diff --git a/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch b/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch deleted file mode 100644 index 04b6cb8..0000000 --- a/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch +++ /dev/null @@ -1,116 +0,0 @@ -From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Mon, 27 Mar 2017 19:41:05 +0200 -Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst - -With the DynDB API changes, the ldap instance is acquired -differently. Previously, obtaining the instance could fail when -LDAP was disconnecting, thus the NULL check was necessary in the -cleanup part. - -Now, inst is obtained directly from the API. I'm not sure what is -the exact behaviour in edge cases such as LDAP disconnecting, so -I perform the NULL check a bit earlier, just to be safe. ---- - src/ldap_helper.c | 42 +++++++++++++++++++++--------------------- - 1 file changed, 21 insertions(+), 21 deletions(-) - -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event) - mctx = pevent->mctx; - dns_name_init(&prevname, NULL); - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - - if (SYNCREPL_DEL(pevent->chgtype)) { -@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event) - } - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- if (dns_name_dynamic(&prevname)) -- dns_name_free(&prevname, inst->mctx); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ if (dns_name_dynamic(&prevname)) -+ dns_name_free(&prevname, inst->mctx); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_zone (syncrepl) failed for %s. " - "Zones can be outdated, run `rndc reload`", -@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event) - - mctx = pevent->mctx; - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - CHECK(ldap_parse_configentry(entry, inst)); - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_config (syncrepl) failed for %s. " - "Configuration can be outdated, run `rndc reload`", -@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event) - - mctx = pevent->mctx; - -+ REQUIRE(inst != NULL); - INSIST(task == inst->task); /* For task-exclusive mode */ - CHECK(ldap_parse_serverconfigentry(entry, inst)); - - cleanup: -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- sync_event_signal(inst->sctx, pevent); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ sync_event_signal(inst->sctx, pevent); -+ - if (result != ISC_R_SUCCESS) - log_error_r("update_serverconfig (syncrepl) failed for %s. " - "Configuration can be outdated, run `rndc reload`", -@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event) - dns_name_init(&prevname, NULL); - dns_name_init(&prevorigin, NULL); - -+ REQUIRE(inst != NULL); - CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure)); - zone_found = ISC_TRUE; - -@@ -4020,13 +4021,12 @@ cleanup: - ldap_entry_logname(entry), pevent->chgtype); - } - -- if (inst != NULL) { -- sync_concurr_limit_signal(inst->sctx); -- if (dns_name_dynamic(&prevname)) -- dns_name_free(&prevname, inst->mctx); -- if (dns_name_dynamic(&prevorigin)) -- dns_name_free(&prevorigin, inst->mctx); -- } -+ sync_concurr_limit_signal(inst->sctx); -+ if (dns_name_dynamic(&prevname)) -+ dns_name_free(&prevname, inst->mctx); -+ if (dns_name_dynamic(&prevorigin)) -+ dns_name_free(&prevorigin, inst->mctx); -+ - if (raw != NULL) - dns_zone_detach(&raw); - if (secure != NULL) --- -2.9.3 - diff --git a/0002-Add-empty-callback-for-getsize.patch b/0002-Add-empty-callback-for-getsize.patch deleted file mode 100644 index 63f08b9..0000000 --- a/0002-Add-empty-callback-for-getsize.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001 -From: Tomas Krizek -Date: Tue, 27 Jun 2017 10:41:03 +0200 -Subject: [PATCH] Add empty callback for getsize - -BIND introduced getsize method in db.h. This is related to -CVE-2016-6170 and allows to set restriction of zone size limit. - -Signed-off-by: Tomas Krizek ---- - src/ldap_driver.