Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/bind.git#ad33c6c09557956426b2c7053495496dc9c442cb
2020-11-26 13:20:54 +00:00 · 2020-11-26 13:20:54 +00:00 · a9c482da54
parent 6b2bb6b270
commit a9c482da54
6 changed files with 213 additions and 208 deletions
--- a/.gitignore
+++ b/.gitignore
@ -118,3 +118,5 @@ bind-9.7.2b1.tar.gz
 /bind-9.11.23.tar.gz.asc
 /bind-9.11.24.tar.gz
 /bind-9.11.24.tar.gz.asc
 /bind-9.11.25.tar.gz
 /bind-9.11.25.tar.gz.asc
--- a/bind-9.11-rh1893761.patch
+++ b/bind-9.11-rh1893761.patch
@ -1,28 +0,0 @@
 From ee53b9558fb73dc0c2f328fe91421f2c32e9a369 Mon Sep 17 00:00:00 2001
 From: Mark Andrews <marka@isc.org>
 Date: Tue, 3 Nov 2020 11:25:55 +1100
 Subject: [PATCH] Call nta_detach() before dns_view_weakdetach() so view is
 available.
 (cherry picked from commit ea956976d1e89f49570a4690fbad377e4f607c77)
 ---
 lib/dns/nta.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/dns/nta.c b/lib/dns/nta.c
 index 79058bb9b5..73febe44ed 100644
 --- a/lib/dns/nta.c
 +++ b/lib/dns/nta.c
@@ -283,8 +283,8 @@ checkbogus(isc_task_t *task, isc_event_t *event) {
 					  &nta->sigrdataset,
 					  &nta->fetch);
 	if (result != ISC_R_SUCCESS) {
 -		dns_view_weakdetach(&view);
 		nta_detach(view->mctx, &nta);
 +		dns_view_weakdetach(&view);
 	}
 }
 -- 
 2.26.2
--- a/bind-9.11-rt31459.patch
+++ b/bind-9.11-rt31459.patch
@ -1,4 +1,4 @@
-From 5c29299e43db5a4e6f8b1b07af84dfe1687c4c2b Mon Sep 17 00:00:00 2001
+From 63d1fe9e1ac0db37f89cf31b40c35d6d22578ded Mon Sep 17 00:00:00 2001
 From: Evan Hunt <each@isc.org>
 Date: Tue, 12 Sep 2017 19:05:46 -0700
 Subject: [PATCH] rebased rt31459c
@ -53,7 +53,7 @@ Include new unit test
 create mode 100644 lib/dns/tests/dstrandom_test.c
 diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
-index 5015abb..295e16f 100644
+index 40cf74c..bd269e7 100644
 --- a/bin/confgen/keygen.c
 +++ b/bin/confgen/keygen.c
@@ -165,6 +165,13 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
@ -71,7 +71,7 @@ index 5015abb..295e16f 100644
 							     &entropy_source,
 							     randomfile,
 diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c
-index d9d6bb9..de4b15f 100644
+index 4420f2d..9cb63a8 100644
 --- a/bin/dnssec/dnssec-dsfromkey.c
 +++ b/bin/dnssec/dnssec-dsfromkey.c
@@ -498,14 +498,14 @@ main(int argc, char **argv) {
@ -103,7 +103,7 @@ index d9d6bb9..de4b15f 100644
 	dns_name_destroy();
 	if (verbose > 10)
 diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c
-index d65a514..04b3094 100644
+index dc9a293..52863a1 100644
 --- a/bin/dnssec/dnssec-importkey.c
 +++ b/bin/dnssec/dnssec-importkey.c
@@ -404,14 +404,14 @@ main(int argc, char **argv) {
@ -135,7 +135,7 @@ index d65a514..04b3094 100644
 	dns_name_destroy();
 	if (verbose > 10)
 diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c
-index 7d82dbf..10f9359 100644
+index 0121a34..74a99b0 100644
 --- a/bin/dnssec/dnssec-revoke.c
 +++ b/bin/dnssec/dnssec-revoke.c
@@ -184,14 +184,14 @@ main(int argc, char **argv) {
@ -167,10 +167,10 @@ index 7d82dbf..10f9359 100644
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
 diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
-index 7afcaee..1cfa511 100644
+index f017895..2c568fc 100644
 --- a/bin/dnssec/dnssec-settime.c
 +++ b/bin/dnssec/dnssec-settime.c
-@@ -380,14 +380,14 @@ main(int argc, char **argv) {
+@@ -391,14 +391,14 @@ main(int argc, char **argv) {
 	if (ectx == NULL)
 		setup_entropy(mctx, NULL, &ectx);
@ -188,7 +188,7 @@ index 7afcaee..1cfa511 100644
 	isc_entropy_stopcallbacksources(ectx);
 	if (predecessor != NULL) {
-@@ -672,8 +672,8 @@ main(int argc, char **argv) {
+@@ -683,8 +683,8 @@ main(int argc, char **argv) {
 	if (prevkey != NULL)
 		dst_key_free(&prevkey);
 	dst_key_free(&key);
@ -199,10 +199,10 @@ index 7afcaee..1cfa511 100644
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
 diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
-index 319a805..27ae4d4 100644
+index dde1b2f..7308fc6 100644
 --- a/bin/dnssec/dnssec-signzone.c
 +++ b/bin/dnssec/dnssec-signzone.c
-@@ -3460,14 +3460,15 @@ main(int argc, char *argv[]) {
+@@ -3465,14 +3465,15 @@ main(int argc, char *argv[]) {
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
@ -222,7 +222,7 @@ index 319a805..27ae4d4 100644
 	isc_stdtime_get(&now);
 	if (startstr != NULL) {
-@@ -3879,8 +3880,8 @@ main(int argc, char *argv[]) {
+@@ -3884,8 +3885,8 @@ main(int argc, char *argv[]) {
 	dns_master_styledestroy(&dsstyle, mctx);
 	cleanup_logging(&log);
@ -233,7 +233,7 @@ index 319a805..27ae4d4 100644
 	dns_name_destroy();
 	if (verbose > 10)
 diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c
-index 4c293bf..3263cbc 100644
+index 087cd5d..07c7294 100644
 --- a/bin/dnssec/dnssec-verify.c
 +++ b/bin/dnssec/dnssec-verify.c
@@ -281,15 +281,15 @@ main(int argc, char *argv[]) {
