diff --git a/.bind-dyndb-ldap.metadata b/.bind-dyndb-ldap.metadata index c1b29ab..8e1cfd5 100644 --- a/.bind-dyndb-ldap.metadata +++ b/.bind-dyndb-ldap.metadata @@ -1 +1 @@ -437b6cc45e4d4cced35e4ef7822bf337e61f41d0 SOURCES/bind-dyndb-ldap-8.0.tar.bz2 +c9c72fbc4a1b21f6571725d7bb83b4f661e70589 SOURCES/bind-dyndb-ldap-10.0.tar.bz2 diff --git a/.gitignore b/.gitignore index 7845e4f..ff654dd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/bind-dyndb-ldap-8.0.tar.bz2 +SOURCES/bind-dyndb-ldap-10.0.tar.bz2 diff --git a/SOURCES/bind-dyndb-ldap-10.0.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-10.0.tar.bz2.asc new file mode 100644 index 0000000..167c2f2 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-10.0.tar.bz2.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCgAGBQJXaRjuAAoJEBBYfogcsrtxlwcP/1EopBHTVqhrr0p4J+WisBKQ +VvkgmDA6umY5DCOJyj1B2jlRg+ndcwGKh8zjDS+6YJJ5uBRQsFFPo6Tihtcn7GF0 +DtQTFo9XgAmbPBdlFeT8iQn72n9LhemVzV9OeMaJp9Q+B/fqL9dhx9db5jEP8Mx8 +Hz3ZyOrzfU11ms6PnrHwVQwhSkF7UAVKEOK9BxhfUZfrfA5uub/ZN6aO1WuyZd/M +EBYU+6UgWUoTVexRu1QvaZ8dCd8es8Tn/Woj5rMfWBRVOYdyK214MuR8xnOGW9gK +KytPqmHghUSI6qNWftMx32sAQI62IQjTqgnxUW1o6c5Y20rV3dd/R4rmh/lRR96y +dNIZwqU7bcpgTuk8xW+MoOw/TlGQ9Vf+7rn3URjP07n+9aXwzJrXHMintbPEWzn+ +SXwYj5H+Aw09DBcj94/cXjO9e6IiMWN3hqxfvb/qF37/sYYuQN1pzwBEJyVwfsCI +iZNZRicUMHLuxYUmJEx2N5A47DdvHGXOoP1TMiCy/N24x37U8GvqhlN+j7QyLXt0 +BvcDPqt07yRS6EubQzXQLO60x7DyiXzEHDF5yxEYwmvtOnYqKvdToqbhWfyGPwcB +hZaeblSDKnyTGghQXysLlFtNexfWHVjc6pohEH1vC561mvQbHEFQHJwQR4uGY2BA +OMnie3GerMo+NFwQYUm3 +=efct +-----END PGP SIGNATURE----- diff --git a/SOURCES/bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch b/SOURCES/bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch new file mode 100644 index 0000000..17759be --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch @@ -0,0 +1,34 @@ +From 9ae1320d0c71d95e0f9785afa922c5b3240ea66d Mon Sep 17 00:00:00 2001 +From: Petr Spacek +Date: Fri, 22 Jul 2016 16:44:17 +0200 +Subject: [PATCH] Prevent crash while reloading previously invalid but now + valid DNS zone. + +The crash happened under these circumstances: +- a DNS zone (test.) has NS record relative to this zone (ns.test.) +- the name pointed to by NS record did not have any A/AAAA records +- restart BIND to enforce zone load +- zone loading failed because of invalid NS record +- missing A/AAAA record for name ns.test. was added +-> CRASH! + +https://fedorahosted.org/bind-dyndb-ldap/ticket/166 +--- + src/ldap_helper.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 681661b8910c8213030f38aa9ba38eee748d3109..12a743b095ba400373cb87653d26af82cc95c2ea 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -3824,6 +3824,7 @@ update_record(isc_task_t *task, isc_event_t *event) + update_restart: + rbtdb = NULL; + ldapdb = NULL; ++ zone_settings = NULL; + ldapdb_rdatalist_destroy(mctx, &rdatalist); + CHECK(zr_get_zone_dbs(inst->zone_register, &entry->zone_name, &ldapdb, &rbtdb)); + CHECK(dns_db_newversion(ldapdb, &version)); +-- +2.7.4 + diff --git a/SOURCES/bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch b/SOURCES/bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch new file mode 100644 index 0000000..8abaeac --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch @@ -0,0 +1,122 @@ +From 3b44a3d73a0d1980b43e9022d9249c4c19ba56d2 Mon Sep 17 00:00:00 2001 +From: Petr Spacek +Date: Thu, 11 Aug 2016 12:40:39 +0200 +Subject: [PATCH] Remove preserve_forwarding parameter from + ldap_delete_zone2(). + +The parameter