diff --git a/.bind-dyndb-ldap.metadata b/.bind-dyndb-ldap.metadata new file mode 100644 index 0000000..7f14f8d --- /dev/null +++ b/.bind-dyndb-ldap.metadata @@ -0,0 +1 @@ +282bf80634784e70a42c9cef050cbf74cdd5be0d SOURCES/bind-dyndb-ldap-11.1.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b51fbbe --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/bind-dyndb-ldap-11.1.tar.bz2 diff --git a/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc new file mode 100644 index 0000000..3becbc4 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-11.1.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5 +Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F +FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+ +r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr +G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ +lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4= +=jtZI +-----END PGP SIGNATURE----- diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch b/SOURCES/bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch new file mode 100644 index 0000000..acabac3 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch @@ -0,0 +1,49 @@ +From ba828bdd09a8203ff6c8e3a2bc66f6af75e3330a Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Feb 2017 14:19:41 +0100 +Subject: [PATCH 2/3] Treat passwords like ordinary text, bind 9.9 does not + support change 3701. Uses simple cfg_print. + +--- + src/ldap_helper.c | 2 +- + src/settings.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 94bd9cf..fb7c67f 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -246,7 +246,7 @@ dyndb_ldap_conf_clauses[] = { + { "krb5_keytab", &cfg_type_qstring, 0 }, + { "krb5_principal", &cfg_type_qstring, 0 }, + { "ldap_hostname", &cfg_type_qstring, 0 }, +- { "password", &cfg_type_sstring, 0 }, ++ { "password", &cfg_type_qstring, 0 }, + { "reconnect_interval", &cfg_type_uint32, 0 }, + { "sasl_auth_name", &cfg_type_qstring, 0 }, + { "sasl_mech", &cfg_type_qstring, 0 }, +diff --git a/src/settings.c b/src/settings.c +index 37e6e5c..8f3ae34 100644 +--- a/src/settings.c ++++ b/src/settings.c +@@ -605,7 +605,7 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + /* this avoids additional quotes around the string */ + str_value = cfg_obj_asstring(cfg_value); + } else { +- cfg_printx(cfg_value, 0, cfg_printer, buf_value); ++ cfg_print(cfg_value, cfg_printer, buf_value); + isc_buffer_putmem(buf_value, (unsigned char *)"\0", 1); + str_value = isc_buffer_base(buf_value); + } +@@ -690,7 +690,7 @@ setting_set_parse_conf(isc_mem_t *mctx, const char *name, + result = cfg_parse_buffer2(parser, &in_buf, name, cfg_type_conf, + &config); + if (result == ISC_R_SUCCESS) { +- cfg_printx(config, CFG_PRINTER_XKEY, cfg_printer, log_buf); ++ cfg_print(config, cfg_printer, log_buf); + cfg_obj_log(config, dns_lctx, ISC_LOG_DEBUG(10), + "configuration for dyndb instance '%s' " + "(starting in file %s on line %lu):\n" +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch b/SOURCES/bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch new file mode 100644 index 0000000..32b53bc --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch @@ -0,0 +1,198 @@ +From 61d59a061acf2eeeb328864d1aef8b10b6b6a1fb Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Feb 2017 15:06:45 +0100 +Subject: [PATCH 3/3] Replace unsupported autoreallocating buffer by custom + print_buffer + +--- + src/settings.c | 106 +++++++++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 77 insertions(+), 29 deletions(-) + +diff --git a/src/settings.c b/src/settings.c +index 8f3ae34..7d41b66 100644 +--- a/src/settings.c ++++ b/src/settings.c +@@ -553,19 +553,69 @@ settings_set_free(settings_set_t **set) { + *set = NULL; + } + ++static const unsigned int BUFFER_INCR = 2048; ++/** Structure for unlimited buffer. ++ * ++ * Replace for isc_buffer with autoreallocation enabled from newer bind. */ ++typedef struct print_buffer ++{ ++ isc_mem_t *mctx; ++ isc_buffer_t *buffer; ++ isc_result_t allocated; ++} print_buffer_t; ++ ++/** Initialize print buffer with preallocated isc_buffer. */ ++static isc_result_t ++print_buffer_init(isc_mem_t *mctx, print_buffer_t *buffer) ++{ ++ buffer->mctx = mctx; ++ buffer->buffer = NULL; ++ buffer->allocated = ++ isc_buffer_allocate(mctx, &buffer->buffer, BUFFER_INCR); ++ return buffer->allocated; ++} ++ ++static isc_result_t ++print_buffer_increment(print_buffer_t *pb, unsigned int inclen) ++{ ++ unsigned int increment = BUFFER_INCR; ++ isc_buffer_t *newbuffer = NULL; ++ unsigned int newsize; ++ if (increment < (inclen)) ++ increment = (((inclen)/BUFFER_INCR)+1)*BUFFER_INCR; ++ ++ newsize = isc_buffer_length(pb->buffer)+increment; ++ REQUIRE(newsize > isc_buffer_length(pb->buffer)); ++ pb->allocated = isc_buffer_allocate(pb->mctx, &newbuffer, newsize); ++ if (pb->allocated == ISC_R_SUCCESS) ++ { ++ isc_buffer_putmem(newbuffer, ++ isc_buffer_base(pb->buffer), ++ isc_buffer_length(pb->buffer)); ++ isc_buffer_free(&pb->buffer); ++ pb->buffer = newbuffer; ++ } ++ return pb->allocated; ++} ++ + /** +- * Append textlen bytes from text to isc_buffer