update bind-dyndb-ldap to 11.3

2020-07-27 19:54:43 +08:00 · 2020-07-27 19:54:43 +08:00 · cb6f4205dc
commit cb6f4205dc
parent aec98c2110
9 changed files with 25 additions and 334 deletions
--- a/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
+++ b/0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
@ -1,116 +0,0 @@
-From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001
-From: Tomas Krizek <tkrizek@redhat.com>
-Date: Mon, 27 Mar 2017 19:41:05 +0200
-Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst
-
-With the DynDB API changes, the ldap instance is acquired
-differently. Previously, obtaining the instance could fail when
-LDAP was disconnecting, thus the NULL check was necessary in the
-cleanup part.
-
-Now, inst is obtained directly from the API. I'm not sure what is
-the exact behaviour in edge cases such as LDAP disconnecting, so
-I perform the NULL check a bit earlier, just to be safe.
---
- src/ldap_helper.c | 42 +++++++++++++++++++++---------------------
- 1 file changed, 21 insertions(+), 21 deletions(-)
-
-diff --git a/src/ldap_helper.c b/src/ldap_helper.c
-index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644
--- a/src/ldap_helper.c
-+++ b/src/ldap_helper.c
-@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
- 	mctx = pevent->mctx;
- 	dns_name_init(&prevname, NULL);
- 
-+	REQUIRE(inst != NULL);
- 	INSIST(task == inst->task); /* For task-exclusive mode */
- 
- 	if (SYNCREPL_DEL(pevent->chgtype)) {
-@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event)
- 	}
- 
- cleanup:
-	if (inst != NULL) {
-		sync_concurr_limit_signal(inst->sctx);
-		sync_event_signal(inst->sctx, pevent);
-		if (dns_name_dynamic(&prevname))
-			dns_name_free(&prevname, inst->mctx);
-	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	sync_event_signal(inst->sctx, pevent);
-+	if (dns_name_dynamic(&prevname))
-+		dns_name_free(&prevname, inst->mctx);
-+
- 	if (result != ISC_R_SUCCESS)
- 		log_error_r("update_zone (syncrepl) failed for %s. "
- 			    "Zones can be outdated, run `rndc reload`",
-@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event)
- 
- 	mctx = pevent->mctx;
- 
-+	REQUIRE(inst != NULL);
- 	INSIST(task == inst->task); /* For task-exclusive mode */
- 	CHECK(ldap_parse_configentry(entry, inst));
- 
- cleanup:
-	if (inst != NULL) {
-		sync_concurr_limit_signal(inst->sctx);
-		sync_event_signal(inst->sctx, pevent);
-	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	sync_event_signal(inst->sctx, pevent);
-+
- 	if (result != ISC_R_SUCCESS)
- 		log_error_r("update_config (syncrepl) failed for %s. "
- 			    "Configuration can be outdated, run `rndc reload`",
-@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event)
- 
- 	mctx = pevent->mctx;
- 
-+	REQUIRE(inst != NULL);
- 	INSIST(task == inst->task); /* For task-exclusive mode */
- 	CHECK(ldap_parse_serverconfigentry(entry, inst));
- 
- cleanup:
-	if (inst != NULL) {
-		sync_concurr_limit_signal(inst->sctx);
-		sync_event_signal(inst->sctx, pevent);
-	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	sync_event_signal(inst->sctx, pevent);
-+
- 	if (result != ISC_R_SUCCESS)
- 		log_error_r("update_serverconfig (syncrepl) failed for %s. "
- 			    "Configuration can be outdated, run `rndc reload`",
-@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event)
- 	dns_name_init(&prevname, NULL);
- 	dns_name_init(&prevorigin, NULL);
- 
-+	REQUIRE(inst != NULL);
- 	CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure));
- 	zone_found = ISC_TRUE;
- 
-@@ -4020,13 +4021,12 @@ cleanup:
- 			    ldap_entry_logname(entry), pevent->chgtype);
- 	}
- 
-	if (inst != NULL) {
-		sync_concurr_limit_signal(inst->sctx);
-		if (dns_name_dynamic(&prevname))
-			dns_name_free(&prevname, inst->mctx);
-		if (dns_name_dynamic(&prevorigin))
-			dns_name_free(&prevorigin, inst->mctx);
-	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	if (dns_name_dynamic(&prevname))
-+		dns_name_free(&prevname, inst->mctx);
-+	if (dns_name_dynamic(&prevorigin))
-+		dns_name_free(&prevorigin, inst->mctx);
-+
- 	if (raw != NULL)
- 		dns_zone_detach(&raw);
- 	if (secure != NULL)
-- 
-2.9.3
-
--- a/0002-Add-empty-callback-for-getsize.patch
+++ b/0002-Add-empty-callback-for-getsize.patch
@ -1,30 +0,0 @@
-From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001
-From: Tomas Krizek <tkrizek@redhat.com>
-Date: Tue, 27 Jun 2017 10:41:03 +0200
-Subject: [PATCH] Add empty callback for getsize
-
-BIND introduced getsize method in db.h. This is related to
-CVE-2016-6170 and allows to set restriction of zone size limit.
