Compare commits

..

2 Commits

2 changed files with 22 additions and 19 deletions

View File

@ -1,15 +1,14 @@
From d2864db744849736243dd92c9cdb8a96cb4c26f1 Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik@redhat.com>
Date: Thu, 22 Feb 2024 17:44:31 +0100
Subject: Rebuild required for BIND changes for KeyTrap change
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Feb 14 2024 12:31:22 +0000
Subject: use BIND macros when defining DNS names
; Related: CVE-2023-50387 CVE-2023-50868
Related: RHEL-25396 RHEL-25385
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Fixes: https://pagure.io/bind-dyndb-ldap/issue/228
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
diff --git a/src/mldap.c b/src/mldap.c
index 92a330c..79efddb 100644
@ -34,4 +33,5 @@ index 92a330c..79efddb 100644
+static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
struct mldapdb {
isc_mem_t *mctx;
isc_mem_t *mctx;

View File

@ -11,7 +11,7 @@
Name: bind-dyndb-ldap
Version: 11.6
Release: 6%{?dist}
Release: 5%{?dist}.alma.2
Summary: LDAP back-end plug-in for BIND
Group: System Environment/Libraries
@ -22,6 +22,7 @@ Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.a
Patch0001: 0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch
Patch0002: 0002-add-rwlock-before-include-zt-h.patch
# https://pagure.io/bind-dyndb-ldap/c/dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c
Patch0003: 0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
@ -44,7 +45,11 @@ off of your LDAP server.
%prep
%autosetup -n %{name}-%{VERSION} -p1
%setup -q -n %{name}-%{VERSION}
for p in %patches; do
%__patch -p1 -i $p
done
%build
autoreconf -fiv
@ -111,13 +116,11 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
%changelog
* Thu Apr 03 2025 Rafael Jeffman <rjeffman@redhat.com> - 11.6-6
- Fix rpminspect warnings
Resolves: RHEL-22497
* Fri May 24 2024 Eduard Abdullin <eabdullin@almalinux.org> 11.6-5.alma.2
- Rebuild with latest bind
* Tue Apr 02 2024 Rafael Jeffman <rjeffman@redhat.com> - 11.6-5
- Rebuild due to Bind ABI changes.
Resolves: RHEL-28842
* Fri Apr 12 2024 Andrew Lukoshko <alukoshko@almalinux.org> 11.6-5.alma.1
- use BIND macros when defining DNS names (CVE-2023-50387)
* Thu Oct 13 2022 Rafael Jeffman <rjeffman@redhat.com> - 11.6-4
- Modify empty zone conflicts under exclusive mode