Commit Graph

730 Commits

Author SHA1 Message Date
Petr Menšík
685f10cbfd Reject invalid rbt file if header is corrupted
Resolves: rhbz#1666814
2019-01-16 17:43:33 +01:00
Petr Menšík
67a5cd83ff Made RAND_status check optional (broke --disable-crypto-rand)
dhclient can terminate if not enough entropy, but it never requires
random data. On a new virtual machine, lack of entropy can be common.
Ensure it does not prevent DHCP client assigning an IP address.
2019-01-16 17:43:33 +01:00
Petr Menšík
ae36af4c9f Add support for DNSTAP
Not enabled by default yet. Enables dumping of dns traffic.
Fix DNSTAP issues in build and unit tests.

Fool rpmlint to accept dnstap relative path. Rpmlint emited error
hardcoded-library-path on dnstap path. It is not system-wide library,
workaround by using variable.

Add dnstap-read utility to utils. When dnstap is enabled,
dnstap-read will be part of utils. Disadvantage is all utilities would have
dependency on protobuf library, including host and dig.

Resolves: #1564776
2018-11-05 18:28:47 +01:00
Petr Menšík
eba5779fc1 Add JSON statistics support
Optional support for HTTP statistics. For now it is still disabled.
2018-11-05 18:27:07 +01:00
Petr Menšík
ad7b3b8f12 Update to 9.11.5
Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
2018-11-05 18:12:29 +01:00
Petr Menšík
c64b079c36 Add Requires to devel packages referenced by bind-devel
bind-devel requires openssl-devel to be installed for any digest
function. Prevent failures of depending packages if they do not depend
on other devel packages themselves. bind-dyndb-ldap is one such example.
2018-10-11 12:35:49 +02:00
Igor Gnatenko
5efb1da1ac
fixup export-libs macro logic
1 /sbin/ldconfig: relative path `1' used to build cache
   2 warning: %postun(bind-export-libs-32:9.11.4-6.P1.fc29.x86_64) scriptlet failed, exit status 1

The reason for that is that macro defined below becomes part of
export-libs subpackage. %end will terminate post/postun immediately
without such side-effect.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-09-29 09:53:22 +02:00
Petr Menšík
e665b7deb0 Reenable IDN output but allow turning it off
Remove invalid downstream patch that disabled IDN output by default.
Dig could enable it, but it could not be enabled in nslookup and host.
Fix instead broken disable.

Resolves: #1580200
2018-09-26 20:31:46 +02:00
Petr Menšík
135784d7f2 Include /dev/urandom in chroot
Changed feature using OpenSSL RAND function requires /dev/urandom. It
was not provided in chroot and caused failure. Bug #1631515
2018-09-24 18:06:04 +02:00
Petr Menšík
fdbf64ca93 Fix changelog entry 2018-09-20 11:40:32 +02:00
Petr Menšík
0b3ef49c00 Update to bind-9.11.4-P2 2018-09-20 11:38:06 +02:00
Petr Menšík
8c65390bb6 Add versioned depends to all library subpackages 2018-09-19 21:04:52 +02:00
Petr Menšík
2ac37f7a75 Fix multilib conflict after 9.11 rebase
Conflict with devel headers reappeared after rebase to 9.11. Fix
socklen_t in a way that would generate the same types on 32 and 64 bit
architectures.
2018-09-19 21:04:52 +02:00
Petr Menšík
aeea22afaa Fix annobin failures
Replace isc_safe routines with their OpenSSL counter parts

(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)

Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()

(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)

Fix the isc_safe_memwipe() usage with (NULL, >0)

(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)

