7 changed files with 120 additions and 205 deletions
--- a/.bind-dyndb-ldap.metadata
+++ b/.bind-dyndb-ldap.metadata
@ -1 +1 @@
-73251b2d57a1be41317bea9da4eb3204c1d808c0 SOURCES/bind-dyndb-ldap-11.11.tar.bz2
+fa27009509513d06a65b5aa16b612824280221c6 SOURCES/bind-dyndb-ldap-11.6.tar.bz2
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/bind-dyndb-ldap-11.11.tar.bz2
+SOURCES/bind-dyndb-ldap-11.6.tar.bz2
--- a/SOURCES/0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch
+++ b/SOURCES/0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch
@ -0,0 +1,37 @@
 From 7b4c1e28b3e64f7cd075599472e349510f8d33da Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
 Date: Wed, 14 Sep 2022 17:10:11 +0200
 Subject: [PATCH] Modify empty zone conflicts under exclusive mode
 Does not accept new request when exclusive mode is active. Zone table
 can be modified even after main fwd entries have been added. Ensure
 empty zones handling keeps exclusive mode active.
 Exclusive mode were mentioned as the only protection it had by bind
 maintainer:
 https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6637#note_308928
 ---
 src/fwd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/src/fwd.c b/src/fwd.c
 index 24f6e53..0a3c673 100644
 --- a/src/fwd.c
 +++ b/src/fwd.c
@@ -595,10 +595,12 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
 		  dns_result_totext(result));
 	/* Handle collisions with automatic empty zones. */
 -	if (isconfigured == true)
 +	if (isconfigured == true) {
 +		run_exclusive_enter(inst, &lock_state);
 		CHECK(empty_zone_handle_conflicts(name,
 						  view->zonetable,
 						  (fwdpolicy == dns_fwdpolicy_first)));
 +	}
 cleanup:
 	run_exclusive_exit(inst, lock_state);
 -- 
 2.37.3
--- a/SOURCES/0002-add-rwlock-before-include-zt-h.patch
+++ b/SOURCES/0002-add-rwlock-before-include-zt-h.patch
@ -0,0 +1,10 @@
 --- a/src/zone_register.h	2020-09-14 11:11:52.000000000 -0400
 +++ a/src/zone_register.h	2022-10-11 10:01:35.293730147 -0400
@@ -5,6 +5,7 @@
 #ifndef _LD_ZONE_REGISTER_H_
 #define _LD_ZONE_REGISTER_H_
 +#include <isc/rwlock.h>
 #include <dns/zt.h>
 #include "settings.h"
--- a/SOURCES/bind-dyndb-ldap-11.11.tar.bz2.asc
+++ b/SOURCES/bind-dyndb-ldap-11.11.tar.bz2.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQJMBAABCgA2FiEEhD/TWKTBHgTUwD3S5vWnKGOylwYFAmeQyXAYHHJlbGVhc2Vz
 QG1nLmZyZWVpcGEub3JnAAoJEOb1pyhjspcGQTIQAKzF8EmPBIQQbMZlSdsH312r
 M7tkjr7+mdcOEKaiGtbpAT8h8KmDWZjDqCuCzYMIVFLL5S7aRpFjowbPQo612a3j
