From c3db872f708369fe512143e825456c665493747a Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@fedoraproject.org>
Date: Aug 23 2007 09:09:35 +0000
Subject: - added new initscript option KEYTAB_FILE which specified where is located

    kerberos .keytab file for named service
- obsolete temporary bind-9.5-spnego-memory_management.patch by
    bind-9.5-gssapictx-free.patch which conforms BIND coding standards
    (#251853)

---

diff --git a/bind-9.5-gssapictx-free.patch b/bind-9.5-gssapictx-free.patch
new file mode 100644
index 0000000..35f1b40
--- /dev/null
+++ b/bind-9.5-gssapictx-free.patch
@@ -0,0 +1,41 @@
+Written-by: Adam Tkac <atkac redhat com>
+diff -up bind-9.5.0a6/lib/dns/spnego.h.free bind-9.5.0a6/lib/dns/spnego.h
+--- bind-9.5.0a6/lib/dns/spnego.h.free	2007-06-20 01:47:16.000000000 +0200
++++ bind-9.5.0a6/lib/dns/spnego.h	2007-08-22 14:32:13.000000000 +0200
+@@ -67,5 +67,9 @@ OM_uint32 gss_accept_sec_context_spnego(
+ 					OM_uint32 *,
+ 					gss_cred_id_t *);
+ 
++/*
++ * We have to export this because we need to free memory allocated by spnego_malloc
++ */
++void spnego_free(void *ptr, const char *file, int line);
+ 
+ #endif
+diff -up bind-9.5.0a6/lib/dns/gssapictx.c.free bind-9.5.0a6/lib/dns/gssapictx.c
+--- bind-9.5.0a6/lib/dns/gssapictx.c.free	2007-06-20 01:47:16.000000000 +0200
++++ bind-9.5.0a6/lib/dns/gssapictx.c	2007-08-22 14:44:46.000000000 +0200
+@@ -510,7 +510,11 @@ dst_gssapi_initctx(dns_name_t *name, isc
+ 	RETERR(isc_buffer_copyregion(outtoken, &r));
+ 
+ 	(void)gss_release_name(&minor, &gname);
++#ifdef USE_ISC_SPNEGO
++	spnego_free (gouttoken.value, __FILE__, __LINE__);
++#else
+ 	(void)gss_release_buffer(&minor, &gouttoken);
++#endif
+ 
+ 	if (gret == GSS_S_COMPLETE)
+ 		result = ISC_R_SUCCESS;
+diff -up bind-9.5.0a6/lib/dns/spnego.c.free bind-9.5.0a6/lib/dns/spnego.c
+--- bind-9.5.0a6/lib/dns/spnego.c.free	2007-06-20 01:47:16.000000000 +0200
++++ bind-9.5.0a6/lib/dns/spnego.c	2007-08-22 14:32:13.000000000 +0200
+@@ -201,7 +201,7 @@ spnego_malloc(size_t size, const char *f
+ 	return (p);
+ }
+ 	
+-static void
++void
+ spnego_free(void *ptr, const char *file, int line)
+ {
+ 	char *p = ptr;
diff --git a/bind-9.5-spnego-memory_management.patch b/bind-9.5-spnego-memory_management.patch
deleted file mode 100644
index 6ce486c..0000000
--- a/bind-9.5-spnego-memory_management.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-diff -up bind-9.5.0a6/lib/dns/spnego.c.memory_management bind-9.5.0a6/lib/dns/spnego.c
---- bind-9.5.0a6/lib/dns/spnego.c.memory_management	2007-08-13 17:59:03.000000000 +0200
-+++ bind-9.5.0a6/lib/dns/spnego.c	2007-08-13 17:59:44.000000000 +0200
-@@ -169,88 +169,6 @@
-  */
- #include "spnego.h"
- 
--/*
-- * The isc_mem function keep track of allocation sizes, but we can't
-- * get at that information, and we need to know sizes to implement a
-- * realloc() clone.  So we use a little more memory to keep track of
-- * sizes allocated here.
-- *
-- * These functions follow Harbison & Steele, 4th edition, particularly
-- * with regard to realloc()'s behavior.
-- */
--
--static void *
--spnego_malloc(size_t size, const char *file, int line)
--{
--	char *p;
--
--	if (size == 0)
--		return (NULL);
--	p = isc_mem_allocate(dst__memory_pool, size + sizeof(size_t));
--	if (p == NULL)
--		return NULL;
--	*(size_t *)p = size;
--	p += sizeof(size_t);
--#ifdef SPNEGO_ALLOC_DEBUG
--	printf("spnego_malloc(%lu) %lx %s %u\n",
--	       (unsigned long) size, (unsigned long) p, file, line);
--#else
--	(void)file;
--	(void)line;
--#endif
--	return (p);
--}
--	
--static void
--spnego_free(void *ptr, const char *file, int line)
--{
--	char *p = ptr;
--
--	if (p == NULL)
--		return;
--#ifdef SPNEGO_ALLOC_DEBUG
--	printf("spnego_free(%lx) %s %u\n",
--	       (unsigned long) p, file, line);
--#else
--	(void)file;
--	(void)line;
--#endif
--	p -= sizeof(size_t);
--	isc_mem_free(dst__memory_pool, p);
--}
--
--static void *
--spnego_realloc(void *old_ptr, size_t new_size, const char *file, int line)
--{
--	size_t *old_size;
--	void *new_ptr;
--
--	if (old_ptr == NULL)
--		return (spnego_malloc(new_size, file, line));
--
--	if (new_size == 0) {
--		spnego_free(old_ptr, file, line);
--		return (NULL);
--	}
--
--	old_size = old_ptr;
--	old_size--;
--	if (*old_size >= new_size)
--		return (old_ptr);
--
--	new_ptr = spnego_malloc(new_size, file, line);
--	if (new_ptr == NULL)
--		return (NULL);
--
--	memcpy(new_ptr, old_ptr, *old_size);
--	spnego_free(old_ptr, file, line);
--	return (new_ptr);
--}
--
--#define	malloc(x)	spnego_malloc(x,	__FILE__, __LINE__)
--#define	free(x)		spnego_free(x,		__FILE__, __LINE__)
--#define	realloc(x,y)	spnego_realloc(x, y,	__FILE__, __LINE__)
--
- /* asn1_err.h */
- /* Generated from ../../../lib/asn1/asn1_err.et */
- 
diff --git a/bind.spec b/bind.spec
index e433e7b..99db331 100644
--- a/bind.spec
+++ b/bind.spec
@@ -21,7 +21,7 @@ Summary: 	The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name: 		bind
 License: 	ISC
 Version: 	9.5.0
-Release: 	10.%{RELEASEVER}%{?dist}
+Release: 	10.2.%{RELEASEVER}%{?dist}
 Epoch:   	32
 Url: 		http://www.isc.org/products/BIND/
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -64,8 +64,9 @@ Patch63:	bind-9.4.0-dnssec-directory.patch
 Patch69:	bind-9.5.0-generate-xml.patch
 Patch71:	bind-9.5-overflow.patch
 Patch72:	bind-9.5-dlz-64bit.patch
-Patch74:	bind-9.5-spnego-memory_management.patch
 Patch75:	bind-9.5-update.patch
+Patch76:	bind-9.5-gssapictx-free.patch
+Patch77:	bind-9.5-memory-leaks.patch
 
