Commit Graph

1064 Commits

Author SHA1 Message Date
Petr Menšík
989a3e3876 Remove all pkcs11 variants
Recent freeipa uses openssl backend pkcs11 to offload keys to secure
storage. Remove duplicate native builds of pkcs11 tools and daemon. Do
not build tools like pkcs11-tokens, rely or more advanced tools p11tool
and pkcs11-tool. Keep setup-named-softhsm as part of named package.
2022-08-03 20:38:08 +02:00
Petr Menšík
411463dad7 Deprecate python3-bind for smooth upgrade 2022-08-03 20:38:08 +02:00
Petr Menšík
55526b37a7 Stop enabling selinux booleans on every upgrade
SELinux booleans system pushes enablement into a stack. It saves
previous values and restores them on removal. But the default for
boolean named_write_master_zones has changed to true. Update it just
single time on upgrade from previous bind versions. Then rely on
previous version being a permanent value.
2022-08-03 20:38:06 +02:00
Petr Menšík
8a47aa2c75 Import version from branch v9_18
Uses git checkout 38726e67340b2b60715fa2f342dc800273d3772f -- .

Remove unused patches from distgit.
2022-08-03 20:37:06 +02:00
Fedora Release Engineering
d540d034df Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-20 21:59:12 +00:00
Petr Menšík
f887e16911 Update to 9.16.30 (#2097312)
https://downloads.isc.org/isc/bind9/9.16.30/doc/arm/html/notes.html#notes-for-bind-9-16-30
2022-06-20 14:21:46 +02:00
Python Maint
e3377c558b Rebuilt for Python 3.11 2022-06-13 18:18:12 +02:00
Petr Menšík
bb9452718a Correct failing test
Prevent failures of netmgr_test. Enable unit tests again, since issue
with kyua seems to be fixed.

Resolves: rhbz#2088125
2022-05-27 10:36:01 +02:00
Petr Menšík
bb1dcf68da Update to 9.16.29
Previously, CDS and CDNSKEY DELETE records were removed from
the zone when configured with the auto-dnssec maintain; option.
This has been fixed. [GL #2931]

https://downloads.isc.org/isc/bind9/9.16.29/doc/arm/html/notes.html#notes-for-bind-9-16-29

Resolves: rhbz#2087920
2022-05-26 23:14:06 +02:00
Petr Menšík
fdb091757f Reeanble unit tests 2022-05-17 17:28:20 +02:00
Petr Menšík
48bb18e175 Parse again timeout and attempts from resolv.conf
Resolves rhbz#2087156
2022-05-17 15:53:18 +02:00
Petr Menšík
0cc36e95a3 Update to 9.16.28 (#2076941)
https://downloads.isc.org/isc/bind9/9.16.28/doc/arm/html/notes.html#notes-for-bind-9-16-28
2022-04-20 18:07:44 +02:00
Petr Menšík
e52a502150 Upgrade to 9.16.27 (#2055120)
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27

Resolves: CVE-2021-25220 CVE-2022-0396
2022-03-18 11:13:18 +01:00
Petr Menšík
ee4347d7db Replace downstream change with upstream proposal
bind-dyndb-ldap requires sending from custom spawned thread to main
named threads. Change queue type to locked variant, which would not
crash when isc_send_task() is called from dyndb worker thread.

Related: rhbz#2048235
2022-03-18 11:13:18 +01:00
Petr Menšík
36d2b49469 Remove lame server errors hiding patch
Those errors can be dropped by simple configuration:

logging {
category lame_servers { null; };
};

Do not hide them into debug log on all servers. Expect lame servers are
not so common to drop it always.
2022-03-01 19:19:17 +01:00
Petr Menšík
cc49e08ee9 Renumber native PKCS11 patches to beginning
Allow all subsequent patches with higher number to be added to normal
common list of patches. Make just initial patches special.

Ensure all patch chunks use -p1 prefix.
2022-03-01 19:18:40 +01:00
Petr Menšík
24d1ecd259 Switch to %autosetup
Renumber high numbered patches to two digits patch. It does not really
matter for autosetup. Simplify applying of new patches.
2022-02-21 14:49:19 +01:00
Petr Menšík
b0bc4995fb Remove unused patches 2022-02-21 12:42:48 +01:00
Petr Menšík
74f70469b1 Update to 9.16.26 (#2055120) 2022-02-17 23:21:17 +01:00
Petr Menšík
3f2a16fed6 Allow manual reservation of additional hp threads
bind-dyndb-ldap started crashing after memory optimization made in
9.16.25 release. It attempts to use now uninitialized memory part. Work
around this problem by extra command line parameters, which would
request additional threads. Those threads then would be safely used by
bind-dyndb-ldap. Requires change to bind-dyndb-ldap and freeipa
packages.

