Compare commits
No commits in common. "c8-stream-DL1" and "stream-idm-DL1-rhel-8.10.0" have entirely different histories.
c8-stream-
...
stream-idm
|
@ -1 +1 @@
|
|||
fa27009509513d06a65b5aa16b612824280221c6 SOURCES/bind-dyndb-ldap-11.6.tar.bz2
|
||||
fa27009509513d06a65b5aa16b612824280221c6 bind-dyndb-ldap-11.6.tar.bz2
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
SOURCES/bind-dyndb-ldap-11.6.tar.bz2
|
||||
/bind-dyndb-ldap-11.6.tar.bz2
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
From d2864db744849736243dd92c9cdb8a96cb4c26f1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Menšík <pemensik@redhat.com>
|
||||
Date: Thu, 22 Feb 2024 17:44:31 +0100
|
||||
Subject: Rebuild required for BIND changes for KeyTrap change
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
; Related: CVE-2023-50387 CVE-2023-50868
|
||||
Related: RHEL-25396 RHEL-25385
|
||||
|
||||
Signed-off-by: Petr Menšík <pemensik@redhat.com>
|
||||
|
||||
diff --git a/src/mldap.c b/src/mldap.c
|
||||
index 92a330c..79efddb 100644
|
||||
--- a/src/mldap.c
|
||||
+++ b/src/mldap.c
|
||||
@@ -50,18 +50,7 @@
|
||||
static unsigned char uuid_rootname_ndata[]
|
||||
= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
|
||||
static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
|
||||
-static dns_name_t uuid_rootname =
|
||||
-{
|
||||
- DNS_NAME_MAGIC,
|
||||
- uuid_rootname_ndata,
|
||||
- sizeof(uuid_rootname_ndata),
|
||||
- sizeof(uuid_rootname_offsets),
|
||||
- DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
|
||||
- uuid_rootname_offsets,
|
||||
- NULL,
|
||||
- { (void *)-1, (void *)-1 },
|
||||
- { NULL, NULL }
|
||||
-};
|
||||
+static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
|
||||
|
||||
struct mldapdb {
|
||||
isc_mem_t *mctx;
|
|
@ -0,0 +1,73 @@
|
|||
From fecc0fd86f598807129ea9fa1e4e7b74cf2aba21 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Mon, 11 Nov 2019 17:36:58 +0100
|
||||
Subject: [PATCH] Add support for servestale records
|
||||
|
||||
Serve-stale support includes two new database methods. Add wrapper into
|
||||
ldap database.
|
||||
---
|
||||
configure.ac | 5 +++++
|
||||
src/ldap_driver.c | 24 ++++++++++++++++++++++++
|
||||
2 files changed, 29 insertions(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index d05bad9..7997898 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -120,6 +120,11 @@ int main(void) {
|
||||
[AC_MSG_ERROR([Cross compiling is not supported.])]
|
||||
)
|
||||
|
||||
+dnl dns_db_setservestalettl() can be backported, detect support
|
||||
+AC_CHECK_LIB([dns], [dns_db_setservestalettl],
|
||||
+ [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])]
|
||||
+)
|
||||
+
|
||||
dnl Older autoconf (2.59, for example) doesn't define docdir
|
||||
[[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}'
|
||||
AC_SUBST([docdir])
|
||||
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
|
||||
index b9161fe..dcf65d0 100644
|
||||
--- a/src/ldap_driver.c
|
||||
+++ b/src/ldap_driver.c
|
||||
@@ -823,6 +823,26 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name)
|
||||
return dns_db_nodefullname(ldapdb->rbtdb, node, name);
|
||||
}
|
||||
|
||||
+#ifdef HAVE_DNS_SERVESTALE
|
||||
+static isc_result_t
|
||||
+setservestalettl(dns_db_t *db, dns_ttl_t ttl) {
|
||||
+ ldapdb_t *ldapdb = (ldapdb_t *) db;
|
||||
+
|
||||
+ REQUIRE(VALID_LDAPDB(ldapdb));
|
||||
+
|
||||
+ return dns_db_setservestalettl(ldapdb->rbtdb, ttl);
|
||||
+}
|
||||
+
|
||||
+static isc_result_t
|
||||
+getservestalettl(dns_db_t *db, dns_ttl_t *ttl) {
|
||||
+ ldapdb_t *ldapdb = (ldapdb_t *) db;
|
||||
+
|
||||
+ REQUIRE(VALID_LDAPDB(ldapdb));
|
||||
+
|
||||
+ return dns_db_getservestalettl(ldapdb->rbtdb, ttl);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static dns_dbmethods_t ldapdb_methods = {
|
||||
attach,
|
||||
detach,
|
||||
@@ -869,6 +889,10 @@ static dns_dbmethods_t ldapdb_methods = {
|
||||
hashsize,
|
||||
nodefullname,
|
||||
NULL, // getsize method not implemented (related BZ1353563)
|
||||
+#ifdef HAVE_DNS_SERVESTALE
|
||||
+ setservestalettl,
|
||||
+ getservestalettl,
|
||||
+#endif
|
||||
};
|
||||
|
||||
isc_result_t ATTR_NONNULLS
|
||||
--
|
||||
2.20.1
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From 2ddd4bf55e325071566aa1c78e3681c3239895da Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Mon, 11 Jan 2021 21:39:25 +0100
|
||||
Subject: [PATCH] Add compatibility with BIND 9.16.10 API change
|
||||
|
||||
One parameter was added to function used internally by plugin. Nothing
|
||||
like -nsec3param auto is supported by LDAP plugin. It is safe to set
|
||||
resalt false always. Salt can be changed via LDAP, but has to be
|
||||
specified manually.
