Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/bind.git#ad33c6c09557956426b2c7053495496dc9c442cb
This commit is contained in:
DistroBaker 2020-11-26 13:20:54 +00:00
parent 6b2bb6b270
commit a9c482da54
6 changed files with 213 additions and 208 deletions

2
.gitignore vendored
View File

@ -118,3 +118,5 @@ bind-9.7.2b1.tar.gz
/bind-9.11.23.tar.gz.asc
/bind-9.11.24.tar.gz
/bind-9.11.24.tar.gz.asc
/bind-9.11.25.tar.gz
/bind-9.11.25.tar.gz.asc

View File

@ -1,28 +0,0 @@
From ee53b9558fb73dc0c2f328fe91421f2c32e9a369 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 3 Nov 2020 11:25:55 +1100
Subject: [PATCH] Call nta_detach() before dns_view_weakdetach() so view is
available.
(cherry picked from commit ea956976d1e89f49570a4690fbad377e4f607c77)
---
lib/dns/nta.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/nta.c b/lib/dns/nta.c
index 79058bb9b5..73febe44ed 100644
--- a/lib/dns/nta.c
+++ b/lib/dns/nta.c
@@ -283,8 +283,8 @@ checkbogus(isc_task_t *task, isc_event_t *event) {
&nta->sigrdataset,
&nta->fetch);
if (result != ISC_R_SUCCESS) {
- dns_view_weakdetach(&view);
nta_detach(view->mctx, &nta);
+ dns_view_weakdetach(&view);
}
}
--
2.26.2

View File

@ -1,4 +1,4 @@
From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001
From 63d1fe9e1ac0db37f89cf31b40c35d6d22578ded Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Tue, 12 Sep 2017 19:05:46 -0700
Subject: [PATCH] rebased rt31459c
@ -53,7 +53,7 @@ Include new unit test
create mode 100644 lib/dns/tests/dstrandom_test.c
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
index 5015abb..295e16f 100644
index 40cf74c..bd269e7 100644
--- a/bin/confgen/keygen.c
+++ b/bin/confgen/keygen.c
@@ -165,6 +165,13 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
@ -71,7 +71,7 @@ index 5015abb..295e16f 100644
&entropy_source,
randomfile,
diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
index d9d6bb9..de4b15f 100644
index 4420f2d..9cb63a8 100644
--- a/bin/dnssec/dnssec-dsfromkey.c
+++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -498,14 +498,14 @@ main(int argc, char **argv) {
@ -103,7 +103,7 @@ index d9d6bb9..de4b15f 100644
dns_name_destroy();
if (verbose > 10)
diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c
index d65a514..04b3094 100644
index dc9a293..52863a1 100644
--- a/bin/dnssec/dnssec-importkey.c
+++ b/bin/dnssec/dnssec-importkey.c
@@ -404,14 +404,14 @@ main(int argc, char **argv) {
@ -135,7 +135,7 @@ index d65a514..04b3094 100644
dns_name_destroy();
if (verbose > 10)
diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c
index 7d82dbf..10f9359 100644
index 0121a34..74a99b0 100644
--- a/bin/dnssec/dnssec-revoke.c
+++ b/bin/dnssec/dnssec-revoke.c
@@ -184,14 +184,14 @@ main(int argc, char **argv) {
@ -167,10 +167,10 @@ index 7d82dbf..10f9359 100644
if (verbose > 10)
isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index 7afcaee..1cfa511 100644
index f017895..2c568fc 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -380,14 +380,14 @@ main(int argc, char **argv) {
@@ -391,14 +391,14 @@ main(int argc, char **argv) {
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
@ -188,7 +188,7 @@ index 7afcaee..1cfa511 100644
isc_entropy_stopcallbacksources(ectx);
if (predecessor != NULL) {
@@ -672,8 +672,8 @@ main(int argc, char **argv) {
@@ -683,8 +683,8 @@ main(int argc, char **argv) {
if (prevkey != NULL)
dst_key_free(&prevkey);
dst_key_free(&key);
@ -199,10 +199,10 @@ index 7afcaee..1cfa511 100644
if (verbose > 10)
isc_mem_stats(mctx, stdout);
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 319a805..27ae4d4 100644
index dde1b2f..7308fc6 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) {
@@ -3465,14 +3465,15 @@ main(int argc, char *argv[]) {
if (!pseudorandom)
eflags |= ISC_ENTROPY_GOODONLY;
@ -222,7 +222,7 @@ index 319a805..27ae4d4 100644
isc_stdtime_get(&now);
if (startstr != NULL) {
@@ -3879,8 +3880,8 @@ main(int argc, char *argv[]) {
@@ -3884,8 +3885,8 @@ main(int argc, char *argv[]) {
dns_master_styledestroy(&dsstyle, mctx);
cleanup_logging(&log);
@ -233,7 +233,7 @@ index 319a805..27ae4d4 100644
dns_name_destroy();
if (verbose > 10)
diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c
index 4c293bf..3263cbc 100644
index 087cd5d..07c7294 100644
--- a/bin/dnssec/dnssec-verify.c
+++ b/bin/dnssec/dnssec-verify.c
@@ -281,15 +281,15 @@ main(int argc, char *argv[]) {
@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644
