135784d7f2
Include /dev/urandom in chroot
...
Changed feature using OpenSSL RAND function requires /dev/urandom. It
was not provided in chroot and caused failure. Bug #1631515
2018-09-24 18:06:04 +02:00
fdbf64ca93
Fix changelog entry
2018-09-20 11:40:32 +02:00
0b3ef49c00
Update to bind-9.11.4-P2
2018-09-20 11:38:06 +02:00
8c65390bb6
Add versioned depends to all library subpackages
2018-09-19 21:04:52 +02:00
2ac37f7a75
Fix multilib conflict after 9.11 rebase
...
Conflict with devel headers reappeared after rebase to 9.11. Fix
socklen_t in a way that would generate the same types on 32 and 64 bit
architectures.
2018-09-19 21:04:52 +02:00
aeea22afaa
Fix annobin failures
...
Replace isc_safe routines with their OpenSSL counter parts
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
Fix the isc_safe_memwipe() usage with (NULL, >0)
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
Resolves: rhbz#1624100
2018-09-19 21:04:52 +02:00
cc69cd1e32
Use sed to modify generated Makefile
...
Custom patch application is not recognized by checking tools.
Use more readable and understandable way.
2018-09-19 21:04:52 +02:00
328fbf43a1
Add manual page for new comand dnssec-importkey
...
Pkcs11 variant did not have it, add a symlink also to real manual.
2018-09-19 21:04:52 +02:00
595af1f3d5
[master] completed and corrected the crypto-random change
...
4724. [func] By default, BIND now uses the random number
functions provided by the crypto library (i.e.,
OpenSSL or a PKCS#11 provider) as a source of
randomness rather than /dev/random. This is
suitable for virtual machine environments
which have limited entropy pools and lack
hardware random number generators.
This can be overridden by specifying another
entropy source via the "random-device" option
in named.conf, or via the -r command line option;
however, for functions requiring full cryptographic
strength, such as DNSSEC key generation, this
cannot be overridden. In particular, the -r
command line option no longer has any effect on
dnssec-keygen.
This can be disabled by building with
"configure --disable-crypto-rand".
[RT #31459 ] [RT #46047 ]
2018-09-19 21:04:52 +02:00
6e9104cae5
Add support for OpenSSL provided random data
...
Modified pkcs11 patch, problem with openssl/pkcs11 includes and
ISC_PLATFORM_CRYPTOLIB
2018-09-19 21:04:52 +02:00
0ae69e04e1
BuildRequires: s/postgresql-devel/libpq-devel/
...
That's because we moved libpq.so.5 into libpq package, per
devel list discussion:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/U3XR5EGU2TPI2CDHBRBUD4M4LK5OHKU3/
Related: rhbz#1618698, rhbz#1623764
2018-09-05 14:55:41 +02:00
37943d075e
Do not print errors on configuration failure ( #1595782 )
2018-08-14 22:28:45 +02:00
95d8248d50
Automatically replace obsoleted ISC DLV key with root key ( #1595782 )
2018-08-14 22:13:44 +02:00
e1f8ad2217
Fix sdb-chroot devices upgrade ( #1592873 )
...
Move common part to rpm define, use similar parts with different
parameter. Correct /dev/zero instead of missing /dev/dev.
2018-08-14 17:43:33 +02:00
35334375ff
Update to 9.11.4-P1
...
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
899014a8d1
Add support for disabled MD5
...
Do not crash named if MD5 function is not available. Instead gracefully
refuse to use such functions.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-08-02 23:51:45 +02:00
aefd72cf8f
Use OpenSSL for digest operations ( #1611537 )
2018-08-02 12:57:04 +02:00
20ccb888af
Install manpages generated by build
...
Upstream code will always install manual pages of upstream.
Manuals generated on build will be again installed. Broken by
out-of-tree build to support export-lib.
2018-07-31 22:17:56 +02:00
a38c250807
Update to 9.11.4
...
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
89e5350e43
Prevent errors on bind-chroot uninstall when running ( #1600583 )
2018-07-13 14:11:20 +02:00
572c587d29
Fix chroot devices verification ( #1592873 )
...
Moves creation of device files to setup instead of scriptlets.
Devices cleanup is left to RPM.
