diff --git a/.bind-dyndb-ldap.metadata b/.bind-dyndb-ldap.metadata index 7f14f8d..1025ef6 100644 --- a/.bind-dyndb-ldap.metadata +++ b/.bind-dyndb-ldap.metadata @@ -1 +1 @@ -282bf80634784e70a42c9cef050cbf74cdd5be0d SOURCES/bind-dyndb-ldap-11.1.tar.bz2 +0552e2595814b82626c4966af59b3d7f9bf3e990 SOURCES/bind-dyndb-ldap-11.2.tar.bz2 diff --git a/.gitignore b/.gitignore index b51fbbe..8d61224 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/bind-dyndb-ldap-11.1.tar.bz2 +SOURCES/bind-dyndb-ldap-11.2.tar.bz2 diff --git a/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch b/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch deleted file mode 100644 index 04b6cb8..0000000 --- a/SOURCES/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch +++ /dev/null @@ -1,116 +0,0 @@ -From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Mon, 27 Mar 2017 19:41:05 +0200 -Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst - -With the DynDB API changes, the ldap instance is acquired -differently. Previously, obtaining the instance could fail when -LDAP was disconnecting, thus the NULL check was necessary in the -cleanup part. - -Now, inst is obtained directly from the API. I'm not sure what is -the exact behaviour in edge cases such as LDAP disconnecting, so -I perform the NULL check a bit earlier, just to be safe. ---- - src/ldap_helper.c | 42 +++++++++++++++++++++--------------------- - 1 file changed, 21 insertions(+), 21 deletions(-) - -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event) - mctx = pevent->mctx; - dns_name_init(&prevname, NULL); - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - - if (SYNCREPL_DEL(pevent->chgtype)) { -@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event) - } - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- if (dns_name_dynamic(&prevname)) -- dns_name_free(&prevname, inst->mctx); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ if (dns_name_dynamic(&prevname)) -+ dns_name_free(&prevname, inst->mctx); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_zone (syncrepl) failed for %s. " - "Zones can be outdated, run `rndc reload`", -@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event) - - mctx = pevent->mctx; - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - CHECK(ldap_parse_configentry(entry, inst)); - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_config (syncrepl) failed for %s. " - "Configuration can be outdated, run `rndc reload`", -@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event) - - mctx = pevent->mctx; - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - CHECK(ldap_parse_serverconfigentry(entry, inst)); - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_serverconfig (syncrepl) failed for %s. " - "Configuration can be outdated, run `rndc reload`", -@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event) - dns_name_init(&prevname, NULL); - dns_name_init(&prevorigin, NULL); - -+ REQUIRE(inst != NULL); - CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure)); - zone_found = ISC_TRUE; - -@@ -4020,13 +4021,12 @@ cleanup: - ldap_entry_logname(entry), pevent->chgtype); - } - -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- if (dns_name_dynamic(&prevname)) -- dns_name_free(&prevname, inst->mctx); -- if (dns_name_dynamic(&prevorigin)) -- dns_name_free(&prevorigin, inst->mctx); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ if (dns_name_dynamic(&prevname)) -+ dns_name_free(&prevname, inst->mctx); -+ if (dns_name_dynamic(&prevorigin)) -+ dns_name_free(&prevorigin, inst->mctx); -+ - if (raw != NULL) - dns_zone_detach(&raw); - if (secure != NULL) --- -2.9.3 - diff --git a/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch b/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch new file mode 100644 index 0000000..1254d7f --- /dev/null +++ b/SOURCES/0001-bind-dyndb-ldap-11.2-servestale.patch @@ -0,0 +1,73 @@ +From fecc0fd86f598807129ea9fa1e4e7b74cf2aba21 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Mon, 11 Nov 2019 17:36:58 +0100 +Subject: [PATCH] Add support for servestale records + +Serve-stale support includes two new database methods. Add wrapper into +ldap database. +--- + configure.ac | 5 +++++ + src/ldap_driver.c | 24 ++++++++++++++++++++++++ + 2 files changed, 29 insertions(+) + +diff --git a/configure.ac b/configure.ac +index d05bad9..7997898 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -120,6 +120,11 @@ int main(void) { + [AC_MSG_ERROR([Cross compiling is not supported.])] + ) + ++dnl dns_db_setservestalettl() can be backported, detect support ++AC_CHECK_LIB([dns], [dns_db_setservestalettl], ++ [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])] ++) ++ + dnl Older autoconf (2.59, for example) doesn't define docdir + [[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}' + AC_SUBST([docdir]) +diff --git a/src/ldap_driver.c b/src/ldap_driver.c +index b9161fe..dcf65d0 100644 +--- a/src/ldap_driver.c ++++ b/src/ldap_driver.c +@@ -823,6 +823,26 @@ nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) + return dns_db_nodefullname(ldapdb->rbtdb, node, name); + } + ++#ifdef HAVE_DNS_SERVESTALE ++static isc_result_t ++setservestalettl(dns_db_t *db, dns_ttl_t ttl) { ++ ldapdb_t *ldapdb = (ldapdb_t *) db; ++ ++ REQUIRE(VALID_LDAPDB(ldapdb)); ++ ++ return dns_db_setservestalettl(ldapdb->rbtdb, ttl); ++} ++ ++static isc_result_t ++getservestalettl(dns_db_t *db, dns_ttl_t *ttl) { ++ ldapdb_t *ldapdb = (ldapdb_t *) db; ++ ++ REQUIRE(VALID_LDAPDB(ldapdb)); ++ ++ return dns_db_getservestalettl(ldapdb->rbtdb, ttl); ++} ++#endif ++ + static dns_dbmethods_t ldapdb_methods = { + attach, + detach, +@@ -869,6 +889,10 @@ static dns_dbmethods_t ldapdb_methods = { + hashsize, + nodefullname, + NULL, // getsize method not implemented (related BZ1353563) ++#ifdef HAVE_DNS_SERVESTALE ++ setservestalettl, ++ getservestalettl, ++#endif + }; + + isc_result_t ATTR_NONNULLS +-- +2.20.1 + diff --git a/SOURCES/0002-Add-empty-callback-for-getsize.patch b/SOURCES/0002-Add-empty-callback-for-getsize.patch deleted file mode 100644 index 63f08b9..0000000 --- a/SOURCES/0002-Add-empty-callback-for-getsize.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Tue, 27 Jun 2017 10:41:03 +0200 -Subject: [PATCH] Add empty callback for getsize - -BIND introduced getsize method in db.h. This is related to -CVE-2016-6170 and allows to set restriction of zone size limit. - -Signed-off-by: Tomas Krizek ---- - src/ldap_driver.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/ldap_driver.c b/src/ldap_driver.c -index 53ce1a9..38673b0 100644 ---- a/src/ldap_driver.c -+++ b/src/ldap_driver.c -@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = { - findext, - setcachestats, - hashsize, -- nodefullname -+ nodefullname, -+ NULL, // getsize method not implemented (related BZ1353563) - }; - - isc_result_t ATTR_NONNULLS --- -2.9.4 - diff --git a/SOURCES/0003-Support-for-BIND-9.11.3.patch b/SOURCES/0003-Support-for-BIND-9.11.3.patch deleted file mode 100644 index 092e3c2..0000000 --- a/SOURCES/0003-Support-for-BIND-9.11.3.patch +++ /dev/null @@ -1,137 +0,0 @@ -From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Thu, 1 Mar 2018 19:41:10 +0100 -Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in - each file that uses REQUIRE(). Support stdatomic feature, do not use function - call in STATIC_ASSERT(). - ---- - src/bindcfg.c | 1 + - src/fwd_register.c | 1 + - src/ldap_entry.h | 11 +++++------ - src/mldap.c | 4 ++-- - src/rbt_helper.c | 1 + - src/types.h | 2 +- - 6 files changed, 11 insertions(+), 9 deletions(-) - -diff --git a/src/bindcfg.c b/src/bindcfg.c -index 9b429ba..5539dea 100644 ---- a/src/bindcfg.c -+++ b/src/bindcfg.c -@@ -6,6 +6,7 @@ - - #include "config.h" - -+#include - #include - #include - -diff --git a/src/fwd_register.c b/src/fwd_register.c -index 355d15f..7cc0c5a 100644 ---- a/src/fwd_register.c -+++ b/src/fwd_register.c -@@ -3,6 +3,7 @@ - */ - - #include -+#include - #include - - #include "rbt_helper.h" -diff --git a/src/ldap_entry.h b/src/ldap_entry.h -index 6498c79..88b1c42 100644 ---- a/src/ldap_entry.h -+++ b/src/ldap_entry.h -@@ -6,7 +6,6 @@ - #define _LD_LDAP_ENTRY_H_ - - #include --#include - #include - - #include "fwd_register.h" -@@ -19,15 +18,15 @@ - - /* Represents values associated with LDAP attribute */ - typedef struct ldap_value ldap_value_t; --typedef LIST(ldap_value_t) ldap_valuelist_t; -+typedef ISC_LIST(ldap_value_t) ldap_valuelist_t; - struct ldap_value { - char *value; -- LINK(ldap_value_t) link; -+ ISC_LINK(ldap_value_t) link; - }; - - /* Represents LDAP attribute and it's values */ - typedef struct ldap_attribute ldap_attribute_t; --typedef LIST(ldap_attribute_t) ldap_attributelist_t; -+typedef ISC_LIST(ldap_attribute_t) ldap_attributelist_t; - - /* Represents LDAP entry and it's attributes */ - typedef unsigned char ldap_entryclass_t; -@@ -41,7 +40,7 @@ struct ldap_entry { - - ldap_attribute_t *lastattr; - ldap_attributelist_t attrs; -- LINK(ldap_entry_t) link; -+ ISC_LINK(ldap_entry_t) link; - - /* Parsing. */ - isc_lex_t *lex; -@@ -59,7 +58,7 @@ struct ldap_attribute { - char **ldap_values; - ldap_value_t *lastval; - ldap_valuelist_t values; -- LINK(ldap_attribute_t) link; -+ ISC_LINK(ldap_attribute_t) link; - }; - - #define LDAP_ENTRYCLASS_NONE 0x0 -diff --git a/src/mldap.c b/src/mldap.c -index 143abce..304ba36 100644 ---- a/src/mldap.c -+++ b/src/mldap.c -@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) { - * reference counter value. - */ - STATIC_ASSERT((isc_uint32_t) -- (typeof(isc_refcount_current((isc_refcount_t *)0))) -+ (typeof(((isc_refcount_t *)0)->refs)) - -1 - == 0xFFFFFFFF, \ - "negative isc_refcount_t cannot be properly shortened to 32 bits"); - - STATIC_ASSERT((isc_uint32_t) -- (typeof(isc_refcount_current((isc_refcount_t *)0))) -+ (typeof(((isc_refcount_t *)0)->refs)) - 0x90ABCDEF12345678 - == 0x12345678, \ - "positive isc_refcount_t cannot be properly shortened to 32 bits"); -diff --git a/src/rbt_helper.c b/src/rbt_helper.c -index 2a7e6cb..f610b07 100644 ---- a/src/rbt_helper.c -+++ b/src/rbt_helper.c -@@ -2,6 +2,7 @@ - * Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license - */ - -+#include - #include - - #include "util.h" -diff --git a/src/types.h b/src/types.h -index 25ef3b9..01d627c 100644 ---- a/src/types.h -+++ b/src/types.h -@@ -24,7 +24,7 @@ - * rdata1 -> rdata2 -> rdata3 rdata4 -> rdata5 - * next_rdatalist -> next_rdatalist ... - */ --typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t; -+typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t; - - typedef struct enum_txt_assoc { - int value; --- -2.14.3 - diff --git a/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc deleted file mode 100644 index 3becbc4..0000000 --- a/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5 -Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F -FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+ -r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr -G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ -lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4= -=jtZI ------END PGP SIGNATURE----- diff --git a/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc new file mode 100644 index 0000000..a1a7484 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-11.2.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEQepdgpabRRLDzQC/fTs0GEpfA1kFAl3BmvcACgkQfTs0GEpf +A1loIQgAvwg/JJTv8B5CWVc3/a1CgnokwQWKVFdD6uni3EGEH1vSRf58y2Faw8SI +PhNiUNEQYazJyTVZ9uk5CT9IzVaMOrMXjY3U/CyzY59BvX7UODts3pOTAoyPaBMi +fgDgWbF5NXfg/blgKKTCTSWdaCV5Pa85teva06mLj29Kxe2r5qRuAgiqGb4Paxc2 +pYnqlLtyyucrOz75gBDYkQndXqcJp1BVGQy+47gowfcn4e5ivVM8aexYRO2og+YD +pmkN5P77hqe2RdrWG3Lz65LyCFglk4ll+466xUkKkQg/9w606e/yx8dUXAl0+4MA +7eul6NowBs6Ok3azHh7ZPShTvlgcTg== +=DvdK +-----END PGP SIGNATURE----- diff --git a/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch b/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch deleted file mode 100644 index 6be7139..0000000 --- a/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 88096745d1ef1798854e0c8319b5ae015f045fe3 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy -Date: Wed, 