!11 update to 11.10

From: @xinghe_1 
Reviewed-by: @kircher 
Signed-off-by: @kircher

backport-bind-dyndb-ldap-11.9-bind-9.16.17.patch

@@ -1,34 +0,0 @@
-From d7d3032de7f5d3dd3cffea6064549b63a9ad7d59 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Thu, 17 Jun 2021 17:57:52 +0200
-Subject: [PATCH] Skip isc_bind9 check on BIND 9.16.17+
- 
-Reference variable refvar from dns_dyndbctx_t were removed. Removed was
-also flag requesting different namespace. Skip that check on last stable
-version, it should eval to false on all versions anyway.
----
- src/ldap_driver.c | 2 ++
- 1 file changed, 2 insertions(+)
- 
-diff --git a/src/ldap_driver.c b/src/ldap_driver.c
-index e9f1005ee..5f9e00af1 100644
---- a/src/ldap_driver.c
-+++ b/src/ldap_driver.c
-@@ -1156,6 +1156,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
- 	RUNTIME_CHECK(isc_once_do(&library_init_once, library_init)
- 		      == ISC_R_SUCCESS);
- 
-+#if LIBDNS_VERSION_MAJOR < 1617
- 	/*
- 	 * Depending on how dlopen() was called, we may not have
- 	 * access to named's global namespace, in which case we need
-@@ -1168,6 +1169,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
- 		isc_hash_set_initializer(dctx->hashinit);
- 		log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9);
- 	}
-+#endif
- 
- 	log_debug(2, "registering dynamic ldap driver for %s.", name);
- 
--- 
-2.31.1

bind-dyndb-ldap-11.10-bind-9.18.11.patch

@@ -0,0 +1,37 @@
+From 282b1c9ea58cc0f2337a72912808505e5f540d5a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Sat, 28 Jan 2023 11:32:05 +0100
+Subject: [PATCH] Minimal change to compile with BIND 9.18.11
+ 
+DSCP codes are not working and their support were removed from BIND9. Do
+not require them to be present.
+---
+ src/fwd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+ 
+diff --git a/src/fwd.c b/src/fwd.c
+index 24f6e53..10ec848 100644
+--- a/src/fwd.c
++++ b/src/fwd.c
+@@ -198,7 +198,9 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs,
+ 	     INSIST((fwdr_int == NULL) == (fwdr_cfg == NULL)), fwdr_int != NULL;
+ 	     fwdr_int = ISC_LIST_NEXT(fwdr_int, link), fwdr_cfg = cfg_list_next(fwdr_cfg)) {
+ 		fwdr_cfg->obj->value.sockaddrdscp.sockaddr = fwdr_int->addr;
++#if LIBDNS_VERSION_MAJOR < 1811
+ 		fwdr_cfg->obj->value.sockaddrdscp.dscp = fwdr_int->dscp;
++#endif
+ 	}
+ 	cfg_print(faddresses, buffer_append_str, &tmp_buf);
+ 
+@@ -281,7 +283,9 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx,
+ 			isc_sockaddr_setport(&addr, port);
+ 		fwdr = isc_mem_get(mctx, sizeof(*(fwdr)));
+ 		fwdr->addr = addr;
++#if LIBDNS_VERSION_MAJOR < 1811
+ 		fwdr->dscp = cfg_obj_getdscp(fwdr_cfg);
++#endif
+ 		ISC_LINK_INIT(fwdr, link);
+ 		ISC_LIST_APPEND(*fwdrs, fwdr, link);
+ 	}
+-- 
+2.39.1

bind-dyndb-ldap-11.10.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmKxbw8ACgkQRxniuKu/
+YhpvSQ/+ONhrsgo9PS5Lbe7gpQcBIWlzat2TnceeeDNE7ybB4iXSFaAjYFwysGQ0
+5/WJGIjzA4r+fl7o5JxBhn8HAxN3TM13xhzM/91sFAlNDrnO6QameulIEr8vAJTW
+HNuQ/+rwZKfyGWJn32Ztex/7lX+GAQKnMqZ90TdHibMMawk2rP5617N1hgUMDkao
+9bCVZ8ezzrKeECaJDygi8VT/3z0wffksnL/Elj5NVRJD1T9J2cNEwxj9oklnccOc
+dK7C/zzv9k2mH4CssVZsZxk0JDO8McuzquSgBWJy4n6Jxz6tunykmGAjQDS/UizI
+DuC6tCnDZL2kN0krMe0wXyayT+D13jUPjsj8/GKxz7QbIPu6sK6EXj/FEwH+LscG
+xud7v79puMJ76CO+/mhLg7qTV+erAuy0HjGcS7cGX/l4X9lMpesrDwOD17/MpfFL
+6+6aAf8ypzo2gxRW0x4Xb8vrJwYyt4+l9u+ipm8RfYRXcT6dMwuhjkXr3AE9Np1g
+Hh/Ya5EwgICiCzO5J9Q7xvU8kqzXvMpwd+FY/3lnGXg982UmTTYZBixVU8BuXFqi
+aXo73b6+zXr9sT/Dclz8ZA/UX60GyQ7qTFYGSPa5ZPts4DL8IgWliXJaalDG5XvW
+VtfeMOfH9Q2mAPrBa0BTVmHwItzDgjGCVGeSAdN8g1tFpq48rxQ=
+=2rGI
+-----END PGP SIGNATURE-----

bind-dyndb-ldap-11.9.tar.bz2.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmCtCAoACgkQRxniuKu/
-YhptNQ//QvGsnJsvlhZddT1EnoiiNhmKyW6HAV7f/0z4L/1RE9sng930mLhRD5mI
-wFPzeJBBYVTM82hZwjboaa8r5hpAHiq29Q6o7cBCIcOEN6YhNZePoO7RmU1TaF57
-6LGIzmUuEHfHaajV7fvYUY/kW0mJrxLwu58IJX7wi8OsJi+Exx8EqjVIVPJYkj3n
-hen17jJmxnPyjI3fhwZt+ON3X3yfocLgsg08Zl4dtB6MTHMeb0a6gxZ2MQwpCGrq
-zmo+Qv3OkvxJHPtpKO46je4GHZ3JYSNfCu8fVSqFiZfqu0Zv1DF6YUjxsHHU1BVk
-64CCEN1vNal1rIblwz447oEAwBWQ0ky0r+EtAYfUggSHZ/Lwjh8LX44VYISa/4Io
-R3aq3Egz8YwttXoH1PEGqv6ag9O7S8dVqKRm2+UmC6ajKtDtQimvWfyiInAjAsm4
-ngwiWoqfYVYvs38YSc9oL/VFc0N7NglNGTVOKzgrkUlG8RF2GEdeMqXBcPflIL16
-+R8AEgaFOcFmyrv1DMTglK6Mq2EjSDlfxVb8Rv1jiBmglB1z0hzLi0yVLNIAobPF
-eOgi5Aq7UYWnT7oE8t6m1PWomVBObNFtC7OgMTdXt0lT7ZdqbRkxaW0CCY1+e645
-4NlyEvwONUGPKzl7jlSNH/5eE0GuYp6Qi68b+LkBf5wfK4axfdY=
-=OlUq
------END PGP SIGNATURE-----

bind-dyndb-ldap-bind-9.18.10-db-options.patch

@@ -0,0 +1,103 @@
+From 5dd2fefa0bc7cd7689004cec64304c3a02be9eab Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 12 Jan 2023 13:25:10 +0200
+Subject: [PATCH] Support bind 9.18.10 or later
+ 
+dns_db_allrdatasets() gained a new parameter. Adopt the code to allow
+injecting 0 options if building against 9.18.10.
+ 
+Fixes: https://pagure.io/bind-dyndb-ldap/issue/216
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/ldap_driver.c | 7 ++++---
+ src/ldap_helper.c | 4 ++--
+ src/metadb.c      | 3 ++-
+ src/util.h        | 6 ++++++
+ 4 files changed, 14 insertions(+), 6 deletions(-)
+ 
+diff --git a/src/ldap_driver.c b/src/ldap_driver.c
+index 7367493..e4aeeb2 100644
+--- a/src/ldap_driver.c
++++ b/src/ldap_driver.c
+@@ -465,13 +465,14 @@ findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ 
+ static isc_result_t
+ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+-	     isc_stdtime_t now, dns_rdatasetiter_t **iteratorp)
++	     DNS_DB_ALLRDATASETS_OPTIONS(unsigned int options, isc_stdtime_t now),
++	     dns_rdatasetiter_t **iteratorp)
+ {
+ 	ldapdb_t *ldapdb = (ldapdb_t *) db;
+ 
+ 	REQUIRE(VALID_LDAPDB(ldapdb));
+ 
+-	return dns_db_allrdatasets(ldapdb->rbtdb, node, version, now, iteratorp);
++	return dns_db_allrdatasets(ldapdb->rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(options, now), iteratorp);
+ }
+ 
+ /* TODO: Add 'tainted' flag to the LDAP instance if something went wrong. */
+@@ -514,7 +515,7 @@ node_isempty(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ 
+ 	CHECK(ldapdb_name_fromnode(node, dns_fixedname_initname(&fname)));
+ 
+-	result = dns_db_allrdatasets(db, node, version, now, &rds_iter);
++	result = dns_db_allrdatasets(db, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, now), &rds_iter);
+ 	if (result == ISC_R_NOTFOUND) {
+ 		*isempty = true;
+ 	} else if (result == ISC_R_SUCCESS) {
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index 7ea3df9..7ac3d91 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -2005,7 +2005,7 @@ zone_sync_apex(const ldap_instance_t * const inst,
+ 				 zone_settings, &rdatalist));
+ 
+ 	CHECK(dns_db_getoriginnode(rbtdb, &node));
+-	result = dns_db_allrdatasets(rbtdb, node, version, 0,
++	result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
+ 				     &rbt_rds_iterator);
+ 	if (result == ISC_R_SUCCESS) {
+ 		CHECK(diff_ldap_rbtdb(inst->mctx, &name, &rdatalist,
+@@ -3929,7 +3929,7 @@ update_restart:
+ 	CHECK(dns_db_newversion(ldapdb, &version));
+ 
+ 	CHECK(dns_db_findnode(rbtdb, &entry->fqdn, true, &node));
+-	result = dns_db_allrdatasets(rbtdb, node, version, 0, &rbt_rds_iterator);
++	result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0), &rbt_rds_iterator);
+ 	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+ 		goto cleanup;
+ 
+diff --git a/src/metadb.c b/src/metadb.c
+index f469a30..276de24 100644
+--- a/src/metadb.c
++++ b/src/metadb.c
+@@ -217,7 +217,8 @@ metadb_node_delete(metadb_node_t **nodep) {
+ 	node = *nodep;
+ 
+ 	dns_rdataset_init(&rdataset);
+-	CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version, 0,
++	CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version,
++				  DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
+ 				  &iter));
+ 
+ 	for (result = dns_rdatasetiter_first(iter);
+diff --git a/src/util.h b/src/util.h
+index 5088ff3..e4620ff 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -29,6 +29,12 @@ extern bool verbose_checks; /* from settings.c */
+ #define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
+ #endif
+ 
++#if LIBDNS_VERSION_MAJOR >= 1810
++#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
++#else
++#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
++#endif
++
+ #define CLEANUP_WITH(result_code)				\
+ 	do {							\
+ 		result = (result_code);				\
+-- 
+2.39.0