rdclass = strtoclass(classname);
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 618ec5b..5654435 100644
index 7f045e8..2a0f9c6 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -34,6 +34,7 @@
@ -293,7 +293,7 @@ index 618ec5b..5654435 100644
usekeyboard);
diff --git a/bin/named/server.c b/bin/named/server.c
index 4e503e5..f27071f 100644
index 30d38be..b2ae57c 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -36,6 +36,7 @@
@ -304,7 +304,7 @@ index 4e503e5..f27071f 100644
#include <isc/portset.h>
#include <isc/print.h>
#include <isc/random.h>
@@ -8217,6 +8218,10 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8286,6 +8287,10 @@ load_configuration(const char *filename, ns_server_t *server,
"no source of entropy found");
} else {
const char *randomdev = cfg_obj_asstring(obj);
@ -315,7 +315,7 @@ index 4e503e5..f27071f 100644
int level = ISC_LOG_ERROR;
result = isc_entropy_createfilesource(ns_g_entropy,
randomdev);
@@ -8251,6 +8256,7 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -8320,6 +8325,7 @@ load_configuration(const char *filename, ns_server_t *server,
}
isc_entropy_detach(&ns_g_fallbackentropy);
}
@ -324,10 +324,10 @@ index 4e503e5..f27071f 100644
}
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index bbb3936..0286987 100644
index 5a2c660..7f15cbc 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -272,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -278,7 +278,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
if (*ectx == NULL) {
result = isc_entropy_create(mctx, ectx);
if (result != ISC_R_SUCCESS)
@ -337,7 +337,7 @@ index bbb3936..0286987 100644
ISC_LIST_INIT(sources);
}
@@ -281,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -287,6 +288,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
randomfile = NULL;
}
@ -351,7 +351,7 @@ index bbb3936..0286987 100644
result = isc_entropy_usebestsource(*ectx, &source, randomfile,
usekeyboard);
@@ -979,11 +987,11 @@ setup_system(void) {
@@ -989,11 +997,11 @@ setup_system(void) {
}
}
@ -366,7 +366,7 @@ index bbb3936..0286987 100644
result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr);
check_result(result, "dns_dispatchmgr_create");
diff --git a/bin/tests/makejournal.c b/bin/tests/makejournal.c
index 61a41b0..acc71a1 100644
index 68b5e5a..cd54c8d 100644
--- a/bin/tests/makejournal.c
+++ b/bin/tests/makejournal.c
@@ -102,12 +102,12 @@ main(int argc, char **argv) {
@ -386,7 +386,7 @@ index 61a41b0..acc71a1 100644
isc_log_registercategories(lctx, categories);
isc_log_setcontext(lctx);
diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
index c6ab7f8..f0a6ff2 100644
index e16ec11..95b65bf 100644
--- a/bin/tests/system/pipelined/pipequeries.c
+++ b/bin/tests/system/pipelined/pipequeries.c
@@ -204,6 +204,7 @@ sendqueries(isc_task_t *task, isc_event_t *event) {
@ -448,7 +448,7 @@ index c6ab7f8..f0a6ff2 100644
isc_log_destroy(&lctx);
diff --git a/bin/tests/system/pipelined/tests.sh b/bin/tests/system/pipelined/tests.sh
index 61f1ff7..ed1302a 100644
index c0a99a2..0245527 100644
--- a/bin/tests/system/pipelined/tests.sh
+++ b/bin/tests/system/pipelined/tests.sh
@@ -19,7 +19,7 @@ status=0
@ -470,7 +470,7 @@ index 61f1ff7..ed1302a 100644
$DIFF refb outputb || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c
index 4462f2e..f06268d 100644
index abf12ed..fa5182c 100644
--- a/bin/tests/system/rsabigexponent/bigkey.c
+++ b/bin/tests/system/rsabigexponent/bigkey.c
@@ -20,6 +20,7 @@
@ -492,7 +492,7 @@ index 4462f2e..f06268d 100644
"../random.data",
ISC_ENTROPY_KEYBOARDNO),
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
index 653c951..fe8698e 100644
index 34360aa..3236968 100644
--- a/bin/tests/system/tkey/keycreate.c
+++ b/bin/tests/system/tkey/keycreate.c
@@ -206,6 +206,7 @@ sendquery(isc_task_t *task, isc_event_t *event) {
@ -561,7 +561,7 @@ index 653c951..fe8698e 100644
isc_mem_destroy(&mctx);
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
index 70a40c3..2146f9b 100644
index 4b5b901..43fb6b0 100644
--- a/bin/tests/system/tkey/keydelete.c
+++ b/bin/tests/system/tkey/keydelete.c
@@ -136,6 +136,7 @@ sendquery(isc_task_t *task, isc_event_t *event) {
@ -630,50 +630,50 @@ index 70a40c3..2146f9b 100644
isc_mem_destroy(&mctx);
diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh
index 9f90dd7..fad6c83 100644
index b265156..bcd60a6 100644
--- a/bin/tests/system/tkey/tests.sh
+++ b/bin/tests/system/tkey/tests.sh
@@ -33,7 +33,7 @@ for owner in . foo.example.