pointed to by closure. ++ * Append textlen bytes from text to print_buffer pointed to by closure. + * +- * @pre closure is an initialized isc_buffer with autoreallocation enabled. ++ * @pre closure is an initialized print_buffer . + */ + static void + cfg_printer(void *closure, const char *text, int textlen) { +- isc_buffer_t *logbuffer = closure; +- +- REQUIRE(logbuffer != NULL); +- REQUIRE(logbuffer->autore == ISC_TRUE); ++ struct print_buffer * pb = closure; ++ REQUIRE(pb != NULL); ++ REQUIRE(pb->buffer != NULL); ++ REQUIRE(pb->mctx != NULL); ++ ++ /* I will append terminating '\0', make sure space is reserved */ ++ if (isc_buffer_availablelength(pb->buffer) < (unsigned)(textlen+1)) { ++ print_buffer_increment(pb, textlen+1); ++ } + +- isc_buffer_putmem(logbuffer, (const unsigned char *)text, textlen); ++ isc_buffer_putmem(pb->buffer, (const unsigned char *)text, textlen); + } + + /** +@@ -583,14 +633,12 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + { + isc_result_t result; + setting_t *setting; +- isc_buffer_t *buf_value = NULL; ++ print_buffer_t buf_value; + const cfg_obj_t *cfg_value; + const char *str_value; + + REQUIRE(cfg_obj_ismap(config) == ISC_TRUE); +- +- CHECK(isc_buffer_allocate(set->mctx, &buf_value, ISC_BUFFER_INCR)); +- isc_buffer_setautorealloc(buf_value, ISC_TRUE); ++ CHECK(print_buffer_init(set->mctx, &buf_value)); + + for (setting = set->first_setting; + setting->name != NULL; +@@ -605,21 +653,22 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + /* this avoids additional quotes around the string */ + str_value = cfg_obj_asstring(cfg_value); + } else { +- cfg_print(cfg_value, cfg_printer, buf_value); +- isc_buffer_putmem(buf_value, (unsigned char *)"\0", 1); +- str_value = isc_buffer_base(buf_value); ++ cfg_print(cfg_value, cfg_printer, &buf_value); ++ CHECK(buf_value.allocated); ++ isc_buffer_putmem(buf_value.buffer, (unsigned char *)"\0", 1); ++ str_value = isc_buffer_base(buf_value.buffer); + } + result = set_value(set->mctx, set, setting, str_value); + if (result != ISC_R_SUCCESS && result != ISC_R_IGNORE) + goto cleanup; +- isc_buffer_clear(buf_value); ++ isc_buffer_clear(buf_value.buffer); + } + + cleanup: + if (result != ISC_R_SUCCESS) + log_error_r("cannot parse settings for '%s'", set->name); +- if (buf_value != NULL) +- isc_buffer_free(&buf_value); ++ if (buf_value.buffer != NULL) ++ isc_buffer_free(&buf_value.buffer); + return result; + } + +@@ -673,46 +722,45 @@ setting_set_parse_conf(isc_mem_t *mctx, const char *name, + isc_result_t result; + cfg_obj_t *config = NULL; + isc_buffer_t in_buf; +- isc_buffer_t *log_buf = NULL; ++ print_buffer_t pb; + cfg_parser_t *parser = NULL; + unsigned int len; + + REQUIRE(parameters != NULL); + +- CHECK(isc_buffer_allocate(mctx, &log_buf, ISC_BUFFER_INCR)); +- isc_buffer_setautorealloc(log_buf, ISC_TRUE); ++ CHECK(print_buffer_init(mctx, &pb)); + + len = strlen(parameters); + isc_buffer_constinit(&in_buf, parameters, len); + isc_buffer_add(&in_buf, len); + + CHECK(cfg_parser_create(mctx, dns_lctx, &parser)); +- result = cfg_parse_buffer2(parser, &in_buf, name, cfg_type_conf, ++ result = cfg_parse_buffer(parser, &in_buf, cfg_type_conf, + &config); + if (result == ISC_R_SUCCESS) { +- cfg_print(config, cfg_printer, log_buf); ++ cfg_print(config, cfg_printer, &pb); + cfg_obj_log(config, dns_lctx, ISC_LOG_DEBUG(10), + "configuration for dyndb instance '%s' " + "(starting in file %s on line %lu):\n" + "%.*s", +- name, file, line, isc_buffer_usedlength(log_buf), +- (char *)isc_buffer_base(log_buf)); ++ name, file, line, isc_buffer_usedlength(pb.buffer), ++ (char *)isc_buffer_base(pb.buffer)); + } else { + log_error("configuration for dyndb instance '%s' " + "(starting in file %s on line %lu) is invalid", + name, file, line); +- cfg_print_grammar(cfg_type_conf, cfg_printer, log_buf); ++ cfg_print_grammar(cfg_type_conf, cfg_printer, &pb); + log_info("expected grammar:\n" +- "%.*s", isc_buffer_usedlength(log_buf), +- (char *)isc_buffer_base(log_buf)); ++ "%.*s", isc_buffer_usedlength(pb.buffer), ++ (char *)isc_buffer_base(pb.buffer)); + goto cleanup; + } + + CHECK(settings_set_fill(config, settings)); + + cleanup: +- if (log_buf != NULL) +- isc_buffer_free(&log_buf); ++ if (pb.buffer != NULL) ++ isc_buffer_free(&pb.buffer); + if (config != NULL) + cfg_obj_destroy(parser, &config); + if (parser != NULL) +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch b/SOURCES/bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch new file mode 100644 index 0000000..63f08b9 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch @@ -0,0 +1,30 @@ +From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Tue, 27 Jun 2017 10:41:03 +0200 +Subject: [PATCH] Add empty callback for getsize + +BIND introduced getsize method in db.h. This is related to +CVE-2016-6170 and allows to set restriction of zone size limit. + +Signed-off-by: Tomas Krizek +--- + src/ldap_driver.