diff --git a/.gitignore b/.gitignore index 2333cba..25c757f 100644 --- a/.gitignore +++ b/.gitignore @@ -118,3 +118,5 @@ bind-9.7.2b1.tar.gz /bind-9.11.23.tar.gz.asc /bind-9.11.24.tar.gz /bind-9.11.24.tar.gz.asc +/bind-9.11.25.tar.gz +/bind-9.11.25.tar.gz.asc diff --git a/bind-9.11-rh1893761.patch b/bind-9.11-rh1893761.patch deleted file mode 100644 index 0ce51dd..0000000 --- a/bind-9.11-rh1893761.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ee53b9558fb73dc0c2f328fe91421f2c32e9a369 Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Tue, 3 Nov 2020 11:25:55 +1100 -Subject: [PATCH] Call nta_detach() before dns_view_weakdetach() so view is - available. - -(cherry picked from commit ea956976d1e89f49570a4690fbad377e4f607c77) ---- - lib/dns/nta.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/dns/nta.c b/lib/dns/nta.c -index 79058bb9b5..73febe44ed 100644 ---- a/lib/dns/nta.c -+++ b/lib/dns/nta.c -@@ -283,8 +283,8 @@ checkbogus(isc_task_t *task, isc_event_t *event) { - &nta->sigrdataset, - &nta->fetch); - if (result != ISC_R_SUCCESS) { -- dns_view_weakdetach(&view); - nta_detach(view->mctx, &nta); -+ dns_view_weakdetach(&view); - } - } - --- -2.26.2 - diff --git a/bind-9.11-rt31459.patch b/bind-9.11-rt31459.patch index 266f78c..822839c 100644 --- a/bind-9.11-rt31459.patch +++ b/bind-9.11-rt31459.patch @@ -1,4 +1,4 @@ -From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001 +From 63d1fe9e1ac0db37f89cf31b40c35d6d22578ded Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Tue, 12 Sep 2017 19:05:46 -0700 Subject: [PATCH] rebased rt31459c @@ -53,7 +53,7 @@ Include new unit test create mode 100644 lib/dns/tests/dstrandom_test.c diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c -index 5015abb..295e16f 100644 +index 40cf74c..bd269e7 100644 --- a/bin/confgen/keygen.c +++ b/bin/confgen/keygen.c @@ -165,6 +165,13 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg, @@ -71,7 +71,7 @@ index 5015abb..295e16f 100644 &entropy_source, randomfile, diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c -index d9d6bb9..de4b15f 100644 +index 4420f2d..9cb63a8 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -498,14 +498,14 @@ main(int argc, char **argv) { @@ -103,7 +103,7 @@ index d9d6bb9..de4b15f 100644 dns_name_destroy(); if (verbose > 10) diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c -index d65a514..04b3094 100644 +index dc9a293..52863a1 100644 --- a/bin/dnssec/dnssec-importkey.c +++ b/bin/dnssec/dnssec-importkey.c @@ -404,14 +404,14 @@ main(int argc, char **argv) { @@ -135,7 +135,7 @@ index d65a514..04b3094 100644 dns_name_destroy(); if (verbose > 10) diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c -index 7d82dbf..10f9359 100644 +index 0121a34..74a99b0 100644 --- a/bin/dnssec/dnssec-revoke.c +++ b/bin/dnssec/dnssec-revoke.c @@ -184,14 +184,14 @@ main(int argc, char **argv) { @@ -167,10 +167,10 @@ index 7d82dbf..10f9359 100644 if (verbose > 10) isc_mem_stats(mctx, stdout); diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c -index 7afcaee..1cfa511 100644 +index f017895..2c568fc 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c -@@ -380,14 +380,14 @@ main(int argc, char **argv) { +@@ -391,14 +391,14 @@ main(int argc, char **argv) { if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); @@ -188,7 +188,7 @@ index 7afcaee..1cfa511 100644 isc_entropy_stopcallbacksources(ectx); if (predecessor != NULL) { -@@ -672,8 +672,8 @@ main(int argc, char **argv) { +@@ -683,8 +683,8 @@ main(int argc, char **argv) { if (prevkey != NULL) dst_key_free(&prevkey); dst_key_free(&key); @@ -199,10 +199,10 @@ index 7afcaee..1cfa511 100644 if (verbose > 10) isc_mem_stats(mctx, stdout); diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c -index 319a805..27ae4d4 100644 +index dde1b2f..7308fc6 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c -@@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) { +@@ -3465,14 +3465,15 @@ main(int argc, char *argv[]) { if (!pseudorandom) eflags |= ISC_ENTROPY_GOODONLY; @@ -222,7 +222,7 @@ index 319a805..27ae4d4 100644 isc_stdtime_get(&now); if (startstr != NULL) { -@@ -3879,8 +3880,8 @@ main(int argc, char *argv[]) { +@@ -3884,8 +3885,8 @@ main(int argc, char *argv[]) { dns_master_styledestroy(&dsstyle, mctx); cleanup_logging(&log); @@ -233,7 +233,7 @@ index 319a805..27ae4d4 100644 dns_name_destroy(); if (verbose > 10) diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c -index 4c293bf..3263cbc 100644 +index 087cd5d..07c7294 100644 --- a/bin/dnssec/dnssec-verify.c +++ b/bin/dnssec/dnssec-verify.c @@ -281,15 +281,15 @@ main(int argc, char *argv[]) { @@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644 rdclass = strtoclass(classname); diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c -index 618ec5b..5654435 100644 +index 7f045e8..2a0f9c6 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -34,6 +34,7 @@ @@ -293,7 +293,7 @@ index 618ec5b..5654435 100644 usekeyboard); diff --git a/bin/named/server.c b/bin/named/server.c -index 4e503e5..f27071f 100644 +index 30d38be..b2ae57c 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -36,6 +36,7 @@ @@ -304,7 +304,7 @@ index 4e503e5..f27071f 100644 #include #include #include -@@ -8217,6 +8218,10 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8286,6 +8287,10 @@ load_configuration(const char *filename, ns_server_t *server, "no source of entropy found"); } else { const char *randomdev = cfg_obj_asstring(obj); @@ -315,7 +315,7 @@ index 4e503e5..f27071f 100644 int level = ISC_LOG_ERROR; result = isc_entropy_createfilesource(ns_g_entropy, randomdev); -@@ -8251,6 +8256,7 @@ load_configuration(const char *filename, ns_server_t *server, +@@ -8320,6 +8325,7 @@ load_configuration(const char *filename, ns_server_t *server, } isc_entropy_detach(&ns_g_fallbackentropy); } @@ -324,10 +324,10 @@ index 4e503e5..f27071f 100644 } diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c -index bbb3936..0286987 100644 +index 5a2c660..7f15cbc 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c -@@ -272,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { +@@ -278,7 +278,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { if (*ectx == NULL) { result = isc_entropy_create(mctx, ectx); if (result != ISC_R_SUCCESS) @@ -337,7 +337,7 @@ index bbb3936..0286987 100644 ISC_LIST_INIT(sources); } -@@ -281,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { +@@ -287,6 +288,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) { randomfile = NULL; } @@ -351,7 +351,7 @@ index bbb3936..0286987 100644 result = isc_entropy_usebestsource(*ectx, &source, randomfile, usekeyboard); -@@ -979,11 +987,11 @@ setup_system(void) { +@@ -989,11 +997,11 @@ setup_system(void) { } } @@ -366,7 +366,7 @@ index bbb3936..0286987 100644 result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr); check_result(result, "dns_dispatchmgr_create"); diff --git a/bin/tests/makejournal.c b/bin/tests/makejournal.c -index 61a41b0..acc71a1 100644 +index 68b5e5a..cd54c8d 100644 --- a/bin/tests/makejournal.c +++ b/bin/tests/makejournal.c @@ -102,12 +102,12 @@ main(int argc, char **argv) { @@ -386,7 +386,7 @@ index 61a41b0..acc71a1 100644 isc_log_registercategories(lctx, categories); isc_log_setcontext(lctx); diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c -index c6ab7f8..f0a6ff2 100644 +index e16ec11..95b65bf 100644 --- a/bin/tests/system/pipelined/pipequeries.c +++ b/bin/tests/system/pipelined/pipequeries.c @@ -204,6 +204,7 @@ sendqueries(isc_task_t *task, isc_event_t *event) { @@ -448,7 +448,7 @@ index c6ab7f8..f0a6ff2 100644 isc_log_destroy(&lctx); diff --git a/bin/tests/system/pipelined/tests.sh b/bin/tests/system/pipelined/tests.sh -index 61f1ff7..ed1302a 100644 +index c0a99a2..0245527 100644 --- a/bin/tests/system/pipelined/tests.sh +++ b/bin/tests/system/pipelined/tests.sh @@ -19,7 +19,7 @@ status=0 @@ -470,7 +470,7 @@ index 61f1ff7..ed1302a 100644 $DIFF refb outputb || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c -index 4462f2e..f06268d 100644 +index abf12ed..fa5182c 100644 --- a/bin/tests/system/rsabigexponent/bigkey.c +++ b/bin/tests/system/rsabigexponent/bigkey.c @@ -20,6 +20,7 @@ @@ -492,7 +492,7 @@ index 4462f2e..f06268d 100644 "../random.data", ISC_ENTROPY_KEYBOARDNO), diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c -index 653c951..fe8698e 100644 +index 34360aa..3236968 100644 --- a/bin/tests/system/tkey/keycreate.c +++ b/bin/tests/system/tkey/keycreate.c @@ -206,6 +206,7 @@ sendquery(isc_task_t *task, isc_event_t *event) { @@ -561,7 +561,7 @@ index 653c951..fe8698e 100644 isc_mem_destroy(&mctx); diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c -index 70a40c3..2146f9b 100644 +index 4b5b901..43fb6b0 100644 --- a/bin/tests/system/tkey/keydelete.c +++ b/bin/tests/system/tkey/keydelete.c @@ -136,6 +136,7 @@ sendquery(isc_task_t *task, isc_event_t *event) { @@ -630,50 +630,50 @@ index 70a40c3..2146f9b 100644 isc_mem_destroy(&mctx); diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh -index 9f90dd7..fad6c83 100644 +index b265156..bcd60a6 100644 --- a/bin/tests/system/tkey/tests.sh +++ b/bin/tests/system/tkey/tests.sh @@ -33,7 +33,7 @@ for owner in . foo.example. do - echo "I:creating new key using owner name \"$owner\"" + echo_i "creating new key using owner name \"$owner\" ($n)" ret=0 - keyname=`$KEYCREATE $dhkeyname $owner` || ret=1 + keyname=`$KEYCREATE -r $RANDFILE $dhkeyname $owner` || ret=1 if [ $ret != 0 ]; then - echo "I:failed" - status=`expr $status + $ret` -@@ -55,7 +55,7 @@ do + echo_i "failed" + status=$((status+ret)) +@@ -57,7 +57,7 @@ do - echo "I:deleting new key" + echo_i "deleting new key ($n)" ret=0 - $KEYDELETE $keyname || ret=1 + $KEYDELETE -r $RANDFILE $keyname || ret=1 if [ $ret != 0 ]; then - echo "I:failed" + echo_i "failed" fi -@@ -75,7 +75,7 @@ done +@@ -79,7 +79,7 @@ done - echo "I:creating new key using owner name bar.example." + echo_i "creating new key using owner name bar.example. ($n)" ret=0 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1 if [ $ret != 0 ]; then - echo "I:failed" - status=`expr $status + $ret` -@@ -116,7 +116,7 @@ status=`expr $status + $ret` + echo_i "failed" + status=$((status+ret)) +@@ -124,7 +124,7 @@ n=$((n+1)) - echo "I:recreating the bar.example. key" + echo_i "recreating the bar.example. key ($n)" ret=0 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1 if [ $ret != 0 ]; then - echo "I:failed" - status=`expr $status + $ret` + echo_i "failed" + status=$((status+ret)) diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c -index bf6dbb6..0416b21 100644 +index 26fa609..fb34aa0 100644 --- a/bin/tools/mdig.c +++ b/bin/tools/mdig.c -@@ -1972,12 +1972,11 @@ main(int argc, char *argv[]) { +@@ -2005,12 +2005,11 @@ main(int argc, char *argv[]) { ectx = NULL; RUNCHECK(isc_entropy_create(mctx, &ectx)); @@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644 parse_args(false, argc, argv); if (server == NULL) diff --git a/configure b/configure -index 6d05371..33689c9 100755 +index 0faca65..d5ffc87 100755 --- a/configure +++ b/configure @@ -640,6 +640,7 @@ ac_includes_default="\ @@ -723,7 +723,7 @@ index 6d05371..33689c9 100755 --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace -@@ -17144,6 +17148,7 @@ case "$use_openssl" in +@@ -17205,6 +17209,7 @@ case "$use_openssl" in $as_echo "disabled because of native PKCS11" >&6; } DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -731,7 +731,7 @@ index 6d05371..33689c9 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; } +@@ -17219,6 +17224,7 @@ $as_echo "disabled because of native PKCS11" >&6; } $as_echo "no" >&6; } DST_OPENSSL_INC="" CRYPTO="" @@ -739,7 +739,7 @@ index 6d05371..33689c9 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17170,6 +17176,7 @@ $as_echo "no" >&6; } +@@ -17231,6 +17237,7 @@ $as_echo "no" >&6; } auto) DST_OPENSSL_INC="" CRYPTO="" @@ -747,7 +747,7 @@ index 6d05371..33689c9 100755 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -17179,7 +17186,7 @@ $as_echo "no" >&6; } +@@ -17240,7 +17247,7 @@ $as_echo "no" >&6; } OPENSSLLINKOBJS="" OPENSSLLINKSRCS="" as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -756,7 +756,7 @@ index 6d05371..33689c9 100755 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; } +@@ -17271,6 +17278,7 @@ $as_echo "not found" >&6; } as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5 fi CRYPTO='-DOPENSSL' @@ -764,7 +764,7 @@ index 6d05371..33689c9 100755 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -17835,8 +17843,6 @@ fi +@@ -17897,8 +17905,6 @@ fi # Use OpenSSL for hash functions # @@ -773,7 +773,7 @@ index 6d05371..33689c9 100755 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then +@@ -18273,6 +18279,86 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -860,7 +860,7 @@ index 6d05371..33689c9 100755 # # was --with-lmdb specified? # -@@ -20441,9 +20527,12 @@ _ACEOF +@@ -20549,9 +20635,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5 $as_echo "size_t for buflen; int for flags" >&6; } @@ -875,7 +875,7 @@ index 6d05371..33689c9 100755 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h -@@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -21877,12 +21966,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -889,7 +889,7 @@ index 6d05371..33689c9 100755 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -@@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF +@@ -21915,6 +21999,11 @@ cat >>confdefs.h <<_ACEOF _ACEOF @@ -901,7 +901,7 @@ index 6d05371..33689c9 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21804,39 +21893,6 @@ _ACEOF +@@ -21923,39 +22012,6 @@ _ACEOF fi ;; x86_64-*|amd64-*) @@ -941,7 +941,7 @@ index 6d05371..33689c9 100755 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } +@@ -21986,6 +22042,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; } $as_echo "$arch" >&6; } fi @@ -952,7 +952,7 @@ index 6d05371..33689c9 100755 if test "yes" = "$have_atomic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5 $as_echo_n "checking compiler support for inline assembly code... " >&6; } -@@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" +@@ -24567,6 +24627,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS" # dlzdir='${DLZ_DRIVER_DIR}' @@ -983,7 +983,7 @@ index 6d05371..33689c9 100755 # # Private autoconf macro to simplify configuring drivers: # -@@ -24751,11 +24835,11 @@ $as_echo "no" >&6; } +@@ -24897,11 +24981,11 @@ $as_echo "no" >&6; } $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; } ;; *) @@ -998,7 +998,7 @@ index 6d05371..33689c9 100755 fi CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL" -@@ -24840,7 +24924,7 @@ $as_echo "" >&6; } +@@ -24986,7 +25070,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). @@ -1007,7 +1007,7 @@ index 6d05371..33689c9 100755 # include a blank element first for d in "" $bdb_incdirs do -@@ -24865,57 +24949,9 @@ $as_echo "" >&6; } +@@ -25011,57 +25095,9 @@ $as_echo "" >&6; } bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db" for d in $bdb_libnames do @@ -1067,7 +1067,7 @@ index 6d05371..33689c9 100755 break fi done -@@ -25074,10 +25110,10 @@ $as_echo "no" >&6; } +@@ -25220,10 +25256,10 @@ $as_echo "no" >&6; } DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include" DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include" fi @@ -1081,7 +1081,7 @@ index 6d05371..33689c9 100755 fi -@@ -25163,11 +25199,11 @@ fi +@@ -25309,11 +25345,11 @@ fi odbcdirs="/usr /usr/local /usr/pkg" for d in $odbcdirs do @@ -1095,7 +1095,7 @@ index 6d05371..33689c9 100755 break fi done -@@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" +@@ -25588,6 +25624,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS" @@ -1104,7 +1104,7 @@ index 6d05371..33689c9 100755 # # Commands to run at the end of config.status. # Don't just put these into configure, it won't work right if somebody -@@ -27819,6 +27857,8 @@ report() { +@@ -27966,6 +28004,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1113,7 +1113,7 @@ index 6d05371..33689c9 100755 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -27859,6 +27899,8 @@ report() { +@@ -28006,6 +28046,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1122,7 +1122,7 @@ index 6d05371..33689c9 100755 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -27906,6 +27948,8 @@ report() { +@@ -28053,6 +28095,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1132,10 +1132,10 @@ index 6d05371..33689c9 100755 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/configure.ac b/configure.ac -index d10cde5..68bead8 100644 +index 78535bd..faef2e8 100644 --- a/configure.ac +++ b/configure.ac -@@ -1550,6 +1550,7 @@ case "$use_openssl" in +@@ -1598,6 +1598,7 @@ case "$use_openssl" in AC_MSG_RESULT(disabled because of native PKCS11) DST_OPENSSL_INC="" CRYPTO="-DPKCS11CRYPTO" @@ -1143,7 +1143,7 @@ index d10cde5..68bead8 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1563,6 +1564,7 @@ case "$use_openssl" in +@@ -1611,6 +1612,7 @@ case "$use_openssl" in AC_MSG_RESULT(no) DST_OPENSSL_INC="" CRYPTO="" @@ -1151,7 +1151,7 @@ index d10cde5..68bead8 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1575,6 +1577,7 @@ case "$use_openssl" in +@@ -1623,6 +1625,7 @@ case "$use_openssl" in auto) DST_OPENSSL_INC="" CRYPTO="" @@ -1159,7 +1159,7 @@ index d10cde5..68bead8 100644 OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKSRCS="" OPENSSLEDDSALINKOBJS="" -@@ -1585,7 +1588,7 @@ case "$use_openssl" in +@@ -1633,7 +1636,7 @@ case "$use_openssl" in