From 86862fc8d8f0e438cd163f23ed8f2be8014affcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Fri, 12 Apr 2024 18:01:35 +0200 Subject: [PATCH] Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change Enforce updated rebuild is accepted only, conflict with older builds ; Related: CVE-2023-50387 CVE-2023-50868 Related: RHEL-25397 RHEL-25386 --- bind.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bind.spec b/bind.spec index 031a12a..9ff7b20 100644 --- a/bind.spec +++ b/bind.spec @@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.16.23 -Release: 18%{?dist} +Release: 19%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -165,6 +165,9 @@ Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires(post): ((policycoreutils-python-utils and libselinux-utils) if (selinux-policy-targeted or selinux-policy-mls)) Requires(post): ((selinux-policy and selinux-policy-base) if (selinux-policy-targeted or selinux-policy-mls)) Recommends: bind-utils bind-dnssec-utils +# Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change +# Enforce updated rebuild is accepted only +Conflicts: bind-dyndb-ldap < 11.9-9 BuildRequires: gcc, make BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: libidn2-devel, libxml2-devel @@ -1213,6 +1216,9 @@ fi; %endif %changelog +* Fri Apr 12 2024 Petr Menšík - 32:9.11.36-19 +- Ensure incompatible bind-dyndb-ldap is not accepted + * Mon Mar 25 2024 Petr Menšík - 32:9.16.23-18 - Prevent crashing at masterformat system test (CVE-2023-6516)