do
echo "I:creating new key using owner name \"$owner\""
echo_i "creating new key using owner name \"$owner\" ($n)"
ret=0
- keyname=`$KEYCREATE $dhkeyname $owner` || ret=1
+ keyname=`$KEYCREATE -r $RANDFILE $dhkeyname $owner` || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
status=`expr $status + $ret`
@@ -55,7 +55,7 @@ do
echo_i "failed"
status=$((status+ret))
@@ -57,7 +57,7 @@ do
echo "I:deleting new key"
echo_i "deleting new key ($n)"
ret=0
- $KEYDELETE $keyname || ret=1
+ $KEYDELETE -r $RANDFILE $keyname || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
echo_i "failed"
fi
@@ -75,7 +75,7 @@ done
@@ -79,7 +79,7 @@ done
echo "I:creating new key using owner name bar.example."
echo_i "creating new key using owner name bar.example. ($n)"
ret=0
-keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
+keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
status=`expr $status + $ret`
@@ -116,7 +116,7 @@ status=`expr $status + $ret`
echo_i "failed"
status=$((status+ret))
@@ -124,7 +124,7 @@ n=$((n+1))
echo "I:recreating the bar.example. key"
echo_i "recreating the bar.example. key ($n)"
ret=0
-keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
+keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
status=`expr $status + $ret`
echo_i "failed"
status=$((status+ret))
diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c
index bf6dbb6..0416b21 100644
index 26fa609..fb34aa0 100644
--- a/bin/tools/mdig.c
+++ b/bin/tools/mdig.c
@@ -1972,12 +1972,11 @@ main(int argc, char *argv[]) {
@@ -2005,12 +2005,11 @@ main(int argc, char *argv[]) {
ectx = NULL;
RUNCHECK(isc_entropy_create(mctx, &ectx));
@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644
parse_args(false, argc, argv);
if (server == NULL)
diff --git a/configure b/configure
index 6d05371..33689c9 100755
index 0faca65..d5ffc87 100755
--- a/configure
+++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\
@ -723,7 +723,7 @@ index 6d05371..33689c9 100755
--enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace
@@ -17144,6 +17148,7 @@ case "$use_openssl" in
@@ -17205,6 +17209,7 @@ case "$use_openssl" in
$as_echo "disabled because of native PKCS11" >&6; }
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -731,7 +731,7 @@ index 6d05371..33689c9 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
@@ -17219,6 +17224,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
$as_echo "no" >&6; }
DST_OPENSSL_INC=""
CRYPTO=""
@ -739,7 +739,7 @@ index 6d05371..33689c9 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -17170,6 +17176,7 @@ $as_echo "no" >&6; }
@@ -17231,6 +17237,7 @@ $as_echo "no" >&6; }
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -747,7 +747,7 @@ index 6d05371..33689c9 100755
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -17179,7 +17186,7 @@ $as_echo "no" >&6; }
@@ -17240,7 +17247,7 @@ $as_echo "no" >&6; }
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -756,7 +756,7 @@ index 6d05371..33689c9 100755
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; }
@@ -17271,6 +17278,7 @@ $as_echo "not found" >&6; }
as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
fi
CRYPTO='-DOPENSSL'
@ -764,7 +764,7 @@ index 6d05371..33689c9 100755
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -17835,8 +17843,6 @@ fi
@@ -17897,8 +17905,6 @@ fi
# Use OpenSSL for hash functions
#
@ -773,7 +773,7 @@ index 6d05371..33689c9 100755
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then
@@ -18273,6 +18279,86 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -860,7 +860,7 @@ index 6d05371..33689c9 100755
#
# was --with-lmdb specified?
#
@@ -20441,9 +20527,12 @@ _ACEOF
@@ -20549,9 +20635,12 @@ _ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
$as_echo "size_t for buflen; int for flags" >&6; }
@ -875,7 +875,7 @@ index 6d05371..33689c9 100755
$as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
@@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -21877,12 +21966,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -889,7 +889,7 @@ index 6d05371..33689c9 100755
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364.
