From 19b1efe0bb3591e09897b72e548ba467e31f4c4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Fri, 21 Apr 2017 17:38:45 +0200 Subject: [PATCH] Fix queries for TKEY in nsupdate, when using GSSAPI (#1236087) --- bind-9.11-rh1236087.patch | 46 +++++++++++++++++++++++++++++++++++++++ bind.spec | 7 +++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 bind-9.11-rh1236087.patch diff --git a/bind-9.11-rh1236087.patch b/bind-9.11-rh1236087.patch new file mode 100644 index 0000000..569db9b --- /dev/null +++ b/bind-9.11-rh1236087.patch @@ -0,0 +1,46 @@ +From 66b71679b78ad6cf2c4e5c8c1216b602e0fe1e9b Mon Sep 17 00:00:00 2001 +From: Evan Hunt +Date: Thu, 20 Apr 2017 09:28:37 -0700 +Subject: [PATCH] [master] nsupdate: send tkey queries to the right server + +4588. [bug] nsupdate could send queries for TKEY to the wrong + server when using GSSAPI. Thanks to Tomas Hozza. + [RT #39893] +--- + bin/nsupdate/nsupdate.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c +index 9572fd8..8fc5b20 100644 +--- a/bin/nsupdate/nsupdate.c ++++ b/bin/nsupdate/nsupdate.c +@@ -2799,10 +2799,8 @@ start_gssrequest(dns_name_t *master) { + if (kserver == NULL) + fatal("out of memory"); + } +- if (servers == NULL) +- get_addresses(namestr, dnsport, kserver, 1); +- else +- memmove(kserver, &servers[ns_inuse], sizeof(isc_sockaddr_t)); ++ ++ memmove(kserver, &master_servers[master_inuse], sizeof(isc_sockaddr_t)); + + dns_fixedname_init(&fname); + servname = dns_fixedname_name(&fname); +@@ -2947,11 +2945,11 @@ recvgss(isc_task_t *task, isc_event_t *event) { + } + + if (eresult != ISC_R_SUCCESS) { +- next_server("recvgss", addr, eresult); ++ next_master("recvgss", addr, eresult); + ddebug("Destroying request [%p]", request); + dns_request_destroy(&request); + dns_message_renderreset(tsigquery); +- sendrequest(&servers[ns_inuse], tsigquery, &request); ++ sendrequest(&master_servers[master_inuse], tsigquery, &request); + isc_mem_put(gmctx, reqinfo, sizeof(nsu_gssinfo_t)); + isc_event_free(&event); + return; +-- +2.9.3 + diff --git a/bind.spec b/bind.spec index 085f80d..c07c755 100644 --- a/bind.spec +++ b/bind.spec @@ -25,7 +25,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.0 -Release: 7%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 8%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -82,6 +82,7 @@ Patch137:bind-9.10-use-of-strlcat.patch Patch138:bind-9.10-openssl-1.1.patch Patch139:bind-9.11-docbook-xsl.patch Patch140:bind-9.11-rh1410433.patch +Patch141:bind-9.11-rh1236087.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -322,6 +323,7 @@ This package provides a module which allows commands to be sent to rndc directly %patch138 -p1 -b .rh1390238 %patch139 -p1 -b .rh1397186 %patch140 -p1 -b .rh1410433 +%patch141 -p1 -b .rh1236087 %if %{PKCS11} cp -r bin/named{,-pkcs11} @@ -1024,6 +1026,9 @@ rm -rf ${RPM_BUILD_ROOT} %{python3_sitelib}/isc/__pycache__/*py* %changelog +* Fri Apr 21 2017 Petr Menšík - 32:9.11.0-8.P5 +- Fix queries for TKEY in nsupdate, when using GSSAPI (#1236087) + * Thu Apr 13 2017 Petr Menšík - 32:9.11.0-7.P5 - Update to 9.11.0-P5 - Use BINDVERSION for upstream version