diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch b/SOURCES/bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch new file mode 100644 index 0000000..63f08b9 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch @@ -0,0 +1,30 @@ +From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001 +From: Tomas Krizek +Date: Tue, 27 Jun 2017 10:41:03 +0200 +Subject: [PATCH] Add empty callback for getsize + +BIND introduced getsize method in db.h. This is related to +CVE-2016-6170 and allows to set restriction of zone size limit. + +Signed-off-by: Tomas Krizek +--- + src/ldap_driver.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/ldap_driver.c b/src/ldap_driver.c +index 53ce1a9..38673b0 100644 +--- a/src/ldap_driver.c ++++ b/src/ldap_driver.c +@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = { + findext, + setcachestats, + hashsize, +- nodefullname ++ nodefullname, ++ NULL, // getsize method not implemented (related BZ1353563) + }; + + isc_result_t ATTR_NONNULLS +-- +2.9.4 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch b/SOURCES/bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch new file mode 100644 index 0000000..092e3c2 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch @@ -0,0 +1,137 @@ +From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Thu, 1 Mar 2018 19:41:10 +0100 +Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in + each file that uses REQUIRE(). Support stdatomic feature, do not use function + call in STATIC_ASSERT(). + +--- + src/bindcfg.c | 1 + + src/fwd_register.c | 1 + + src/ldap_entry.h | 11 +++++------ + src/mldap.c | 4 ++-- + src/rbt_helper.c | 1 + + src/types.h | 2 +- + 6 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/bindcfg.c b/src/bindcfg.c +index 9b429ba..5539dea 100644 +--- a/src/bindcfg.c ++++ b/src/bindcfg.c +@@ -6,6 +6,7 @@ + + #include "config.h" + ++#include + #include + #include + +diff --git a/src/fwd_register.c b/src/fwd_register.c +index 355d15f..7cc0c5a 100644 +--- a/src/fwd_register.c ++++ b/src/fwd_register.c +@@ -3,6 +3,7 @@ + */ + + #include ++#include + #include + + #include "rbt_helper.h" +diff --git a/src/ldap_entry.h b/src/ldap_entry.h +index 6498c79..88b1c42 100644 +--- a/src/ldap_entry.h ++++ b/src/ldap_entry.h +@@ -6,7 +6,6 @@ + #define _LD_LDAP_ENTRY_H_ + + #include +-#include + #include + + #include "fwd_register.h" +@@ -19,15 +18,15 @@ + + /* Represents values associated with LDAP attribute */ + typedef struct ldap_value ldap_value_t; +-typedef LIST(ldap_value_t) ldap_valuelist_t; ++typedef ISC_LIST(ldap_value_t) ldap_valuelist_t; + struct ldap_value { + char *value; +- LINK(ldap_value_t) link; ++ ISC_LINK(ldap_value_t) link; + }; + + /* Represents LDAP attribute and it's values */ + typedef struct ldap_attribute ldap_attribute_t; +-typedef LIST(ldap_attribute_t) ldap_attributelist_t; ++typedef ISC_LIST(ldap_attribute_t) ldap_attributelist_t; + + /* Represents LDAP entry and it's attributes */ + typedef unsigned char ldap_entryclass_t; +@@ -41,7 +40,7 @@ struct ldap_entry { + + ldap_attribute_t *lastattr; + ldap_attributelist_t attrs; +- LINK(ldap_entry_t) link; ++ ISC_LINK(ldap_entry_t) link; + + /* Parsing. */ + isc_lex_t *lex; +@@ -59,7 +58,7 @@ struct ldap_attribute { + char **ldap_values; + ldap_value_t *lastval; + ldap_valuelist_t values; +- LINK(ldap_attribute_t) link; ++ ISC_LINK(ldap_attribute_t) link; + }; + + #define LDAP_ENTRYCLASS_NONE 0x0 +diff --git a/src/mldap.c b/src/mldap.c +index 143abce..304ba36 100644 +--- a/src/mldap.c ++++ b/src/mldap.c +@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) { + * reference counter value. + */ + STATIC_ASSERT((isc_uint32_t) +- (typeof(isc_refcount_current((isc_refcount_t *)0))) ++ (typeof(((isc_refcount_t *)0)->refs)) + -1 + == 0xFFFFFFFF, \ + "negative isc_refcount_t cannot be properly shortened to 32 bits"); + + STATIC_ASSERT((isc_uint32_t) +- (typeof(isc_refcount_current((isc_refcount_t *)0))) ++ (typeof(((isc_refcount_t *)0)->refs)) + 0x90ABCDEF12345678 + == 0x12345678, \ + "positive isc_refcount_t cannot be properly shortened to 32 bits"); +diff --git a/src/rbt_helper.c b/src/rbt_helper.c +index 2a7e6cb..f610b07 100644 +--- a/src/rbt_helper.c ++++ b/src/rbt_helper.c +@@ -2,6 +2,7 @@ + * Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license + */ + ++#include + #include + + #include "util.h" +diff --git a/src/types.h b/src/types.h +index 25ef3b9..01d627c 100644 +--- a/src/types.h ++++ b/src/types.h +@@ -24,7 +24,7 @@ + * rdata1 -> rdata2 -> rdata3 rdata4 -> rdata5 + * next_rdatalist -> next_rdatalist ... + */ +-typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t; ++typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t; + + typedef struct enum_txt_assoc { + int value; +-- +2.14.3 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch b/SOURCES/bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch new file mode 100644 index 0000000..8bc1abc --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch @@ -0,0 +1,123 @@ +From 925159b0e3757e650d9dbdb7888f6d66dde6d62f Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 5 Nov 2018 19:49:03 +0100 +Subject: [PATCH] Adjust to changes in bind 9.11.5 + +Custom types like isc_boolean_t and isc_uint32_t were removed from bind +headers. Compatibility headers are included, but have to be manually +used. Better change would be to start using uint32_t and bool types, +but that changes too much of code for now. +--- + src/fwd.c | 2 ++ + src/ldap_entry.c | 1 + + src/ldap_helper.c | 1 + + src/ldap_helper.h | 1 + + src/mldap.c | 1 + + src/settings.h | 2 ++ + src/types.h | 2 ++ + src/zone.c | 1 + + 8 files changed, 11 insertions(+) + +diff --git a/src/fwd.c b/src/fwd.c +index 840f0e8..f1ab60c 100644 +--- a/src/fwd.c ++++ b/src/fwd.c +@@ -6,6 +6,8 @@ + + #include "config.h" + ++#include ++ + #include + + #include +diff --git a/src/ldap_entry.c b/src/ldap_entry.c +index 96a6ef8..00a7e89 100644 +--- a/src/ldap_entry.c ++++ b/src/ldap_entry.c +@@ -7,6 +7,7 @@ + #include + #include + ++#include + #include + #include + #include +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index e0c4b76..74c0afe 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -26,6 +26,7 @@ + + #include + #include ++#include + #include + #include + #include +diff --git a/src/ldap_helper.h b/src/ldap_helper.h +index 6cfece5..fc21bb3 100644 +--- a/src/ldap_helper.h ++++ b/src/ldap_helper.h +@@ -7,6 +7,7 @@ + + #include "types.h" + ++#include + #include + #include + #include +diff --git a/src/mldap.c b/src/mldap.c +index 304ba36..8b90921 100644 +--- a/src/mldap.c ++++ b/src/mldap.c +@@ -10,6 +10,7 @@ + #include + + #include ++#include + #include + #include + #include +diff --git a/src/settings.h b/src/settings.h +index 16a1e63..6585d8b 100644 +--- a/src/settings.h ++++ b/src/settings.h +@@ -6,6 +6,8 @@ + #define _LD_SETTINGS_H_ + + #include ++#include ++#include + + #include + +diff --git a/src/types.h b/src/types.h +index 01d627c..41ef476 100644 +--- a/src/types.h ++++ b/src/types.h +@@ -5,7 +5,9 @@ + #ifndef _LD_TYPES_H_ + #define _LD_TYPES_H_ + ++#include + #include ++#include + #include + #include + +diff --git a/src/zone.c b/src/zone.c +index 284136e..b9c9936 100644 +--- a/src/zone.c ++++ b/src/zone.c +@@ -2,6 +2,7 @@ + * Copyright (C) 2014-2015 bind-dyndb-ldap authors; see COPYING for license + */ + ++#include + #include + #include + +-- +2.14.5 + diff --git a/SOURCES/bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch b/SOURCES/bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch new file mode 100644 index 0000000..f0c23c5 --- /dev/null +++ b/SOURCES/bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch @@ -0,0 +1,35 @@ +From ef1c4b7833de663549e9520e06e2b9f457b5fbec Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 28 Jan 2019 00:21:31 +0100 +Subject: [PATCH] Use correct dn value + +New GCC correctly reports error, NULL is always passed in case of +invalid objectclass. +--- + src/ldap_helper.