diff --git a/.bind-dyndb-ldap.metadata b/.bind-dyndb-ldap.metadata index 7f14f8d..1025ef6 100644 --- a/.bind-dyndb-ldap.metadata +++ b/.bind-dyndb-ldap.metadata @@ -1 +1 @@ -282bf80634784e70a42c9cef050cbf74cdd5be0d SOURCES/bind-dyndb-ldap-11.1.tar.bz2 +0552e2595814b82626c4966af59b3d7f9bf3e990 SOURCES/bind-dyndb-ldap-11.2.tar.bz2 diff --git a/.gitignore b/.gitignore index b51fbbe..8d61224 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/bind-dyndb-ldap-11.1.tar.bz2 +SOURCES/bind-dyndb-ldap-11.2.tar.bz2 diff --git a/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch b/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch deleted file mode 100644 index 04b6cb8..0000000 --- a/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch +++ /dev/null @@ -1,116 +0,0 @@ -From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Mon, 27 Mar 2017 19:41:05 +0200 -Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst - -With the DynDB API changes, the ldap instance is acquired -differently. Previously, obtaining the instance could fail when -LDAP was disconnecting, thus the NULL check was necessary in the -cleanup part. - -Now, inst is obtained directly from the API. I'm not sure what is -the exact behaviour in edge cases such as LDAP disconnecting, so -I perform the NULL check a bit earlier, just to be safe. ---- - src/ldap_helper.c | 42 +++++++++++++++++++++--------------------- - 1 file changed, 21 insertions(+), 21 deletions(-) - -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event) - mctx = pevent->mctx; - dns_name_init(&prevname, NULL); - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - - if (SYNCREPL_DEL(pevent->chgtype)) { -@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event) - } - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- if (dns_name_dynamic(&prevname)) -- dns_name_free(&prevname, inst->mctx); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ if (dns_name_dynamic(&prevname)) -+ dns_name_free(&prevname, inst->mctx); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_zone (syncrepl) failed for %s. " - "Zones can be outdated, run `rndc reload`", -@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event) - - mctx = pevent->mctx; - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - CHECK(ldap_parse_configentry(entry, inst)); - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_config (syncrepl) failed for %s. " - "Configuration can be outdated, run `rndc reload`", -@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event) - - mctx = pevent->mctx; - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - CHECK(ldap_parse_serverconfigentry(entry, inst)); - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_serverconfig (syncrepl) failed for %s. " - "Configuration can be outdated, run `rndc reload`", -@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event) - dns_name_init(&prevname, NULL); - dns_name_init(&prevorigin, NULL); - -+ REQUIRE(inst != NULL); - CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure)); - zone_found = ISC_TRUE; - -@@ -4020,13 +4021,12 @@ cleanup: - ldap_entry_logname(entry), pevent->chgtype); - } - -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- if (dns_name_dynamic(&prevname)) -- dns_name_free(&prevname, inst->mctx); -- if (dns_name_dynamic(&prevorigin)) -- dns_name_free(&prevorigin, inst->mctx); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ if (dns_name_dynamic(&prevname)) -+ dns_name_free(&prevname, inst->mctx); -+ if (dns_name_dynamic(&prevorigin)) -+ dns_name_free(&prevorigin, inst->mctx); -+ - if (raw != NULL) - dns_zone_detach(&raw); - if (secure != NULL) --- -2.9.3 - diff --git a/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch b/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch new file mode 100644 index 0000000..1254d7f --- /dev/null +++ b/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch @@ -0,0 +1,73 @@ +From fecc0fd86f598807129ea9fa1e4e7b74cf2aba21 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Mon, 11 Nov 2019 17:36:58 +0100 +Subject: [PATCH] Add support for servestale records + +Serve-stale support includes two new database methods. Add wrapper into +ldap database. +--- + configure.ac | 5 +++++ + src/ldap_driver.c | 24 ++++++++++++++++++++++++ + 2 files changed, 29 insertions(+) + +diff --git a/configure.ac b/configure.ac +index d05bad9..7997898 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -120,6 +120,11 @@ int main(void) { + [AC_MSG_ERROR([Cross compiling is not supported.])] + ) + ++dnl dns_db_setservestalettl() can