|
||||
---
|
||||
src/ldap_helper.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
|
||||
index a81a9d228..3b4ae5c67 100644
|
||||
--- a/src/ldap_helper.c
|
||||
+++ b/src/ldap_helper.c
|
||||
@@ -1792,10 +1792,17 @@ zone_master_reconfigure_nsec3param(settings_set_t *zone_settings,
|
||||
dns_rdatatype_nsec3param, origin, nsec3p_str,
|
||||
&nsec3p_rdata));
|
||||
CHECK(dns_rdata_tostruct(nsec3p_rdata, &nsec3p_rr, NULL));
|
||||
+#if LIBDNS_VERSION_MAJOR > 1609
|
||||
+ CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
|
||||
+ nsec3p_rr.iterations,
|
||||
+ nsec3p_rr.salt_length, nsec3p_rr.salt,
|
||||
+ true, false));
|
||||
+#else
|
||||
CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
|
||||
nsec3p_rr.iterations,
|
||||
nsec3p_rr.salt_length, nsec3p_rr.salt,
|
||||
true));
|
||||
+#endif
|
||||
|
||||
cleanup:
|
||||
if (nsec3p_rdata != NULL) {
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From f4aec4d37447cc274b90c129ea15a008473ed02d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 21 Jan 2021 17:30:54 +0100
|
||||
Subject: [PATCH] Yet another change to support BIND 9.16.11 API change
|
||||
|
||||
Another change with another release, new parameter is added again.
|
||||
Add another ifdef to keep compatibility with both versions.
|
||||
---
|
||||
src/zone.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/zone.c b/src/zone.c
|
||||
index d0b71b194..7ce1769b3 100644
|
||||
--- a/src/zone.c
|
||||
+++ b/src/zone.c
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <dns/zone.h>
|
||||
|
||||
#include "util.h"
|
||||
+#include "config.h"
|
||||
|
||||
/**
|
||||
* Write given diff to zone journal. Journal will be created
|
||||
@@ -61,7 +62,11 @@ zone_soaserial_updatetuple(dns_updatemethod_t method, dns_difftuple_t *soa_tuple
|
||||
REQUIRE(soa_tuple->rdata.type == dns_rdatatype_soa);
|
||||
|
||||
serial = dns_soa_getserial(&soa_tuple->rdata);
|
||||
+#if LIBDNS_VERSION_MAJOR >= 1611
|
||||
+ serial = dns_update_soaserial(serial, method, NULL);
|
||||
+#else
|
||||
serial = dns_update_soaserial(serial, method);
|
||||
+#endif
|
||||
dns_soa_setserial(serial, &soa_tuple->rdata);
|
||||
if (new_serial != NULL)
|
||||
*new_serial = serial;
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 2a732bb03812878a9cc00d27d6c80f3993520626 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Thu, 26 Nov 2020 17:31:21 +0100
|
||||
Subject: [PATCH] Support BIND 9.16.9
|
||||
|
||||
Two new functions were added to database interface. They are more
|
||||
related to caching server and not authoritative. Add just null pointers,
|
||||
returning not supporter error if used.
