From 1f8ab5c2532552e978e22f5bdbb4f9cdfa02c00f Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Sep 13 2017 15:59:46 +0000 Subject: Fix nsupdate GSSAPI auth against AD server (#1484451) --- diff --git a/bind-9.11-rh1484451.patch b/bind-9.11-rh1484451.patch new file mode 100644 index 0000000..c2596b2 --- /dev/null +++ b/bind-9.11-rh1484451.patch @@ -0,0 +1,27 @@ +From a8a20462b516b0cc39e9b1fb1a8dd514eb1aed29 Mon Sep 17 00:00:00 2001 +From: Mark Andrews +Date: Fri, 1 Sep 2017 11:17:59 +1000 +Subject: [PATCH] 4697. [bug] Restore workaround for Microsoft + Windows TSIG hash computation bug. [RT #45854] + +--- + lib/dns/rdataset.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c +index 1386840..e563963 100644 +--- a/lib/dns/rdataset.c ++++ b/lib/dns/rdataset.c +@@ -466,6 +466,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, + dns_name_copy(owner_name, name, NULL); + dns_rdataset_getownercase(rdataset, name); + ++ if ((owner_name->attributes & DNS_NAMEATTR_NOCOMPRESS) != 0) ++ name->attributes |= DNS_NAMEATTR_NOCOMPRESS; ++ + do { + /* + * Copy out the name, type, class, ttl. +-- +2.9.5 + diff --git a/bind.spec b/bind.spec index b8fa70e..a302a24 100644 --- a/bind.spec +++ b/bind.spec @@ -82,8 +82,9 @@ Patch136:bind-9.10-dist-native-pkcs11.patch # introduced by https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=fc9f0ac5778f78003a7acc957a23711811fec122 Patch137:bind-9.10-use-of-strlcat.patch Patch140:bind-9.11-rh1410433.patch -Patch142: bind-9.11-dlz-mysql.patch -Patch143: bind-9.11-dlz-mysql-modules.patch +Patch142:bind-9.11-dlz-mysql.patch +Patch143:bind-9.11-dlz-mysql-modules.patch +Patch144:bind-9.11-rh1484451.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -381,6 +382,7 @@ This package provides a module which allows commands to be sent to rndc directly %patch140 -p1 -b .rh1410433 %patch142 -p1 -b .mysql_config %patch143 -p1 -b .mysql_modules +%patch144 -p1 -b .rh1484451 %if %{PKCS11} cp -r bin/named{,-pkcs11} @@ -1153,6 +1155,7 @@ rm -rf ${RPM_BUILD_ROOT} * Wed Aug 02 2017 Petr Menšík - 32:9.11.2-1 - Update to 9.11.2 - Add recursing and secroots file into default and sample config +- Fix nsupdate GSSAPI auth against AD server (#1484451) * Wed Aug 02 2017 Fedora Release Engineering - 32:9.11.1-6.P3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild