.bind-dyndb-ldap.metadata

@@ -1 +1 @@
-2ddce96217240ef58962105e7677e70a52550eec SOURCES/bind-dyndb-ldap-11.9.tar.bz2
+8476168033b2e83cb3cb749cb1cc194269cebeff SOURCES/bind-dyndb-ldap-11.10.tar.bz2

.gitignore

@@ -1 +1 @@
-SOURCES/bind-dyndb-ldap-11.9.tar.bz2
+SOURCES/bind-dyndb-ldap-11.10.tar.bz2

SOURCES/0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch

@@ -1,35 +0,0 @@
-From 7b4c1e28b3e64f7cd075599472e349510f8d33da Mon Sep 17 00:00:00 2001
-From: Petr Menšík <pemensik@redhat.com>
-Date: Sep 14 2022 15:23:20 +0000
-Subject: Modify empty zone conflicts under exclusive mode
-
-
-Does not accept new request when exclusive mode is active. Zone table
-can be modified even after main fwd entries have been added. Ensure
-empty zones handling keeps exclusive mode active.
-
-Exclusive mode were mentioned as the only protection it had by bind
-maintainer:
-https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6637#note_308928
-
----
-
-diff --git a/src/fwd.c b/src/fwd.c
-index 24f6e53..0a3c673 100644
---- a/src/fwd.c
-+++ b/src/fwd.c
-@@ -595,10 +595,12 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
- 		  dns_result_totext(result));
- 
- 	/* Handle collisions with automatic empty zones. */
--	if (isconfigured == true)
-+	if (isconfigured == true) {
-+		run_exclusive_enter(inst, &lock_state);
- 		CHECK(empty_zone_handle_conflicts(name,
- 						  view->zonetable,
- 						  (fwdpolicy == dns_fwdpolicy_first)));
-+	}
- 
- cleanup:
- 	run_exclusive_exit(inst, lock_state);
-

SOURCES/bind-dyndb-ldap-11.10-bind-9.18.11.patch

@@ -0,0 +1,38 @@
+From 282b1c9ea58cc0f2337a72912808505e5f540d5a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Sat, 28 Jan 2023 11:32:05 +0100
+Subject: [PATCH] Minimal change to compile with BIND 9.18.11
+
+DSCP codes are not working and their support were removed from BIND9. Do
+not require them to be present.
+---
+ src/fwd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/fwd.c b/src/fwd.c
+index 24f6e53..10ec848 100644
+--- a/src/fwd.c
++++ b/src/fwd.c
+@@ -198,7 +198,9 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs,
+ 	     INSIST((fwdr_int == NULL) == (fwdr_cfg == NULL)), fwdr_int != NULL;
+ 	     fwdr_int = ISC_LIST_NEXT(fwdr_int, link), fwdr_cfg = cfg_list_next(fwdr_cfg)) {
+ 		fwdr_cfg->obj->value.sockaddrdscp.sockaddr = fwdr_int->addr;
++#if LIBDNS_VERSION_MAJOR < 1811
+ 		fwdr_cfg->obj->value.sockaddrdscp.dscp = fwdr_int->dscp;
++#endif
+ 	}
+ 	cfg_print(faddresses, buffer_append_str, &tmp_buf);
+ 
+@@ -281,7 +283,9 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx,
+ 			isc_sockaddr_setport(&addr, port);
+ 		fwdr = isc_mem_get(mctx, sizeof(*(fwdr)));
+ 		fwdr->addr = addr;
++#if LIBDNS_VERSION_MAJOR < 1811
+ 		fwdr->dscp = cfg_obj_getdscp(fwdr_cfg);
++#endif
+ 		ISC_LINK_INIT(fwdr, link);
+ 		ISC_LIST_APPEND(*fwdrs, fwdr, link);
+ 	}
+-- 
+2.39.1
+

SOURCES/bind-dyndb-ldap-11.10-bind-9.18.13.patch

@@ -0,0 +1,56 @@
+From 5d9a012e07578d1a813b385224ba53f77f06b026 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Wed, 22 Mar 2023 13:38:18 +0100
+Subject: [PATCH] Remove rpz_attach for BIND 9.16+
+
+rpz_attach is never supplied from BIND9 code both in 9.16 or 9.18.
+Remove our custom function and pass NULL as well. It would be never
+called anyway.
+
+Modified to directly remove the function without db_registered fix.
+---
+ src/ldap_driver.c | 20 ++++----------------
+ 1 file changed, 4 insertions(+), 16 deletions(-)
+
+diff --git a/src/ldap_driver.c b/src/ldap_driver.c
+index e4aeeb2..20e12fc 100644
+--- a/src/ldap_driver.c
++++ b/src/ldap_driver.c
+@@ -804,22 +804,6 @@ rpz_attach(dns_db_t *db, dns_rpz_zones_t *rpzs, uint8_t rpz_num)
+ 
+ 	dns_db_rpz_attach(ldapdb->rbtdb, rpzs, rpz_num);
+ }
+-#else
+-void
+-rpz_attach(dns_db_t *db, void *void_rpzs, uint8_t rpz_num)
+-{
+-	ldapdb_t *ldapdb = (ldapdb_t *) db;
+-	dns_rpz_zones_t *rpzs = (dns_rpz_zones_t *) void_rpzs;
+-	isc_result_t result;
+-
+-	REQUIRE(VALID_LDAPDB(ldapdb));
+-
+-	rpzs->zones[rpz_num]->db_registered = true;
+-	result = dns_db_updatenotify_register(ldapdb->rbtdb,
+-					      dns_rpz_dbupdate_callback,
+-					      rpzs->zones[rpz_num]);
+-	REQUIRE(result == ISC_R_SUCCESS);
+-}
+ #endif
+ 
+ /*
+@@ -966,7 +950,11 @@ static dns_dbmethods_t ldapdb_methods = {
+ 	resigned,
+ 	isdnssec,
+ 	getrrsetstats,
++#if LIBDNS_VERSION_MAJOR < 1600
+ 	rpz_attach,
++#else
++	NULL,
++#endif
+ 	NULL, /* rpz_ready */
+ 	findnodeext,
+ 	findext,
+-- 
+2.39.2
+