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/ldap_helper.c b/src/ldap_helper.c +index 74c0afe..0f6184d 100644 +--- a/src/ldap_helper.c ++++ b/src/ldap_helper.c +@@ -4102,7 +4102,6 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) + ldap_entry_t *entry = NULL; + dns_name_t *zone_name = NULL; + dns_zone_t *zone_ptr = NULL; +- char *dn = NULL; + isc_taskaction_t action = NULL; + isc_task_t *task = NULL; + isc_boolean_t synchronous; +@@ -4155,7 +4154,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) + else if ((entry->class & LDAP_ENTRYCLASS_RR) != 0) + action = update_record; + else { +- log_error("unsupported objectClass: dn '%s'", dn); ++ log_error("unsupported objectClass: dn '%s'", entry->dn); + result = ISC_R_NOTIMPLEMENTED; + goto cleanup; + } +-- +2.20.1 + diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch deleted file mode 100644 index 52f156a..0000000 --- a/SOURCES/bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 34efc7e7d27d62f1ce67a4b12f41e3ba6ac5045f Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Fri, 17 Feb 2017 14:30:13 +0100 -Subject: [PATCH 1/3] Revert "BIND 9.11: use new public header isc/errno.h - instead of private isc/errno2result.h" - -This reverts commit 08da3390cfc0985abdc0f791115f0f595e915df6. ---- - configure.ac | 12 ++++++------ - src/fs.c | 6 +++--- - 2 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 50e41f3af667724accf9996c4167355c074ce00b..9e0f180699057e3d9f6a414868d123bf254fea50 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -105,18 +105,18 @@ int main(void) { - [AC_MSG_ERROR([Cross compiling is not supported.])] - ) - --dnl isc_errno_toresult() was not available in older header files --AC_MSG_CHECKING([isc_errno_toresult availability]) -+dnl isc__errno2result() is typically not present in standard header files -+AC_MSG_CHECKING([isc__errno2result availability in header files]) - AC_TRY_RUN([ --#include -+#include - int main(void) { -- isc_errno_toresult(0); -+ isc__errno2result(0); - return 0; - }], - [AC_MSG_RESULT([yes])], - [AC_MSG_ERROR([ -- Can't find isc_errno_toresult() or header isc/errno.h: -- Please install bind-devel package or similar.])], -+ Can't find isc__errno2result() or header isc/errno2result.h: -+ Please install bind-lite-devel package or similar.])], - [AC_MSG_ERROR([Cross compiling is not supported.])] - ) - -diff --git a/src/fs.c b/src/fs.c -index 61c46b51f225488422fe680f568851e6dfcae8de..09b71d70ea4f15bc5122df1960933f47f0d44eda 100644 ---- a/src/fs.c -+++ b/src/fs.c -@@ -10,7 +10,7 @@ - - #include - #include --#include -+#include - #include - #include - #include -@@ -37,7 +37,7 @@ fs_dir_create(const char *dir_name) - if (ret == 0) - result = ISC_R_SUCCESS; - else -- result = isc_errno_toresult(errno); -+ result = isc__errno2result(errno); - - if (result != ISC_R_SUCCESS && result != ISC_R_FILEEXISTS) { - log_error_r("unable to create directory '%s', working directory " -@@ -50,7 +50,7 @@ fs_dir_create(const char *dir_name) - * solely for this purpose. */ - ret = chmod(dir_name, dir_mode); - if (ret != 0) { -- result = isc_errno_toresult(errno); -+ result = isc__errno2result(errno); - log_error_r("unable to chmod directory '%s', " - "working directory is '%s'", - dir_name, dir_curr); --- -2.9.3 - diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch deleted file mode 100644 index 691051c..0000000 --- a/SOURCES/bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 969c1737ff227cc5810ea6d91e36e87d21bea194 Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Fri, 17 Feb 2017 14:32:58 +0100 -Subject: [PATCH 2/3] Revert "BIND 9.11: Add wrapper for new DB API method - nodefullname." - -This reverts commit 8178f3cf856829c081a663a2e3f4d77ecc2db6b1. ---- - src/ldap_driver.c | 13 +------------ - 1 file changed, 1 insertion(+), 12 deletions(-) - -diff --git a/src/ldap_driver.c b/src/ldap_driver.c -index 53ce1a93a1f9b45bfb69983f196a3760bdb98ca2..ed31d50321072a8100e20bbd0cf7da2e3741b0d4 100644 ---- a/src/ldap_driver.c -+++ b/src/ldap_driver.c -@@ -813,16 +813,6 @@ hashsize(dns_db_t *db) - return dns_db_hashsize(ldapdb->rbtdb); - } - --isc_result_t --nodefullname(dns_db_t *db, dns_dbnode_t *node, dns_name_t *name) --{ -- ldapdb_t *ldapdb = (ldapdb_t *) db; -- -- REQUIRE(VALID_LDAPDB(ldapdb)); -- -- return dns_db_nodefullname(ldapdb->rbtdb, node, name); --} -- - static dns_dbmethods_t ldapdb_methods = { - attach, - detach, -@@ -866,8 +856,7 @@ static dns_dbmethods_t ldapdb_methods = { - findnodeext, - findext, - setcachestats, -- hashsize, -- nodefullname -+ hashsize - }; - - isc_result_t ATTR_NONNULLS --- -2.9.3 - diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch deleted file mode 100644 index 310212c..0000000 --- a/SOURCES/bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch +++ /dev/null @@ -1,507 +0,0 @@ -From b0b52c55e7ee12287eb4360b0fc1dd5751ee105e Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Fri, 17 Feb 2017 14:35:13 +0100 -Subject: [PATCH 3/3] Revert "BIND 9.11: Remove #if blocks for older BIND - versions." - -This reverts commit 2649ef1da1cbfc1203337665c4e589e1fe75f04b. ---- - src/Makefile.am | 1 + - src/compat.h | 44 +++++++++++++++++++++++ - src/fwd.c | 60 +++++++++++++++++++++++++++++-- - src/ldap_driver.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++--- - 4 files changed, 202 insertions(+), 6 deletions(-) - create mode 100644 src/compat.h - -diff --git a/src/Makefile.am b/src/Makefile.am -index e1e3968682a675573fbebcefefdee53bf6499f5b..fe96c4c82d3fe5ee4763dd1834c074e08365cdcc 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -4,6 +4,7 @@ bindplugindir=$(libdir)/bind - HDRS = \ - acl.h \ - bindcfg.h \ -+ compat.h \ - empty_zones.h \ - fs.h \ - fwd.h \ -diff --git a/src/compat.h b/src/compat.h -new file mode 100644 -index 0000000000000000000000000000000000000000..00e3da58bc270e3e21f8780af1056caae5151c87 ---- /dev/null -+++ b/src/compat.h -@@ -0,0 +1,44 @@ -+/* -+ * Copyright (C) 2009 bind-dyndb-ldap authors; see COPYING for license -+ */ -+ -+#ifdef HAVE_CONFIG_H -+#include -+#else -+#error "Can't compile without config.h" -+#endif -+ -+/* -+ * dns_rdatalist_fromrdataset() did not exist in older versions of libdns. -+ * Add a substitude function here. -+ */ -+#if LIBDNS_VERSION_MAJOR < 40 -+static inline isc_result_t -+dns_rdatalist_fromrdataset(dns_rdataset_t *rdataset, -+ dns_rdatalist_t **rdatalist) -+{ -+ REQUIRE(rdatalist != NULL && rdataset != NULL); -+ -+ *rdatalist = rdataset->private1; -+ -+ return ISC_R_SUCCESS; -+} -+#endif /* LIBDNS_VERSION_MAJOR < 40 */ -+ -+/* -+ * In older libdns versions, isc_refcount_init() was defined as a macro. -+ * However, in newer versions, it is a function returning isc_result_t type. -+ * This piece of code should take care of that problem. -+ */ -+#if LIBDNS_VERSION_MAJOR < 30 -+#include -+ -+static inline isc_result_t -+isc_refcount_init_func(isc_refcount_t *ref, unsigned int n) -+{ -+ isc_refcount_init(ref, n); -+ return ISC_R_SUCCESS; -+} -+#undef isc_refcount_init -+#define isc_refcount_init isc_refcount_init_func -+#endif /* LIBDNS_VERSION_MAJOR < 30 */ -diff --git a/src/fwd.c b/src/fwd.c -index 840f0e8f232969b2b726fa4a338a10c010654279..1f6a9e5d922d6a14dec88e04d41ad911f2dfd389 100644 ---- a/src/fwd.c -+++ b/src/fwd.c -@@ -69,7 +69,11 @@ fwd_list_len(dns_forwarders_t *fwdrs) { - - REQUIRE(fwdrs != NULL); - -+#if LIBDNS_VERSION_MAJOR < 140 -+ for (isc_sockaddr_t *fwdr = ISC_LIST_HEAD(fwdrs->addrs); -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - for (dns_forwarder_t *fwdr = ISC_LIST_HEAD(fwdrs->fwdrs); -+#endif - fwdr != NULL; - fwdr = ISC_LIST_NEXT(fwdr, link)) { - len++; -@@ -165,7 +169,11 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs, - const cfg_obj_t *faddresses; - const cfg_listelt_t *fwdr_cfg; /* config representation */ - /* internal representation */ -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddr_t *fwdr_int; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - dns_forwarder_t *fwdr_int; -+#endif - - isc_buffer_initnull(&tmp_buf); - tmp_buf.mctx = mctx; -@@ -189,12 +197,20 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs, - * data from the internal one to cfg data structures.