!20 [sync] PR-18: fix build failed

From: @openeuler-sync-bot 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw

0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch

@@ -1,116 +0,0 @@
-From e5c29893a318c0f1571c9918ab2c7c23dca3c952 Mon Sep 17 00:00:00 2001
-From: Tomas Krizek <tkrizek@redhat.com>
-Date: Mon, 27 Mar 2017 19:41:05 +0200
-Subject: [PATCH] Coverity: fix REVERSE_INULL for pevent->inst
-
-With the DynDB API changes, the ldap instance is acquired
-differently. Previously, obtaining the instance could fail when
-LDAP was disconnecting, thus the NULL check was necessary in the
-cleanup part.
-
-Now, inst is obtained directly from the API. I'm not sure what is
-the exact behaviour in edge cases such as LDAP disconnecting, so
-I perform the NULL check a bit earlier, just to be safe.
----
- src/ldap_helper.c | 42 +++++++++++++++++++++---------------------
- 1 file changed, 21 insertions(+), 21 deletions(-)
-
-diff --git a/src/ldap_helper.c b/src/ldap_helper.c
-index 1fa0ec9adfa2b9ca589587244da03cc6f0584919..e0c4b76f0bd350eda2d81588e6efb67b5221d630 100644
---- a/src/ldap_helper.c
-+++ b/src/ldap_helper.c
-@@ -3714,6 +3714,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
- 	mctx = pevent->mctx;
- 	dns_name_init(&prevname, NULL);
- 
-+	REQUIRE(inst != NULL);
- 	INSIST(task == inst->task); /* For task-exclusive mode */
- 
- 	if (SYNCREPL_DEL(pevent->chgtype)) {
-@@ -3730,12 +3731,11 @@ update_zone(isc_task_t *task, isc_event_t *event)
- 	}
- 
- cleanup:
--	if (inst != NULL) {
--		sync_concurr_limit_signal(inst->sctx);
--		sync_event_signal(inst->sctx, pevent);
--		if (dns_name_dynamic(&prevname))
--			dns_name_free(&prevname, inst->mctx);
--	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	sync_event_signal(inst->sctx, pevent);
-+	if (dns_name_dynamic(&prevname))
-+		dns_name_free(&prevname, inst->mctx);
-+
- 	if (result != ISC_R_SUCCESS)
- 		log_error_r("update_zone (syncrepl) failed for %s. "
- 			    "Zones can be outdated, run `rndc reload`",
-@@ -3760,14 +3760,14 @@ update_config(isc_task_t * task, isc_event_t *event)
- 
- 	mctx = pevent->mctx;
- 
-+	REQUIRE(inst != NULL);
- 	INSIST(task == inst->task); /* For task-exclusive mode */
- 	CHECK(ldap_parse_configentry(entry, inst));
- 
- cleanup:
--	if (inst != NULL) {
--		sync_concurr_limit_signal(inst->sctx);
--		sync_event_signal(inst->sctx, pevent);
--	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	sync_event_signal(inst->sctx, pevent);
-+
- 	if (result != ISC_R_SUCCESS)
- 		log_error_r("update_config (syncrepl) failed for %s. "
- 			    "Configuration can be outdated, run `rndc reload`",
-@@ -3790,14 +3790,14 @@ update_serverconfig(isc_task_t * task, isc_event_t *event)
- 
- 	mctx = pevent->mctx;
- 
-+	REQUIRE(inst != NULL);
- 	INSIST(task == inst->task); /* For task-exclusive mode */
- 	CHECK(ldap_parse_serverconfigentry(entry, inst));
- 
- cleanup:
--	if (inst != NULL) {
--		sync_concurr_limit_signal(inst->sctx);
--		sync_event_signal(inst->sctx, pevent);
--	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	sync_event_signal(inst->sctx, pevent);
-+
- 	if (result != ISC_R_SUCCESS)
- 		log_error_r("update_serverconfig (syncrepl) failed for %s. "
- 			    "Configuration can be outdated, run `rndc reload`",
-@@ -3860,6 +3860,7 @@ update_record(isc_task_t *task, isc_event_t *event)
- 	dns_name_init(&prevname, NULL);
- 	dns_name_init(&prevorigin, NULL);
- 
-+	REQUIRE(inst != NULL);
- 	CHECK(zr_get_zone_ptr(inst->zone_register, &entry->zone_name, &raw, &secure));
- 	zone_found = ISC_TRUE;
- 
-@@ -4020,13 +4021,12 @@ cleanup:
- 			    ldap_entry_logname(entry), pevent->chgtype);
- 	}
- 
--	if (inst != NULL) {
--		sync_concurr_limit_signal(inst->sctx);
--		if (dns_name_dynamic(&prevname))
--			dns_name_free(&prevname, inst->mctx);
--		if (dns_name_dynamic(&prevorigin))
--			dns_name_free(&prevorigin, inst->mctx);
--	}
-+	sync_concurr_limit_signal(inst->sctx);
-+	if (dns_name_dynamic(&prevname))
-+		dns_name_free(&prevname, inst->mctx);
-+	if (dns_name_dynamic(&prevorigin))
-+		dns_name_free(&prevorigin, inst->mctx);
-+
- 	if (raw != NULL)
- 		dns_zone_detach(&raw);
- 	if (secure != NULL)
--- 
-2.9.3
-