OPENSSLLINKSRCS="" AC_MSG_ERROR( [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path @@ -1168,7 +1168,7 @@ index d10cde5..68bead8 100644 ;; *) if test "yes" = "$want_native_pkcs11" -@@ -1615,6 +1618,7 @@ If you don't want OpenSSL, use --without-openssl]) +@@ -1663,6 +1666,7 @@ If you don't want OpenSSL, use --without-openssl]) AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found]) fi CRYPTO='-DOPENSSL' @@ -1176,7 +1176,7 @@ index d10cde5..68bead8 100644 if test "/usr" = "$use_openssl" then DST_OPENSSL_INC="" -@@ -2050,7 +2054,6 @@ fi +@@ -2099,7 +2103,6 @@ fi # Use OpenSSL for hash functions # @@ -1184,7 +1184,7 @@ index d10cde5..68bead8 100644 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH" case $want_openssl_hash in yes) -@@ -2322,6 +2325,67 @@ if test "rt" = "$have_clock_gt"; then +@@ -2371,6 +2374,67 @@ if test "rt" = "$have_clock_gt"; then LIBS="-lrt $LIBS" fi @@ -1252,7 +1252,7 @@ index d10cde5..68bead8 100644 # # was --with-lmdb specified? # -@@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" +@@ -4188,12 +4252,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM" ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM" ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM" if test "yes" = "$use_atomic"; then @@ -1266,7 +1266,7 @@ index d10cde5..68bead8 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then +@@ -4202,7 +4266,6 @@ if test "yes" = "$use_atomic"; then fi ;; x86_64-*|amd64-*) @@ -1274,7 +1274,7 @@ index d10cde5..68bead8 100644 if test $ac_cv_sizeof_void_p = 8; then arch=x86_64 have_xaddq=yes -@@ -5518,6 +5581,8 @@ report() { +@@ -5635,6 +5698,8 @@ report() { echo " IPv6 support (--enable-ipv6)" test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \ echo " OpenSSL cryptography/DNSSEC (--with-openssl)" @@ -1283,7 +1283,7 @@ index d10cde5..68bead8 100644 test "X$PYTHON" = "X" || echo " Python tools (--with-python)" test "X$XMLSTATS" = "X" || echo " XML statistics (--with-libxml2)" test "X$JSONSTATS" = "X" || echo " JSON statistics (--with-libjson)" -@@ -5558,6 +5623,8 @@ report() { +@@ -5675,6 +5740,8 @@ report() { echo " Very verbose query trace logging (--enable-querytrace)" test "no" = "$with_cmocka" || echo " CMocka Unit Testing Framework (--with-cmocka)" @@ -1292,7 +1292,7 @@ index d10cde5..68bead8 100644 echo " Dynamically loadable zone (DLZ) drivers:" test "no" = "$use_dlz_bdb" || \ echo " Berkeley DB (--with-dlz-bdb)" -@@ -5605,6 +5672,8 @@ report() { +@@ -5722,6 +5789,8 @@ report() { echo " ECDSA algorithm support (--with-ecdsa)" test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \ echo " EDDSA algorithm support (--with-eddsa)" @@ -1302,7 +1302,7 @@ index d10cde5..68bead8 100644 test "yes" = "$enable_seccomp" || \ echo " Use libseccomp system call filtering (--enable-seccomp)" diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c -index 65bf25d..1eccbe7 100644 +index 7a86506..aa54afc 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx, @@ -1366,7 +1366,7 @@ index 65bf25d..1eccbe7 100644 #endif } diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h -index 1924e74..6813c96 100644 +index 5b42ab4..3aba028 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -159,6 +159,14 @@ dst_lib_destroy(void); @@ -1385,10 +1385,10 @@ index 1924e74..6813c96 100644 dst_algorithm_supported(unsigned int alg); /*%< diff --git a/lib/dns/lib.c b/lib/dns/lib.c -index 304814b..60543c4 100644 +index d9417de..0dc935d 100644 --- a/lib/dns/lib.c +++ b/lib/dns/lib.c -@@ -18,6 +18,7 @@ +@@ -16,6 +16,7 @@ #include #include @@ -1396,7 +1396,7 @@ index 304814b..60543c4 100644 #include #include #include -@@ -78,6 +79,7 @@ static unsigned int references = 0; +@@ -76,6 +77,7 @@ static unsigned int references = 0; static void initialize(void) { isc_result_t result; @@ -1404,7 +1404,7 @@ index 304814b..60543c4 100644 REQUIRE(initialize_done == false); -@@ -88,11 +90,14 @@ initialize(void) { +@@ -86,11 +88,14 @@ initialize(void) { result = dns_ecdb_register(dns_g_mctx, &dbimp); if (result != ISC_R_SUCCESS) goto cleanup_mctx; @@ -1421,7 +1421,7 @@ index 304814b..60543c4 100644 if (result != ISC_R_SUCCESS) goto cleanup_hash; -@@ -100,11 +105,17 @@ initialize(void) { +@@ -98,11 +103,17 @@ initialize(void) { if (result != ISC_R_SUCCESS) goto cleanup_dst; @@ -1440,7 +1440,7 @@ index 304814b..60543c4 100644 isc_hash_destroy(); cleanup_db: diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c -index 13e838f..ffe0a69 100644 +index 1e57c71..3f4f822 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -31,6 +31,7 @@ @@ -1624,7 +1624,7 @@ index 13e838f..ffe0a69 100644 #endif /* OPENSSL */ /*! \file */ diff --git a/lib/dns/pkcs11.c b/lib/dns/pkcs11.c -index 5a2c502..8eaef53 100644 +index 6b30309..20552fa 100644 --- a/lib/dns/pkcs11.c +++ b/lib/dns/pkcs11.c @@ -13,12 +13,15 @@ @@ -1692,7 +1692,7 @@ index 937b548..f3c0e38 100644 tap_test_program{name='gost_test'} tap_test_program{name='keytable_test'} diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in -index 90dc3a6..7671e1d 100644 +index 4126372..30cab17 100644 --- a/lib/dns/tests/Makefile.in +++ b/lib/dns/tests/Makefile.in @@ -37,6 +37,7 @@ SRCS = acl_test.c \ @@ -1845,10 +1845,10 @@ index 0000000..bd3d164 + +#endif diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in -index 63be973..40b21fa 100644 +index 9c2ef79..f597049 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in -@@ -1485,6 +1485,13 @@ dst_lib_destroy +@@ -1487,6 +1487,13 @@ dst_lib_destroy dst_lib_init dst_lib_init2 dst_lib_initmsgcat @@ -1863,7 +1863,7 @@ index 63be973..40b21fa 100644 dst_region_computerid dst_result_register diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c -index 907e470..451544d 100644 +index 0c1f3ed..fdd17d7 100644 --- a/lib/isc/entropy.c +++ b/lib/isc/entropy.c @@ -104,11 +104,15 @@ struct isc_entropy { @@ -1921,7 +1921,7 @@ index 907e470..451544d 100644 + hook = myhook; +} diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h -index e8733db..c40a18c 100644 +index b5bc956..f32c9dc 100644 --- a/lib/isc/include/isc/entropy.h +++ b/lib/isc/include/isc/entropy.h @@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, @@ -1944,7 +1944,7 @@ index e8733db..c40a18c 100644 #endif /* ISC_ENTROPY_H */ diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in -index 61960f1..d22993d 100644 +index 2bf8758..f4c684e 100644 --- a/lib/isc/include/isc/platform.h.in +++ b/lib/isc/include/isc/platform.h.in @@ -359,6 +359,11 @@ @@ -1960,10 +1960,10 @@ index 61960f1..d22993d 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h -index da9d66f..4205400 100644 +index 3bdd54f..d5acd39 100644 --- a/lib/isc/include/isc/types.h +++ b/lib/isc/include/isc/types.h -@@ -97,6 +97,8 @@ typedef struct isc_time isc_time_t; /*%< Time */ +@@ -95,6 +95,8 @@ typedef struct isc_time isc_time_t; /*%< Time */ typedef struct isc_timer isc_timer_t; /*%< Timer */ typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */ @@ -1973,7 +1973,7 @@ index da9d66f..4205400 100644 typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int); diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c -index 68aebdc..4b85527 100644 +index 227f807..4a63fdf 100644 --- a/lib/isc/pk11.c +++ b/lib/isc/pk11.c @@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) { @@ -1999,7 +1999,7 @@ index 68aebdc..4b85527 100644 cleanup: if (stream != NULL) diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in -index 8ade705..fa72f9d 100644 +index 1f785e0..f9051c3 100644 --- a/lib/isc/win32/include/isc/platform.h.in +++ b/lib/isc/win32/include/isc/platform.h.in @@ -73,6 +73,11 @@ @@ -2015,7 +2015,7 @@ index 8ade705..fa72f9d 100644 * Define if the hash functions must be provided by OpenSSL. */ diff --git a/win32utils/Configure b/win32utils/Configure -index 79d682e..6c78cb2 100644 +index 5f66a82..ff39910 100644 --- a/win32utils/Configure +++ b/win32utils/Configure @@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA", @@ -2054,7 +2054,7 @@ index 79d682e..6c78cb2 100644 my $enable_openssl_hash = "auto"; my $enable_filter_aaaa = "yes"; my $enable_isc_spnego = "yes"; -@@ -847,6 +852,10 @@ sub myenable { +@@ -848,6 +853,10 @@ sub myenable { if ($val =~ /^yes$/i) { $enable_native_pkcs11 = "yes"; } @@ -2065,7 +2065,7 @@ index 79d682e..6c78cb2 100644 } elsif ($key =~ /^openssl-hash$/i) { if ($val =~ /^yes$/i) { $enable_openssl_hash = "yes"; -@@ -1153,6 +1162,11 @@ if ($verbose) { +@@ -1154,6 +1163,11 @@ if ($verbose) { } else { print "native-pkcs11: disabled\n"; } @@ -2077,7 +2077,7 @@ index 79d682e..6c78cb2 100644 if ($enable_openssl_hash eq "yes") { print "openssl-hash: enabled\n"; } else { -@@ -1510,6 +1524,7 @@ if ($enable_intrinsics eq "yes") { +@@ -1511,6 +1525,7 @@ if ($enable_intrinsics eq "yes") { # enable-native-pkcs11 if ($enable_native_pkcs11 eq "yes") { @@ -2085,7 +2085,7 @@ index 79d682e..6c78cb2 100644 if ($use_openssl eq "auto") { $use_openssl = "no"; } -@@ -1719,6 +1734,7 @@ if ($use_openssl eq "yes") { +@@ -1720,6 +1735,7 @@ if ($use_openssl eq "yes") { $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]"); } @@ -2093,7 +2093,7 @@ index 79d682e..6c78cb2 100644 $configcond{"OPENSSL"} = 1; $configdefd{"CRYPTO"} = "OPENSSL"; $configvar{"OPENSSL_PATH"} = "$openssl_path"; -@@ -2290,6 +2306,15 @@ if ($use_aes eq "yes") { +@@ -2291,6 +2307,15 @@ if ($use_aes eq "yes") { } @@ -2109,7 +2109,7 @@ index 79d682e..6c78cb2 100644 # enable-openssl-hash if ($enable_openssl_hash eq "yes") { if ($use_openssl eq "no") { -@@ -3665,6 +3690,7 @@ exit 0; +@@ -3673,6 +3698,7 @@ exit 0; # --enable-developer partially supported # --enable-newstats (9.9/9.9sub only) # --enable-native-pkcs11 supported @@ -2118,5 +2118,5 @@ index 79d682e..6c78cb2 100644 # --enable-openssl-hash supported # --enable-threads included without a way to disable it -- -2.21.1 +2.26.2 diff --git a/bind-9.3.2-redhat_doc.patch b/bind-9.3.2-redhat_doc.patch index d4531f4..d50374f 100644 --- a/bind-9.3.2-redhat_doc.patch +++ b/bind-9.3.2-redhat_doc.patch @@ -1,68 +1,98 @@ -diff --git a/bin/named/named.8 b/bin/named/named.8 -index ef10ef4..3150b22 100644 ---- a/bin/named/named.8 -+++ b/bin/named/named.8 -@@ -349,6 +349,63 @@ The default configuration file\&. - /var/run/named/named\&.pid - .RS 4 - The default process\-id file\&. -+.PP -+.SH "NOTES" -+.PP -+.TP -+\fBRed Hat SELinux BIND Security Profile:\fR -+.PP -+By default, Red Hat ships BIND with the most secure SELinux policy -+that will not prevent normal BIND operation and will prevent exploitation -+of all known BIND security vulnerabilities . See the selinux(8) man page -+for information about SElinux. -+.PP -+It is not necessary to run named in a chroot environment if the Red Hat -+SELinux policy for named is enabled. When enabled, this policy is far -+more secure than a chroot environment. Users are recommended to enable -+SELinux and remove the bind-chroot package. -+.PP -+With this extra security comes some restrictions: -+.PP -+By default, the SELinux policy does not allow named to write any master -+zone database files. Only the root user may create files in the $ROOTDIR/var/named -+zone database file directory (the options { "directory" } option), where -+$ROOTDIR is set in /etc/sysconfig/named. -+.PP -+The "named" group must be granted read privelege to -+these files in order for named to be enabled to read them. -+.PP -+Any file created in the zone database file directory is automatically assigned -+the SELinux file context named_zone_t . -+.PP -+By default, SELinux prevents any role from modifying named_zone_t files; this -+means that files in the zone database directory cannot be modified by dynamic -+DNS (DDNS) updates or zone transfers. -+.PP -+The Red Hat BIND distribution and SELinux policy creates three directories where -+named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic -+/var/named/data. By placing files you want named to modify, such as -+slave or DDNS updateable zone files and database / statistics dump files in -+these directories, named will work normally and no further operator action is -+required. Files in these directories are automatically assigned the 'named_cache_t' -+file context, which SELinux allows named to write. -+.PP -+\fBRed Hat BIND SDB support:\fR -+.PP -+Red Hat ships named with compiled in Simplified Database Backend modules that ISC -+provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them -+.PP -+The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb. -+.PP -+See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ . -+.br -+.PP -+\fBRed Hat system-config-bind:\fR -+.PP -+Red Hat provides the system-config-bind GUI to configure named.conf and zone -+database files. Run the "system-config-bind" command and access the manual -+by selecting the Help menu. -+.PP - .RE - .SH "SEE ALSO" - .PP +From facdbb0f2a266c6a3a1fa823afaa09cbd3fc38a5 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Thu, 26 Nov 2020 12:13:10 +0100 +Subject: [PATCH] Note specific Red Hat changes in manual page + +Change docbook template instead of generated manual page. Remove +system-config-bind reference, package were