1 May 2019 09:24:24 +0300 -Subject: [PATCH] Move recognition of a templated attribute to - ldap_attribute_to_rdatatype - -When substitution of a templated entry attribute fails, we need to fall -back to a static definition of the attribute from the same entry. This -means, however, that ldap_attribute_to_rdatatype() will attempt to parse -an attribute value anyway and will be confused by the templating prefix, -thus reporting in named's logs: - -unsupported operation: object class in resource record template DN -'idnsname=$NAME,idnsname=$ZONE.,cn=dns,$BASEDN' changed: -rndc reload might be necessary - -Move recognition of a template attribute name to -ldap_attribute_to_rdatatype() so that a proper attribute class is -correctly derived and ignore templated attribute in the fallback code -if case that template expansion is failed. - -Resolves: rhbz#1705072 ---- - src/ldap_convert.c | 33 +++++++++++++++++++++++++-------- - src/ldap_convert.h | 2 ++ - src/ldap_helper.c | 21 ++++++++++++++------- - 3 files changed, 41 insertions(+), 15 deletions(-) - -diff --git a/src/ldap_convert.c b/src/ldap_convert.c -index 002a679..6e24c81 100644 ---- a/src/ldap_convert.c -+++ b/src/ldap_convert.c -@@ -372,23 +372,40 @@ ldap_attribute_to_rdatatype(const char *ldap_attribute, dns_rdatatype_t *rdtype) - { - isc_result_t result; - unsigned len; -+ const char *attribute = NULL; - isc_consttextregion_t region; - - len = strlen(ldap_attribute); - if (len <= LDAP_RDATATYPE_SUFFIX_LEN) - return ISC_R_UNEXPECTEDEND; - -+ -+ /* Before looking up rdtype, we need to see if rdtype is -+ * an LDAP subtype (type;subtype) and if so, strip one of -+ * the known prefixes. We also need to remove 'record' suffix -+ * if it exists. The resulting rdtype text name should have no -+ * 'extra' details: A, AAAA, CNAME, etc. */ -+ attribute = ldap_attribute; -+ -+ /* Does attribute name start with with TEMPLATE_PREFIX? */ -+ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, -+ ldap_attribute, -+ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) { -+ attribute = ldap_attribute + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN; -+ len -= LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN; -+ /* Does attribute name start with with UNKNOWN_PREFIX? */ -+ } else if (strncasecmp(LDAP_RDATATYPE_UNKNOWN_PREFIX, -+ ldap_attribute, -+ LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) { -+ attribute = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; -+ len -= LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; -+ } -+ - /* Does attribute name end with RECORD_SUFFIX? */ -- if (strcasecmp(ldap_attribute + len - LDAP_RDATATYPE_SUFFIX_LEN, -+ if (strcasecmp(attribute + len - LDAP_RDATATYPE_SUFFIX_LEN, - LDAP_RDATATYPE_SUFFIX) == 0) { -- region.base = ldap_attribute; -+ region.base = attribute; - region.length = len - LDAP_RDATATYPE_SUFFIX_LEN; -- /* Does attribute name start with with UNKNOWN_PREFIX? */ -- } else if (strncasecmp(ldap_attribute, -- LDAP_RDATATYPE_UNKNOWN_PREFIX, -- LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) { -- region.base = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; -- region.length = len - LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; - } else - return ISC_R_UNEXPECTED; - -diff --git a/src/ldap_convert.h b/src/ldap_convert.h -index 47ac947..fcd575b 100644 ---- a/src/ldap_convert.h -+++ b/src/ldap_convert.h -@@ -17,6 +17,8 @@ - #define LDAP_RDATATYPE_SUFFIX_LEN (sizeof(LDAP_RDATATYPE_SUFFIX) - 1) - #define LDAP_RDATATYPE_UNKNOWN_PREFIX "UnknownRecord;" - #define LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN (sizeof(LDAP_RDATATYPE_UNKNOWN_PREFIX) - 1) -+#define LDAP_RDATATYPE_TEMPLATE_PREFIX "idnsTemplateAttribute;" -+#define LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN (sizeof(LDAP_RDATATYPE_TEMPLATE_PREFIX) - 1) - - /* - * Convert LDAP DN 'dn', to dns_name_t 'target'. 