From 11207651f79e27d3f40d96f7c1cc2764565cfff0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Fri, 21 Jan 2022 18:07:00 +0100 Subject: [PATCH] Update to 9.16.25 (#2042504) - Reduced memory usage on machines with many CPU cores. - Offline ZSK expired signatures would be signed by KSK instead - Inline signed zone could be saved without serial, causing error after restart https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html#notes-for-bind-9-16-25 --- .gitignore | 2 + bind-9.16-openldap-2.6-all.patch | 199 ------------------------------- bind-9.16-openldap-2.6.patch | 55 --------- bind.spec | 12 +- sources | 4 +- 5 files changed, 9 insertions(+), 263 deletions(-) delete mode 100644 bind-9.16-openldap-2.6-all.patch delete mode 100644 bind-9.16-openldap-2.6.patch diff --git a/.gitignore b/.gitignore index 283f728..741f979 100644 --- a/.gitignore +++ b/.gitignore @@ -164,3 +164,5 @@ bind-9.7.2b1.tar.gz /bind-9.16.23.tar.xz.asc /bind-9.16.24.tar.xz /bind-9.16.24.tar.xz.asc +/bind-9.16.25.tar.xz +/bind-9.16.25.tar.xz.asc diff --git a/bind-9.16-openldap-2.6-all.patch b/bind-9.16-openldap-2.6-all.patch deleted file mode 100644 index 6af2714..0000000 --- a/bind-9.16-openldap-2.6-all.patch +++ /dev/null @@ -1,199 +0,0 @@ -From d02a805719d593863dd438798a29312a4177d207 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Wed, 22 Dec 2021 13:38:02 +0100 -Subject: [PATCH 2/2] Change all internal functions to dlz_ldap prefix - -To prevent any conflict in the future, avoid ldap_ prefix in any -internal functions. Keep it reserved for openldap only. ---- - contrib/dlz/modules/ldap/dlz_ldap_dynamic.c | 52 ++++++++++----------- - 1 file changed, 26 insertions(+), 26 deletions(-) - -diff --git a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c -index 317a691..a653fac 100644 ---- a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c -+++ b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c -@@ -128,7 +128,7 @@ b9_add_helper(ldap_instance_t *db, const char *helper_name, void *ptr); - - /*% checks that the LDAP URL parameters make sense */ - static isc_result_t --ldap_checkURL(ldap_instance_t *db, char *URL, int attrCnt, const char *msg) { -+dlz_ldap_checkURL(ldap_instance_t *db, char *URL, int attrCnt, const char *msg) { - isc_result_t result = ISC_R_SUCCESS; - int ldap_result; - LDAPURLDesc *ldap_url = NULL; -@@ -248,7 +248,7 @@ cleanup: - * multithreaded operation. - */ - static void --ldap_destroy_dblist(db_list_t *dblist) { -+dlz_ldap_destroy_dblist(db_list_t *dblist) { - dbinstance_t *ndbi = NULL; - dbinstance_t *dbi = NULL; - -@@ -282,7 +282,7 @@ ldap_destroy_dblist(db_list_t *dblist) { - * multithreaded operation. - */ - static dbinstance_t * --ldap_find_avail_conn(ldap_instance_t *ldap) { -+dlz_ldap_find_avail_conn(ldap_instance_t *ldap) { - dbinstance_t *dbi = NULL; - dbinstance_t *head; - int count = 0; -@@ -315,7 +315,7 @@ ldap_find_avail_conn(ldap_instance_t *ldap) { - #endif /* PTHREADS */ - - static isc_result_t --ldap_process_results(ldap_instance_t *db, LDAP *dbc, LDAPMessage *msg, -+dlz_ldap_process_results(ldap_instance_t *db, LDAP *dbc, LDAPMessage *msg, - char **attrs, void *ptr, bool allnodes) { - isc_result_t result = ISC_R_SUCCESS; - int i = 0; -@@ -543,7 +543,7 @@ cleanup: - * obtain a result set. - */ - static isc_result_t --ldap_get_results(const char *zone, const char *record, const char *client, -+dlz_ldap_get_results(const char *zone, const char *record, const char *client, - unsigned int query, void *dbdata, void *ptr) { - isc_result_t result; - ldap_instance_t *db = (ldap_instance_t *)dbdata; -@@ -558,7 +558,7 @@ ldap_get_results(const char *zone, const char *record, const char *client, - /* get db instance / connection */ - #if PTHREADS - /* find an available DBI from the list */ -- dbi = ldap_find_avail_conn(db); -+ dbi = dlz_ldap_find_avail_conn(db); - #else /* PTHREADS */ - /* - * only 1 DBI - no need to lock instance lock either -@@ -667,7 +667,7 @@ ldap_get_results(const char *zone, const char *record, const char *client, - * screwed up! - */ - db->log(ISC_LOG_ERROR, "Incorrect query flag passed to " -- "ldap_get_results"); -+ "dlz_ldap_get_results"); - result = ISC_R_UNEXPECTED; - goto cleanup; - } -@@ -755,13 +755,13 @@ ldap_get_results(const char *zone, const char *record, const char *client, - - switch (query) { - case ALLNODES: -- result = ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg, -- ldap_url->lud_attrs, ptr, true); -+ result = dlz_ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg, -+ ldap_url->lud_attrs, ptr, true); - break; - case AUTHORITY: - case LOOKUP: -- result = ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg, -- ldap_url->lud_attrs, ptr, false); -+ result = dlz_ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg, -+ ldap_url->lud_attrs, ptr, false); - break; - case ALLOWXFR: - entries = ldap_count_entries((LDAP *)dbi->dbconn, ldap_msg); -@@ -789,7 +789,7 @@ ldap_get_results(const char *zone, const char *record, const char *client, - * screwed up! - */ - db->log(ISC_LOG_ERROR, "Incorrect query flag passed to " -- "ldap_get_results"); -+ "dlz_ldap_get_results"); - result = ISC_R_UNEXPECTED; - } - -@@ -847,18 +847,18 @@ dlz_allowzonexfr(void *dbdata, const char *name, const char *client) { - } - - /* get all the zone data */ -- result = ldap_get_results(name, NULL, client, ALLOWXFR, dbdata, NULL); -+ result = dlz_ldap_get_results(name, NULL, client, ALLOWXFR, dbdata, NULL); - return (result); - } - - isc_result_t - dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes) { -- return (ldap_get_results(zone, NULL, NULL, ALLNODES, dbdata, allnodes)); -+ return (dlz_ldap_get_results(zone, NULL, NULL, ALLNODES, dbdata, allnodes)); - } - - isc_result_t - dlz_authority(const char *zone, void *dbdata, dns_sdlzlookup_t *lookup) { -- return (ldap_get_results(zone, NULL, NULL, AUTHORITY, dbdata, lookup)); -+ return (dlz_ldap_get_results(zone, NULL, NULL, AUTHORITY, dbdata, lookup)); - } - - #if DLZ_DLOPEN_VERSION < 3 -@@ -874,7 +874,7 @@ dlz_findzonedb(void *dbdata, const char *name, dns_clientinfomethods_t *methods, - UNUSED(methods); - UNUSED(clientinfo); - #endif /* if DLZ_DLOPEN_VERSION >= 3 */ -- return (ldap_get_results(name, NULL, NULL, FINDZONE, dbdata, NULL)); -+ return (dlz_ldap_get_results(name, NULL, NULL, FINDZONE, dbdata, NULL)); - } - - #if DLZ_DLOPEN_VERSION == 1 -@@ -896,11 +896,11 @@ dlz_lookup(const char *zone, const char *name, void *dbdata, - #endif /* if DLZ_DLOPEN_VERSION >= 2 */ - - if (strcmp(name, "*") == 0) { -- result = ldap_get_results(zone, "~", NULL, LOOKUP, dbdata, -- lookup); -+ result = dlz_ldap_get_results(zone, "~", NULL, LOOKUP, dbdata, -+ lookup); - } else { -- result = ldap_get_results(zone, name, NULL, LOOKUP, dbdata, -- lookup); -+ result = dlz_ldap_get_results(zone, name, NULL, LOOKUP, dbdata, -+ lookup); - } - return (result); - } -@@ -1000,29 +1000,29 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata, - /* check that LDAP URL parameters make sense */ - switch (argc) { - case 12: -- result = ldap_checkURL(ldap, argv[11], 0, -+ result = dlz_ldap_checkURL(ldap, argv[11], 0, - "allow zone transfer"); - if (result != ISC_R_SUCCESS) { - goto cleanup; - } - case 11: -- result = ldap_checkURL(ldap, argv[10], 3, "all nodes"); -+ result = dlz_ldap_checkURL(ldap, argv[10], 3, "all nodes"); - if (result != ISC_R_SUCCESS) { - goto cleanup; - } - case 10: - if (strlen(argv[9]) > 0) { -- result = ldap_checkURL(ldap, argv[9], 3, "authority"); -+ result = dlz_ldap_checkURL(ldap, argv[9], 3, "authority"); - if (result != ISC_R_SUCCESS) { - goto cleanup; - } - } - case 9: -- result = ldap_checkURL(ldap, argv[8], 3, "lookup"); -+ result = dlz_ldap_checkURL(ldap, argv[8], 3, "lookup"); - if (result != ISC_R_SUCCESS) { - goto cleanup; - } -- result = ldap_checkURL(ldap, argv[7], 0, "find zone"); -+ result = dlz_ldap_checkURL(ldap, argv[7], 0, "find zone"); - if (result != ISC_R_SUCCESS) { - goto cleanup; - } -@@ -1199,7 +1199,7 @@ dlz_destroy(void *dbdata) { - #if PTHREADS - /* cleanup the list of DBI's */ - if (db->db != NULL) { -- ldap_destroy_dblist((db_list_t *)(db->db)); -+ dlz_ldap_destroy_dblist((db_list_t *)(db->db)); - } - #else /* PTHREADS */ - if (db->db->dbconn != NULL) { --- -2.31.1 - diff --git a/bind-9.16-openldap-2.6.patch b/bind-9.16-openldap-2.6.patch deleted file mode 100644 index bdb7da5..0000000 --- a/bind-9.16-openldap-2.6.patch +++ /dev/null @@ -1,55 +0,0 @@ -From e6ed26c98ebac9313ce531a366f96ff9912e84af Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Wed, 22 Dec 2021 13:36:39 +0100 -Subject: [PATCH 1/2] Avoid conflict with ldap_connect function of openldap - -ldap_connect is defined by OpenLDAP 2.6. Compiler complains there are -conflicting declarations. Use dlz_ldap prefix instead of ldap to avoid -conflict. ---- - contrib/dlz/modules/ldap/dlz_ldap_dynamic.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c -index 543a95d..317a691 100644 ---- a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c -+++ b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c -@@ -193,7 +193,7 @@ cleanup: - - /*% Connects / reconnects to LDAP server */ - static isc_result_t --ldap_connect(ldap_instance_t *dbi, dbinstance_t *dbc) { -+dlz_ldap_connect(ldap_instance_t *dbi, dbinstance_t *dbc) { - isc_result_t result; - int ldap_result; - -@@ -700,7 +700,7 @@ ldap_get_results(const char *zone, const char *record, const char *client, - db->log(ISC_LOG_INFO, "LDAP driver attempting to " - "re-connect"); - -- result = ldap_connect((ldap_instance_t *)dbdata, dbi); -+ result = dlz_ldap_connect((ldap_instance_t *)dbdata, dbi); - if (result != ISC_R_SUCCESS) { - result = ISC_R_FAILURE; - continue; -@@ -731,7 +731,7 @@ ldap_get_results(const char *zone, const char *record, const char *client, - case LDAP_SERVER_DOWN: - db->log(ISC_LOG_INFO, "LDAP driver attempting to " - "re-connect"); -- result = ldap_connect((ldap_instance_t *)dbdata, dbi); -+ result = dlz_ldap_connect((ldap_instance_t *)dbdata, dbi); - if (result != ISC_R_SUCCESS) { - result = ISC_R_FAILURE; - } -@@ -1117,7 +1117,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata, - ldap->db = dbi; - #endif /* if PTHREADS */ - /* attempt to connect */ -- result = ldap_connect(ldap, dbi); -+ result = dlz_ldap_connect(ldap, dbi); - - /* - * if db connection cannot be created, log err msg and --- -2.31.1 - diff --git a/bind.spec b/bind.spec index 66c6c94..976853f 100644 --- a/bind.spec +++ b/bind.spec @@ -52,8 +52,8 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.16.24 -Release: 3%{?dist} +Version: 9.16.25 +Release: 1%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -102,9 +102,6 @@ Patch149:bind-9.11-kyua-pkcs11.patch Patch157:bind-9.11-fips-tests.patch # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2689 Patch164:bind-9.11-rh1666814.patch -# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5665 -Patch165:bind-9.16-openldap-2.6.patch -Patch166:bind-9.16-openldap-2.6-all.patch %{?systemd_ordering} Requires: coreutils @@ -403,8 +400,6 @@ in HTML and PDF format. %patch130 -p1 -b .libdb %patch157 -p1 -b .fips-tests %patch164 -p1 -b .rh1666814 -%patch165 -p1 -b .rh2032704 -%patch166 -p1 -b .rh2032704-2 %if %{with PKCS11} %patch135 -p1 -b .config-pkcs11 @@ -1127,6 +1122,9 @@ fi; %endif %changelog +* Fri Jan 21 2022 Petr Menšík - 32:9.16.25-1 +- Update to 9.16.25 (#2042504) + * Wed Jan 19 2022 Fedora Release Engineering - 32:9.16.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index ed0528a..fcfd18b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.16.24.tar.xz) = a982bcad8c517dbcb81e768486e1a8b92e495efcf45c4961170c3bc7fac837903605dcd05cfb9b9e1074599b90be1b9c3dbca4162ede0a32fe4c3405ad92816b -SHA512 (bind-9.16.24.tar.xz.asc) = 60afa2b2646fc761d85d15bc236fc700399478dfc8a9376bd591f1a3df4c0f26e029d6e8818cce3cdcd04600fd9d7b4d0092ac11a7c322159d15795165af3c79 +SHA512 (bind-9.16.25.tar.xz) = e43c0e59159d3a5642db051f3982d8767fb726426380c32960fefe4b9afd05708ed8f7e80a98b803a580b048e1a368c888e2dd5695fa5fcd7b8b75574a27cb62 +SHA512 (bind-9.16.25.tar.xz.asc) = ceb0af75619f2a2da4f183bb7d367f5a302ee41e140bc710b47aefedc3717b9cd7452f988e480a8798734f532338f3c03252a704e45b9d0a31f46ea499d1d572