0002-Add-empty-callback-for-getsize.patch

@@ -1,30 +0,0 @@
-From 107c5ed7247788a04a23d6c65fca50f96c944345 Mon Sep 17 00:00:00 2001
-From: Tomas Krizek <tkrizek@redhat.com>
-Date: Tue, 27 Jun 2017 10:41:03 +0200
-Subject: [PATCH] Add empty callback for getsize
-
-BIND introduced getsize method in db.h. This is related to
-CVE-2016-6170 and allows to set restriction of zone size limit.
-
-Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
----
- src/ldap_driver.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/ldap_driver.c b/src/ldap_driver.c
-index 53ce1a9..38673b0 100644
---- a/src/ldap_driver.c
-+++ b/src/ldap_driver.c
-@@ -867,7 +867,8 @@ static dns_dbmethods_t ldapdb_methods = {
- 	findext,
- 	setcachestats,
- 	hashsize,
--	nodefullname
-+	nodefullname,
-+	NULL, // getsize method not implemented (related BZ1353563)
- };
- 
- isc_result_t ATTR_NONNULLS
--- 
-2.9.4
-

0003-Support-for-BIND-9.11.3.patch

@@ -1,137 +0,0 @@
-From b533d722fa62232955aedfdf1bbc0179f48497eb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Thu, 1 Mar 2018 19:41:10 +0100
-Subject: [PATCH] Support for BIND 9.11.3. Include explicitly isc/util.h in
- each file that uses REQUIRE(). Support stdatomic feature, do not use function
- call in STATIC_ASSERT().
-
----
- src/bindcfg.c      |  1 +
- src/fwd_register.c |  1 +
- src/ldap_entry.h   | 11 +++++------
- src/mldap.c        |  4 ++--
- src/rbt_helper.c   |  1 +
- src/types.h        |  2 +-
- 6 files changed, 11 insertions(+), 9 deletions(-)
-
-diff --git a/src/bindcfg.c b/src/bindcfg.c
-index 9b429ba..5539dea 100644
---- a/src/bindcfg.c
-+++ b/src/bindcfg.c
-@@ -6,6 +6,7 @@
- 
- #include "config.h"
- 
-+#include <isc/util.h>
- #include <isccfg/grammar.h>
- #include <isccfg/namedconf.h>
- 
-diff --git a/src/fwd_register.c b/src/fwd_register.c
-index 355d15f..7cc0c5a 100644
---- a/src/fwd_register.c
-+++ b/src/fwd_register.c
-@@ -3,6 +3,7 @@
-  */
- 
- #include <isc/rwlock.h>
-+#include <isc/util.h>
- #include <dns/name.h>
- 
- #include "rbt_helper.h"
-diff --git a/src/ldap_entry.h b/src/ldap_entry.h
-index 6498c79..88b1c42 100644
---- a/src/ldap_entry.h
-+++ b/src/ldap_entry.h
-@@ -6,7 +6,6 @@
- #define _LD_LDAP_ENTRY_H_
- 
- #include <isc/lex.h>
--#include <isc/util.h>
- #include <dns/types.h>
- 
- #include "fwd_register.h"
-@@ -19,15 +18,15 @@
- 
- /* Represents values associated with LDAP attribute */
- typedef struct ldap_value ldap_value_t;
--typedef LIST(ldap_value_t) ldap_valuelist_t;
-+typedef ISC_LIST(ldap_value_t) ldap_valuelist_t;
- struct ldap_value {
-         char                    *value;
--        LINK(ldap_value_t)      link;
-+        ISC_LINK(ldap_value_t)      link;
- };
- 
- /* Represents LDAP attribute and it's values */
- typedef struct ldap_attribute	ldap_attribute_t;
--typedef LIST(ldap_attribute_t)	ldap_attributelist_t;
-+typedef ISC_LIST(ldap_attribute_t)	ldap_attributelist_t;
- 
- /* Represents LDAP entry and it's attributes */
- typedef unsigned char		ldap_entryclass_t;
-@@ -41,7 +40,7 @@ struct ldap_entry {
