Package init

0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch

@@ -0,0 +1,116 @@
+From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001
+From: Tomas Krizek <tkrizek@redhat.com>
+Date: Mon, 27 Mar 2017 19:41:05 +0200
+Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst
+
+With the DynDB API changes, the ldap instance is acquired
+differently. Previously, obtaining the instance could fail when
+LDAP was disconnecting, thus the NULL check was necessary in the
+cleanup part.
+
+Now, inst is obtained directly from the API. I'm not sure what is
+the exact behaviour in edge cases such as LDAP disconnecting, so
+I perform the NULL check a bit earlier, just to be safe.
+---
+ src/ldap_helper.c | 42 +++++++++++++++++++++---------------------
+ 1 file changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
+ 	mctx = pevent->mctx;
+ 	dns_name_init(&prevname, NULL);
+ 
++	REQUIRE(inst != NULL);
+ 	INSIST(task == inst->task); /* For task-exclusive mode */
+ 
+ 	if (SYNCREPL_DEL(pevent->chgtype)) {
+@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event)
+ 	}
+ 
+ cleanup:
+-	if (inst != NULL) {
+-		sync_concurr_limit_signal(inst->sctx);
+-		sync_event_signal(inst->sctx, pevent);
+-		if (dns_name_dynamic(&prevname))
+-			dns_name_free(&prevname, inst->mctx);
+-	}
++	sync_concurr_limit_signal(inst->sctx);
++	sync_event_signal(inst->sctx, pevent);
++	if (dns_name_dynamic(&prevname))
++		dns_name_free(&prevname, inst->mctx);
++
+ 	if (result != ISC_R_SUCCESS)
+ 		log_error_r("update_zone (syncrepl) failed for %s. "
+ 			    "Zones can be outdated, run `rndc reload`",
+@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event)
+ 
+ 	mctx = pevent->mctx;
+ 
++	REQUIRE(inst != NULL);
+ 	INSIST(task == inst->task); /* For task-exclusive mode */
+ 	CHECK(ldap_parse_configentry(entry, inst));
+ 
+ cleanup:
+-	if (inst != NULL) {
+-		sync_concurr_limit_signal(inst->sctx);
+-		sync_event_signal(inst->sctx, pevent);
+-	}
++	sync_concurr_limit_signal(inst->sctx);
++	sync_event_signal(inst->sctx, pevent);
++
+ 	if (result != ISC_R_SUCCESS)
+ 		log_error_r("update_config (syncrepl) failed for %s. "
+ 			    "Configuration can be outdated, run `rndc reload`",
+@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event)
+ 
+ 	mctx = pevent->mctx;
+ 
++	REQUIRE(inst != NULL);
+ 	INSIST(task == inst->task); /* For task-exclusive mode */
+ 	CHECK(ldap_parse_serverconfigentry(entry, inst));
+ 
+ cleanup:
+-	if (inst != NULL) {
+-		sync_concurr_limit_signal(inst->sctx);
+-		sync_event_signal(inst->sctx, pevent);
+-	}
++	sync_concurr_limit_signal(inst->sctx);
++	sync_event_signal(inst->sctx, pevent);
++
+ 	if (result != ISC_R_SUCCESS)
+ 		log_error_r("update_serverconfig (syncrepl) failed for %s. "
+ 			    "Configuration can be outdated, run `rndc reload`",
+@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event)
+ 	dns_name_init(&prevname, NULL);
+ 	dns_name_init(&prevorigin, NULL);
+ 
++	REQUIRE(inst != NULL);
+ 	CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure));
+ 	zone_found = ISC_TRUE;
+ 
+@@ -4020,13 +4021,12 @@ cleanup:
+ 			    ldap_entry_logname(entry), pevent->chgtype);
+ 	}
+ 
+-	if (inst != NULL) {
+-		sync_concurr_limit_signal(inst->sctx);
+-		if (dns_name_dynamic(&prevname))
+-			dns_name_free(&prevname, inst->mctx);
+-		if (dns_name_dynamic(&prevorigin))
+-			dns_name_free(&prevorigin, inst->mctx);
+-	}
++	sync_concurr_limit_signal(inst->sctx);
++	if (dns_name_dynamic(&prevname))
++		dns_name_free(&prevname, inst->mctx);
++	if (dns_name_dynamic(&prevorigin))
++		dns_name_free(&prevorigin, inst->mctx);
++
+ 	if (raw != NULL)
+ 		dns_zone_detach(&raw);
+ 	if (secure != NULL)
+-- 
+2.9.3
+

