Thu Feb 22 2024 Petr Menšík <pemensik@redhat.com> - 11.9-9
+- Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387)
+
 * Wed Oct 19 2022 Rafael Jeffman <rjeffman<redhat.com> - 11.9-8
 - Modify empty zone conflicts under exclusive mode
   Resolves: rhbz#2129844, rhbz#2130614