bind-dyndb-ldap-bind-9.18.10-logs.patch

@@ -0,0 +1,151 @@
+From 00131b7b72daa953ab2bf5e6a4fd5508052debb0 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 12 Jan 2023 14:33:07 +0200
+Subject: [PATCH] adopt to bind 9.18.9+ loggers
+ 
+Fixes: https://pagure.io/bind-dyndb-ldap/issues/216
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/ldap_helper.c | 12 ++++--------
+ src/log.h         |  9 +++++++++
+ src/settings.c    | 12 ++++--------
+ src/syncrepl.c    |  6 ++----
+ 4 files changed, 19 insertions(+), 20 deletions(-)
+ 
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index 7ac3d91..acabd31 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -1317,8 +1317,7 @@ configure_zone_acl(isc_mem_t *mctx, dns_zone_t *zone,
+ 			dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
+ 				      "cannot configure restrictive %s policy: %s",
+ 				      type_txt, isc_result_totext(result2));
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "insecure state detected");
++			fatal_error("insecure state detected");
+ 		}
+ 	}
+ 	acl_setter(zone, acl);
+@@ -1365,8 +1364,7 @@ configure_zone_ssutable(dns_zone_t *zone, const char *update_str)
+ 			dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
+ 				      "cannot disable all updates: %s",
+ 				      isc_result_totext(result2));
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "insecure state detected");
++			fatal_error("insecure state detected");
+ 		}
+ 	}
+ 
+@@ -2951,8 +2949,7 @@ force_reconnect:
+ 						   ldap_inst);
+ 		break;
+ 	case AUTH_INVALID:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				"invalid auth_method_enum value %u",
++		unexpected_error("invalid auth_method_enum value %u",
+ 				 auth_method_enum);
+ 		break;
+ 
+@@ -3782,8 +3779,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
+ 		else if (entry->class & LDAP_ENTRYCLASS_FORWARD)
+ 			CHECK(ldap_parse_fwd_zoneentry(entry, inst));
+ 		else
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "update_zone: unexpected entry class");
++			fatal_error("update_zone: unexpected entry class");
+ 	}
+ 
+ cleanup:
+diff --git a/src/log.h b/src/log.h
+index da71f8b..844ac46 100644
+--- a/src/log.h
++++ b/src/log.h
+@@ -17,8 +17,17 @@
+ #define GET_LOG_LEVEL(level)	(level)
+ #endif
+ 
++#if LIBDNS_VERSION_MAJOR >= 1809
++#define fatal_error(...) \
++	isc_error_fatal(__FILE__, __LINE__, __func__, __VA_ARGS__)
++#define unexpected_error(...) \
++	isc_error_unexpected(__FILE__, __LINE__, __func__, __VA_ARGS__)
++#else
+ #define fatal_error(...) \
+ 	isc_error_fatal(__FILE__, __LINE__, __VA_ARGS__)
++#define unexpected_error(...) \
++	isc_error_unexpected(__FILE__, __LINE__, __VA_ARGS__)
++#endif
+ 
+ #define log_bug(fmt, ...) \
+ 	log_error("bug in %s(): " fmt, __func__,##__VA_ARGS__)
+diff --git a/src/settings.c b/src/settings.c
+index def60d7..2a0bb19 100644
+--- a/src/settings.c
++++ b/src/settings.c
+@@ -178,8 +178,7 @@ setting_get(const char *const name, const setting_type_t type,
+ 		*(bool *)target = setting->value.value_boolean;
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", type);
++		unexpected_error("invalid setting_type_t value %u", type);
+ 		break;
+ 	}
+ 
+@@ -278,8 +277,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
+ 			CLEANUP_WITH(ISC_R_IGNORE);
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 
+@@ -304,8 +302,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
+ 		setting->value.value_boolean = numeric_value;
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 	setting->filled = 1;
+@@ -389,8 +386,7 @@ setting_unset(const char *const name, const settings_set_t *set)
+ 	case ST_BOOLEAN:
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 	setting->filled = 0;
+diff --git a/src/syncrepl.c b/src/syncrepl.c
+index 0bee09a..f94379c 100644
+--- a/src/syncrepl.c
++++ b/src/syncrepl.c
+@@ -148,8 +148,7 @@ finish(isc_task_t *task, isc_event_t *event) {
+ 		case sync_datainit:
+ 		case sync_finished:
+ 		default:
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "sync_barrier_wait(): invalid state "
++			fatal_error("sync_barrier_wait(): invalid state "
+ 				    "%u", bev->sctx->state);
+ 	}
+ 	sync_state_change(bev->sctx, new_state, false);
+@@ -518,8 +517,7 @@ sync_barrier_wait(sync_ctx_t *sctx, ldap_instance_t *inst) {
+ 		case sync_databarrier:
+ 		case sync_finished:
+ 		default:
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "sync_barrier_wait(): invalid state "
++			fatal_error("sync_barrier_wait(): invalid state "
+ 				    "%u", sctx->state);
+ 	}
+ 
+-- 
+2.39.0

