rpms/bind-dyndb-ldap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import bind-dyndb-ldap-11.2-3.module+el8.2.0+4921+923e30d5

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 17:17:51 -05:00 committed by Stepan Oksanichenko
parent db2f1a09d9
commit 82c800f123
9 changed files with 110 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bind-dyndb-ldap.metadata
View File

@ -1 +1 @@
282bf80634784e70a42c9cef050cbf74cdd5be0d SOURCES/bind-dyndb-ldap-11.1.tar.bz2
0552e2595814b82626c4966af59b3d7f9bf3e990 SOURCES/bind-dyndb-ldap-11.2.tar.bz2

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/bind-dyndb-ldap-11.1.tar.bz2
SOURCES/bind-dyndb-ldap-11.2.tar.bz2

116
SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
View File

@ -1,116 +0,0 @@
From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkrizek@redhat.com>
Date: Mon, 27 Mar 2017 19:41:05 +0200
Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst
With the DynDB API changes, the ldap instance is acquired
differently. Previously, obtaining the instance could fail when
LDAP was disconnecting, thus the NULL check was necessary in the
cleanup part.
Now, inst is obtained directly from the API. I'm not sure what is
the exact behaviour in edge cases such as LDAP disconnecting, so
I perform the NULL check a bit earlier, just to be safe.
---
src/ldap_helper.c | 42 +++++++++++++++++++++---------------------
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
mctx = pevent->mctx;
dns_name_init(&prevname, NULL);
+ REQUIRE(inst != NULL);
INSIST(task == inst->task); /* For task-exclusive mode */
if (SYNCREPL_DEL(pevent->chgtype)) {
@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event)
}
cleanup:
- if (inst != NULL) {
- sync_concurr_limit_signal(inst->sctx);
- sync_event_signal(inst->sctx, pevent);
- if (dns_name_dynamic(&prevname))
- dns_name_free(&prevname, inst->mctx);
- }
+ sync_concurr_limit_signal(inst->sctx);
+ sync_event_signal(inst->sctx, pevent);
+ if (dns_name_dynamic(&prevname))
+ dns_name_free(&prevname, inst->mctx);
+
if (result != ISC_R_SUCCESS)
log_error_r("update_zone (syncrepl) failed for %s. "
"Zones can be outdated, run `rndc reload`",
@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event)
mctx = pevent->mctx;
+ REQUIRE(inst != NULL);
INSIST(task == inst->task); /* For task-exclusive mode */
CHECK(ldap_parse_configentry(entry, inst));
cleanup:
- if (inst != NULL) {
- sync_concurr_limit_signal(inst->sctx);
- sync_event_signal(inst->sctx, pevent);
- }
+ sync_concurr_limit_signal(inst->sctx);
+ sync_event_signal(inst->sctx, pevent);
+
if (result != ISC_R_SUCCESS)
log_error_r("update_config (syncrepl) failed for %s. "
"Configuration can be outdated, run `rndc reload`",
@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event)
mctx = pevent->mctx;
+ REQUIRE(inst != NULL);
INSIST(task == inst->task); /* For task-exclusive mode */
CHECK(ldap_parse_serverconfigentry(entry, inst));
cleanup:
- if (inst != NULL) {
- sync_concurr_limit_signal(inst->sctx);
- sync_event_signal(inst->sctx, pevent);
- }
+ sync_concurr_limit_signal(inst->sctx);
+ sync_event_signal(inst->sctx, pevent);
+
if (result != ISC_R_SUCCESS)
log_error_r("update_serverconfig (syncrepl) failed for %s. "
"Configuration can be outdated, run `rndc reload`",
@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event)
dns_name_init(&prevname, NULL);
dns_name_init(&prevorigin, NULL);
+ REQUIRE(inst != NULL);
CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure));
zone_found = ISC_TRUE;
@@ -4020,13 +4021,12 @@ cleanup:
ldap_entry_logname(entry), pevent->chgtype);
}
- if (inst != NULL) {
- sync_concurr_limit_signal(inst->sctx);
- if (dns_name_dynamic(&prevname))
- dns_name_free(&prevname, inst->mctx);
- if (dns_name_dynamic(&prevorigin))
- dns_name_free(&prevorigin, inst->mctx);
- }
+ sync_concurr_limit_signal(inst->sctx);
+ if (dns_name_dynamic(&prevname))
+ dns_name_free(&prevname, inst->mctx);
+ if (dns_name_dynamic(&prevorigin))
+ dns_name_free(&prevorigin, inst->mctx);
+
if (raw != NULL)
dns_zone_detach(&raw);
if (secure != NULL)
--
2.9.3

