diff --git a/1-bugfix-for-CVE-2023-50387.patch b/1-bugfix-for-CVE-2023-50387.patch new file mode 100644 index 0000000000000000000000000000000000000000..0272ebfd5154c1aaf6214b95cea17b263234f447 --- /dev/null +++ b/1-bugfix-for-CVE-2023-50387.patch @@ -0,0 +1,24 @@ +diff --git a/src/mldap.c b/src/mldap.c +index 92a330c..79efddb 100644 +--- a/src/mldap.c ++++ b/src/mldap.c +@@ -50,18 +50,7 @@ + static unsigned char uuid_rootname_ndata[] + = { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 }; + static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 }; +-static dns_name_t uuid_rootname = +-{ +- DNS_NAME_MAGIC, +- uuid_rootname_ndata, +- sizeof(uuid_rootname_ndata), +- sizeof(uuid_rootname_offsets), +- DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, +- uuid_rootname_offsets, +- NULL, +- { (void *)-1, (void *)-1 }, +- { NULL, NULL } +-}; ++static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets); + + struct mldapdb { + isc_mem_t *mctx; diff --git a/bind.spec b/bind.spec index d838d04eae2229589d5cd4a2ddf0b726668dac32..56fbd09f5e071403b0c54a4fe2c5fbd664539149 100644 --- a/bind.spec +++ b/bind.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %bcond_with SYSTEMTEST %bcond_without GSSTSIG @@ -41,6 +41,8 @@ Source2: https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz. Source3: named.logrotate Source4: https://downloads.isc.org/isc/pgpkeys/codesign2021.txt Source16: named.conf + +Patch1: 1-bugfix-for-CVE-2023-50387.patch # Refresh by command: dig @a.root-servers.net. +tcp +norec # or from URL Source17: https://www.internic.net/domain/named.root @@ -290,7 +292,7 @@ in HTML and PDF format. %endif %prep -%autosetup -n %{name}-%{version} -N +%autosetup -p1 -n %{name}-%{version} -N # Common patches %autopatch -p1 -m 10 @@ -868,6 +870,9 @@ fi; %endif %changelog +* Mon Oct 20 2025 tomcruiseqi - 32:9.18.34-2 +- Fix CVE-2023-50387 + * Mon Feb 24 2025 yangxinyu - 32:9.18.34-1 - update to 9.18.34