From 491ec650e2a38801f9c51f5dadb4a1047f9957b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 12 Dec 2024 19:54:03 +0100 Subject: [PATCH] Update to 9.18.32 (rhbz#2331675) - Remove CHANGES file from package Removed Features: - Disable DLZ plugins, they are not shipped with bind anymore New Features: - new 2024 KSK root key Feature Changes: - max-records-per-type and max-types-per-name improved logging when reached over their value And NSEC3 and two dig bug fixes. https://downloads.isc.org/isc/bind9/9.18.32/doc/arm/html/notes.html#notes-for-bind-9-18-32 Resolves: RHEL-48798 --- .gitignore | 2 ++ bind-9.20-openssl-no-engine.patch | 47 ------------------------------- bind-9.5-PIE.patch | 27 ++++++++++++------ bind.spec | 16 +++++++---- sources | 4 +-- 5 files changed, 33 insertions(+), 63 deletions(-) delete mode 100644 bind-9.20-openssl-no-engine.patch diff --git a/.gitignore b/.gitignore index 1f0515f..4e16a0e 100644 --- a/.gitignore +++ b/.gitignore @@ -226,3 +226,5 @@ bind-9.7.2b1.tar.gz /bind-9.18.28.tar.xz.asc /bind-9.18.29.tar.xz /bind-9.18.29.tar.xz.asc +/bind-9.18.32.tar.xz +/bind-9.18.32.tar.xz.asc diff --git a/bind-9.20-openssl-no-engine.patch b/bind-9.20-openssl-no-engine.patch deleted file mode 100644 index adb46aa..0000000 --- a/bind-9.20-openssl-no-engine.patch +++ /dev/null @@ -1,47 +0,0 @@ -From b487bd340ae1b635ce5cffe76f748ddc97f301f7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= -Date: Sat, 3 Aug 2024 01:28:36 +0200 -Subject: [PATCH] Remove unused headers from OpenSSL - shims - -The headers were unused and including the - header might cause build failure when OpenSSL -doesn't have Engines support enabled. - -See https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine ---- - lib/isc/openssl_shim.c | 2 -- - lib/isc/openssl_shim.h | 2 -- - 2 files changed, 4 deletions(-) - -diff --git a/lib/isc/openssl_shim.c b/lib/isc/openssl_shim.c -index c39ba8c6827..02d0105eb9e 100644 ---- a/lib/isc/openssl_shim.c -+++ b/lib/isc/openssl_shim.c -@@ -16,9 +16,7 @@ - #include - - #include --#include - #include --#include - #include - #include - -diff --git a/lib/isc/openssl_shim.h b/lib/isc/openssl_shim.h -index b2916e20a90..95b2f08e231 100644 ---- a/lib/isc/openssl_shim.h -+++ b/lib/isc/openssl_shim.h -@@ -14,9 +14,7 @@ - #pragma once - - #include --#include - #include --#include - #include - #include - --- -2.46.2 - diff --git a/bind-9.5-PIE.patch b/bind-9.5-PIE.patch index 1420cf3..9744f69 100644 --- a/bind-9.5-PIE.patch +++ b/bind-9.5-PIE.patch @@ -1,17 +1,28 @@ +From 13348a5fc64387bf53ef450688e181100d0ceddb Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Thu, 12 Dec 2024 15:56:13 +0100 +Subject: [PATCH] Harden named service build flags + +--- + bin/named/Makefile.am | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + diff --git a/bin/named/Makefile.am b/bin/named/Makefile.am -index 57a023b..085f2f7 100644 +index 57a023b..b832e9c 100644 --- a/bin/named/Makefile.am +++ b/bin/named/Makefile.am -@@ -32,9 +32,12 @@ AM_CPPFLAGS += \ - endif HAVE_LIBXML2 +@@ -33,7 +33,10 @@ endif HAVE_LIBXML2 AM_CPPFLAGS += \ -+ -fpie \ -DNAMED_LOCALSTATEDIR=\"${localstatedir}\" \ - -DNAMED_SYSCONFDIR=\"${sysconfdir}\" - -+AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack +- -DNAMED_SYSCONFDIR=\"${sysconfdir}\" ++ -DNAMED_SYSCONFDIR=\"${sysconfdir}\" \ ++ -fpie + ++AM_LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack + sbin_PROGRAMS = named - nodist_named_SOURCES = xsl.c +-- +2.47.1 + diff --git a/bind.spec b/bind.spec index a0dfd75..35727ec 100644 --- a/bind.spec +++ b/bind.spec @@ -9,7 +9,7 @@ %bcond_without GSSTSIG %bcond_without JSON # FIXME: Not ready. Should it be worked on? -%bcond_without DLZ +%bcond_with DLZ # New MaxMind GeoLite support %bcond_without GEOIP2 # Disabled temporarily until kyua is fixed on rawhide, bug #1926779 @@ -80,7 +80,10 @@ License: MPL-2.0 AND ISC AND MIT AND BSD-3-Clause AND BSD-2-Clause # ./lib/isc/string.c BSD-3-clause and/or MPL-2.0 # ./lib/isc/tm.c BSD-2-clause and/or MPL-2.0 # ./lib/isccfg/parser.c BSD-2-clause and/or MPL-2.0 -Version: 9.18.29 +# +# Before rebasing bind, ensure bind-dyndb-ldap is ready to be rebuild and use side-tag with it. +# Updating just bind will cause freeipa-dns-server package to be uninstallable. +Version: 9.18.32 Release: 1%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ @@ -118,9 +121,6 @@ Patch10: bind-9.5-PIE.patch Patch16: bind-9.16-redhat_doc.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2122010 Patch26: bind-9.18-unittest-netmgr-unstable.patch -# Correct support for building without openssl/engine.h header -# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9593 -Patch27: bind-9.20-openssl-no-engine.patch %{?systemd_ordering} Requires: coreutils @@ -811,7 +811,7 @@ fi; %{_mandir}/man8/rndc-confgen.8* %{_mandir}/man1/named-journalprint.1* %{_mandir}/man8/filter-*.8.gz -%doc CHANGES README.md named.conf.default +%doc README.md named.conf.default %doc sample/ # Hide configuration @@ -977,6 +977,10 @@ fi; %endif %changelog +* Thu Dec 12 2024 Petr Menšík - 32:9.18.32-1 +- Update to 9.18.32 (RHEL-48798) +- Remove CHANGES file from package + * Tue Oct 29 2024 Petr Menšík - 32:9.18.29-1 - Update to 9.18.29 (RHEL-48798) diff --git a/sources b/sources index f0ecde1..36b309b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.18.29.tar.xz) = 6c2676e2e2cb90f3bd73afb367813c54d1c961e12df1e12e41b9d0ee5a1d5cdf368d81410469753eaef37e43358b56796f078f3b2f20c3b247c4bef91d56c716 -SHA512 (bind-9.18.29.tar.xz.asc) = 6612c7151c4c1736e0237b8219cefbafbc1dcd4b04ad9b12b99cba703e6debde90d2f9838dd1465a47b9a002a598d9b8f3221dfe1a3bdc41436a92e6d06db472 +SHA512 (bind-9.18.32.tar.xz) = fa01978ca44cb5d559d8675dda4272b1327aebc0dca68b2e7b948e8c1bbd82da74f6258d40896ddccf86711d554b7ed4c0df93143e78b663724466738ac1320d +SHA512 (bind-9.18.32.tar.xz.asc) = b1b15734a90ec2df2da4a9f881fd9f9ea217a12e521b01d2cb06ff0f3305c80c933309d2bddf926e0ab647f4b925b4950c25c5d464ed276727dfbf6824387830