Commit Graph

941 Commits

Author SHA1 Message Date
Petr Menšík
9c54517d6f Update to 9.16.16 (#1954827)
https://downloads.isc.org/isc/bind9/9.16.16/doc/arm/html/notes.html#notes-for-bind-9-16-16
2021-05-21 10:39:29 +02:00
Petr Menšík
f8cb93d57c Update to 9.16.15
Resolves CVE-2021-25215 and CVE-2021-25214.
Removes disable-isc-spnego flag, because custom isc spnego code were
removed with also this flag. It is default (and the only) option now.
2021-04-29 18:13:33 +02:00
Petr Menšík
2e4a03677c Allow use of isc/util.h without "config.h"
It prevents compilation of bind-dyndb-ldap. Because config.h is never
used by bind-dyndb-ldap, stop exporting it in devel package. It should
be only implementation detail.
2021-03-26 12:07:49 +01:00
Petr Menšík
76074cd59a Update to 9.16.13
Reworked custom redhat version. Complete version is now part of library
names. Libraries are not recommended for any third party application.
They are still required for bind-dyndb-ldap only.

Version of named changed, only suffix -RH is appended to upstream
version. Therefore dig would not contain version
9.6.11-RedHat-9.6.11-1.fc34, but only 9.6.13-RH. Version of fedora build
have to be obtained from rpm -q bind.

Version is now part of library names, bind-libs-lite was merged to
bind-libs. bind-dyndb-ldap needs whole bind, no point to offer smaller
library set just for its dependencies.

Updated also named(8) manual page to match current state of SELinux.
2021-03-25 22:23:27 +01:00
Zbigniew Jędrzejewski-Szmek
718b1f98f8 Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
2021-03-02 16:14:12 +01:00
Petr Menšík
d4a07bb1cc Make logrotate.d world-readable (#1917061) 2021-02-26 20:30:52 +01:00
Petr Menšík
55f06ea072 Temporary unit tests disabled
Kyua is broken on some architectures, it just cannot pass any test.
Disable it to make builds working.
2021-02-22 23:13:22 +01:00
Petr Menšík
71c1a9ec1e Fix off-by-one bug in ISC SPNEGO implementation (#1929965)
Because of other failures in rebase, doing just security patch this
time.
2021-02-22 21:42:44 +01:00
Petr Menšík
9bba50dd4a Set ulimit only with many CPUs
Allow ulimit setting fail without breaking the build.
Some builders do not allow changing ulimit, that would not be a problem
on most of builders. Use it more a hint than requirement.
2021-02-09 12:02:31 +01:00
Pavel Raiskup
a6938e85a7 rebuild for libpq ABI fix
Related: rhbz#1908268
2021-02-08 09:22:52 +01:00
Fedora Release Engineering
8713f270d5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 01:08:32 +00:00
Petr Menšík
84e2317aef Increase open files limit for unit tests
On machines with high CPU cores, few lib/ns unit tests fail due to not
enough file descriptors. Increase limit, it would be set higher on 40+
core machines anyway.
2021-01-21 13:06:07 +01:00
Petr Menšík
21682d00a6 Avoid failures during unit tests
Unit tests fail always on builders with 56 cores. There is issue with
limit of threads count in netmgr. Internal counter in hp.c does not
reset on each unit tests teardown. With many cores, it can lead to
assertion failures during the test.
2021-01-21 11:57:04 +01:00
Petr Menšík
f3d54bbf18 Update to 9.16.11 (#1827602)
https://downloads.isc.org/isc/bind9/9.16.11/RELEASE-NOTES-bind-9.16.11.html
2021-01-21 11:34:02 +01:00
Petr Menšík
ce6a7853ac Make provide versioned, remove lwres remain
lwres remain was left in spec, it fails the build now.
2021-01-14 23:25:14 +01:00
Petr Menšík
7c5d77a6ce Merge branch 'v9_16'
https://fedoraproject.org/wiki/Changes/BIND9.16
2021-01-14 23:21:23 +01:00
Adrian Reber
af42e59070
Rebuilt for protobuf 3.14 2021-01-13 08:55:12 +01:00
Petr Menšík
684e4b0d0a Revert "Use autosetup/autopatch, reorder few patches"
This reverts commit cc152b028f.