73
SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch Normal file
View File

@ -0,0 +1,73 @@
From fecc0fd86f598807129ea9fa1e4e7b74cf2aba21 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Mon, 11 Nov 2019 17:36:58 +0100
Subject: [PATCH] Add support for servestale records
Serve-stale support includes two new database methods. Add wrapper into
ldap database.
---
configure.ac | 5 +++++
src/ldap_driver.c | 24 ++++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/configure.ac b/configure.ac
index d05bad9..7997898 100644
--- a/configure.ac
+++ b/configure.ac
@@ -120,6 +120,11 @@ int main(void) {
[AC_MSG_ERROR([Cross compiling is not supported.])]
)
+dnl dns_db_setservestalettl() can be backported, detect support
+AC_CHECK_LIB([dns], [dns_db_setservestalettl],
+ [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])]
+)
+
dnl Older autoconf (2.59, for example) doesn't define docdir
[[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}'
AC_SUBST([docdir])
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
index b9161fe..dcf65d0 100644
--- a/src/ldap_driver.c
+++ b/src/ldap_driver.c
@@ -823,6 +823,26 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name)
return dns_db_nodefullname(ldapdb->rbtdb, node, name);
}
+#ifdef HAVE_DNS_SERVESTALE
+static isc_result_t
+setservestalettl(dns_db_t *db, dns_ttl_t ttl) {
+ ldapdb_t *ldapdb = (ldapdb_t *) db;
+
+ REQUIRE(VALID_LDAPDB(ldapdb));
+
+ return dns_db_setservestalettl(ldapdb->rbtdb, ttl);
+}
+
+static isc_result_t
+getservestalettl(dns_db_t *db, dns_ttl_t *ttl) {
+ ldapdb_t *ldapdb = (ldapdb_t *) db;
+
+ REQUIRE(VALID_LDAPDB(ldapdb));
+
+ return dns_db_getservestalettl(ldapdb->rbtdb, ttl);
+}
+#endif
+
static dns_dbmethods_t ldapdb_methods = {
attach,
detach,
@@ -869,6 +889,10 @@ static dns_dbmethods_t ldapdb_methods = {
hashsize,
nodefullname,
NULL, // getsize method not implemented (related BZ1353563)
+#ifdef HAVE_DNS_SERVESTALE
+ setservestalettl,
+ getservestalettl,
+#endif
};
isc_result_t ATTR_NONNULLS
--
2.20.1

30
SOURCES/0002-Add-empty-callback-for-getsize.patch
View File

@ -1,30 +0,0 @@
From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkrizek@redhat.com>
Date: Tue, 27 Jun 2017 10:41:03 +0200
Subject: [PATCH] Add empty callback for getsize
BIND introduced getsize method in db.h. This is related to
CVE-2016-6170 and allows to set restriction of zone size limit.
Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
---
src/ldap_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
index 53ce1a9..38673b0 100644
--- a/src/ldap_driver.c
+++ b/src/ldap_driver.c
@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = {
findext,
setcachestats,
hashsize,
- nodefullname
+ nodefullname,
+ NULL, // getsize method not implemented (related BZ1353563)
};
isc_result_t ATTR_NONNULLS
--
2.9.4

