Update to 9.16.25 (#2042504)

- Reduced memory usage on machines with many CPU cores. - Offline ZSK expired signatures would be signed by KSK instead - Inline signed zone could be saved without serial, causing error after restart https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html#notes-for-bind-9-16-25
2022-01-21 18:07:00 +01:00 · 2022-01-21 18:07:00 +01:00 · 11207651f7
commit 11207651f7
parent 3bb763c2a7
5 changed files with 9 additions and 263 deletions
--- a/.gitignore
+++ b/.gitignore
@ -164,3 +164,5 @@ bind-9.7.2b1.tar.gz
 /bind-9.16.23.tar.xz.asc
 /bind-9.16.24.tar.xz
 /bind-9.16.24.tar.xz.asc
 /bind-9.16.25.tar.xz
 /bind-9.16.25.tar.xz.asc
--- a/bind-9.16-openldap-2.6-all.patch
+++ b/bind-9.16-openldap-2.6-all.patch
@ -1,199 +0,0 @@
 From d02a805719d593863dd438798a29312a4177d207 Mon Sep 17 00:00:00 2001
 From: Petr Mensik <pemensik@redhat.com>
 Date: Wed, 22 Dec 2021 13:38:02 +0100
 Subject: [PATCH 2/2] Change all internal functions to dlz_ldap prefix
 To prevent any conflict in the future, avoid ldap_ prefix in any
 internal functions. Keep it reserved for openldap only.
 ---
 contrib/dlz/modules/ldap/dlz_ldap_dynamic.c | 52 ++++++++++-----------
 1 file changed, 26 insertions(+), 26 deletions(-)
 diff --git a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
 index 317a691..a653fac 100644
 --- a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
 +++ b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
@@ -128,7 +128,7 @@ b9_add_helper(ldap_instance_t *db, const char *helper_name, void *ptr);
 /*% checks that the LDAP URL parameters make sense */
 static isc_result_t
 -ldap_checkURL(ldap_instance_t *db, char *URL, int attrCnt, const char *msg) {
 +dlz_ldap_checkURL(ldap_instance_t *db, char *URL, int attrCnt, const char *msg) {
 	isc_result_t result = ISC_R_SUCCESS;
 	int ldap_result;
 	LDAPURLDesc *ldap_url = NULL;
@@ -248,7 +248,7 @@ cleanup:
  * multithreaded operation.
  */
 static void
 -ldap_destroy_dblist(db_list_t *dblist) {
 +dlz_ldap_destroy_dblist(db_list_t *dblist) {
 	dbinstance_t *ndbi = NULL;
 	dbinstance_t *dbi = NULL;
@@ -282,7 +282,7 @@ ldap_destroy_dblist(db_list_t *dblist) {
  * multithreaded operation.
  */
 static dbinstance_t *
 -ldap_find_avail_conn(ldap_instance_t *ldap) {
 +dlz_ldap_find_avail_conn(ldap_instance_t *ldap) {
 	dbinstance_t *dbi = NULL;
 	dbinstance_t *head;
 	int count = 0;
@@ -315,7 +315,7 @@ ldap_find_avail_conn(ldap_instance_t *ldap) {
 #endif /* PTHREADS */
 static isc_result_t
 -ldap_process_results(ldap_instance_t *db, LDAP *dbc, LDAPMessage *msg,
 +dlz_ldap_process_results(ldap_instance_t *db, LDAP *dbc, LDAPMessage *msg,
 		     char **attrs, void *ptr, bool allnodes) {
 	isc_result_t result = ISC_R_SUCCESS;
 	int i = 0;
@@ -543,7 +543,7 @@ cleanup:
  * obtain a result set.
  */
 static isc_result_t
 -ldap_get_results(const char *zone, const char *record, const char *client,
 +dlz_ldap_get_results(const char *zone, const char *record, const char *client,
 		 unsigned int query, void *dbdata, void *ptr) {
 	isc_result_t result;
 	ldap_instance_t *db = (ldap_instance_t *)dbdata;
@@ -558,7 +558,7 @@ ldap_get_results(const char *zone, const char *record, const char *client,
 	/* get db instance / connection */
 #if PTHREADS
 	/* find an available DBI from the list */
 -	dbi = ldap_find_avail_conn(db);
 +	dbi = dlz_ldap_find_avail_conn(db);
 #else  /* PTHREADS */
 	/*
 	 * only 1 DBI - no need to lock instance lock either
@@ -667,7 +667,7 @@ ldap_get_results(const char *zone, const char *record, const char *client,
 		 * screwed up!