-
-Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
---
- src/ldap_driver.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/ldap_driver.c b/src/ldap_driver.c
-index 53ce1a9..38673b0 100644
--- a/src/ldap_driver.c
-+++ b/src/ldap_driver.c
-@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = {
- 	findext,
- 	setcachestats,
- 	hashsize,
-	nodefullname
-+	nodefullname,
-+	NULL, // getsize method not implemented (related BZ1353563)
- };
- 
- isc_result_t ATTR_NONNULLS
-- 
-2.9.4
-
--- a/0003-Support-for-BIND-9.11.3.patch
+++ b/0003-Support-for-BIND-9.11.3.patch
@ -1,137 +0,0 @@
-From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Thu, 1 Mar 2018 19:41:10 +0100
-Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in
- each file that uses REQUIRE(). Support stdatomic feature, do not use function
- call in STATIC_ASSERT().
-
---
- src/bindcfg.c      |  1 +
- src/fwd_register.c |  1 +
- src/ldap_entry.h   | 11 +++++------
- src/mldap.c        |  4 ++--
- src/rbt_helper.c   |  1 +
- src/types.h        |  2 +-
- 6 files changed, 11 insertions(+), 9 deletions(-)
-
-diff --git a/src/bindcfg.c b/src/bindcfg.c
-index 9b429ba..5539dea 100644
--- a/src/bindcfg.c
-+++ b/src/bindcfg.c
-@@ -6,6 +6,7 @@
- 
- #include "config.h"
- 
-+#include <isc/util.h>
- #include <isccfg/grammar.h>
- #include <isccfg/namedconf.h>
- 
-diff --git a/src/fwd_register.c b/src/fwd_register.c
-index 355d15f..7cc0c5a 100644
--- a/src/fwd_register.c
-+++ b/src/fwd_register.c
-@@ -3,6 +3,7 @@
-  */
- 
- #include <isc/rwlock.h>
-+#include <isc/util.h>
- #include <dns/name.h>
- 
- #include "rbt_helper.h"
-diff --git a/src/ldap_entry.h b/src/ldap_entry.h
-index 6498c79..88b1c42 100644
--- a/src/ldap_entry.h
-+++ b/src/ldap_entry.h
-@@ -6,7 +6,6 @@
- #define _LD_LDAP_ENTRY_H_
- 
- #include <isc/lex.h>
-#include <isc/util.h>
- #include <dns/types.h>
- 
- #include "fwd_register.h"
-@@ -19,15 +18,15 @@
- 
- /* Represents values associated with LDAP attribute */
- typedef struct ldap_value ldap_value_t;
-typedef LIST(ldap_value_t) ldap_valuelist_t;
-+typedef ISC_LIST(ldap_value_t) ldap_valuelist_t;
- struct ldap_value {
-         char                    *value;
-        LINK(ldap_value_t)      link;
-+        ISC_LINK(ldap_value_t)      link;
- };
- 
- /* Represents LDAP attribute and it's values */
- typedef struct ldap_attribute	ldap_attribute_t;
-typedef LIST(ldap_attribute_t)	ldap_attributelist_t;