SOURCES/bind-dyndb-ldap-11.10-bind-9.18.19.patch

@@ -0,0 +1,405 @@
+From 131ddb918a5e80bfac2ce97d994f75d42fdf4546 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Mon, 25 Sep 2023 12:33:42 +0200
+Subject: [PATCH] Detect and propagate atomic libraries like bind9
+
+BIND9 headers expect atomic definitions are configured before they are
+included. It needs adding atomic libraries detection in configure AND
+including config.h before any ISC headers are included.
+
+Move dyndb-config.h before isc headers anywhere where needed.
+---
+ configure.ac        | 72 +++++++++++++++++++++++++++++++++++++++++++++
+ src/empty_zones.c   |  3 +-
+ src/fs.c            |  2 ++
+ src/fwd_register.c  |  3 +-
+ src/krb5_helper.c   |  1 +
+ src/ldap_convert.c  |  3 +-
+ src/ldap_entry.c    |  4 ++-
+ src/lock.c          |  2 ++
+ src/log.c           |  2 ++
+ src/metadb.c        |  2 ++
+ src/mldap.c         |  5 ++--
+ src/rbt_helper.c    |  3 +-
+ src/semaphore.c     |  2 ++
+ src/settings.c      |  3 +-
+ src/str.c           |  2 ++
+ src/syncptr.c       |  3 +-
+ src/zone.c          |  2 ++
+ src/zone_register.c |  3 +-
+ 18 files changed, 107 insertions(+), 10 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 9f7f3640c..c30f105db 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -145,6 +145,78 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM([
+ ], [AC_MSG_ERROR([Cross compiling is not supported.])]
+ )
+ 
++# Following atomic checks taken from bind9 configure
++# SPDX-License-Identifier: MPL-2.0
++#
++# This Source Code Form is subject to the terms of the Mozilla Public
++# License, v. 2.0.  If a copy of the MPL was not distributed with this
++# file, you can obtain one at https://mozilla.org/MPL/2.0/.
++#
++ISC_ATOMIC_LIBS=""
++AC_CHECK_HEADERS(
++  [stdatomic.h],
++  [AC_MSG_CHECKING([for memory model aware atomic operations])
++   AC_COMPILE_IFELSE(
++     [AC_LANG_PROGRAM(
++	[[#include <stdatomic.h>]],
++	[[atomic_int_fast32_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed);]]
++      )],
++     [AC_MSG_RESULT([stdatomic.h])
++      AC_MSG_CHECKING([whether -latomic is needed for 64-bit stdatomic.h functions])
++      AC_LINK_IFELSE(
++	[AC_LANG_PROGRAM(
++	   [[#include <stdatomic.h>]],
++	   [[atomic_int_fast64_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed);]]
++	 )],
++	[AC_MSG_RESULT([no])],
++	[ISC_ATOMIC_LIBS="-latomic"
++	 AX_SAVE_FLAGS([atomic])
++	 LIBS="$LIBS $ISC_ATOMIC_LIBS"
++	 AC_LINK_IFELSE(
++	   [AC_LANG_PROGRAM(
++	      [[#include <stdatomic.h>]],
++	      [[atomic_int_fast64_t val = 0; atomic_fetch_add_explicit(&val, 1, memory_order_relaxed);]]
++	    )],
++	   [AC_MSG_RESULT([yes])],
++	   [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, please fix your toolchain.])])
++	 AX_RESTORE_FLAGS([atomic])
++	])
++     ],
++     [AC_MSG_FAILURE([stdatomic.h header found, but compilation failed, please fix your toolchain.])]
++   )],
++  [AC_MSG_CHECKING([for memory model aware atomic operations])
++   AC_COMPILE_IFELSE(
++     [AC_LANG_PROGRAM(
++	[[#include <inttypes.h>]],
++	[[int32_t val = 0; __atomic_fetch_add(&val, 1, __ATOMIC_RELAXED);]]
++      )],
++     [AC_MSG_RESULT([__atomic builtins])
++      AC_DEFINE([HAVE___ATOMIC], [1], [define if __atomic builtins are not available])
++      AC_MSG_CHECKING([whether -latomic is needed for 64-bit __atomic builtins])
++      AC_LINK_IFELSE(
++	[AC_LANG_PROGRAM(
++	   [[#include <inttypes.h>]],
++	   [[int64_t val = 0; __atomic_fetch_add(&val, 1, __ATOMIC_RELAXED);]]
++	 )],
++	[AC_MSG_RESULT([no])],
++	[ISC_ATOMIC_LIBS="-latomic"
++	 AX_SAVE_FLAGS([atomic])
++	 LIBS="$LIBS $ISC_ATOMIC_LIBS"
++	 AC_LINK_IFELSE(
++	   [AC_LANG_PROGRAM(
++	      [[#include <inttypes.h>]],
++	      [[int64_t val = 0; __atomic_fetch_add(&val, 1, __ATOMIC_RELAXED);]]
++	    )],
++	   [AC_MSG_RESULT([yes])],
++	   [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, please fix your toolchain.])])
++	 AX_RESTORE_FLAGS([atomic])
++	])
++     ],
++     [AC_MSG_FAILURE([not found])
++     ])
++  ])
++LIBS="$LIBS $ISC_ATOMIC_LIBS"
++
+ dnl isc_errno_toresult() was not available in older header files
+ AC_MSG_CHECKING([isc_errno_toresult availability])
+ AC_TRY_RUN([
+diff --git a/src/empty_zones.c b/src/empty_zones.c
+index 4e14a804a..f818046d4 100644
+--- a/src/empty_zones.c
++++ b/src/empty_zones.c
+@@ -1,5 +1,7 @@
+ #include <stdio.h>
+ 
++#include "dyndb-config.h"
++
+ #include <isc/result.h>
+ #include <isc/types.h>
+ #include <isc/util.h>
+@@ -8,7 +10,6 @@
+ #include <dns/zone.h>
+ #include <dns/zt.h>
+ 
+-#include "dyndb-config.h"
+ #include "empty_zones.h"
+ #include "util.h"
+ #include "zone_register.h"
+diff --git a/src/fs.c b/src/fs.c
+index 09df5842a..4f3c9c069 100644
+--- a/src/fs.c
++++ b/src/fs.c
+@@ -8,6 +8,8 @@
+ 
+ #include <sys/stat.h>
+ 
++#include "dyndb-config.h"
++
+ #include <isc/dir.h>
+ #include <isc/file.h>
+ #include <isc/errno.h>
+diff --git a/src/fwd_register.c b/src/fwd_register.c
+index 5a3d4e2c2..85792d52e 100644
+--- a/src/fwd_register.c
++++ b/src/fwd_register.c
+@@ -2,11 +2,12 @@
+  * Copyright (C) 2013-2014  bind-dyndb-ldap authors; see COPYING for license
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/rwlock.h>
+ #include <isc/util.h>
+ #include <dns/name.h>
+ 
+-#include "dyndb-config.h"
+ #include "rbt_helper.h"
+ #include "fwd_register.h"
+ #include "util.h"
+diff --git a/src/krb5_helper.c b/src/krb5_helper.c
+index 5d7ee6a9a..92412304b 100644