@ -257,7 +257,7 @@ index 4c293bf..3263cbc 100644
 	rdclass = strtoclass(classname);
 diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
-index 618ec5b..5654435 100644
+index 7f045e8..2a0f9c6 100644
 --- a/bin/dnssec/dnssectool.c
 +++ b/bin/dnssec/dnssectool.c
@@ -34,6 +34,7 @@
@ -293,7 +293,7 @@ index 618ec5b..5654435 100644
 					   usekeyboard);
 diff --git a/bin/named/server.c b/bin/named/server.c
-index 4e503e5..f27071f 100644
+index 30d38be..b2ae57c 100644
 --- a/bin/named/server.c
 +++ b/bin/named/server.c
@@ -36,6 +36,7 @@
@ -304,7 +304,7 @@ index 4e503e5..f27071f 100644
 #include <isc/portset.h>
 #include <isc/print.h>
 #include <isc/random.h>
-@@ -8217,6 +8218,10 @@ load_configuration(const char *filename, ns_server_t *server,
+@@ -8286,6 +8287,10 @@ load_configuration(const char *filename, ns_server_t *server,
 				      "no source of entropy found");
 		} else {
 			const char *randomdev = cfg_obj_asstring(obj);
@ -315,7 +315,7 @@ index 4e503e5..f27071f 100644
 			int level = ISC_LOG_ERROR;
 			result = isc_entropy_createfilesource(ns_g_entropy,
 							      randomdev);
-@@ -8251,6 +8256,7 @@ load_configuration(const char *filename, ns_server_t *server,
+@@ -8320,6 +8325,7 @@ load_configuration(const char *filename, ns_server_t *server,
 				}
 				isc_entropy_detach(&ns_g_fallbackentropy);
 			}
@ -324,10 +324,10 @@ index 4e503e5..f27071f 100644
 		}
 diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
-index bbb3936..0286987 100644
+index 5a2c660..7f15cbc 100644
 --- a/bin/nsupdate/nsupdate.c
 +++ b/bin/nsupdate/nsupdate.c
-@@ -272,7 +272,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
+@@ -278,7 +278,8 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	if (*ectx == NULL) {
 		result = isc_entropy_create(mctx, ectx);
 		if (result != ISC_R_SUCCESS)
@ -337,7 +337,7 @@ index bbb3936..0286987 100644
 		ISC_LIST_INIT(sources);
 	}
-@@ -281,6 +282,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
+@@ -287,6 +288,13 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 		randomfile = NULL;
 	}
@ -351,7 +351,7 @@ index bbb3936..0286987 100644
 	result = isc_entropy_usebestsource(*ectx, &source, randomfile,
 					   usekeyboard);
-@@ -979,11 +987,11 @@ setup_system(void) {
+@@ -989,11 +997,11 @@ setup_system(void) {
 		}
 	}
@ -366,7 +366,7 @@ index bbb3936..0286987 100644
 	result = dns_dispatchmgr_create(gmctx, entropy, &dispatchmgr);
 	check_result(result, "dns_dispatchmgr_create");
 diff --git a/bin/tests/makejournal.c b/bin/tests/makejournal.c
-index 61a41b0..acc71a1 100644
+index 68b5e5a..cd54c8d 100644
 --- a/bin/tests/makejournal.c
 +++ b/bin/tests/makejournal.c
@@ -102,12 +102,12 @@ main(int argc, char **argv) {
@ -386,7 +386,7 @@ index 61a41b0..acc71a1 100644
 	isc_log_registercategories(lctx, categories);
 	isc_log_setcontext(lctx);
 diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
-index c6ab7f8..f0a6ff2 100644
+index e16ec11..95b65bf 100644
 --- a/bin/tests/system/pipelined/pipequeries.c
 +++ b/bin/tests/system/pipelined/pipequeries.c
@@ -204,6 +204,7 @@ sendqueries(isc_task_t *task, isc_event_t *event) {
@ -448,7 +448,7 @@ index c6ab7f8..f0a6ff2 100644
 	isc_log_destroy(&lctx);
 diff --git a/bin/tests/system/pipelined/tests.sh b/bin/tests/system/pipelined/tests.sh
-index 61f1ff7..ed1302a 100644
+index c0a99a2..0245527 100644
 --- a/bin/tests/system/pipelined/tests.sh
 +++ b/bin/tests/system/pipelined/tests.sh
@@ -19,7 +19,7 @@ status=0
@ -470,7 +470,7 @@ index 61f1ff7..ed1302a 100644
 $DIFF refb outputb || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c
-index 4462f2e..f06268d 100644
+index abf12ed..fa5182c 100644
 --- a/bin/tests/system/rsabigexponent/bigkey.c
 +++ b/bin/tests/system/rsabigexponent/bigkey.c
@@ -20,6 +20,7 @@
@ -492,7 +492,7 @@ index 4462f2e..f06268d 100644
 					"../random.data",
 					ISC_ENTROPY_KEYBOARDNO),
 diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
-index 653c951..fe8698e 100644
+index 34360aa..3236968 100644
 --- a/bin/tests/system/tkey/keycreate.c
 +++ b/bin/tests/system/tkey/keycreate.c
@@ -206,6 +206,7 @@ sendquery(isc_task_t *task, isc_event_t *event) {
@ -561,7 +561,7 @@ index 653c951..fe8698e 100644
 	isc_mem_destroy(&mctx);
 diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
-index 70a40c3..2146f9b 100644
+index 4b5b901..43fb6b0 100644
 --- a/bin/tests/system/tkey/keydelete.c
 +++ b/bin/tests/system/tkey/keydelete.c
@@ -136,6 +136,7 @@ sendquery(isc_task_t *task, isc_event_t *event) {
@ -630,50 +630,50 @@ index 70a40c3..2146f9b 100644
 	isc_mem_destroy(&mctx);
 diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh
-index 9f90dd7..fad6c83 100644
+index b265156..bcd60a6 100644
 --- a/bin/tests/system/tkey/tests.sh
 +++ b/bin/tests/system/tkey/tests.sh
@@ -33,7 +33,7 @@ for owner in . foo.example.