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/ldap_driver.c b/src/ldap_driver.c +index 53ce1a9..38673b0 100644 +--- a/src/ldap_driver.c ++++ b/src/ldap_driver.c +@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = { + findext, + setcachestats, + hashsize, +- nodefullname ++ nodefullname, ++ NULL, // getsize method not implemented (related BZ1353563) + }; + + isc_result_t ATTR_NONNULLS +-- +2.9.4 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch b/SOURCES/bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch new file mode 100644 index 0000000..092e3c2 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch @@ -0,0 +1,137 @@ +From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Thu, 1 Mar 2018 19:41:10 +0100 +Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in + each file that uses REQUIRE(). Support stdatomic feature, do not use function + call in STATIC_ASSERT(). + +--- + src/bindcfg.c | 1 + + src/fwd_register.c | 1 + + src/ldap_entry.h | 11 +++++------ + src/mldap.c | 4 ++-- + src/rbt_helper.c | 1 + + src/types.h | 2 +- + 6 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/bindcfg.c b/src/bindcfg.c +index 9b429ba..5539dea 100644 +--- a/src/bindcfg.c ++++ b/src/bindcfg.c +@@ -6,6 +6,7 @@ + + #include "config.h" + ++#include + #include + #include + +diff --git a/src/fwd_register.c b/src/fwd_register.c +index 355d15f..7cc0c5a 100644 +--- a/src/fwd_register.c ++++ b/src/fwd_register.c +@@ -3,6 +3,7 @@ + */ + + #include ++#include + #include + + #include "rbt_helper.h" +diff --git a/src/ldap_entry.h b/src/ldap_entry.h +index 6498c79..88b1c42 100644 +--- a/src/ldap_entry.h ++++ b/src/ldap_entry.h +@@ -6,7 +6,6 @@ + #define _LD_LDAP_ENTRY_H_ + + #include +-#include + #include + + #include "fwd_register.h" +@@ -19,15 +18,15 @@ + + /* Represents values associated with LDAP attribute */ + typedef struct ldap_value ldap_value_t; +-typedef LIST(ldap_value_t) ldap_valuelist_t; ++typedef ISC_LIST(ldap_value_t) ldap_valuelist_t; + struct ldap_value { + char *value; +- LINK(ldap_value_t) link; ++ ISC_LINK(ldap_value_t) link; + }; + + /* Represents LDAP attribute and it's values */ + typedef struct ldap_attribute ldap_attribute_t; +-typedef LIST(ldap_attribute_t) ldap_attributelist_t; ++typedef ISC_LIST(ldap_attribute_t) ldap_attributelist_t; + + /* Represents LDAP entry and it's attributes */ + typedef unsigned char ldap_entryclass_t; +@@ -41,7 +40,7 @@ struct ldap_entry { + + ldap_attribute_t *lastattr; + ldap_attributelist_t attrs; +- LINK(ldap_entry_t) link; ++ ISC_LINK(ldap_entry_t) link; + + /* Parsing. */ + isc_lex_t *lex; +@@ -59,7 +58,7 @@ struct ldap_attribute { + char **ldap_values; + ldap_value_t *lastval; + ldap_valuelist_t values; +- LINK(ldap_attribute_t) link; ++ ISC_LINK(ldap_attribute_t) link; + }; + + #define LDAP_ENTRYCLASS_NONE 0x0 +diff --git a/src/mldap.c b/src/mldap.c +index 143abce..304ba36 100644 +--- a/src/mldap.c ++++ b/src/mldap.c +@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) { + * reference counter value. + */ + STATIC_ASSERT((isc_uint32_t) +- (typeof(isc_refcount_current((isc_refcount_t *)0))) ++ (typeof(((isc_refcount_t *)0)->refs)) + -1 + == 0xFFFFFFFF, \ + "negative isc_refcount_t cannot be properly shortened to 32 bits"); + + STATIC_ASSERT((isc_uint32_t) +- (typeof(isc_refcount_current((isc_refcount_t *)0))) ++ (typeof(((isc_refcount_t *)0)->refs)) + 0x90ABCDEF12345678 + == 0x12345678, \ + "positive isc_refcount_t cannot be properly shortened to 32 bits"); +diff --git a/src/rbt_helper.c b/src/rbt_helper.c +index 2a7e6cb..f610b07 100644 +--- a/src/rbt_helper.c ++++ b/src/rbt_helper.c +@@ -2,6 +2,7 @@ + * Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license + */ + ++#include + #include + + #include "util.h" +diff --git a/src/types.h b/src/types.h +index 25ef3b9..01d627c 100644 +--- a/src/types.h ++++ b/src/types.h +@@ -24,7 +24,7 @@ + * rdata1 -> rdata2 -> rdata3 rdata4 -> rdata5 + * next_rdatalist -> next_rdatalist ... + */ +-typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t; ++typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t; + + typedef struct enum_txt_assoc { + int value; +-- +2.14.3 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch b/SOURCES/bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch new file mode 100644 index 0000000..8bc1abc --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch @@ -0,0 +1,123 @@ +From 925159b0e3757e650d9dbdb7888f6d66dde6d62f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 5 Nov 2018 19:49:03 +0100 +Subject: [PATCH] Adjust to changes in bind 9.11.5 + +Custom types like isc_boolean_t and isc_uint32_t were removed from bind +headers. Compatibility headers are included, but have to be manually +used. Better change would be to start using uint32_t and bool types, +but that changes too much of code for now. +--- + src/fwd.c | 2 ++ + src/ldap_entry.c | 1 + + src/ldap_helper.c | 1 + + src/ldap_helper.h | 1 + + src/mldap.c | 1 + + src/settings.h | 2 ++ + src/types.h | 2 ++ + src/zone.c | 1 + + 8 files changed, 11 insertions(+) + +diff --git a/src/fwd.c b/src/fwd.c +index 840f0e8..f1ab60c 100644 +--- a/src/fwd.c ++++ b/src/fwd.c +@@ -6,6 +6,8 @@ + + #include "config.h" + ++#include ++ + #include + + #include +diff --git a/src/ldap_entry.c