 MYEchw5O0vkBaqRxqwZqBxgRkgFiyw7LfziZospLS23UbKYxtZA32/GUhhnaXpoC
 EeH3afXE4zMSy8OhLDYIcAa0Vpb0eQcouGbN3/bmoMXwafdt/mlKMgNupgrnnXFT
 RYSkvMnfD5vakFeXbPhu9b4fkV+hUAh8vxJbBDa2Gkkrmu/DMwR/Y0QcMec5RF/z
 MMpma3YaqetIC8jIsHAcCV6Tq8gjCoIXzIbueWxspBZU6tzHFRfMlKl4ZQjxz3Jq
 SvFFTw5vvEwewgPChL+ReVgqx56FAr7RrYHCM1eADBCoVvrTLYZeZObip+z1xLEt
 i6yYvnb93Hyr9r5rKdd1S9IbKQiqArYXT+9GF2a6w/ti44E/Iav9PI8uOGmIWPLc
 25INbGGAZoHCmESWX1zXgm0DGLGQ7fbY2Iyl1tTo2ugtyDvhkNjjSmZ2z1zu7N+2
 O5hTtSovrmsl8fqpL/52NiUsEcHllZuXEDUMP+w8Lk8IM5ZWtBtypzhh6Ej2AHQZ
 /WrBmhanA/fcOEdUpG5LIJ0ce+mif/K+pUgIwuRJ4m4NpV0c7UxC4IZXx4vOfmyn
 p8OUsetDMyZQRuZn6TtN
 =UB7t
 -----END PGP SIGNATURE-----
--- a/SOURCES/bind-dyndb-ldap-11.6.tar.bz2.asc
+++ b/SOURCES/bind-dyndb-ldap-11.6.tar.bz2.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAl+7wQUACgkQRxniuKu/
 YhrK4Q/7B3njZOLSN1nor1ftoGGgXHvOvAGZTH+S0aI/u2bGfMIy3iT6NCcXZaVy
 LftvbYUKZ1zT92LYyTng7d8qgc8B7fmIAHPKye2uuxfPgwYkqdBLLKOMoAjbijjI
 P3Qkoee9bAF89wjnEnyfE9beJ9Vwe6PQLuCovIIauYEfhXjazOhSt7aDpYQ1X5Ui
 WyUKMhbO9WZ+TokW6wMTLGC8eCJdIJz0OXrROsLp6KZW4Y4wxf/zcU/XztDmEcOm
 DIeDir1ohp8xyssfBYr9tmamD+FzoU9+oR1+WjQav/pxFBqezzm7U3cvq9PrQ7SK
 Q5jpmeNOTvoUjnEMBW/AXPxth0yXVX3XlIYjhVX3R4r/ZXwmK1g6hqsT2kSbCvAS
 /DR7yfou2SQLuH1z6qs6vd+IdTYVpsHMBBdQtHSeZ5701fyJgIABI98oMMV/KplL
 bwfL/uhTPjuH1nett7h7NuINiVET0Yy63/CRicQs199ORGLVBaQ+AVCxj33m5NH/
 ggMKhA5VNmMSSvyI/TiytLbqhjw29kjRo4/vDEqv1co9fB2J2MBdTCtSF4gixB0n
 da/W6PnKiS45f0NdqpU5oUxLDTni+hYrQV1GXavdnx8lpnab9jlJO6vOZSCodSS+
 0eMJRH7knFDrY7EEjbUD7/pPZphPQUamvecmYhgn+La4SHkf2wA=
 =cGu/
 -----END PGP SIGNATURE-----
--- a/SPECS/bind-dyndb-ldap.spec
+++ b/SPECS/bind-dyndb-ldap.spec
@ -1,81 +1,39 @@
 %define VERSION %{version}
-%define bind_name bind9.18
+%define bind_version 32:9.11.26-1
 %define bind_version 32:9.18.29-2
-%if 0%{?fedora} >= 31 || 0%{?rhel} > 8
+%if 0%{?fedora} >= 31 || 0%{?rhel} >= 9
-%if 0%{?fedora} >= 40 || 0%{?rhel} >= 10
+    %global openssl_pkcs11_version 0.4.10-2
-    %global openssl_pkcs11_version 0.3
+    %global softhsm_version 2.6.0
    %global openssl_pkcs11_name pkcs11-provider
    %global softhsm_version 2.6.1
 %else
    %global openssl_pkcs11_version 0.4.10-6
    %global openssl_pkcs11_name openssl-pkcs11
    %global softhsm_version 2.5.0-4
 %endif
 %else
    %global with_bind_pkcs11 1
 %endif
 Name:           bind-dyndb-ldap
-Version:        11.11
+Version:        11.6
-Release:        2%{?dist}
+Release:        4%{?dist}
 Summary:        LDAP back-end plug-in for BIND