was TRUE only when called from zone_security_change(). +zone_security_change() is calling ldap_delete_zone2() in exclusive mode +anyway so there is no need to optimize this. + +Removal of the parameter will make easier to centralize forwarding +configuration on one place. + +https://fedorahosted.org/bind-dyndb-ldap/ticket/167 +--- + src/ldap_helper.c | 26 ++++++++++---------------- + src/ldap_helper.h | 3 +-- + src/zone_register.c | 2 +- + 3 files changed, 12 insertions(+), 19 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 12a743b095ba400373cb87653d26af82cc95c2ea..696a755fb8001993ff1a16fa034a9286cbb5ad89 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -1285,8 +1285,7 @@ configure_zone_ssutable(dns_zone_t *zone, const char *update_str) + + /* Delete zone by dns zone name */ + isc_result_t +-ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock, +- isc_boolean_t preserve_forwarding) ++ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock) + { + isc_result_t result; + isc_result_t isforward = ISC_R_NOTFOUND; +@@ -1302,13 +1301,11 @@ ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock, + if (lock) + run_exclusive_enter(inst, &lock_state); + +- if (!preserve_forwarding) { +- CHECK(fwd_delete_table(inst->view, name, "zone", +- zone_name_char)); +- isforward = fwdr_zone_ispresent(inst->fwd_register, name); +- if (isforward == ISC_R_SUCCESS) +- CHECK(fwdr_del_zone(inst->fwd_register, name)); +- } ++ CHECK(fwd_delete_table(inst->view, name, "zone", ++ zone_name_char)); ++ isforward = fwdr_zone_ispresent(inst->fwd_register, name); ++ if (isforward == ISC_R_SUCCESS) ++ CHECK(fwdr_del_zone(inst->fwd_register, name)); + + result = zr_get_zone_ptr(inst->zone_register, name, &raw, &secure); + if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) { +@@ -1487,8 +1484,7 @@ ldap_parse_fwd_zoneentry(ldap_entry_t *entry, ldap_instance_t *inst) + if (HEAD(values) != NULL && + strcasecmp(HEAD(values)->value, "TRUE") != 0) { + /* Zone is not active */ +- result = ldap_delete_zone2(inst, &entry->fqdn, +- ISC_TRUE, ISC_FALSE); ++ result = ldap_delete_zone2(inst, &entry->fqdn, ISC_TRUE); + goto cleanup; + } + +@@ -1990,7 +1986,7 @@ zone_security_change(ldap_entry_t * const entry, dns_name_t * const name, + * in period where old zone was deleted but the new zone was not + * created yet. */ + run_exclusive_enter(inst, &lock_state); +- CHECK(ldap_delete_zone2(inst, name, ISC_FALSE, ISC_TRUE)); ++ CHECK(ldap_delete_zone2(inst, name, ISC_FALSE)); + CHECK(ldap_parse_master_zoneentry(entry, olddb, inst, task)); + + cleanup: +@@ -2173,8 +2169,7 @@ cleanup: + log_error_r("%s: publishing failed, rolling back due to", + ldap_entry_logname(entry)); + /* TODO: verify this */ +- result = ldap_delete_zone2(inst, &entry->fqdn, +- ISC_TRUE, ISC_FALSE); ++ result = ldap_delete_zone2(inst, &entry->fqdn, ISC_TRUE); + if (result != ISC_R_SUCCESS) + log_error_r("%s: rollback failed: ", + ldap_entry_logname(entry)); +@@ -3671,8 +3666,7 @@ update_zone(isc_task_t *task, isc_event_t *event) + INSIST(task == inst->task); /* For task-exclusive mode */ + + if (SYNCREPL_DEL(pevent->chgtype)) { +- CHECK(ldap_delete_zone2(inst, &entry->fqdn, +- ISC_TRUE, ISC_FALSE)); ++ CHECK(ldap_delete_zone2(inst, &entry->fqdn, ISC_TRUE)); + } else { + if (entry->class & LDAP_ENTRYCLASS_MASTER) + CHECK(ldap_parse_master_zoneentry(entry, NULL, inst, +diff --git a/src/ldap_helper.h b/src/ldap_helper.h +index 0368ec7343ef7b16e7afb25b17f3067bf7c09f76..a491baeb41105b9a352dbad6949c3fab008ab69b 