b/src/ldap_entry.c +index 96a6ef8..00a7e89 100644 +--- a/src/ldap_entry.c ++++ b/src/ldap_entry.c +@@ -7,6 +7,7 @@ + #include + #include + ++#include + #include + #include + #include +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index e0c4b76..74c0afe 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -26,6 +26,7 @@ + + #include + #include ++#include + #include + #include + #include +diff --git a/src/ldap_helper.h b/src/ldap_helper.h +index 6cfece5..fc21bb3 100644 +--- a/src/ldap_helper.h ++++ b/src/ldap_helper.h +@@ -7,6 +7,7 @@ + + #include "types.h" + ++#include + #include + #include + #include +diff --git a/src/mldap.c b/src/mldap.c +index 304ba36..8b90921 100644 +--- a/src/mldap.c ++++ b/src/mldap.c +@@ -10,6 +10,7 @@ + #include + + #include ++#include + #include + #include + #include +diff --git a/src/settings.h b/src/settings.h +index 16a1e63..6585d8b 100644 +--- a/src/settings.h ++++ b/src/settings.h +@@ -6,6 +6,8 @@ + #define _LD_SETTINGS_H_ + + #include ++#include ++#include + + #include + +diff --git a/src/types.h b/src/types.h +index 01d627c..41ef476 100644 +--- a/src/types.h ++++ b/src/types.h +@@ -5,7 +5,9 @@ + #ifndef _LD_TYPES_H_ + #define _LD_TYPES_H_ + ++#include + #include ++#include + #include + #include + +diff --git a/src/zone.c b/src/zone.c +index 284136e..b9c9936 100644 +--- a/src/zone.c ++++ b/src/zone.c +@@ -2,6 +2,7 @@ + * Copyright (C) 2014-2015 bind-dyndb-ldap authors; see COPYING for license + */ + ++#include + #include + #include + +-- +2.14.5 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch b/SOURCES/bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch new file mode 100644 index 0000000..f0c23c5 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch @@ -0,0 +1,35 @@ +From ef1c4b7833de663549e9520e06e2b9f457b5fbec Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 28 Jan 2019 00:21:31 +0100 +Subject: [PATCH] Use correct dn value + +New GCC correctly reports error, NULL is always passed in case of +invalid objectclass. +--- + src/ldap_helper.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 74c0afe..0f6184d 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -4102,7 +4102,6 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) + ldap_entry_t *entry = NULL; + dns_name_t *zone_name = NULL; + dns_zone_t *zone_ptr = NULL; +- char *dn = NULL; + isc_taskaction_t action = NULL; + isc_task_t *task = NULL; + isc_boolean_t synchronous; +@@ -4155,7 +4154,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) + else if ((entry->class & LDAP_ENTRYCLASS_RR) != 0) + action = update_record; + else { +- log_error("unsupported objectClass: dn '%s'", dn); ++ log_error("unsupported objectClass: dn '%s'", entry->dn); + result = ISC_R_NOTIMPLEMENTED; + goto cleanup; + } +-- +2.20.1 + diff --git a/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch b/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch new file mode 100644 index 0000000..6be7139 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-template-attribute-defaults.patch @@ -0,0 +1,154 @@ +From 88096745d1ef1798854e0c8319b5ae015f045fe3 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Wed, 1 May 2019 09:24:24 +0300 +Subject: [PATCH] Move recognition of a templated attribute to + ldap_attribute_to_rdatatype + +When substitution of a templated entry attribute fails, we need to fall +back to a static definition of the attribute from the same entry. This +means, however, that ldap_attribute_to_rdatatype() will attempt to parse +an attribute value anyway and will be confused by the templating prefix, +thus reporting in named's logs: + +unsupported operation: object class in resource record template DN +'idnsname=$NAME,idnsname=$ZONE.,cn=dns,$BASEDN' changed: +rndc reload might be necessary + +Move recognition of a template attribute name to +ldap_attribute_to_rdatatype() so that a proper attribute class is +correctly derived and ignore templated attribute in the fallback code +if case that template expansion is failed. + +Resolves: rhbz#1705072 +--- + src/ldap_convert.c | 33 +++++++++++++++++++++++++-------- + src/ldap_convert.h | 2 ++ + src/ldap_helper.c | 21 ++++++++++++++------- + 3 files changed, 41 insertions(+), 15 deletions(-) + +diff --git a/src/ldap_convert.c b/src/ldap_convert.c +index 002a679..6e24c81 100644 +--- a/src/ldap_convert.c ++++ b/src/ldap_convert.c +@@ -372,23 +372,40 @@ ldap_attribute_to_rdatatype(const char *ldap_attribute, dns_rdatatype_t *rdtype) + { + isc_result_t result; + unsigned len; ++ const char *attribute = NULL; + isc_consttextregion_t region; + + len = strlen(ldap_attribute); + if (len <= LDAP_RDATATYPE_SUFFIX_LEN) + return ISC_R_UNEXPECTEDEND; + ++ ++ /* Before looking up rdtype, we need to see if rdtype is ++ * an LDAP subtype (type;subtype) and if so, strip one of ++ * the known prefixes. We also need to remove 'record' suffix ++ * if it exists. The resulting rdtype text name should have no ++ * 'extra' details: A, AAAA, CNAME, etc. */ ++ attribute = ldap_attribute; ++ ++ /* Does attribute name start with with TEMPLATE_PREFIX? */ ++ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, ++ ldap_attribute, ++ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) { ++ attribute = ldap_attribute + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN; ++ len -= LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN; ++ /* Does attribute name start with with UNKNOWN_PREFIX? */ ++ } else if (strncasecmp(LDAP_RDATATYPE_UNKNOWN_PREFIX, ++ ldap_attribute, ++ LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) { ++ attribute = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; ++ len -= LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; ++ } ++ + /* Does attribute name end with RECORD_SUFFIX? */ +- if (strcasecmp(ldap_attribute + len - LDAP_RDATATYPE_SUFFIX_LEN, ++ if (strcasecmp(attribute + len - LDAP_RDATATYPE_SUFFIX_LEN, + LDAP_RDATATYPE_SUFFIX) == 0) { +- region.base = ldap_attribute; ++ region.base = attribute; + region.length = len - LDAP_RDATATYPE_SUFFIX_LEN; +- /* Does attribute name start with with UNKNOWN_PREFIX? */ +- } else if (strncasecmp(ldap_attribute, +- LDAP_RDATATYPE_UNKNOWN_PREFIX, +- LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN) == 0) { +- region.base = ldap_attribute + LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; +- region.length = len - LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN; + } else + return ISC_R_UNEXPECTED; + +diff --git a/src/ldap_convert.h b/src/ldap_convert.h +index 47ac947..fcd575b 100644 +--- a/src/ldap_convert.h ++++ b/src/ldap_convert.h +@@ -17,6 +17,8 @@ + #define LDAP_RDATATYPE_SUFFIX_LEN (sizeof(LDAP_RDATATYPE_SUFFIX) - 1) + #define LDAP_RDATATYPE_UNKNOWN_PREFIX "UnknownRecord;" + #define LDAP_RDATATYPE_UNKNOWN_PREFIX_LEN (sizeof(LDAP_RDATATYPE_UNKNOWN_PREFIX) - 1) ++#define LDAP_RDATATYPE_TEMPLATE_PREFIX "idnsTemplateAttribute;" ++#define LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN (sizeof(LDAP_RDATATYPE_TEMPLATE_PREFIX) - 1) + + /* + * Convert LDAP DN 'dn', to dns_name_t 'target'. 'target' needs to be +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 8b486ae..7f70ee3 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -2396,7 +2396,7 @@ ldap_substitute_rr_template(isc_mem_t *mctx, const settings_set_t * set, + result = setting_find(setting_name, set, isc_boolean_true, + isc_boolean_true, &setting); + if (result != ISC_R_SUCCESS) { +- log_debug(3, "setting '%s' is not defined so it " ++ log_debug(5, "setting '%s' is not defined so it " + "cannot be substituted into template '%s'", + setting_name, str_buf(orig_val)); + CLEANUP_WITH(ISC_R_IGNORE); +@@ -2459,23 +2459,22 @@ ldap_parse_rrentry_template(isc_mem_t *mctx, ldap_entry_t *entry, + dns_rdatatype_t rdtype; + dns_rdatalist_t *rdlist = NULL; + isc_boolean_t did_something = ISC_FALSE; +- static const char prefix[] = "idnsTemplateAttribute;"; +- static const char prefix_len = sizeof(prefix) - 1; + + CHECK(str_new(mctx, &orig_val)); + rdclass = ldap_entry_getrdclass(entry); + ttl = ldap_entry_getttl(entry, settings); + + while ((attr = ldap_entry_nextattr(entry)) != NULL) { +- if (strncasecmp(prefix, attr->name, prefix_len) != 0) ++ if (strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, ++ attr->name, ++ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) != 0) + continue; + +- result = ldap_attribute_to_rdatatype(attr->name + prefix_len, +- &rdtype); ++ result = ldap_attribute_to_rdatatype(attr->name, &rdtype); + if (result != ISC_R_SUCCESS) { + log_bug("%s: substitution into '%s' is not supported", + ldap_entry_logname(entry), +- attr->name + prefix_len); ++ attr->name + LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN); + continue; + } + +@@ -2559,6 +2558,14 @@ ldap_parse_rrentry(isc_mem_t *mctx, ldap_entry_t *entry, dns_name_t *origin, + for (result = ldap_entry_firstrdtype(entry, &attr, &rdtype); + result == ISC_R_SUCCESS; + result = ldap_entry_nextrdtype(entry, &attr, &rdtype)) { ++ /* If we reached this point and found a template attribute, ++ * skip it because it was not translated above due to missing ++ * defaults or some other errors. */ ++ if (((entry->class & LDAP_ENTRYCLASS_TEMPLATE) != 0) && ++ strncasecmp(LDAP_RDATATYPE_TEMPLATE_PREFIX, ++ attr->name, ++ LDAP_RDATATYPE_TEMPLATE_PREFIX_LEN) == 0) ++ continue; + + CHECK(findrdatatype_or_create(mctx, rdatalist, rdclass, + rdtype, ttl, &rdlist)); +-- +2.21.0 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch new file mode 100644 index 0000000..f90297d --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch @@ -0,0 +1,39 @@ +From 41461fc444170ffd9b5459e2f0b2480f3288cc1d Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Fri, 7 Apr 2017 14:48:32 +0200 +Subject: [PATCH 1/2] settings: skip unconfigured values + +When a value is not configured in settings map, it is skipped. +If it is the last processed value, the result of ISC_R_NOTFOUND +would cause the cleanup section of the function fail. Since +unconfigured values are allowed and expected, override the result +to ISC_R_SUCCESS in this case to prevent triggerring an error. + +https://pagure.io/bind-dyndb-ldap/issue/172 + +Reviewed-By: Martin Basti +--- + src/settings.