 # SDB patches
 Patch11: 	bind-9.3.2b2-sdbsrc.patch
@@ -246,8 +247,9 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
 %patch72 -p1 -b .64bit
 %endif
 %patch73 -p1 -b .libidn
-%patch74 -p1 -b .memory
 %patch75 -p1 -b .update
+%patch76 -p1 -b .free
+%patch77 -p1 -b .leaks
 :;
 
 
@@ -401,7 +403,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int
   echo '@ in soa localhost. root 1 3H 15M 1W 1D
   ns localhost.' > sample/var/named/$f; 
 done
-/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.207 2007/08/22 11:01:53 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
+/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.208 2007/08/23 09:09:35 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\
  *\
  * NOTE: you only need to create this file if it is to\
  * differ from the following default contents:
@@ -643,6 +645,13 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sbindir}/bind-chroot-admin
 
 %changelog
+* Wed Aug 22 2007 Adam Tkac <atkac redhat com> 32:9.5.0-10.2.a6
+- added new initscript option KEYTAB_FILE which specified where
+  is located kerberos .keytab file for named service
+- obsolete temporary bind-9.5-spnego-memory_management.patch by
+  bind-9.5-gssapictx-free.patch which conforms BIND coding standards
+  (#251853)
+
 * Tue Aug 21 2007 Adam Tkac <atkac redhat com> 32:9.5.0-10.a6
 - dropped direct dependency to /etc/openldap/schema directory
 - changed hardcoded paths to marcros
diff --git a/named.init b/named.init
index 58b8f9b..4b1e5a1 100755
--- a/named.init
+++ b/named.init
@@ -24,6 +24,7 @@
 [ -r /etc/sysconfig/named ] && . /etc/sysconfig/named
 
 RETVAL=0
+export KRB5_KTNAME=${KEYTAB_FILE:-/etc/named.keytab}
 
 # Don't kill named during clean-up
 NAMED_SHUTDOWN_TIMEOUT=${NAMED_SHUTDOWN_TIMEOUT:-100}
diff --git a/named.sysconfig b/named.sysconfig
index cec6b8a..622b691 100644
--- a/named.sysconfig
+++ b/named.sysconfig
@@ -15,3 +15,4 @@
 #			     support with the named -D option. This setting disables
 #			     this behavior.
 #
+# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for GSS-TSIG)