100644 +--- a/src/ldap_helper.h ++++ b/src/ldap_helper.h +@@ -46,8 +46,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, + void destroy_ldap_instance(ldap_instance_t **ldap_inst) ATTR_NONNULLS; + + isc_result_t +-ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, +- isc_boolean_t lock, isc_boolean_t preserve_forwarding) ++ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock) + ATTR_NONNULLS; + + /* Functions for writing to LDAP. */ +diff --git a/src/zone_register.c b/src/zone_register.c +index 3f8c070b3adfb0ecc5092eb1e84f3956ba3b4fb8..bde4a7c308a6a62ebe6b9123b3212a404603310a 100644 +--- a/src/zone_register.c ++++ b/src/zone_register.c +@@ -163,7 +163,7 @@ zr_destroy(zone_register_t **zrp) + if (result == ISC_R_SUCCESS) { + rbt_iter_stop(&iter); + result = ldap_delete_zone2(zr->ldap_inst, +- &name, ISC_FALSE, ISC_FALSE); ++ &name, ISC_FALSE); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + } + } while (result == ISC_R_SUCCESS); +-- +2.7.4 + diff --git a/SOURCES/bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch b/SOURCES/bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch new file mode 100644 index 0000000..f129a27 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch @@ -0,0 +1,60 @@ +From c28f568bb546bb87adb1d250a479ff966de81a40 Mon Sep 17 00:00:00 2001 +From: Petr Spacek +Date: Fri, 12 Aug 2016 12:18:33 +0200 +Subject: [PATCH] Fix zone removal to respect forward configuration + inheritance. + +Ad-hoc fwd_delete_table() calls did not respect inheritance hierarchy +in forwarding configuration. Now all manipulation with forward table +is done in fwd_configure_zone() and fully respects configuration inheritance. + +There is a trick: When removing or deactivating a zone, fwd_configure_zone() +is called with empty configuration set to simulate that the zone does +not have any explicit configuration. This triggers the inheritance +logic when necessary (i.e. for the root zone). + +https://fedorahosted.org/bind-dyndb-ldap/ticket/167 +--- + src/ldap_helper.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 696a755fb8001993ff1a16fa034a9286cbb5ad89..ad6e41764740d18e9015b01d83e2634e0bcb9213 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -1301,19 +1301,18 @@ ldap_delete_zone2(ldap_instance_t *inst, dns_name_t *name, isc_boolean_t lock) + if (lock) + run_exclusive_enter(inst, &lock_state); + +- CHECK(fwd_delete_table(inst->view, name, "zone", +- zone_name_char)); ++ /* simulate no explicit forwarding configuration */ ++ CHECK(fwd_configure_zone(&inst->empty_fwdz_settings, inst, name)); + isforward = fwdr_zone_ispresent(inst->fwd_register, name); + if (isforward == ISC_R_SUCCESS) + CHECK(fwdr_del_zone(inst->fwd_register, name)); + + result = zr_get_zone_ptr(inst->zone_register, name, &raw, &secure); + if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH) { + if (isforward == ISC_R_SUCCESS) + log_info("forward zone '%s': shutting down", zone_name_char); + log_debug(1, "zone '%s' not found in zone register", zone_name_char); +- result = dns_view_flushcache(inst->view); +- goto cleanup; ++ CLEANUP_WITH(ISC_R_SUCCESS); + } else if (result != ISC_R_SUCCESS) + goto cleanup; + +@@ -1373,7 +1372,8 @@ unpublish_zone(ldap_instance_t *inst, dns_name_t *name, const char *logname) { + } + CHECK(dns_view_findzone(inst->view, name, &zone_in_view)); + INSIST(zone_in_view == raw || zone_in_view == secure); +- CHECK(fwd_delete_table(inst->view, name, "zone", logname)); ++ /* simulate no explicit forwarding configuration */ ++ CHECK(fwd_configure_zone(&inst->empty_fwdz_settings, inst, name)); + CHECK(dns_zt_unmount(inst->view->zonetable, zone_in_view)); + + cleanup: +-- +2.7.4 + diff --git a/SOURCES/gcc-node_generation-uninit-warn.patch b/SOURCES/gcc-node_generation-uninit-warn.patch deleted file mode 100644 index 548e3d8..0000000 --- a/SOURCES/gcc-node_generation-uninit-warn.