bind-dyndb-ldap requires sending from custom spawned thread to main
named threads. Change queue type to locked variant, which would not
crash when isc_send_task() is called from dyndb worker thread.
Related: rhbz#2048235
Those errors can be dropped by simple configuration:
logging {
category lame_servers { null; };
};
Do not hide them into debug log on all servers. Expect lame servers are
not so common to drop it always.
Allow all subsequent patches with higher number to be added to normal
common list of patches. Make just initial patches special.
Ensure all patch chunks use -p1 prefix.
bind-dyndb-ldap started crashing after memory optimization made in
9.16.25 release. It attempts to use now uninitialized memory part. Work
around this problem by extra command line parameters, which would
request additional threads. Those threads then would be safely used by
bind-dyndb-ldap. Requires change to bind-dyndb-ldap and freeipa
packages.
Needs freeipa to add OPTIONS+="-H 200" to /etc/sysconfig/named
Related: rhbz#2048235
Use more friendly value for primary and secondary zones. It used master
for ages, but that might have wrong connotation to someone. Use
something without problematic history.
Thread removal were incomplete, it has broken some dlz modules
compilation. Ensure threaded variant is always used, remove
remains of single-thread variant.
Rename internal function to not start with just ldap_ prefix. OpenLDAP
library provides such function with different parameters and compiler
cannot pass it.
BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.
Resolves: rhbz#2013597
Variants for testing were planned to test also named-sdb and
named-pkcs11 builds. Instead, those build were deprecated, named-sdb no
longer exists with possible replacement of named-dlz plugins.
named-pkcs11 would not be built soon, it can be replaced by using -E
pkcs11 parameter to named and some dnssec-* tools. Testing those
variants should not be required this way.
Remove also conditionals for RHEL. RHEL8 and 9 has different
requirements, it does not make sense to tune them in Fedora package
itself. CentOS Stream 9 has already public spec adjusted to RHEL.
Upstream maptolower and maptoupper did not contain w character. It makes
response mangled, replacing 'w' and 'W' characters with '\0' in answer.
Resolves: rhbz#1973587
Resolves CVE-2021-25215 and CVE-2021-25214.
Removes disable-isc-spnego flag, because custom isc spnego code were
removed with also this flag. It is default (and the only) option now.
It prevents compilation of bind-dyndb-ldap. Because config.h is never
used by bind-dyndb-ldap, stop exporting it in devel package. It should
be only implementation detail.
Reworked custom redhat version. Complete version is now part of library
names. Libraries are not recommended for any third party application.
They are still required for bind-dyndb-ldap only.
Version of named changed, only suffix -RH is appended to upstream
version. Therefore dig would not contain version
9.6.11-RedHat-9.6.11-1.fc34, but only 9.6.13-RH. Version of fedora build
have to be obtained from rpm -q bind.
Version is now part of library names, bind-libs-lite was merged to
bind-libs. bind-dyndb-ldap needs whole bind, no point to offer smaller
library set just for its dependencies.
Updated also named(8) manual page to match current state of SELinux.
Allow ulimit setting fail without breaking the build.
Some builders do not allow changing ulimit, that would not be a problem
on most of builders. Use it more a hint than requirement.
On machines with high CPU cores, few lib/ns unit tests fail due to not
enough file descriptors. Increase limit, it would be set higher on 40+
core machines anyway.
Unit tests fail always on builders with 56 cores. There is issue with
limit of threads count in netmgr. Internal counter in hp.c does not
reset on each unit tests teardown. With many cores, it can lead to
assertion failures during the test.
This reverts commit cc152b028f.
EPEL and RHEL 8 do not yet support %autopatch -M X. I want check the
compatibility with them, keep it legacy way until they are supported in
RHEL 8.
Use autopatch, do not require mentioning each patch twice.
Patches below 300 are generic patches applied after unpacking.
Patches betwee 300 and 310 are PKCS11 specific, applied only when pkcs11
is enabled.
Substracted 100 from current patches.
New BIND no longer uses any part of docbook. It can handle out of tree
builds, therefore no hacks with copy back are required.
Documents should be installed just fine.
Docbook5 stylesheets with namespaces are required. BIND uses Docbook5
format. While it tries to keep compatibility with older stylesheets,
it fails silently and format of manual pages is broken.
Details in upstream issue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2310
Docbook5 generates manual pages with [FIXME: manual] instead of BIND9.
Fix metadata to be recognized and provide this value.
Latest release has not correctly formatted manual pages. Correct it by
rebuilding every manual page during the build, not only those modified
by a patch.
Fixed oot build of documentation. Because docbook does not work well
with out of tree builds, copy all sources required for documentation
into build directory. Should regenerate all manual pages, also html and
PDF formatted ARM.
Those packages were very similar in BIND 9.11. Because nothing requires
just bind-lite-devel package, make just one devel package with all
requirements. Keep separated libraries, but only one devel package.
Include also obsolete for automatic uninstall of previous bind-lite-devel
package. bind-devel now contains everything required to link against
libraries.
ARM and s390x cannot compile, because they lack atomic implementation in
lib/isc. Include upstream fix after 9.11.23 release.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
I find no reason to turn off devel package creation. It can be ignored
if required, but is mandatory due to Fedora packaging guidelines.
Simplify it a bit.
Remove dlz-mysqldyn subpackage, move documentation and modules to the
same package. It is similar and has exactly the same dependencies,
different package is not required.
All DLZ modules were installed by mistake in main bind package.
Remove them from there, they should be offered only by each dlz
subpackage.
Move modules to upstream used directory %{_libdir}/named.
I find no reason to turn off devel package creation. It can be ignored
if required, but is mandatory due to Fedora packaging guidelines.
Simplify it a bit.
Those packages were very similar in BIND 9.11. Since there is no
isc-config.sh, no significant or required reason to have them separated
exist. Keep separated libraries, but only one devel package.
DLZ modules turned built-in support into named, just like former
named-sdb package had. That was non-intentional and is disabled now.
Instead, build only dynamically loaded modules with support for various
database access.