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/settings.c b/src/settings.c +index 37e6e5ccd751bd176f8dbdd4fd505b7e18ded4f4..8beb0d3cd16479c79bdc104a6a6fd28033f403e7 100644 +--- a/src/settings.c ++++ b/src/settings.c +@@ -597,8 +597,11 @@ settings_set_fill(const cfg_obj_t *config, settings_set_t *set) + setting++) { + cfg_value = NULL; + result = cfg_map_get(config, setting->name, &cfg_value); +- if (result == ISC_R_NOTFOUND) +- continue; /* setting not configured in map */ ++ if (result == ISC_R_NOTFOUND) { ++ /* setting not configured in map */ ++ result = ISC_R_SUCCESS; ++ continue; ++ } + else if (result != ISC_R_SUCCESS) + goto cleanup; + if (cfg_obj_isstring(cfg_value)) { +-- +2.9.3 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch new file mode 100644 index 0000000..16973cb --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch @@ -0,0 +1,129 @@ +From 13b185182aeb48562cf63251b84bcf910b57a0fc Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Mon, 27 Mar 2017 19:41:05 +0200 +Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With the DynDB API changes, the ldap instance is acquired +differently. Previously, obtaining the instance could fail when +LDAP was disconnecting, thus the NULL check was necessary in the +cleanup part. + +Now, inst is obtained directly from the API. I'm not sure what is +the exact behaviour in edge cases such as LDAP disconnecting, so +I perform the NULL check a bit earlier, just to be safe. + +Reviewed-By: Petr Menšík +--- + src/ldap_helper.c | 43 ++++++++++++++++++++++--------------------- + 1 file changed, 22 insertions(+), 21 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..9e0174a785d41e2a809130b348345870ca880978 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event) + mctx = pevent->mctx; + dns_name_init(&prevname, NULL); + ++ REQUIRE(inst != NULL); + INSIST(task == inst->task); /* For task-exclusive mode */ + + if (SYNCREPL_DEL(pevent->chgtype)) { +@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event) + } + + cleanup: +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- sync_event_signal(inst->sctx, pevent); +- if (dns_name_dynamic(&prevname)) +- dns_name_free(&prevname, inst->mctx); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ sync_event_signal(inst->sctx, pevent); ++ if (dns_name_dynamic(&prevname)) ++ dns_name_free(&prevname, inst->mctx); ++ + if (result != ISC_R_SUCCESS) + log_error_r("update_zone (syncrepl) failed for %s. " + "Zones can be outdated, run `rndc reload`", +@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event) + + mctx = pevent->mctx; + ++ REQUIRE(inst != NULL); + INSIST(task == inst->task); /* For task-exclusive mode */ + CHECK(ldap_parse_configentry(entry, inst)); + + cleanup: +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- sync_event_signal(inst->sctx, pevent); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ sync_event_signal(inst->sctx, pevent); ++ + if (result != ISC_R_SUCCESS) + log_error_r("update_config (syncrepl) failed for %s. " + "Configuration can be outdated, run `rndc reload`", +@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event) + + mctx = pevent->mctx; + ++ REQUIRE(inst != NULL); + INSIST(task == inst->task); /* For task-exclusive mode */ + CHECK(ldap_parse_serverconfigentry(entry, inst)); + + cleanup: +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- sync_event_signal(inst->sctx, pevent); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ sync_event_signal(inst->sctx, pevent); ++ + if (result != ISC_R_SUCCESS) + log_error_r("update_serverconfig (syncrepl) failed for %s. " + "Configuration can be outdated, run `rndc reload`", +@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event) + dns_name_init(&prevname, NULL); + dns_name_init(&prevorigin, NULL); + ++ REQUIRE(inst != NULL); + CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure)); + zone_found = ISC_TRUE; + +@@ -4020,13 +4021,12 @@ cleanup: + ldap_entry_logname(entry), pevent->chgtype); + } + +- if (inst != NULL) { +- sync_concurr_limit_signal(inst->sctx); +- if (dns_name_dynamic(&prevname)) +- dns_name_free(&prevname, inst->mctx); +- if (dns_name_dynamic(&prevorigin)) +- dns_name_free(&prevorigin, inst->mctx); +- } ++ sync_concurr_limit_signal(inst->sctx); ++ if (dns_name_dynamic(&prevname)) ++ dns_name_free(&prevname, inst->mctx); ++ if (dns_name_dynamic(&prevorigin)) ++ dns_name_free(&prevorigin, inst->mctx); ++ + if (raw != NULL) + dns_zone_detach(&raw); + if (secure != NULL) +@@ -4106,6 +4106,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) + isc_task_t *task = NULL; + isc_boolean_t synchronous; + ++ REQUIRE(inst != NULL); + REQUIRE(entryp != NULL); + entry = *entryp; + REQUIRE(entry->class != LDAP_ENTRYCLASS_NONE); +-- +2.9.3 + diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec new file mode 100644 index 0000000..10ab556 --- /dev/null +++ b/SPECS/bind-dyndb-ldap.spec @@ -0,0 +1,374 @@ +%define VERSION %{version} + +%define bind_version 32:9.11.1-1.P1 + +Name: bind-dyndb-ldap +Version: 11.1 +Release: 7%{?dist} +Summary: LDAP back-end plug-in for BIND + +Group: System