Rebuild required for BIND changes for KeyTrap change

; Related: CVE-2023-50387 CVE-2023-50868
Related: RHEL-25397 RHEL-25386

Signed-off-by: Petr Menšík <pemensik@redhat.com>
This commit is contained in:
Petr Menšík 2024-02-22 17:44:31 +01:00
parent 649ff0b46b
commit a1e0be6ad9
2 changed files with 31 additions and 2 deletions

View File

@ -0,0 +1,24 @@
diff --git a/src/mldap.c b/src/mldap.c
index 92a330c..79efddb 100644
--- a/src/mldap.c
+++ b/src/mldap.c
@@ -50,18 +50,7 @@
static unsigned char uuid_rootname_ndata[]
= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
-static dns_name_t uuid_rootname =
-{
- DNS_NAME_MAGIC,
- uuid_rootname_ndata,
- sizeof(uuid_rootname_ndata),
- sizeof(uuid_rootname_offsets),
- DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
- uuid_rootname_offsets,
- NULL,
- { (void *)-1, (void *)-1 },
- { NULL, NULL }
-};
+static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
struct mldapdb {
isc_mem_t *mctx;

View File

@ -1,7 +1,7 @@
%define VERSION %{version}
%define bind_version 32:9.11.17-1
%define bind_version 32:9.16.23-19
%if 0%{?fedora} >= 31 || 0%{?rhel} > 8
%global openssl_pkcs11_version 0.4.10-6
@ -12,7 +12,7 @@
Name: bind-dyndb-ldap
Version: 11.9
Release: 8%{?dist}
Release: 9%{?dist}
Summary: LDAP back-end plug-in for BIND
License: GPLv2+
@ -22,6 +22,8 @@ Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.a
Patch1: bind-dyndb-ldap-11.9-bind-9.16.17.patch
Patch2: 0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch
# https://pagure.io/bind-dyndb-ldap/pull-request/229
Patch3: https://pagure.io/bind-dyndb-ldap/raw/dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c#/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
BuildRequires: krb5-devel
@ -117,6 +119,9 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
%changelog
* Thu Feb 22 2024 Petr Menšík <pemensik@redhat.com> - 11.9-9
- Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387)
* Wed Oct 19 2022 Rafael Jeffman <rjeffman<redhat.com> - 11.9-8
- Modify empty zone conflicts under exclusive mode
Resolves: rhbz#2129844, rhbz#2130614