- 
- 	ldap_attribute_t	*lastattr;
- 	ldap_attributelist_t	attrs;
--	LINK(ldap_entry_t)	link;
-+	ISC_LINK(ldap_entry_t)	link;
- 
- 	/* Parsing. */
- 	isc_lex_t		*lex;
-@@ -59,7 +58,7 @@ struct ldap_attribute {
- 	char			**ldap_values;
- 	ldap_value_t		*lastval;
- 	ldap_valuelist_t	values;
--	LINK(ldap_attribute_t)	link;
-+	ISC_LINK(ldap_attribute_t)	link;
- };
- 
- #define LDAP_ENTRYCLASS_NONE	0x0
-diff --git a/src/mldap.c b/src/mldap.c
-index 143abce..304ba36 100644
---- a/src/mldap.c
-+++ b/src/mldap.c
-@@ -119,13 +119,13 @@ void mldap_cur_generation_bump(mldapdb_t *mldap) {
-  * reference counter value.
-  */
- STATIC_ASSERT((isc_uint32_t)
--		(typeof(isc_refcount_current((isc_refcount_t *)0)))
-+		(typeof(((isc_refcount_t *)0)->refs))
- 		-1
- 	      == 0xFFFFFFFF, \
- 	      "negative isc_refcount_t cannot be properly shortened to 32 bits");
- 
- STATIC_ASSERT((isc_uint32_t)
--		(typeof(isc_refcount_current((isc_refcount_t *)0)))
-+		(typeof(((isc_refcount_t *)0)->refs))
- 		0x90ABCDEF12345678
- 	      == 0x12345678, \
- 	      "positive isc_refcount_t cannot be properly shortened to 32 bits");
-diff --git a/src/rbt_helper.c b/src/rbt_helper.c
-index 2a7e6cb..f610b07 100644
---- a/src/rbt_helper.c
-+++ b/src/rbt_helper.c
-@@ -2,6 +2,7 @@
-  * Copyright (C) 2013-2014  bind-dyndb-ldap authors; see COPYING for license
-  */
- 
-+#include <isc/util.h>
- #include <dns/rbt.h>
- 
- #include "util.h"
-diff --git a/src/types.h b/src/types.h
-index 25ef3b9..01d627c 100644
---- a/src/types.h
-+++ b/src/types.h
-@@ -24,7 +24,7 @@
-  * rdata1 -> rdata2 -> rdata3           rdata4 -> rdata5
-  * next_rdatalist              ->       next_rdatalist  ...
-  */
--typedef LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
-+typedef ISC_LIST(dns_rdatalist_t) ldapdb_rdatalist_t;
- 
- typedef struct enum_txt_assoc {
- 	int		value;
--- 
-2.14.3
-

0004-use-correct-dn-value.patch

@@ -1,32 +0,0 @@
-commit d69150691983f7f1efaa078549cd80a14afb76cb
-Author: Petr Menšík <pemensik@redhat.com>
-Date:   Mon Jan 28 00:31:25 2019 +0100
-
-    Use correct dn value
-    
-    New GCC correctly reports error, NULL is always passed in case of
-    invalid objectclass.
-    
-    Signed-off-by: Petr Menšík <pemensik@redhat.com>
-
-diff --git a/src/ldap_helper.c b/src/ldap_helper.c
-index ac8ce6e..8b486ae 100644
---- a/src/ldap_helper.c
-+++ b/src/ldap_helper.c
-@@ -4102,7 +4102,6 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype)
- 	ldap_entry_t *entry = NULL;
- 	dns_name_t *zone_name = NULL;
- 	dns_zone_t *zone_ptr = NULL;
--	char *dn = NULL;
- 	isc_taskaction_t action = NULL;
- 	isc_task_t *task = NULL;
- 	isc_boolean_t synchronous;
-@@ -4156,7 +4155,7 @@ syncrepl_update(ldap_instance_t *inst, ldap_entry_t **entryp, int chgtype)
- 	else if ((entry->class & LDAP_ENTRYCLASS_RR) != 0)
- 		action = update_record;
- 	else {
--		log_error("unsupported objectClass: dn '%s'", dn);
-+		log_error("unsupported objectClass: dn '%s'", entry->dn);
- 		result = ISC_R_NOTIMPLEMENTED;
- 		goto cleanup;
- 	}