2018-07-13 14:11:20 +02:00
41d69089c7
Use new config named-chroot.files for chroot setup files ( #1429656 )
2018-07-13 14:11:20 +02:00
5c1f40d412
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:04:39 +00:00
626855668d
Remove needless use of %defattr
2018-07-10 00:26:47 -05:00
80b88039e8
Rebuilt for Python 3.7
2018-07-02 18:22:06 +02:00
3159fb6a8e
Require utils instead of library
2018-06-27 21:03:51 +02:00
ac50574b43
CVE-2018-5738
2018-06-27 18:18:57 +02:00
600bfd47ef
Remove named.iscdlv.key file ( #1595782 )
2018-06-27 18:18:57 +02:00
72c97d6c12
Rebuilt for Python 3.7
2018-06-19 10:40:25 +02:00
e3d0b186d1
Use selinux boolean to enable writing
...
Resolves: rhbz#1569466
2018-06-08 15:07:24 +02:00
5c4c792b8d
Change named shell to /bin/false
...
Related: rhbz#1569466
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:24 +02:00
0188ce47c6
Make named home writeable ( #1422680 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:18 +02:00
de74eb1feb
Require C++ on build when shipped atf library is used
2018-05-25 16:09:37 +02:00
f3f402d7f2
Run tests also without kyua
...
Support start of unit tests without kyua and system atf libraries.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-10 16:53:59 +02:00
b8176e5eb4
Update named.ca
2018-04-05 16:38:16 +02:00
f17cd8fc68
Do not link libidn2 to all libraries ( #1098783 )
2018-04-05 16:38:16 +02:00
36ff6aebe6
Make +noidnout default
2018-04-03 11:26:44 +02:00
cc9419191f
Compile export libs without GSSAPI
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:54:13 +02:00
8c4729c436
Enable libidn2 support ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:53:35 +02:00
f505a47d9b
Add dig support for libidn2 ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 21:34:41 +01:00
86ff90b834
Rebase to 9.11.3
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
029f0510e6
Fix build with disabled unittest
...
Recommend softhsm from pkcs11 variant
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 16:55:46 +01:00
40e8ab1f0c
- Conflict with bind99-devel
...
- Require openssl-devel and libcap-devel from bind-export-devel
2018-02-26 10:29:11 +01:00
9d24906d8d
Remove Group: from spec
2018-02-17 09:29:59 +01:00
5fe0b21885
- Use bcond_with to define optional features instead of %global
...
- Move export libs closer to PKCS11 libs, simplify soversion updates
- Remove unnecesary spec parts
2018-02-17 09:29:59 +01:00
56e7b0f856
Export libs should distribute own copy of license
2018-02-17 09:29:59 +01:00
cb2172301b
Rebase to 9.11.3b1
...
Remove merged upstream patches
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Update new so names
2018-02-17 09:29:59 +01:00
128dd7c787
- Use versioned provides
...
- Use spaces instead of tabs and minor cleanup
2018-02-17 09:29:58 +01:00
3931fea548
Rename devel export package to bind-export-devel.
...
Matches name to bind-devel and bind-libs in similar manner.
2018-02-17 09:29:55 +01:00
9a235f827e
Forward export libs path to isc-config
2018-02-17 09:28:56 +01:00
6787c0592a
Skip pkcs11 unit tests in export library
...
Modify also export configure script to use real libraries
Make sure only the replaced library is changed to export
2018-02-17 09:28:56 +01:00
46c6c4cd84
- Correct path for running make unit
...
- Prepare always for unit test
- Prepare only main build for system test, export test does not build
named
- Copy the key also to lib/dns-pkcs11
- BuildRequire findutils always
2018-02-17 09:28:36 +01:00
4f517bd499
Prepare system and unit test files
...
Enable unit tests also for export library
2018-02-17 09:28:36 +01:00
21ad2a883e
Copy unit rules into build directories.
...
Run unittest for both build and export libs.
2018-02-17 09:28:36 +01:00
bd8ef642c3
Remove unneeded export header files for pk11 and pkcs11
2018-02-17 09:28:36 +01:00
7d67be0060
Install export isc-config.sh
...
Use bind9-export includes. Fix patching isc-export-config.sh
2018-02-17 09:28:36 +01:00
1d54148484
Create bind-export-devel package with headers for single-threaded.
2018-02-16 21:07:08 +01:00
f75d562486
Provide description to package. Disable most of autodetected features for export libraries.