@@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF
@@ -21915,6 +21999,11 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
@ -901,7 +901,7 @@ index 6d05371..33689c9 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21804,39 +21893,6 @@ _ACEOF
@@ -21923,39 +22012,6 @@ _ACEOF
fi
;;
x86_64-*|amd64-*)
@ -941,7 +941,7 @@ index 6d05371..33689c9 100755
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
@@ -21986,6 +22042,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
$as_echo "$arch" >&6; }
fi
@ -952,7 +952,7 @@ index 6d05371..33689c9 100755
if test "yes" = "$have_atomic"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
$as_echo_n "checking compiler support for inline assembly code... " >&6; }
@@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
@@ -24567,6 +24627,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
#
dlzdir='${DLZ_DRIVER_DIR}'
@ -983,7 +983,7 @@ index 6d05371..33689c9 100755
#
# Private autoconf macro to simplify configuring drivers:
#
@@ -24751,11 +24835,11 @@ $as_echo "no" >&6; }
@@ -24897,11 +24981,11 @@ $as_echo "no" >&6; }
$as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
;;
*)
@ -998,7 +998,7 @@ index 6d05371..33689c9 100755
fi
CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
@@ -24840,7 +24924,7 @@ $as_echo "" >&6; }
@@ -24986,7 +25070,7 @@ $as_echo "" >&6; }
# Check other locations for includes.
# Order is important (sigh).
@ -1007,7 +1007,7 @@ index 6d05371..33689c9 100755
# include a blank element first
for d in "" $bdb_incdirs
do
@@ -24865,57 +24949,9 @@ $as_echo "" >&6; }
@@ -25011,57 +25095,9 @@ $as_echo "" >&6; }
bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
for d in $bdb_libnames
do
@ -1067,7 +1067,7 @@ index 6d05371..33689c9 100755
break
fi
done
@@ -25074,10 +25110,10 @@ $as_echo "no" >&6; }
@@ -25220,10 +25256,10 @@ $as_echo "no" >&6; }
DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
fi
@ -1081,7 +1081,7 @@ index 6d05371..33689c9 100755
fi
@@ -25163,11 +25199,11 @@ fi
@@ -25309,11 +25345,11 @@ fi
odbcdirs="/usr /usr/local /usr/pkg"
for d in $odbcdirs
do
@ -1095,7 +1095,7 @@ index 6d05371..33689c9 100755
break
fi
done
@@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@@ -25588,6 +25624,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1104,7 +1104,7 @@ index 6d05371..33689c9 100755
#
# Commands to run at the end of config.status.
# Don't just put these into configure, it won't work right if somebody
@@ -27819,6 +27857,8 @@ report() {
@@ -27966,6 +28004,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1113,7 +1113,7 @@ index 6d05371..33689c9 100755
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -27859,6 +27899,8 @@ report() {
@@ -28006,6 +28046,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1122,7 +1122,7 @@ index 6d05371..33689c9 100755
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -27906,6 +27948,8 @@ report() {
@@ -28053,6 +28095,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1132,10 +1132,10 @@ index 6d05371..33689c9 100755
test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/configure.ac b/configure.ac
index d10cde5..68bead8 100644
index 78535bd..faef2e8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1550,6 +1550,7 @@ case "$use_openssl" in
@@ -1598,6 +1598,7 @@ case "$use_openssl" in
AC_MSG_RESULT(disabled because of native PKCS11)
DST_OPENSSL_INC=""
CRYPTO="-DPKCS11CRYPTO"
@ -1143,7 +1143,7 @@ index d10cde5..68bead8 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1563,6 +1564,7 @@ case "$use_openssl" in
@@ -1611,6 +1612,7 @@ case "$use_openssl" in
AC_MSG_RESULT(no)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1151,7 +1151,7 @@ index d10cde5..68bead8 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1575,6 +1577,7 @@ case "$use_openssl" in
@@ -1623,6 +1625,7 @@ case "$use_openssl" in
auto)
DST_OPENSSL_INC=""
CRYPTO=""
@ -1159,7 +1159,7 @@ index d10cde5..68bead8 100644
OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS=""
@@ -1585,7 +1588,7 @@ case "$use_openssl" in
@@ -1633,7 +1636,7 @@ case "$use_openssl" in
OPENSSLLINKSRCS=""
AC_MSG_ERROR(
[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -1168,7 +1168,7 @@ index d10cde5..68bead8 100644
;;
*)
if test "yes" = "$want_native_pkcs11"
@@ -1615,6 +1618,7 @@ If you don't want OpenSSL, use --without-openssl])
@@ -1663,6 +1666,7 @@ If you don't want OpenSSL, use --without-openssl])
AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
fi
CRYPTO='-DOPENSSL'
@ -1176,7 +1176,7 @@ index d10cde5..68bead8 100644
if test "/usr" = "$use_openssl"
then
DST_OPENSSL_INC=""
@@ -2050,7 +2054,6 @@ fi
@@ -2099,7 +2103,6 @@ fi
# Use OpenSSL for hash functions
#
@ -1184,7 +1184,7 @@ index d10cde5..68bead8 100644
ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
case $want_openssl_hash in
yes)
@@ -2322,6 +2325,67 @@ if test "rt" = "$have_clock_gt"; then
@@ -2371,6 +2374,67 @@ if test "rt" = "$have_clock_gt"; then
LIBS="-lrt $LIBS"