 do
- 	echo "I:creating new key using owner name \"$owner\""
+ 	echo_i "creating new key using owner name \"$owner\" ($n)"
 	ret=0
 -	keyname=`$KEYCREATE $dhkeyname $owner` || ret=1
 +	keyname=`$KEYCREATE -r $RANDFILE $dhkeyname $owner` || ret=1
 	if [ $ret != 0 ]; then
- 		echo "I:failed"
+ 		echo_i "failed"
- 		status=`expr $status + $ret`
+ 		status=$((status+ret))
-@@ -55,7 +55,7 @@ do
+@@ -57,7 +57,7 @@ do
- 	echo "I:deleting new key"
+ 	echo_i "deleting new key ($n)"
 	ret=0
 -	$KEYDELETE $keyname || ret=1
 +	$KEYDELETE -r $RANDFILE $keyname || ret=1
 	if [ $ret != 0 ]; then
- 		echo "I:failed"
+ 		echo_i "failed"
 	fi
-@@ -75,7 +75,7 @@ done
+@@ -79,7 +79,7 @@ done
- echo "I:creating new key using owner name bar.example."
+ echo_i "creating new key using owner name bar.example. ($n)"
 ret=0
 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
 +keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1
 if [ $ret != 0 ]; then
-         echo "I:failed"
+         echo_i "failed"
- 	status=`expr $status + $ret`
+ 	status=$((status+ret))
-@@ -116,7 +116,7 @@ status=`expr $status + $ret`
+@@ -124,7 +124,7 @@ n=$((n+1))
- echo "I:recreating the bar.example. key"
+ echo_i "recreating the bar.example. key ($n)"
 ret=0
 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
 +keyname=`$KEYCREATE -r $RANDFILE $dhkeyname bar.example.` || ret=1
 if [ $ret != 0 ]; then
-         echo "I:failed"
+         echo_i "failed"
- 	status=`expr $status + $ret`
+ 	status=$((status+ret))
 diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c
-index bf6dbb6..0416b21 100644
+index 26fa609..fb34aa0 100644
 --- a/bin/tools/mdig.c
 +++ b/bin/tools/mdig.c
-@@ -1972,12 +1972,11 @@ main(int argc, char *argv[]) {
+@@ -2005,12 +2005,11 @@ main(int argc, char *argv[]) {
 	ectx = NULL;
 	RUNCHECK(isc_entropy_create(mctx, &ectx));
@ -688,7 +688,7 @@ index bf6dbb6..0416b21 100644
 	parse_args(false, argc, argv);
 	if (server == NULL)
 diff --git a/configure b/configure
-index 6d05371..33689c9 100755
+index 0faca65..d5ffc87 100755
 --- a/configure
 +++ b/configure
@@ -640,6 +640,7 @@ ac_includes_default="\
@ -723,7 +723,7 @@ index 6d05371..33689c9 100755
   --enable-largefile      64-bit file support
   --enable-backtrace      log stack backtrace on abort [default=yes]
   --enable-symtable       use internal symbol table for backtrace
-@@ -17144,6 +17148,7 @@ case "$use_openssl" in
+@@ -17205,6 +17209,7 @@ case "$use_openssl" in
 $as_echo "disabled because of native PKCS11" >&6; }
 		DST_OPENSSL_INC=""
 		CRYPTO="-DPKCS11CRYPTO"
@ -731,7 +731,7 @@ index 6d05371..33689c9 100755
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
 		OPENSSLEDDSALINKOBJS=""
-@@ -17158,6 +17163,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
+@@ -17219,6 +17224,7 @@ $as_echo "disabled because of native PKCS11" >&6; }
 $as_echo "no" >&6; }
 		DST_OPENSSL_INC=""
 		CRYPTO=""
@ -739,7 +739,7 @@ index 6d05371..33689c9 100755
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
 		OPENSSLEDDSALINKOBJS=""
-@@ -17170,6 +17176,7 @@ $as_echo "no" >&6; }
+@@ -17231,6 +17237,7 @@ $as_echo "no" >&6; }
 	auto)
 		DST_OPENSSL_INC=""
 		CRYPTO=""
@ -747,7 +747,7 @@ index 6d05371..33689c9 100755
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
 		OPENSSLEDDSALINKOBJS=""
-@@ -17179,7 +17186,7 @@ $as_echo "no" >&6; }
+@@ -17240,7 +17247,7 @@ $as_echo "no" >&6; }
 		OPENSSLLINKOBJS=""
 		OPENSSLLINKSRCS=""
 		as_fn_error $? "OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -756,7 +756,7 @@ index 6d05371..33689c9 100755
 		;;
 	*)
 		if test "yes" = "$want_native_pkcs11"
-@@ -17210,6 +17217,7 @@ $as_echo "not found" >&6; }
+@@ -17271,6 +17278,7 @@ $as_echo "not found" >&6; }
 			as_fn_error $? "\"$use_openssl/include/openssl/opensslv.h\" not found" "$LINENO" 5
 		fi
 		CRYPTO='-DOPENSSL'
@ -764,7 +764,7 @@ index 6d05371..33689c9 100755
 		if test "/usr" = "$use_openssl"
 		then
 			DST_OPENSSL_INC=""
-@@ -17835,8 +17843,6 @@ fi
+@@ -17897,8 +17905,6 @@ fi
 # Use OpenSSL for hash functions
 #
@ -773,7 +773,7 @@ index 6d05371..33689c9 100755
 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
 case $want_openssl_hash in
 	yes)
-@@ -18211,6 +18217,86 @@ if test "rt" = "$have_clock_gt"; then
+@@ -18273,6 +18279,86 @@ if test "rt" = "$have_clock_gt"; then
 	LIBS="-lrt $LIBS"
 fi
@ -860,7 +860,7 @@ index 6d05371..33689c9 100755
 #
 # was --with-lmdb specified?
 #
-@@ -20441,9 +20527,12 @@ _ACEOF
+@@ -20549,9 +20635,12 @@ _ACEOF
 if ac_fn_c_try_compile "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t for buflen; int for flags" >&5