137
SOURCES/0003-Support-for-BIND-9.11.3.patch
View File

@ -1,137 +0,0 @@
From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 1 Mar 2018 19:41:10 +0100
Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in
each file that uses REQUIRE(). Support stdatomic feature, do not use function
call in STATIC_ASSERT().
---
src/bindcfg.c | 1 +
src/fwd_register.c | 1 +
src/ldap_entry.h | 11 +++++------
src/mldap.c | 4 ++--
src/rbt_helper.c | 1 +
src/types.h | 2 +-
6 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/src/bindcfg.c b/src/bindcfg.c
index 9b429ba..5539dea 100644
--- a/src/bindcfg.c
+++ b/src/bindcfg.c
@@ -6,6 +6,7 @@
#include "config.h"
+#include <isc/util.h>
#include <isccfg/grammar.h>
#include <isccfg/namedconf.h>
diff --git a/src/fwd_register.c b/src/fwd_register.c
index 355d15f..7cc0c5a 100644
--- a/src/fwd_register.c
+++ b/src/fwd_register.c
@@ -3,6 +3,7 @@
*/
#include <isc/rwlock.h>
+#include <isc/util.h>
#include <dns/name.h>
#include "rbt_helper.h"
diff --git a/src/ldap_entry.h b/src/ldap_entry.h
index 6498c79..88b1c42 100644
--- a/src/ldap_entry.h
+++ b/src/ldap_entry.h
@@ -6,7 +6,6 @@
#define _LD_LDAP_ENTRY_H_
#include <isc/lex.h>
-#include <isc/util.h>
#include <dns/types.h>
#include "fwd_register.h"
@@ -19,15 +18,15 @@
/* Represents values associated with LDAP attribute */
typedef struct ldap_value ldap_value_t;
-typedef LIST(ldap_value_t) ldap_valuelist_t;
+typedef ISC_LIST(ldap_value_t) ldap_valuelist_t;
struct ldap_value {
char *value;
- LINK(ldap_value_t) link;
+ ISC_LINK(ldap_value_t) link;
};
/* Represents LDAP attribute and it's values */
typedef struct ldap_attribute ldap_attribute_t;
-typedef LIST(ldap_attribute_t) ldap_attributelist_t;
+typedef ISC_LIST(ldap_attribute_t) ldap_attributelist_t;
/* Represents LDAP entry and it's attributes */
typedef unsigned char ldap_entryclass_t;
@@ -41,7 +40,7 @@ struct ldap_entry {
ldap_attribute_t *lastattr;
ldap_attributelist_t attrs;
- LINK(ldap_entry_t) link;
+ ISC_LINK(ldap_entry_t) link;
/* Parsing. */
isc_lex_t *lex;
@@ -59,7 +58,7 @@ struct ldap_attribute {
char **ldap_values;
ldap_value_t *lastval;
ldap_valuelist_t values;
- LINK(ldap_attribute_t) link;
+ ISC_LINK(ldap_attribute_t) link;
};
#define LDAP_ENTRYCLASS_NONE 0x0
diff --git a/src/mldap.c b/src/mldap.c
index 143abce..304ba36 100644
--- a/src/mldap.c
+++ b/src/mldap.c
@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) {
* reference counter value.
*/
STATIC_ASSERT((isc_uint32_t)
- (typeof(isc_refcount_current((isc_refcount_t *)0)))
+ (typeof(((isc_refcount_t *)0)->refs))
-1
== 0xFFFFFFFF, \
"negative isc_refcount_t cannot be properly shortened to 32 bits");
STATIC_ASSERT((isc_uint32_t)
- (typeof(isc_refcount_current((isc_refcount_t *)0)))
+ (typeof(((isc_refcount_t *)0)->refs))
0x90ABCDEF12345678
== 0x12345678, \
"positive isc_refcount_t cannot be properly shortened to 32 bits");
diff --git a/src/rbt_helper.c b/src/rbt_helper.c
index 2a7e6cb..f610b07 100644
--- a/src/rbt_helper.c
+++ b/src/rbt_helper.c
@@ -2,6 +2,7 @@
* Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license
*/
+#include <isc/util.h>
#include <dns/rbt.h>
#include "util.h"
diff --git a/src/types.h b/src/types.h
index 25ef3b9..01d627c 100644
--- a/src/types.h
+++ b/src/types.h
@@ -24,7 +24,7 @@
* rdata1 -> rdata2 -> rdata3 rdata4 -> rdata5
* next_rdatalist -> next_rdatalist ...
*/
-typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
+typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
typedef struct enum_txt_assoc {
int value;
--
2.14.3

