import bind-dyndb-ldap-11.2-3.module+el8.2.0+4921+923e30d5

2020-04-28 04:54:07 -04:00 · 2020-04-28 04:54:07 -04:00 · 4369ce94b9
commit 4369ce94b9
parent 92ef1b1f0b
10 changed files with 106 additions and 463 deletions
--- a/.bind-dyndb-ldap.metadata
+++ b/.bind-dyndb-ldap.metadata
@ -1 +1 @@
-282bf80634784e70a42c9cef050cbf74cdd5be0d SOURCES/bind-dyndb-ldap-11.1.tar.bz2
+0552e2595814b82626c4966af59b3d7f9bf3e990 SOURCES/bind-dyndb-ldap-11.2.tar.bz2
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/bind-dyndb-ldap-11.1.tar.bz2
+SOURCES/bind-dyndb-ldap-11.2.tar.bz2
--- a/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
+++ b/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
@ -1,116 +0,0 @@
 From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001
 From: Tomas Krizek <tkrizek@redhat.com>
 Date: Mon, 27 Mar 2017 19:41:05 +0200
 Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst
 With the DynDB API changes, the ldap instance is acquired
 differently. Previously, obtaining the instance could fail when
 LDAP was disconnecting, thus the NULL check was necessary in the
 cleanup part.
 Now, inst is obtained directly from the API. I'm not sure what is
 the exact behaviour in edge cases such as LDAP disconnecting, so
 I perform the NULL check a bit earlier, just to be safe.
 ---
 src/ldap_helper.c | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)
 diff --git a/src/ldap_helper.c b/src/ldap_helper.c
 index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644
 --- a/src/ldap_helper.c
 +++ b/src/ldap_helper.c
@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
 	mctx = pevent->mctx;
 	dns_name_init(&prevname, NULL);
 +	REQUIRE(inst != NULL);
 	INSIST(task == inst->task); /* For task-exclusive mode */
 	if (SYNCREPL_DEL(pevent->chgtype)) {
@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event)
 	}
 cleanup:
 -	if (inst != NULL) {
 -		sync_concurr_limit_signal(inst->sctx);
 -		sync_event_signal(inst->sctx, pevent);
 -		if (dns_name_dynamic(&prevname))
 -			dns_name_free(&prevname, inst->mctx);
 -	}
 +	sync_concurr_limit_signal(inst->sctx);
 +	sync_event_signal(inst->sctx, pevent);
 +	if (dns_name_dynamic(&prevname))
 +		dns_name_free(&prevname, inst->mctx);
 +
 	if (result != ISC_R_SUCCESS)
 		log_error_r("update_zone (syncrepl) failed for %s. "
 			    "Zones can be outdated, run `rndc reload`",
@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event)
 	mctx = pevent->mctx;
 +	REQUIRE(inst != NULL);
 	INSIST(task == inst->task); /* For task-exclusive mode */
 	CHECK(ldap_parse_configentry(entry, inst));
 cleanup:
 -	if (inst != NULL) {
 -		sync_concurr_limit_signal(inst->sctx);
 -		sync_event_signal(inst->sctx, pevent);
 -	}
 +	sync_concurr_limit_signal(inst->sctx);
 +	sync_event_signal(inst->sctx, pevent);
 +
 	if (result != ISC_R_SUCCESS)
 		log_error_r("update_config (syncrepl) failed for %s. "
 			    "Configuration can be outdated, run `rndc reload`",
@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event)
 	mctx = pevent->mctx;
 +	REQUIRE(inst != NULL);
 	INSIST(task == inst->task); /* For task-exclusive mode */
 	CHECK(ldap_parse_serverconfigentry(entry, inst));
 cleanup:
 -	if (inst != NULL) {
 -		sync_concurr_limit_signal(inst->sctx);
 -		sync_event_signal(inst->sctx, pevent);
 -	}
 +	sync_concurr_limit_signal(inst->sctx);
 +	sync_event_signal(inst->sctx, pevent);
 +
 	if (result != ISC_R_SUCCESS)
 		log_error_r("update_serverconfig (syncrepl) failed for %s. "