+--- a/src/krb5_helper.c
++++ b/src/krb5_helper.c
+@@ -4,6 +4,7 @@
+ 
+ #define _POSIX_C_SOURCE 200112L /* setenv */
+ 
++#include "dyndb-config.h"
+ #include <isc/util.h>
+ #include <string.h>
+ #include <stdlib.h>
+diff --git a/src/ldap_convert.c b/src/ldap_convert.c
+index 87f635f79..0a946c421 100644
+--- a/src/ldap_convert.c
++++ b/src/ldap_convert.c
+@@ -2,6 +2,8 @@
+  * Copyright (C) 2009-2015  bind-dyndb-ldap authors; see COPYING for license
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/buffer.h>
+ #include <isc/hex.h>
+ #include <isc/mem.h>
+@@ -20,7 +22,6 @@
+ #include <strings.h>
+ #include <ctype.h>
+ 
+-#include "dyndb-config.h"
+ #include "str.h"
+ #include "ldap_convert.h"
+ #include "log.h"
+diff --git a/src/ldap_entry.c b/src/ldap_entry.c
+index cdf26d858..a29797b1c 100644
+--- a/src/ldap_entry.c
++++ b/src/ldap_entry.c
+@@ -2,12 +2,14 @@
+  * Copyright (C) 2011-2014  bind-dyndb-ldap authors; see COPYING for license
+  */
+ #include <uuid/uuid.h>
++#include <inttypes.h>
++
++#include "dyndb-config.h"
+ 
+ #include <dns/rdata.h>
+ #include <dns/ttl.h>
+ #include <dns/types.h>
+ 
+-#include <inttypes.h>
+ #include <isc/region.h>
+ #include <isc/types.h>
+ #include <isc/util.h>
+diff --git a/src/lock.c b/src/lock.c
+index df6e5ccba..abb5fe0d7 100644
+--- a/src/lock.c
++++ b/src/lock.c
+@@ -2,6 +2,8 @@
+  * Copyright (C) 2014  bind-dyndb-ldap authors; see COPYING for license
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/task.h>
+ #include <isc/util.h>
+ 
+diff --git a/src/log.c b/src/log.c
+index 1eba3cde2..78f9e68b5 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -4,6 +4,8 @@
+ 
+ #include <stdio.h>
+ 
++#include "dyndb-config.h"
++
+ #include <isc/formatcheck.h>
+ #include <isc/util.h>
+ 
+diff --git a/src/metadb.c b/src/metadb.c
+index 276de244f..f035269d2 100644
+--- a/src/metadb.c
++++ b/src/metadb.c
+@@ -4,6 +4,8 @@
+  * Meta-database for information which are not represented in DNS data.
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/mutex.h>
+ #include <isc/util.h>
+ 
+diff --git a/src/mldap.c b/src/mldap.c
+index 0bc2d332f..92a330ccb 100644
+--- a/src/mldap.c
++++ b/src/mldap.c
+@@ -8,8 +8,10 @@
+ #include <ldap.h>
+ #include <stddef.h>
+ #include <uuid/uuid.h>
+-
+ #include <inttypes.h>
++
++#include "dyndb-config.h"
++
+ #include <isc/net.h>
+ #include <isc/refcount.h>
+ #include <isc/result.h>
+@@ -27,7 +29,6 @@
+ #include "metadb.h"
+ #include "mldap.h"
+ #include "util.h"
+-#include "dyndb-config.h"
+ 
+ #if LIBDNS_VERSION_MAJOR < 1600
+ #define REFCOUNT_CAST(n) ((typeof(((isc_refcount_t *)0)->refs)) (n))
+diff --git a/src/rbt_helper.c b/src/rbt_helper.c
+index 6009553bf..d918801c6 100644
+--- a/src/rbt_helper.c
++++ b/src/rbt_helper.c
+@@ -2,12 +2,13 @@
+  * Copyright (C) 2013-2014  bind-dyndb-ldap authors; see COPYING for license
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/util.h>
+ #include <dns/rbt.h>
+ 
+ #include "util.h"
+ #include "rbt_helper.h"
+-#include "dyndb-config.h"
+ 
+ #define LDAPDB_RBTITER_MAGIC ISC_MAGIC('L', 'D', 'P', 'I')
+ 
+diff --git a/src/semaphore.c b/src/semaphore.c
+index b6d02ffac..8b549b8a4 100644
+--- a/src/semaphore.c
++++ b/src/semaphore.c
+@@ -8,6 +8,8 @@
+  * own signal. However, for our purposes, this shouldn't be needed.
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/condition.h>
+ #include <isc/result.h>
+ #include <isc/util.h>
+diff --git a/src/settings.c b/src/settings.c
+index 2a0bb1982..2c9d18238 100644
+--- a/src/settings.c
++++ b/src/settings.c
+@@ -2,6 +2,8 @@
+  * Copyright (C) 2009-2014  bind-dyndb-ldap authors; see COPYING for license
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/util.h>
+ #include <isc/mem.h>
+ #include <isc/task.h>
+@@ -24,7 +26,6 @@
+ #include "types.h"
+ #include "ldap_helper.h"
+ #include "zone_register.h"
+-#include "dyndb-config.h"
+ 
+ #if LIBDNS_VERSION_MAJOR < 1600
+ #define cfg_parse_buffer cfg_parse_buffer4
+diff --git a/src/str.c b/src/str.c
+index 6797eded0..a68f66c73 100644
+--- a/src/str.c
++++ b/src/str.c
+@@ -9,6 +9,8 @@
+  * Review all the REQUIRE() macros.
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/buffer.h>
+ #include <isc/mem.h>
+ #include <isc/mutex.h>
+diff --git a/src/syncptr.c b/src/syncptr.c
+index f7b8c02bc..7fab14a9e 100644
+--- a/src/syncptr.c
++++ b/src/syncptr.c
+@@ -6,6 +6,8 @@
+ #include <arpa/inet.h>
+ #include <sys/socket.h>
+ 
++#include "dyndb-config.h"
++
+ #include <isc/event.h>
+ #include <isc/netaddr.h>
+ #include <isc/task.h>
+@@ -18,7 +20,6 @@
+ #include <dns/zone.h>
+ #include <dns/zt.h>
+ 
+-#include "dyndb-config.h"
+ #include "util.h"
+ #include "ldap_convert.h"
+ #include "ldap_entry.h"
+diff --git a/src/zone.c b/src/zone.c
+index 0180ba8ea..899f612c3 100644
+--- a/src/zone.c
++++ b/src/zone.c
+@@ -3,6 +3,8 @@
+  */
+ 
+ #include <inttypes.h>
++#include "dyndb-config.h"
++
+ #include <isc/types.h>
+ #include <isc/util.h>
+ 
+diff --git a/src/zone_register.c b/src/zone_register.c
+index 504aa9be2..4db5e02c7 100644
+--- a/src/zone_register.c
++++ b/src/zone_register.c
+@@ -2,6 +2,8 @@
+  * Copyright (C) 2009-2014  bind-dyndb-ldap authors; see COPYING for license
+  */
+ 
++#include "dyndb-config.h"
++
+ #include <isc/mem.h>
+ #include <isc/rwlock.h>
+ #include <isc/util.h>
+@@ -12,7 +14,6 @@
+ #include <dns/result.h>
+ #include <dns/zone.h>
+ 
+-#include "dyndb-config.h"
+ #include "fs.h"
+ #include "ldap_driver.h"
+ #include "log.h"
+-- 
+2.41.0
+