 $as_echo "size_t for buflen; int for flags" >&6; }
@ -875,7 +875,7 @@ index 6d05371..33689c9 100755
 	 $as_echo "#define IRS_GETNAMEINFO_FLAGS_T int" >>confdefs.h
-@@ -21758,12 +21847,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
+@@ -21877,12 +21966,7 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
 ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
 ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
 if test "yes" = "$use_atomic"; then
@ -889,7 +889,7 @@ index 6d05371..33689c9 100755
 # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
 # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
 # This bug is HP SR number 8606223364.
-@@ -21796,6 +21880,11 @@ cat >>confdefs.h <<_ACEOF
+@@ -21915,6 +21999,11 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
@ -901,7 +901,7 @@ index 6d05371..33689c9 100755
 		if test $ac_cv_sizeof_void_p = 8; then
 			arch=x86_64
 			have_xaddq=yes
-@@ -21804,39 +21893,6 @@ _ACEOF
+@@ -21923,39 +22012,6 @@ _ACEOF
 		fi
 	;;
 	x86_64-*|amd64-*)
@ -941,7 +941,7 @@ index 6d05371..33689c9 100755
 		if test $ac_cv_sizeof_void_p = 8; then
 			arch=x86_64
 			have_xaddq=yes
-@@ -21867,6 +21923,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
+@@ -21986,6 +22042,10 @@ $as_echo_n "checking architecture type for atomic operations... " >&6; }
 $as_echo "$arch" >&6; }
 fi
@ -952,7 +952,7 @@ index 6d05371..33689c9 100755
 if test "yes" = "$have_atomic"; then
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler support for inline assembly code" >&5
 $as_echo_n "checking compiler support for inline assembly code... " >&6; }
-@@ -24421,6 +24481,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
+@@ -24567,6 +24627,30 @@ CFLAGS="$CFLAGS $SO_CFLAGS"
 #
 dlzdir='${DLZ_DRIVER_DIR}'
@ -983,7 +983,7 @@ index 6d05371..33689c9 100755
 #
 # Private autoconf macro to simplify configuring drivers:
 #
-@@ -24751,11 +24835,11 @@ $as_echo "no" >&6; }
+@@ -24897,11 +24981,11 @@ $as_echo "no" >&6; }
 $as_echo "using mysql with libs ${mysql_lib} and includes ${mysql_include}" >&6; }
 		;;
 	*)
@ -998,7 +998,7 @@ index 6d05371..33689c9 100755
 		fi
 	CONTRIB_DLZ="$CONTRIB_DLZ -DDLZ_MYSQL"
-@@ -24840,7 +24924,7 @@ $as_echo "" >&6; }
+@@ -24986,7 +25070,7 @@ $as_echo "" >&6; }
 			# Check other locations for includes.
 			# Order is important (sigh).
@ -1007,7 +1007,7 @@ index 6d05371..33689c9 100755
 			# include a blank element first
 			for d in "" $bdb_incdirs
 			do
-@@ -24865,57 +24949,9 @@ $as_echo "" >&6; }
+@@ -25011,57 +25095,9 @@ $as_echo "" >&6; }
 			bdb_libnames="db53 db-5.3 db51 db-5.1 db48 db-4.8 db47 db-4.7 db46 db-4.6 db45 db-4.5 db44 db-4.4 db43 db-4.3 db42 db-4.2 db41 db-4.1 db"
 			for d in $bdb_libnames
 			do
@ -1067,7 +1067,7 @@ index 6d05371..33689c9 100755
 					break
 				fi
 			done
-@@ -25074,10 +25110,10 @@ $as_echo "no" >&6; }
+@@ -25220,10 +25256,10 @@ $as_echo "no" >&6; }
 		DLZ_DRIVER_INCLUDES="$DLZ_DRIVER_INCLUDES -I$use_dlz_ldap/include"
 		DLZ_DRIVER_LDAP_INCLUDES="-I$use_dlz_ldap/include"
 	fi
@ -1081,7 +1081,7 @@ index 6d05371..33689c9 100755
 	fi
-@@ -25163,11 +25199,11 @@ fi
+@@ -25309,11 +25345,11 @@ fi
 		odbcdirs="/usr /usr/local /usr/pkg"
 		for d in $odbcdirs
 		do
@ -1095,7 +1095,7 @@ index 6d05371..33689c9 100755
 				break
 			fi
 		done
-@@ -25442,6 +25478,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
+@@ -25588,6 +25624,8 @@ DNS_CRYPTO_LIBS="$NEWFLAGS"
@ -1104,7 +1104,7 @@ index 6d05371..33689c9 100755
 #
 # Commands to run at the end of config.status.
 # Don't just put these into configure, it won't work right if somebody
-@@ -27819,6 +27857,8 @@ report() {
+@@ -27966,6 +28004,8 @@ report() {
 	    echo "    IPv6 support (--enable-ipv6)"
 	test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
 		echo "    OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1113,7 +1113,7 @@ index 6d05371..33689c9 100755
 	test "X$PYTHON" = "X" || echo "    Python tools (--with-python)"
 	test "X$XMLSTATS" = "X" || echo "    XML statistics (--with-libxml2)"
 	test "X$JSONSTATS" = "X" || echo "    JSON statistics (--with-libjson)"
-@@ -27859,6 +27899,8 @@ report() {
+@@ -28006,6 +28046,8 @@ report() {
 	echo "    Very verbose query trace logging (--enable-querytrace)"
     test "no" = "$with_cmocka" || echo "    CMocka Unit Testing Framework (--with-cmocka)"
@ -1122,7 +1122,7 @@ index 6d05371..33689c9 100755
     echo "    Dynamically loadable zone (DLZ) drivers:"
     test "no" = "$use_dlz_bdb" || \
 	echo "        Berkeley DB (--with-dlz-bdb)"
-@@ -27906,6 +27948,8 @@ report() {
+@@ -28053,6 +28095,8 @@ report() {
 	echo "    ECDSA algorithm support (--with-ecdsa)"
     test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
 	echo "    EDDSA algorithm support (--with-eddsa)"
@ -1132,10 +1132,10 @@ index 6d05371..33689c9 100755