 			    "Configuration can be outdated, run `rndc reload`",
@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event)
 	dns_name_init(&prevname, NULL);
 	dns_name_init(&prevorigin, NULL);
 +	REQUIRE(inst != NULL);
 	CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure));
 	zone_found = ISC_TRUE;
@@ -4020,13 +4021,12 @@ cleanup:
 			    ldap_entry_logname(entry), pevent->chgtype);
 	}
 -	if (inst != NULL) {
 -		sync_concurr_limit_signal(inst->sctx);
 -		if (dns_name_dynamic(&prevname))
 -			dns_name_free(&prevname, inst->mctx);
 -		if (dns_name_dynamic(&prevorigin))
 -			dns_name_free(&prevorigin, inst->mctx);
 -	}
 +	sync_concurr_limit_signal(inst->sctx);
 +	if (dns_name_dynamic(&prevname))
 +		dns_name_free(&prevname, inst->mctx);
 +	if (dns_name_dynamic(&prevorigin))
 +		dns_name_free(&prevorigin, inst->mctx);
 +
 	if (raw != NULL)
 		dns_zone_detach(&raw);
 	if (secure != NULL)
 -- 
 2.9.3
--- a/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch
+++ b/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch
@ -0,0 +1,73 @@
 From fecc0fd86f598807129ea9fa1e4e7b74cf2aba21 Mon Sep 17 00:00:00 2001
 From: Petr Mensik <pemensik@redhat.com>
 Date: Mon, 11 Nov 2019 17:36:58 +0100
 Subject: [PATCH] Add support for servestale records
 Serve-stale support includes two new database methods. Add wrapper into
 ldap database.
 ---
 configure.ac      |  5 +++++
 src/ldap_driver.c | 24 ++++++++++++++++++++++++
 2 files changed, 29 insertions(+)
 diff --git a/configure.ac b/configure.ac
 index d05bad9..7997898 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -120,6 +120,11 @@ int main(void) {
 [AC_MSG_ERROR([Cross compiling is not supported.])]
 )
 +dnl dns_db_setservestalettl() can be backported, detect support
 +AC_CHECK_LIB([dns], [dns_db_setservestalettl],
 +  [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])]
 +)
 +
 dnl Older autoconf (2.59, for example) doesn't define docdir
 [[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}'
 AC_SUBST([docdir])
 diff --git a/src/ldap_driver.c b/src/ldap_driver.c
 index b9161fe..dcf65d0 100644
 --- a/src/ldap_driver.c
 +++ b/src/ldap_driver.c
@@ -823,6 +823,26 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name)
 	return dns_db_nodefullname(ldapdb->rbtdb, node, name);
 }
 +#ifdef HAVE_DNS_SERVESTALE
 +static isc_result_t
 +setservestalettl(dns_db_t *db, dns_ttl_t ttl) {
 +	ldapdb_t *ldapdb = (ldapdb_t *) db;
 +
 +	REQUIRE(VALID_LDAPDB(ldapdb));
 +
 +	return dns_db_setservestalettl(ldapdb->rbtdb, ttl);
 +}
 +
 +static isc_result_t
 +getservestalettl(dns_db_t *db, dns_ttl_t *ttl) {
 +	ldapdb_t *ldapdb = (ldapdb_t *) db;
 +
 +	REQUIRE(VALID_LDAPDB(ldapdb));
 +
 +	return dns_db_getservestalettl(ldapdb->rbtdb, ttl);
 +}
 +#endif
 +
 static dns_dbmethods_t ldapdb_methods = {
 	attach,
 	detach,
@@ -869,6 +889,10 @@ static dns_dbmethods_t ldapdb_methods = {
 	hashsize,
 	nodefullname,
 	NULL, // getsize method not implemented (related BZ1353563)
 +#ifdef HAVE_DNS_SERVESTALE
 +	setservestalettl,
 +	getservestalettl,
 +#endif
 };
 isc_result_t ATTR_NONNULLS
 -- 
 2.20.1
--- a/SOURCES/0002-Add-empty-callback-for-getsize.patch
+++ b/SOURCES/0002-Add-empty-callback-for-getsize.patch
@ -1,30 +0,0 @@
 From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001
 From: Tomas Krizek <tkrizek@redhat.com>
 Date: Tue, 27 Jun 2017 10:41:03 +0200
 Subject: [PATCH] Add empty callback for getsize
 BIND introduced getsize method in db.h. This is related to
 CVE-2016-6170 and allows to set restriction of zone size limit.
 Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
 ---
 src/ldap_driver.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/src/ldap_driver.c b/src/ldap_driver.c
 index 53ce1a9..38673b0 100644
 --- a/src/ldap_driver.c
 +++ b/src/ldap_driver.c
@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = {
 	findext,
 	setcachestats,
 	hashsize,
 -	nodefullname
 +	nodefullname,
 +	NULL, // getsize method not implemented (related BZ1353563)
 };
 isc_result_t ATTR_NONNULLS
 -- 
 2.9.4
--- a/SOURCES/0003-Support-for-BIND-9.11.3.patch
+++ b/SOURCES/0003-Support-for-BIND-9.11.3.patch
@ -1,137 +0,0 @@
 From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
 Date: Thu, 1 Mar 2018 19:41:10 +0100
 Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in
 each file that uses REQUIRE(). Support stdatomic feature, do not use function
 call in STATIC_ASSERT().
 ---
 src/bindcfg.c      |  1 +
 src/fwd_register.c |  1 +
 src/ldap_entry.h   | 11 +++++------
 src/mldap.c        |  4 ++--
 src/rbt_helper.c   |  1 +
 src/types.h        |  2 +-
 6 files changed, 11 insertions(+), 9 deletions(-)
 diff --git a/src/bindcfg.c b/src/bindcfg.c
 index 9b429ba..5539dea 100644
 --- a/src/bindcfg.c
 +++ b/src/bindcfg.c
@@ -6,6 +6,7 @@
 #include "config.h"
 +#include <isc/util.h>
 #include <isccfg/grammar.h>
 #include <isccfg/namedconf.h>
 diff --git a/src/fwd_register.c b/src/fwd_register.c
 index 355d15f..7cc0c5a 100644
 --- a/src/fwd_register.c
 +++ b/src/fwd_register.c
@@ -3,6 +3,7 @@
  */
 #include <isc/rwlock.h>
 +#include <isc/util.h>
 #include <dns/name.h>
 #include "rbt_helper.h"
 diff --git a/src/ldap_entry.h b/src/ldap_entry.h
 index 6498c79..88b1c42 100644
 --- a/src/ldap_entry.h
 +++ b/src/ldap_entry.h
@@ -6,7 +6,6 @@
 #define _LD_LDAP_ENTRY_H_
 #include <isc/lex.h>
 -#include <isc/util.h>
 #include <dns/types.h>
 #include "fwd_register.h"
@@ -19,15 +18,15 @@
 /* Represents values associated with LDAP attribute */
 typedef struct ldap_value ldap_value_t;
 -typedef LIST(ldap_value_t) ldap_valuelist_t;
 +typedef ISC_LIST(ldap_value_t) ldap_valuelist_t;
 struct ldap_value {
         char                    *value;
 -        LINK(ldap_value_t)      link;
 +        ISC_LINK(ldap_value_t)      link;
 };
 /* Represents LDAP attribute and it's values */
 typedef struct ldap_attribute	ldap_attribute_t;
 -typedef LIST(ldap_attribute_t)	ldap_attributelist_t;
 +typedef ISC_LIST(ldap_attribute_t)	ldap_attributelist_t;
 /* Represents LDAP entry and it's attributes */
 typedef unsigned char		ldap_entryclass_t;
@@ -41,7 +40,7 @@ struct ldap_entry {
 	ldap_attribute_t	*lastattr;
 	ldap_attributelist_t	attrs;
 -	LINK(ldap_entry_t)	link;
 +	ISC_LINK(ldap_entry_t)	link;
 	/* Parsing. */
 	isc_lex_t		*lex;
@@ -59,7 +58,7 @@ struct ldap_attribute {
 	char			**ldap_values;
 	ldap_value_t		*lastval;
 	ldap_valuelist_t	values;
 -	LINK(ldap_attribute_t)	link;
 +	ISC_LINK(ldap_attribute_t)	link;
 };
 #define LDAP_ENTRYCLASS_NONE	0x0
 diff --git a/src/mldap.c b/src/mldap.c
 index 143abce..304ba36 100644
 --- a/src/mldap.c
 +++ b/src/mldap.c
@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) {
  * reference counter value.