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/mldap.c b/src/mldap.c -index 0c8327c..3261161 100644 ---- a/src/mldap.c -+++ b/src/mldap.c -@@ -467,7 +467,7 @@ mldap_iter_deadnodes_next(mldapdb_t *mldap, metadb_iter_t **iterp, - isc_result_t result; - dns_dbnode_t *rbt_node = NULL; - metadb_iter_t *iter = NULL; -- isc_uint32_t node_generation; -+ isc_uint32_t node_generation = 0; /* GCC */ - isc_uint32_t cur_generation; - metadb_node_t metadb_node; - DECLARE_BUFFERED_NAME(name); diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec index c898c79..62d8f4f 100644 --- a/SPECS/bind-dyndb-ldap.spec +++ b/SPECS/bind-dyndb-ldap.spec @@ -1,15 +1,18 @@ %define VERSION %{version} Name: bind-dyndb-ldap -Version: 8.0 -Release: 1%{?dist} +Version: 10.0 +Release: 5%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries License: GPLv2+ URL: https://fedorahosted.org/bind-dyndb-ldap Source0: https://fedorahosted.org/released/%{name}/%{name}-%{VERSION}.tar.bz2 -Patch0: gcc-node_generation-uninit-warn.patch +Source1: https://fedorahosted.org/released/%{name}/%{name}-%{VERSION}.tar.bz2.asc +Patch0: bind-dyndb-ldap-pspacek-0432-2-Prevent-crash-while-reloading-previously-invalid-but.patch +Patch1: bind-dyndb-ldap-pspacek-0433-Remove-preserve_forwarding-parameter-from-ldap_delet.patch +Patch2: bind-dyndb-ldap-pspacek-0434-Fix-zone-removal-to-respect-forward-configuration-in.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -20,6 +23,8 @@ BuildRequires: libuuid-devel BuildRequires: automake, autoconf, libtool Requires: bind >= 32:9.9.0-1 +# https://bugzilla.redhat.com/show_bug.cgi?id=1376851 +Requires(post,postun): selinux-policy %description This package provides an LDAP back-end plug-in for BIND. It features @@ -29,12 +34,13 @@ off of your LDAP server. %prep %setup -q -n %{name}-%{VERSION} -%patch0 -p1 -b .gcc-node_generation-uninit-warn +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build -export CFLAGS="`isc-config.sh --cflags dns` $RPM_OPT_FLAGS" autoreconf -fiv -%configure +%configure --disable-werror make %{?_smp_mflags} @@ -79,6 +85,28 @@ rm -rf %{buildroot} %changelog +* Wed Sep 21 2016 Petr Spacek - 10.0-5 +- resolves: #1376851 Unable to set named_write_master_zones boolean on upgrade + +* Tue Aug 16 2016 Petr Spacek - 10.0-4 +- resolves: #1366565 Deletion of DNS root zone breaks global forwarding + +* Thu Jul 28 2016 Petr Spacek - 10.0-3 +- rebuild against redhat-rpm-config-9.1.0-71.el7 to fix /usr/share/doc naming +- related: #1057327 + +* Wed Jul 27 2016 Petr Spacek - 10.0-2 +- resolves: #1359220 prevent crash while reloading previously invalid + but now valid DNS zone + +* Tue Jun 21 2016 Petr Spacek - 10.0-1 +- update to latest upstream version +- resolves: #1292145 Rebase bind-dyndb-ldap to latest upstream version + +* Thu May 12 2016 Petr Spacek - 9.0-1 +- update to latest upstream version +- related: #1292145 Rebase bind-dyndb-ldap to latest upstream version + * Tue Jun 23 2015 Petr Spacek - 8.0-1 - update to latest upstream version - resolves: #1204110 Rebase bind-dyndb-ldap to latest upstream version