bind-dyndb-ldap requires sending from custom spawned thread to main
named threads. Change queue type to locked variant, which would not
crash when isc_send_task() is called from dyndb worker thread.
Related: rhbz#2048235
Those errors can be dropped by simple configuration:
logging {
category lame_servers { null; };
};
Do not hide them into debug log on all servers. Expect lame servers are
not so common to drop it always.
Allow all subsequent patches with higher number to be added to normal
common list of patches. Make just initial patches special.
Ensure all patch chunks use -p1 prefix.
bind-dyndb-ldap started crashing after memory optimization made in
9.16.25 release. It attempts to use now uninitialized memory part. Work
around this problem by extra command line parameters, which would
request additional threads. Those threads then would be safely used by
bind-dyndb-ldap. Requires change to bind-dyndb-ldap and freeipa
packages.
Needs freeipa to add OPTIONS+="-H 200" to /etc/sysconfig/named
Related: rhbz#2048235
Use more friendly value for primary and secondary zones. It used master
for ages, but that might have wrong connotation to someone. Use
something without problematic history.
Thread removal were incomplete, it has broken some dlz modules
compilation. Ensure threaded variant is always used, remove
remains of single-thread variant.
Rename internal function to not start with just ldap_ prefix. OpenLDAP
library provides such function with different parameters and compiler
cannot pass it.
BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.
Resolves: rhbz#2013597
Variants for testing were planned to test also named-sdb and
named-pkcs11 builds. Instead, those build were deprecated, named-sdb no
longer exists with possible replacement of named-dlz plugins.
named-pkcs11 would not be built soon, it can be replaced by using -E
pkcs11 parameter to named and some dnssec-* tools. Testing those
variants should not be required this way.
Remove also conditionals for RHEL. RHEL8 and 9 has different
requirements, it does not make sense to tune them in Fedora package
itself. CentOS Stream 9 has already public spec adjusted to RHEL.
Upstream maptolower and maptoupper did not contain w character. It makes
response mangled, replacing 'w' and 'W' characters with '\0' in answer.
Resolves: rhbz#1973587
Resolves CVE-2021-25215 and CVE-2021-25214.
Removes disable-isc-spnego flag, because custom isc spnego code were
removed with also this flag. It is default (and the only) option now.
