From 38613fc1f5a57a1c34fba571dd00ee8e8d8951d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Tue, 12 Jan 2021 15:02:57 +0100
Subject: [PATCH] Support BIND 9.16.10 API change

Recent BIND release changed the API, support both older and more recent
BIND versions. Just add one parameter #if to ldap_driver.c.
---
 bind-dyndb-ldap-11.6-bind-9.16.10.patch | 38 +++++++++++++++++++++++++
 bind-dyndb-ldap.spec                    |  6 +++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 bind-dyndb-ldap-11.6-bind-9.16.10.patch

diff --git a/bind-dyndb-ldap-11.6-bind-9.16.10.patch b/bind-dyndb-ldap-11.6-bind-9.16.10.patch
new file mode 100644
index 0000000..717c81e
--- /dev/null
+++ b/bind-dyndb-ldap-11.6-bind-9.16.10.patch
@@ -0,0 +1,38 @@
+From 2ddd4bf55e325071566aa1c78e3681c3239895da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Mon, 11 Jan 2021 21:39:25 +0100
+Subject: [PATCH] Add compatibility with BIND 9.16.10 API change
+
+One parameter was added to function used internally by plugin. Nothing
+like -nsec3param auto is supported by LDAP plugin. It is safe to set
+resalt false always. Salt can be changed via LDAP, but has to be
+specified manually.
+---
+ src/ldap_helper.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index a81a9d228..3b4ae5c67 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -1792,10 +1792,17 @@ zone_master_reconfigure_nsec3param(settings_set_t *zone_settings,
+ 			  dns_rdatatype_nsec3param, origin, nsec3p_str,
+ 			  &nsec3p_rdata));
+ 	CHECK(dns_rdata_tostruct(nsec3p_rdata, &nsec3p_rr, NULL));
++#if LIBDNS_VERSION_MAJOR > 1609
++	CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
++				     nsec3p_rr.iterations,
++				     nsec3p_rr.salt_length, nsec3p_rr.salt,
++				     true, false));
++#else
+ 	CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
+ 				     nsec3p_rr.iterations,
+ 				     nsec3p_rr.salt_length, nsec3p_rr.salt,
+ 				     true));
++#endif
+ 
+ cleanup:
+ 	if (nsec3p_rdata != NULL) {
+-- 
+2.26.2
+
diff --git a/bind-dyndb-ldap.spec b/bind-dyndb-ldap.spec
index 86a0340..606b189 100644
--- a/bind-dyndb-ldap.spec
+++ b/bind-dyndb-ldap.spec
@@ -12,7 +12,7 @@
 
 Name:           bind-dyndb-ldap
 Version:        11.6
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        LDAP back-end plug-in for BIND
 
 License:        GPLv2+
@@ -21,6 +21,7 @@ Source0:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
 
 Patch1:         bind-dyndb-ldap-11.6-bind-9.16.9.patch
+Patch2:         bind-dyndb-ldap-11.6-bind-9.16.10.patch
 
 BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
 BuildRequires:  krb5-devel
@@ -117,6 +118,9 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 
 
 %changelog
+* Tue Jan 12 2021 Petr Menšík <pemensik@redhat.com> - 11.6-4
+- Support BIND 9.16.10
+
 * Thu Dec 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-3
 - Both require bind and require it for pre-install script
 - Resolves: rhbz#1902811