 Group:          System Environment/Libraries
 License:        GPLv2+
 URL:            https://releases.pagure.org/bind-dyndb-ldap
 Source0:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
-%if "%{bind_name}" != "bind" && 0%{?rhel} == 9
+Patch0001:      0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2133036.patch
-Obsoletes: bind < 32:9.18
+Patch0002:      0002-add-rwlock-before-include-zt-h.patch
 Obsoletes: bind-chroot <= 32:9.18
 Obsoletes: bind-devel <= 32:9.18
 Obsoletes: bind-dlz-filesystem <= 32:9.18
 Obsoletes: bind-dlz-ldap <= 32:9.18
 Obsoletes: bind-dlz-mysql <= 32:9.18
 Obsoletes: bind-dlz-sqlite3 <= 32:9.18
 Obsoletes: bind-dnssec-doc <= 32:9.18
 Obsoletes: bind-dnssec-utils <= 32:9.18
 Obsoletes: bind-doc <= 32:9.18
 Obsoletes: bind-license <= 32:9.18
 Obsoletes: bind-libs <= 32:9.18
 Obsoletes: bind-utils <= 32:9.18
 Obsoletes: python3-bind <= 32:9.18
 %endif
 %if "%{bind_name}" != "bind9.18" && 0%{?rhel} > 9
 Obsoletes: bind9.18 <= 32:9.18
 Obsoletes: bind9.18-chroot <= 32:9.18
 Obsoletes: bind9.18-devel <= 32:9.18
 Obsoletes: bind9.18-dnssec-doc <= 32:9.18
 Obsoletes: bind9.18-dnssec-utils <= 32:9.18
 Obsoletes: bind9.18-doc <= 32:9.18
 Obsoletes: bind9.18-libs <= 32:9.18
 Obsoletes: bind9.18-utils <= 32:9.18
 %endif
-BuildRequires:  %{bind_name}-devel >= %{bind_version}, %{bind_name}-lite-devel >= %{bind_version}
+BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  automake, autoconf, libtool
 BuildRequires:  autoconf-archive
 # https://bugzilla.redhat.com/show_bug.cgi?id=2165256
 Conflicts: bind9-next
 %if %{with bind_pkcs11}
-BuildRequires:  %{bind_name}-pkcs11-devel >= %{bind_version}
+Requires:       bind-pkcs11 >= %{bind_version}, bind-pkcs11-utils >= %{bind_version}
 BuildRequires: make
 Requires(pre): %{bind_name}-pkcs11 >= %{bind_version}
 Requires: %{bind_name}-pkcs11 >= %{bind_version}
 Requires: %{bind_name}-pkcs11-utils >= %{bind_version}
 %else
 Requires: softhsm >= %{softhsm_version}
-Requires: %{openssl_pkcs11_name} >= %{openssl_pkcs11_version}
+Requires: openssl-pkcs11 >= %{openssl_pkcs11_version}
 Requires(pre): %{bind_name} >= %{bind_version}
 Requires: %{bind_name} >= %{bind_version}
 %endif
 %description
@ -85,17 +43,21 @@ off of your LDAP server.
 %prep
-%autosetup -n %{name}-%{VERSION} -p1
+%setup -q -n %{name}-%{VERSION}
 for p in %patches; do
    %__patch -p1 -i $p
 done
 %build
 autoreconf -fiv
 export BIND9_CFLAGS='-I /usr/include/bind9 -DHAVE_TLS -DHAVE_THREAD_LOCAL'