     test "yes" = "$enable_seccomp" || \
 	echo "    Use libseccomp system call filtering (--enable-seccomp)"
 diff --git a/configure.ac b/configure.ac
-index d10cde5..68bead8 100644
+index 78535bd..faef2e8 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1550,6 +1550,7 @@ case "$use_openssl" in
+@@ -1598,6 +1598,7 @@ case "$use_openssl" in
 		AC_MSG_RESULT(disabled because of native PKCS11)
 		DST_OPENSSL_INC=""
 		CRYPTO="-DPKCS11CRYPTO"
@ -1143,7 +1143,7 @@ index d10cde5..68bead8 100644
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
 		OPENSSLEDDSALINKOBJS=""
-@@ -1563,6 +1564,7 @@ case "$use_openssl" in
+@@ -1611,6 +1612,7 @@ case "$use_openssl" in
 		AC_MSG_RESULT(no)
 		DST_OPENSSL_INC=""
 		CRYPTO=""
@ -1151,7 +1151,7 @@ index d10cde5..68bead8 100644
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
 		OPENSSLEDDSALINKOBJS=""
-@@ -1575,6 +1577,7 @@ case "$use_openssl" in
+@@ -1623,6 +1625,7 @@ case "$use_openssl" in
 	auto)
 		DST_OPENSSL_INC=""
 		CRYPTO=""
@ -1159,7 +1159,7 @@ index d10cde5..68bead8 100644
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
 		OPENSSLEDDSALINKOBJS=""
-@@ -1585,7 +1588,7 @@ case "$use_openssl" in
+@@ -1633,7 +1636,7 @@ case "$use_openssl" in
 		OPENSSLLINKSRCS=""
 		AC_MSG_ERROR(
 [OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
@ -1168,7 +1168,7 @@ index d10cde5..68bead8 100644
 		;;
 	*)
 		if test "yes" = "$want_native_pkcs11"
-@@ -1615,6 +1618,7 @@ If you don't want OpenSSL, use --without-openssl])
+@@ -1663,6 +1666,7 @@ If you don't want OpenSSL, use --without-openssl])
 			AC_MSG_ERROR(["$use_openssl/include/openssl/opensslv.h" not found])
 		fi
 		CRYPTO='-DOPENSSL'
@ -1176,7 +1176,7 @@ index d10cde5..68bead8 100644
 		if test "/usr" = "$use_openssl"
 		then
 			DST_OPENSSL_INC=""
-@@ -2050,7 +2054,6 @@ fi
+@@ -2099,7 +2103,6 @@ fi
 # Use OpenSSL for hash functions
 #
@ -1184,7 +1184,7 @@ index d10cde5..68bead8 100644
 ISC_PLATFORM_OPENSSLHASH="#undef ISC_PLATFORM_OPENSSLHASH"
 case $want_openssl_hash in
 	yes)
-@@ -2322,6 +2325,67 @@ if test "rt" = "$have_clock_gt"; then
+@@ -2371,6 +2374,67 @@ if test "rt" = "$have_clock_gt"; then
 	LIBS="-lrt $LIBS"
 fi
@ -1252,7 +1252,7 @@ index d10cde5..68bead8 100644
 #
 # was --with-lmdb specified?
 #
-@@ -4098,12 +4162,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
+@@ -4188,12 +4252,12 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
 ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
 ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
 if test "yes" = "$use_atomic"; then
@ -1266,7 +1266,7 @@ index d10cde5..68bead8 100644
 		if test $ac_cv_sizeof_void_p = 8; then
 			arch=x86_64
 			have_xaddq=yes
-@@ -4112,7 +4176,6 @@ if test "yes" = "$use_atomic"; then
+@@ -4202,7 +4266,6 @@ if test "yes" = "$use_atomic"; then
 		fi
 	;;
 	x86_64-*|amd64-*)
@ -1274,7 +1274,7 @@ index d10cde5..68bead8 100644
 		if test $ac_cv_sizeof_void_p = 8; then
 			arch=x86_64
 			have_xaddq=yes
-@@ -5518,6 +5581,8 @@ report() {
+@@ -5635,6 +5698,8 @@ report() {
 	    echo "    IPv6 support (--enable-ipv6)"
 	test "X$CRYPTO" = "X" -o "yes" = "$want_native_pkcs11" || \
 		echo "    OpenSSL cryptography/DNSSEC (--with-openssl)"
@ -1283,7 +1283,7 @@ index d10cde5..68bead8 100644
 	test "X$PYTHON" = "X" || echo "    Python tools (--with-python)"
 	test "X$XMLSTATS" = "X" || echo "    XML statistics (--with-libxml2)"
 	test "X$JSONSTATS" = "X" || echo "    JSON statistics (--with-libjson)"
-@@ -5558,6 +5623,8 @@ report() {
+@@ -5675,6 +5740,8 @@ report() {
 	echo "    Very verbose query trace logging (--enable-querytrace)"
     test "no" = "$with_cmocka" || echo "    CMocka Unit Testing Framework (--with-cmocka)"
@ -1292,7 +1292,7 @@ index d10cde5..68bead8 100644
     echo "    Dynamically loadable zone (DLZ) drivers:"
     test "no" = "$use_dlz_bdb" || \
 	echo "        Berkeley DB (--with-dlz-bdb)"
-@@ -5605,6 +5672,8 @@ report() {
+@@ -5722,6 +5789,8 @@ report() {
 	echo "    ECDSA algorithm support (--with-ecdsa)"
     test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
 	echo "    EDDSA algorithm support (--with-eddsa)"
@ -1302,7 +1302,7 @@ index d10cde5..68bead8 100644
     test "yes" = "$enable_seccomp" || \
 	echo "    Use libseccomp system call filtering (--enable-seccomp)"
 diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
-index 65bf25d..1eccbe7 100644
+index 7a86506..aa54afc 100644
 --- a/lib/dns/dst_api.c
 +++ b/lib/dns/dst_api.c
@@ -277,6 +277,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
@ -1366,7 +1366,7 @@ index 65bf25d..1eccbe7 100644
 #endif
 }
 diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
-index 1924e74..6813c96 100644
+index 5b42ab4..3aba028 100644
 --- a/lib/dns/include/dst/dst.h
 +++ b/lib/dns/include/dst/dst.h
@@ -159,6 +159,14 @@ dst_lib_destroy(void);