SOURCES/bind-dyndb-ldap-11.10-bind-CVE-2024-1737.patch

@@ -1,76 +0,0 @@
-From c7801fabb1597c4d4b18b21fcfcf6ab064040ba5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Wed, 7 Aug 2024 16:19:46 +0200
-Subject: [PATCH] Detect presence of dns_zone_setmaxrrperset
-
-Because it were backported into bind-9.16 branch by upstream and testing
-of simpler variant fails in some cases. This assumes these call do not
-appear only after 9.18.28, but may be backported into previous versions.
-Tests just call presence and assumes dns_db_setmaxtypepername will be
-present also.
----
- configure.ac      |  4 ++++
- src/ldap_driver.c | 25 +++++++++++++++++++++++++
- 2 files changed, 29 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index faac214..b897c2b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -137,6 +137,10 @@ AC_CHECK_LIB([dns], [dns_db_setservestalettl],
-   [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])]
- )
- 
-+AC_CHECK_LIB([dns], [dns_db_setmaxrrperset],
-+  [AC_DEFINE([HAVE_DNS_DB_SETMAXRRPERSET], 1, [Define if dns library provides dns_db_setmaxrrperset])]
-+)
-+
- dnl Older autoconf (2.59, for example) doesn't define docdir
- [[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}'
- AC_SUBST([docdir])
-diff --git a/src/ldap_driver.c b/src/ldap_driver.c
-index 5f9e00a..29896d4 100644
---- a/src/ldap_driver.c
-+++ b/src/ldap_driver.c
-@@ -909,6 +909,27 @@ adjusthashsize(dns_db_t *db, size_t size) {
- }
- #endif
- 
-+#if HAVE_DNS_DB_SETMAXRRPERSET
-+/* Calls added to fix CVE-2024-1737 in 9.18.28 */
-+static void
-+setmaxrrperset(dns_db_t *db, uint32_t value) {
-+	ldapdb_t *ldapdb = (ldapdb_t *) db;
-+
-+	REQUIRE(VALID_LDAPDB(ldapdb));
-+
-+	return dns_db_setmaxrrperset(ldapdb->rbtdb, value);
-+}
-+
-+static void
-+setmaxtypepername(dns_db_t *db, uint32_t value) {
-+	ldapdb_t *ldapdb = (ldapdb_t *) db;
-+
-+	REQUIRE(VALID_LDAPDB(ldapdb));
-+
-+	return dns_db_setmaxtypepername(ldapdb->rbtdb, value);
-+}
-+#endif
-+
- static dns_dbmethods_t ldapdb_methods = {
- 	attach,
- 	detach,
-@@ -969,6 +990,10 @@ static dns_dbmethods_t ldapdb_methods = {
- #if LIBDNS_VERSION_MAJOR >= 1606
- 	adjusthashsize, /* adjusthashsize */
- #endif
-+#if HAVE_DNS_DB_SETMAXRRPERSET
-+	setmaxrrperset, /* setmaxrrperset */
-+	setmaxtypepername, /* setmaxtypepername */
-+#endif
- };
- 
- isc_result_t ATTR_NONNULLS
--- 
-2.45.2
-

SOURCES/bind-dyndb-ldap-11.10.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmKxbw8ACgkQRxniuKu/
+YhpvSQ/+ONhrsgo9PS5Lbe7gpQcBIWlzat2TnceeeDNE7ybB4iXSFaAjYFwysGQ0
+5/WJGIjzA4r+fl7o5JxBhn8HAxN3TM13xhzM/91sFAlNDrnO6QameulIEr8vAJTW
+HNuQ/+rwZKfyGWJn32Ztex/7lX+GAQKnMqZ90TdHibMMawk2rP5617N1hgUMDkao
+9bCVZ8ezzrKeECaJDygi8VT/3z0wffksnL/Elj5NVRJD1T9J2cNEwxj9oklnccOc
+dK7C/zzv9k2mH4CssVZsZxk0JDO8McuzquSgBWJy4n6Jxz6tunykmGAjQDS/UizI
+DuC6tCnDZL2kN0krMe0wXyayT+D13jUPjsj8/GKxz7QbIPu6sK6EXj/FEwH+LscG
+xud7v79puMJ76CO+/mhLg7qTV+erAuy0HjGcS7cGX/l4X9lMpesrDwOD17/MpfFL
+6+6aAf8ypzo2gxRW0x4Xb8vrJwYyt4+l9u+ipm8RfYRXcT6dMwuhjkXr3AE9Np1g
+Hh/Ya5EwgICiCzO5J9Q7xvU8kqzXvMpwd+FY/3lnGXg982UmTTYZBixVU8BuXFqi
+aXo73b6+zXr9sT/Dclz8ZA/UX60GyQ7qTFYGSPa5ZPts4DL8IgWliXJaalDG5XvW
+VtfeMOfH9Q2mAPrBa0BTVmHwItzDgjGCVGeSAdN8g1tFpq48rxQ=
+=2rGI
+-----END PGP SIGNATURE-----

