5efb1da1ac
fixup export-libs macro logic
...
1 /sbin/ldconfig: relative path `1' used to build cache
2 warning: %postun(bind-export-libs-32:9.11.4-6.P1.fc29.x86_64) scriptlet failed, exit status 1
The reason for that is that macro defined below becomes part of
export-libs subpackage. %end will terminate post/postun immediately
without such side-effect.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-09-29 09:53:22 +02:00
e665b7deb0
Reenable IDN output but allow turning it off
...
Remove invalid downstream patch that disabled IDN output by default.
Dig could enable it, but it could not be enabled in nslookup and host.
Fix instead broken disable.
Resolves : #1580200
2018-09-26 20:31:46 +02:00
135784d7f2
Include /dev/urandom in chroot
...
Changed feature using OpenSSL RAND function requires /dev/urandom. It
was not provided in chroot and caused failure. Bug #1631515
2018-09-24 18:06:04 +02:00
fdbf64ca93
Fix changelog entry
2018-09-20 11:40:32 +02:00
0b3ef49c00
Update to bind-9.11.4-P2
2018-09-20 11:38:06 +02:00
8c65390bb6
Add versioned depends to all library subpackages
2018-09-19 21:04:52 +02:00
2ac37f7a75
Fix multilib conflict after 9.11 rebase
...
Conflict with devel headers reappeared after rebase to 9.11. Fix
socklen_t in a way that would generate the same types on 32 and 64 bit
architectures.
2018-09-19 21:04:52 +02:00
aeea22afaa
Fix annobin failures
...
Replace isc_safe routines with their OpenSSL counter parts
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
Fix the isc_safe_memwipe() usage with (NULL, >0)
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
Resolves: rhbz#1624100
2018-09-19 21:04:52 +02:00
cc69cd1e32
Use sed to modify generated Makefile
...
Custom patch application is not recognized by checking tools.
Use more readable and understandable way.
2018-09-19 21:04:52 +02:00
328fbf43a1
Add manual page for new comand dnssec-importkey
...
Pkcs11 variant did not have it, add a symlink also to real manual.
2018-09-19 21:04:52 +02:00
595af1f3d5
[master] completed and corrected the crypto-random change
...
4724. [func] By default, BIND now uses the random number
functions provided by the crypto library (i.e.,
OpenSSL or a PKCS#11 provider) as a source of
randomness rather than /dev/random. This is
suitable for virtual machine environments
which have limited entropy pools and lack
hardware random number generators.
This can be overridden by specifying another
entropy source via the "random-device" option
in named.conf, or via the -r command line option;
however, for functions requiring full cryptographic
strength, such as DNSSEC key generation, this
cannot be overridden. In particular, the -r
command line option no longer has any effect on
dnssec-keygen.
This can be disabled by building with
"configure --disable-crypto-rand".
[RT #31459 ] [RT #46047 ]
2018-09-19 21:04:52 +02:00
6e9104cae5
Add support for OpenSSL provided random data
...
Modified pkcs11 patch, problem with openssl/pkcs11 includes and
ISC_PLATFORM_CRYPTOLIB
2018-09-19 21:04:52 +02:00
0ae69e04e1
BuildRequires: s/postgresql-devel/libpq-devel/
...
That's because we moved libpq.so.5 into libpq package, per
devel list discussion:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/U3XR5EGU2TPI2CDHBRBUD4M4LK5OHKU3/
Related: rhbz#1618698, rhbz#1623764
2018-09-05 14:55:41 +02:00
37943d075e
Do not print errors on configuration failure ( #1595782 )
2018-08-14 22:28:45 +02:00
95d8248d50
Automatically replace obsoleted ISC DLV key with root key ( #1595782 )
2018-08-14 22:13:44 +02:00
e1f8ad2217
Fix sdb-chroot devices upgrade ( #1592873 )
...
Move common part to rpm define, use similar parts with different
parameter. Correct /dev/zero instead of missing /dev/dev.
2018-08-14 17:43:33 +02:00
35334375ff
Update to 9.11.4-P1
...
