From acccee3f970181d458126bcc0646965e7aa0dad4 Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Mon, 20 Oct 2025 16:08:41 +0800
Subject: [PATCH] [CVE] CVE-2023-50387

to #24552
add patch to fix CVE-2023-50387
Project: TC2024080204
Signed-off-by: tomcruiseqi <tomcruiseqi@inspur.com>
---
 1-bugfix-for-CVE-2023-50387.patch | 24 ++++++++++++++++++++++++
 bind.spec                         |  9 +++++++--
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 1-bugfix-for-CVE-2023-50387.patch

diff --git a/1-bugfix-for-CVE-2023-50387.patch b/1-bugfix-for-CVE-2023-50387.patch
new file mode 100644
index 0000000..0272ebf
--- /dev/null
+++ b/1-bugfix-for-CVE-2023-50387.patch
@@ -0,0 +1,24 @@
+diff --git a/src/mldap.c b/src/mldap.c
+index 92a330c..79efddb 100644
+--- a/src/mldap.c
++++ b/src/mldap.c
+@@ -50,18 +50,7 @@
+ static unsigned char uuid_rootname_ndata[]
+ 	= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
+ static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
+-static dns_name_t uuid_rootname =
+-{
+-	DNS_NAME_MAGIC,
+-	uuid_rootname_ndata,
+-	sizeof(uuid_rootname_ndata),
+-	sizeof(uuid_rootname_offsets),
+-	DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
+-	uuid_rootname_offsets,
+-	NULL,
+-	{ (void *)-1, (void *)-1 },
+-	{ NULL, NULL }
+-};
++static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
+ 
+ struct mldapdb {
+ 	isc_mem_t	*mctx;
diff --git a/bind.spec b/bind.spec
index d838d04..56fbd09 100644
--- a/bind.spec
+++ b/bind.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 %bcond_with    SYSTEMTEST
 %bcond_without GSSTSIG
@@ -41,6 +41,8 @@ Source2:  https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz.
 Source3:  named.logrotate
 Source4:  https://downloads.isc.org/isc/pgpkeys/codesign2021.txt
 Source16: named.conf
+
+Patch1:  1-bugfix-for-CVE-2023-50387.patch
 # Refresh by command: dig @a.root-servers.net. +tcp +norec
 # or from URL
 Source17: https://www.internic.net/domain/named.root
@@ -290,7 +292,7 @@ in HTML and PDF format.
 %endif
 
 %prep
-%autosetup -n %{name}-%{version} -N
+%autosetup -p1 -n %{name}-%{version} -N
 
 # Common patches
 %autopatch -p1 -m 10
@@ -868,6 +870,9 @@ fi;
 %endif
 
 %changelog
+* Mon Oct 20 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 32:9.18.34-2
+- Fix CVE-2023-50387
+
 * Mon Feb 24 2025 yangxinyu <yangxinyu@nfschina.com> - 32:9.18.34-1
 - update to 9.18.34
 
-- 
Gitee