Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change

Enforce updated rebuild is accepted only, conflict with older builds

; Related: CVE-2023-50387 CVE-2023-50868
Related: RHEL-25681 RHEL-25649
This commit is contained in:
Petr Menšík 2024-04-12 18:01:35 +02:00
parent db90368fc7
commit ccd61ef0da

View File

@ -68,7 +68,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.11.36
Release: 14%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Release: 15%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -212,6 +212,9 @@ Obsoletes: caching-nameserver < 31:9.4.1-7.fc8
Provides: caching-nameserver = 31:9.4.1-7.fc8
Obsoletes: dnssec-conf < 1.27-2
Provides: dnssec-conf = 1.27-2
# Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change
# Enforce updated rebuild is accepted only
Conflicts: bind-dyndb-ldap < 11.6-5
BuildRequires: gcc, make
BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
BuildRequires: libidn2-devel, libxml2-devel
@ -1653,6 +1656,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
* Fri Apr 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-15
- Ensure incompatible bind-dyndb-ldap is not accepted
* Mon Feb 26 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-14
- Speed up parsing of DNS messages with many different names (CVE-2023-4408)
- Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868)