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
899014a8d1
Add support for disabled MD5
...
Do not crash named if MD5 function is not available. Instead gracefully
refuse to use such functions.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-08-02 23:51:45 +02:00
aefd72cf8f
Use OpenSSL for digest operations ( #1611537 )
2018-08-02 12:57:04 +02:00
20ccb888af
Install manpages generated by build
...
Upstream code will always install manual pages of upstream.
Manuals generated on build will be again installed. Broken by
out-of-tree build to support export-lib.
2018-07-31 22:17:56 +02:00
a38c250807
Update to 9.11.4
...
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
89e5350e43
Prevent errors on bind-chroot uninstall when running ( #1600583 )
2018-07-13 14:11:20 +02:00
572c587d29
Fix chroot devices verification ( #1592873 )
...
Moves creation of device files to setup instead of scriptlets.
Devices cleanup is left to RPM.
2018-07-13 14:11:20 +02:00
41d69089c7
Use new config named-chroot.files for chroot setup files ( #1429656 )
2018-07-13 14:11:20 +02:00
5c1f40d412
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:04:39 +00:00
626855668d
Remove needless use of %defattr
2018-07-10 00:26:47 -05:00
80b88039e8
Rebuilt for Python 3.7
2018-07-02 18:22:06 +02:00
3159fb6a8e
Require utils instead of library
2018-06-27 21:03:51 +02:00
ac50574b43
CVE-2018-5738
2018-06-27 18:18:57 +02:00
600bfd47ef
Remove named.iscdlv.key file ( #1595782 )
2018-06-27 18:18:57 +02:00
72c97d6c12
Rebuilt for Python 3.7
2018-06-19 10:40:25 +02:00
e3d0b186d1
Use selinux boolean to enable writing
...
Resolves: rhbz#1569466
2018-06-08 15:07:24 +02:00
5c4c792b8d
Change named shell to /bin/false
...
Related: rhbz#1569466
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:24 +02:00
0188ce47c6
Make named home writeable ( #1422680 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:18 +02:00
de74eb1feb
Require C++ on build when shipped atf library is used
2018-05-25 16:09:37 +02:00
f3f402d7f2
Run tests also without kyua
...
Support start of unit tests without kyua and system atf libraries.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-10 16:53:59 +02:00
b8176e5eb4
Update named.ca
2018-04-05 16:38:16 +02:00
f17cd8fc68
Do not link libidn2 to all libraries ( #1098783 )
2018-04-05 16:38:16 +02:00
36ff6aebe6
Make +noidnout default
2018-04-03 11:26:44 +02:00
cc9419191f
Compile export libs without GSSAPI
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:54:13 +02:00
8c4729c436
Enable libidn2 support ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:53:35 +02:00
f505a47d9b
Add dig support for libidn2 ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 21:34:41 +01:00
86ff90b834
Rebase to 9.11.3
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
029f0510e6
Fix build with disabled unittest
...
Recommend softhsm from pkcs11 variant
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 16:55:46 +01:00
40e8ab1f0c
- Conflict with bind99-devel
...
- Require openssl-devel and libcap-devel from bind-export-devel
2018-02-26 10:29:11 +01:00
9d24906d8d
Remove Group: from spec
2018-02-17 09:29:59 +01:00
5fe0b21885
- Use bcond_with to define optional features instead of %global
...
- Move export libs closer to PKCS11 libs, simplify soversion updates
- Remove unnecesary spec parts
2018-02-17 09:29:59 +01:00
56e7b0f856
Export libs should distribute own copy of license
2018-02-17 09:29:59 +01:00
cb2172301b
Rebase to 9.11.3b1
...
Remove merged upstream patches
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Update new so names
2018-02-17 09:29:59 +01:00
128dd7c787
- Use versioned provides
...
- Use spaces instead of tabs and minor cleanup
2018-02-17 09:29:58 +01:00
Igor Gnatenko
Petr Menšík
Pavel Raiskup
Fedora Release Engineering
Jason Tibbitts
Miro Hrončok