Compare commits

..

No commits in common. "c8-stream-DL1" and "c10s" have entirely different histories.

20 changed files with 1375 additions and 121 deletions

View File

@ -1 +0,0 @@
fa27009509513d06a65b5aa16b612824280221c6 SOURCES/bind-dyndb-ldap-11.6.tar.bz2

60
.gitignore vendored
View File

@ -1 +1,59 @@
SOURCES/bind-dyndb-ldap-11.6.tar.bz2 bind-dyndb-ldap-0.1.0b.tar.bz2
/bind-dyndb-ldap-0.2.0.tar.bz2
/bind-dyndb-ldap-1.0.0b1.tar.gz
/bind-dyndb-ldap-1.0.0rc1.tar.bz2
/bind-dyndb-ldap-1.1.0a1.tar.bz2
/bind-dyndb-ldap-1.1.0a2.tar.bz2
/bind-dyndb-ldap-1.1.0b1.tar.bz2
/bind-dyndb-ldap-1.1.0b2.tar.bz2
/bind-dyndb-ldap-1.1.0rc1.tar.bz2
/bind-dyndb-ldap-2.0-20120921git7710d89.tar.bz2
/bind-dyndb-ldap-2.0-20121009git6a86b1.tar.gz
/bind-dyndb-ldap-2.1.tar.bz2
/bind-dyndb-ldap-2.3.tar.bz2
/bind-dyndb-ldap-2.4.tar.bz2
/bind-dyndb-ldap-2.5.tar.bz2
/bind-dyndb-ldap-2.6.tar.bz2
/bind-dyndb-ldap-3.0.tar.bz2
/bind-dyndb-ldap-3.1.tar.bz2
/bind-dyndb-ldap-3.2.tar.bz2
/bind-dyndb-ldap-3.3.tar.bz2
/bind-dyndb-ldap-3.4.tar.bz2
/bind-dyndb-ldap-3.5.tar.bz2
/bind-dyndb-ldap-4.1.tar.bz2
/bind-dyndb-ldap-4.3.tar.bz2
/bind-dyndb-ldap-5.0.tar.bz2
/bind-dyndb-ldap-5.1.tar.bz2
/bind-dyndb-ldap-5.2.tar.bz2
/bind-dyndb-ldap-5.3.tar.bz2
/bind-dyndb-ldap-6.0.tar.bz2
/bind-dyndb-ldap-6.1.tar.bz2
/bind-dyndb-ldap-6.1.tar.bz2.asc
/bind-dyndb-ldap-7.0.tar.bz2
/bind-dyndb-ldap-7.0.tar.bz2.asc
/bind-dyndb-ldap-8.0.tar.bz2
/bind-dyndb-ldap-8.0.tar.bz2.asc
/bind-dyndb-ldap-9.0.tar.bz2
/bind-dyndb-ldap-9.0.tar.bz2.asc
/bind-dyndb-ldap-10.0.tar.bz2
/bind-dyndb-ldap-10.0.tar.bz2.asc
/bind-dyndb-ldap-10.1.tar.bz2
/bind-dyndb-ldap-10.1.tar.bz2.asc
/bind-dyndb-ldap-11.0.tar.bz2
/bind-dyndb-ldap-11.0.tar.bz2.asc
/bind-dyndb-ldap-11.1.tar.bz2
/bind-dyndb-ldap-11.1.tar.bz2.asc
/bind-dyndb-ldap-11.2.tar.bz2
/bind-dyndb-ldap-11.2.tar.bz2.asc
/bind-dyndb-ldap-11.3.tar.bz2
/bind-dyndb-ldap-11.3.tar.bz2.asc
/bind-dyndb-ldap-11.5.tar.bz2
/bind-dyndb-ldap-11.5.tar.bz2.asc
/bind-dyndb-ldap-11.6.tar.bz2
/bind-dyndb-ldap-11.6.tar.bz2.asc
/bind-dyndb-ldap-11.7.tar.bz2
/bind-dyndb-ldap-11.7.tar.bz2.asc
/bind-dyndb-ldap-11.9.tar.bz2
/bind-dyndb-ldap-11.9.tar.bz2.asc
/bind-dyndb-ldap-11.10.tar.bz2
/bind-dyndb-ldap-11.10.tar.bz2.asc

View File

@ -1,37 +0,0 @@
From 7b4c1e28b3e64f7cd075599472e349510f8d33da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 14 Sep 2022 17:10:11 +0200
Subject: [PATCH] Modify empty zone conflicts under exclusive mode
Does not accept new request when exclusive mode is active. Zone table
can be modified even after main fwd entries have been added. Ensure
empty zones handling keeps exclusive mode active.
Exclusive mode were mentioned as the only protection it had by bind
maintainer:
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6637#note_308928
---
src/fwd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/fwd.c b/src/fwd.c
index 24f6e53..0a3c673 100644
--- a/src/fwd.c
+++ b/src/fwd.c
@@ -595,10 +595,12 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
dns_result_totext(result));
/* Handle collisions with automatic empty zones. */
- if (isconfigured == true)
+ if (isconfigured == true) {
+ run_exclusive_enter(inst, &lock_state);
CHECK(empty_zone_handle_conflicts(name,
view->zonetable,
(fwdpolicy == dns_fwdpolicy_first)));
+ }
cleanup:
run_exclusive_exit(inst, lock_state);
--
2.37.3

View File

@ -1,10 +0,0 @@
--- a/src/zone_register.h 2020-09-14 11:11:52.000000000 -0400
+++ a/src/zone_register.h 2022-10-11 10:01:35.293730147 -0400
@@ -5,6 +5,7 @@
#ifndef _LD_ZONE_REGISTER_H_
#define _LD_ZONE_REGISTER_H_
+#include <isc/rwlock.h>
#include <dns/zt.h>
#include "settings.h"

