Fix queries for TKEY in nsupdate, when using GSSAPI (#1236087)

This commit is contained in:
Petr Menšík 2017-04-21 17:38:45 +02:00
parent 09e4b5788e
commit 19b1efe0bb
2 changed files with 52 additions and 1 deletions

46
bind-9.11-rh1236087.patch Normal file
View File

@ -0,0 +1,46 @@
From 66b71679b78ad6cf2c4e5c8c1216b602e0fe1e9b Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 20 Apr 2017 09:28:37 -0700
Subject: [PATCH] [master] nsupdate: send tkey queries to the right server
4588. [bug] nsupdate could send queries for TKEY to the wrong
server when using GSSAPI. Thanks to Tomas Hozza.
[RT #39893]
---
bin/nsupdate/nsupdate.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 9572fd8..8fc5b20 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -2799,10 +2799,8 @@ start_gssrequest(dns_name_t *master) {
if (kserver == NULL)
fatal("out of memory");
}
- if (servers == NULL)
- get_addresses(namestr, dnsport, kserver, 1);
- else
- memmove(kserver, &servers[ns_inuse], sizeof(isc_sockaddr_t));
+
+ memmove(kserver, &master_servers[master_inuse], sizeof(isc_sockaddr_t));
dns_fixedname_init(&fname);
servname = dns_fixedname_name(&fname);
@@ -2947,11 +2945,11 @@ recvgss(isc_task_t *task, isc_event_t *event) {
}
if (eresult != ISC_R_SUCCESS) {
- next_server("recvgss", addr, eresult);
+ next_master("recvgss", addr, eresult);
ddebug("Destroying request [%p]", request);
dns_request_destroy(&request);
dns_message_renderreset(tsigquery);
- sendrequest(&servers[ns_inuse], tsigquery, &request);
+ sendrequest(&master_servers[master_inuse], tsigquery, &request);
isc_mem_put(gmctx, reqinfo, sizeof(nsu_gssinfo_t));
isc_event_free(&event);
return;
--
2.9.3

View File

@ -25,7 +25,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.11.0 Version: 9.11.0
Release: 7%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Release: 8%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -82,6 +82,7 @@ Patch137:bind-9.10-use-of-strlcat.patch
Patch138:bind-9.10-openssl-1.1.patch Patch138:bind-9.10-openssl-1.1.patch
Patch139:bind-9.11-docbook-xsl.patch Patch139:bind-9.11-docbook-xsl.patch
Patch140:bind-9.11-rh1410433.patch Patch140:bind-9.11-rh1410433.patch
Patch141:bind-9.11-rh1236087.patch
# SDB patches # SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch Patch11: bind-9.3.2b2-sdbsrc.patch
@ -322,6 +323,7 @@ This package provides a module which allows commands to be sent to rndc directly
%patch138 -p1 -b .rh1390238 %patch138 -p1 -b .rh1390238
%patch139 -p1 -b .rh1397186 %patch139 -p1 -b .rh1397186
%patch140 -p1 -b .rh1410433 %patch140 -p1 -b .rh1410433
%patch141 -p1 -b .rh1236087
%if %{PKCS11} %if %{PKCS11}
cp -r bin/named{,-pkcs11} cp -r bin/named{,-pkcs11}
@ -1024,6 +1026,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{python3_sitelib}/isc/__pycache__/*py* %{python3_sitelib}/isc/__pycache__/*py*
%changelog %changelog
* Fri Apr 21 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-8.P5
- Fix queries for TKEY in nsupdate, when using GSSAPI (#1236087)
* Thu Apr 13 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-7.P5 * Thu Apr 13 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-7.P5
- Update to 9.11.0-P5 - Update to 9.11.0-P5
- Use BINDVERSION for upstream version - Use BINDVERSION for upstream version