|
||||
---
|
||||
src/ldap_driver.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
|
||||
index 2f6574ea5..c524b7cc5 100644
|
||||
--- a/src/ldap_driver.c
|
||||
+++ b/src/ldap_driver.c
|
||||
@@ -959,6 +959,10 @@ static dns_dbmethods_t ldapdb_methods = {
|
||||
setservestalettl,
|
||||
getservestalettl,
|
||||
#endif
|
||||
+#if LIBDNS_VERSION_MAJOR >= 1609
|
||||
+ NULL, /* setservestalerefresh */
|
||||
+ NULL, /* getservestalerefresh */
|
||||
+#endif
|
||||
#if LIBDNS_VERSION_MAJOR >= 1600
|
||||
NULL, /* setgluecachestats */
|
||||
#endif
|
||||
--
|
||||
2.26.2
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
From d7d3032de7f5d3dd3cffea6064549b63a9ad7d59 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 17 Jun 2021 17:57:52 +0200
|
||||
Subject: [PATCH] Skip isc_bind9 check on BIND 9.16.17+
|
||||
|
||||
Reference variable refvar from dns_dyndbctx_t were removed. Removed was
|
||||
also flag requesting different namespace. Skip that check on last stable
|
||||
version, it should eval to false on all versions anyway.
|
||||
---
|
||||
src/ldap_driver.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
|
||||
index e9f1005ee..5f9e00af1 100644
|
||||
--- a/src/ldap_driver.c
|
||||
+++ b/src/ldap_driver.c
|
||||
@@ -1156,6 +1156,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
|
||||
RUNTIME_CHECK(isc_once_do(&library_init_once, library_init)
|
||||
== ISC_R_SUCCESS);
|
||||
|
||||
+#if LIBDNS_VERSION_MAJOR < 1617
|
||||
/*
|
||||
* Depending on how dlopen() was called, we may not have
|
||||
* access to named's global namespace, in which case we need
|
||||
@@ -1168,6 +1169,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
|
||||
isc_hash_set_initializer(dctx->hashinit);
|
||||
log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9);
|
||||
}
|
||||
+#endif
|
||||
|
||||
log_debug(2, "registering dynamic ldap driver for %s.", name);
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
%define VERSION %{version}
|
||||
|
||||
%define bind_version 32:9.11.26-1
|
||||
%define bind_version 32:9.11.36-14
|
||||
|
||||
%if 0%{?fedora} >= 31 || 0%{?rhel} >= 9
|
||||
%global openssl_pkcs11_version 0.4.10-2
|
||||
|
@ -11,7 +11,7 @@
|
|||
|
||||
Name: bind-dyndb-ldap
|
||||
Version: 11.6
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: LDAP back-end plug-in for BIND
|
||||
|
||||
Group: System Environment/Libraries
|
||||
|
@ -22,6 +22,7 @@ Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.a
|
|||
|
||||
Patch0001: 0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch
|
||||
Patch0002: 0002-add-rwlock-before-include-zt-h.patch
|
||||
Patch0003: 0003-bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
|
||||
|
||||
BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
|
||||
BuildRequires: krb5-devel
|
||||
|
@ -114,6 +115,10 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Apr 02 2024 Rafael Jeffman <rjeffman@redhat.com> - 11.6-5
|
||||
- Rebuild due to Bind ABI changes.
|
||||
Resolves: RHEL-28842
|
||||
|
||||
* Thu Oct 13 2022 Rafael Jeffman <rjeffman@redhat.com> - 11.6-4
|
||||
- Modify empty zone conflicts under exclusive mode
|
||||
Resolves: rhbz#2126877
|
|
@ -0,0 +1,7 @@
|
|||
# recipients: abokovoy, frenaud, kaleem, ftrivino
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}
|
|
@ -0,0 +1,25 @@
|
|||
From 3a4ad363879da129669dbb5ed10f6b0a1b7778af Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Krizek <tkrizek@redhat.com>
|
||||
Date: Thu, 9 Feb 2017 17:52:59 +0100
|
||||
Subject: [PATCH] Remove duplicate const declaration specifier
|
||||
|
||||
---
|
||||
src/ldap_helper.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
|
||||
index 5de9f69f6957fd838f7f7a73dd755db98b0ee8d5..1fa0ec9adfa2b9ca589587244da03cc6f0584919 100644
|
||||
--- a/src/ldap_helper.c
|
||||
+++ b/src/ldap_helper.c
|
||||
@@ -2349,7 +2349,7 @@ free_rdatalist(isc_mem_t *mctx, dns_rdatalist_t *rdlist)
|
||||
* @retval others Unexpected errors.
|
||||
*/
|
||||
static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT
|
||||
-ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t const * set,
|
||||
+ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set,
|
||||
ld_string_t *orig_val, ld_string_t **output) {
|
||||
isc_result_t result;
|
||||
regex_t regex;
|
||||
--
|
||||
2.9.3
|
||||
|
Loading…
Reference in New Issue