 		 */
 		db->log(ISC_LOG_ERROR, "Incorrect query flag passed to "
 -				       "ldap_get_results");
 +				       "dlz_ldap_get_results");
 		result = ISC_R_UNEXPECTED;
 		goto cleanup;
 	}
@@ -755,13 +755,13 @@ ldap_get_results(const char *zone, const char *record, const char *client,
 	switch (query) {
 	case ALLNODES:
 -		result = ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg,
 -					      ldap_url->lud_attrs, ptr, true);
 +		result = dlz_ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg,
 +					          ldap_url->lud_attrs, ptr, true);
 		break;
 	case AUTHORITY:
 	case LOOKUP:
 -		result = ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg,
 -					      ldap_url->lud_attrs, ptr, false);
 +		result = dlz_ldap_process_results(db, (LDAP *)dbi->dbconn, ldap_msg,
 +					          ldap_url->lud_attrs, ptr, false);
 		break;
 	case ALLOWXFR:
 		entries = ldap_count_entries((LDAP *)dbi->dbconn, ldap_msg);
@@ -789,7 +789,7 @@ ldap_get_results(const char *zone, const char *record, const char *client,
 		 * screwed up!
 		 */
 		db->log(ISC_LOG_ERROR, "Incorrect query flag passed to "
 -				       "ldap_get_results");
 +				       "dlz_ldap_get_results");
 		result = ISC_R_UNEXPECTED;
 	}
@@ -847,18 +847,18 @@ dlz_allowzonexfr(void *dbdata, const char *name, const char *client) {
 	}
 	/* get all the zone data */
 -	result = ldap_get_results(name, NULL, client, ALLOWXFR, dbdata, NULL);
 +	result = dlz_ldap_get_results(name, NULL, client, ALLOWXFR, dbdata, NULL);
 	return (result);
 }
 isc_result_t
 dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes) {
 -	return (ldap_get_results(zone, NULL, NULL, ALLNODES, dbdata, allnodes));
 +	return (dlz_ldap_get_results(zone, NULL, NULL, ALLNODES, dbdata, allnodes));
 }
 isc_result_t
 dlz_authority(const char *zone, void *dbdata, dns_sdlzlookup_t *lookup) {
 -	return (ldap_get_results(zone, NULL, NULL, AUTHORITY, dbdata, lookup));
 +	return (dlz_ldap_get_results(zone, NULL, NULL, AUTHORITY, dbdata, lookup));
 }
 #if DLZ_DLOPEN_VERSION < 3
@@ -874,7 +874,7 @@ dlz_findzonedb(void *dbdata, const char *name, dns_clientinfomethods_t *methods,
 	UNUSED(methods);
 	UNUSED(clientinfo);
 #endif /* if DLZ_DLOPEN_VERSION >= 3 */
 -	return (ldap_get_results(name, NULL, NULL, FINDZONE, dbdata, NULL));
 +	return (dlz_ldap_get_results(name, NULL, NULL, FINDZONE, dbdata, NULL));
 }
 #if DLZ_DLOPEN_VERSION == 1
@@ -896,11 +896,11 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
 #endif /* if DLZ_DLOPEN_VERSION >= 2 */
 	if (strcmp(name, "*") == 0) {
 -		result = ldap_get_results(zone, "~", NULL, LOOKUP, dbdata,
 -					  lookup);
 +		result = dlz_ldap_get_results(zone, "~", NULL, LOOKUP, dbdata,
 +					      lookup);
 	} else {
 -		result = ldap_get_results(zone, name, NULL, LOOKUP, dbdata,
 -					  lookup);
 +		result = dlz_ldap_get_results(zone, name, NULL, LOOKUP, dbdata,
 +					      lookup);
 	}
 	return (result);
 }
@@ -1000,29 +1000,29 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
