From 78adb3f2b1437cba7eca1b5c0dae545b29e9db4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Mon, 15 Apr 2024 23:46:31 +0200
Subject: [PATCH] Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change
 #2

Enforce updated rebuild is accepted only, conflict with older builds of
dhcp too.

; Related: CVE-2023-50387 CVE-2023-50868
Related: RHEL-25681 RHEL-25649
---
 bind.spec | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bind.spec b/bind.spec
index e2ef7c7..29897dd 100644
--- a/bind.spec
+++ b/bind.spec
@@ -68,7 +68,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.36
-Release:  15%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  16%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@@ -215,6 +215,9 @@ Provides:       dnssec-conf = 1.27-2
 # Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change
 # Enforce updated rebuild is accepted only
 Conflicts:      bind-dyndb-ldap < 11.6-5
+Conflicts:      dhcp-client < 4.3.6-50
+Conflicts:      dhcp-server < 4.3.6-50
+Conflicts:      dhcp-relay < 4.3.6-50
 BuildRequires:  gcc, make
 BuildRequires:  openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
 BuildRequires:  libidn2-devel, libxml2-devel
@@ -1656,6 +1659,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Apr 15 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-16
+- Ensure incompatible dhcp is not accepted
+
 * Fri Apr 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-15
 - Ensure incompatible bind-dyndb-ldap is not accepted