 %configure
-%make_build
+make %{?_smp_mflags}
 %install
-%make_install
+rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
 mkdir -m 770 -p %{buildroot}/%{_localstatedir}/named/dyndb-ldap
 # Remove unwanted files
@ -104,8 +66,6 @@ rm -r %{buildroot}%{_datadir}/doc/%{name}
 %post
 [ -f /etc/named.conf ] || exit 0
 # Transform named.conf if it still has old-style API.
 PLATFORM=$(uname -m)
@ -147,155 +107,64 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 %files
 %defattr(-,root,root,-)
 %doc NEWS README.md COPYING doc/{example,schema}.ldif
 %dir %attr(770, root, named) %{_localstatedir}/named/dyndb-ldap
 %{_libdir}/bind/ldap.so
 %changelog
-* Wed Feb 12 2025 Thomas Woerner <twoerner@redhat.com> - 11.11-2
+* Thu Oct 13 2022 Rafael Jeffman <rjeffman@redhat.com> - 11.6-4
 - Release bump, fixed date for previous changelog entry
  Resolves: RHEL-78927
 * Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 11.11-1
 - Release 11.11, Support BIND 9.18
  Resolves: RHEL-78927
 * Fri Sep 06 2024 Petr Menšík <pemensik@redhat.com> - 11.9-11
 - Bump version above RHEL 9.5
 * Wed Aug 07 2024 Petr Menšík <pemensik@redhat.com> - 11.9-10
 - Rebuilt for BIND CVE-2024-1737 fixes (CVE-2024-1737)
 * Thu Feb 22 2024 Petr Menšík <pemensik@redhat.com> - 11.9-9
 - Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387)
 * Wed Oct 19 2022 Rafael Jeffman <rjeffman<redhat.com> - 11.9-8
 - Modify empty zone conflicts under exclusive mode
-  Resolves: rhbz#2129844, rhbz#2130614
+  Resolves: rhbz#2126877
-* Fri Nov 26 2021 Petr Menšík <pemensik@redhat.com> - 11.9-7
+* Wed Dec 22 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-3
- Rebuilt for BIND 9.16.23 (#2019575)
+- Rebuild against bind 9.11.36
 - Resolves: rhbz#2022762
-* Wed Aug 25 2021 Petr Menšík <pemensik@redhat.com> - 11.9-6
+* Thu Jan 07 2021 Rob Crittenden <rcritten@redhat.com> - 11.6-2
- Rebuilt for BIND 9.16.20 with correct target
+- Rebuild against bind 9.11.26
-
+- Resolves: rhbz#1904612
 * Tue Aug 24 2021 Petr Menšík <pemensik@redhat.com> - 11.9-5
 - Rebuilt for BIND 9.16.20
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.9-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Thu Jul 22 2021 Petr Menšík <pemensik@redhat.com> - 11.9-3
 - Rebuilt for BIND 9.16.19 (#1960273)
 * Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 11.9-2
 - Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065
 * Tue May 25 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.9-1
 - Upstream release 11.9
 - Rebuilt for BIND 9.16.15+
 - Resolves: rhbz#1960273
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 11.7-2
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Wed Feb 24 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.7-1
 - Upstream release 11.7
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 11.6-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Fri Jan 22 2021 Petr Menšík <pemensik@redhat.com> - 11.6-6
 - Rebuilt for BIND 9.16.11
 * Fri Jan 15 2021 Petr Menšík <pemensik@redhat.com> - 11.6-5
 - Rebuilt for BIND 9.16.10
 * Tue Jan 12 2021 Petr Menšík <pemensik@redhat.com> - 11.6-4
 - Support BIND 9.16.10
 - Use make macros
 - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 * Thu Dec 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-3
 - Both require bind and require it for pre-install script
 - Resolves: rhbz#1902811
 * Thu Dec 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-2
 - Fix requires to bind: require bind installed before bind-dyndb-ldap
  as we depend on named group
 * Mon Nov 23 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.6-1
- Upstream release 11.6
