Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change

Enforce updated rebuild is accepted only, conflict with older builds ; Related: CVE-2023-50387 CVE-2023-50868 Related: RHEL-25681 RHEL-25649
2024-04-12 18:01:35 +02:00 · 2024-04-12 18:01:35 +02:00 · ccd61ef0da
commit ccd61ef0da
parent db90368fc7
1 changed files with 7 additions and 1 deletions
--- a/bind.spec
+++ b/bind.spec
@ -68,7 +68,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.36
-Release:  14%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  15%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -212,6 +212,9 @@ Obsoletes:      caching-nameserver < 31:9.4.1-7.fc8
 Provides:       caching-nameserver = 31:9.4.1-7.fc8
 Obsoletes:      dnssec-conf < 1.27-2
 Provides:       dnssec-conf = 1.27-2
+# Fixes of CVE-2023-50387 and CVE-2023-50868 caused ABI change
+# Enforce updated rebuild is accepted only
+Conflicts:      bind-dyndb-ldap < 11.6-5
 BuildRequires:  gcc, make
 BuildRequires:  openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
 BuildRequires:  libidn2-devel, libxml2-devel
@ -1653,6 +1656,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif

 %changelog
+* Fri Apr 12 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-15
+- Ensure incompatible bind-dyndb-ldap is not accepted
+
 * Mon Feb 26 2024 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-14
 - Speed up parsing of DNS messages with many different names (CVE-2023-4408)
 - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868)