EPEL and RHEL 8 do not yet support %autopatch -M X. I want check the
compatibility with them, keep it legacy way until they are supported in
RHEL 8.
2021-01-12 20:54:56 +01:00
Petr Menšík
cc152b028f Use autosetup/autopatch, reorder few patches
Use autopatch, do not require mentioning each patch twice.
Patches below 300 are generic patches applied after unpacking.
Patches betwee 300 and 310 are PKCS11 specific, applied only when pkcs11
is enabled.

Substracted 100 from current patches.
2021-01-12 12:01:57 +01:00
Petr Menšík
6648a9230f Install DLZ modules to named location
Make compatibility symlinks to original bind location.
2021-01-12 11:04:39 +01:00
Petr Menšík
893376130b Remove docbook generation remains
New BIND no longer uses any part of docbook. It can handle out of tree
builds, therefore no hacks with copy back are required.

Documents should be installed just fine.
2021-01-12 11:03:40 +01:00
Petr Menšík
bea44d51ee Use make macros
Reduce number of variables, use prepared %make_build and %make_install
where possible.

Manual merge of MR #7.
2021-01-12 10:43:55 +01:00
Petr Menšík
177a98f40b Use make macros
Reduce number of variables, use prepared %make_build and %make_install
where possible.

Manual merge of MR #7.
2021-01-06 14:41:24 +01:00
Petr Menšík
5c10c94304 Do not regenerate all manual pages
Required to regenerate all manual pages. Because they are fixed,
regenerate only modified pages again.
2021-01-05 17:38:07 +01:00
Petr Menšík
7c7ec8981c Update to correct Docbook stylesheets
Docbook5 stylesheets with namespaces are required. BIND uses Docbook5
format. While it tries to keep compatibility with older stylesheets,
it fails silently and format of manual pages is broken.

Details in upstream issue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2310

Docbook5 generates manual pages with [FIXME: manual] instead of BIND9.
Fix metadata to be recognized and provide this value.
2021-01-05 17:38:05 +01:00
Petr Menšík
ddf24a90e3 Update to 9.16.10
Enhancement and bugfix update.

Changes documented at upstream release note:
https://downloads.isc.org/isc/bind9/9.16.10/doc/arm/html/notes.html#notes-for-bind-9-16-10
2021-01-05 15:16:21 +01:00
Petr Menšík
118269cb8c Update to 9.11.26
Bugfix release, just tweaks in few default values.

https://downloads.isc.org/isc/bind9/9.11.26/RELEASE-NOTES-bind-9.11.26.html
2021-01-04 12:53:08 +01:00
Petr Menšík
46e0d484ee Reenable documentation building
Latest release has not correctly formatted manual pages. Correct it by
rebuilding every manual page during the build, not only those modified
by a patch.

Fixed oot build of documentation. Because docbook does not work well
with out of tree builds, copy all sources required for documentation
into build directory. Should regenerate all manual pages, also html and
PDF formatted ARM.
2020-11-30 20:29:15 +01:00
Petr Menšík
91193796e7 Use python macro instead of rpm query
Rpm might prevent access to rpm database during the build. It is not
required anyway. Use %python3_sitelib macro to get path for shared data.
2020-11-26 16:19:35 +01:00
Petr Menšík
d553bc086f Support ifconfig.sh for out-of-tree builds 2020-11-26 15:52:06 +01:00
Petr Menšík
1f381a9469 Update to 9.16.9
Changes solib version, requires rebuild of dependent packages.

Upstream release notes:
https://downloads.isc.org/isc/bind9/9.16.9/doc/arm/html/notes.html#notes-for-bind-9-16-9
2020-11-26 15:17:59 +01:00
Petr Menšík
ad33c6c095 Update to BIND 9.11.25
Moved Red Hat specific changes from generated named.8 file to docbook.
It is regenerated to named.8 during the build.

Release notes: https://downloads.isc.org/isc/bind9/9.11.25/RELEASE-NOTES-bind-9.11.25.html
2020-11-26 13:21:59 +01:00
Petr Menšík
aae89bb5ed Fix crash on NTA recheck failure (#1893761)
Call nta_detach() before dns_view_weakdetach() so view is available.
2020-11-04 15:31:29 +01:00
Petr Menšík
b4711541c2 Update to 9.16.8
DNS Flag Day 2020 - reduced default EDNS buffer to 1232.
New rndc dnssec -rollover command.

https://downloads.isc.org/isc/bind9/9.16.8/doc/arm/html/notes.html#notes-for-bind-9-16-8
2020-10-23 20:30:49 +02:00
Petr Menšík
01c5de480b Update to 9.11.24
DNS Flag Day 2020 - default ENDS buffer size changed to 1232.

https://downloads.isc.org/isc/bind9/9.11.24/RELEASE-NOTES-bind-9.11.24.html
2020-10-23 17:20:10 +02:00
Adrian Reber
293d93455e
Rebuilt for protobuf 3.13 2020-09-23 17:05:52 +02:00
Petr Menšík
fa2913151c Merge bind-lite-devel into bind-devel
Those packages were very similar in BIND 9.11. Because nothing requires
just bind-lite-devel package, make just one devel package with all
requirements.  Keep separated libraries, but only one devel package.