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/ldap_driver.c b/src/ldap_driver.c -index 53ce1a9..38673b0 100644 ---- a/src/ldap_driver.c -+++ b/src/ldap_driver.c -@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = { - findext, - setcachestats, - hashsize, -- nodefullname -+ nodefullname, -+ NULL, // getsize method not implemented (related BZ1353563) - }; - - isc_result_t ATTR_NONNULLS --- -2.9.4 - diff --git a/0003-Support-for-BIND-9.11.3.patch b/0003-Support-for-BIND-9.11.3.patch deleted file mode 100644 index 092e3c2..0000000 --- a/0003-Support-for-BIND-9.11.3.patch +++ /dev/null @@ -1,137 +0,0 @@ -From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Thu, 1 Mar 2018 19:41:10 +0100 -Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in - each file that uses REQUIRE(). Support stdatomic feature, do not use function - call in STATIC_ASSERT(). - ---- - src/bindcfg.c | 1 + - src/fwd_register.c | 1 + - src/ldap_entry.h | 11 +++++------ - src/mldap.c | 4 ++-- - src/rbt_helper.c | 1 + - src/types.h | 2 +- - 6 files changed, 11 insertions(+), 9 deletions(-) - -diff --git a/src/bindcfg.c b/src/bindcfg.c -index 9b429ba..5539dea 100644 ---- a/src/bindcfg.c -+++ b/src/bindcfg.c -@@ -6,6 +6,7 @@ - - #include "config.h" - -+#include - #include - #include - -diff --git a/src/fwd_register.c b/src/fwd_register.c -index 355d15f..7cc0c5a 100644 ---- a/src/fwd_register.c -+++ b/src/fwd_register.c -@@ -3,6 +3,7 @@ - */ - - #include -+#include - #include - - #include "rbt_helper.h" -diff --git a/src/ldap_entry.h b/src/ldap_entry.h -index 6498c79..88b1c42 100644 ---- a/src/ldap_entry.h -+++ b/src/ldap_entry.h -@@ -6,7 +6,6 @@ - #define _LD_LDAP_ENTRY_H_ - - #include --#include - #include - - #include "fwd_register.h" -@@ -19,15 +18,15 @@ - - /* Represents values associated with LDAP attribute */ - typedef struct ldap_value ldap_value_t; --typedef LIST(ldap_value_t) ldap_valuelist_t; -+typedef ISC_LIST(ldap_value_t) ldap_valuelist_t; - struct ldap_value { - char *value; -- LINK(ldap_value_t) link; -+ ISC_LINK(ldap_value_t) link; - }; - - /* Represents LDAP attribute and it's values */ - typedef struct ldap_attribute ldap_attribute_t; --typedef LIST(ldap_attribute_t) ldap_attributelist_t; -+typedef ISC_LIST(ldap_attribute_t) ldap_attributelist_t; - - /* Represents LDAP entry and it's attributes */ - typedef unsigned char ldap_entryclass_t; -@@ -41,7 +40,7 @@ struct ldap_entry { - - ldap_attribute_t *lastattr; - ldap_attributelist_t attrs; -- LINK(ldap_entry_t) link; -+ ISC_LINK(ldap_entry_t) link; - - /* Parsing. */ - isc_lex_t *lex; -@@ -59,7 +58,7 @@ struct ldap_attribute { - char **ldap_values; - ldap_value_t *lastval; - ldap_valuelist_t values; -- LINK(ldap_attribute_t) link; -+ ISC_LINK(ldap_attribute_t) link; - }; - - #define LDAP_ENTRYCLASS_NONE 0x0 -diff --git a/src/mldap.c b/src/mldap.c -index 143abce..304ba36 100644 ---- a/src/mldap.c -+++ b/src/mldap.c -@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) { - * reference counter value. - */ - STATIC_ASSERT((isc_uint32_t) -- (typeof(isc_refcount_current((isc_refcount_t *)0))) -+ (typeof(((isc_refcount_t *)0)->refs)) - -1 - == 0xFFFFFFFF, \ - "negative isc_refcount_t cannot be properly shortened to 32 bits"); - - STATIC_ASSERT((isc_uint32_t) -- (typeof(isc_refcount_current((isc_refcount_t *)0))) -+ (typeof(((isc_refcount_t *)0)->refs)) - 0x90ABCDEF12345678 - == 0x12345678, \ - "positive isc_refcount_t cannot be properly shortened to 32 bits"); -diff --git a/src/rbt_helper.c b/src/rbt_helper.c -index 2a7e6cb..f610b07 100644 ---- a/src/rbt_helper.c -+++ b/src/rbt_helper.c -@@ -2,6 +2,7 @@ - * Copyright (C) 2013-2014 bind-dyndb-ldap authors; see COPYING for license - */ - -+#include - #include - - #include "util.h" -diff --git a/src/types.h b/src/types.h -index 25ef3b9..01d627c 100644 ---- a/src/types.h -+++ b/src/types.h -@@ -24,7 +24,7 @@ - * rdata1 -> rdata2 -> rdata3 rdata4 -> rdata5 - * next_rdatalist -> next_rdatalist ... - */ --typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t; -+typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t; - - typedef struct enum_txt_assoc { - int value; --- -2.14.3 - diff --git a/0004-use-correct-dn-value.patch b/0004-use-correct-dn-value.patch deleted file mode 100644 index fa55c8b..0000000 --- a/0004-use-correct-dn-value.patch +++ /dev/null @@ -1,32 +0,0 @@ -commit