Resolves: rhbz#1624100
2018-09-19 21:04:52 +02:00
Petr Menšík
cc69cd1e32 Use sed to modify generated Makefile
Custom patch application is not recognized by checking tools.
Use more readable and understandable way.
2018-09-19 21:04:52 +02:00
Petr Menšík
328fbf43a1 Add manual page for new comand dnssec-importkey
Pkcs11 variant did not have it, add a symlink also to real manual.
2018-09-19 21:04:52 +02:00
Petr Menšík
595af1f3d5 [master] completed and corrected the crypto-random change
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
2018-09-19 21:04:52 +02:00
Petr Menšík
6e9104cae5 Add support for OpenSSL provided random data
Modified pkcs11 patch, problem with openssl/pkcs11 includes and
ISC_PLATFORM_CRYPTOLIB
2018-09-19 21:04:52 +02:00
Pavel Raiskup
0ae69e04e1 BuildRequires: s/postgresql-devel/libpq-devel/
That's because we moved libpq.so.5 into libpq package, per
devel list discussion:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/U3XR5EGU2TPI2CDHBRBUD4M4LK5OHKU3/

Related: rhbz#1618698, rhbz#1623764
2018-09-05 14:55:41 +02:00
Petr Menšík
37943d075e Do not print errors on configuration failure (#1595782) 2018-08-14 22:28:45 +02:00
Petr Menšík
95d8248d50 Automatically replace obsoleted ISC DLV key with root key (#1595782) 2018-08-14 22:13:44 +02:00
Petr Menšík
e1f8ad2217 Fix sdb-chroot devices upgrade (#1592873)
Move common part to rpm define, use similar parts with different
parameter. Correct /dev/zero instead of missing /dev/dev.
2018-08-14 17:43:33 +02:00
Petr Menšík
35334375ff Update to 9.11.4-P1
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
Petr Menšík
899014a8d1 Add support for disabled MD5
Do not crash named if MD5 function is not available. Instead gracefully
refuse to use such functions.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-08-02 23:51:45 +02:00
Petr Menšík
aefd72cf8f Use OpenSSL for digest operations (#1611537) 2018-08-02 12:57:04 +02:00
Petr Menšík
20ccb888af Install manpages generated by build
Upstream code will always install manual pages of upstream.
Manuals generated on build will be again installed. Broken by
out-of-tree build to support export-lib.
2018-07-31 22:17:56 +02:00
Petr Menšík
a38c250807 Update to 9.11.4
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
Petr Menšík
89e5350e43 Prevent errors on bind-chroot uninstall when running (#1600583) 2018-07-13 14:11:20 +02:00
Petr Menšík
572c587d29 Fix chroot devices verification (#1592873)
Moves creation of device files to setup instead of scriptlets.
Devices cleanup is left to RPM.
2018-07-13 14:11:20 +02:00
Petr Menšík
41d69089c7 Use new config named-chroot.files for chroot setup files (#1429656) 2018-07-13 14:11:20 +02:00
Fedora Release Engineering
5c1f40d412 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:04:39 +00:00
Jason Tibbitts
626855668d Remove needless use of %defattr 2018-07-10 00:26:47 -05:00
Miro Hrončok
80b88039e8 Rebuilt for Python 3.7 2018-07-02 18:22:06 +02:00
Petr Menšík
3159fb6a8e Require utils instead of library 2018-06-27 21:03:51 +02:00
Petr Menšík
ac50574b43 CVE-2018-5738 2018-06-27 18:18:57 +02:00
Petr Menšík
600bfd47ef Remove named.iscdlv.key file (#1595782) 2018-06-27 18:18:57 +02:00
Miro Hrončok
72c97d6c12 Rebuilt for Python 3.7 2018-06-19 10:40:25 +02:00
Petr Menšík
e3d0b186d1 Use selinux boolean to enable writing
Resolves: rhbz#1569466
2018-06-08 15:07:24 +02:00
Petr Menšík
5c4c792b8d Change named shell to /bin/false
Related: rhbz#1569466
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:24 +02:00
Petr Menšík
0188ce47c6 Make named home writeable (#1422680)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:18 +02:00
Petr Menšík
de74eb1feb Require C++ on build when shipped atf library is used 2018-05-25 16:09:37 +02:00
Petr Menšík
f3f402d7f2 Run tests also without kyua
Support start of unit tests without kyua and system atf libraries.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-10 16:53:59 +02:00
Petr Menšík
b8176e5eb4 Update named.ca 2018-04-05 16:38:16 +02:00
Petr Menšík
f17cd8fc68 Do not link libidn2 to all libraries (#1098783) 2018-04-05 16:38:16 +02:00
Petr Menšík
36ff6aebe6 Make +noidnout default 2018-04-03 11:26:44 +02:00
Petr Menšík
cc9419191f Compile export libs without GSSAPI
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:54:13 +02:00
Petr Menšík
8c4729c436 Enable libidn2 support (#1098783)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:53:35 +02:00
Petr Menšík
f505a47d9b Add dig support for libidn2 (#1098783)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 21:34:41 +01:00
Petr Menšík
86ff90b834 Rebase to 9.11.3
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
Petr Menšík
029f0510e6 Fix build with disabled unittest
Recommend softhsm from pkcs11 variant