Include also obsolete for automatic uninstall of previous bind-lite-devel
package. bind-devel now contains everything required to link against
libraries.
2020-09-22 10:23:43 +02:00
Petr Menšík
392ac795ce Add fix of rbtdb.c from upstream
ARM and s390x cannot compile, because they lack atomic implementation in
lib/isc. Include upstream fix after 9.11.23 release.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2020-09-18 14:49:47 +02:00
Petr Menšík
1d47d2b5c9 Update to 9.11.23
Only bugs fixed.
- LOC records parsing fixed
- nonsecurity fixes from fuzzing

upstream release notes:
https://downloads.isc.org/isc/bind9/9.11.23/RELEASE-NOTES-bind-9.11.23.html

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2020-09-17 23:02:38 +02:00
Petr Menšík
c8e4226ec1 Create bind-dnssec-doc subpackage
Move there all manual pages of bind-dnssec-utils. They can be then
shared by bind-pkcs11-utils with just one package owning them.
2020-09-17 22:39:18 +02:00
Petr Menšík
d4dab07e86 Remove ancient version triggers 2020-09-17 22:38:47 +02:00
Petr Menšík
165b833b3d Remove ancient provides
Most of they are related to RHEL 5, which is far too long unsupported.
Stop dragging them along for ages.
2020-09-17 22:37:50 +02:00
Petr Menšík
f37fbc8205 Remove DEVEL conditional define
I find no reason to turn off devel package creation. It can be ignored
if required, but is mandatory due to Fedora packaging guidelines.
Simplify it a bit.
2020-09-17 19:02:11 +02:00
Petr Menšík
dac5cf7a4c Add missing architecture to lmdb 2020-09-17 14:39:52 +02:00
Petr Menšík
9e7477b3c4 Update to 9.16.7
Bugfix release.

https://downloads.isc.org/isc/bind9/9.16.7/doc/arm/html/notes.html#notes-for-bind-9-16-7
2020-09-17 12:11:10 +02:00
Petr Menšík
1f070d7ab3 Move mysql DLZ modules together
Remove dlz-mysqldyn subpackage, move documentation and modules to the
same package. It is similar and has exactly the same dependencies,
different package is not required.
2020-09-16 16:52:39 +02:00
Petr Menšík
7ffde7d755 Address warning of rpmlint 2020-09-16 16:12:12 +02:00
Petr Menšík
fe1a072435 Provide should not contain architecture 2020-09-16 16:09:08 +02:00
Petr Menšík
c2387c40c7 Add missing architecture to lmdb 2020-09-16 12:13:51 +02:00
Petr Menšík
11da1628d8 Allow easy upgrade of bind-devel
bind-lite-devel needs to be obsoleted. It demands license with its own
reason and block upgrade.
2020-09-16 12:12:55 +02:00
Petr Menšík
aa13488713 Create bind-dnssec-doc subpackage
Move there all manual pages of bind-dnssec-utils. They can be then
shared by bind-pkcs11-utils with just one package owning them.
2020-09-15 20:06:11 +02:00
Petr Menšík
4158647a7a Remove ancient version triggers 2020-09-15 19:34:43 +02:00
Petr Menšík
aa8fce7381 Remove ancient provides
Most of they are related to RHEL 5, which is far too long unsupported.
Stop dragging them along for ages.
2020-09-15 19:28:35 +02:00
Petr Menšík
bd20caa99a Move plugins to upstream default directory
Keep backward-compatible links from old directory. Any original
configuration should keep running like before.
2020-09-15 18:22:27 +02:00
Petr Menšík
f290ef8ed6 Move DLZ modules out of bind base package
All DLZ modules were installed by mistake in main bind package.
Remove them from there, they should be offered only by each dlz
subpackage.