d69150691983f7f1efaa078549cd80a14afb76cb -Author: Petr Menšík -Date: Mon Jan 28 00:31:25 2019 +0100 - - Use correct dn value - - New GCC correctly reports error, NULL is always passed in case of - invalid objectclass. - - Signed-off-by: Petr Menšík - -diff --git a/src/ldap_helper.c b/src/ldap_helper.c -index ac8ce6e..8b486ae 100644 ---- a/src/ldap_helper.c -+++ b/src/ldap_helper.c -@@ -4102,7 +4102,6 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) - ldap_entry_t *entry = NULL; - dns_name_t *zone_name = NULL; - dns_zone_t *zone_ptr = NULL; -- char *dn = NULL; - isc_taskaction_t action = NULL; - isc_task_t *task = NULL; - isc_boolean_t synchronous; -@@ -4156,7 +4155,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype) - else if ((entry->class & LDAP_ENTRYCLASS_RR) != 0) - action = update_record; - else { -- log_error("unsupported objectClass: dn '%s'", dn); -+ log_error("unsupported objectClass: dn '%s'", entry->dn); - result = ISC_R_NOTIMPLEMENTED; - goto cleanup; - } diff --git a/bind-dyndb-ldap-11.1.tar.bz2 b/bind-dyndb-ldap-11.1.tar.bz2 deleted file mode 100644 index 48fc98d..0000000 Binary files a/bind-dyndb-ldap-11.1.tar.bz2 and /dev/null differ diff --git a/bind-dyndb-ldap-11.1.tar.bz2.asc b/bind-dyndb-ldap-11.1.tar.bz2.asc deleted file mode 100644 index 3becbc4..0000000 --- a/bind-dyndb-ldap-11.1.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5 -Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F -FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+ -r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr -G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ -lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4= -=jtZI ------END PGP SIGNATURE----- diff --git a/bind-dyndb-ldap-11.3.tar.bz2 b/bind-dyndb-ldap-11.3.tar.bz2 new file mode 100644 index 0000000..9cf3f0c Binary files /dev/null and b/bind-dyndb-ldap-11.3.tar.bz2 differ diff --git a/bind-dyndb-ldap-11.3.tar.bz2.asc b/bind-dyndb-ldap-11.3.tar.bz2.asc new file mode 100644 index 0000000..55a558c --- /dev/null +++ b/bind-dyndb-ldap-11.3.tar.bz2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAl7eZOEACgkQRxniuKu/ +YhqWrg//S+qgy+mv0H1cdKsBMFax0PK3hWAmS6/8eZPFOXIfZnx9Q0yCD/EYr2GA +tdyNo71Jxnk9cnvIIDVttFgscnDDVAMKjGTtvlkgjqbRhr1jNxTeR2A9V6XZWU4m +cq4+mJya72mnLZH0dA2kb0aeQEggSBu1aD/xxooWO4vt91aUf6ma5+OBnkGHiRfn +zKzPx9pZeNigZuEIb3dyheymSe7zTbWUa/Ny51zv0XJdIotR+KWAzgHrt7/h5i75 +tQCkS/jxYH6vz3f6nrEkNg5UmW16PMFQcQQKSeCM2Dre3PxpRQyzXMi/YDwCx8ns +HPjZ3hBDbCpiylsYbwNWnGtHQGsEUXphGyGV/bPyu3ls017m3hcpkokYWwA80RXt +vLZtTwJIUtWiUBiecOF00TSURHlQ5YkGLIat2Eh1vdLXk3UfXBOVeA30Tjvuqumy +DCZSgy6VEx0pWL3aXjWzom3UZPEbVkHoXZz+hVk7SxLrvarXKc4GwhBzSioMYhHX +1gt/CFXT1nglH41RzucxFxLpp7VwqjP30uUeKh2dCBdfLJiiXD9AzQfdYsqCf3FH +bQ9QHKvHz5JIJGyfU/J4UR0Nt+qELrp0kG6isgl0JCr6Z8l54ykJBCQL/rgr4CJw +0lMTxSBhDQmQV0eiBe0Dri1DCkpH39saWPtaJfNTsy+nG/7NfWA= +=2sD+ +-----END PGP SIGNATURE----- diff --git a/bind-dyndb-ldap.spec b/bind-dyndb-ldap.spec index 505dbb8..5ac7cd7 100644 --- a/bind-dyndb-ldap.spec +++ b/bind-dyndb-ldap.spec @@ -1,19 +1,14 @@ %define bind_version 32:9.11.3-5 Name: bind-dyndb-ldap -Version: 11.1 -Release: 14 +Version: 11.3 +Release: 1 Summary: LDAP back-end plug-in for BIND License: GPLv2+ URL: https://releases.pagure.org/bind-dyndb-ldap Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2 Source1: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2.asc -# These patches come from fedoraproject -Patch0001: 0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch -Patch0002: 0002-Add-empty-callback-for-getsize.patch -Patch0003: 0003-Support-for-BIND-9.11.3.patch -Patch0004: 0004-use-correct-dn-value.patch -BuildRequires: bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} +BuildRequires: bind-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version} BuildRequires: krb5-devel BuildRequires: openldap-devel BuildRequires: libuuid-devel @@ -75,6 +70,12 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf %changelog +* Mon Jul 27 2020 gaihuiying - 11.3-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update to 11.3 + * Mon Jun 22 2020 gaihuiying - 11.1-14 - Type:bugfix - ID:NA