2018-02-16 21:07:08 +01:00
539c207dc9
Fix indentation
2018-02-16 21:07:08 +01:00
687255db6e
Add forgotten ldconfig for export-libs
2018-02-14 21:36:43 +01:00
c117ea001f
Obsolete/provide bind99 package for smooth update
2018-02-14 21:36:43 +01:00
76e1f1a098
Add export-libs-devel package
2018-02-14 21:34:55 +01:00
cdabc47c40
Disable epoll/kqueue as untested
2018-02-14 21:32:44 +01:00
27e37d675a
Build man in builddir
2018-02-14 21:30:59 +01:00
028f8c2ce4
Build export libs and deprecate bind99
2018-02-14 21:30:59 +01:00
a10892eed8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 03:49:58 +00:00
3582b7047d
Note -z defs cannot be enabled until more work
2018-01-30 19:00:58 +01:00
358a6cb08d
Remove ldconfig calls where possible
2018-01-30 17:34:53 +01:00
da51426156
Remove already included patch adding Kyuafile
2018-01-16 23:57:12 +01:00
7556fb076a
Fix CVE-2017-3145, rebase to 9.11.2-P1
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-16 23:38:29 +01:00
db0b09231c
Proper fix for python3-bind subpackage directory ownership ( #1522944 )
2018-01-10 12:53:57 +01:00
9647ab2c58
Provide internal tool to prepare softhsm token storage
2018-01-10 12:34:53 +01:00
661d72987e
4776. [bug] Improve portability of ht_test. [RT #46333 ]
2018-01-09 19:07:42 +01:00
dd79d39eee
Fix machine portability issues, fixes unit tests on non-x86 architectures
2018-01-09 18:19:55 +01:00
e5f6b89e92
Enable unit tests with kyua tool ( #1532694 )
2018-01-09 18:19:43 +01:00
50d9fbf691
Make tsstsig system test pass again ( #1500017 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-12-15 16:31:14 +01:00
7536ed9d37
Own python3-bind isc directory ( #1522944 )
2017-12-15 15:20:27 +01:00
bdc5ebdfa5
Include protocols and services in chroot
2017-10-31 19:58:06 +01:00
f5cbbc1a87
Use hmac-sha256 for new RNDC keys ( #1508003 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-31 17:37:27 +01:00
4d8c709975
Fix dynamic symbols conflict with ldap ( #1205168 )
2017-10-31 17:11:44 +01:00
4645641491
include DNSKEY 20326 also in trusted-key.key ( #1505476 )
2017-10-23 18:35:00 +02:00
2dc24d7a28
build against mariadb-connector-c-devel ( #1493615 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-23 18:03:38 +02:00
1f8ab5c253
Fix nsupdate GSSAPI auth against AD server ( #1484451 )
2017-09-13 17:59:46 +02:00
0b15f32821
Add secroots and recursing path overrides, to write into data directory.
2017-09-13 17:48:11 +02:00
5d8eb8cf1d
Update named.ca, move named.conf out of config archive
2017-08-16 22:47:09 +02:00
e9f0f4543b
Optional LMDB support, disabled by default
2017-08-14 12:33:48 +02:00
7584e54e6c
Update to 9.11.2
2017-08-14 12:17:30 +02:00
79d28ed32a
Update to 9.11.2b1
2017-08-08 17:14:41 +02:00
c81a9f4bd4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-02 18:13:28 +00:00
268c28154e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 03:56:37 +00:00
84de79cc62
Fix different formating spaces
2017-07-14 17:07:00 +02:00
6bf59b0f11
Make comment how to use different config file
2017-07-14 17:02:15 +02:00
508d643480
Use distribution flags for modules
2017-07-14 16:49:47 +02:00
43f0ac7c91
Distribute DLZ modules in separate packages.
...
Optional feature not yet enabled.
2017-07-14 16:49:47 +02:00
f2fb8b7545
Use mysql_config for SDB variant
2017-07-14 16:49:47 +02:00
e42c700db9
Update to 9.11.1-P3
2017-07-10 10:21:43 +02:00
85d0fb613e
Update to 9.11.1-P2
2017-06-30 16:06:24 +02:00
b0ccd9af19
Make utils depend on python module
2017-06-30 13:58:39 +02:00
3c983e38ec
Fix build for bumped SO-names
2017-06-25 16:26:22 +02:00
102df25a21
Fix changed patches
2017-06-15 21:42:29 +02:00
Petr Menšík
Pavel Raiskup
Fedora Release Engineering
Jason Tibbitts
Miro Hrončok
Pavel Zhukov
Björn Esser