From 624e107431dba8828b97aac6f999eb04eda7850f Mon Sep 17 00:00:00 2001 From: xh Date: Tue, 20 May 2025 16:56:02 +0800 Subject: [PATCH] fix build failure for bind-dyndb-ldap --- ...ix-build-failure-for-bind-dyndb-ldap.patch | 78 +++++++++++++++++++ bind.spec | 9 ++- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 backport-fix-build-failure-for-bind-dyndb-ldap.patch diff --git a/backport-fix-build-failure-for-bind-dyndb-ldap.patch b/backport-fix-build-failure-for-bind-dyndb-ldap.patch new file mode 100644 index 0000000..d14ac71 --- /dev/null +++ b/backport-fix-build-failure-for-bind-dyndb-ldap.patch @@ -0,0 +1,78 @@ +commit 0ae8ee3b9c6e7d60eaacd957929aec7a508fb777 +Author: Nicki Křížek +Date: Mon Jan 20 16:17:08 2025 +0000 + + [9.16] [CVE-2024-11187] sec: usr: Limit the additional processing for large RDATA sets + + When answering queries, don't add data to the additional section if the answer has more than 13 names in the RDATA. This limits the number of lookups into the database(s) during a single client query, reducing query processing load. + + Backport of MR !750 + + See isc-projects/bind9#5034 + + Merge branch '5034-security-limit-additional-9.16' into 'bind-9.16-release' + + See merge request isc-private/bind9!760 + +Conflict: supplement CVE-2024-11187 +Reference: https://build.opensuse.org/projects/SUSE:SLE-15-SP4:Update/packages/bind.37309/files/bind-9.16-CVE-2024-11187.patch?expand=1 +--- + lib/dns/rdataset.c | 1 + + lib/isc/include/isc/result.h | 3 +-- + lib/isc/result.c | 6 ++---- + 3 files changed, 4 insertions(+), 6 deletions(-) + +diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c +index 19a0051..57e3c75 100644 +--- a/lib/dns/rdataset.c ++++ b/lib/dns/rdataset.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + static const char *trustnames[] = { + "none", "pending-additional", +diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h +index 2b14d66..21071c7 100644 +--- a/lib/isc/include/isc/result.h ++++ b/lib/isc/include/isc/result.h +@@ -90,10 +90,9 @@ + #define ISC_R_IPV4PREFIX 69 /*%< IPv4 prefix */ + #define ISC_R_TLSERROR 70 /*%< TLS error */ + #define ISC_R_HTTP2ALPNERROR 71 /*%< ALPN for HTTP/2 failed */ +-#define DNS_R_TOOMANYRECORDS 72 /*%< too many records */ + + /*% Not a result code: the number of results. */ +-#define ISC_R_NRESULTS 73 ++#define ISC_R_NRESULTS 72 + + ISC_LANG_BEGINDECLS + +diff --git a/lib/isc/result.c b/lib/isc/result.c +index a038b6e..72e7a3c 100644 +--- a/lib/isc/result.c ++++ b/lib/isc/result.c +@@ -102,8 +102,7 @@ static const char *description[ISC_R_NRESULTS] = { + "default", /*%< 68 */ + "IPv4 prefix", /*%< 69 */ + "TLS error", /*%< 70 */ +- "ALPN for HTTP/2 failed", /*%< 71 */ +- "too many records" /*%< 72 */ ++ "ALPN for HTTP/2 failed" /*%< 71 */ + }; + + static const char *identifier[ISC_R_NRESULTS] = { "ISC_R_SUCCESS", +@@ -177,8 +176,7 @@ static const char *identifier[ISC_R_NRESULTS] = { "ISC_R_SUCCESS", + "ISC_R_DEFAULT", + "ISC_R_IPV4PREFIX", + "ISC_R_TLSERROR", +- "ISC_R_HTTP2ALPNERROR", +- "DNS_R_TOOMANYRECODES" }; ++ "ISC_R_HTTP2ALPNERROR" }; + + #define ISC_RESULT_RESULTSET 2 + #define ISC_RESULT_UNAVAILABLESET 3 +-- +2.33.0 diff --git a/bind.spec b/bind.spec index f1d249e..9f3ad25 100644 --- a/bind.spec +++ b/bind.spec @@ -30,7 +30,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.16.23 -Release: 25 +Release: 26 Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -252,6 +252,7 @@ Patch6168:backport-CVE-2024-1737-records-test.patch Patch6169:backport-CVE-2024-1737-types.patch Patch6170:backport-CVE-2024-1737-types-test.patch Patch6171:backport-CVE-2024-1737-records-test2.patch +Patch6172:backport-fix-build-failure-for-bind-dyndb-ldap.patch Patch9000:bugfix-limit-numbers-of-test-threads.patch @@ -1261,6 +1262,12 @@ fi; %endif %changelog +* Tue May 20 2025 xinghe - 32:9.16.23-26 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix build failure for bind-dyndb-ldap + * Wed Apr 23 2025 chengyechun - 32:9.16.23-25 - Type:CVE - CVE:CVE-2024-1737 -- Gitee