Move modules to upstream used directory %{_libdir}/named.
2020-09-15 18:06:30 +02:00
Petr Menšík
8a73c57ad4 Remove DEVEL conditional define
I find no reason to turn off devel package creation. It can be ignored
if required, but is mandatory due to Fedora packaging guidelines.
Simplify it a bit.
2020-09-15 17:55:01 +02:00
Petr Menšík
1799c36d23 Merge bind-lite-devel into bind-devel
Those packages were very similar in BIND 9.11. Since there is no
isc-config.sh, no significant or required reason to have them separated
exist. Keep separated libraries, but only one devel package.
2020-09-15 17:51:50 +02:00
Petr Menšík
e1be70d96e Disable SDB remains and build only DLZ modules
DLZ modules turned built-in support into named, just like former
named-sdb package had. That was non-intentional and is disabled now.
Instead, build only dynamically loaded modules with support for various
database access.
2020-09-14 21:17:32 +02:00
Petr Menšík
ef5c71f941 Share static data in doc package
Fonts add unnecessary size to doc package. Instead of local copy, link
to theme package static directory and reuse data already installed.
2020-09-14 17:08:06 +02:00
Petr Menšík
e761bce6ce Require libcap-devel from devel package
isc-config.sh --libs isc requires libcap devel, even when it is not
required by any headers. Make sure it is present.
2020-09-04 12:38:57 +02:00
Petr Menšík
89421c0410 Remove lwres remains 2020-08-31 16:31:40 +02:00
Petr Menšík
1667a58d2a Generate html man pages into man subdirectory 2020-08-31 16:31:40 +02:00
Petr Menšík
7be72b675e Disable PDF regeneration
Because pending issues with PDF regeneration, disable PDF for now.
Allow turning it on with --with DOCPDF.

It prevents building successfully on Rawhide/f33 for some reason.
2020-08-31 14:09:33 +02:00
Petr Menšík
bd765f0cce Ignore fmtutil command status
It is not important for the build, just inform about latex tools.
2020-08-28 11:15:29 +02:00
Petr Menšík
823e9d22cf List latex configuration before make 2020-08-26 16:48:02 +02:00
Petr Menšík
7d8ad626e7 Use fmtutil to generate local settings
COPR is missing fmtutil configuration. Try generating it.
2020-08-26 12:44:44 +02:00
Petr Menšík
04a7c5632c Do not use home for pdf build files
texlive stores some files in $HOME directory. Redirect those files to
build directory, where it belongs. Do not touch anything user has.
2020-08-26 12:10:38 +02:00
Petr Menšík
cb3f3691e4 Update to 9.16.6
Release notes:
https://downloads.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
2020-08-22 11:44:09 +02:00
Petr Menšík
745f43ac05 Update to 9.11.22
https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html
2020-08-21 10:29:56 +02:00
Fedora Release Engineering
2dfc59bcef - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-08-01 00:08:12 +00:00
Fedora Release Engineering
bd472bc593 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 13:07:40 +00:00
Petr Menšík
2053b89207 Remove duplicate copy of HTML manual pages 2020-07-16 00:02:49 +02:00
Petr Menšík
23ca292909 Update to 9.16.5
Modifies API of libraries, needs rebuild of dependent packages.
2020-07-15 22:39:37 +02:00
Petr Menšík
146cab7989 Update to 9.11.21
Only bugfix release without significant changes.

Release notes at:
https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html
2020-07-15 22:15:32 +02:00
Petr Menšík
b4eefd1f96 Add missing lite library depends 2020-06-23 12:31:14 +02:00
Petr Menšík
192c76c22a Create doc subpackage
Subpackage is there just as shared documentation for main package.
I want to stay in original directory, files should not move since they
were in bind package.

Documentation is not regenerated, but used as shipped by upstream.
2020-06-23 12:24:31 +02:00
Adrian Reber
78aed13f06
Rebuilt for protobuf 3.12 2020-06-20 18:38:36 +02:00
Petr Menšík
9a4be75094 Move documentation from bind-doc subdir to bind
Subpackage is there just as shared documentation for main package.
I want to stay in original directory, even most of paths have changed
since move to sphinx generated documentation.
2020-06-19 22:17:03 +02:00
Petr Menšík
e8b35851c3 Delete installed manuals for disabled features
Some manuals are installed, even when those features are disabled.
Remove such manuals after installation.
2020-06-18 12:33:42 +02:00
Petr Menšík
0963df6403 Create doc subpackage and regenerate documentation
Regenerates full documentation on each build. Make documentation
optional in case some dependencies would be missing.
2020-06-18 04:45:07 +02:00
Petr Menšík
b8ccda0801 Update to 9.16.4
Documentation changed and requires another commit.
2020-06-18 04:30:24 +02:00
Petr Menšík
f82859a3a0 Update to 9.11.20
Fixes CVE-2020-8619 and few more issues
2020-06-17 22:53:13 +02:00
Miro Hrončok
8aa5837978 Rebuilt for Python 3.9 2020-05-26 02:41:36 +02:00
Petr Menšík
674cbdbb3e Make usage of initscripts optional
Do not depend hard on initscript just to provide fancy colored status.
When started from systemd, it does not really matter.