backport-bind-dyndb-ldap-bind-9.18.24.patch

@@ -0,0 +1,32 @@
+From 628db201764a0dc76f8e48c1524850de64e2f2fe Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 14 Feb 2024 15:45:57 +0200
+Subject: [PATCH] Include dydnb-config.h prior to any BIND headers
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/syncrepl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+ 
+diff --git a/src/syncrepl.c b/src/syncrepl.c
+index f94379c..4725bb8 100644
+--- a/src/syncrepl.c
++++ b/src/syncrepl.c
+@@ -4,6 +4,7 @@
+ 
+ #include <unistd.h>
+ 
++#include "dyndb-config.h"
+ #include <isc/condition.h>
+ #include <isc/event.h>
+ #include <isc/mutex.h>
+@@ -11,7 +12,6 @@
+ #include <isc/time.h>
+ #include <isc/util.h>
+ 
+-#include "dyndb-config.h"
+ #include "ldap_helper.h"
+ #include "util.h"
+ #include "semaphore.h"
+-- 
+2.43.0

backport-bind-dyndb-ldap-dns_name_init.patch

@@ -0,0 +1,38 @@
+From dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Wed, 14 Feb 2024 14:29:00 +0200
+Subject: [PATCH] use BIND macros when defining DNS names
+ 
+Fixes: https://pagure.io/bind-dyndb-ldap/issue/228
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/mldap.c | 13 +------------
+ 1 file changed, 1 insertion(+), 12 deletions(-)
+ 
+diff --git a/src/mldap.c b/src/mldap.c
+index 92a330c..79efddb 100644
+--- a/src/mldap.c
++++ b/src/mldap.c
+@@ -50,18 +50,7 @@
+ static unsigned char uuid_rootname_ndata[]
+ 	= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
+ static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
+-static dns_name_t uuid_rootname =
+-{
+-	DNS_NAME_MAGIC,
+-	uuid_rootname_ndata,
+-	sizeof(uuid_rootname_ndata),
+-	sizeof(uuid_rootname_offsets),
+-	DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
+-	uuid_rootname_offsets,
+-	NULL,
+-	{ (void *)-1, (void *)-1 },
+-	{ NULL, NULL }
+-};
++static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
+ 
+ struct mldapdb {
+ 	isc_mem_t	*mctx;
+-- 
+2.43.0

bind-dyndb-ldap-11.1.tar.bz2.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQEcBAABCAAGBQJYwqX6AAoJECKiqUteSUFa2OkH/3NWkWc62TWaDkMN+EPUYSJ5
-Hf+hxQJdioATttopyuiCE+5q2iS/9n8DGgfQmdPXDalZwQfYWhX75WWlMIiWWy5F
-FDZ29tWY41JqLCdV3xYMhR+Nd4OBegT+U3muIzsFcSS9el78kRmNJCu1yOur/Nc+
-r1v8o2J5PVmp1iYxvy5s77qcIC3cERGcLakDlRduZY00jCL5I5ysxG8sWQ8jJEIr
-G1thN8cJeZ37pcOml943m0hLjzcJeNhmV/rgz7cMpH17r3yf5B600B+lGqrL9EtJ
-lSTVRJQlZFosDPVrqKuNyMHi5iIroc8+TVZtw1aAyZ8KA39zG5wrMF5FphjVHm4=
-=jtZI
------END PGP SIGNATURE-----

bind-dyndb-ldap-11.10-bind-9.18.11.patch

@@ -0,0 +1,37 @@
+From 282b1c9ea58cc0f2337a72912808505e5f540d5a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Sat, 28 Jan 2023 11:32:05 +0100
+Subject: [PATCH] Minimal change to compile with BIND 9.18.11
+ 
+DSCP codes are not working and their support were removed from BIND9. Do
+not require them to be present.
+---
+ src/fwd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+ 
+diff --git a/src/fwd.c b/src/fwd.c
+index 24f6e53..10ec848 100644
+--- a/src/fwd.c
++++ b/src/fwd.c
+@@ -198,7 +198,9 @@ fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs,
+ 	     INSIST((fwdr_int == NULL) == (fwdr_cfg == NULL)), fwdr_int != NULL;
+ 	     fwdr_int = ISC_LIST_NEXT(fwdr_int, link), fwdr_cfg = cfg_list_next(fwdr_cfg)) {
+ 		fwdr_cfg->obj->value.sockaddrdscp.sockaddr = fwdr_int->addr;
++#if LIBDNS_VERSION_MAJOR < 1811
+ 		fwdr_cfg->obj->value.sockaddrdscp.dscp = fwdr_int->dscp;
++#endif
+ 	}
+ 	cfg_print(faddresses, buffer_append_str, &tmp_buf);
+ 
+@@ -281,7 +283,9 @@ fwd_parse_str(const char *fwdrs_str, isc_mem_t *mctx,
+ 			isc_sockaddr_setport(&addr, port);
+ 		fwdr = isc_mem_get(mctx, sizeof(*(fwdr)));
+ 		fwdr->addr = addr;
++#if LIBDNS_VERSION_MAJOR < 1811
+ 		fwdr->dscp = cfg_obj_getdscp(fwdr_cfg);
++#endif
+ 		ISC_LINK_INIT(fwdr, link);
+ 		ISC_LIST_APPEND(*fwdrs, fwdr, link);
+ 	}
+-- 
+2.39.1

