From 33f4b8e91135a93daed5cd3217cb8ca4302f8507 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Mon, 15 Apr 2024 23:28:49 +0200
Subject: [PATCH] Ensure only compatible bind-export-libs is accepted

bind-export-libs has changed ABI because last CVE fixes. To make it more
discoverable ensure dhcp parts require compatible rebuild together. They
have to refuse to upgrade without matching bind, because otherwise
builds may crashing at strange places.

; Related: CVE-2023-50387 CVE-2023-50868
Related: RHEL-25681 RHEL-25649
---
 dhcp.spec | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dhcp.spec b/dhcp.spec
index e0d3f99..65bf9c0 100644
--- a/dhcp.spec
+++ b/dhcp.spec
@@ -12,6 +12,9 @@
 #global patchver P1
 %global DHCPVERSION %{version}%{?prever}%{?patchver:-%{patchver}}
 
+# bind has changed ABI with CVE-2023-50387 fixes. Require compatible build
+%global BIND_MINVER 9.11.36-14
+
 
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
@@ -97,7 +100,7 @@ BuildRequires: openldap-devel
 BuildRequires: krb5-devel
 BuildRequires: libcap-ng-devel
 # https://fedorahosted.org/fpc/ticket/502#comment:3
-BuildRequires: bind-export-devel >= 9.11.11
+BuildRequires: bind-export-devel >= %{BIND_MINVER}
 BuildRequires: systemd systemd-devel
 # dhcp-sd_notify.patch
 BuildRequires: pkgconfig(libsystemd)
@@ -122,6 +125,7 @@ DHCP (Dynamic Host Configuration Protocol)
 Summary: Provides the ISC DHCP server
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: bind-export-libs >= %{BIND_MINVER}
 Requires(pre): shadow-utils
 Requires(post): coreutils grep sed
 Requires(post): systemd
@@ -141,6 +145,7 @@ This package provides the ISC DHCP server.
 Summary: Provides the ISC DHCP relay agent
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: bind-export-libs >= %{BIND_MINVER}
 Requires(post): grep sed
 Requires(post): systemd
 Requires(preun): systemd
@@ -163,6 +168,7 @@ Obsoletes: dhclient < %{epoch}:%{version}-%{release}
 Requires: coreutils gawk grep ipcalc iproute iputils sed systemd
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: bind-export-libs >= %{BIND_MINVER}
 
 %description client
 DHCP (Dynamic Host Configuration Protocol) is a protocol which allows