Return exactly the same return code as returned by the original tool.
2020-05-25 22:52:44 +02:00
Petr Menšík
f9201b844d Update to 9.11.19
Includes new CVE fixes
2020-05-25 12:15:44 +02:00
Petr Menšík
23458b3db1 Make usage of initscripts optional
Do not depend hard on initscript just to provide fancy colored status.
When started from systemd, it does not really matter.

Return exactly the same return code as returned by the original tool.
2020-05-22 12:18:30 +02:00
Petr Menšík
7fe31e1892 Update to 9.16.3
Changes some solib versions and fixes two important CVEs:
CVE-2020-8616 CVE-2020-8617
2020-05-20 13:25:26 +02:00
Petr Menšík
775befed48 Try successful build on epel8
softhsm is not provided on RHEL 8 as normal package. It is distributed
only in idm:DL1 module. If unittest or systemtest is not enabled, skip
configuring softhsm. It would not be used anyway.
2020-04-28 10:18:03 +02:00
Petr Menšík
40861268f3 Enable native PKCS11 build again
It was disabled because patches were not fixed. It compiles now, try it.
2020-04-27 22:22:47 +02:00
Petr Menšík
afbbd0be52 Add support to native PKCS11
Set of patches and changes, that fixes compilation of native PKCS11
support as subpackage. Moves definition of USE_PKCS11 from config.h to
Makefiles. Defaults to off and only PKCS11 subdirectories set it to
true.
2020-04-27 21:59:25 +02:00
Petr Menšík
8b8d05ffc0 Update sample config to match current version 2020-04-27 12:01:53 +02:00
Petr Menšík
aaa1cdaabf Update configuration to 9.16
Fixes warnings in default configuration file. Skip always enabled DNSSEC
and use more recent trust anchor format.
2020-04-24 15:21:33 +02:00
Björn Esser
b72488cc24 Rebuild (json-c) 2020-04-22 00:01:59 +02:00
Petr Menšík
076f5f80bc fixup! Make spec work also on CentOS 8 2020-04-16 12:46:45 +02:00
Petr Menšík
1d9c1cf435 fixup! Make spec work also on CentOS 8 2020-04-16 12:42:58 +02:00
Petr Menšík
1b133224fc Update to 9.16.2
Notes for BIND 9.16.2
Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]

Feature Changes

    The previous DNSSEC sign statistics used lots of memory. The number of keys to track is reduced to four per zone, which should be enough for 99% of all signed zones. [GL #1179]

Bug Fixes

    When an RPZ policy zone was updated via zone transfer and a large number of records was deleted, named could become nonresponsive for a short period while deleted names were removed from the RPZ summary database. This database cleanup is now done incrementally over a longer period of time, reducing such delays. [GL #1447]

    When trying to migrate an already-signed zone from auto-dnssec maintain to one based on dnssec-policy, the existing keys were immediately deleted and replaced with new ones. As the key rollover timing constraints were not being followed, it was possible that some clients would not have been able to validate responses until all old DNSSEC information had timed out from caches. BIND now looks at the time metadata of the existing keys and incorporates it into its DNSSEC policy operation. [GL #1706]
2020-04-16 12:38:00 +02:00
Petr Menšík
5e13eb8e75 Make spec work also on CentOS 8
Move some conditional requirements to be enabled just on Fedora.
2020-04-16 11:21:47 +02:00
Petr Menšík
96e1d963a4 Make spec work also on CentOS 8
Move some conditional requirements to be enabled just on Fedora.
2020-04-16 11:10:15 +02:00
Petr Menšík
6e3b160e37 Update to BIND 9.11.18
From Upstream Release notes:

Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]
2020-04-16 10:53:28 +02:00
Petr Menšík
304cfaa8e0 Enable source verification only on Fedora builds 2020-04-08 20:50:01 +02:00