fi
@ -1252,7 +1252,7 @@ index d10cde5..68bead8 100644
#
# was --with-lmdb specified?
#
@@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
@@ -4188,12 +4252,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "yes" = "$use_atomic"; then
@ -1266,7 +1266,7 @@ index d10cde5..68bead8 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then
@@ -4202,7 +4266,6 @@ if test "yes" = "$use_atomic"; then
fi
;;
x86_64-*|amd64-*)
@ -1274,7 +1274,7 @@ index d10cde5..68bead8 100644
if test $ac_cv_sizeof_void_p = 8; then
arch=x86_64
have_xaddq=yes
@@ -5518,6 +5581,8 @@ report() {
@@ -5635,6 +5698,8 @@ report() {
echo " IPv6 support (--enable-ipv6)"
test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
echo " OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1283,7 +1283,7 @@ index d10cde5..68bead8 100644
test "X$PYTHON" = "X" || echo " Python tools (--with-python)"
test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)"
test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)"
@@ -5558,6 +5623,8 @@ report() {
@@ -5675,6 +5740,8 @@ report() {
echo " Very verbose query trace logging (--enable-querytrace)"
test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)"
@ -1292,7 +1292,7 @@ index d10cde5..68bead8 100644
echo " Dynamically loadable zone (DLZ) drivers:"
test "no" = "$use_dlz_bdb" || \
echo " Berkeley DB (--with-dlz-bdb)"
@@ -5605,6 +5672,8 @@ report() {
@@ -5722,6 +5789,8 @@ report() {
echo " ECDSA algorithm support (--with-ecdsa)"
test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
echo " EDDSA algorithm support (--with-eddsa)"
@ -1302,7 +1302,7 @@ index d10cde5..68bead8 100644
test "yes" = "$enable_seccomp" || \
echo " Use libseccomp system call filtering (--enable-seccomp)"
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 65bf25d..1eccbe7 100644
index 7a86506..aa54afc 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
@ -1366,7 +1366,7 @@ index 65bf25d..1eccbe7 100644
#endif
}
diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index 1924e74..6813c96 100644
index 5b42ab4..3aba028 100644
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -159,6 +159,14 @@ dst_lib_destroy(void);
@ -1385,10 +1385,10 @@ index 1924e74..6813c96 100644
dst_algorithm_supported(unsigned int alg);
/*%<
diff --git a/lib/dns/lib.c b/lib/dns/lib.c
index 304814b..60543c4 100644
index d9417de..0dc935d 100644
--- a/lib/dns/lib.c
+++ b/lib/dns/lib.c
@@ -18,6 +18,7 @@
@@ -16,6 +16,7 @@
#include <stdbool.h>
#include <stddef.h>
@ -1396,7 +1396,7 @@ index 304814b..60543c4 100644
#include <isc/hash.h>
#include <isc/mem.h>
#include <isc/msgcat.h>
@@ -78,6 +79,7 @@ static unsigned int references = 0;
@@ -76,6 +77,7 @@ static unsigned int references = 0;
static void
initialize(void) {
isc_result_t result;
@ -1404,7 +1404,7 @@ index 304814b..60543c4 100644
REQUIRE(initialize_done == false);
@@ -88,11 +90,14 @@ initialize(void) {
@@ -86,11 +88,14 @@ initialize(void) {
result = dns_ecdb_register(dns_g_mctx, &dbimp);
if (result != ISC_R_SUCCESS)
goto cleanup_mctx;
@ -1421,7 +1421,7 @@ index 304814b..60543c4 100644
if (result != ISC_R_SUCCESS)
goto cleanup_hash;
@@ -100,11 +105,17 @@ initialize(void) {
@@ -98,11 +103,17 @@ initialize(void) {
if (result != ISC_R_SUCCESS)
goto cleanup_dst;
@ -1440,7 +1440,7 @@ index 304814b..60543c4 100644
isc_hash_destroy();
cleanup_db:
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 13e838f..ffe0a69 100644
index 1e57c71..3f4f822 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -31,6 +31,7 @@
@ -1624,7 +1624,7 @@ index 13e838f..ffe0a69 100644
#endif /* OPENSSL */
/*! \file */
diff --git a/lib/dns/pkcs11.c b/lib/dns/pkcs11.c
index 5a2c502..8eaef53 100644
index 6b30309..20552fa 100644
--- a/lib/dns/pkcs11.c
+++ b/lib/dns/pkcs11.c
@@ -13,12 +13,15 @@
@ -1692,7 +1692,7 @@ index 937b548..f3c0e38 100644
tap_test_program{name='gost_test'}
tap_test_program{name='keytable_test'}
diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in
index 90dc3a6..7671e1d 100644
index 4126372..30cab17 100644
--- a/lib/dns/tests/Makefile.in
+++ b/lib/dns/tests/Makefile.in
@@ -37,6 +37,7 @@ SRCS = acl_test.c \
@ -1845,10 +1845,10 @@ index 0000000..bd3d164
+
+#endif
diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index 63be973..40b21fa 100644
index 9c2ef79..f597049 100644
--- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in
@@ -1485,6 +1485,13 @@ dst_lib_destroy
@@ -1487,6 +1487,13 @@ dst_lib_destroy
dst_lib_init
dst_lib_init2
dst_lib_initmsgcat
@ -1863,7 +1863,7 @@ index 63be973..40b21fa 100644
dst_region_computerid
dst_result_register
diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c
index 907e470..451544d 100644
index 0c1f3ed..fdd17d7 100644
--- a/lib/isc/entropy.c
+++ b/lib/isc/entropy.c
@@ -104,11 +104,15 @@ struct isc_entropy {
@ -1921,7 +1921,7 @@ index 907e470..451544d 100644
+ hook = myhook;
+}
diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
index e8733db..c40a18c 100644
index b5bc956..f32c9dc 100644
--- a/lib/isc/include/isc/entropy.h
+++ b/lib/isc/include/isc/entropy.h
@@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
@ -1944,7 +1944,7 @@ index e8733db..c40a18c 100644
#endif /* ISC_ENTROPY_H */
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
index 61960f1..d22993d 100644
index 2bf8758..f4c684e 100644
--- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in
@@ -359,6 +359,11 @@
@ -1960,10 +1960,10 @@ index 61960f1..d22993d 100644
* Define if the hash functions must be provided by OpenSSL.
*/
diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h
index da9d66f..4205400 100644
index 3bdd54f..d5acd39 100644
--- a/lib/isc/include/isc/types.h
+++ b/lib/isc/include/isc/types.h
@@ -97,6 +97,8 @@ typedef struct isc_time isc_time_t; /*%< Time */
@@ -95,6 +95,8 @@ typedef struct isc_time isc_time_t; /*%< Time */
typedef struct isc_timer isc_timer_t; /*%< Timer */
typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */
@ -1973,7 +1973,7 @@ index da9d66f..4205400 100644
typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int);
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index 68aebdc..4b85527 100644
index 227f807..4a63fdf 100644
--- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c
@@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) {
@ -1999,7 +1999,7 @@ index 68aebdc..4b85527 100644
cleanup:
if (stream != NULL)
diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in
index 8ade705..fa72f9d 100644
index 1f785e0..f9051c3 100644
--- a/lib/isc/win32/include/isc/platform.h.in
+++ b/lib/isc/win32/include/isc/platform.h.in
@@ -73,6 +73,11 @@
@ -2015,7 +2015,7 @@ index 8ade705..fa72f9d 100644
* Define if the hash functions must be provided by OpenSSL.