-+typedef ISC_LIST(ldap_attribute_t)	ldap_attributelist_t;
- 
- /* Represents LDAP entry and it's attributes */
- typedef unsigned char		ldap_entryclass_t;
-@@ -41,7 +40,7 @@ struct ldap_entry {
- 
- 	ldap_attribute_t	*lastattr;
- 	ldap_attributelist_t	attrs;
-	LINK(ldap_entry_t)	link;
-+	ISC_LINK(ldap_entry_t)	link;
- 
- 	/* Parsing. */
- 	isc_lex_t		*lex;
-@@ -59,7 +58,7 @@ struct ldap_attribute {
- 	char			**ldap_values;
- 	ldap_value_t		*lastval;
- 	ldap_valuelist_t	values;
-	LINK(ldap_attribute_t)	link;
-+	ISC_LINK(ldap_attribute_t)	link;
- };
- 
- #define LDAP_ENTRYCLASS_NONE	0x0
-diff --git a/src/mldap.c b/src/mldap.c
-index 143abce..304ba36 100644
--- a/src/mldap.c
-+++ b/src/mldap.c
-@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) {
-  * reference counter value.
-  */
- STATIC_ASSERT((isc_uint32_t)
-		(typeof(isc_refcount_current((isc_refcount_t *)0)))
-+		(typeof(((isc_refcount_t *)0)->refs))
- 		-1
- 	      == 0xFFFFFFFF, \
- 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");
- 
- STATIC_ASSERT((isc_uint32_t)
-		(typeof(isc_refcount_current((isc_refcount_t *)0)))
-+		(typeof(((isc_refcount_t *)0)->refs))
- 		0x90ABCDEF12345678
- 	      == 0x12345678, \
- 	      "positive isc_refcount_t cannot be properly shortened to 32 bits");
-diff --git a/src/rbt_helper.c b/src/rbt_helper.c
-index 2a7e6cb..f610b07 100644
--- a/src/rbt_helper.c
-+++ b/src/rbt_helper.c
-@@ -2,6 +2,7 @@
-  * Copyright (C) 2013-2014  bind-dyndb-ldap authors; see COPYING for license
-  */
- 
-+#include <isc/util.h>
- #include <dns/rbt.h>
- 
- #include "util.h"
-diff --git a/src/types.h b/src/types.h
-index 25ef3b9..01d627c 100644
--- a/src/types.h
-+++ b/src/types.h
-@@ -24,7 +24,7 @@
-  * rdata1 -> rdata2 -> rdata3           rdata4 -> rdata5
-  * next_rdatalist              ->       next_rdatalist  ...
-  */
-typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
-+typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
- 
- typedef struct enum_txt_assoc {
- 	int		value;
-- 
-2.14.3
-
--- a/0004-use-correct-dn-value.patch
+++ b/0004-use-correct-dn-value.patch
@ -1,32 +0,0 @@
-commit d69150691983f7f1efaa078549cd80a14afb76cb
-Author: Petr Menšík <pemensik@redhat.com>
-Date:   Mon Jan 28 00:31:25 2019 +0100
-
-    Use correct dn value
-    
-    New GCC correctly reports error, NULL is always passed in case of
-    invalid objectclass.