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAl+7wQUACgkQRxniuKu/
YhrK4Q/7B3njZOLSN1nor1ftoGGgXHvOvAGZTH+S0aI/u2bGfMIy3iT6NCcXZaVy
LftvbYUKZ1zT92LYyTng7d8qgc8B7fmIAHPKye2uuxfPgwYkqdBLLKOMoAjbijjI
P3Qkoee9bAF89wjnEnyfE9beJ9Vwe6PQLuCovIIauYEfhXjazOhSt7aDpYQ1X5Ui
WyUKMhbO9WZ+TokW6wMTLGC8eCJdIJz0OXrROsLp6KZW4Y4wxf/zcU/XztDmEcOm
DIeDir1ohp8xyssfBYr9tmamD+FzoU9+oR1+WjQav/pxFBqezzm7U3cvq9PrQ7SK
Q5jpmeNOTvoUjnEMBW/AXPxth0yXVX3XlIYjhVX3R4r/ZXwmK1g6hqsT2kSbCvAS
/DR7yfou2SQLuH1z6qs6vd+IdTYVpsHMBBdQtHSeZ5701fyJgIABI98oMMV/KplL
bwfL/uhTPjuH1nett7h7NuINiVET0Yy63/CRicQs199ORGLVBaQ+AVCxj33m5NH/
ggMKhA5VNmMSSvyI/TiytLbqhjw29kjRo4/vDEqv1co9fB2J2MBdTCtSF4gixB0n
da/W6PnKiS45f0NdqpU5oUxLDTni+hYrQV1GXavdnx8lpnab9jlJO6vOZSCodSS+
0eMJRH7knFDrY7EEjbUD7/pPZphPQUamvecmYhgn+La4SHkf2wA=
=cGu/
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,38 @@
From 282b1c9ea58cc0f2337a72912808505e5f540d5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Sat, 28 Jan 2023 11:32:05 +0100
Subject: [PATCH] Minimal change to compile with BIND 9.18.11
DSCP codes are not working and their support were removed from BIND9. Do
not require them to be present.
---
src/fwd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/fwd.c b/src/fwd.c
index 24f6e53..10ec848 100644
--- a/src/fwd.c
+++ b/src/fwd.c
@@ -198,7 +198,9 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs,
INSIST((fwdr_int == NULL) == (fwdr_cfg == NULL)), fwdr_int != NULL;
fwdr_int = ISC_LIST_NEXT(fwdr_int, link), fwdr_cfg = cfg_list_next(fwdr_cfg)) {
fwdr_cfg->obj->value.sockaddrdscp.sockaddr = fwdr_int->addr;
+#if LIBDNS_VERSION_MAJOR < 1811
fwdr_cfg->obj->value.sockaddrdscp.dscp = fwdr_int->dscp;
+#endif
}
cfg_print(faddresses, buffer_append_str, &tmp_buf);
@@ -281,7 +283,9 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx,
isc_sockaddr_setport(&addr, port);
fwdr = isc_mem_get(mctx, sizeof(*(fwdr)));
fwdr->addr = addr;
+#if LIBDNS_VERSION_MAJOR < 1811
fwdr->dscp = cfg_obj_getdscp(fwdr_cfg);
+#endif
ISC_LINK_INIT(fwdr, link);
ISC_LIST_APPEND(*fwdrs, fwdr, link);
}
--
2.39.1

View File

@ -0,0 +1,56 @@
From 5d9a012e07578d1a813b385224ba53f77f06b026 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 22 Mar 2023 13:38:18 +0100
Subject: [PATCH] Remove rpz_attach for BIND 9.16+
rpz_attach is never supplied from BIND9 code both in 9.16 or 9.18.
Remove our custom function and pass NULL as well. It would be never
called anyway.
Modified to directly remove the function without db_registered fix.
---
src/ldap_driver.c | 20 ++++----------------
1 file changed, 4 insertions(+), 16 deletions(-)
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
index e4aeeb2..20e12fc 100644
--- a/src/ldap_driver.c
+++ b/src/ldap_driver.c
@@ -804,22 +804,6 @@ rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, uint8_t rpz_num)
dns_db_rpz_attach(ldapdb->rbtdb, rpzs, rpz_num);
}
-#else
-void
-rpz_attach(dns_db_t *db, void *void_rpzs, uint8_t rpz_num)
-{
- ldapdb_t *ldapdb = (ldapdb_t *) db;
- dns_rpz_zones_t *rpzs = (dns_rpz_zones_t *) void_rpzs;
- isc_result_t result;
-
- REQUIRE(VALID_LDAPDB(ldapdb));
-
- rpzs->zones[rpz_num]->db_registered = true;
- result = dns_db_updatenotify_register(ldapdb->rbtdb,
- dns_rpz_dbupdate_callback,
- rpzs->zones[rpz_num]);
- REQUIRE(result == ISC_R_SUCCESS);
-}
#endif
/*
@@ -966,7 +950,11 @@ static dns_dbmethods_t ldapdb_methods = {
resigned,
isdnssec,
getrrsetstats,
+#if LIBDNS_VERSION_MAJOR < 1600
rpz_attach,
+#else
+ NULL,
+#endif
NULL, /* rpz_ready */
findnodeext,
findext,
--
2.39.2