@ -1385,10 +1385,10 @@ index 1924e74..6813c96 100644
 dst_algorithm_supported(unsigned int alg);
 /*%<
 diff --git a/lib/dns/lib.c b/lib/dns/lib.c
-index 304814b..60543c4 100644
+index d9417de..0dc935d 100644
 --- a/lib/dns/lib.c
 +++ b/lib/dns/lib.c
-@@ -18,6 +18,7 @@
+@@ -16,6 +16,7 @@
 #include <stdbool.h>
 #include <stddef.h>
@ -1396,7 +1396,7 @@ index 304814b..60543c4 100644
 #include <isc/hash.h>
 #include <isc/mem.h>
 #include <isc/msgcat.h>
-@@ -78,6 +79,7 @@ static unsigned int references = 0;
+@@ -76,6 +77,7 @@ static unsigned int references = 0;
 static void
 initialize(void) {
 	isc_result_t result;
@ -1404,7 +1404,7 @@ index 304814b..60543c4 100644
 	REQUIRE(initialize_done == false);
-@@ -88,11 +90,14 @@ initialize(void) {
+@@ -86,11 +88,14 @@ initialize(void) {
 	result = dns_ecdb_register(dns_g_mctx, &dbimp);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_mctx;
@ -1421,7 +1421,7 @@ index 304814b..60543c4 100644
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_hash;
-@@ -100,11 +105,17 @@ initialize(void) {
+@@ -98,11 +103,17 @@ initialize(void) {
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_dst;
@ -1440,7 +1440,7 @@ index 304814b..60543c4 100644
 	isc_hash_destroy();
   cleanup_db:
 diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
-index 13e838f..ffe0a69 100644
+index 1e57c71..3f4f822 100644
 --- a/lib/dns/openssl_link.c
 +++ b/lib/dns/openssl_link.c
@@ -31,6 +31,7 @@
@ -1624,7 +1624,7 @@ index 13e838f..ffe0a69 100644
 #endif /* OPENSSL */
 /*! \file */
 diff --git a/lib/dns/pkcs11.c b/lib/dns/pkcs11.c
-index 5a2c502..8eaef53 100644
+index 6b30309..20552fa 100644
 --- a/lib/dns/pkcs11.c
 +++ b/lib/dns/pkcs11.c
@@ -13,12 +13,15 @@
@ -1692,7 +1692,7 @@ index 937b548..f3c0e38 100644
 tap_test_program{name='gost_test'}
 tap_test_program{name='keytable_test'}
 diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in
-index 90dc3a6..7671e1d 100644
+index 4126372..30cab17 100644
 --- a/lib/dns/tests/Makefile.in
 +++ b/lib/dns/tests/Makefile.in
@@ -37,6 +37,7 @@ SRCS =		acl_test.c \
@ -1845,10 +1845,10 @@ index 0000000..bd3d164
 +
 +#endif
 diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
-index 63be973..40b21fa 100644
+index 9c2ef79..f597049 100644
 --- a/lib/dns/win32/libdns.def.in
 +++ b/lib/dns/win32/libdns.def.in
-@@ -1485,6 +1485,13 @@ dst_lib_destroy
+@@ -1487,6 +1487,13 @@ dst_lib_destroy
 dst_lib_init
 dst_lib_init2
 dst_lib_initmsgcat
@ -1863,7 +1863,7 @@ index 63be973..40b21fa 100644
 dst_region_computerid
 dst_result_register
 diff --git a/lib/isc/entropy.c b/lib/isc/entropy.c
-index 907e470..451544d 100644
+index 0c1f3ed..fdd17d7 100644
 --- a/lib/isc/entropy.c
 +++ b/lib/isc/entropy.c
@@ -104,11 +104,15 @@ struct isc_entropy {
@ -1921,7 +1921,7 @@ index 907e470..451544d 100644
 +	hook = myhook;
 +}
 diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
-index e8733db..c40a18c 100644
+index b5bc956..f32c9dc 100644
 --- a/lib/isc/include/isc/entropy.h
 +++ b/lib/isc/include/isc/entropy.h
@@ -302,6 +302,18 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source,
@ -1944,7 +1944,7 @@ index e8733db..c40a18c 100644
 #endif /* ISC_ENTROPY_H */
 diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
-index 61960f1..d22993d 100644
+index 2bf8758..f4c684e 100644
 --- a/lib/isc/include/isc/platform.h.in
 +++ b/lib/isc/include/isc/platform.h.in
@@ -359,6 +359,11 @@
@ -1960,10 +1960,10 @@ index 61960f1..d22993d 100644
  * Define if the hash functions must be provided by OpenSSL.
  */
 diff --git a/lib/isc/include/isc/types.h b/lib/isc/include/isc/types.h
-index da9d66f..4205400 100644
+index 3bdd54f..d5acd39 100644
 --- a/lib/isc/include/isc/types.h
 +++ b/lib/isc/include/isc/types.h
-@@ -97,6 +97,8 @@ typedef struct isc_time			isc_time_t;		/*%< Time */
+@@ -95,6 +95,8 @@ typedef struct isc_time			isc_time_t;		/*%< Time */
 typedef struct isc_timer		isc_timer_t;		/*%< Timer */
 typedef struct isc_timermgr		isc_timermgr_t;		/*%< Timer Manager */
@ -1973,7 +1973,7 @@ index da9d66f..4205400 100644
 typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *, int);
 diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
-index 68aebdc..4b85527 100644
+index 227f807..4a63fdf 100644
 --- a/lib/isc/pk11.c
 +++ b/lib/isc/pk11.c
@@ -321,14 +321,16 @@ pk11_rand_seed_fromfile(const char *randomfile) {
@ -1999,7 +1999,7 @@ index 68aebdc..4b85527 100644
     cleanup:
 	if (stream != NULL)
 diff --git a/lib/isc/win32/include/isc/platform.h.in b/lib/isc/win32/include/isc/platform.h.in
-index 8ade705..fa72f9d 100644
+index 1f785e0..f9051c3 100644
 --- a/lib/isc/win32/include/isc/platform.h.in
 +++ b/lib/isc/win32/include/isc/platform.h.in
@@ -73,6 +73,11 @@
@ -2015,7 +2015,7 @@ index 8ade705..fa72f9d 100644
  * Define if the hash functions must be provided by OpenSSL.