SOURCES/bind-dyndb-ldap-11.9-bind-9.16.17.patch

@@ -1,35 +0,0 @@
-From d7d3032de7f5d3dd3cffea6064549b63a9ad7d59 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Thu, 17 Jun 2021 17:57:52 +0200
-Subject: [PATCH] Skip isc_bind9 check on BIND 9.16.17+
-
-Reference variable refvar from dns_dyndbctx_t were removed. Removed was
-also flag requesting different namespace. Skip that check on last stable
-version, it should eval to false on all versions anyway.
----
- src/ldap_driver.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/ldap_driver.c b/src/ldap_driver.c
-index e9f1005ee..5f9e00af1 100644
---- a/src/ldap_driver.c
-+++ b/src/ldap_driver.c
-@@ -1156,6 +1156,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
- 	RUNTIME_CHECK(isc_once_do(&library_init_once, library_init)
- 		      == ISC_R_SUCCESS);
- 
-+#if LIBDNS_VERSION_MAJOR < 1617
- 	/*
- 	 * Depending on how dlopen() was called, we may not have
- 	 * access to named's global namespace, in which case we need
-@@ -1168,6 +1169,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
- 		isc_hash_set_initializer(dctx->hashinit);
- 		log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9);
- 	}
-+#endif
- 
- 	log_debug(2, "registering dynamic ldap driver for %s.", name);
- 
--- 
-2.31.1
-

SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch

@@ -1,24 +0,0 @@
-diff --git a/src/mldap.c b/src/mldap.c
-index 92a330c..79efddb 100644
---- a/src/mldap.c
-+++ b/src/mldap.c
-@@ -50,18 +50,7 @@
- static unsigned char uuid_rootname_ndata[]
- 	= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
- static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
--static dns_name_t uuid_rootname =
--{
--	DNS_NAME_MAGIC,
--	uuid_rootname_ndata,
--	sizeof(uuid_rootname_ndata),
--	sizeof(uuid_rootname_offsets),
--	DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
--	uuid_rootname_offsets,
--	NULL,
--	{ (void *)-1, (void *)-1 },
--	{ NULL, NULL }
--};
-+static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
- 
- struct mldapdb {
- 	isc_mem_t	*mctx;

SOURCES/bind-dyndb-ldap-11.9.tar.bz2.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmCtCAoACgkQRxniuKu/
-YhptNQ//QvGsnJsvlhZddT1EnoiiNhmKyW6HAV7f/0z4L/1RE9sng930mLhRD5mI
-wFPzeJBBYVTM82hZwjboaa8r5hpAHiq29Q6o7cBCIcOEN6YhNZePoO7RmU1TaF57
-6LGIzmUuEHfHaajV7fvYUY/kW0mJrxLwu58IJX7wi8OsJi+Exx8EqjVIVPJYkj3n
-hen17jJmxnPyjI3fhwZt+ON3X3yfocLgsg08Zl4dtB6MTHMeb0a6gxZ2MQwpCGrq
-zmo+Qv3OkvxJHPtpKO46je4GHZ3JYSNfCu8fVSqFiZfqu0Zv1DF6YUjxsHHU1BVk
-64CCEN1vNal1rIblwz447oEAwBWQ0ky0r+EtAYfUggSHZ/Lwjh8LX44VYISa/4Io
-R3aq3Egz8YwttXoH1PEGqv6ag9O7S8dVqKRm2+UmC6ajKtDtQimvWfyiInAjAsm4
-ngwiWoqfYVYvs38YSc9oL/VFc0N7NglNGTVOKzgrkUlG8RF2GEdeMqXBcPflIL16
-+R8AEgaFOcFmyrv1DMTglK6Mq2EjSDlfxVb8Rv1jiBmglB1z0hzLi0yVLNIAobPF
-eOgi5Aq7UYWnT7oE8t6m1PWomVBObNFtC7OgMTdXt0lT7ZdqbRkxaW0CCY1+e645
-4NlyEvwONUGPKzl7jlSNH/5eE0GuYp6Qi68b+LkBf5wfK4axfdY=
-=OlUq
------END PGP SIGNATURE-----