View File

@ -0,0 +1,405 @@
From 131ddb918a5e80bfac2ce97d994f75d42fdf4546 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Mon, 25 Sep 2023 12:33:42 +0200
Subject: [PATCH] Detect and propagate atomic libraries like bind9
BIND9 headers expect atomic definitions are configured before they are
included. It needs adding atomic libraries detection in configure AND
including config.h before any ISC headers are included.
Move dyndb-config.h before isc headers anywhere where needed.
---
configure.ac | 72 +++++++++++++++++++++++++++++++++++++++++++++
src/empty_zones.c | 3 +-
src/fs.c | 2 ++
src/fwd_register.c | 3 +-
src/krb5_helper.c | 1 +
src/ldap_convert.c | 3 +-
src/ldap_entry.c | 4 ++-
src/lock.c | 2 ++
src/log.c | 2 ++
src/metadb.c | 2 ++
src/mldap.c | 5 ++--
src/rbt_helper.c | 3 +-
src/semaphore.c | 2 ++
src/settings.c | 3 +-
src/str.c | 2 ++
src/syncptr.c | 3 +-
src/zone.c | 2 ++
src/zone_register.c | 3 +-
18 files changed, 107 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9f7f3640c..c30f105db 100644
--- a/configure.ac
+++ b/configure.ac
@@ -145,6 +145,78 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM([
], [AC_MSG_ERROR([Cross compiling is not supported.])]
)
+# Following atomic checks taken from bind9 configure
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+ISC_ATOMIC_LIBS=""
+AC_CHECK_HEADERS(
+ [stdatomic.h],
+ [AC_MSG_CHECKING([for memory model aware atomic operations])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <stdatomic.h>]],
+ [[atomic_int_fast32_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed);]]
+ )],
+ [AC_MSG_RESULT([stdatomic.h])
+ AC_MSG_CHECKING([whether -latomic is needed for 64-bit stdatomic.h functions])
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <stdatomic.h>]],
+ [[atomic_int_fast64_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed);]]
+ )],
+ [AC_MSG_RESULT([no])],
+ [ISC_ATOMIC_LIBS="-latomic"
+ AX_SAVE_FLAGS([atomic])
+ LIBS="$LIBS $ISC_ATOMIC_LIBS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <stdatomic.h>]],
+ [[atomic_int_fast64_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed);]]
+ )],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, please fix your toolchain.])])
+ AX_RESTORE_FLAGS([atomic])
+ ])
+ ],
+ [AC_MSG_FAILURE([stdatomic.h header found, but compilation failed, please fix your toolchain.])]
+ )],
+ [AC_MSG_CHECKING([for memory model aware atomic operations])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <inttypes.h>]],
+ [[int32_t val = 0; __atomic_fetch_add(&val, 1, __ATOMIC_RELAXED);]]
+ )],
+ [AC_MSG_RESULT([__atomic builtins])
+ AC_DEFINE([HAVE___ATOMIC], [1], [define if __atomic builtins are not available])
+ AC_MSG_CHECKING([whether -latomic is needed for 64-bit __atomic builtins])
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <inttypes.h>]],
+ [[int64_t val = 0; __atomic_fetch_add(&val, 1, __ATOMIC_RELAXED);]]
+ )],
+ [AC_MSG_RESULT([no])],
+ [ISC_ATOMIC_LIBS="-latomic"
+ AX_SAVE_FLAGS([atomic])
+ LIBS="$LIBS $ISC_ATOMIC_LIBS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <inttypes.h>]],
+ [[int64_t val = 0; __atomic_fetch_add(&val, 1, __ATOMIC_RELAXED);]]
+ )],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, please fix your toolchain.])])
+ AX_RESTORE_FLAGS([atomic])
+ ])
+ ],
+ [AC_MSG_FAILURE([not found])
+ ])
+ ])
+LIBS="$LIBS $ISC_ATOMIC_LIBS"
+
dnl isc_errno_toresult() was not available in older header files
AC_MSG_CHECKING([isc_errno_toresult availability])
AC_TRY_RUN([
diff --git a/src/empty_zones.c b/src/empty_zones.c
index 4e14a804a..f818046d4 100644
--- a/src/empty_zones.c
+++ b/src/empty_zones.c
@@ -1,5 +1,7 @@
#include <stdio.h>
+#include "dyndb-config.h"
+
#include <isc/result.h>
#include <isc/types.h>
#include <isc/util.h>
@@ -8,7 +10,6 @@
#include <dns/zone.h>
#include <dns/zt.h>
-#include "dyndb-config.h"
#include "empty_zones.h"
#include "util.h"
#include "zone_register.h"
diff --git a/src/fs.c b/src/fs.c
index 09df5842a..4f3c9c069 100644
--- a/src/fs.c
+++ b/src/fs.c
@@ -8,6 +8,8 @@
#include <sys/stat.h>
+#include "dyndb-config.h"
+
#include <isc/dir.h>
#include <isc/file.h>
#include <isc/errno.h>
diff --git a/src/fwd_register.c b/src/fwd_register.c
index 5a3d4e2c2..85792d52e 100644
--- a/src/fwd_register.c
+++ b/src/fwd_register.c
@@ -2,11 +2,12 @@
* Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license
*/
+#include "dyndb-config.h"
+
#include <isc/rwlock.h>
#include <isc/util.h>
#include <dns/name.h>
-#include "dyndb-config.h"
#include "rbt_helper.h"
#include "fwd_register.h"
#include "util.h"
diff --git a/src/krb5_helper.c b/src/krb5_helper.c
index 5d7ee6a9a..92412304b 100644
--- a/src/krb5_helper.c
+++ b/src/krb5_helper.c
@@ -4,6 +4,7 @@
#define _POSIX_C_SOURCE 200112L /* setenv */
+#include "dyndb-config.h"
#include <isc/util.h>
#include <string.h>
#include <stdlib.h>
diff --git a/src/ldap_convert.c b/src/ldap_convert.c
index 87f635f79..0a946c421 100644
--- a/src/ldap_convert.c
+++ b/src/ldap_convert.c
@@ -2,6 +2,8 @@
* Copyright (C) 2009-2015 bind-dyndb-ldap authors; see COPYING for license
*/
+#include "dyndb-config.h"
+
#include <isc/buffer.h>
#include <isc/hex.h>
#include <isc/mem.h>
@@ -20,7 +22,6 @@
#include <strings.h>
#include <ctype.h>
-#include "dyndb-config.h"
#include "str.h"
#include "ldap_convert.h"
#include "log.h"
diff --git a/src/ldap_entry.c b/src/ldap_entry.c
index cdf26d858..a29797b1c 100644
--- a/src/ldap_entry.c
+++ b/src/ldap_entry.c
@@ -2,12 +2,14 @@
* Copyright (C) 2011-2014 bind-dyndb-ldap authors; see COPYING for license
*/
#include <uuid/uuid.h>
+#include <inttypes.h>
+
+#include "dyndb-config.h"
#include <dns/rdata.h>
#include <dns/ttl.h>
#include <dns/types.h>
-#include <inttypes.h>
#include <isc/region.h>
#include <isc/types.h>
#include <isc/util.h>
diff --git a/src/lock.c b/src/lock.c
index df6e5ccba..abb5fe0d7 100644
--- a/src/lock.c
+++ b/src/lock.c
@@ -2,6 +2,8 @@
* Copyright (C) 2014 bind-dyndb-ldap authors; see COPYING for license
*/
+#include "dyndb-config.h"
+
#include <isc/task.h>
#include <isc/util.h>
diff --git a/src/log.c b/src/log.c
index 1eba3cde2..78f9e68b5 100644
--- a/src/log.c
+++ b/src/log.c
@@ -4,6 +4,8 @@
#include <stdio.h>
+#include "dyndb-config.h"
+
#include <isc/formatcheck.h>
#include <isc/util.h>
diff --git a/src/metadb.c b/src/metadb.c
index 276de244f..f035269d2 100644
--- a/src/metadb.c
+++ b/src/metadb.c
@@ -4,6 +4,8 @@
* Meta-database for information which are not represented in DNS data.
*/
+#include "dyndb-config.h"
+
#include <isc/mutex.h>
#include <isc/util.h>
diff --git a/src/mldap.c b/src/mldap.c
index 0bc2d332f..92a330ccb 100644
--- a/src/mldap.c
+++ b/src/mldap.c
@@ -8,8 +8,10 @@
#include <ldap.h>
#include <stddef.h>
#include <uuid/uuid.h>
-
#include <inttypes.h>
+
+#include "dyndb-config.h"
+
#include <isc/net.h>
#include <isc/refcount.h>
#include <isc/result.h>
@@ -27,7 +29,6 @@
#include "metadb.h"
#include "mldap.h"
#include "util.h"
-#include "dyndb-config.h"
#if LIBDNS_VERSION_MAJOR < 1600
#define REFCOUNT_CAST(n) ((typeof(((isc_refcount_t *)0)->refs)) (n))
diff --git a/src/rbt_helper.c b/src/rbt_helper.c
index 6009553bf..d918801c6 100644
--- a/src/rbt_helper.c
+++ b/src/rbt_helper.c
@@ -2,12 +2,13 @@
* Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license
*/
+#include "dyndb-config.h"
+
#include <isc/util.h>
#include <dns/rbt.h>
#include "util.h"
#include "rbt_helper.h"
-#include "dyndb-config.h"
#define LDAPDB_RBTITER_MAGIC ISC_MAGIC('L', 'D', 'P', 'I')
diff --git a/src/semaphore.c b/src/semaphore.c
index b6d02ffac..8b549b8a4 100644
--- a/src/semaphore.c
+++ b/src/semaphore.c
@@ -8,6 +8,8 @@
* own signal. However, for our purposes, this shouldn't be needed.
*/
+#include "dyndb-config.h"
+
#include <isc/condition.h>
#include <isc/result.h>
#include <isc/util.h>
diff --git a/src/settings.c b/src/settings.c
index 2a0bb1982..2c9d18238 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -2,6 +2,8 @@
* Copyright (C) 2009-2014 bind-dyndb-ldap authors; see COPYING for license
*/
+#include "dyndb-config.h"
+
#include <isc/util.h>
#include <isc/mem.h>
#include <isc/task.h>
@@ -24,7 +26,6 @@
#include "types.h"
#include "ldap_helper.h"
#include "zone_register.h"
-#include "dyndb-config.h"
#if LIBDNS_VERSION_MAJOR < 1600
#define cfg_parse_buffer cfg_parse_buffer4
diff --git a/src/str.c b/src/str.c
index 6797eded0..a68f66c73 100644
--- a/src/str.c
+++ b/src/str.c
@@ -9,6 +9,8 @@
* Review all the REQUIRE() macros.
*/
+#include "dyndb-config.h"
+
#include <isc/buffer.h>
#include <isc/mem.h>
#include <isc/mutex.h>
diff --git a/src/syncptr.c b/src/syncptr.c
index f7b8c02bc..7fab14a9e 100644
--- a/src/syncptr.c
+++ b/src/syncptr.c
@@ -6,6 +6,8 @@
#include <arpa/inet.h>
#include <sys/socket.h>
+#include "dyndb-config.h"
+
#include <isc/event.h>
#include <isc/netaddr.h>
#include <isc/task.h>
@@ -18,7 +20,6 @@
#include <dns/zone.h>
#include <dns/zt.h>
-#include "dyndb-config.h"
#include "util.h"
#include "ldap_convert.h"
#include "ldap_entry.h"
diff --git a/src/zone.c b/src/zone.c
index 0180ba8ea..899f612c3 100644
--- a/src/zone.c
+++ b/src/zone.c
@@ -3,6 +3,8 @@
*/
#include <inttypes.h>
+#include "dyndb-config.h"
+
#include <isc/types.h>
#include <isc/util.h>
diff --git a/src/zone_register.c b/src/zone_register.c
index 504aa9be2..4db5e02c7 100644
--- a/src/zone_register.c
+++ b/src/zone_register.c
@@ -2,6 +2,8 @@
* Copyright (C) 2009-2014 bind-dyndb-ldap authors; see COPYING for license
*/
+#include "dyndb-config.h"
+
#include <isc/mem.h>
#include <isc/rwlock.h>
#include <isc/util.h>
@@ -12,7 +14,6 @@
#include <dns/result.h>
#include <dns/zone.h>
-#include "dyndb-config.h"
#include "fs.h"
#include "ldap_driver.h"
#include "log.h"
--
2.41.0