bind-dyndb-ldap-11.10.tar.bz2.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmKxbw8ACgkQRxniuKu/
+YhpvSQ/+ONhrsgo9PS5Lbe7gpQcBIWlzat2TnceeeDNE7ybB4iXSFaAjYFwysGQ0
+5/WJGIjzA4r+fl7o5JxBhn8HAxN3TM13xhzM/91sFAlNDrnO6QameulIEr8vAJTW
+HNuQ/+rwZKfyGWJn32Ztex/7lX+GAQKnMqZ90TdHibMMawk2rP5617N1hgUMDkao
+9bCVZ8ezzrKeECaJDygi8VT/3z0wffksnL/Elj5NVRJD1T9J2cNEwxj9oklnccOc
+dK7C/zzv9k2mH4CssVZsZxk0JDO8McuzquSgBWJy4n6Jxz6tunykmGAjQDS/UizI
+DuC6tCnDZL2kN0krMe0wXyayT+D13jUPjsj8/GKxz7QbIPu6sK6EXj/FEwH+LscG
+xud7v79puMJ76CO+/mhLg7qTV+erAuy0HjGcS7cGX/l4X9lMpesrDwOD17/MpfFL
+6+6aAf8ypzo2gxRW0x4Xb8vrJwYyt4+l9u+ipm8RfYRXcT6dMwuhjkXr3AE9Np1g
+Hh/Ya5EwgICiCzO5J9Q7xvU8kqzXvMpwd+FY/3lnGXg982UmTTYZBixVU8BuXFqi
+aXo73b6+zXr9sT/Dclz8ZA/UX60GyQ7qTFYGSPa5ZPts4DL8IgWliXJaalDG5XvW
+VtfeMOfH9Q2mAPrBa0BTVmHwItzDgjGCVGeSAdN8g1tFpq48rxQ=
+=2rGI
+-----END PGP SIGNATURE-----

