Commit Graph

1071 Commits

Author SHA1 Message Date
Petr Menšík
a912dbe98b Return engine implementation but use legacy OpenSSL
Engine interface were deprecated in OpenSSL and therefore removed from
normal compilation. But it is possible to compile on OpenSSL with compat
define. That disables deprecation warnings and use functions same as for
OpenSSL 1.1. That is required to keep working engine pkcs11 support.

Otherwise loading keys via ENGINE_load_private_key would always fail.

Resolves: rhbz:#2122010
2022-09-08 22:33:55 +02:00
Petr Menšík
9ef018d129 Always display test suite errors (#2122010)
Previous change did not do anything, because rpm will terminate the
recipe on the first failed command. Make make check not failing
directly, but fail it later explicitly. Show details in the mean time.
2022-09-01 16:59:07 +02:00
Petr Menšík
e4b16641a8 Improve reporting of results after unittest 2022-08-30 20:21:14 +02:00
Petr Menšík
c0c776f659 Update to 9.18.6 (#2119132)
https://downloads.isc.org/isc/bind9/9.18.6/doc/arm/html/notes.html#notes-for-bind-9-18-6
2022-08-30 20:07:05 +02:00
Petr Menšík
bd4f2660ac Use multiple threads on unit tests, but 16 at most 2022-08-11 11:50:14 +02:00
Petr Menšík
b33592e3c6 Return doc symlink to main page
Bind 9.11 guide had different HTML manual, include backward compatible
link to the new place.
2022-08-03 20:38:51 +02:00
Petr Menšík
66ddbbdf47 Update to 9.18.5 (#2109170)
https://downloads.isc.org/isc/bind9/9.18.5/doc/arm/html/notes.html#notes-for-bind-9-18-5

Changes NSEC3 default count to zero.
2022-08-03 20:38:49 +02:00
Petr Menšík
989a3e3876 Remove all pkcs11 variants
Recent freeipa uses openssl backend pkcs11 to offload keys to secure
storage. Remove duplicate native builds of pkcs11 tools and daemon. Do
not build tools like pkcs11-tokens, rely or more advanced tools p11tool
and pkcs11-tool. Keep setup-named-softhsm as part of named package.
2022-08-03 20:38:08 +02:00
Petr Menšík
411463dad7 Deprecate python3-bind for smooth upgrade 2022-08-03 20:38:08 +02:00
Petr Menšík
55526b37a7 Stop enabling selinux booleans on every upgrade
SELinux booleans system pushes enablement into a stack. It saves
previous values and restores them on removal. But the default for
boolean named_write_master_zones has changed to true. Update it just
single time on upgrade from previous bind versions. Then rely on
previous version being a permanent value.
2022-08-03 20:38:06 +02:00
Petr Menšík
8a47aa2c75 Import version from branch v9_18
Uses git checkout 38726e67340b2b60715fa2f342dc800273d3772f -- .

Remove unused patches from distgit.
2022-08-03 20:37:06 +02:00
Fedora Release Engineering
d540d034df Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-20 21:59:12 +00:00
Petr Menšík
f887e16911 Update to 9.16.30 (#2097312)
https://downloads.isc.org/isc/bind9/9.16.30/doc/arm/html/notes.html#notes-for-bind-9-16-30
2022-06-20 14:21:46 +02:00
Python Maint
e3377c558b Rebuilt for Python 3.11 2022-06-13 18:18:12 +02:00
Petr Menšík
bb9452718a Correct failing test
Prevent failures of netmgr_test. Enable unit tests again, since issue
with kyua seems to be fixed.

Resolves: rhbz#2088125
2022-05-27 10:36:01 +02:00
Petr Menšík
bb1dcf68da Update to 9.16.29
Previously, CDS and CDNSKEY DELETE records were removed from
the zone when configured with the auto-dnssec maintain; option.
This has been fixed. [GL #2931]

https://downloads.isc.org/isc/bind9/9.16.29/doc/arm/html/notes.html#notes-for-bind-9-16-29

Resolves: rhbz#2087920
2022-05-26 23:14:06 +02:00
Petr Menšík
fdb091757f Reeanble unit tests 2022-05-17 17:28:20 +02:00
Petr Menšík
48bb18e175 Parse again timeout and attempts from resolv.conf
Resolves rhbz#2087156
2022-05-17 15:53:18 +02:00
Petr Menšík
0cc36e95a3 Update to 9.16.28 (#2076941)
https://downloads.isc.org/isc/bind9/9.16.28/doc/arm/html/notes.html#notes-for-bind-9-16-28
2022-04-20 18:07:44 +02:00
Petr Menšík
e52a502150 Upgrade to 9.16.27 (#2055120)
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27

Resolves: CVE-2021-25220 CVE-2022-0396
2022-03-18 11:13:18 +01:00
Petr Menšík
ee4347d7db Replace downstream change with upstream proposal
bind-dyndb-ldap requires sending from custom spawned thread to main
named threads. Change queue type to locked variant, which would not
crash when isc_send_task() is called from dyndb worker thread.

Related: rhbz#2048235
2022-03-18 11:13:18 +01:00
Petr Menšík
36d2b49469 Remove lame server errors hiding patch
Those errors can be dropped by simple configuration:

logging {
category lame_servers { null; };
};

Do not hide them into debug log on all servers. Expect lame servers are
not so common to drop it always.
2022-03-01 19:19:17 +01:00
Petr Menšík
cc49e08ee9 Renumber native PKCS11 patches to beginning
Allow all subsequent patches with higher number to be added to normal
common list of patches. Make just initial patches special.