View File

@ -0,0 +1,73 @@
From fecc0fd86f598807129ea9fa1e4e7b74cf2aba21 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Mon, 11 Nov 2019 17:36:58 +0100
Subject: [PATCH] Add support for servestale records
Serve-stale support includes two new database methods. Add wrapper into
ldap database.
---
configure.ac | 5 +++++
src/ldap_driver.c | 24 ++++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/configure.ac b/configure.ac
index d05bad9..7997898 100644
--- a/configure.ac
+++ b/configure.ac
@@ -120,6 +120,11 @@ int main(void) {
[AC_MSG_ERROR([Cross compiling is not supported.])]
)
+dnl dns_db_setservestalettl() can be backported, detect support
+AC_CHECK_LIB([dns], [dns_db_setservestalettl],
+ [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])]
+)
+
dnl Older autoconf (2.59, for example) doesn't define docdir
[[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}'
AC_SUBST([docdir])
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
index b9161fe..dcf65d0 100644
--- a/src/ldap_driver.c
+++ b/src/ldap_driver.c
@@ -823,6 +823,26 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name)
return dns_db_nodefullname(ldapdb->rbtdb, node, name);
}
+#ifdef HAVE_DNS_SERVESTALE
+static isc_result_t
+setservestalettl(dns_db_t *db, dns_ttl_t ttl) {
+ ldapdb_t *ldapdb = (ldapdb_t *) db;
+
+ REQUIRE(VALID_LDAPDB(ldapdb));
+
+ return dns_db_setservestalettl(ldapdb->rbtdb, ttl);
+}
+
+static isc_result_t
+getservestalettl(dns_db_t *db, dns_ttl_t *ttl) {
+ ldapdb_t *ldapdb = (ldapdb_t *) db;
+
+ REQUIRE(VALID_LDAPDB(ldapdb));
+
+ return dns_db_getservestalettl(ldapdb->rbtdb, ttl);
+}
+#endif
+
static dns_dbmethods_t ldapdb_methods = {
attach,
detach,
@@ -869,6 +889,10 @@ static dns_dbmethods_t ldapdb_methods = {
hashsize,
nodefullname,
NULL, // getsize method not implemented (related BZ1353563)
+#ifdef HAVE_DNS_SERVESTALE
+ setservestalettl,
+ getservestalettl,
+#endif
};
isc_result_t ATTR_NONNULLS
--
2.20.1

View File

@ -0,0 +1,38 @@
From 2ddd4bf55e325071566aa1c78e3681c3239895da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Mon, 11 Jan 2021 21:39:25 +0100
Subject: [PATCH] Add compatibility with BIND 9.16.10 API change
One parameter was added to function used internally by plugin. Nothing
like -nsec3param auto is supported by LDAP plugin. It is safe to set
resalt false always. Salt can be changed via LDAP, but has to be
specified manually.
---
src/ldap_helper.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index a81a9d228..3b4ae5c67 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -1792,10 +1792,17 @@ zone_master_reconfigure_nsec3param(settings_set_t *zone_settings,
dns_rdatatype_nsec3param, origin, nsec3p_str,
&nsec3p_rdata));
CHECK(dns_rdata_tostruct(nsec3p_rdata, &nsec3p_rr, NULL));
+#if LIBDNS_VERSION_MAJOR > 1609
+ CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
+ nsec3p_rr.iterations,
+ nsec3p_rr.salt_length, nsec3p_rr.salt,
+ true, false));
+#else
CHECK(dns_zone_setnsec3param(secure, nsec3p_rr.hash, nsec3p_rr.flags,
nsec3p_rr.iterations,
nsec3p_rr.salt_length, nsec3p_rr.salt,
true));
+#endif
cleanup:
if (nsec3p_rdata != NULL) {
--
2.26.2

View File

@ -0,0 +1,38 @@
From f4aec4d37447cc274b90c129ea15a008473ed02d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 21 Jan 2021 17:30:54 +0100
Subject: [PATCH] Yet another change to support BIND 9.16.11 API change
Another change with another release, new parameter is added again.
Add another ifdef to keep compatibility with both versions.
---
src/zone.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/zone.c b/src/zone.c
index d0b71b194..7ce1769b3 100644
--- a/src/zone.c
+++ b/src/zone.c
@@ -17,6 +17,7 @@
#include <dns/zone.h>
#include "util.h"
+#include "config.h"
/**
* Write given diff to zone journal. Journal will be created
@@ -61,7 +62,11 @@ zone_soaserial_updatetuple(dns_updatemethod_t method, dns_difftuple_t *soa_tuple
REQUIRE(soa_tuple->rdata.type == dns_rdatatype_soa);
serial = dns_soa_getserial(&soa_tuple->rdata);
+#if LIBDNS_VERSION_MAJOR >= 1611
+ serial = dns_update_soaserial(serial, method, NULL);
+#else
serial = dns_update_soaserial(serial, method);
+#endif
dns_soa_setserial(serial, &soa_tuple->rdata);
if (new_serial != NULL)
*new_serial = serial;
--
2.26.2

View File

@ -0,0 +1,30 @@
From 2a732bb03812878a9cc00d27d6c80f3993520626 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 26 Nov 2020 17:31:21 +0100
Subject: [PATCH] Support BIND 9.16.9
Two new functions were added to database interface. They are more
related to caching server and not authoritative. Add just null pointers,
returning not supporter error if used.
---
src/ldap_driver.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
index 2f6574ea5..c524b7cc5 100644
--- a/src/ldap_driver.c
+++ b/src/ldap_driver.c
@@ -959,6 +959,10 @@ static dns_dbmethods_t ldapdb_methods = {
setservestalettl,
getservestalettl,
#endif
+#if LIBDNS_VERSION_MAJOR >= 1609
+ NULL, /* setservestalerefresh */
+ NULL, /* getservestalerefresh */
+#endif
#if LIBDNS_VERSION_MAJOR >= 1600
NULL, /* setgluecachestats */
#endif
--
2.26.2