SOURCES/bind-dyndb-ldap-bind-9.18.10-db-options.patch

@@ -0,0 +1,104 @@
+From 5dd2fefa0bc7cd7689004cec64304c3a02be9eab Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 12 Jan 2023 13:25:10 +0200
+Subject: [PATCH] Support bind 9.18.10 or later
+
+dns_db_allrdatasets() gained a new parameter. Adopt the code to allow
+injecting 0 options if building against 9.18.10.
+
+Fixes: https://pagure.io/bind-dyndb-ldap/issue/216
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/ldap_driver.c | 7 ++++---
+ src/ldap_helper.c | 4 ++--
+ src/metadb.c      | 3 ++-
+ src/util.h        | 6 ++++++
+ 4 files changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/src/ldap_driver.c b/src/ldap_driver.c
+index 7367493..e4aeeb2 100644
+--- a/src/ldap_driver.c
++++ b/src/ldap_driver.c
+@@ -465,13 +465,14 @@ findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ 
+ static isc_result_t
+ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+-	     isc_stdtime_t now, dns_rdatasetiter_t **iteratorp)
++	     DNS_DB_ALLRDATASETS_OPTIONS(unsigned int options, isc_stdtime_t now),
++	     dns_rdatasetiter_t **iteratorp)
+ {
+ 	ldapdb_t *ldapdb = (ldapdb_t *) db;
+ 
+ 	REQUIRE(VALID_LDAPDB(ldapdb));
+ 
+-	return dns_db_allrdatasets(ldapdb->rbtdb, node, version, now, iteratorp);
++	return dns_db_allrdatasets(ldapdb->rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(options, now), iteratorp);
+ }
+ 
+ /* TODO: Add 'tainted' flag to the LDAP instance if something went wrong. */
+@@ -514,7 +515,7 @@ node_isempty(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ 
+ 	CHECK(ldapdb_name_fromnode(node, dns_fixedname_initname(&fname)));
+ 
+-	result = dns_db_allrdatasets(db, node, version, now, &rds_iter);
++	result = dns_db_allrdatasets(db, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, now), &rds_iter);
+ 	if (result == ISC_R_NOTFOUND) {
+ 		*isempty = true;
+ 	} else if (result == ISC_R_SUCCESS) {
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index 7ea3df9..7ac3d91 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -2005,7 +2005,7 @@ zone_sync_apex(const ldap_instance_t * const inst,
+ 				 zone_settings, &rdatalist));
+ 
+ 	CHECK(dns_db_getoriginnode(rbtdb, &node));
+-	result = dns_db_allrdatasets(rbtdb, node, version, 0,
++	result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
+ 				     &rbt_rds_iterator);
+ 	if (result == ISC_R_SUCCESS) {
+ 		CHECK(diff_ldap_rbtdb(inst->mctx, &name, &rdatalist,
+@@ -3929,7 +3929,7 @@ update_restart:
+ 	CHECK(dns_db_newversion(ldapdb, &version));
+ 
+ 	CHECK(dns_db_findnode(rbtdb, &entry->fqdn, true, &node));
+-	result = dns_db_allrdatasets(rbtdb, node, version, 0, &rbt_rds_iterator);
++	result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0), &rbt_rds_iterator);
+ 	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+ 		goto cleanup;
+ 
+diff --git a/src/metadb.c b/src/metadb.c
+index f469a30..276de24 100644
+--- a/src/metadb.c
++++ b/src/metadb.c
+@@ -217,7 +217,8 @@ metadb_node_delete(metadb_node_t **nodep) {
+ 	node = *nodep;
+ 
+ 	dns_rdataset_init(&rdataset);
+-	CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version, 0,
++	CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version,
++				  DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
+ 				  &iter));
+ 
+ 	for (result = dns_rdatasetiter_first(iter);
+diff --git a/src/util.h b/src/util.h
+index 5088ff3..e4620ff 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -29,6 +29,12 @@ extern bool verbose_checks; /* from settings.c */
+ #define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
+ #endif
+ 
++#if LIBDNS_VERSION_MAJOR >= 1810
++#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
++#else
++#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
++#endif
++
+ #define CLEANUP_WITH(result_code)				\
+ 	do {							\
+ 		result = (result_code);				\
+-- 
+2.39.0
+

SOURCES/bind-dyndb-ldap-bind-9.18.10-logs.patch

@@ -0,0 +1,152 @@
+From 00131b7b72daa953ab2bf5e6a4fd5508052debb0 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 12 Jan 2023 14:33:07 +0200
+Subject: [PATCH] adopt to bind 9.18.9+ loggers
+
+Fixes: https://pagure.io/bind-dyndb-ldap/issues/216
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/ldap_helper.c | 12 ++++--------
+ src/log.h         |  9 +++++++++
+ src/settings.c    | 12 ++++--------
+ src/syncrepl.c    |  6 ++----
+ 4 files changed, 19 insertions(+), 20 deletions(-)
+
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index 7ac3d91..acabd31 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -1317,8 +1317,7 @@ configure_zone_acl(isc_mem_t *mctx, dns_zone_t *zone,
+ 			dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
+ 				      "cannot configure restrictive %s policy: %s",
+ 				      type_txt, isc_result_totext(result2));
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "insecure state detected");
++			fatal_error("insecure state detected");
+ 		}
+ 	}
+ 	acl_setter(zone, acl);
+@@ -1365,8 +1364,7 @@ configure_zone_ssutable(dns_zone_t *zone, const char *update_str)
+ 			dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
+ 				      "cannot disable all updates: %s",
+ 				      isc_result_totext(result2));
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "insecure state detected");
++			fatal_error("insecure state detected");
+ 		}
+ 	}
+ 
+@@ -2951,8 +2949,7 @@ force_reconnect:
+ 						   ldap_inst);
+ 		break;
+ 	case AUTH_INVALID:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				"invalid auth_method_enum value %u",
++		unexpected_error("invalid auth_method_enum value %u",
+ 				 auth_method_enum);
+ 		break;
+ 
+@@ -3782,8 +3779,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
+ 		else if (entry->class & LDAP_ENTRYCLASS_FORWARD)
+ 			CHECK(ldap_parse_fwd_zoneentry(entry, inst));
+ 		else
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "update_zone: unexpected entry class");
++			fatal_error("update_zone: unexpected entry class");
+ 	}
+ 
+ cleanup:
+diff --git a/src/log.h b/src/log.h
+index da71f8b..844ac46 100644
+--- a/src/log.h
++++ b/src/log.h
+@@ -17,8 +17,17 @@
+ #define GET_LOG_LEVEL(level)	(level)
+ #endif
+ 
++#if LIBDNS_VERSION_MAJOR >= 1809
++#define fatal_error(...) \
++	isc_error_fatal(__FILE__, __LINE__, __func__, __VA_ARGS__)
++#define unexpected_error(...) \
++	isc_error_unexpected(__FILE__, __LINE__, __func__, __VA_ARGS__)
++#else
+ #define fatal_error(...) \
+ 	isc_error_fatal(__FILE__, __LINE__, __VA_ARGS__)
++#define unexpected_error(...) \
++	isc_error_unexpected(__FILE__, __LINE__, __VA_ARGS__)
++#endif
+ 
+ #define log_bug(fmt, ...) \
+ 	log_error("bug in %s(): " fmt, __func__,##__VA_ARGS__)
+diff --git a/src/settings.c b/src/settings.c
+index def60d7..2a0bb19 100644
+--- a/src/settings.c
++++ b/src/settings.c
+@@ -178,8 +178,7 @@ setting_get(const char *const name, const setting_type_t type,
+ 		*(bool *)target = setting->value.value_boolean;
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", type);
++		unexpected_error("invalid setting_type_t value %u", type);
+ 		break;
+ 	}
+ 
+@@ -278,8 +277,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
+ 			CLEANUP_WITH(ISC_R_IGNORE);
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 
+@@ -304,8 +302,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
+ 		setting->value.value_boolean = numeric_value;
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 	setting->filled = 1;
+@@ -389,8 +386,7 @@ setting_unset(const char *const name, const settings_set_t *set)
+ 	case ST_BOOLEAN:
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 	setting->filled = 0;
+diff --git a/src/syncrepl.c b/src/syncrepl.c
+index 0bee09a..f94379c 100644
+--- a/src/syncrepl.c
++++ b/src/syncrepl.c
+@@ -148,8 +148,7 @@ finish(isc_task_t *task, isc_event_t *event) {
+ 		case sync_datainit:
+ 		case sync_finished:
+ 		default:
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "sync_barrier_wait(): invalid state "
++			fatal_error("sync_barrier_wait(): invalid state "
+ 				    "%u", bev->sctx->state);
+ 	}
+ 	sync_state_change(bev->sctx, new_state, false);
+@@ -518,8 +517,7 @@ sync_barrier_wait(sync_ctx_t *sctx, ldap_instance_t *inst) {
+ 		case sync_databarrier:
+ 		case sync_finished:
+ 		default:
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "sync_barrier_wait(): invalid state "
++			fatal_error("sync_barrier_wait(): invalid state "
+ 				    "%u", sctx->state);
+ 	}
+ 
+-- 
+2.39.0
+