0002-Add-empty-callback-for-getsize.patch

@@ -0,0 +1,30 @@
+From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001
+From: Tomas Krizek <tkrizek@redhat.com>
+Date: Tue, 27 Jun 2017 10:41:03 +0200
+Subject: [PATCH] Add empty callback for getsize
+
+BIND introduced getsize method in db.h. This is related to
+CVE-2016-6170 and allows to set restriction of zone size limit.
+
+Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
+---
+ src/ldap_driver.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/ldap_driver.c b/src/ldap_driver.c
+index 53ce1a9..38673b0 100644
+--- a/src/ldap_driver.c
++++ b/src/ldap_driver.c
+@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = {
+ 	findext,
+ 	setcachestats,
+ 	hashsize,
+-	nodefullname
++	nodefullname,
++	NULL, // getsize method not implemented (related BZ1353563)
+ };
+ 
+ isc_result_t ATTR_NONNULLS
+-- 
+2.9.4
+

0003-Support-for-BIND-9.11.3.patch

@@ -0,0 +1,137 @@
+From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 1 Mar 2018 19:41:10 +0100
+Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in
+ each file that uses REQUIRE(). Support stdatomic feature, do not use function
+ call in STATIC_ASSERT().
+
+---
+ src/bindcfg.c      |  1 +
+ src/fwd_register.c |  1 +
+ src/ldap_entry.h   | 11 +++++------
+ src/mldap.c        |  4 ++--
+ src/rbt_helper.c   |  1 +
+ src/types.h        |  2 +-
+ 6 files changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/src/bindcfg.c b/src/bindcfg.c
+index 9b429ba..5539dea 100644
+--- a/src/bindcfg.c
++++ b/src/bindcfg.c
+@@ -6,6 +6,7 @@
+ 
+ #include "config.h"
+ 
++#include <isc/util.h>
+ #include <isccfg/grammar.h>
+ #include <isccfg/namedconf.h>
+ 
+diff --git a/src/fwd_register.c b/src/fwd_register.c
+index 355d15f..7cc0c5a 100644
+--- a/src/fwd_register.c
++++ b/src/fwd_register.c
+@@ -3,6 +3,7 @@
+  */
+ 
+ #include <isc/rwlock.h>
++#include <isc/util.h>
+ #include <dns/name.h>
+ 
+ #include "rbt_helper.h"
+diff --git a/src/ldap_entry.h b/src/ldap_entry.h
+index 6498c79..88b1c42 100644
+--- a/src/ldap_entry.h
++++ b/src/ldap_entry.h
+@@ -6,7 +6,6 @@
+ #define _LD_LDAP_ENTRY_H_
+ 
+ #include <isc/lex.h>
+-#include <isc/util.h>
+ #include <dns/types.h>
+ 
+ #include "fwd_register.h"
+@@ -19,15 +18,15 @@
+ 
+ /* Represents values associated with LDAP attribute */
+ typedef struct ldap_value ldap_value_t;
+-typedef LIST(ldap_value_t) ldap_valuelist_t;
++typedef ISC_LIST(ldap_value_t) ldap_valuelist_t;
+ struct ldap_value {
+         char                    *value;
+-        LINK(ldap_value_t)      link;
++        ISC_LINK(ldap_value_t)      link;
+ };
+ 
+ /* Represents LDAP attribute and it's values */
+ typedef struct ldap_attribute	ldap_attribute_t;
+-typedef LIST(ldap_attribute_t)	ldap_attributelist_t;
++typedef ISC_LIST(ldap_attribute_t)	ldap_attributelist_t;
+ 
+ /* Represents LDAP entry and it's attributes */
+ typedef unsigned char		ldap_entryclass_t;
+@@ -41,7 +40,7 @@ struct ldap_entry {
+ 
+ 	ldap_attribute_t	*lastattr;
+ 	ldap_attributelist_t	attrs;
+-	LINK(ldap_entry_t)	link;
++	ISC_LINK(ldap_entry_t)	link;
+ 
+ 	/* Parsing. */
+ 	isc_lex_t		*lex;
+@@ -59,7 +58,7 @@ struct ldap_attribute {
+ 	char			**ldap_values;
+ 	ldap_value_t		*lastval;
+ 	ldap_valuelist_t	values;
+-	LINK(ldap_attribute_t)	link;
++	ISC_LINK(ldap_attribute_t)	link;
+ };
+ 
+ #define LDAP_ENTRYCLASS_NONE	0x0
+diff --git a/src/mldap.c b/src/mldap.c
+index 143abce..304ba36 100644
+--- a/src/mldap.c
++++ b/src/mldap.c
+@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) {
+  * reference counter value.
+  */
+ STATIC_ASSERT((isc_uint32_t)
+-		(typeof(isc_refcount_current((isc_refcount_t *)0)))
++		(typeof(((isc_refcount_t *)0)->refs))
+ 		-1
+ 	      == 0xFFFFFFFF, \
+ 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");
+ 
+ STATIC_ASSERT((isc_uint32_t)
+-		(typeof(isc_refcount_current((isc_refcount_t *)0)))
++		(typeof(((isc_refcount_t *)0)->refs))
+ 		0x90ABCDEF12345678
+ 	      == 0x12345678, \
+ 	      "positive isc_refcount_t cannot be properly shortened to 32 bits");
+diff --git a/src/rbt_helper.c b/src/rbt_helper.c
+index 2a7e6cb..f610b07 100644
+--- a/src/rbt_helper.c
++++ b/src/rbt_helper.c
+@@ -2,6 +2,7 @@
+  * Copyright (C) 2013-2014  bind-dyndb-ldap authors; see COPYING for license
+  */
+ 
++#include <isc/util.h>
+ #include <dns/rbt.h>
+ 
+ #include "util.h"
+diff --git a/src/types.h b/src/types.h
+index 25ef3b9..01d627c 100644
+--- a/src/types.h
++++ b/src/types.h
+@@ -24,7 +24,7 @@
+  * rdata1 -> rdata2 -> rdata3           rdata4 -> rdata5
+  * next_rdatalist              ->       next_rdatalist  ...
+  */
+-typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
++typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
+ 
+ typedef struct enum_txt_assoc {
+ 	int		value;
+-- 
+2.14.3
+