View File

@ -0,0 +1,35 @@
From d7d3032de7f5d3dd3cffea6064549b63a9ad7d59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 17 Jun 2021 17:57:52 +0200
Subject: [PATCH] Skip isc_bind9 check on BIND 9.16.17+
Reference variable refvar from dns_dyndbctx_t were removed. Removed was
also flag requesting different namespace. Skip that check on last stable
version, it should eval to false on all versions anyway.
---
src/ldap_driver.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
index e9f1005ee..5f9e00af1 100644
--- a/src/ldap_driver.c
+++ b/src/ldap_driver.c
@@ -1156,6 +1156,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
RUNTIME_CHECK(isc_once_do(&library_init_once, library_init)
== ISC_R_SUCCESS);
+#if LIBDNS_VERSION_MAJOR < 1617
/*
* Depending on how dlopen() was called, we may not have
* access to named's global namespace, in which case we need
@@ -1168,6 +1169,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
isc_hash_set_initializer(dctx->hashinit);
log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9);
}
+#endif
log_debug(2, "registering dynamic ldap driver for %s.", name);
--
2.31.1

View File

@ -0,0 +1,104 @@
From 5dd2fefa0bc7cd7689004cec64304c3a02be9eab Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Thu, 12 Jan 2023 13:25:10 +0200
Subject: [PATCH] Support bind 9.18.10 or later
dns_db_allrdatasets() gained a new parameter. Adopt the code to allow
injecting 0 options if building against 9.18.10.
Fixes: https://pagure.io/bind-dyndb-ldap/issue/216
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/ldap_driver.c | 7 ++++---
src/ldap_helper.c | 4 ++--
src/metadb.c | 3 ++-
src/util.h | 6 ++++++
4 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/src/ldap_driver.c b/src/ldap_driver.c
index 7367493..e4aeeb2 100644
--- a/src/ldap_driver.c
+++ b/src/ldap_driver.c
@@ -465,13 +465,14 @@ findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
static isc_result_t
allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
- isc_stdtime_t now, dns_rdatasetiter_t **iteratorp)
+ DNS_DB_ALLRDATASETS_OPTIONS(unsigned int options, isc_stdtime_t now),
+ dns_rdatasetiter_t **iteratorp)
{
ldapdb_t *ldapdb = (ldapdb_t *) db;
REQUIRE(VALID_LDAPDB(ldapdb));
- return dns_db_allrdatasets(ldapdb->rbtdb, node, version, now, iteratorp);
+ return dns_db_allrdatasets(ldapdb->rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(options, now), iteratorp);
}
/* TODO: Add 'tainted' flag to the LDAP instance if something went wrong. */
@@ -514,7 +515,7 @@ node_isempty(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
CHECK(ldapdb_name_fromnode(node, dns_fixedname_initname(&fname)));
- result = dns_db_allrdatasets(db, node, version, now, &rds_iter);
+ result = dns_db_allrdatasets(db, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, now), &rds_iter);
if (result == ISC_R_NOTFOUND) {
*isempty = true;
} else if (result == ISC_R_SUCCESS) {
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 7ea3df9..7ac3d91 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2005,7 +2005,7 @@ zone_sync_apex(const ldap_instance_t * const inst,
zone_settings, &rdatalist));
CHECK(dns_db_getoriginnode(rbtdb, &node));
- result = dns_db_allrdatasets(rbtdb, node, version, 0,
+ result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
&rbt_rds_iterator);
if (result == ISC_R_SUCCESS) {
CHECK(diff_ldap_rbtdb(inst->mctx, &name, &rdatalist,
@@ -3929,7 +3929,7 @@ update_restart:
CHECK(dns_db_newversion(ldapdb, &version));
CHECK(dns_db_findnode(rbtdb, &entry->fqdn, true, &node));
- result = dns_db_allrdatasets(rbtdb, node, version, 0, &rbt_rds_iterator);
+ result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0), &rbt_rds_iterator);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
goto cleanup;
diff --git a/src/metadb.c b/src/metadb.c
index f469a30..276de24 100644
--- a/src/metadb.c
+++ b/src/metadb.c
@@ -217,7 +217,8 @@ metadb_node_delete(metadb_node_t **nodep) {
node = *nodep;
dns_rdataset_init(&rdataset);
- CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version, 0,
+ CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version,
+ DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
&iter));
for (result = dns_rdatasetiter_first(iter);
diff --git a/src/util.h b/src/util.h
index 5088ff3..e4620ff 100644
--- a/src/util.h
+++ b/src/util.h
@@ -29,6 +29,12 @@ extern bool verbose_checks; /* from settings.c */
#define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
#endif
+#if LIBDNS_VERSION_MAJOR >= 1810
+#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
+#else
+#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
+#endif
+
#define CLEANUP_WITH(result_code) \
do { \
result = (result_code); \
--
2.39.0