SOURCES/bind-dyndb-ldap-bind-9.18.10-staleok.patch

@@ -0,0 +1,38 @@
+From 47902df23bf637e6c7ece67b928339e0fda58ae0 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Mon, 16 Jan 2023 11:03:24 +0200
+Subject: [PATCH] Handle dns_db_allrdatasets() backports too
+
+With https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7189 the
+changes were also backported to 9.16.36+ as well. Instead of checking
+version, check if an additional define is present.
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/util.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/util.h b/src/util.h
+index e4620ff..5da0f5c 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -13,6 +13,7 @@
+ #include <dns/types.h>
+ #include <dns/name.h>
+ #include <dns/result.h>
++#include <dns/db.h>
+ 
+ #include "log.h"
+ #include "dyndb-config.h"
+@@ -29,7 +30,7 @@ extern bool verbose_checks; /* from settings.c */
+ #define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
+ #endif
+ 
+-#if LIBDNS_VERSION_MAJOR >= 1810
++#ifdef DNS_DB_STALEOK
+ #define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
+ #else
+ #define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
+-- 
+2.39.0
+

SPECS/bind-dyndb-ldap.spec

@@ -1,7 +1,7 @@
 
 %define VERSION %{version}
 
-%define bind_version 32:9.16.23-19
+%define bind_version 32:9.16.16
 
 %if 0%{?fedora} >= 31 || 0%{?rhel} > 8
     %global openssl_pkcs11_version 0.4.10-6
@@ -11,8 +11,8 @@
 %endif
 
 Name:           bind-dyndb-ldap
-Version:        11.9
+Version:        11.10
-Release:        10%{?dist}
+Release:        26%{?dist}
 Summary:        LDAP back-end plug-in for BIND
 
 License:        GPLv2+
@@ -20,18 +20,27 @@ URL:            https://releases.pagure.org/bind-dyndb-ldap
 Source0:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
 
-Patch1:         bind-dyndb-ldap-11.9-bind-9.16.17.patch
+# https://pagure.io/bind-dyndb-ldap/pull-request/217
-Patch2:         0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch
+# https://pagure.io/bind-dyndb-ldap/c/00131b7b72daa953ab2bf5e6a4fd5508052debb0
-# https://pagure.io/bind-dyndb-ldap/pull-request/229
+Patch1:         bind-dyndb-ldap-bind-9.18.10-db-options.patch
-Patch3:         https://pagure.io/bind-dyndb-ldap/raw/dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c#/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
+# https://pagure.io/bind-dyndb-ldap/c/47902df23bf637e6c7ece67b928339e0fda58ae0
-# https://pagure.io/bind-dyndb-ldap/pull-request/235
+Patch2:         bind-dyndb-ldap-bind-9.18.10-logs.patch
-Patch4:         bind-dyndb-ldap-11.10-bind-CVE-2024-1737.patch
+# https://pagure.io/bind-dyndb-ldap/c/5dd2fefa0bc7cd7689004cec64304c3a02be9eab
+Patch3:         bind-dyndb-ldap-bind-9.18.10-staleok.patch
+Patch4: bind-dyndb-ldap-11.10-bind-9.18.11.patch
+Patch5: bind-dyndb-ldap-11.10-bind-9.18.13.patch
+# https://pagure.io/bind-dyndb-ldap/pull-request/226
+Patch6: bind-dyndb-ldap-11.10-bind-9.18.19.patch
 
 BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  automake, autoconf, libtool
+BuildRequires:  autoconf-archive
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2165256
+Conflicts: bind9-next
 
 %if %{with bind_pkcs11}
 BuildRequires:  bind-pkcs11-devel >= %{bind_version}
@@ -121,43 +130,153 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 
 