bind-dyndb-ldap-11.1.tar.bz2.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5
+Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F
+FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+
+r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr
+G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ
+lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4=
+=jtZI
+-----END PGP SIGNATURE-----

bind-dyndb-ldap.spec

@@ -0,0 +1,78 @@
+%define bind_version 32:9.11.3-5
+
+Name:           bind-dyndb-ldap
+Version:        11.1
+Release:        13
+Summary:        LDAP back-end plug-in for BIND
+License:        GPLv2+
+URL:            https://releases.pagure.org/bind-dyndb-ldap
+Source0:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
+Source1:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2.asc
+# These patches come from fedoraproject
+Patch0001:      0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
+Patch0002:      0002-Add-empty-callback-for-getsize.patch
+Patch0003:      0003-Support-for-BIND-9.11.3.patch
+BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
+BuildRequires:  krb5-devel
+BuildRequires:  openldap-devel
+BuildRequires:  libuuid-devel
+BuildRequires:  automake, autoconf, libtool
+BuildRequires:  openssl-devel
+Requires:       bind-pkcs11 >= %{bind_version}, bind-pkcs11-utils >= %{bind_version}
+
+%description
+This package provides an LDAP back-end, the dynamic LDAP back-end is
+a plug-in for BIND that provides an LDAP database back-end capabilities.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+%build
+autoreconf -fiv
+%configure
+%make_build
+
+%install
+rm -rf %{buildroot}
+%make_install
+install -d -m 770 %{buildroot}/%{_localstatedir}/named/dyndb-ldap
+
+%post
+# Transform named.conf if it still has old-style API.
+PLATFORM=$(uname -m)
+
+if [ $PLATFORM == "x86_64" ] ; then
+    LIBPATH=/usr/lib64
+else
+    LIBPATH=/usr/lib
+fi
+
+while read -r PATTERN
+do
+    SEDSCRIPT+="$PATTERN"
+done <<EOF
+/^\s*dynamic-db/,/};/ {
+  s/\(\s*\)arg\s\+\(["']\)\([a-zA-Z_]\+\s\)/\1\3\2/g;
+  s/^dynamic-db/dyndb/;
+  s@\(dyndb "[^"]\+"\)@\1 "$LIBPATH/bind/ldap.so"@;
+  s@\(dyndb '[^']\+'\)@\1 '$LIBPATH/bind/ldap.so'@;
+  /\s*library[^;]\+;/d;
+  /\s*cache_ttl[^;]\+;/d;
+  /\s*psearch[^;]\+;/d;
+  /\s*serial_autoincrement[^;]\+;/d;
+  /\s*zone_refresh[^;]\+;/d;
+}
+EOF
+
+sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
+
+%files
+%exclude %{_libdir}/bind/ldap.la
+%doc NEWS README.md COPYING doc/{example,schema}.ldif
+%dir %attr(770, root, named) %{_localstatedir}/named/dyndb-ldap
+%{_libdir}/bind/ldap.so
+
+
+%changelog
+* Wed Sep 11 2019 AlexChao <zhaolei746@huawei.com> - 11.1-13
+- Package init