 	/* check that LDAP URL parameters make sense */
 	switch (argc) {
 	case 12:
 -		result = ldap_checkURL(ldap, argv[11], 0,
 +		result = dlz_ldap_checkURL(ldap, argv[11], 0,
 				       "allow zone transfer");
 		if (result != ISC_R_SUCCESS) {
 			goto cleanup;
 		}
 	case 11:
 -		result = ldap_checkURL(ldap, argv[10], 3, "all nodes");
 +		result = dlz_ldap_checkURL(ldap, argv[10], 3, "all nodes");
 		if (result != ISC_R_SUCCESS) {
 			goto cleanup;
 		}
 	case 10:
 		if (strlen(argv[9]) > 0) {
 -			result = ldap_checkURL(ldap, argv[9], 3, "authority");
 +			result = dlz_ldap_checkURL(ldap, argv[9], 3, "authority");
 			if (result != ISC_R_SUCCESS) {
 				goto cleanup;
 			}
 		}
 	case 9:
 -		result = ldap_checkURL(ldap, argv[8], 3, "lookup");
 +		result = dlz_ldap_checkURL(ldap, argv[8], 3, "lookup");
 		if (result != ISC_R_SUCCESS) {
 			goto cleanup;
 		}
 -		result = ldap_checkURL(ldap, argv[7], 0, "find zone");
 +		result = dlz_ldap_checkURL(ldap, argv[7], 0, "find zone");
 		if (result != ISC_R_SUCCESS) {
 			goto cleanup;
 		}
@@ -1199,7 +1199,7 @@ dlz_destroy(void *dbdata) {
 #if PTHREADS
 		/* cleanup the list of DBI's */
 		if (db->db != NULL) {
 -			ldap_destroy_dblist((db_list_t *)(db->db));
 +			dlz_ldap_destroy_dblist((db_list_t *)(db->db));
 		}
 #else  /* PTHREADS */
 		if (db->db->dbconn != NULL) {
 -- 
 2.31.1
--- a/bind-9.16-openldap-2.6.patch
+++ b/bind-9.16-openldap-2.6.patch
@ -1,55 +0,0 @@
 From e6ed26c98ebac9313ce531a366f96ff9912e84af Mon Sep 17 00:00:00 2001
 From: Petr Mensik <pemensik@redhat.com>
 Date: Wed, 22 Dec 2021 13:36:39 +0100
 Subject: [PATCH 1/2] Avoid conflict with ldap_connect function of openldap
 ldap_connect is defined by OpenLDAP 2.6. Compiler complains there are
 conflicting declarations. Use dlz_ldap prefix instead of ldap to avoid
 conflict.
 ---
 contrib/dlz/modules/ldap/dlz_ldap_dynamic.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
 index 543a95d..317a691 100644
 --- a/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
 +++ b/contrib/dlz/modules/ldap/dlz_ldap_dynamic.c
@@ -193,7 +193,7 @@ cleanup:
 /*% Connects / reconnects to LDAP server */
 static isc_result_t
 -ldap_connect(ldap_instance_t *dbi, dbinstance_t *dbc) {
 +dlz_ldap_connect(ldap_instance_t *dbi, dbinstance_t *dbc) {
 	isc_result_t result;
 	int ldap_result;
@@ -700,7 +700,7 @@ ldap_get_results(const char *zone, const char *record, const char *client,
 			db->log(ISC_LOG_INFO, "LDAP driver attempting to "
 					      "re-connect");
 -			result = ldap_connect((ldap_instance_t *)dbdata, dbi);
 +			result = dlz_ldap_connect((ldap_instance_t *)dbdata, dbi);
 			if (result != ISC_R_SUCCESS) {
 				result = ISC_R_FAILURE;
 				continue;
@@ -731,7 +731,7 @@ ldap_get_results(const char *zone, const char *record, const char *client,
 		case LDAP_SERVER_DOWN:
 			db->log(ISC_LOG_INFO, "LDAP driver attempting to "
 					      "re-connect");