*/
diff --git a/win32utils/Configure b/win32utils/Configure
index 79d682e..6c78cb2 100644
index 5f66a82..ff39910 100644
--- a/win32utils/Configure
+++ b/win32utils/Configure
@@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
@ -2054,7 +2054,7 @@ index 79d682e..6c78cb2 100644
my $enable_openssl_hash = "auto";
my $enable_filter_aaaa = "yes";
my $enable_isc_spnego = "yes";
@@ -847,6 +852,10 @@ sub myenable {
@@ -848,6 +853,10 @@ sub myenable {
if ($val =~ /^yes$/i) {
$enable_native_pkcs11 = "yes";
}
@ -2065,7 +2065,7 @@ index 79d682e..6c78cb2 100644
} elsif ($key =~ /^openssl-hash$/i) {
if ($val =~ /^yes$/i) {
$enable_openssl_hash = "yes";
@@ -1153,6 +1162,11 @@ if ($verbose) {
@@ -1154,6 +1163,11 @@ if ($verbose) {
} else {
print "native-pkcs11: disabled\n";
}
@ -2077,7 +2077,7 @@ index 79d682e..6c78cb2 100644
if ($enable_openssl_hash eq "yes") {
print "openssl-hash: enabled\n";
} else {
@@ -1510,6 +1524,7 @@ if ($enable_intrinsics eq "yes") {
@@ -1511,6 +1525,7 @@ if ($enable_intrinsics eq "yes") {
# enable-native-pkcs11
if ($enable_native_pkcs11 eq "yes") {
@ -2085,7 +2085,7 @@ index 79d682e..6c78cb2 100644
if ($use_openssl eq "auto") {
$use_openssl = "no";
}
@@ -1719,6 +1734,7 @@ if ($use_openssl eq "yes") {
@@ -1720,6 +1735,7 @@ if ($use_openssl eq "yes") {
$openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
}
@ -2093,7 +2093,7 @@ index 79d682e..6c78cb2 100644
$configcond{"OPENSSL"} = 1;
$configdefd{"CRYPTO"} = "OPENSSL";
$configvar{"OPENSSL_PATH"} = "$openssl_path";
@@ -2290,6 +2306,15 @@ if ($use_aes eq "yes") {
@@ -2291,6 +2307,15 @@ if ($use_aes eq "yes") {
}
@ -2109,7 +2109,7 @@ index 79d682e..6c78cb2 100644
# enable-openssl-hash
if ($enable_openssl_hash eq "yes") {
if ($use_openssl eq "no") {
@@ -3665,6 +3690,7 @@ exit 0;
@@ -3673,6 +3698,7 @@ exit 0;
# --enable-developer partially supported
# --enable-newstats (9.9/9.9sub only)
# --enable-native-pkcs11 supported
@ -2118,5 +2118,5 @@ index 79d682e..6c78cb2 100644
# --enable-openssl-hash supported
# --enable-threads included without a way to disable it
--
2.21.1
2.26.2

View File

@ -1,68 +1,98 @@
diff --git a/bin/named/named.8 b/bin/named/named.8
index ef10ef4..3150b22 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -349,6 +349,63 @@ The default configuration file\&.
/var/run/named/named\&.pid
.RS 4
The default process\-id file\&.
+.PP
+.SH "NOTES"
+.PP
+.TP
+\fBRed Hat SELinux BIND Security Profile:\fR
+.PP
+By default, Red Hat ships BIND with the most secure SELinux policy
+that will not prevent normal BIND operation and will prevent exploitation
+of all known BIND security vulnerabilities . See the selinux(8) man page
+for information about SElinux.
+.PP
+It is not necessary to run named in a chroot environment if the Red Hat
+SELinux policy for named is enabled. When enabled, this policy is far
+more secure than a chroot environment. Users are recommended to enable
+SELinux and remove the bind-chroot package.
+.PP
+With this extra security comes some restrictions:
+.PP
+By default, the SELinux policy does not allow named to write any master
+zone database files. Only the root user may create files in the $ROOTDIR/var/named
+zone database file directory (the options { "directory" } option), where
+$ROOTDIR is set in /etc/sysconfig/named.
+.PP
+The "named" group must be granted read privelege to
+these files in order for named to be enabled to read them.
+.PP
+Any file created in the zone database file directory is automatically assigned
+the SELinux file context named_zone_t .
+.PP
+By default, SELinux prevents any role from modifying named_zone_t files; this
+means that files in the zone database directory cannot be modified by dynamic
+DNS (DDNS) updates or zone transfers.
+.PP
+The Red Hat BIND distribution and SELinux policy creates three directories where
+named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
+/var/named/data. By placing files you want named to modify, such as
+slave or DDNS updateable zone files and database / statistics dump files in
+these directories, named will work normally and no further operator action is
+required. Files in these directories are automatically assigned the 'named_cache_t'
+file context, which SELinux allows named to write.
+.PP
+\fBRed Hat BIND SDB support:\fR
+.PP
+Red Hat ships named with compiled in Simplified Database Backend modules that ISC
+provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them
+.PP
+The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb.
+.PP
+See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
+.br
+.PP
+\fBRed Hat system-config-bind:\fR
+.PP
+Red Hat provides the system-config-bind GUI to configure named.conf and zone
+database files. Run the "system-config-bind" command and access the manual
+by selecting the Help menu.
