BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.
Resolves: rhbz#2013597
Variants for testing were planned to test also named-sdb and
named-pkcs11 builds. Instead, those build were deprecated, named-sdb no
longer exists with possible replacement of named-dlz plugins.
named-pkcs11 would not be built soon, it can be replaced by using -E
pkcs11 parameter to named and some dnssec-* tools. Testing those
variants should not be required this way.
Remove also conditionals for RHEL. RHEL8 and 9 has different
requirements, it does not make sense to tune them in Fedora package
itself. CentOS Stream 9 has already public spec adjusted to RHEL.
Upstream maptolower and maptoupper did not contain w character. It makes
response mangled, replacing 'w' and 'W' characters with '\0' in answer.
Resolves: rhbz#1973587
Resolves CVE-2021-25215 and CVE-2021-25214.
Removes disable-isc-spnego flag, because custom isc spnego code were
removed with also this flag. It is default (and the only) option now.
It prevents compilation of bind-dyndb-ldap. Because config.h is never
used by bind-dyndb-ldap, stop exporting it in devel package. It should
be only implementation detail.
Reworked custom redhat version. Complete version is now part of library
names. Libraries are not recommended for any third party application.
They are still required for bind-dyndb-ldap only.
Version of named changed, only suffix -RH is appended to upstream
version. Therefore dig would not contain version
9.6.11-RedHat-9.6.11-1.fc34, but only 9.6.13-RH. Version of fedora build
have to be obtained from rpm -q bind.
Version is now part of library names, bind-libs-lite was merged to
bind-libs. bind-dyndb-ldap needs whole bind, no point to offer smaller
library set just for its dependencies.
Updated also named(8) manual page to match current state of SELinux.
OpenQA tests are already started for critpath components. Freeipa
results are checked by Fedora critpath checks, it does not need to be in
gating.yaml.
Check fedora-infra/ansible repo,
roles/openshift-apps/greenwave/templates/fedora.yaml for details.
Allow ulimit setting fail without breaking the build.
Some builders do not allow changing ulimit, that would not be a problem
on most of builders. Use it more a hint than requirement.
On machines with high CPU cores, few lib/ns unit tests fail due to not
enough file descriptors. Increase limit, it would be set higher on 40+
core machines anyway.
Unit tests fail always on builders with 56 cores. There is issue with
limit of threads count in netmgr. Internal counter in hp.c does not
reset on each unit tests teardown. With many cores, it can lead to
assertion failures during the test.