  */
 STATIC_ASSERT((isc_uint32_t)
 -		(typeof(isc_refcount_current((isc_refcount_t *)0)))
 +		(typeof(((isc_refcount_t *)0)->refs))
 		-1
 	      == 0xFFFFFFFF, \
 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");
 STATIC_ASSERT((isc_uint32_t)
 -		(typeof(isc_refcount_current((isc_refcount_t *)0)))
 +		(typeof(((isc_refcount_t *)0)->refs))
 		0x90ABCDEF12345678
 	      == 0x12345678, \
 	      "positive isc_refcount_t cannot be properly shortened to 32 bits");
 diff --git a/src/rbt_helper.c b/src/rbt_helper.c
 index 2a7e6cb..f610b07 100644
 --- a/src/rbt_helper.c
 +++ b/src/rbt_helper.c
@@ -2,6 +2,7 @@
  * Copyright (C) 2013-2014  bind-dyndb-ldap authors; see COPYING for license
  */
 +#include <isc/util.h>
 #include <dns/rbt.h>
 #include "util.h"
 diff --git a/src/types.h b/src/types.h
 index 25ef3b9..01d627c 100644
 --- a/src/types.h
 +++ b/src/types.h
@@ -24,7 +24,7 @@
  * rdata1 -> rdata2 -> rdata3           rdata4 -> rdata5
  * next_rdatalist              ->       next_rdatalist  ...
  */
 -typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
 +typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
 typedef struct enum_txt_assoc {
 	int		value;
 -- 
 2.14.3
--- a/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc
+++ b/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5
 Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F
 FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+
 r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr
 G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ
 lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4=
 =jtZI
 -----END PGP SIGNATURE-----
--- a/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc
+++ b/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCgAdFiEEQepdgpabRRLDzQC/fTs0GEpfA1kFAl3BmvcACgkQfTs0GEpf
 A1loIQgAvwg/JJTv8B5CWVc3/a1CgnokwQWKVFdD6uni3EGEH1vSRf58y2Faw8SI
 PhNiUNEQYazJyTVZ9uk5CT9IzVaMOrMXjY3U/CyzY59BvX7UODts3pOTAoyPaBMi
 fgDgWbF5NXfg/blgKKTCTSWdaCV5Pa85teva06mLj29Kxe2r5qRuAgiqGb4Paxc2
 pYnqlLtyyucrOz75gBDYkQndXqcJp1BVGQy+47gowfcn4e5ivVM8aexYRO2og+YD
 pmkN5P77hqe2RdrWG3Lz65LyCFglk4ll+466xUkKkQg/9w606e/yx8dUXAl0+4MA
 7eul6NowBs6Ok3azHh7ZPShTvlgcTg==
 =DvdK
 -----END PGP SIGNATURE-----
--- a/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch
+++ b/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch
@ -1,154 +0,0 @@
 From 88096745d1ef1798854e0c8319b5ae015f045fe3 Mon Sep 17 00:00:00 2001
 From: Alexander Bokovoy <abokovoy@redhat.com>
 Date: Wed, 1 May 2019 09:24:24 +0300
 Subject: [PATCH] Move recognition of a templated attribute to
 ldap_attribute_to_rdatatype
 When substitution of a templated entry attribute fails, we need to fall
 back to a static definition of the attribute from the same entry. This
 means, however, that ldap_attribute_to_rdatatype() will attempt to parse
 an attribute value anyway and will be confused by the templating prefix,
 thus reporting in named's logs:
 unsupported operation: object class in resource record template DN
 'idnsname=$NAME,idnsname=$ZONE.,cn=dns,$BASEDN' changed:
 rndc reload might be necessary
 Move recognition of a template attribute name to
 ldap_attribute_to_rdatatype() so that a proper attribute class is
 correctly derived and ignore templated attribute in the fallback code
 if case that template expansion is failed.