View File

@ -0,0 +1,152 @@
From 00131b7b72daa953ab2bf5e6a4fd5508052debb0 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Thu, 12 Jan 2023 14:33:07 +0200
Subject: [PATCH] adopt to bind 9.18.9+ loggers
Fixes: https://pagure.io/bind-dyndb-ldap/issues/216
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/ldap_helper.c | 12 ++++--------
src/log.h | 9 +++++++++
src/settings.c | 12 ++++--------
src/syncrepl.c | 6 ++----
4 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 7ac3d91..acabd31 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -1317,8 +1317,7 @@ configure_zone_acl(isc_mem_t *mctx, dns_zone_t *zone,
dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
"cannot configure restrictive %s policy: %s",
type_txt, isc_result_totext(result2));
- FATAL_ERROR(__FILE__, __LINE__,
- "insecure state detected");
+ fatal_error("insecure state detected");
}
}
acl_setter(zone, acl);
@@ -1365,8 +1364,7 @@ configure_zone_ssutable(dns_zone_t *zone, const char *update_str)
dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
"cannot disable all updates: %s",
isc_result_totext(result2));
- FATAL_ERROR(__FILE__, __LINE__,
- "insecure state detected");
+ fatal_error("insecure state detected");
}
}
@@ -2951,8 +2949,7 @@ force_reconnect:
ldap_inst);
break;
case AUTH_INVALID:
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "invalid auth_method_enum value %u",
+ unexpected_error("invalid auth_method_enum value %u",
auth_method_enum);
break;
@@ -3782,8 +3779,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
else if (entry->class & LDAP_ENTRYCLASS_FORWARD)
CHECK(ldap_parse_fwd_zoneentry(entry, inst));
else
- FATAL_ERROR(__FILE__, __LINE__,
- "update_zone: unexpected entry class");
+ fatal_error("update_zone: unexpected entry class");
}
cleanup:
diff --git a/src/log.h b/src/log.h
index da71f8b..844ac46 100644
--- a/src/log.h
+++ b/src/log.h
@@ -17,8 +17,17 @@
#define GET_LOG_LEVEL(level) (level)
#endif
+#if LIBDNS_VERSION_MAJOR >= 1809
+#define fatal_error(...) \
+ isc_error_fatal(__FILE__, __LINE__, __func__, __VA_ARGS__)
+#define unexpected_error(...) \
+ isc_error_unexpected(__FILE__, __LINE__, __func__, __VA_ARGS__)
+#else
#define fatal_error(...) \
isc_error_fatal(__FILE__, __LINE__, __VA_ARGS__)
+#define unexpected_error(...) \
+ isc_error_unexpected(__FILE__, __LINE__, __VA_ARGS__)
+#endif
#define log_bug(fmt, ...) \
log_error("bug in %s(): " fmt, __func__,##__VA_ARGS__)
diff --git a/src/settings.c b/src/settings.c
index def60d7..2a0bb19 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -178,8 +178,7 @@ setting_get(const char *const name, const setting_type_t type,
*(bool *)target = setting->value.value_boolean;
break;
default:
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "invalid setting_type_t value %u", type);
+ unexpected_error("invalid setting_type_t value %u", type);
break;
}
@@ -278,8 +277,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
CLEANUP_WITH(ISC_R_IGNORE);
break;
default:
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "invalid setting_type_t value %u", setting->type);
+ unexpected_error("invalid setting_type_t value %u", setting->type);
break;
}
@@ -304,8 +302,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
setting->value.value_boolean = numeric_value;
break;
default:
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "invalid setting_type_t value %u", setting->type);
+ unexpected_error("invalid setting_type_t value %u", setting->type);
break;
}
setting->filled = 1;
@@ -389,8 +386,7 @@ setting_unset(const char *const name, const settings_set_t *set)
case ST_BOOLEAN:
break;
default:
- UNEXPECTED_ERROR(__FILE__, __LINE__,
- "invalid setting_type_t value %u", setting->type);
+ unexpected_error("invalid setting_type_t value %u", setting->type);
break;
}
setting->filled = 0;
diff --git a/src/syncrepl.c b/src/syncrepl.c
index 0bee09a..f94379c 100644
--- a/src/syncrepl.c
+++ b/src/syncrepl.c
@@ -148,8 +148,7 @@ finish(isc_task_t *task, isc_event_t *event) {
case sync_datainit:
case sync_finished:
default:
- FATAL_ERROR(__FILE__, __LINE__,
- "sync_barrier_wait(): invalid state "
+ fatal_error("sync_barrier_wait(): invalid state "
"%u", bev->sctx->state);
}
sync_state_change(bev->sctx, new_state, false);
@@ -518,8 +517,7 @@ sync_barrier_wait(sync_ctx_t *sctx, ldap_instance_t *inst) {
case sync_databarrier:
case sync_finished:
default:
- FATAL_ERROR(__FILE__, __LINE__,
- "sync_barrier_wait(): invalid state "
+ fatal_error("sync_barrier_wait(): invalid state "
"%u", sctx->state);
}
--
2.39.0

View File

@ -0,0 +1,38 @@
From 47902df23bf637e6c7ece67b928339e0fda58ae0 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 16 Jan 2023 11:03:24 +0200
Subject: [PATCH] Handle dns_db_allrdatasets() backports too
With https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7189 the
changes were also backported to 9.16.36+ as well. Instead of checking
version, check if an additional define is present.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/util.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/util.h b/src/util.h
index e4620ff..5da0f5c 100644
--- a/src/util.h
+++ b/src/util.h
@@ -13,6 +13,7 @@
#include <dns/types.h>
#include <dns/name.h>
#include <dns/result.h>
+#include <dns/db.h>
#include "log.h"
#include "dyndb-config.h"
@@ -29,7 +30,7 @@ extern bool verbose_checks; /* from settings.c */
#define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
#endif
-#if LIBDNS_VERSION_MAJOR >= 1810
+#ifdef DNS_DB_STALEOK
#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
#else
#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
--
2.39.0