be backported, detect support ++AC_CHECK_LIB([dns], [dns_db_setservestalettl], ++ [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])] ++) ++ + dnl Older autoconf (2.59, for example) doesn't define docdir + [[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}' + AC_SUBST([docdir]) +diff --git a/src/ldap_driver.c b/src/ldap_driver.c +index b9161fe..dcf65d0 100644 +--- a/src/ldap_driver.c ++++ b/src/ldap_driver.c +@@ -823,6 +823,26 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) + return dns_db_nodefullname(ldapdb->rbtdb, node, name); + } + ++#ifdef HAVE_DNS_SERVESTALE ++static isc_result_t ++setservestalettl(dns_db_t *db, dns_ttl_t ttl) { ++ ldapdb_t *ldapdb = (ldapdb_t *) db; ++ ++ REQUIRE(VALID_LDAPDB(ldapdb)); ++ ++ return dns_db_setservestalettl(ldapdb->rbtdb, ttl); ++} ++ ++static isc_result_t ++getservestalettl(dns_db_t *db, dns_ttl_t *ttl) { ++ ldapdb_t *ldapdb = (ldapdb_t *) db; ++ ++ REQUIRE(VALID_LDAPDB(ldapdb)); ++ ++ return dns_db_getservestalettl(ldapdb->rbtdb, ttl); ++} ++#endif ++ + static dns_dbmethods_t ldapdb_methods = { + attach, + detach, +@@ -869,6 +889,10 @@ static dns_dbmethods_t ldapdb_methods = { + hashsize, + nodefullname, + NULL, // getsize method not implemented (related BZ1353563) ++#ifdef HAVE_DNS_SERVESTALE ++ setservestalettl, ++ getservestalettl, ++#endif + }; + + isc_result_t ATTR_NONNULLS +-- +2.20.1 + diff --git a/SOURCES/0002-Add-empty-callback-for-getsize.patch b/SOURCES/0002-Add-empty-callback-for-getsize.patch deleted file mode 100644 index 63f08b9..0000000 --- a/SOURCES/0002-Add-empty-callback-for-getsize.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Tue, 27 Jun 2017 10:41:03 +0200 -Subject: [PATCH] Add empty callback for getsize - -BIND introduced getsize method in db.h. This is related to -CVE-2016-6170 and allows to set restriction of zone size limit. - -Signed-off-by: Tomas Krizek ---- - src/ldap_driver.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/ldap_driver.c b/src/ldap_driver.c -index 53ce1a9..38673b0 100644 ---- a/src/ldap_driver.c -+++ b/src/ldap_driver.c -@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = { - findext, - setcachestats, - hashsize, -- nodefullname -+ nodefullname, -+ NULL, // getsize method not implemented (related BZ1353563) - }; - - isc_result_t ATTR_NONNULLS --- -2.9.4 - diff --git a/SOURCES/0003-Support-for-BIND-9.11.3.patch b/SOURCES/0003-Support-for-BIND-9.11.3.patch deleted file mode 100644 index 092e3c2..0000000 --- a/SOURCES/0003-Support-for-BIND-9.11.3.patch +++ /dev/null @@ -1,137 +0,0 @@ -From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Thu, 1 Mar 2018 19:41:10 +0100 -Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in - each file that uses REQUIRE(). Support stdatomic feature, do not use function - call in STATIC_ASSERT(). - ---- - src/bindcfg.c | 1 + - src/fwd_register.c | 1 + - src/ldap_entry.h | 11 +++++------ - src/mldap.c | 4 ++-- - src/rbt_helper.c | 1 + - src/types.h | 2 +- - 6 files changed, 11 insertions(+), 9 deletions(-) - -diff --git a/src/bindcfg.c b/src/bindcfg.c -index 9b429ba..5539dea 100644 ---- a/src/bindcfg.c -+++ b/src/bindcfg.c -@@ -6,6 +6,7 @@ - - #include "config.h" - -+#include - #include - #include - -diff --git a/src/fwd_register.c b/src/fwd_register.c -index 355d15f..7cc0c5a 100644 ---- a/src/fwd_register.c -+++ b/src/fwd_register.c -@@ -3,6 +3,7 @@ - */ - - #include -+#include - #include - - #include "rbt_helper.h" -diff --git a/src/ldap_entry.h b/src/ldap_entry.h -index 6498c79..88b1c42 100644 ---- a/src/ldap_entry.h -+++ b/src/ldap_entry.h -@@ -6,7 +6,6 @@ - #define _LD_LDAP_ENTRY_H_ - - #include --#include - #include - - #include "fwd_register.h" -@@ -19,15 +18,15 @@ - - /* Represents values associated with LDAP attribute */ - typedef struct ldap_value ldap_value_t; --typedef LIST(ldap_value_t) ldap_valuelist_t; -+typedef ISC_LIST(ldap_value_t) ldap_valuelist_t; - struct ldap_value { - char *value; -- LINK(ldap_value_t) link; -+ ISC_LINK(ldap_value_t) link; - }; - - /* Represents LDAP attribute and it's values */ - typedef struct ldap_attribute ldap_attribute_t; --typedef LIST(ldap_attribute_t) ldap_attributelist_t; -+typedef ISC_LIST(ldap_attribute_t) ldap_attributelist_t; - - /* Represents LDAP entry and it's attributes */ - typedef unsigned char ldap_entryclass_t; -@@ -41,7 +40,7 @@ struct ldap_entry { - - ldap_attribute_t *lastattr; - ldap_attributelist_t attrs; -- LINK(ldap_entry_t) link; -+ ISC_LINK(ldap_entry_t) link; - - /* Parsing. */ - isc_lex_t *lex; -@@ -59,7 +58,7 @@ struct ldap_attribute { - char **ldap_values; - ldap_value_t *lastval; - ldap_valuelist_t values; -- LINK(ldap_attribute_t) link; -+ ISC_LINK(ldap_attribute_t) link; - }; - - #define LDAP_ENTRYCLASS_NONE 0x0 -diff --git a/src/mldap.c b/src/mldap.c -index 143abce..304ba36 100644 ---- a/src/mldap.c -+++ b/src/mldap.c -@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) { - * reference counter value. - */ - STATIC_ASSERT((isc_uint32_t) -- (typeof(isc_refcount_current((isc_refcount_t *)0))) -+ (typeof(((isc_refcount_t *)0)->refs)) - -1 - == 0xFFFFFFFF, \ - "negative isc_refcount_t cannot be properly shortened to 32 bits"); - - STATIC_ASSERT((isc_uint32_t) -- (typeof(isc_refcount_current((isc_refcount_t *)0))) -+ (typeof(((isc_refcount_t *)0)->refs)) - 0x90ABCDEF12345678 - == 0x12345678, \ - "positive isc_refcount_t cannot be properly shortened to 32 bits"); -diff --git a/src/rbt_helper.c b/src/rbt_helper.c -index 2a7e6cb..f610b07 100644 ---- a/src/rbt_helper.c -+++ b/src/rbt_helper.c -@@ -2,6 +2,7 @@ - * Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license - */ - -+#include - #include - - #include "util.h" -diff --git a/src/types.h b/src/types.h -index 25ef3b9..01d627c 100644 ---- a/src/types.h -+++ b/src/types.h -@@ -24,7 +24,7 @@ - * rdata1 -> rdata2 -> rdata3 rdata4 -> rdata5 - * next_rdatalist -> next_rdatalist ... - */ --typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t; -+typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t; - - typedef struct enum_txt_assoc { - int value; --- -2.14.3 - diff --git a/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc deleted file mode 100644 index 3becbc4..0000000 --- a/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5 -Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F -FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+ -r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr -G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ -lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4= -=jtZI ------END PGP SIGNATURE----- diff --git a/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc new file mode 100644 index 0000000..a1a7484 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEQepdgpabRRLDzQC/fTs0GEpfA1kFAl3BmvcACgkQfTs0GEpf +A1loIQgAvwg/JJTv8B5CWVc3/a1CgnokwQWKVFdD6uni3EGEH1vSRf58y2Faw8SI +PhNiUNEQYazJyTVZ9uk5CT9IzVaMOrMXjY3U/CyzY59BvX7UODts3pOTAoyPaBMi +fgDgWbF5NXfg/blgKKTCTSWdaCV5Pa85teva06mLj29Kxe2r5qRuAgiqGb4Paxc2 +pYnqlLtyyucrOz75gBDYkQndXqcJp1BVGQy+47gowfcn4e5ivVM8aexYRO2og+YD +pmkN5P77hqe2RdrWG3Lz65LyCFglk4ll+466xUkKkQg/9w606e/yx8dUXAl0+4MA +7eul6NowBs6Ok3azHh7ZPShTvlgcTg== +=DvdK +-----END PGP SIGNATURE----- diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec index 412c815..447dbab 100644 --- a/SPECS/bind-dyndb-ldap.spec +++ b/SPECS/bind-dyndb-ldap.spec @@ -1,10 +1,10 @@ %define VERSION %{version} -%define bind_version 32:9.11.4-14.P2 +%define bind_version 32:9.11.12-1 Name: bind-dyndb-ldap -Version: 11.1 -Release: 13%{?dist} +Version: 11.2 +Release: 3%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries @@ -12,14 +12,11 @@ License: GPLv2+ URL: https://releases.pagure.org/bind-dyndb-ldap Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc -Patch1: 0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch -Patch2: 0002-Add-empty-callback-for-getsize.patch -Patch3: 0003-Support-for-BIND-9.11.3.patch +Patch1: 0001-bind-dyndb-ldap-11.2-servestale.patch BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} BuildRequires: krb5-devel BuildRequires: openldap-devel -BuildRequires: openssl-devel BuildRequires: libuuid-devel BuildRequires: automake, autoconf, libtool @@ -34,10 +31,8 @@ off of your LDAP server. %prep %setup -q -n %{name}-%{VERSION} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 - +%patch1 -p1 -b .servestale + %build autoreconf -fiv %configure @@ -103,6 +98,24 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf %changelog +* Wed Nov 27 2019 Alexander Bokovoy - 11.2-3 +- Rebuild against bind 9.11.13 + Related: RHBZ#1762813 + +* Mon Nov 18 2019 Thomas Woerner - 11.2-2 +- Add support for serve-stale, detected on build time + Patch by Petr Menšík + Related: RHBZ#1762813 + +* Thu Nov 07 2019 Alexander Bokovoy - 11.2-1 +- New upstream release +- Support BIND9 9.11.11 +- Resolves: rhbz#1762813 + +* Fri Aug 16 2019 Alexander Bokovoy - 11.1-14 +- Fix attribute templating in case of a missing default value +- Resolves: rhbz#1741896 + * Mon Oct 15 2018 Petr Menšík - 11.1-13 - Move setting of named selinux boolean to bind (#1639410)