discontinued. +--- + bin/named/named.docbook | 73 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 73 insertions(+) + +diff --git a/bin/named/named.docbook b/bin/named/named.docbook +index 7e743a9..802bec3 100644 +--- a/bin/named/named.docbook ++++ b/bin/named/named.docbook +@@ -516,6 +516,79 @@ + + + ++ NOTES ++ Red Hat SELinux BIND Security Profile ++ ++ ++ By default, Red Hat ships BIND with the most secure SELinux policy ++ that will not prevent normal BIND operation and will prevent exploitation ++ of all known BIND security vulnerabilities . See the selinux(8) man page ++ for information about SElinux. ++ ++ ++ ++ It is not necessary to run named in a chroot environment if the Red Hat ++ SELinux policy for named is enabled. When enabled, this policy is far ++ more secure than a chroot environment. Users are recommended to enable ++ SELinux and remove the bind-chroot package. ++ ++ ++ ++ With this extra security comes some restrictions: ++ ++ ++ ++ By default, the SELinux policy allows named to write any master ++ zone database files. Only the root user may create files in the $ROOTDIR/var/named ++ zone database file directory (the options { "directory" } option), where ++ $ROOTDIR is set in /etc/sysconfig/named. ++ ++ ++ ++ The "named" group must be granted read privelege to ++ these files in order for named to be enabled to read them. ++ ++ ++ ++ Any file created in the zone database file directory is automatically assigned ++ the SELinux file context named_zone_t . ++ ++ ++ ++ By default, SELinux prevents any role from modifying named_zone_t files; this ++ means that files in the zone database directory cannot be modified by dynamic ++ DNS (DDNS) updates or zone transfers. ++ ++ ++ ++ The Red Hat BIND distribution and SELinux policy creates three directories where ++ named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic ++ /var/named/data. By placing files you want named to modify, such as ++ slave or DDNS updateable zone files and database / statistics dump files in ++ these directories, named will work normally and no further operator action is ++ required. Files in these directories are automatically assigned the 'named_cache_t' ++ file context, which SELinux allows named to write. ++ ++ ++ ++ Red Hat BIND SDB support ++ ++ ++ Red Hat ships named with compiled in Simplified Database Backend modules that ISC ++ provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them. ++ ++ ++ ++ The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb. ++ ++ ++ ++ See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ . ++ ++ ++ ++ ++ + SEE ALSO + + RFC 1033, +-- +2.26.2 + diff --git a/bind.spec b/bind.spec index 9089da0..1ecdb8d 100644 --- a/bind.spec +++ b/bind.spec @@ -66,8 +66,8 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.11.24 -Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Version: 9.11.25 +Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -162,7 +162,6 @@ Patch174:bind-9.11-json-c.patch Patch175:bind-9.11-fips-disable.patch Patch177: bind-9.11-serve-stale.patch Patch178: bind-9.11-serve-stale-dbfix.patch -Patch179: bind-9.11-rh1893761.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -576,7 +575,6 @@ are used for building ISC DHCP. %patch175 -p1 -b .rh1709553 %patch177 -p1 -b .serve-stale %patch178 -p1 -b .rh1770492 -%patch179 -p1 -b .rh1893761 mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data @@ -1610,6 +1608,9 @@ fi; %endif %changelog +* Thu Nov 26 2020 Petr Menšík - 32:9.11.25-1 +- Update to 9.11.25 + * Wed Nov 04 2020 Petr Menšík - 32:9.11.24-2 - Fix crash on NTA recheck failure (#1893761) diff --git a/sources b/sources index 9a9dda2..0f11c4e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.11.24.tar.gz) = 30b4910be9e59b1df9184ddbd95341494c08a2c530b02077f28492c248af607d7d4c6666459a0e7cc0e9ad6c2b12ff3e7b03f500a720b39d304008f0ab94d5fa -SHA512 (bind-9.11.24.tar.gz.asc) = 7ec9a0fa9cc61ab64c2c2c67fabfe17311253da509dbe658dfe5a63d4fada2d0800a2e6d388d8303ccaa4ef110c5a110569724030df3a34dee58b0a58904bbcb +SHA512 (bind-9.11.25.tar.gz) = 852b15b6cf2f77ab103018e6fc078d856653c62c2db0ca2ef4f8bee64a60b06ed481d9fcdf29020e5072c69b9982545f032b2ab4c94dac28848150e04b9cecf9 +SHA512 (bind-9.11.25.tar.gz.asc) = 8cc8e5d21a445d918e82b42057f1d4e73ed977f4eb9584736008b71ae747078d500cc962c3bd03eb4f6a18688b642b108a8e3d673851b0dd4818fc9a33e5faf7