*/ - faddresses = cfg_tuple_get(forwarders_cfg, "addresses"); - for (fwdr_int = ISC_LIST_HEAD( -+#if LIBDNS_VERSION_MAJOR < 140 -+ fwdrs->addrs -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - fwdrs->fwdrs -+#endif - ), fwdr_cfg = cfg_list_first(faddresses); - INSIST((fwdr_int == NULL) == (fwdr_cfg == NULL)), fwdr_int != NULL; - fwdr_int = ISC_LIST_NEXT(fwdr_int, link), fwdr_cfg = cfg_list_next(fwdr_cfg)) { -+#if LIBDNS_VERSION_MAJOR < 140 -+ fwdr_cfg->obj->value.sockaddr = *fwdr_int; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - fwdr_cfg->obj->value.sockaddrdscp.sockaddr = fwdr_int->addr; - fwdr_cfg->obj->value.sockaddrdscp.dscp = fwdr_int->dscp; -+#endif - } - cfg_print(faddresses, buffer_append_str, &tmp_buf); - -@@ -243,7 +259,12 @@ cleanup: - - static isc_result_t - fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx, -- dns_forwarderlist_t *fwdrs) -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddrlist_t *fwdrs -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ -+ dns_forwarderlist_t *fwdrs -+#endif -+ ) - { - isc_result_t result = ISC_R_SUCCESS; - cfg_parser_t *parser = NULL; -@@ -253,7 +274,11 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx, - const cfg_listelt_t *listel; - const cfg_obj_t *fwdr_cfg; - isc_sockaddr_t addr; -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddr_t *fwdr; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - dns_forwarder_t *fwdr; -+#endif - - in_port_t port = 53; - -@@ -276,8 +301,12 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx, - if (isc_sockaddr_getport(&addr) == 0) - isc_sockaddr_setport(&addr, port); - CHECKED_MEM_GET_PTR(mctx, fwdr); -+#if LIBDNS_VERSION_MAJOR < 140 -+ *fwdr = addr; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - fwdr->addr = addr; - fwdr->dscp = cfg_obj_getdscp(fwdr_cfg); -+#endif - ISC_LINK_INIT(fwdr, link); - ISC_LIST_APPEND(*fwdrs, fwdr, link); - } -@@ -291,8 +320,18 @@ cleanup: - } - - static void --fwdr_list_free(isc_mem_t *mctx, dns_forwarderlist_t *fwdrs) { -+fwdr_list_free(isc_mem_t *mctx, -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddrlist_t *fwdrs -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ -+ dns_forwarderlist_t *fwdrs -+#endif -+ ) { -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddr_t *fwdr; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - dns_forwarder_t *fwdr; -+#endif - while (!ISC_LIST_EMPTY(*fwdrs)) { - fwdr = ISC_LIST_HEAD(*fwdrs); - ISC_LIST_UNLINK(*fwdrs, fwdr, link); -@@ -318,7 +357,11 @@ fwd_setting_isexplicit(isc_mem_t *mctx, const settings_set_t *set, - isc_result_t result; - setting_t *setting = NULL; - dns_fwdpolicy_t fwdpolicy; -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddrlist_t fwdrs; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - dns_forwarderlist_t fwdrs; -+#endif - - REQUIRE(isexplicit != NULL); - ISC_LIST_INIT(fwdrs); -@@ -397,7 +440,11 @@ fwd_parse_ldap(ldap_entry_t *entry, settings_set_t *set) { - ldap_valuelist_t values; - ldap_value_t *value; - isc_buffer_t *tmp_buf = NULL; /* hack: only the base buffer is allocated */ -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddrlist_t fwdrs; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - dns_forwarderlist_t fwdrs; -+#endif - const char *setting_str = NULL; - - /** -@@ -500,7 +547,11 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, - isc_mem_t *mctx = NULL; - dns_view_t *view = NULL; - isc_result_t lock_state = ISC_R_IGNORE; -+#if LIBDNS_VERSION_MAJOR < 140 -+ isc_sockaddrlist_t fwdrs; -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - dns_forwarderlist_t fwdrs; -+#endif - isc_boolean_t is_global_config; - dns_fixedname_t foundname; - const char *msg_use_global_fwds; -@@ -579,8 +630,13 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst, - run_exclusive_enter(inst, &lock_state); - CHECK(fwd_delete_table(view, name, msg_obj_type, set->name)); - if (isconfigured == ISC_TRUE) { -+#if LIBDNS_VERSION_MAJOR < 140 -+ CHECK(dns_fwdtable_add(view->fwdtable, name, &fwdrs, -+ fwdpolicy)); -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - CHECK(dns_fwdtable_addfwd(view->fwdtable, name, &fwdrs, - fwdpolicy)); -+#endif - } - dns_view_flushcache(view); - run_exclusive_exit(inst, lock_state); -diff --git a/src/ldap_driver.c b/src/ldap_driver.c -index ed31d50321072a8100e20bbd0cf7da2e3741b0d4..4e842cb0f122c49080128a81892f9737d29a299e 100644 ---- a/src/ldap_driver.c -+++ b/src/ldap_driver.c -@@ -34,6 +34,7 @@ - #include /* For memcpy */ - - #include "bindcfg.h" -+#include "compat.h" - #include "ldap_driver.h" - #include "ldap_helper.h" - #include "ldap_convert.h" -@@ -184,9 +185,18 @@ detach(dns_db_t **dbp) - - /* !!! This could be required for optimizations (like on-disk cache). */ - static isc_result_t -+#if LIBDNS_VERSION_MAJOR < 140 -+beginload(dns_db_t *db, dns_addrdatasetfunc_t *addp, dns_dbload_t **dbloadp) -+{ -+ -+ UNUSED(db); -+ UNUSED(addp); -+ UNUSED(dbloadp); -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - beginload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { - UNUSED(db); - UNUSED(callbacks); -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ - - fatal_error("ldapdb: method beginload() should never be called"); - -@@ -201,9 +211,17 @@ beginload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { - - /* !!! This could be required for optimizations (like on-disk cache). */ - static isc_result_t -+#if LIBDNS_VERSION_MAJOR < 140 -+endload(dns_db_t *db, dns_dbload_t **dbloadp) -+{ -+ -+ UNUSED(db); -+ UNUSED(dbloadp); -+#else /* LIBDNS_VERSION_MAJOR >= 140 */ - endload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { - UNUSED(db); - UNUSED(callbacks); -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ - - fatal_error("ldapdb: method endload() should never be called"); - -@@ -211,6 +229,7 @@ endload(dns_db_t *db, dns_rdatacallbacks_t *callbacks) { - return ISC_R_SUCCESS; - } - -+#if LIBDNS_VERSION_MAJOR >= 140 - static isc_result_t - serialize(dns_db_t *db, dns_dbversion_t *version, FILE *file) - { -@@ -220,17 +239,23 @@ serialize(dns_db_t *db, dns_dbversion_t *version, FILE *file) - - return dns_db_serialize(ldapdb->rbtdb, version, file); - } -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ - - /* !!! This could be required for optimizations (like on-disk cache). */ - static isc_result_t --dump(dns_db_t *db, dns_dbversion_t *version, const char *filename, -- dns_masterformat_t masterformat) -+dump(dns_db_t *db, dns_dbversion_t *version, const char *filename -+#if LIBDNS_VERSION_MAJOR >= 31 -+ , dns_masterformat_t masterformat -+#endif -+ ) - { - - UNUSED(db); - UNUSED(version); - UNUSED(filename); -+#if LIBDNS_VERSION_MAJOR >= 31 - UNUSED(masterformat); -+#endif - - fatal_error("ldapdb: method dump() should never be called"); - -@@ -401,14 +426,22 @@ printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) - } - - static isc_result_t --createiterator(dns_db_t *db, unsigned int options, -+createiterator(dns_db_t *db, -+#if LIBDNS_VERSION_MAJOR >= 50 -+ unsigned int options, -+#else -+ isc_boolean_t relative_names, -+#endif - dns_dbiterator_t **iteratorp) - { - ldapdb_t *ldapdb = (ldapdb_t *) db; - - REQUIRE(VALID_LDAPDB(ldapdb)); -- -+#if LIBDNS_VERSION_MAJOR >= 50 - return dns_db_createiterator(ldapdb->rbtdb, options, iteratorp); -+#else -+ return dns_db_createiterator(ldapdb->rbtdb, relative_names, iteratorp); -+#endif - } - - static isc_result_t -@@ -646,6 +679,7 @@ settask(dns_db_t *db, isc_task_t *task) - dns_db_settask(ldapdb->rbtdb, task); - } - -+#if LIBDNS_VERSION_MAJOR >= 31 - static isc_result_t - getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) - { -@@ -655,7 +689,9 @@ getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) - - return dns_db_getoriginnode(ldapdb->rbtdb, nodep); - } -+#endif /* LIBDNS_VERSION_MAJOR >= 31 */ - -+#if LIBDNS_VERSION_MAJOR >= 45 - static void - transfernode(dns_db_t *db, dns_dbnode_t **sourcep, dns_dbnode_t **targetp) - { -@@ -666,7 +702,9 @@ transfernode(dns_db_t *db, dns_dbnode_t **sourcep, dns_dbnode_t **targetp) - dns_db_transfernode(ldapdb->rbtdb, sourcep, targetp); - - } -+#endif /* LIBDNS_VERSION_MAJOR >= 45 */ - -+#if LIBDNS_VERSION_MAJOR >= 50 - static isc_result_t - getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, - dns_hash_t *hash, isc_uint8_t *flags, -@@ -733,7 +771,9 @@ isdnssec(dns_db_t *db) - - return dns_db_isdnssec(ldapdb->rbtdb); - } -+#endif /* LIBDNS_VERSION_MAJOR >= 50 */ - -+#if LIBDNS_VERSION_MAJOR >= 45 - static dns_stats_t * - getrrsetstats(dns_db_t *db) { - ldapdb_t *ldapdb = (ldapdb_t *) db; -@@ -743,7 +783,35 @@ getrrsetstats(dns_db_t *db) { - return dns_db_getrrsetstats(ldapdb->rbtdb); - - } -+#endif /* LIBDNS_VERSION_MAJOR >= 45 */ - -+#if LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 -+static isc_result_t -+rpz_enabled(dns_db_t *db, dns_rpz_st_t *st) -+{ -+ ldapdb_t *ldapdb = (ldapdb_t *) db; -+ -+ REQUIRE(VALID_LDAPDB(ldapdb)); -+ -+ return dns_db_rpz_enabled(ldapdb->rbtdb, st); -+} -+ -+static