Environment/Libraries +License: GPLv2+ +URL: https://releases.pagure.org/bind-dyndb-ldap +Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 +Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc +Patch1: bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch +Patch2: bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch +Patch3: bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch +Patch4: bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch +Patch5: bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch +Patch6: bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch +Patch7: bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch +Patch8: bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch +Patch9: bind-dyndb-ldap-template-attribute-defaults.patch + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} +BuildRequires: krb5-devel +BuildRequires: openldap-devel +BuildRequires: openssl-devel +BuildRequires: libuuid-devel +BuildRequires: automake, autoconf, libtool + +Requires: bind-pkcs11 >= %{bind_version}, bind-pkcs11-utils >= %{bind_version} +Requires(post): sed + +%description +This package provides an LDAP back-end plug-in for BIND. It features +support for dynamic updates and internal caching, to lift the load +off of your LDAP server. + + +%prep +%autosetup -p1 + +%build +autoreconf -fiv +%configure --disable-werror +make %{?_smp_mflags} + + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} +mkdir -m 770 -p %{buildroot}/%{_localstatedir}/named/dyndb-ldap + +# Remove unwanted files +rm %{buildroot}%{_libdir}/bind/ldap.la +rm -r %{buildroot}%{_datadir}/doc/%{name} + + +%post +# Transform named.conf if it still has old-style API. +PLATFORM=$(uname -m) + +if [ $PLATFORM == "x86_64" ] ; then + LIBPATH=/usr/lib64 +else + LIBPATH=/usr/lib +fi + +# The following sed script: +# - scopes the named.conf changes to dynamic-db +# - replaces arg "name value" syntax with name "value" +# - changes dynamic-db header to dyndb +# - uses the new way the define path to the library +# - removes no longer supported arguments (library, cache_ttl, +# psearch, serial_autoincrement, zone_refresh) +while read -r PATTERN +do + SEDSCRIPT+="$PATTERN" +done < - 11.1-7 +- Fix attribute templating in case of a missing default value +- Resolves: rhbz#1748904 + +* Tue Feb 12 2019 Petr Menšík - 11.1-6 +- Bump BIND version and fix library dependecies +- Rebuild for bind 9.11.3. Minor tweaks to compile. +- Support for bind 9.11.5 headers + +* Mon May 28 2018 Petr Menšík - 11.1-5 +- Resolves: #1580389 depend on bind with writeable home + +* Wed Jul 12 2017 Tomas Krizek - 11.1-4 +- Resolves: #1469563 required bind version doesn't have the dyndb interface + +* Wed Apr 26 2017 Tomas Krizek - 11.1-3 +- resolves: #1436268 crash when server_id is not present in named.conf +- coverity fixes + +* Wed Mar 15 2017 Tomas Krizek - 11.1-2 +- bump NVR to fix bind dependencies + +* Wed Mar 15 2017 Tomas Krizek - 11.1-1 +- update to letest upstream version +- resolves: #1393889 Rebase to bind-dyndb-ldap 11+ +- resolves: #1165796 bind-dyndb-ldap crashes if server is shutting down and connection to LDAP is down +- resolves: #1413805 bind-dyndb-ldap default schema is shipped with syntax error + +* Wed Sep 21 2016 Petr Spacek - 10.0-5 +- resolves: #1376851 Unable to set named_write_master_zones boolean on upgrade + +* Tue Aug 16 2016 Petr Spacek - 10.0-4 +- resolves: #1366565 Deletion of DNS root zone breaks global forwarding + +* Thu Jul 28 2016 Petr Spacek - 10.0-3 +- rebuild against redhat-rpm-config-9.1.0-71.el7 to fix /usr/share/doc naming +- related: #1057327 + +* Wed Jul 27 2016 Petr Spacek - 10.0-2 +- resolves: #1359220 prevent crash while reloading previously invalid + but now valid DNS zone + +* Tue Jun 21 2016 Petr Spacek - 10.0-1 +- update to latest upstream version +- resolves: #1292145 Rebase bind-dyndb-ldap to latest upstream version + +* Thu May 12 2016 Petr Spacek - 9.0-1 +- update to latest upstream version +- related: #1292145 Rebase bind-dyndb-ldap to latest upstream version + +* Tue Jun 23 2015 Petr Spacek - 8.0-1 +- update to latest upstream version +- resolves: #1204110 Rebase bind-dyndb-ldap to latest upstream version + +* Mon Jun 08 2015 Petr Spacek - 7.99-1 +- preliminary update to latests snapshot of upstream Git: 158e95e (#1204110) +- resolves: #829395 DNSSEC support +- resolves: #1139776 LDAP MODRDN (rename) is not supported +- resolves: #1139778 Records deleted when connection to LDAP is down are not refreshed properly +- resolves: #1184065 PTR record synchronization for A/AAAA record tuple can fail mysteriously +- resolves: #1207539 Add support for TLSA resource records (DANE) +- resolves: #1207540 Plugin will crash if idnsForwardZone object is in the wrong place +- resolves: #1207541 Generic support for unknown DNS RR types (RFC 3597) + +* Tue Dec 02 2014 Petr Spacek - 6.0-2 +- fix bug 1161635: send DNS NOTIFY message after any modification to the zone +- fix bug 1168131: crash caused by interaction between forward and master zones + +* Tue Sep 23 2014 Petr Spacek - 6.0-1 +- update to 6.0 +- resolves