View File

@ -1,39 +1,65 @@
%define VERSION %{version} %define VERSION %{version}
%define bind_version 32:9.11.26-1 %define bind_version 32:9.16.16
%if 0%{?fedora} >= 31 || 0%{?rhel} >= 9 %if 0%{?fedora} >= 31 || 0%{?rhel} > 8
%global openssl_pkcs11_version 0.4.10-2 %if 0%{?fedora} >= 40 || 0%{?rhel} >= 10
%global softhsm_version 2.6.0 %global openssl_pkcs11_version 0.3
%global openssl_pkcs11_name pkcs11-provider
%global softhsm_version 2.6.1
%else
%global openssl_pkcs11_version 0.4.10-6
%global openssl_pkcs11_name openssl-pkcs11
%global softhsm_version 2.5.0-4
%endif
%else %else
%global with_bind_pkcs11 1 %global with_bind_pkcs11 1
%endif %endif
Name: bind-dyndb-ldap Name: bind-dyndb-ldap
Version: 11.6 Version: 11.10
Release: 4%{?dist} Release: 28%{?dist}
Summary: LDAP back-end plug-in for BIND Summary: LDAP back-end plug-in for BIND
Group: System Environment/Libraries
License: GPLv2+ License: GPLv2+
URL: https://releases.pagure.org/bind-dyndb-ldap URL: https://releases.pagure.org/bind-dyndb-ldap
Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
Patch0001: 0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch # https://pagure.io/bind-dyndb-ldap/pull-request/217
Patch0002: 0002-add-rwlock-before-include-zt-h.patch # https://pagure.io/bind-dyndb-ldap/c/00131b7b72daa953ab2bf5e6a4fd5508052debb0
Patch1: bind-dyndb-ldap-bind-9.18.10-db-options.patch
# https://pagure.io/bind-dyndb-ldap/c/47902df23bf637e6c7ece67b928339e0fda58ae0
Patch2: bind-dyndb-ldap-bind-9.18.10-logs.patch
# https://pagure.io/bind-dyndb-ldap/c/5dd2fefa0bc7cd7689004cec64304c3a02be9eab
Patch3: bind-dyndb-ldap-bind-9.18.10-staleok.patch
Patch4: bind-dyndb-ldap-11.10-bind-9.18.11.patch
Patch5: bind-dyndb-ldap-11.10-bind-9.18.13.patch
# https://pagure.io/bind-dyndb-ldap/pull-request/226
Patch6: bind-dyndb-ldap-11.10-bind-9.18.19.patch
BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
BuildRequires: krb5-devel BuildRequires: krb5-devel
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: libuuid-devel BuildRequires: libuuid-devel
BuildRequires: automake, autoconf, libtool BuildRequires: automake, autoconf, libtool
BuildRequires: autoconf-archive
# https://bugzilla.redhat.com/show_bug.cgi?id=2165256
Conflicts: bind9-next
%if %{with bind_pkcs11} %if %{with bind_pkcs11}
Requires: bind-pkcs11 >= %{bind_version}, bind-pkcs11-utils >= %{bind_version} BuildRequires: bind-pkcs11-devel >= %{bind_version}
BuildRequires: make
Requires(pre): bind-pkcs11 >= %{bind_version}
Requires: bind-pkcs11 >= %{bind_version}
Requires: bind-pkcs11-utils >= %{bind_version}
%else %else
Requires: softhsm >= %{softhsm_version} Requires: softhsm >= %{softhsm_version}
Requires: openssl-pkcs11 >= %{openssl_pkcs11_version} Requires: %{openssl_pkcs11_name} >= %{openssl_pkcs11_version}
Requires(pre): bind >= %{bind_version}
Requires: bind >= %{bind_version}
%endif %endif
%description %description
@ -43,21 +69,17 @@ off of your LDAP server.
%prep %prep
%setup -q -n %{name}-%{VERSION} %autosetup -n %{name}-%{VERSION} -p1
for p in %patches; do
%__patch -p1 -i $p
done
%build %build
autoreconf -fiv autoreconf -fiv
export BIND9_CFLAGS='-I /usr/include/bind9 -DHAVE_TLS -DHAVE_THREAD_LOCAL'
%configure %configure
make %{?_smp_mflags} %make_build
%install %install
rm -rf %{buildroot} %make_install
make install DESTDIR=%{buildroot}
mkdir -m 770 -p %{buildroot}/%{_localstatedir}/named/dyndb-ldap mkdir -m 770 -p %{buildroot}/%{_localstatedir}/named/dyndb-ldap
# Remove unwanted files # Remove unwanted files
@ -66,6 +88,8 @@ rm -r %{buildroot}%{_datadir}/doc/%{name}
%post %post
[ -f /etc/named.conf ] || exit 0
# Transform named.conf if it still has old-style API. # Transform named.conf if it still has old-style API.
PLATFORM=$(uname -m) PLATFORM=$(uname -m)
@ -107,64 +131,259 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
%files %files
%defattr(-,root,root,-)
%doc NEWS README.md COPYING doc/{example,schema}.ldif %doc NEWS README.md COPYING doc/{example,schema}.ldif
%dir %attr(770, root, named) %{_localstatedir}/named/dyndb-ldap %dir %attr(770, root, named) %{_localstatedir}/named/dyndb-ldap
%{_libdir}/bind/ldap.so %{_libdir}/bind/ldap.so
%changelog %changelog
* Thu Oct 13 2022 Rafael Jeffman <rjeffman@redhat.com> - 11.6-4 * Wed Nov 13 2024 Alexander Bokovoy <abokovoy@redhat.com> - 11.10-28
- Modify empty zone conflicts under exclusive mode - Replace dependency on openssl-pkcs11 by pkcs11-provider
Resolves: rhbz#2126877 - Resolves: RHEL-30556
* Wed Dec 22 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-3 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 11.10-27
- Rebuild against bind 9.11.36 - Bump release for October 2024 mass rebuild:
- Resolves: rhbz#2022762 Resolves: RHEL-64018
* Thu Jan 07 2021 Rob Crittenden <rcritten@redhat.com> - 11.6-2 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 11.10-26
- Rebuild against bind 9.11.26 - Bump release for June 2024 mass rebuild
- Resolves: rhbz#1904612
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 15 2024 Petr Menšík <pemensik@redhat.com> - 11.10-23
- Rebuilt for BIND 9.18.21 (#2255407)
* Mon Nov 20 2023 Petr Menšík <pemensik@redhat.com> - 11.10-22
- Rebuilt for BIND 9.18.20 (#2249835)
* Mon Sep 25 2023 Petr Menšík <pemensik@redhat.com> - 11.10-21
- Support for bind 9.18.19 (#2232346)
- Require autoconf-archive at build time
* Wed Sep 06 2023 Petr Menšík <pemensik@redhat.com> - 11.10-20
- Rebuilt for BIND 9.18.18 (#2232346)
* Wed Jul 19 2023 Petr Menšík <pemensik@redhat.com> - 11.10-19
- Rebuild for BIND 9.18.17 (#2223913)
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 21 2023 Petr Menšík <pemensik@redhat.com> - 11.10-17
- Rebuild for BIND 9.18.16 (#2216462)
* Thu May 18 2023 Petr Menšík <pemensik@redhat.com> - 11.10-16
- Rebuild for BIND 9.18.15 (#2207908)
* Sat Apr 22 2023 Petr Menšík <pemensik@redhat.com> - 11.10-15
- Rebuilt for BIND 9.18.14 (#2187996)
* Wed Mar 22 2023 Petr Menšík <pemensik@redhat.com> - 11.10-14
- Rebuilt for BIND 9.18.13 (#2178717)
* Mon Feb 20 2023 Petr Menšík <pemensik@redhat.com> - 11.10-13
- Rebuilt for BIND 9.18.12 (#2170096)
* Sun Jan 29 2023 Adam Williamson <awilliam@redhat.com> - 11.10-12
- Rebuild for BIND 9.18.11 again (tagging mess, again see #2165256)
* Sat Jan 28 2023 Adam Williamson <awilliam@redhat.com> - 11.10-11.2
- Conflict with bind9-next (#2165256)
* Sat Jan 28 2023 Petr Menšík <pemensik@redhat.com> - 11.10-11
- Support for BIND 9.18.11 (#2164395)
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 16 2023 Petr Menšík <pemensik@redhat.com> - 11.10-9
- Rebuilt for BIND 9.18.10 (#2143258)
- Include changes needed to build with latest BIND9
* Mon Nov 21 2022 Petr Menšík <pemensik@redhat.com> - 11.10-8
- Rebuilt for BIND 9.18.9 (#2143258)
- Support error header change
* Sat Oct 22 2022 Petr Menšík <pemensik@redhat.com> - 11.10-7
- Rebuilt for BIND 9.18.8 (#2136100)
* Wed Sep 21 2022 Petr Menšík <pemensik@redhat.com> - 11.10-6
- Rebuild for BIND 9.18.7 (#2128609)
* Tue Sep 13 2022 Petr Menšík <pemensik@redhat.com> - 11.10-5
- Rebuild for BIND 9.18.6 with fixed PKCS11 (#2122841)
* Tue Aug 30 2022 Petr Menšík <pemensik@redhat.com> - 11.10-4
- Rebuild for BIND 9.18.6 (#2119132)
* Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 11.10-3
- Rebuild for BIND 9.18.5 (#2057493)
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 11.10-1
- Release 11.10
- Support BIND 9.17+
* Mon Jun 20 2022 Petr Menšík <pemensik@redhat.com> - 11.9-17
- Rebuilt for BIND 9.16.30 (#2097312)
* Fri May 27 2022 Petr Menšík <pemensik@redhat.com> - 11.9-16
- Rebuild for BIND 9.16.29 (#2087920)
* Thu Apr 21 2022 Petr Menšík <pemensik@redhat.com> - 11.9-15
- Rebuilt for BIND 9.16.28 (#2076941)
* Fri Mar 18 2022 Petr Menšík <pemensik@redhat.com> - 11.9-14
- Rebuilt for BIND 9.16.27 (#2055120)
* Fri Jan 21 2022 Petr Menšík <pemensik@redhat.com> - 11.9-13
- Rebuild for BIND 9.16.25 (#2042504)
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 11.9-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Dec 30 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.9-11
- Rebuild for BIND 9.16.24 (#2035298)
* Wed Dec 15 2021 Petr Menšík <pemensik@redhat.com> - 11.9-10
- Rebuilt for BIND 9.16.23 (#2032934)
* Fri Nov 19 2021 Petr Menšík <pemensik@redhat.com> - 11.9-9
- Rebuilt for BIND 9.16.23 (#2024210)
* Thu Oct 28 2021 Petr Menšík <pemensik@redhat.com> - 11.9-8
- Rebuilt for BIND 9.16.22 (#2017912)
* Fri Sep 17 2021 Petr Menšík <pemensik@redhat.com> - 11.9-7
- Rebuilt for BIND 9.16.21 (#2004385)
* Thu Aug 19 2021 Petr Menšík <pemensik@redhat.com> - 11.9-6
- Rebuilt for BIND 9.16.20 (#1995289)
* Wed Jul 21 2021 Petr Menšík <pemensik@redhat.com> - 11.9-5
- Rebuilt for BIND 9.16.19 (#1984627)
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 11.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jun 19 2021 Petr Menšík <pemensik@redhat.com> - 11.9-3
- Rebuilt for BIND 9.16.18
* Thu Jun 17 2021 Petr Menšík <pemensik@redhat.com> - 11.9-2
- Add BIND 9.16.17 support
* Mon May 24 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.9-1
- New upstream release 11.9
* Fri May 21 2021 Petr Menšík <pemensik@redhat.com> - 11.7-4
- Add BIND 9.16.16 support
* Thu Apr 29 2021 Petr Menšík <pemensik@redhat.com> - 11.7-3
- Rebuilt for BIND 9.16.15
* Fri Mar 26 2021 Petr Menšík <pemensik@redhat.com> - 11.7-2
- Support for BIND 9.16.13
* Wed Feb 24 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.7-1
- Upstream release 11.7
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 11.6-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 22 2021 Petr Menšík <pemensik@redhat.com> - 11.6-6
- Rebuilt for BIND 9.16.11
* Fri Jan 15 2021 Petr Menšík <pemensik@redhat.com> - 11.6-5
- Rebuilt for BIND 9.16.10
* Tue Jan 12 2021 Petr Menšík <pemensik@redhat.com> - 11.6-4
- Support BIND 9.16.10
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Thu Dec 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-3
- Both require bind and require it for pre-install script
- Resolves: rhbz#1902811
* Thu Dec 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-2
- Fix requires to bind: require bind installed before bind-dyndb-ldap
as we depend on named group
* Mon Nov 23 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-1 * Mon Nov 23 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-1
- New upstream release - Upstream release 11.6
- Resolves: rhbz#1891735 - Use reference counting semantics in destructors according to BIND version
* Wed Nov 18 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.5-1
- Upstream release 11.5
- Use OpenSSL pkcs11 engine in BIND instead of native PKCS11
* Fri Oct 23 2020 Petr Menšík <pemensik@redhat.com> - 11.3-5
- Rebuilt for bind 9.11.24
* Fri Aug 21 2020 Petr Menšík <pemensik@redhat.com> - 11.3-4
- Rebuilt for bind 9.11.22
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.3-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.3-1 * Mon Jun 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.3-1
- New upstream release - Upstream release 11.3
- Resolves: rhbz#1845211
* Mon May 11 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-4 * Tue Mar 31 2020 Petr Menšík <pemensik@redhat.com> - 11.2-5
- Rebuild against bind 9.11.18 - Rebuilt for bind 9.11.17
Resolves: rhbz#1834264
* Wed Nov 27 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-3 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.2-4
- Rebuild against bind 9.11.13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Related: RHBZ#1762813
* Mon Nov 18 2019 Thomas Woerner <twoerner@redhat.com> - 11.2-2 * Mon Nov 25 2019 Petr Menšík <pemensik@redhat.com> - 11.2-3
- Rebuilt for bind 9.11.13
* Mon Nov 11 2019 Petr Menšík <pemensik@redhat.com> - 11.2-2
- Add support for serve-stale, detected on build time - Add support for serve-stale, detected on build time
Patch by Petr Menšík <pemensik@redhat.com>
Related: RHBZ#1762813
* Thu Nov 07 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-1 * Tue Nov 05 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-1
- New upstream release - New upstream release v11.2
- Support BIND9 9.11.11
- Resolves: rhbz#1762813
* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-14 * Tue Aug 27 2019 Petr Menšík <pemensik@redhat.com> - 11.1-20
- Rebuilt for bind 9.11.10
* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-19
- Fix attribute templating in case of a missing default value - Fix attribute templating in case of a missing default value
- Resolves: rhbz#1741896 - Resolves: rhbz#1705072
* Mon Oct 15 2018 Petr Menšík <pemensik@redhat.com> - 11.1-13 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 11.1-18
- Move setting of named selinux boolean to bind (#1639410) - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Aug 08 2018 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-12 * Wed Jul 17 2019 Petr Menšík <pemensik@redhat.com> - 11.1-17
- Make sure we explicitly require openssl-devel for a build - Rebuilt for bind 9.11.8
- Resolves: rhbz#1613942
* Mon Jul 23 2018 Petr Menšík <pemensik@redhat.com> - 11.1-11 * Tue Jun 11 2019 Petr Menšík <pemensik@redhat.com> - 11.1-16
- Rebuild against BIND 9.11.4 - Rebuilt for bind 9.11.7
* Fri May 03 2019 Petr Menšík <pemensik@redhat.com> - 11.1-15
- Rebuilt for bind 9.11.6
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 11.1-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Nov 05 2018 Petr Menšík <pemensik@redhat.com> - 11.1-13
- Support for bind 9.11.5 headers
* Thu Jul 12 2018 Petr Menšík <pemensik@redhat.com> - 11.1-12
- Require bind with writable home, update to 9.11.4
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 11.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Mar 01 2018 Petr Menšík <pemensik@redhat.com> - 11.1-10 * Thu Mar 01 2018 Petr Menšík <pemensik@redhat.com> - 11.1-10
- Rebuild for bind 9.11.3. Minor tweaks to compile. - Rebuild for bind 9.11.3. Minor tweaks to compile.