 %changelog
-* Wed Aug 07 2024 Petr Menšík <pemensik@redhat.com> - 11.9-10
+* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 11.10-26
-- Rebuilt for BIND CVE-2024-1737 fixes (CVE-2024-1737)
+- Rebuilt for MSVSphere 10
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 11.10-26
+- Bump release for June 2024 mass rebuild
+
+* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 15 2024 Petr Menšík <pemensik@redhat.com> - 11.10-23
+- Rebuilt for BIND 9.18.21 (#2255407)
+
+* Mon Nov 20 2023 Petr Menšík <pemensik@redhat.com> - 11.10-22
+- Rebuilt for BIND 9.18.20 (#2249835)
+
+* Mon Sep 25 2023 Petr Menšík <pemensik@redhat.com> - 11.10-21
+- Support for bind 9.18.19 (#2232346)
+- Require autoconf-archive at build time
+
+* Wed Sep 06 2023 Petr Menšík <pemensik@redhat.com> - 11.10-20
+- Rebuilt for BIND 9.18.18 (#2232346)
+
+* Wed Jul 19 2023 Petr Menšík <pemensik@redhat.com> - 11.10-19
+- Rebuild for BIND 9.18.17 (#2223913)
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jun 21 2023 Petr Menšík <pemensik@redhat.com> - 11.10-17
+- Rebuild for BIND 9.18.16 (#2216462)
+
+* Thu May 18 2023 Petr Menšík <pemensik@redhat.com> - 11.10-16
+- Rebuild for BIND 9.18.15 (#2207908)
+
+* Sat Apr 22 2023 Petr Menšík <pemensik@redhat.com> - 11.10-15
+- Rebuilt for BIND 9.18.14 (#2187996)
+
+* Wed Mar 22 2023 Petr Menšík <pemensik@redhat.com> - 11.10-14
+- Rebuilt for BIND 9.18.13 (#2178717)
+
+* Mon Feb 20 2023 Petr Menšík <pemensik@redhat.com> - 11.10-13
+- Rebuilt for BIND 9.18.12 (#2170096)
+
+* Sun Jan 29 2023 Adam Williamson <awilliam@redhat.com> - 11.10-12
+- Rebuild for BIND 9.18.11 again (tagging mess, again see #2165256)
+
+* Sat Jan 28 2023 Adam Williamson <awilliam@redhat.com> - 11.10-11.2
+- Conflict with bind9-next (#2165256)
+
+* Sat Jan 28 2023 Petr Menšík <pemensik@redhat.com> - 11.10-11
+- Support for BIND 9.18.11 (#2164395)
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Jan 16 2023 Petr Menšík <pemensik@redhat.com> - 11.10-9
+- Rebuilt for BIND 9.18.10 (#2143258)
+- Include changes needed to build with latest BIND9
+
+* Mon Nov 21 2022 Petr Menšík <pemensik@redhat.com> - 11.10-8
+- Rebuilt for BIND 9.18.9 (#2143258)
+- Support error header change
+
+* Sat Oct 22 2022 Petr Menšík <pemensik@redhat.com> - 11.10-7
+- Rebuilt for BIND 9.18.8 (#2136100)
+
+* Wed Sep 21 2022 Petr Menšík <pemensik@redhat.com> - 11.10-6
+- Rebuild for BIND 9.18.7 (#2128609)
+
+* Tue Sep 13 2022 Petr Menšík <pemensik@redhat.com> - 11.10-5
+- Rebuild for BIND 9.18.6 with fixed PKCS11 (#2122841)
+
+* Tue Aug 30 2022 Petr Menšík <pemensik@redhat.com> - 11.10-4
+- Rebuild for BIND 9.18.6 (#2119132)
+
+* Wed Aug 03 2022 Petr Menšík <pemensik@redhat.com> - 11.10-3
+- Rebuild for BIND 9.18.5 (#2057493)
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 11.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jun 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 11.10-1
+- Release 11.10
+- Support BIND 9.17+
+
+* Mon Jun 20 2022 Petr Menšík <pemensik@redhat.com> - 11.9-17
+- Rebuilt for BIND 9.16.30 (#2097312)
+
+* Fri May 27 2022 Petr Menšík <pemensik@redhat.com> - 11.9-16
+- Rebuild for BIND 9.16.29 (#2087920)
+
+* Thu Apr 21 2022 Petr Menšík <pemensik@redhat.com> - 11.9-15
+- Rebuilt for BIND 9.16.28 (#2076941)
+
+* Fri Mar 18 2022 Petr Menšík <pemensik@redhat.com> - 11.9-14
+- Rebuilt for BIND 9.16.27 (#2055120)
+
+* Fri Jan 21 2022 Petr Menšík <pemensik@redhat.com> - 11.9-13
+- Rebuild for BIND 9.16.25 (#2042504)
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 11.9-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Dec 30 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.9-11
+- Rebuild for BIND 9.16.24 (#2035298)
+
+* Wed Dec 15 2021 Petr Menšík <pemensik@redhat.com> - 11.9-10
+- Rebuilt for BIND 9.16.23 (#2032934)
+
+* Fri Nov 19 2021 Petr Menšík <pemensik@redhat.com> - 11.9-9
+- Rebuilt for BIND 9.16.23 (#2024210)
+
+* Thu Oct 28 2021 Petr Menšík <pemensik@redhat.com> - 11.9-8
+- Rebuilt for BIND 9.16.22 (#2017912)
 
-* Thu Feb 22 2024 Petr Menšík <pemensik@redhat.com> - 11.9-9
+* Fri Sep 17 2021 Petr Menšík <pemensik@redhat.com> - 11.9-7
-- Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387)
+- Rebuilt for BIND 9.16.21 (#2004385)
 
-* Wed Oct 19 2022 Rafael Jeffman <rjeffman<redhat.com> - 11.9-8
+* Thu Aug 19 2021 Petr Menšík <pemensik@redhat.com> - 11.9-6
-- Modify empty zone conflicts under exclusive mode
+- Rebuilt for BIND 9.16.20 (#1995289)
-  Resolves: rhbz#2129844, rhbz#2130614
 
-* Fri Nov 26 2021 Petr Menšík <pemensik@redhat.com> - 11.9-7
+* Wed Jul 21 2021 Petr Menšík <pemensik@redhat.com> - 11.9-5
-- Rebuilt for BIND 9.16.23 (#2019575)
+- Rebuilt for BIND 9.16.19 (#1984627)
 
-* Wed Aug 25 2021 Petr Menšík <pemensik@redhat.com> - 11.9-6
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 11.9-4
-- Rebuilt for BIND 9.16.20 with correct target
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 
-* Tue Aug 24 2021 Petr Menšík <pemensik@redhat.com> - 11.9-5
+* Sat Jun 19 2021 Petr Menšík <pemensik@redhat.com> - 11.9-3
-- Rebuilt for BIND 9.16.20
+- Rebuilt for BIND 9.16.18
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 11.9-4
+* Thu Jun 17 2021 Petr Menšík <pemensik@redhat.com> - 11.9-2
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Add BIND 9.16.17 support
-  Related: rhbz#1991688
 
-* Thu Jul 22 2021 Petr Menšík <pemensik@redhat.com> - 11.9-3
+* Mon May 24 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.9-1
-- Rebuilt for BIND 9.16.19 (#1960273)
+- New upstream release 11.9
 
-* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 11.9-2
+* Fri May 21 2021 Petr Menšík <pemensik@redhat.com> - 11.7-4
-- Rebuilt for RHEL 9 BETA for openssl 3.0
+- Add BIND 9.16.16 support
-  Related: rhbz#1971065
 
-* Tue May 25 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.9-1
+* Thu Apr 29 2021 Petr Menšík <pemensik@redhat.com> - 11.7-3
-- Upstream release 11.9
+- Rebuilt for BIND 9.16.15
-- Rebuilt for BIND 9.16.15+
-- Resolves: rhbz#1960273
 
-* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 11.7-2
+* Fri Mar 26 2021 Petr Menšík <pemensik@redhat.com> - 11.7-2
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Support for BIND 9.16.13
 
 * Wed Feb 24 2021 Alexander Bokovoy <abokovoy@redhat.com> - 11.7-1
 - Upstream release 11.7