+- New upstream release
- Use reference counting semantics in destructors according to BIND version
+- Resolves: rhbz#1891735
 * Wed Nov 18 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.5-1
 - Upstream release 11.5
 - Use OpenSSL pkcs11 engine in BIND instead of native PKCS11
 * Fri Oct 23 2020 Petr Menšík <pemensik@redhat.com> - 11.3-5
 - Rebuilt for bind 9.11.24
 * Fri Aug 21 2020 Petr Menšík <pemensik@redhat.com> - 11.3-4
 - Rebuilt for bind 9.11.22
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.3-3
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jun 08 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.3-1
- Upstream release 11.3
+- New upstream release
 - Resolves: rhbz#1845211
-* Tue Mar 31 2020 Petr Menšík <pemensik@redhat.com> - 11.2-5
+* Mon May 11 2020 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-4
- Rebuilt for bind 9.11.17
+- Rebuild against bind 9.11.18
  Resolves: rhbz#1834264
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 11.2-4
+* Wed Nov 27 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+- Rebuild against bind 9.11.13
  Related: RHBZ#1762813
-* Mon Nov 25 2019 Petr Menšík <pemensik@redhat.com> - 11.2-3
+* Mon Nov 18 2019 Thomas Woerner <twoerner@redhat.com> - 11.2-2
 - Rebuilt for bind 9.11.13
 * Mon Nov 11 2019 Petr Menšík <pemensik@redhat.com> - 11.2-2
 - Add support for serve-stale, detected on build time
  Patch by Petr Menšík <pemensik@redhat.com>
  Related: RHBZ#1762813
-* Tue Nov 05 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-1
+* Thu Nov 07 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.2-1
- New upstream release v11.2
+- New upstream release
 - Support BIND9 9.11.11
 - Resolves: rhbz#1762813
-* Tue Aug 27 2019 Petr Menšík <pemensik@redhat.com> - 11.1-20
+* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-14
 - Rebuilt for bind 9.11.10
 * Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-19
 - Fix attribute templating in case of a missing default value
- Resolves: rhbz#1705072
+- Resolves: rhbz#1741896
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 11.1-18
+* Mon Oct 15 2018 Petr Menšík <pemensik@redhat.com> - 11.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+- Move setting of named selinux boolean to bind (#1639410)
-* Wed Jul 17 2019 Petr Menšík <pemensik@redhat.com> - 11.1-17
+* Wed Aug 08 2018 Alexander Bokovoy <abokovoy@redhat.com> - 11.1-12
- Rebuilt for bind 9.11.8
+- Make sure we explicitly require openssl-devel for a build
 - Resolves: rhbz#1613942
-* Tue Jun 11 2019 Petr Menšík <pemensik@redhat.com> - 11.1-16
+* Mon Jul 23 2018 Petr Menšík <pemensik@redhat.com> - 11.1-11
- Rebuilt for bind 9.11.7
+- Rebuild against BIND 9.11.4
 * Fri May 03 2019 Petr Menšík <pemensik@redhat.com> - 11.1-15
 - Rebuilt for bind 9.11.6
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 11.1-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Mon Nov 05 2018 Petr Menšík <pemensik@redhat.com> - 11.1-13
 - Support for bind 9.11.5 headers
 * Thu Jul 12 2018 Petr Menšík <pemensik@redhat.com> - 11.1-12
 - Require bind with writable home, update to 9.11.4
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 11.1-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Thu Mar 01 2018 Petr Menšík <pemensik@redhat.com> - 11.1-10
 - Rebuild for bind 9.11.3. Minor tweaks to compile.
`@ -1 +1 @@`
	`73251b2d57a1be41317bea9da4eb3204c1d808c0 SOURCES/bind-dyndb-ldap-11.11.tar.bz2`	`fa27009509513d06a65b5aa16b612824280221c6 SOURCES/bind-dyndb-ldap-11.6.tar.bz2`
`@ -1 +1 @@`
	`SOURCES/bind-dyndb-ldap-11.11.tar.bz2`	`SOURCES/bind-dyndb-ldap-11.6.tar.bz2`