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
# recipients: abokovoy, frenaud, kaleem, ftrivino
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}

View File

@ -0,0 +1,25 @@
From 3a4ad363879da129669dbb5ed10f6b0a1b7778af Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkrizek@redhat.com>
Date: Thu, 9 Feb 2017 17:52:59 +0100
Subject: [PATCH] Remove duplicate const declaration specifier
---
src/ldap_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 5de9f69f6957fd838f7f7a73dd755db98b0ee8d5..1fa0ec9adfa2b9ca589587244da03cc6f0584919 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -2349,7 +2349,7 @@ free_rdatalist(isc_mem_t *mctx, dns_rdatalist_t *rdlist)
* @retval others Unexpected errors.
*/
static isc_result_t ATTR_NONNULLS ATTR_CHECKRESULT
-ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t const * set,
+ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set,
ld_string_t *orig_val, ld_string_t **output) {
isc_result_t result;
regex_t regex;
--
2.9.3

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (bind-dyndb-ldap-11.10.tar.bz2) = bf63efe78a8d95d5a8647f35ec29696e3b5dddc2615b05b17b2024763eb2701c0ee6782ed8d7a443ec9278ae36390ffc3b87a87cf9391adfa6bd8f31508f1539
SHA512 (bind-dyndb-ldap-11.10.tar.bz2.asc) = cf9436a34e3874734fbb8331572d230cae0362bbfc6229dbb7a23d9573be6824467af20ff639338d9cb0f6a646f559c0f65e3b7b7c13a3306f64300653cea45e