bind-dyndb-ldap-bind-9.18.10-db-options.patch

@@ -0,0 +1,103 @@
+From 5dd2fefa0bc7cd7689004cec64304c3a02be9eab Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 12 Jan 2023 13:25:10 +0200
+Subject: [PATCH] Support bind 9.18.10 or later
+ 
+dns_db_allrdatasets() gained a new parameter. Adopt the code to allow
+injecting 0 options if building against 9.18.10.
+ 
+Fixes: https://pagure.io/bind-dyndb-ldap/issue/216
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/ldap_driver.c | 7 ++++---
+ src/ldap_helper.c | 4 ++--
+ src/metadb.c      | 3 ++-
+ src/util.h        | 6 ++++++
+ 4 files changed, 14 insertions(+), 6 deletions(-)
+ 
+diff --git a/src/ldap_driver.c b/src/ldap_driver.c
+index 7367493..e4aeeb2 100644
+--- a/src/ldap_driver.c
++++ b/src/ldap_driver.c
+@@ -465,13 +465,14 @@ findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ 
+ static isc_result_t
+ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+-	     isc_stdtime_t now, dns_rdatasetiter_t **iteratorp)
++	     DNS_DB_ALLRDATASETS_OPTIONS(unsigned int options, isc_stdtime_t now),
++	     dns_rdatasetiter_t **iteratorp)
+ {
+ 	ldapdb_t *ldapdb = (ldapdb_t *) db;
+ 
+ 	REQUIRE(VALID_LDAPDB(ldapdb));
+ 
+-	return dns_db_allrdatasets(ldapdb->rbtdb, node, version, now, iteratorp);
++	return dns_db_allrdatasets(ldapdb->rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(options, now), iteratorp);
+ }
+ 
+ /* TODO: Add 'tainted' flag to the LDAP instance if something went wrong. */
+@@ -514,7 +515,7 @@ node_isempty(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ 
+ 	CHECK(ldapdb_name_fromnode(node, dns_fixedname_initname(&fname)));
+ 
+-	result = dns_db_allrdatasets(db, node, version, now, &rds_iter);
++	result = dns_db_allrdatasets(db, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, now), &rds_iter);
+ 	if (result == ISC_R_NOTFOUND) {
+ 		*isempty = true;
+ 	} else if (result == ISC_R_SUCCESS) {
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index 7ea3df9..7ac3d91 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -2005,7 +2005,7 @@ zone_sync_apex(const ldap_instance_t * const inst,
+ 				 zone_settings, &rdatalist));
+ 
+ 	CHECK(dns_db_getoriginnode(rbtdb, &node));
+-	result = dns_db_allrdatasets(rbtdb, node, version, 0,
++	result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
+ 				     &rbt_rds_iterator);
+ 	if (result == ISC_R_SUCCESS) {
+ 		CHECK(diff_ldap_rbtdb(inst->mctx, &name, &rdatalist,
+@@ -3929,7 +3929,7 @@ update_restart:
+ 	CHECK(dns_db_newversion(ldapdb, &version));
+ 
+ 	CHECK(dns_db_findnode(rbtdb, &entry->fqdn, true, &node));
+-	result = dns_db_allrdatasets(rbtdb, node, version, 0, &rbt_rds_iterator);
++	result = dns_db_allrdatasets(rbtdb, node, version, DNS_DB_ALLRDATASETS_OPTIONS(0, 0), &rbt_rds_iterator);
+ 	if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
+ 		goto cleanup;
+ 
+diff --git a/src/metadb.c b/src/metadb.c
+index f469a30..276de24 100644
+--- a/src/metadb.c
++++ b/src/metadb.c
+@@ -217,7 +217,8 @@ metadb_node_delete(metadb_node_t **nodep) {
+ 	node = *nodep;
+ 
+ 	dns_rdataset_init(&rdataset);
+-	CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version, 0,
++	CHECK(dns_db_allrdatasets(node->rbtdb, node->dbnode, node->version,
++				  DNS_DB_ALLRDATASETS_OPTIONS(0, 0),
+ 				  &iter));
+ 
+ 	for (result = dns_rdatasetiter_first(iter);
+diff --git a/src/util.h b/src/util.h
+index 5088ff3..e4620ff 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -29,6 +29,12 @@ extern bool verbose_checks; /* from settings.c */
+ #define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
+ #endif
+ 
++#if LIBDNS_VERSION_MAJOR >= 1810
++#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
++#else
++#define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
++#endif
++
+ #define CLEANUP_WITH(result_code)				\
+ 	do {							\
+ 		result = (result_code);				\
+-- 
+2.39.0