 Resolves: rhbz#1705072
 ---
 src/ldap_convert.c | 33 +++++++++++++++++++++++++--------
 src/ldap_convert.h |  2 ++
 src/ldap_helper.c  | 21 ++++++++++++++-------
 3 files changed, 41 insertions(+), 15 deletions(-)
 diff --git a/src/ldap_convert.c b/src/ldap_convert.c
 index 002a679..6e24c81 100644
 --- a/src/ldap_convert.c
 +++ b/src/ldap_convert.c
@@ -372,23 +372,40 @@ ldap_attribute_to_rdatatype(const char *ldap_attribute, dns_rdatatype_t *rdtype)
 {
 	isc_result_t result;
 	unsigned len;
 +	const char *attribute = NULL;
 	isc_consttextregion_t region;
 	len = strlen(ldap_attribute);
 	if (len <= LDAP_RDATATYPE_SUFFIX_LEN)
 		return ISC_R_UNEXPECTEDEND;
 +
 +	/* Before looking up rdtype, we need to see if rdtype is
 +	 * an LDAP subtype (type;subtype) and if so, strip one of
 +	 * the known prefixes. We also need to remove 'record' suffix
 +	 * if it exists. The resulting rdtype text name should have no
 +	 * 'extra' details: A, AAAA, CNAME, etc. */
 +	attribute = ldap_attribute;
 +
 +	/* Does attribute name start with with TEMPLATE_PREFIX? */
 +	if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX,
 +			ldap_attribute,
 +			LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) {
 +		attribute = ldap_attribute + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN;
 +		len -= LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN;
 +	/* Does attribute name start with with UNKNOWN_PREFIX? */
 +	} else if (strncasecmp(LDAP_RDATATYPE_UNKNOWN_PREFIX,
 +			       ldap_attribute,
 +			       LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) {
 +		attribute = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
 +		len -= LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
 +	}
 +
 	/* Does attribute name end with RECORD_SUFFIX? */
 -	if (strcasecmp(ldap_attribute + len - LDAP_RDATATYPE_SUFFIX_LEN,
 +	if (strcasecmp(attribute + len - LDAP_RDATATYPE_SUFFIX_LEN,
 		       LDAP_RDATATYPE_SUFFIX) == 0) {
 -		region.base = ldap_attribute;
 +		region.base = attribute;
 		region.length = len - LDAP_RDATATYPE_SUFFIX_LEN;
 -	/* Does attribute name start with with UNKNOWN_PREFIX? */
 -	} else if (strncasecmp(ldap_attribute,
 -			      LDAP_RDATATYPE_UNKNOWN_PREFIX,
 -			      LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) {
 -		region.base = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
 -		region.length = len - LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN;
 	} else
 		return ISC_R_UNEXPECTED;
 diff --git a/src/ldap_convert.h b/src/ldap_convert.h
 index 47ac947..fcd575b 100644
 --- a/src/ldap_convert.h
 +++ b/src/ldap_convert.h
@@ -17,6 +17,8 @@
 #define LDAP_RDATATYPE_SUFFIX_LEN	(sizeof(LDAP_RDATATYPE_SUFFIX) - 1)
 #define LDAP_RDATATYPE_UNKNOWN_PREFIX	"UnknownRecord;"
 #define LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN	(sizeof(LDAP_RDATATYPE_UNKNOWN_PREFIX) - 1)
 +#define LDAP_RDATATYPE_TEMPLATE_PREFIX "idnsTemplateAttribute;"
 +#define LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN	(sizeof(LDAP_RDATATYPE_TEMPLATE_PREFIX) - 1)
 /*
  * Convert LDAP DN 'dn', to dns_name_t 'target'. 'target' needs to be
 diff --git a/src/ldap_helper.c b/src/ldap_helper.c
 index 8b486ae..7f70ee3 100644
 --- a/src/ldap_helper.c
 +++ b/src/ldap_helper.c
@@ -2396,7 +2396,7 @@ ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set,
 		result = setting_find(setting_name, set, isc_boolean_true,
 				      isc_boolean_true, &setting);
 		if (result != ISC_R_SUCCESS) {
 -			log_debug(3, "setting '%s' is not defined so it "
 +			log_debug(5, "setting '%s' is not defined so it "
 				  "cannot be substituted into template '%s'",
 				  setting_name, str_buf(orig_val));
 			CLEANUP_WITH(ISC_R_IGNORE);
@@ -2459,23 +2459,22 @@ ldap_parse_rrentry_template(isc_mem_t *mctx, ldap_entry_t *entry,
 	dns_rdatatype_t rdtype;
 	dns_rdatalist_t *rdlist = NULL;
 	isc_boolean_t did_something = ISC_FALSE;