  */
 diff --git a/win32utils/Configure b/win32utils/Configure
-index 79d682e..6c78cb2 100644
+index 5f66a82..ff39910 100644
 --- a/win32utils/Configure
 +++ b/win32utils/Configure
@@ -382,6 +382,7 @@ my @substdefh = ("ALLOW_FILTER_AAAA",
@ -2054,7 +2054,7 @@ index 79d682e..6c78cb2 100644
 my $enable_openssl_hash = "auto";
 my $enable_filter_aaaa = "yes";
 my $enable_isc_spnego = "yes";
-@@ -847,6 +852,10 @@ sub myenable {
+@@ -848,6 +853,10 @@ sub myenable {
         if ($val =~ /^yes$/i) {
             $enable_native_pkcs11 = "yes";
         }
@ -2065,7 +2065,7 @@ index 79d682e..6c78cb2 100644
     } elsif ($key =~ /^openssl-hash$/i) {
         if ($val =~ /^yes$/i) {
             $enable_openssl_hash = "yes";
-@@ -1153,6 +1162,11 @@ if ($verbose) {
+@@ -1154,6 +1163,11 @@ if ($verbose) {
     } else {
         print "native-pkcs11: disabled\n";
     }
@ -2077,7 +2077,7 @@ index 79d682e..6c78cb2 100644
     if ($enable_openssl_hash eq "yes") {
         print "openssl-hash: enabled\n";
     } else {
-@@ -1510,6 +1524,7 @@ if ($enable_intrinsics eq "yes") {
+@@ -1511,6 +1525,7 @@ if ($enable_intrinsics eq "yes") {
 # enable-native-pkcs11
 if ($enable_native_pkcs11 eq "yes") {
@ -2085,7 +2085,7 @@ index 79d682e..6c78cb2 100644
     if ($use_openssl eq "auto") {
         $use_openssl = "no";
     }
-@@ -1719,6 +1734,7 @@ if ($use_openssl eq "yes") {
+@@ -1720,6 +1735,7 @@ if ($use_openssl eq "yes") {
         $openssl_dll = File::Spec->catdir($openssl_path, "@dirlist[0]");
     }   
@ -2093,7 +2093,7 @@ index 79d682e..6c78cb2 100644
     $configcond{"OPENSSL"} = 1;
     $configdefd{"CRYPTO"} = "OPENSSL";
     $configvar{"OPENSSL_PATH"} = "$openssl_path";
-@@ -2290,6 +2306,15 @@ if ($use_aes eq "yes") {
+@@ -2291,6 +2307,15 @@ if ($use_aes eq "yes") {
 }
@ -2109,7 +2109,7 @@ index 79d682e..6c78cb2 100644
 # enable-openssl-hash
 if ($enable_openssl_hash eq "yes") {
     if ($use_openssl eq "no") {
-@@ -3665,6 +3690,7 @@ exit 0;
+@@ -3673,6 +3698,7 @@ exit 0;
 #  --enable-developer partially supported
 #  --enable-newstats (9.9/9.9sub only)
 #  --enable-native-pkcs11 supported
@ -2118,5 +2118,5 @@ index 79d682e..6c78cb2 100644
 #  --enable-openssl-hash supported
 #  --enable-threads included without a way to disable it
 -- 
-2.21.1
+2.26.2
--- a/bind-9.3.2-redhat_doc.patch
+++ b/bind-9.3.2-redhat_doc.patch
@ -1,68 +1,98 @@
-diff --git a/bin/named/named.8 b/bin/named/named.8
+From facdbb0f2a266c6a3a1fa823afaa09cbd3fc38a5 Mon Sep 17 00:00:00 2001
-index ef10ef4..3150b22 100644
+From: Petr Mensik <pemensik@redhat.com>
--- a/bin/named/named.8
+Date: Thu, 26 Nov 2020 12:13:10 +0100
-+++ b/bin/named/named.8
+Subject: [PATCH] Note specific Red Hat changes in manual page
-@@ -349,6 +349,63 @@ The default configuration file\&.
+
- /var/run/named/named\&.pid
+Change docbook template instead of generated manual page. Remove
- .RS 4
+system-config-bind reference, package were discontinued.
- The default process\-id file\&.
+---
-+.PP
+ bin/named/named.docbook | 73 +++++++++++++++++++++++++++++++++++++++++
-+.SH "NOTES"
+ 1 file changed, 73 insertions(+)
-+.PP
+
-+.TP
+diff --git a/bin/named/named.docbook b/bin/named/named.docbook
-+\fBRed Hat SELinux BIND Security Profile:\fR
+index 7e743a9..802bec3 100644
-+.PP
+--- a/bin/named/named.docbook
-+By default, Red Hat ships BIND with the most secure SELinux policy
+++ b/bin/named/named.docbook
-+that will not prevent normal BIND operation and will prevent exploitation
+@@ -516,6 +516,79 @@
-+of all known BIND security vulnerabilities . See the selinux(8) man page
+ 
-+for information about SElinux.
+   </refsection>
-+.PP
+ 
-+It is not necessary to run named in a chroot environment if the Red Hat
+  <refsection><info><title>NOTES</title></info>
-+SELinux policy for named is enabled. When enabled, this policy is far
+    <refsection><info><title>Red Hat SELinux BIND Security Profile</title></info>
-+more secure than a chroot environment. Users are recommended to enable
+
-+SELinux and remove the bind-chroot package.
+    <para>
-+.PP
+    By default, Red Hat ships BIND with the most secure SELinux policy
-+With this extra security comes some restrictions:
+    that will not prevent normal BIND operation and will prevent exploitation
-+.PP
+    of all known BIND security vulnerabilities . See the selinux(8) man page
-+By default, the SELinux policy does not allow named to write any master
+    for information about SElinux.
-+zone database files. Only the root user may create files in the $ROOTDIR/var/named
+    </para>
-+zone database file directory (the options { "directory" } option), where
+
-+$ROOTDIR is set in /etc/sysconfig/named.
+    <para>
-+.PP
+    It is not necessary to run named in a chroot environment if the Red Hat
-+The "named" group must be granted read privelege to
+    SELinux policy for named is enabled. When enabled, this policy is far
-+these files in order for named to be enabled to read them.
+    more secure than a chroot environment. Users are recommended to enable
-+.PP
+    SELinux and remove the bind-chroot package.
-+Any file created in the zone database file directory is automatically assigned
+    </para>
-+the SELinux file context named_zone_t .
+
-+.PP
+    <para>
-+By default, SELinux prevents any role from modifying named_zone_t files; this
+    With this extra security comes some restrictions:
-+means that files in the zone database directory cannot be modified by dynamic
+    </para>
-+DNS (DDNS) updates or zone transfers.