bind-dyndb-ldap-bind-9.18.10-logs.patch

@@ -0,0 +1,151 @@
+From 00131b7b72daa953ab2bf5e6a4fd5508052debb0 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 12 Jan 2023 14:33:07 +0200
+Subject: [PATCH] adopt to bind 9.18.9+ loggers
+ 
+Fixes: https://pagure.io/bind-dyndb-ldap/issues/216
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/ldap_helper.c | 12 ++++--------
+ src/log.h         |  9 +++++++++
+ src/settings.c    | 12 ++++--------
+ src/syncrepl.c    |  6 ++----
+ 4 files changed, 19 insertions(+), 20 deletions(-)
+ 
+diff --git a/src/ldap_helper.c b/src/ldap_helper.c
+index 7ac3d91..acabd31 100644
+--- a/src/ldap_helper.c
++++ b/src/ldap_helper.c
+@@ -1317,8 +1317,7 @@ configure_zone_acl(isc_mem_t *mctx, dns_zone_t *zone,
+ 			dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
+ 				      "cannot configure restrictive %s policy: %s",
+ 				      type_txt, isc_result_totext(result2));
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "insecure state detected");
++			fatal_error("insecure state detected");
+ 		}
+ 	}
+ 	acl_setter(zone, acl);
+@@ -1365,8 +1364,7 @@ configure_zone_ssutable(dns_zone_t *zone, const char *update_str)
+ 			dns_zone_logc(zone, DNS_LOGCATEGORY_SECURITY, ISC_LOG_CRITICAL,
+ 				      "cannot disable all updates: %s",
+ 				      isc_result_totext(result2));
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "insecure state detected");
++			fatal_error("insecure state detected");
+ 		}
+ 	}
+ 
+@@ -2951,8 +2949,7 @@ force_reconnect:
+ 						   ldap_inst);
+ 		break;
+ 	case AUTH_INVALID:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				"invalid auth_method_enum value %u",
++		unexpected_error("invalid auth_method_enum value %u",
+ 				 auth_method_enum);
+ 		break;
+ 
+@@ -3782,8 +3779,7 @@ update_zone(isc_task_t *task, isc_event_t *event)
+ 		else if (entry->class & LDAP_ENTRYCLASS_FORWARD)
+ 			CHECK(ldap_parse_fwd_zoneentry(entry, inst));
+ 		else
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "update_zone: unexpected entry class");
++			fatal_error("update_zone: unexpected entry class");
+ 	}
+ 
+ cleanup:
+diff --git a/src/log.h b/src/log.h
+index da71f8b..844ac46 100644
+--- a/src/log.h
++++ b/src/log.h
+@@ -17,8 +17,17 @@
+ #define GET_LOG_LEVEL(level)	(level)
+ #endif
+ 
++#if LIBDNS_VERSION_MAJOR >= 1809
++#define fatal_error(...) \
++	isc_error_fatal(__FILE__, __LINE__, __func__, __VA_ARGS__)
++#define unexpected_error(...) \
++	isc_error_unexpected(__FILE__, __LINE__, __func__, __VA_ARGS__)
++#else
+ #define fatal_error(...) \
+ 	isc_error_fatal(__FILE__, __LINE__, __VA_ARGS__)
++#define unexpected_error(...) \
++	isc_error_unexpected(__FILE__, __LINE__, __VA_ARGS__)
++#endif
+ 
+ #define log_bug(fmt, ...) \
+ 	log_error("bug in %s(): " fmt, __func__,##__VA_ARGS__)
+diff --git a/src/settings.c b/src/settings.c
+index def60d7..2a0bb19 100644
+--- a/src/settings.c
++++ b/src/settings.c
+@@ -178,8 +178,7 @@ setting_get(const char *const name, const setting_type_t type,
+ 		*(bool *)target = setting->value.value_boolean;
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", type);
++		unexpected_error("invalid setting_type_t value %u", type);
+ 		break;
+ 	}
+ 
+@@ -278,8 +277,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
+ 			CLEANUP_WITH(ISC_R_IGNORE);
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 
+@@ -304,8 +302,7 @@ set_value(isc_mem_t *mctx, const settings_set_t *set, setting_t *setting,
+ 		setting->value.value_boolean = numeric_value;
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 	setting->filled = 1;
+@@ -389,8 +386,7 @@ setting_unset(const char *const name, const settings_set_t *set)
+ 	case ST_BOOLEAN:
+ 		break;
+ 	default:
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "invalid setting_type_t value %u", setting->type);
++		unexpected_error("invalid setting_type_t value %u", setting->type);
+ 		break;
+ 	}
+ 	setting->filled = 0;
+diff --git a/src/syncrepl.c b/src/syncrepl.c
+index 0bee09a..f94379c 100644
+--- a/src/syncrepl.c
++++ b/src/syncrepl.c
+@@ -148,8 +148,7 @@ finish(isc_task_t *task, isc_event_t *event) {
+ 		case sync_datainit:
+ 		case sync_finished:
+ 		default:
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "sync_barrier_wait(): invalid state "
++			fatal_error("sync_barrier_wait(): invalid state "
+ 				    "%u", bev->sctx->state);
+ 	}
+ 	sync_state_change(bev->sctx, new_state, false);
+@@ -518,8 +517,7 @@ sync_barrier_wait(sync_ctx_t *sctx, ldap_instance_t *inst) {
+ 		case sync_databarrier:
+ 		case sync_finished:
+ 		default:
+-			FATAL_ERROR(__FILE__, __LINE__,
+-				    "sync_barrier_wait(): invalid state "
++			fatal_error("sync_barrier_wait(): invalid state "
+ 				    "%u", sctx->state);
+ 	}
+ 
+-- 
+2.39.0

bind-dyndb-ldap-bind-9.18.10-staleok.patch

@@ -0,0 +1,37 @@
+From 47902df23bf637e6c7ece67b928339e0fda58ae0 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Mon, 16 Jan 2023 11:03:24 +0200
+Subject: [PATCH] Handle dns_db_allrdatasets() backports too
+ 
+With https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7189 the
+changes were also backported to 9.16.36+ as well. Instead of checking
+version, check if an additional define is present.
+ 
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/util.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+ 
+diff --git a/src/util.h b/src/util.h
+index e4620ff..5da0f5c 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -13,6 +13,7 @@
+ #include <dns/types.h>
+ #include <dns/name.h>
+ #include <dns/result.h>
++#include <dns/db.h>
+ 
+ #include "log.h"
+ #include "dyndb-config.h"
+@@ -29,7 +30,7 @@ extern bool verbose_checks; /* from settings.c */
+ #define dns_name_copynf(src, dst) dns_name_copy((src), (dst))
+ #endif
+ 
+-#if LIBDNS_VERSION_MAJOR >= 1810
++#ifdef DNS_DB_STALEOK
+ #define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) options, tstamp
+ #else
+ #define DNS_DB_ALLRDATASETS_OPTIONS(options, tstamp) tstamp
+-- 
+2.39.0