 -	static const char prefix[] = "idnsTemplateAttribute;";
 -	static const char prefix_len = sizeof(prefix) - 1;
 	CHECK(str_new(mctx, &orig_val));
 	rdclass = ldap_entry_getrdclass(entry);
 	ttl = ldap_entry_getttl(entry, settings);
 	while ((attr = ldap_entry_nextattr(entry)) != NULL) {
 -		if (strncasecmp(prefix, attr->name, prefix_len) != 0)
 +		if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX,
 +				attr->name,
 +				LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) != 0)
 			continue;
 -		result = ldap_attribute_to_rdatatype(attr->name + prefix_len,
 -						     &rdtype);
 +		result = ldap_attribute_to_rdatatype(attr->name, &rdtype);
 		if (result != ISC_R_SUCCESS) {
 			log_bug("%s: substitution into '%s' is not supported",
 				ldap_entry_logname(entry),
 -				attr->name + prefix_len);
 +				attr->name + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN);
 			continue;
 		}
@@ -2559,6 +2558,14 @@ ldap_parse_rrentry(isc_mem_t *mctx, ldap_entry_t *entry, dns_name_t *origin,
 	for (result = ldap_entry_firstrdtype(entry, &attr, &rdtype);
 	     result == ISC_R_SUCCESS;
 	     result = ldap_entry_nextrdtype(entry, &attr, &rdtype)) {
 +		/* If we reached this point and found a template attribute,
 +		 * skip it because it was not translated above due to missing
 +		 * defaults or some other errors. */
 +		if (((entry->class & LDAP_ENTRYCLASS_TEMPLATE) != 0) &&
 +		    strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX,
 +				attr->name,
 +				LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0)
 +			continue;
 		CHECK(findrdatatype_or_create(mctx, rdatalist, rdclass,
 					      rdtype, ttl, &rdlist));
 -- 
 2.21.0
--- a/SPECS/bind-dyndb-ldap.spec
+++ b/SPECS/bind-dyndb-ldap.spec
@ -1,10 +1,10 @@
 %define VERSION %{version}
-%define bind_version 32:9.11.4-14.P2
+%define bind_version 32:9.11.12-1
 Name:           bind-dyndb-ldap
-Version:        11.1
+Version:        11.2
-Release:        14%{?dist}
+Release:        3%{?dist}
 Summary:        LDAP back-end plug-in for BIND
 Group:          System Environment/Libraries
@ -12,15 +12,11 @@ License:        GPLv2+
 URL:            https://releases.pagure.org/bind-dyndb-ldap
 Source0:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
-Patch1:         0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
+Patch1:         0001-bind-dyndb-ldap-11.2-servestale.patch
 Patch2:         0002-Add-empty-callback-for-getsize.patch
 Patch3:         0003-Support-for-BIND-9.11.3.patch
 Patch4:         bind-dyndb-ldap-template-attribute-defaults.patch
 BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  openssl-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  automake, autoconf, libtool
@ -35,11 +31,8 @@ off of your LDAP server.
 %prep
 %setup -q -n %{name}-%{VERSION}
-%patch1 -p1
+%patch1 -p1 -b .servestale
-%patch2 -p1
+
 %patch3 -p1
 %patch4 -p1
 %build
 autoreconf -fiv
 %configure
@ -105,6 +98,20 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 %changelog
 * Wed Nov 27 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-3
 - Rebuild against bind 9.11.13
  Related: RHBZ#1762813
 * Mon Nov 18 2019 Thomas Woerner <twoerner@redhat.com> - 11.2-2
 - Add support for serve-stale, detected on build time
  Patch by Petr Menšík <pemensik@redhat.com>
  Related: RHBZ#1762813
 * Thu Nov 07 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-1
 - New upstream release
 - Support BIND9 9.11.11
 - Resolves: rhbz#1762813
 * Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-14
 - Fix attribute templating in case of a missing default value
 - Resolves: rhbz#1741896
`@ -1 +1 @@`
	`282bf80634784e70a42c9cef050cbf74cdd5be0d SOURCES/bind-dyndb-ldap-11.1.tar.bz2`	`0552e2595814b82626c4966af59b3d7f9bf3e990 SOURCES/bind-dyndb-ldap-11.2.tar.bz2`
`@ -1 +1 @@`
	`SOURCES/bind-dyndb-ldap-11.1.tar.bz2`	`SOURCES/bind-dyndb-ldap-11.2.tar.bz2`