+.PP
.RE
.SH "SEE ALSO"
.PP
From facdbb0f2a266c6a3a1fa823afaa09cbd3fc38a5 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 26 Nov 2020 12:13:10 +0100
Subject: [PATCH] Note specific Red Hat changes in manual page
Change docbook template instead of generated manual page. Remove
system-config-bind reference, package were discontinued.
---
bin/named/named.docbook | 73 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index 7e743a9..802bec3 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -516,6 +516,79 @@
</refsection>
+ <refsection><info><title>NOTES</title></info>
+ <refsection><info><title>Red Hat SELinux BIND Security Profile</title></info>
+
+ <para>
+ By default, Red Hat ships BIND with the most secure SELinux policy
+ that will not prevent normal BIND operation and will prevent exploitation
+ of all known BIND security vulnerabilities . See the selinux(8) man page
+ for information about SElinux.
+ </para>
+
+ <para>
+ It is not necessary to run named in a chroot environment if the Red Hat
+ SELinux policy for named is enabled. When enabled, this policy is far
+ more secure than a chroot environment. Users are recommended to enable
+ SELinux and remove the bind-chroot package.
+ </para>
+
+ <para>
+ With this extra security comes some restrictions:
+ </para>
+
+ <para>
+ By default, the SELinux policy allows named to write any master
+ zone database files. Only the root user may create files in the $ROOTDIR/var/named
+ zone database file directory (the options { "directory" } option), where
+ $ROOTDIR is set in /etc/sysconfig/named.
+ </para>
+
+ <para>
+ The "named" group must be granted read privelege to
+ these files in order for named to be enabled to read them.
+ </para>
+
+ <para>
+ Any file created in the zone database file directory is automatically assigned
+ the SELinux file context named_zone_t .
+ </para>
+
+ <para>
+ By default, SELinux prevents any role from modifying named_zone_t files; this
+ means that files in the zone database directory cannot be modified by dynamic
+ DNS (DDNS) updates or zone transfers.
+ </para>
+
+ <para>
+ The Red Hat BIND distribution and SELinux policy creates three directories where
+ named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
+ /var/named/data. By placing files you want named to modify, such as
+ slave or DDNS updateable zone files and database / statistics dump files in
+ these directories, named will work normally and no further operator action is
+ required. Files in these directories are automatically assigned the 'named_cache_t'
+ file context, which SELinux allows named to write.
+ </para>
+ </refsection>
+
+ <refsection><info><title>Red Hat BIND SDB support</title></info>
+
+ <para>
+ Red Hat ships named with compiled in Simplified Database Backend modules that ISC
+ provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them.
+ </para>
+
+ <para>
+ The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into <command>named-sdb</command>.
+ </para>
+
+ <para>
+ See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
+ </para>
+ </refsection>
+
+ </refsection>
+
<refsection><info><title>SEE ALSO</title></info>
<para><citetitle>RFC 1033</citetitle>,
--
2.26.2

View File

@ -66,8 +66,8 @@
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.11.24
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Version: 9.11.25
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -162,7 +162,6 @@ Patch174:bind-9.11-json-c.patch
Patch175:bind-9.11-fips-disable.patch
Patch177: bind-9.11-serve-stale.patch
Patch178: bind-9.11-serve-stale-dbfix.patch
Patch179: bind-9.11-rh1893761.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -576,7 +575,6 @@ are used for building ISC DHCP.
%patch175 -p1 -b .rh1709553
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .rh1770492
%patch179 -p1 -b .rh1893761
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1610,6 +1608,9 @@ fi;
%endif
%changelog
* Thu Nov 26 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.25-1
- Update to 9.11.25
* Wed Nov 04 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-2
- Fix crash on NTA recheck failure (#1893761)

View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.24.tar.gz) = 30b4910be9e59b1df9184ddbd95341494c08a2c530b02077f28492c248af607d7d4c6666459a0e7cc0e9ad6c2b12ff3e7b03f500a720b39d304008f0ab94d5fa
SHA512 (bind-9.11.24.tar.gz.asc) = 7ec9a0fa9cc61ab64c2c2c67fabfe17311253da509dbe658dfe5a63d4fada2d0800a2e6d388d8303ccaa4ef110c5a110569724030df3a34dee58b0a58904bbcb
SHA512 (bind-9.11.25.tar.gz) = 852b15b6cf2f77ab103018e6fc078d856653c62c2db0ca2ef4f8bee64a60b06ed481d9fcdf29020e5072c69b9982545f032b2ab4c94dac28848150e04b9cecf9
SHA512 (bind-9.11.25.tar.gz.asc) = 8cc8e5d21a445d918e82b42057f1d4e73ed977f4eb9584736008b71ae747078d500cc962c3bd03eb4f6a18688b642b108a8e3d673851b0dd4818fc9a33e5faf7