Ensure all patch chunks use -p1 prefix.
2022-03-01 19:18:40 +01:00
Petr Menšík
24d1ecd259 Switch to %autosetup
Renumber high numbered patches to two digits patch. It does not really
matter for autosetup. Simplify applying of new patches.
2022-02-21 14:49:19 +01:00
Petr Menšík
b0bc4995fb Remove unused patches 2022-02-21 12:42:48 +01:00
Petr Menšík
74f70469b1 Update to 9.16.26 (#2055120) 2022-02-17 23:21:17 +01:00
Petr Menšík
3f2a16fed6 Allow manual reservation of additional hp threads
bind-dyndb-ldap started crashing after memory optimization made in
9.16.25 release. It attempts to use now uninitialized memory part. Work
around this problem by extra command line parameters, which would
request additional threads. Those threads then would be safely used by
bind-dyndb-ldap. Requires change to bind-dyndb-ldap and freeipa
packages.

Needs freeipa to add OPTIONS+="-H 200" to /etc/sysconfig/named

Related: rhbz#2048235
2022-02-11 15:58:50 +01:00
Petr Menšík
5df92605e8 Use upstream applied fix to DLZ modules 2022-02-11 15:58:40 +01:00
Petr Menšík
de4624f6e0 Replace master with primary in configuration
Use more friendly value for primary and secondary zones. It used master
for ages, but that might have wrong connotation to someone. Use
something without problematic history.
2022-01-25 15:07:27 +01:00
Petr Sklenar
c81513c758 adding ci.fmf with multiple plans support 2022-01-25 11:35:08 +00:00
Petr Menšík
c0565f0da1 Fix ldap and sqlite3 DLZ module failure
Thread removal were incomplete, it has broken some dlz modules
compilation. Ensure threaded variant is always used, remove
remains of single-thread variant.
2022-01-21 21:56:04 +01:00
Petr Menšík
11207651f7 Update to 9.16.25 (#2042504)
- Reduced memory usage on machines with many CPU cores.
- Offline ZSK expired signatures would be signed by KSK instead
- Inline signed zone could be saved without serial, causing error after
  restart

https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html#notes-for-bind-9-16-25
2022-01-21 21:56:02 +01:00
Fedora Release Engineering
3bb763c2a7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-19 22:20:21 +00:00
Petr Menšík
e20853883a Correct shell warnings detected by coverity 2022-01-18 14:31:43 +01:00
Petr Sklenar
ed2f945c40 Adding fmf plan 2022-01-04 11:16:17 +01:00
Petr Menšík
a8e525a210 Rename all function starting with ldap_ in dlz plugin
To prevent any future conflicts, rename all functions starting with
ldap_.
2021-12-22 14:14:40 +01:00
Petr Menšík
ec7f7e4c12 Fix OpenLDAP 2.6 conflict
Rename internal function to not start with just ldap_ prefix. OpenLDAP
library provides such function with different parameters and compiler
cannot pass it.
2021-12-22 13:53:11 +01:00
Petr Menšík
13da6470e0 Upload new sources 2021-12-20 11:37:38 +01:00
Petr Menšík
25b398b4e2 Update to 9.16.24
https://downloads.isc.org/isc/bind9/9.16.24/RELEASE-NOTES-bind-9.16.24.html
2021-12-15 20:58:57 +01:00
Petr Menšík
0ddb138d48 Correct wrong %endif on --without GEOIP2
Description for devel subpackage needs to be always defined.

Resolves: rhbz#2026823
2021-11-26 12:14:11 +01:00
Petr Menšík
f8d4aed3a6 Update 9.16.23
Reloading a catalog zone which referenced a missing/deleted member zone
triggered a runtime check failure, causing named to exit prematurely.
This has been fixed. [GL #2308]

https://downloads.isc.org/isc/bind9/9.16.23/doc/arm/html/notes.html#notes-for-bind-9-16-23
2021-11-19 18:42:55 +01:00
Adrian Reber
cbb68a1d09
Rebuilt for protobuf 3.19.0 2021-11-06 10:16:53 +01:00
Petr Menšík
5a12a8cddc Update to 9.16.22 2021-10-27 20:13:32 +02:00
Adrian Reber
6d858e2834
Rebuilt for protobuf 3.18.1 2021-10-24 18:46:54 +02:00
Petr Menšík
67a5f4ae99 Propagate system emphemeral ports to chroot
BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.

Resolves: rhbz#2013597
2021-10-13 12:21:26 +02:00
Petr Menšík
59865beb68 Update to 9.16.21
- Support for HTTPS and SVCB

https://downloads.isc.org/isc/bind9/9.16.21/doc/arm/html/notes.html#notes-for-bind-9-16-21
2021-09-15 12:26:45 +02:00
Sahana Prasad
50423aedd6 Rebuilt with OpenSSL 3.0.0 2021-09-14 18:59:02 +02:00
Petr Menšík
113ef2a069 Ensure return codes make it into generated dig manual
It seems patched version were not catched by build dependencies. Change
include modification to propagate it.
2021-08-25 16:34:25 +02:00
Petr Menšík
32ee97f516 Remove unneeded test variants changes
Variants for testing were planned to test also named-sdb and
named-pkcs11 builds. Instead, those build were deprecated, named-sdb no
longer exists with possible replacement of named-dlz plugins.
named-pkcs11 would not be built soon, it can be replaced by using -E
pkcs11 parameter to named and some dnssec-* tools. Testing those
variants should not be required this way.
2021-08-25 15:51:06 +02:00
Petr Menšík
4cac5c90e0 Increase map format version, lower memory consuption a bit
Resolves: rhbz#1997504
2021-08-25 14:30:17 +02:00