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 16:55:46 +01:00
Petr Menšík
40e8ab1f0c - Conflict with bind99-devel
- Require openssl-devel and libcap-devel from bind-export-devel
2018-02-26 10:29:11 +01:00
Petr Menšík
9d24906d8d Remove Group: from spec 2018-02-17 09:29:59 +01:00
Petr Menšík
5fe0b21885 - Use bcond_with to define optional features instead of %global
- Move export libs closer to PKCS11 libs, simplify soversion updates
- Remove unnecesary spec parts
2018-02-17 09:29:59 +01:00
Petr Menšík
56e7b0f856 Export libs should distribute own copy of license 2018-02-17 09:29:59 +01:00
Petr Menšík
cb2172301b Rebase to 9.11.3b1
Remove merged upstream patches

Signed-off-by: Petr Menšík <pemensik@redhat.com>

Update new so names
2018-02-17 09:29:59 +01:00
Petr Menšík
128dd7c787 - Use versioned provides
- Use spaces instead of tabs and minor cleanup
2018-02-17 09:29:58 +01:00
Petr Menšík
3931fea548 Rename devel export package to bind-export-devel.
Matches name to bind-devel and bind-libs in similar manner.
2018-02-17 09:29:55 +01:00
Petr Menšík
9a235f827e Forward export libs path to isc-config 2018-02-17 09:28:56 +01:00
Petr Menšík
6787c0592a Skip pkcs11 unit tests in export library
Modify also export configure script to use real libraries