+
-+.PP
+    <para>
-+The Red Hat BIND distribution and SELinux policy creates three directories where
+    By default, the SELinux policy allows named to write any master
-+named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
+    zone database files. Only the root user may create files in the $ROOTDIR/var/named
-+/var/named/data. By placing files you want named to modify, such as
+    zone database file directory (the options { "directory" } option), where
-+slave or DDNS updateable zone files and database / statistics dump files in
+    $ROOTDIR is set in /etc/sysconfig/named.
-+these directories, named will work normally and no further operator action is
+    </para>
-+required. Files in these directories are automatically assigned the 'named_cache_t'
+
-+file context, which SELinux allows named to write.
+    <para>
-+.PP
+    The "named" group must be granted read privelege to
-+\fBRed Hat BIND SDB support:\fR
+    these files in order for named to be enabled to read them.
-+.PP
+    </para>
-+Red Hat ships named with compiled in Simplified Database Backend modules that ISC
+
-+provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them
+    <para>
-+.PP
+    Any file created in the zone database file directory is automatically assigned
-+The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into named-sdb.
+    the SELinux file context named_zone_t .
-+.PP
+    </para>
-+See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
+
-+.br
+    <para>
-+.PP
+    By default, SELinux prevents any role from modifying named_zone_t files; this
-+\fBRed Hat system-config-bind:\fR
+    means that files in the zone database directory cannot be modified by dynamic
-+.PP
+    DNS (DDNS) updates or zone transfers.
-+Red Hat provides the system-config-bind GUI to configure named.conf and zone
+    </para>
-+database files. Run the "system-config-bind" command and access the manual
+
-+by selecting the Help menu.
+    <para>
-+.PP
+    The Red Hat BIND distribution and SELinux policy creates three directories where
- .RE
+    named is allowed to create and modify files: /var/named/slaves, /var/named/dynamic
- .SH "SEE ALSO"
+    /var/named/data. By placing files you want named to modify, such as
- .PP
+    slave or DDNS updateable zone files and database / statistics dump files in
 +    these directories, named will work normally and no further operator action is
 +    required. Files in these directories are automatically assigned the 'named_cache_t'
 +    file context, which SELinux allows named to write.
 +    </para>
 +    </refsection>
 +
 +    <refsection><info><title>Red Hat BIND SDB support</title></info>
 +
 +    <para>
 +    Red Hat ships named with compiled in Simplified Database Backend modules that ISC
 +    provides in the "contrib/sdb" directory. Install bind-sdb package if you want use them.
 +    </para>
 +
 +    <para>
 +    The SDB modules for LDAP, PostGreSQL, DirDB and SQLite are compiled into <command>named-sdb</command>.
 +    </para>
 +
 +    <para>
 +    See the documentation for the various SDB modules in /usr/share/doc/bind-sdb-*/ .
 +    </para>
 +    </refsection>
 +
 +  </refsection>
 +
   <refsection><info><title>SEE ALSO</title></info>
     <para><citetitle>RFC 1033</citetitle>,
 -- 
 2.26.2
--- a/bind.spec
+++ b/bind.spec
@ -66,8 +66,8 @@
 Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
 Name:     bind
 License:  MPLv2.0
-Version:  9.11.24
+Version:  9.11.25
-Release:  2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      https://www.isc.org/downloads/bind/
 #
@ -162,7 +162,6 @@ Patch174:bind-9.11-json-c.patch
 Patch175:bind-9.11-fips-disable.patch
 Patch177: bind-9.11-serve-stale.patch
 Patch178: bind-9.11-serve-stale-dbfix.patch
 Patch179: bind-9.11-rh1893761.patch
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@ -576,7 +575,6 @@ are used for building ISC DHCP.
 %patch175 -p1 -b .rh1709553
 %patch177 -p1 -b .serve-stale
 %patch178 -p1 -b .rh1770492
 %patch179 -p1 -b .rh1893761
 mkdir lib/dns/tests/testdata/dstrandom
 cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1610,6 +1608,9 @@ fi;
 %endif
 %changelog
 * Thu Nov 26 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.25-1
 - Update to 9.11.25
 * Wed Nov 04 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-2
 - Fix crash on NTA recheck failure (#1893761)
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (bind-9.11.24.tar.gz) = 30b4910be9e59b1df9184ddbd95341494c08a2c530b02077f28492c248af607d7d4c6666459a0e7cc0e9ad6c2b12ff3e7b03f500a720b39d304008f0ab94d5fa
+SHA512 (bind-9.11.25.tar.gz) = 852b15b6cf2f77ab103018e6fc078d856653c62c2db0ca2ef4f8bee64a60b06ed481d9fcdf29020e5072c69b9982545f032b2ab4c94dac28848150e04b9cecf9
-SHA512 (bind-9.11.24.tar.gz.asc) = 7ec9a0fa9cc61ab64c2c2c67fabfe17311253da509dbe658dfe5a63d4fada2d0800a2e6d388d8303ccaa4ef110c5a110569724030df3a34dee58b0a58904bbcb
+SHA512 (bind-9.11.25.tar.gz.asc) = 8cc8e5d21a445d918e82b42057f1d4e73ed977f4eb9584736008b71ae747078d500cc962c3bd03eb4f6a18688b642b108a8e3d673851b0dd4818fc9a33e5faf7
`@ -1,2 +1,2 @@`
	`SHA512 (bind-9.11.24.tar.gz) = 30b4910be9e59b1df9184ddbd95341494c08a2c530b02077f28492c248af607d7d4c6666459a0e7cc0e9ad6c2b12ff3e7b03f500a720b39d304008f0ab94d5fa`	`SHA512 (bind-9.11.25.tar.gz) = 852b15b6cf2f77ab103018e6fc078d856653c62c2db0ca2ef4f8bee64a60b06ed481d9fcdf29020e5072c69b9982545f032b2ab4c94dac28848150e04b9cecf9`
	`SHA512 (bind-9.11.24.tar.gz.asc) = 7ec9a0fa9cc61ab64c2c2c67fabfe17311253da509dbe658dfe5a63d4fada2d0800a2e6d388d8303ccaa4ef110c5a110569724030df3a34dee58b0a58904bbcb`	`SHA512 (bind-9.11.25.tar.gz.asc) = 8cc8e5d21a445d918e82b42057f1d4e73ed977f4eb9584736008b71ae747078d500cc962c3bd03eb4f6a18688b642b108a8e3d673851b0dd4818fc9a33e5faf7`