 -			result = ldap_connect((ldap_instance_t *)dbdata, dbi);
 +			result = dlz_ldap_connect((ldap_instance_t *)dbdata, dbi);
 			if (result != ISC_R_SUCCESS) {
 				result = ISC_R_FAILURE;
 			}
@@ -1117,7 +1117,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], void **dbdata,
 	ldap->db = dbi;
 #endif /* if PTHREADS */
 		/* attempt to connect */
 -		result = ldap_connect(ldap, dbi);
 +		result = dlz_ldap_connect(ldap, dbi);
 		/*
 		 * if db connection cannot be created, log err msg and
 -- 
 2.31.1
--- a/bind.spec
+++ b/bind.spec
@ -52,8 +52,8 @@
 Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
 Name:     bind
 License:  MPLv2.0
-Version:  9.16.24
+Version:  9.16.25
-Release:  3%{?dist}
+Release:  1%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -102,9 +102,6 @@ Patch149:bind-9.11-kyua-pkcs11.patch
 Patch157:bind-9.11-fips-tests.patch
 # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2689
 Patch164:bind-9.11-rh1666814.patch
 # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5665
 Patch165:bind-9.16-openldap-2.6.patch
 Patch166:bind-9.16-openldap-2.6-all.patch
 %{?systemd_ordering}
 Requires:       coreutils
@ -403,8 +400,6 @@ in HTML and PDF format.
 %patch130 -p1 -b .libdb
 %patch157 -p1 -b .fips-tests
 %patch164 -p1 -b .rh1666814
 %patch165 -p1 -b .rh2032704
 %patch166 -p1 -b .rh2032704-2
 %if %{with PKCS11}
 %patch135 -p1 -b .config-pkcs11
@ -1127,6 +1122,9 @@ fi;
 %endif
 %changelog
 * Fri Jan 21 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.25-1
 - Update to 9.16.25 (#2042504)
 * Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.16.24-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (bind-9.16.24.tar.xz) = a982bcad8c517dbcb81e768486e1a8b92e495efcf45c4961170c3bc7fac837903605dcd05cfb9b9e1074599b90be1b9c3dbca4162ede0a32fe4c3405ad92816b
+SHA512 (bind-9.16.25.tar.xz) = e43c0e59159d3a5642db051f3982d8767fb726426380c32960fefe4b9afd05708ed8f7e80a98b803a580b048e1a368c888e2dd5695fa5fcd7b8b75574a27cb62
-SHA512 (bind-9.16.24.tar.xz.asc) = 60afa2b2646fc761d85d15bc236fc700399478dfc8a9376bd591f1a3df4c0f26e029d6e8818cce3cdcd04600fd9d7b4d0092ac11a7c322159d15795165af3c79
+SHA512 (bind-9.16.25.tar.xz.asc) = ceb0af75619f2a2da4f183bb7d367f5a302ee41e140bc710b47aefedc3717b9cd7452f988e480a8798734f532338f3c03252a704e45b9d0a31f46ea499d1d572
`@ -1,2 +1,2 @@`
	`SHA512 (bind-9.16.24.tar.xz) = a982bcad8c517dbcb81e768486e1a8b92e495efcf45c4961170c3bc7fac837903605dcd05cfb9b9e1074599b90be1b9c3dbca4162ede0a32fe4c3405ad92816b`	`SHA512 (bind-9.16.25.tar.xz) = e43c0e59159d3a5642db051f3982d8767fb726426380c32960fefe4b9afd05708ed8f7e80a98b803a580b048e1a368c888e2dd5695fa5fcd7b8b75574a27cb62`
	`SHA512 (bind-9.16.24.tar.xz.asc) = 60afa2b2646fc761d85d15bc236fc700399478dfc8a9376bd591f1a3df4c0f26e029d6e8818cce3cdcd04600fd9d7b4d0092ac11a7c322159d15795165af3c79`	`SHA512 (bind-9.16.25.tar.xz.asc) = ceb0af75619f2a2da4f183bb7d367f5a302ee41e140bc710b47aefedc3717b9cd7452f988e480a8798734f532338f3c03252a704e45b9d0a31f46ea499d1d572`