-    
-    Signed-off-by: Petr Menšík <pemensik@redhat.com>
-
-diff --git a/src/ldap_helper.c b/src/ldap_helper.c
-index ac8ce6e..8b486ae 100644
--- a/src/ldap_helper.c
-+++ b/src/ldap_helper.c
-@@ -4102,7 +4102,6 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype)
- 	ldap_entry_t *entry = NULL;
- 	dns_name_t *zone_name = NULL;
- 	dns_zone_t *zone_ptr = NULL;
-	char *dn = NULL;
- 	isc_taskaction_t action = NULL;
- 	isc_task_t *task = NULL;
- 	isc_boolean_t synchronous;
-@@ -4156,7 +4155,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype)
- 	else if ((entry->class & LDAP_ENTRYCLASS_RR) != 0)
- 		action = update_record;
- 	else {
-		log_error("unsupported objectClass: dn '%s'", dn);
-+		log_error("unsupported objectClass: dn '%s'", entry->dn);
- 		result = ISC_R_NOTIMPLEMENTED;
- 		goto cleanup;
- 	}
--- a/bind-dyndb-ldap-11.1.tar.bz2
+++ b/bind-dyndb-ldap-11.1.tar.bz2
--- a/bind-dyndb-ldap-11.1.tar.bz2.asc
+++ b/bind-dyndb-ldap-11.1.tar.bz2.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5
-Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F
-FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+
-r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr
-G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ
-lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4=
-=jtZI
-----END PGP SIGNATURE-----
--- a/bind-dyndb-ldap-11.3.tar.bz2
+++ b/bind-dyndb-ldap-11.3.tar.bz2
--- a/bind-dyndb-ldap-11.3.tar.bz2.asc
+++ b/bind-dyndb-ldap-11.3.tar.bz2.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAl7eZOEACgkQRxniuKu/
+YhqWrg//S+qgy+mv0H1cdKsBMFax0PK3hWAmS6/8eZPFOXIfZnx9Q0yCD/EYr2GA
+tdyNo71Jxnk9cnvIIDVttFgscnDDVAMKjGTtvlkgjqbRhr1jNxTeR2A9V6XZWU4m
+cq4+mJya72mnLZH0dA2kb0aeQEggSBu1aD/xxooWO4vt91aUf6ma5+OBnkGHiRfn
+zKzPx9pZeNigZuEIb3dyheymSe7zTbWUa/Ny51zv0XJdIotR+KWAzgHrt7/h5i75
+tQCkS/jxYH6vz3f6nrEkNg5UmW16PMFQcQQKSeCM2Dre3PxpRQyzXMi/YDwCx8ns
+HPjZ3hBDbCpiylsYbwNWnGtHQGsEUXphGyGV/bPyu3ls017m3hcpkokYWwA80RXt
+vLZtTwJIUtWiUBiecOF00TSURHlQ5YkGLIat2Eh1vdLXk3UfXBOVeA30Tjvuqumy
+DCZSgy6VEx0pWL3aXjWzom3UZPEbVkHoXZz+hVk7SxLrvarXKc4GwhBzSioMYhHX
+1gt/CFXT1nglH41RzucxFxLpp7VwqjP30uUeKh2dCBdfLJiiXD9AzQfdYsqCf3FH
+bQ9QHKvHz5JIJGyfU/J4UR0Nt+qELrp0kG6isgl0JCr6Z8l54ykJBCQL/rgr4CJw
+0lMTxSBhDQmQV0eiBe0Dri1DCkpH39saWPtaJfNTsy+nG/7NfWA=
+=2sD+
+-----END PGP SIGNATURE-----
--- a/bind-dyndb-ldap.spec
+++ b/bind-dyndb-ldap.spec
@ -1,19 +1,14 @@
 %define bind_version 32:9.11.3-5

 Name:           bind-dyndb-ldap
-Version:        11.1
-Release:        14
+Version:        11.3
+Release:        1
 Summary:        LDAP back-end plug-in for BIND
 License:        GPLv2+
 URL:            https://releases.pagure.org/bind-dyndb-ldap
 Source0:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2.asc
-# These patches come from fedoraproject
-Patch0001:      0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
-Patch0002:      0002-Add-empty-callback-for-getsize.patch
-Patch0003:      0003-Support-for-BIND-9.11.3.patch
-Patch0004:      0004-use-correct-dn-value.patch
-BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
+BuildRequires:  bind-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
@ -75,6 +70,12 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf


 %changelog
+* Mon Jul 27 2020 gaihuiying <gaihuiying1@huawei.com> - 11.3-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update to 11.3
+
 * Mon Jun 22 2020 gaihuiying <gaihuiying1@huawei.com> - 11.1-14
 - Type:bugfix
 - ID:NA