Make sure only the replaced library is changed to export
2018-02-17 09:28:56 +01:00
Petr Menšík
46c6c4cd84 - Correct path for running make unit
- Prepare always for unit test
- Prepare only main build for system test, export test does not build
named
- Copy the key also to lib/dns-pkcs11
- BuildRequire findutils always
2018-02-17 09:28:36 +01:00
Petr Menšík
4f517bd499 Prepare system and unit test files
Enable unit tests also for export library
2018-02-17 09:28:36 +01:00
Petr Menšík
21ad2a883e Copy unit rules into build directories.
Run unittest for both build and export libs.
2018-02-17 09:28:36 +01:00
Petr Menšík
bd8ef642c3 Remove unneeded export header files for pk11 and pkcs11 2018-02-17 09:28:36 +01:00
Petr Menšík
7d67be0060 Install export isc-config.sh
Use bind9-export includes. Fix patching isc-export-config.sh
2018-02-17 09:28:36 +01:00
Petr Menšík
1d54148484 Create bind-export-devel package with headers for single-threaded. 2018-02-16 21:07:08 +01:00
Petr Menšík
f75d562486 Provide description to package. Disable most of autodetected features for export libraries. 2018-02-16 21:07:08 +01:00
Petr Menšík
539c207dc9 Fix indentation 2018-02-16 21:07:08 +01:00
Pavel Zhukov
687255db6e Add forgotten ldconfig for export-libs 2018-02-14 21:36:43 +01:00
Pavel Zhukov
c117ea001f Obsolete/provide bind99 package for smooth update 2018-02-14 21:36:43 +01:00
Pavel Zhukov
76e1f1a098 Add export-libs-devel package 2018-02-14 21:34:55 +01:00
Pavel Zhukov
cdabc47c40 Disable epoll/kqueue as untested 2018-02-14 21:32:44 +01:00
Pavel Zhukov
27e37d675a Build man in builddir 2018-02-14 21:30:59 +01:00
Pavel Zhukov
028f8c2ce4 Build export libs and deprecate bind99 2018-02-14 21:30:59 +01:00
Fedora Release Engineering
a10892eed8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 03:49:58 +00:00
Petr Menšík
3582b7047d Note -z defs cannot be enabled until more work 2018-01-30 19:00:58 +01:00
Petr Menšík
358a6cb08d Remove ldconfig calls where possible 2018-01-30 17:34:53 +01:00
Petr Menšík
da51426156 Remove already included patch adding Kyuafile 2018-01-16 23:57:12 +01:00
Petr Menšík
7556fb076a Fix CVE-2017-3145, rebase to 9.11.2-P1
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-16 23:38:29 +01:00
Petr Menšík
db0b09231c Proper fix for python3-bind subpackage directory ownership (#1522944) 2018-01-10 12:53:57 +01:00
Petr Menšík
9647ab2c58 Provide internal tool to prepare softhsm token storage 2018-01-10 12:34:53 +01:00
Petr Menšík
661d72987e 4776. [bug] Improve portability of ht_test. [RT #46333] 2018-01-09 19:07:42 +01:00
Petr Menšík
dd79d39eee Fix machine portability issues, fixes unit tests on non-x86 architectures 2018-01-09 18:19:55 +01:00
Petr Menšík
e5f6b89e92 Enable unit tests with kyua tool (#1532694) 2018-01-09 18:19:43 +01:00
Petr Menšík
50d9fbf691 Make tsstsig system test pass again (#1500017)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-12-15 16:31:14 +01:00
Petr Menšík
7536ed9d37 Own python3-bind isc directory (#1522944) 2017-12-15 15:20:27 +01:00
Petr Menšík
bdc5ebdfa5 Include protocols and services in chroot 2017-10-31 19:58:06 +01:00
Petr Menšík
f5cbbc1a87 Use hmac-sha256 for new RNDC keys (#1508003)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-31 17:37:27 +01:00
Petr Menšík
4d8c709975 Fix dynamic symbols conflict with ldap (#1205168) 2017-10-31 17:11:44 +01:00
Petr Menšík
4645641491 include DNSKEY 20326 also in trusted-key.key (#1505476) 2017-10-23 18:35:00 +02:00
Petr Menšík
2dc24d7a28 build against mariadb-connector-c-devel (#1493615)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-23 18:03:38 +02:00
Petr Menšík
1f8ab5c253 Fix nsupdate GSSAPI auth against AD server (#1484451) 2017-09-13 17:59:46 +02:00
Petr Menšík
0b15f32821 Add secroots and recursing path overrides, to write into data directory. 2017-09-13 17:48:11 +02:00
Petr Menšík
5d8eb8cf1d Update named.ca, move named.conf out of config archive 2017-08-16 22:47:09 +02:00
Petr Menšík
e9f0f4543b Optional LMDB support, disabled by default 2017-08-14 12:33:48 +02:00
Petr Menšík
7584e54e6c Update to 9.11.2 2017-08-14 12:17:30 +02:00
Petr Menšík
79d28ed32a Update to 9.11.2b1 2017-08-08 17:14:41 +02:00
Fedora Release Engineering
c81a9f4bd4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 18:13:28 +00:00
Fedora Release Engineering
268c28154e - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 03:56:37 +00:00
Petr Menšík
84de79cc62 Fix different formating spaces 2017-07-14 17:07:00 +02:00
Petr Menšík
6bf59b0f11 Make comment how to use different config file 2017-07-14 17:02:15 +02:00