Compare commits
2 Commits
8dfc25ccf2
...
11150d61c9
Author | SHA1 | Date |
---|---|---|
Petr Menšík | 11150d61c9 | |
Rafael Guterres Jeffman | 649ff0b46b |
|
@ -0,0 +1,2 @@
|
|||
2ddce96217240ef58962105e7677e70a52550eec bind-dyndb-ldap-11.9.tar.bz2
|
||||
fb28810dcc92aa4846fb9bec910385476bbae402 bind-dyndb-ldap-11.9.tar.bz2.asc
|
|
@ -0,0 +1,35 @@
|
|||
From 7b4c1e28b3e64f7cd075599472e349510f8d33da Mon Sep 17 00:00:00 2001
|
||||
From: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Sep 14 2022 15:23:20 +0000
|
||||
Subject: Modify empty zone conflicts under exclusive mode
|
||||
|
||||
|
||||
Does not accept new request when exclusive mode is active. Zone table
|
||||
can be modified even after main fwd entries have been added. Ensure
|
||||
empty zones handling keeps exclusive mode active.
|
||||
|
||||
Exclusive mode were mentioned as the only protection it had by bind
|
||||
maintainer:
|
||||
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6637#note_308928
|
||||
|
||||
---
|
||||
|
||||
diff --git a/src/fwd.c b/src/fwd.c
|
||||
index 24f6e53..0a3c673 100644
|
||||
--- a/src/fwd.c
|
||||
+++ b/src/fwd.c
|
||||
@@ -595,10 +595,12 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
|
||||
dns_result_totext(result));
|
||||
|
||||
/* Handle collisions with automatic empty zones. */
|
||||
- if (isconfigured == true)
|
||||
+ if (isconfigured == true) {
|
||||
+ run_exclusive_enter(inst, &lock_state);
|
||||
CHECK(empty_zone_handle_conflicts(name,
|
||||
view->zonetable,
|
||||
(fwdpolicy == dns_fwdpolicy_first)));
|
||||
+ }
|
||||
|
||||
cleanup:
|
||||
run_exclusive_exit(inst, lock_state);
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
diff --git a/src/mldap.c b/src/mldap.c
|
||||
index 92a330c..79efddb 100644
|
||||
--- a/src/mldap.c
|
||||
+++ b/src/mldap.c
|
||||
@@ -50,18 +50,7 @@
|
||||
static unsigned char uuid_rootname_ndata[]
|
||||
= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
|
||||
static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
|
||||
-static dns_name_t uuid_rootname =
|
||||
-{
|
||||
- DNS_NAME_MAGIC,
|
||||
- uuid_rootname_ndata,
|
||||
- sizeof(uuid_rootname_ndata),
|
||||
- sizeof(uuid_rootname_offsets),
|
||||
- DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
|
||||
- uuid_rootname_offsets,
|
||||
- NULL,
|
||||
- { (void *)-1, (void *)-1 },
|
||||
- { NULL, NULL }
|
||||
-};
|
||||
+static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
|
||||
|
||||
struct mldapdb {
|
||||
isc_mem_t *mctx;
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
%define VERSION %{version}
|
||||
|
||||
%define bind_version 32:9.11.17-1
|
||||
%define bind_version 32:9.16.23-19
|
||||
|
||||
%if 0%{?fedora} >= 31 || 0%{?rhel} > 8
|
||||
%global openssl_pkcs11_version 0.4.10-6
|
||||
|
@ -12,7 +12,7 @@
|
|||
|
||||
Name: bind-dyndb-ldap
|
||||
Version: 11.9
|
||||
Release: 7%{?dist}
|
||||
Release: 9%{?dist}
|
||||
Summary: LDAP back-end plug-in for BIND
|
||||
|
||||
License: GPLv2+
|
||||
|
@ -21,6 +21,9 @@ Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
|
|||
Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
|
||||
|
||||
Patch1: bind-dyndb-ldap-11.9-bind-9.16.17.patch
|
||||
Patch2: 0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch
|
||||
# https://pagure.io/bind-dyndb-ldap/pull-request/229
|
||||
Patch3: https://pagure.io/bind-dyndb-ldap/raw/dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c#/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
|
||||
|
||||
BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
|
||||
BuildRequires: krb5-devel
|
||||
|
@ -116,6 +119,13 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Feb 22 2024 Petr Menšík <pemensik@redhat.com> - 11.9-9
|
||||
- Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387)
|
||||
|
||||
* Wed Oct 19 2022 Rafael Jeffman <rjeffman<redhat.com> - 11.9-8
|
||||
- Modify empty zone conflicts under exclusive mode
|
||||
Resolves: rhbz#2129844, rhbz#2130614
|
||||
|
||||
* Fri Nov 26 2021 Petr Menšík <pemensik@redhat.com> - 11.9-7
|
||||
- Rebuilt for BIND 9.16.23 (#2019575)
|
||||
|
||||
|
|
Loading…
Reference in New Issue