void -+rpz_findips(dns_rpz_zone_t *rpz, dns_rpz_type_t rpz_type, -+ dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version, -+ dns_rdataset_t *ardataset, dns_rpz_st_t *st, -+ dns_name_t *query_qname) -+{ -+ ldapdb_t *ldapdb = (ldapdb_t *) db; -+ -+ REQUIRE(VALID_LDAPDB(ldapdb)); -+ -+ dns_db_rpz_findips(rpz, rpz_type, zone, ldapdb->rbtdb, version, -+ ardataset, st, query_qname); -+} -+#endif /* LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 */ -+ -+#if LIBDNS_VERSION_MAJOR >= 140 - void - rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, dns_rpz_num_t rpz_num) - { -@@ -763,7 +831,9 @@ rpz_ready(dns_db_t *db) - - return dns_db_rpz_ready(ldapdb->rbtdb); - } -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ - -+#if LIBDNS_VERSION_MAJOR >= 90 - static isc_result_t - findnodeext(dns_db_t *db, dns_name_t *name, - isc_boolean_t create, dns_clientinfomethods_t *methods, -@@ -792,7 +862,9 @@ findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, - nodep, foundname, methods, clientinfo, rdataset, - sigrdataset); - } -+#endif /* LIBDNS_VERSION_MAJOR >= 90 */ - -+#if LIBDNS_VERSION_MAJOR >= 140 - isc_result_t - setcachestats(dns_db_t *db, isc_stats_t *stats) - { -@@ -803,7 +875,11 @@ setcachestats(dns_db_t *db, isc_stats_t *stats) - return dns_db_setcachestats(ldapdb->rbtdb, stats); - } - -+#if LIBDNS_VERSION_MAJOR >= 164 - size_t -+#else -+unsigned int -+#endif /* LIBDNS_VERSION_MAJOR >= 164 */ - hashsize(dns_db_t *db) - { - ldapdb_t *ldapdb = (ldapdb_t *) db; -@@ -812,13 +888,16 @@ hashsize(dns_db_t *db) - - return dns_db_hashsize(ldapdb->rbtdb); - } -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ - - static dns_dbmethods_t ldapdb_methods = { - attach, - detach, - beginload, - endload, -+#if LIBDNS_VERSION_MAJOR >= 140 - serialize, /* see dns_db_serialize(), implementation is not mandatory */ -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ - dump, - currentversion, - newversion, -@@ -842,21 +921,37 @@ static dns_dbmethods_t ldapdb_methods = { - ispersistent, - overmem, - settask, -+#if LIBDNS_VERSION_MAJOR >= 31 - getoriginnode, -+#endif /* LIBDNS_VERSION_MAJOR >= 31 */ -+#if LIBDNS_VERSION_MAJOR >= 45 - transfernode, -+#if LIBDNS_VERSION_MAJOR >= 50 - getnsec3parameters, - findnsec3node, - setsigningtime, - getsigningtime, - resigned, - isdnssec, -+#endif /* LIBDNS_VERSION_MAJOR >= 50 */ - getrrsetstats, -+#endif /* LIBDNS_VERSION_MAJOR >= 45 */ -+#if LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 -+ rpz_enabled, -+ rpz_findips, -+#endif /* LIBDNS_VERSION_MAJOR >= 82 && LIBDNS_VERSION_MAJOR < 140 */ -+#if LIBDNS_VERSION_MAJOR >= 140 - rpz_attach, - rpz_ready, -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ -+#if LIBDNS_VERSION_MAJOR >= 90 - findnodeext, - findext, -+#endif /* LIBDNS_VERSION_MAJOR >= 90 */ -+#if LIBDNS_VERSION_MAJOR >= 140 - setcachestats, - hashsize -+#endif /* LIBDNS_VERSION_MAJOR >= 140 */ - }; - - isc_result_t ATTR_NONNULLS --- -2.9.3 - diff --git a/SOURCES/bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch b/SOURCES/bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch deleted file mode 100644 index 08aff3c..0000000 --- a/SOURCES/bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 9879850c5e5c19958949697db2da60ca7a3be7de Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Tue, 14 Mar 2017 14:59:26 +0100 -Subject: [PATCH] Skip isc_lib_register - ---- - src/ldap_driver.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/src/ldap_driver.c b/src/ldap_driver.c -index 4e842cb0f122c49080128a81892f9737d29a299e..9fc3b9a44fba9aec6a71a9ff66b2b96c3c4777cf 100644 ---- a/src/ldap_driver.c -+++ b/src/ldap_driver.c -@@ -1143,14 +1143,17 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters, - * access to named's global namespace, in which case we need - * to initialize libisc/libdns - */ -- if (dctx->refvar != &isc_bind9) { -- isc_lib_register(); -+ if (dctx->refvar != &isc_lctx) { -+ void *old_lctx = &isc_lctx; - isc_log_setcontext(dctx->lctx); - dns_log_setcontext(dctx->lctx); -- log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9); -+ log_debug(5, "registering library from dynamic ldap driver, " -+ "%p != %p.", dctx->refvar, old_lctx); - } - -- isc_hash_set_initializer(dctx->hashinit); -+ if (isc_hashctx != NULL && isc_hashctx != dctx->hctx) -+ isc_hash_ctxdetach(&isc_hashctx); -+ isc_hashctx = dctx->hctx; - - log_debug(2, "registering dynamic ldap driver for %s.", name); - --- -2.9.3 - diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec index c9cd97d..26c7e54 100644 --- a/SPECS/bind-dyndb-ldap.spec +++ b/SPECS/bind-dyndb-ldap.spec @@ -1,8 +1,10 @@ %define VERSION %{version} +%define bind_version 32:9.11.1-1.P1 + Name: bind-dyndb-ldap Version: 11.1 -Release: 4%{?dist} +Release: 6%{?dist} Summary: LDAP back-end plug-in for BIND Group: System Environment/Libraries @@ -10,26 +12,25 @@ License: GPLv2+ URL: https://releases.pagure.org/bind-dyndb-ldap Source0: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2 Source1: https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc -Patch0: bind-dyndb-ldap-tkrizek-0001-Revert-BIND-9.11-use-new-public-header-isc-errno.h-i.patch -Patch1: bind-dyndb-ldap-tkrizek-0002-Revert-BIND-9.11-Add-wrapper-for-new-DB-API-method-n.patch -Patch2: bind-dyndb-ldap-tkrizek-0003-Revert-BIND-9.11-Remove-if-blocks-for-older-BIND-ver.patch -Patch3: bind-dyndb-ldap-tkrizek-0004-Skip-isc-lib-register.patch Patch4: bind-dyndb-ldap-pemensik-0002-Treat-passwords-like-ordinary-text-bind-does-not-sup.patch Patch5: bind-dyndb-ldap-pemensik-0003-Replace-unsupported-autoreallocating-buffer-by-custo.patch Patch6: bind-dyndb-ldap-tkrizek-0005-Setting-skip-unconfigured-values.patch Patch7: bind-dyndb-ldap-tkrizek-0006-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch +Patch8: bind-dyndb-ldap-pemensik-0007-Add-empty-callback-for-getsize.patch +Patch9: bind-dyndb-ldap-pemensik-0008-Support-for-BIND-9.11.3.patch +Patch10: bind-dyndb-ldap-pemensik-0009-Support-for-BIND-9.11.5.patch +Patch11: bind-dyndb-ldap-pemensik-0010-Use-correct-dn-value.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: bind-devel >= 32:9.9.4-51, bind-lite-devel >= 32:9.9.4-51 +BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} BuildRequires: krb5-devel BuildRequires: openldap-devel +BuildRequires: openssl-devel BuildRequires: libuuid-devel BuildRequires: automake, autoconf, libtool -Requires: bind >= 32:9.9.4-51 -# https://bugzilla.redhat.com/show_bug.cgi?id=1376851 -Requires(post,postun): selinux-policy +Requires: bind-pkcs11 >= %{bind_version}, bind-pkcs11-utils >= %{bind_version} Requires(post): sed %description @@ -39,15 +40,7 @@ off of your LDAP server. %prep -%setup -q -n %{name}-%{VERSION} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 +%autosetup -p1 %build autoreconf -fiv @@ -66,16 +59,6 @@ rm -r %{buildroot}%{_datadir}/doc/%{name} %post -# SELinux boolean named_write_master_zones has to be enabled -# otherwise the plugin will not be able to write to /var/named. -# This scriptlet enables the boolean after installation or upgrade. -# SELinux is sensitive area so I want to inform user about the change. -if [ -x "/usr/sbin/setsebool" ] ; then - echo "Enabling SELinux boolean named_write_master_zones" - /usr/sbin/setsebool -P named_write_master_zones=1 || : -fi - - # Transform named.conf if it still has old-style API. PLATFORM=$(uname -m) @@ -115,15 +98,6 @@ EOF sed -i.bak -e "$SEDSCRIPT" /etc/named.conf - -# This scriptlet disables the boolean after uninstallation. -%postun -if [ "0$1" -eq "0" ] && [ -x "/usr/sbin/setsebool" ] ; then - echo "Disabling SELinux boolean named_write_master_zones" - /usr/sbin/setsebool -P named_write_master_zones=0 || : -fi - - %clean rm -rf %{buildroot} @@ -136,8 +110,16 @@ rm -rf %{buildroot} %changelog +* Tue Feb 12 2019 Petr Menšík - 11.1-6 +- Bump BIND version and fix library dependecies +- Rebuild for bind 9.11.3. Minor tweaks to compile. +- Support for bind 9.11.5 headers + +* Mon May 28 2018 Petr Menšík - 11.1-5 +- Resolves: #1580389 depend on bind with writeable home + * Wed Jul 12 2017 Tomas Krizek - 11.1-4 -- Resolves: #1469984 required bind version doesn't have the dyndb interface +- Resolves: #1469563 required bind version doesn't have the dyndb interface * Wed Apr 26 2017 Tomas Krizek - 11.1-3 - resolves: #1436268 crash when server_id is not present in named.conf