[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade bind to 9.20.5 to fix CV…

…E-2024-12705 & CVE-2024-11187 - branch 3.0-dev (#12297)
microsoft · Feb 14, 2025 · 4c8c64e · 4c8c64e
1 parent fa5267f
commit 4c8c64e
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 19 deletions.
diff --git a/SPECS/bind/bind.signatures.json b/SPECS/bind/bind.signatures.json
@@ -1,6 +1,7 @@
 {
  "Signatures": {
-  "bind-9.20.0.tar.xz": "cc580998017b51f273964058e8cb3aa5482bc785243dea71e5556ec565a13347",
+  "bind-9.20.5.tar.xz": "19274fd739c023772b4212a0b6c201cf4364855fa7e6a7d3db49693f55db1ab8",
+  "dlz-modules-main.tar.gz": "884bef3535317a7757ad0e3556a27e2ed1a80f5b1040bce4074780c8719667d0",
   "generate-rndc-key.sh": "da0964516a9abe4074e262a1d0b7f63e63b2150c4cc2dddaaca029010383c422",
   "named-chroot.files": "5dbc7bd2a21836fb86cb740a2d4d72eb9f2b4f341996cd0c8ae9c39e95c0d76c",
   "named.conf.sample": "1807f11df688de4eb8cdcc97bd1a8863d81b03b1f24af96f3639de40bc8e538a",

diff --git a/SPECS/bind/bind.spec b/SPECS/bind/bind.spec
@@ -9,7 +9,7 @@
 
 Summary:        Domain Name System software
 Name:           bind
-Version:        9.20.0
+Version:        9.20.5
 Release:        1%{?dist}
 License:        ISC
 Vendor:         Microsoft Corporation
@@ -30,6 +30,8 @@ Source11:       setup-named-chroot.sh
 Source12:       generate-rndc-key.sh
 Source13:       named.rwtab
 Source14:       named-chroot.files
+Source15:       https://gitlab.isc.org/isc-projects/dlz-modules/-/archive/main/dlz-modules-main.tar.gz
+
 Patch0:         nongit-fix.patch
 
 BuildRequires:  gcc
@@ -196,14 +198,17 @@ Summary:        BIND utilities
 # so we need to save a backup of these files.
 mkdir backup
 mv compile depcomp missing backup/
-libtoolize -c -f; %{_bindir}/aclocal -I m4 --force; %{_bindir}/autoconf -f 
+libtoolize -c -f; %{_bindir}/aclocal -I m4 --force; %{_bindir}/autoconf -f
 mv backup/* .
 rmdir backup
 
 %build
 # DLZ modules do not support oot builds. Copy files into build
 mkdir -p build/contrib/dlz
-cp -frp contrib/dlz/modules build/contrib/dlz/modules
+pushd build/contrib/dlz
+tar --no-same-owner -xf %{SOURCE15}
+mv dlz-modules-main/modules ./
+popd
 
 ./configure \
     --prefix=%{_prefix} \
@@ -400,7 +405,7 @@ fi;
 %{_mandir}/man1/named-journalprint.1*
 %{_mandir}/man8/filter-aaaa.8.gz
 %{_mandir}/man8/filter-a.8.gz
-%doc CHANGES README.md named.conf.default
+%doc README.md named.conf.default
 %doc sample/
 
 %defattr(0660,root,named,01770)
@@ -435,11 +440,11 @@ fi;
 
 %files dlz-ldap
 %{_libdir}/{named,bind}/dlz_ldap_dynamic.so
-%doc contrib/dlz/modules/ldap/testing/*
+%doc build/contrib/dlz/modules/ldap/testing/*
 
 %files dlz-sqlite3
 %{_libdir}/{named,bind}/dlz_sqlite3_dynamic.so
-%doc contrib/dlz/modules/sqlite3/testing/*
+%doc build/contrib/dlz/modules/sqlite3/testing/*
 
 %files libs
 %{_libdir}/*-%{version}*.so
@@ -523,6 +528,10 @@ fi;
 %{_mandir}/man1/named-nzd2nzf.1*
 
 %changelog
+* Tue Feb 04 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 9.20.5-1
+- Auto-upgrade to 9.20.5 - to fix CVE-2024-12705 & CVE-2024-11187
+- Refresh nongit-fix patch to apply cleanly.
+
 * Wed Jul 24 2024 Muhammad Falak <mwani@microsoft.com> - 9.20.0-1
 - Upgrade version to 9.20.0 to address CVE-CVE-2024-0760, CVE-2024-1737, CVE-2024-1975 & CVE-2024-4076
 - Refresh patches to apply cleanly

diff --git a/SPECS/bind/nongit-fix.patch b/SPECS/bind/nongit-fix.patch
@@ -1,25 +1,22 @@
-From 431fa0dcec199512effecb4842a889eee5884c72 Mon Sep 17 00:00:00 2001
-From: alejandro-microsoft <alejandroma@microsoft.com>
-Date: Fri, 1 Mar 2024 17:49:51 -0800
+From a93a15295ac2690f587711b26af84d6292d2aa1b Mon Sep 17 00:00:00 2001
+From: Kanishk Bansal <kbkanishk975@gmail.com>
+Date: Tue, 4 Feb 2025 06:49:17 +0000
 Subject: [PATCH] Fix issue where bind directory isn't downloaded via git
 
-Ported to v.9.20.0 from v9.19.21 by @mfrw on 24-July-2024
-
-Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 ---
  configure.ac | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index a911163..b58d5be 100644
+index 168a77a..37c0acd 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -19,7 +19,7 @@ m4_define([bind_VERSION_MINOR], 20)dnl
- m4_define([bind_VERSION_PATCH], 0)dnl
+ m4_define([bind_VERSION_PATCH], 5)dnl
  m4_define([bind_VERSION_EXTRA], )dnl
  m4_define([bind_DESCRIPTION], [(Stable Release)])dnl
 -m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl
-+m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD 2>/dev/null || echo "unsetID" | cut -b1-7])])dnl 
++m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD 2>/dev/null || echo "unsetID" | cut -b1-7])])dnl
  m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl
 
  #
@@ -35,5 +32,5 @@ index a911163..b58d5be 100644
 
  #
 -- 
-2.40.1
+2.43.0
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -1087,8 +1087,8 @@
         "type": "other",
         "other": {
           "name": "bind",
-          "version": "9.20.0",
-          "downloadUrl": "https://ftp.isc.org/isc/bind9/9.20.0/bind-9.20.0.tar.xz"
+          "version": "9.20.5",
+          "downloadUrl": "https://ftp.isc.org/isc/bind9/9.20.5/bind-9.20.5.tar.xz"
         }
       }
     },