bugs 1138317, 1144599, 1142176 + +* Fri Sep 12 2014 Petr Spacek - 5.3-1 +- update to 5.3 +- fixes several random crashes + +* Mon Sep 08 2014 Petr Spacek - 5.2-1 +- update to 5.2 +- adds DNSSEC support and supports root zone in LDAP +- idnsZoneActive attribute is not supported anymore + +* Fri Jan 24 2014 Daniel Mach - 3.5-4 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 3.5-3 +- Mass rebuild 2013-12-27 + +* Tue Sep 24 2013 Tomas Hozza 3.5-2 +- rebuild against new bind (Related: #1010200) (#1011118) + +* Thu Jul 18 2013 Petr Spacek 3.5-1 +- update to 3.5 + +* Tue Jun 25 2013 Petr Spacek 3.4-1 +- update to 3.4 + +* Tue Jun 04 2013 Petr Spacek 3.3-1 +- update to 3.3 +- patch bind-dyndb-ldap-tbabej-0001-Build-fixes-for-Fedora-19.patch merged + +* Tue May 14 2013 Petr Spacek 3.2-1 +- update to 3.2 + +* Tue Apr 16 2013 Adam Tkac 3.1-2 +- rebuild against new bind +- build with --disable-werror + +* Fri Apr 12 2013 Petr Spacek 3.1-1 +- update to 3.1 + +* Tue Apr 02 2013 Petr Spacek 3.0-1 +- update to 3.0 + +* Tue Mar 26 2013 Petr Spacek 2.6-1 +- update to 2.6 + +* Mon Feb 04 2013 Petr Spacek 2.5-1 +- update to 2.5 + +* Tue Jan 15 2013 Petr Spacek 2.4-1 +- update to 2.4 + +* Thu Nov 8 2012 Petr Spacek 2.3-2 +- rebuild with proper changelog + +* Thu Nov 8 2012 Petr Spacek 2.3-1 +- update to 2.3 + +* Mon Oct 29 2012 Adam Tkac 2.1-1 +- update to 2.1 + +* Thu Oct 11 2012 Adam Tkac 2.0-0.3.20121009git6a86b1 +- rebuild against new bind-libs + +* Tue Oct 9 2012 Petr Spacek 2.0-0.2.20121009git6a86b1 +- update to the latest master + +* Fri Sep 21 2012 Adam Tkac 2.0-0.1.20120921git7710d89 +- update to the latest master +- bind-dyndb-ldap110-master.patch was merged + +* Thu Aug 16 2012 Adam Tkac 1.1.0-0.16.rc1 +- update to the latest git + +* Thu Aug 02 2012 Adam Tkac 1.1.0-0.15.rc1 +- update to the latest git + - fix for CVE-2012-3429 has been merged + +* Thu Aug 02 2012 Adam Tkac 1.1.0-0.14.rc1 +- fix CVE-2012-3429 + +* Wed Jul 18 2012 Fedora Release Engineering - 1.1.0-0.13.rc1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 07 2012 Adam Tkac - 1.1.0-0.12.rc1 +- update to the latest master (#827401) + +* Thu Apr 26 2012 Adam Tkac - 1.1.0-0.11.rc1 +- update to 1.1.0rc1 (CVE-2012-2134) + +* Tue Mar 27 2012 Adam Tkac - 1.1.0-0.10.b2 +- update to 1.1.0b2 + +* Tue Mar 06 2012 Adam Tkac - 1.1.0-0.9.b1 +- update to 1.1.0b1 + +* Mon Feb 13 2012 Adam Tkac - 1.1.0-0.8.a2 +- update to 1.1.0a2 + +* Thu Feb 02 2012 Adam Tkac - 1.1.0-0.7.a1 +- rebuild against new bind + +* Wed Jan 18 2012 Adam Tkac - 1.1.0-0.6.a1 +- update to 1.1.0a1 + +* Thu Jan 12 2012 Fedora Release Engineering - 1.0.0-0.5.rc1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 14 2011 Adam Tkac - 1.0.0-0.4.rc1 +- update to 1.0.0rc1 + +* Mon Nov 14 2011 Adam Tkac - 1.0.0-0.3.b1 +- rebuild against new bind + +* Fri Sep 09 2011 Adam Tkac - 1.0.0-0.2.b1 +- rebuild against new bind + +* Wed Aug 31 2011 Adam Tkac - 1.0.0-0.1.b1 +- update to 1.0.0b1 (psearch + bugfixes) +- bind-dyndb-ldap-rh727856.patch merged + +* Wed Aug 03 2011 Adam Tkac - 0.2.0-4 +- fix race condition in semaphore_wait (#727856) + +* Mon Feb 21 2011 Adam Tkac - 0.2.0-3 +- rebuild against new bind + +* Mon Feb 07 2011 Fedora Release Engineering - 0.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Adam Tkac - 0.2.0-1 +- update to 0.2.0 +- patches merged + - 0001-Bugfix-Improve-LDAP-schema-to-be-loadable-by-OpenLDA.patch + - 0004-Bugfix-Fix-loading-of-child-zones-from-LDAP.patch + +* Wed Dec 15 2010 Adam Tkac - 0.1.0-0.17.b +- fix LDAP schema (#622604) +- load child zones from LDAP correctly (#622617) + +* Fri Oct 22 2010 Adam Tkac - 0.1.0-0.16.b +- build with correct RPM_OPT_FLAGS (#645529) + +* Wed Oct 20 2010 Adam Tkac - 0.1.0-0.15.b +- use "isc-config.sh" utility to get correct BIND9 CFLAGS + +* Thu Sep 30 2010 Adam Tkac - 0.1.0-0.14.b +- rebuild against new bind + +* Fri Aug 27 2010 Adam Tkac - 0.1.0-0.13.b +- rebuild against new bind + +* Tue Aug 17 2010 Adam Tkac - 0.1.0-0.12.b +- rebuild against new bind + +* Tue Aug 03 2010 Adam Tkac - 0.1.0-0.11.b +- rebuild against new bind + +* Mon May 31 2010 Adam Tkac - 0.1.0-0.10.b +- rebuild against new bind + +* Wed Mar 24 2010 Martin Nagy - 0.1.0-0.9.b +- update to the latest upstream release + +* Thu Jan 28 2010 Adam Tkac - 0.1.0-0.8.a1.20091210git +- rebuild against new bind + +* Tue Dec 15 2009 Adam Tkac - 0.1.0-0.7.a1.20091210git +- rebuild against new bind + +* Thu Dec 10 2009 Martin Nagy - 0.1.0-0.6.a1.20091210git +- update to the latest git snapshot +- change upstream URL, project moved to fedorahosted +- change license to GPL version 2 or later +- add epoch to versioned requires +- add krb5-devel to the list of build requires + +* Tue Dec 01 2009 Adam Tkac - 0.1.0-0.5.a1 +- rebuild against new bind + +* Thu Nov 26 2009 Adam Tkac - 0.1.0-0.4.a1 +- rebuild against new bind + +* Fri Jul 24 2009 Fedora Release Engineering - 0.1.0-0.3.a1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jun 19 2009 Caolán McNamara - 0.1.0-0.2.a1 +- rebuild for dependencies + +* Sun May 03 2009 Martin Nagy - 0.1.0-0.1.a1 +- initial packaging