Needs freeipa to add OPTIONS+="-H 200" to /etc/sysconfig/named

Related: rhbz#2048235
2022-02-11 15:58:50 +01:00
Petr Menšík
5df92605e8 Use upstream applied fix to DLZ modules 2022-02-11 15:58:40 +01:00
Petr Menšík
de4624f6e0 Replace master with primary in configuration
Use more friendly value for primary and secondary zones. It used master
for ages, but that might have wrong connotation to someone. Use
something without problematic history.
2022-01-25 15:07:27 +01:00
Petr Sklenar
c81513c758 adding ci.fmf with multiple plans support 2022-01-25 11:35:08 +00:00
Petr Menšík
c0565f0da1 Fix ldap and sqlite3 DLZ module failure
Thread removal were incomplete, it has broken some dlz modules
compilation. Ensure threaded variant is always used, remove
remains of single-thread variant.
2022-01-21 21:56:04 +01:00
Petr Menšík
11207651f7 Update to 9.16.25 (#2042504)
- Reduced memory usage on machines with many CPU cores.
- Offline ZSK expired signatures would be signed by KSK instead
- Inline signed zone could be saved without serial, causing error after
  restart

https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html#notes-for-bind-9-16-25
2022-01-21 21:56:02 +01:00
Fedora Release Engineering
3bb763c2a7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-19 22:20:21 +00:00
Petr Menšík
e20853883a Correct shell warnings detected by coverity 2022-01-18 14:31:43 +01:00
Petr Sklenar
ed2f945c40 Adding fmf plan 2022-01-04 11:16:17 +01:00
Petr Menšík
a8e525a210 Rename all function starting with ldap_ in dlz plugin
To prevent any future conflicts, rename all functions starting with
ldap_.
2021-12-22 14:14:40 +01:00
Petr Menšík
ec7f7e4c12 Fix OpenLDAP 2.6 conflict
Rename internal function to not start with just ldap_ prefix. OpenLDAP
library provides such function with different parameters and compiler
cannot pass it.
2021-12-22 13:53:11 +01:00
Petr Menšík
13da6470e0 Upload new sources 2021-12-20 11:37:38 +01:00
Petr Menšík
25b398b4e2 Update to 9.16.24
https://downloads.isc.org/isc/bind9/9.16.24/RELEASE-NOTES-bind-9.16.24.html
2021-12-15 20:58:57 +01:00
Petr Menšík
0ddb138d48 Correct wrong %endif on --without GEOIP2
Description for devel subpackage needs to be always defined.

Resolves: rhbz#2026823
2021-11-26 12:14:11 +01:00
Petr Menšík
f8d4aed3a6 Update 9.16.23
Reloading a catalog zone which referenced a missing/deleted member zone
triggered a runtime check failure, causing named to exit prematurely.
This has been fixed. [GL #2308]

https://downloads.isc.org/isc/bind9/9.16.23/doc/arm/html/notes.html#notes-for-bind-9-16-23
2021-11-19 18:42:55 +01:00
Adrian Reber
cbb68a1d09
Rebuilt for protobuf 3.19.0 2021-11-06 10:16:53 +01:00
Petr Menšík
5a12a8cddc Update to 9.16.22 2021-10-27 20:13:32 +02:00
Adrian Reber
6d858e2834
Rebuilt for protobuf 3.18.1 2021-10-24 18:46:54 +02:00
Petr Menšík
67a5f4ae99 Propagate system emphemeral ports to chroot
BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.

Resolves: rhbz#2013597
2021-10-13 12:21:26 +02:00
Petr Menšík
59865beb68 Update to 9.16.21
- Support for HTTPS and SVCB

https://downloads.isc.org/isc/bind9/9.16.21/doc/arm/html/notes.html#notes-for-bind-9-16-21
2021-09-15 12:26:45 +02:00
Sahana Prasad
50423aedd6 Rebuilt with OpenSSL 3.0.0 2021-09-14 18:59:02 +02:00
Petr Menšík
113ef2a069 Ensure return codes make it into generated dig manual
It seems patched version were not catched by build dependencies. Change
include modification to propagate it.
2021-08-25 16:34:25 +02:00
Petr Menšík
32ee97f516 Remove unneeded test variants changes
Variants for testing were planned to test also named-sdb and
named-pkcs11 builds. Instead, those build were deprecated, named-sdb no
longer exists with possible replacement of named-dlz plugins.
named-pkcs11 would not be built soon, it can be replaced by using -E
pkcs11 parameter to named and some dnssec-* tools. Testing those
variants should not be required this way.
2021-08-25 15:51:06 +02:00
Petr Menšík
4cac5c90e0 Increase map format version, lower memory consuption a bit
Resolves: rhbz#1997504
2021-08-25 14:30:17 +02:00
Petr Menšík
50e206624d Fix regression in map fileformat compatibility
https://gitlab.isc.org/isc-projects/bind9/-/issues/2872
2021-08-19 17:05:11 +02:00
Petr Menšík
9d509c6973 Update to 9.16.20 (#1995289) 2021-08-19 12:50:40 +02:00
Petr Menšík
739136846c Do not depend on systemd package 2021-08-05 14:33:51 +02:00
Petr Menšík
77857154b5 Reenable PDF building again (#1984687) 2021-08-03 08:12:33 +02:00
Petr Menšík
dc4646b7fd Include backward compatible html symlink in doc subpackage 2021-07-23 12:26:56 +02:00
Petr Menšík
a58a3a3f05 Disable PDF building on Rawhide (#1984687)
Just temporary workaround to failing pdf build.
2021-07-21 23:39:34 +02:00
Petr Menšík
3bd7080e53 Update to 9.16.19
Remove support for PREVER and PATCHVER, since upstream no longer
releases them. Simplifies a bit versioning.

Resolves: rhbz#1984627
2021-07-21 22:10:55 +02:00