bind-dyndb-ldap.spec

@@ -1,25 +1,39 @@
-%define bind_version 32:9.11.3-5
+%define bind_version 32:9.16.16
+%global openssl_pkcs11_version 0.4.10-6
+%global softhsm_version 2.5.0-4
+%global with_bind_pkcs11 0
 
 Name:           bind-dyndb-ldap
-Version:        11.1
-Release:        14
+Version:        11.10
+Release:        2
 Summary:        LDAP back-end plug-in for BIND
 License:        GPLv2+
 URL:            https://releases.pagure.org/bind-dyndb-ldap
 Source0:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2.asc
-# These patches come from fedoraproject
-Patch0001:      0001-Coverity-fix-REVERSE_INULL-for-pevent-inst.patch
-Patch0002:      0002-Add-empty-callback-for-getsize.patch
-Patch0003:      0003-Support-for-BIND-9.11.3.patch
-Patch0004:      0004-use-correct-dn-value.patch
-BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}, bind-pkcs11-devel >= %{bind_version}
+
+Patch1:         bind-dyndb-ldap-bind-9.18.10-db-options.patch
+Patch2:         bind-dyndb-ldap-bind-9.18.10-logs.patch
+Patch3:         bind-dyndb-ldap-bind-9.18.10-staleok.patch
+Patch4:         bind-dyndb-ldap-11.10-bind-9.18.11.patch
+Patch5:         backport-bind-dyndb-ldap-bind-9.18.24.patch
+Patch6:         backport-bind-dyndb-ldap-dns_name_init.patch
+
+BuildRequires:  bind-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
-BuildRequires:  automake, autoconf, libtool
+BuildRequires:  automake, autoconf, libtool, make
 BuildRequires:  openssl-devel
+
+%if %{with bind_pkcs11}
+BuildRequires:  bind-pkcs11-devel >= %{bind_version}
+Requires(pre):  bind-pkcs11 >= %{bind_version}
 Requires:       bind-pkcs11 >= %{bind_version}, bind-pkcs11-utils >= %{bind_version}
+%else
+Requires(pre):  bind >= %{bind_version}
+Requires:       softhsm >= %{softhsm_version}, openssl-pkcs11 >= %{openssl_pkcs11_version}, bind >= %{bind_version}
+%endif
 
 %description
 This package provides an LDAP back-end, the dynamic LDAP back-end is
@@ -30,8 +44,16 @@ a plug-in for BIND that provides an LDAP database back-end capabilities.
 
 %build
 autoreconf -fiv
+export BIND9_CFLAGS='-I /usr/include/bind9 -DHAVE_TLS -DHAVE_THREAD_LOCAL'
 %configure
+%if %{?openEuler:1}0
 %make_build
+%else
+# unset SOURCE_DATE_EPOCH eliminate bep differences
+unset SOURCE_DATE_EPOCH
+%make_build
+set SOURCE_DATE_EPOCH
+%endif
 
 %install
 rm -rf %{buildroot}
@@ -39,6 +61,7 @@ rm -rf %{buildroot}
 install -d -m 770 %{buildroot}/%{_localstatedir}/named/dyndb-ldap
 
 %post
+[ -f /etc/named.conf ] || exit 0
 # Transform named.conf if it still has old-style API.
 PLATFORM=$(uname -m)
 
@@ -75,6 +98,36 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 
 
 %changelog
+* Wed Mar 20 2024 xinghe <xinghe2@h-partners.com> - 11.10-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix build failed
+
+* Sun Jan 29 2023 xinghe <xinghe2@h-partners.com> - 11.10-1
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC:update to 11.10
+
+* Fri Jun 10 2022 gaihuiying <eaglegai@163.com> - 11.9-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:add macros to control if need to eliminate bep differences
+
+* Fri Dec 24 2021 yanglu <yanglu72@huawei.com> - 11.9-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update to 11.9
+
+* Mon Jul 27 2020 gaihuiying <gaihuiying1@huawei.com> - 11.3-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update to 11.3
+
 * Mon Jun 22 2020 gaihuiying <gaihuiying1@huawei.com> - 11.1-14
 - Type:bugfix
 - ID:NA