bind-dyndb-ldap-bind-9.18.10-staleok.patch

@@ -0,0 +1,37 @@
+From 47902df23bf637e6c7ece67b928339e0fda58ae0 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Mon, 16 Jan 2023 11:03:24 +0200
+Subject: [PATCH] Handle dns_db_allrdatasets() backports too
+ 
+With https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7189 the
+changes were also backported to 9.16.36+ as well. Instead of checking
+version, check if an additional define is present.
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/util.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+ 
+diff --git a/src/util.h b/src/util.h
+index e4620ff..5da0f5c 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -13,6 +13,7 @@
+ #include <dns/types.h>
+ #include <dns/name.h>
+ #include <dns/result.h>
++#include <dns/db.h>
+ 
+ #include "log.h"
+ #include "dyndb-config.h"
+@@ -29,7 +30,7 @@ extern bool verbose_checks; /* from settings.c */
+ #define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
+ #endif
+ 
+-#if LIBDNS_VERSION_MAJOR >= 1810
++#ifdef DNS_DB_STALEOK
+ #define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
+ #else
+ #define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
+-- 
+2.39.0

bind-dyndb-ldap.spec

@@ -4,21 +4,24 @@
 %global with_bind_pkcs11 0
 
 Name:           bind-dyndb-ldap
-Version:        11.9
-Release:        2
+Version:        11.10
+Release:        1
 Summary:        LDAP back-end plug-in for BIND
 License:        GPLv2+
 URL:            https://releases.pagure.org/bind-dyndb-ldap
 Source0:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2.asc
 
-Patch1:         backport-bind-dyndb-ldap-11.9-bind-9.16.17.patch
+Patch1:         bind-dyndb-ldap-bind-9.18.10-db-options.patch
+Patch2:         bind-dyndb-ldap-bind-9.18.10-logs.patch
+Patch3:         bind-dyndb-ldap-bind-9.18.10-staleok.patch
+Patch4:         bind-dyndb-ldap-11.10-bind-9.18.11.patch
 
 BuildRequires:  bind-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
-BuildRequires:  automake, autoconf, libtool
+BuildRequires:  automake, autoconf, libtool, make
 BuildRequires:  openssl-devel
 
 %if %{with bind_pkcs11}
@@ -93,6 +96,12 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 
 
 %changelog
+* Sun Jan 29 2023 xinghe <xinghe2@h-partners.com> - 11.10-1
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC:update to 11.10
+
 * Fri Jun 10 2022 gaihuiying <eaglegai@163.com> - 11.9-2
 - Type:bugfix
 - CVE:NA