11
SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5
Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F
FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+
r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr
G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ
lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4=
=jtZI
-----END PGP SIGNATURE-----

11
SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEQepdgpabRRLDzQC/fTs0GEpfA1kFAl3BmvcACgkQfTs0GEpf
A1loIQgAvwg/JJTv8B5CWVc3/a1CgnokwQWKVFdD6uni3EGEH1vSRf58y2Faw8SI
PhNiUNEQYazJyTVZ9uk5CT9IzVaMOrMXjY3U/CyzY59BvX7UODts3pOTAoyPaBMi
fgDgWbF5NXfg/blgKKTCTSWdaCV5Pa85teva06mLj29Kxe2r5qRuAgiqGb4Paxc2
pYnqlLtyyucrOz75gBDYkQndXqcJp1BVGQy+47gowfcn4e5ivVM8aexYRO2og+YD
pmkN5P77hqe2RdrWG3Lz65LyCFglk4ll+466xUkKkQg/9w606e/yx8dUXAl0+4MA
7eul6NowBs6Ok3azHh7ZPShTvlgcTg==
=DvdK
-----END PGP SIGNATURE-----

35
SPECS/bind-dyndb-ldap.spec
View File

@ -1,10 +1,10 @@
%define VERSION %{version}
%define bind_version 32:9.11.4-14.P2
%define bind_version 32:9.11.12-1
Name: bind-dyndb-ldap
Version: 11.1
Release: 13%{?dist}
Version: 11.2
Release: 3%{?dist}
Summary: LDAP back-end plug-in for BIND
Group: System Environment/Libraries
@ -12,14 +12,11 @@ License: GPLv2+
URL: https://releases.pagure.org/bind-dyndb-ldap
Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
Patch1: 0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
Patch2: 0002-Add-empty-callback-for-getsize.patch
Patch3: 0003-Support-for-BIND-9.11.3.patch
Patch1: 0001-bind-dyndb-ldap-11.2-servestale.patch
BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
BuildRequires: krb5-devel
BuildRequires: openldap-devel
BuildRequires: openssl-devel
BuildRequires: libuuid-devel
BuildRequires: automake, autoconf, libtool
@ -34,10 +31,8 @@ off of your LDAP server.
%prep
%setup -q -n %{name}-%{VERSION}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch1 -p1 -b .servestale
%build
autoreconf -fiv
%configure
@ -103,6 +98,24 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
%changelog
* Wed Nov 27 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-3
- Rebuild against bind 9.11.13
Related: RHBZ#1762813
* Mon Nov 18 2019 Thomas Woerner <twoerner@redhat.com> - 11.2-2
- Add support for serve-stale, detected on build time
Patch by Petr Menšík <pemensik@redhat.com>
Related: RHBZ#1762813
* Thu Nov 07 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-1
- New upstream release
- Support BIND9 9.11.11
- Resolves: rhbz#1762813
* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-14
- Fix attribute templating in case of a missing default value
- Resolves: rhbz#1741896
* Mon Oct 15 2018 Petr Menšík <pemensik@redhat.com> - 11.1-13
- Move setting of named selinux boolean to bind (#1639410)