'target' needs to be -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index 8b486ae..7f70ee3 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -2396,7 +2396,7 @@ ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set, - result = setting_find(setting_name, set, isc_boolean_true, - isc_boolean_true, &setting); - if (result != ISC_R_SUCCESS) { -- log_debug(3, "setting '%s' is not defined so it " -+ log_debug(5, "setting '%s' is not defined so it " - "cannot be substituted into template '%s'", - setting_name, str_buf(orig_val)); - CLEANUP_WITH(ISC_R_IGNORE); -@@ -2459,23 +2459,22 @@ ldap_parse_rrentry_template(isc_mem_t *mctx, ldap_entry_t *entry, - dns_rdatatype_t rdtype; - dns_rdatalist_t *rdlist = NULL; - isc_boolean_t did_something = ISC_FALSE; -- static const char prefix[] = "idnsTemplateAttribute;"; -- static const char prefix_len = sizeof(prefix) - 1; - - CHECK(str_new(mctx, &orig_val)); - rdclass = ldap_entry_getrdclass(entry); - ttl = ldap_entry_getttl(entry, settings); - - while ((attr = ldap_entry_nextattr(entry)) != NULL) { -- if (strncasecmp(prefix, attr->name, prefix_len) != 0) -+ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, -+ attr->name, -+ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) != 0) - continue; - -- result = ldap_attribute_to_rdatatype(attr->name + prefix_len, -- &rdtype); -+ result = ldap_attribute_to_rdatatype(attr->name, &rdtype); - if (result != ISC_R_SUCCESS) { - log_bug("%s: substitution into '%s' is not supported", - ldap_entry_logname(entry), -- attr->name + prefix_len); -+ attr->name + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN); - continue; - } - -@@ -2559,6 +2558,14 @@ ldap_parse_rrentry(isc_mem_t *mctx, ldap_entry_t *entry, dns_name_t *origin, - for (result = ldap_entry_firstrdtype(entry, &attr, &rdtype); - result == ISC_R_SUCCESS; - result = ldap_entry_nextrdtype(entry, &attr, &rdtype)) { -+ /* If we reached this point and found a template attribute, -+ * skip it because it was not translated above due to missing -+ * defaults or some other errors. */ -+ if (((entry->class & LDAP_ENTRYCLASS_TEMPLATE) != 0) && -+ strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, -+ attr->name, -+ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) -+ continue; - - CHECK(findrdatatype_or_create(mctx, rdatalist, rdclass, - rdtype, ttl, &rdlist)); --- -2.21.0 - diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec index 1a809ff..447dbab 100644 --- a/SPECS/bind-dyndb-ldap.spec +++ b/SPECS/bind-dyndb-ldap.spec @@ -1,10 +1,10 @@ %define VERSION %{version} -%define bind_version 32:9.11.4-14.P2 +%define bind_version 32:9.11.12-1 Name: bind-dyndb-ldap -Version: 11.1 -Release: 14%{?dist} +Version: 11.2 +Release: 3%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries @@ -12,15 +12,11 @@ License: GPLv2+ URL: https://releases.pagure.org/bind-dyndb-ldap Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc -Patch1: 0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch -Patch2: 0002-Add-empty-callback-for-getsize.patch -Patch3: 0003-Support-for-BIND-9.11.3.patch -Patch4: bind-dyndb-ldap-template-attribute-defaults.patch +Patch1: 0001-bind-dyndb-ldap-11.2-servestale.patch BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} BuildRequires: krb5-devel BuildRequires: openldap-devel -BuildRequires: openssl-devel BuildRequires: libuuid-devel BuildRequires: automake, autoconf, libtool @@ -35,11 +31,8 @@ off of your LDAP server. %prep %setup -q -n %{name}-%{VERSION} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 - +%patch1 -p1 -b .servestale + %build autoreconf -fiv %configure @@ -105,6 +98,20 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf %changelog +* Wed Nov 27 2019 Alexander Bokovoy - 11.2-3 +- Rebuild against bind 9.11.13 + Related: RHBZ#1762813 + +* Mon Nov 18 2019 Thomas Woerner - 11.2-2 +- Add support for serve-stale, detected on build time + Patch by Petr Menšík + Related: RHBZ#1762813 + +* Thu Nov 07 2019 Alexander Bokovoy - 11.2-1 +- New upstream release +- Support BIND9 9.11.11 +- Resolves: rhbz#1762813 + * Fri Aug 16 2019 Alexander Bokovoy - 11.1-14 - Fix attribute templating in case of a missing default value - Resolves: rhbz#1741896