Commit Graph

974 Commits

Author SHA1 Message Date
Petr Menšík
286970af6a Skip failing test on i686 (#2240253) 2023-09-22 20:43:56 +02:00
Petr Menšík
782e6f0ca5 Update to 9.18.18 (#2232346)
https://downloads.isc.org/isc/bind9/9.18.18/doc/arm/html/notes.html#notes-for-bind-9-18-18
2023-09-06 20:06:06 +02:00
Petr Menšík
fc196eb713 Update to 9.18.17 (#2223913)
https://downloads.isc.org/isc/bind9/9.18.17/doc/arm/html/notes.html#notes-for-bind-9-18-17
2023-07-19 23:47:02 +02:00
Fedora Release Engineering
3deb8ee245 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-19 14:36:49 +00:00
Petr Menšík
7ee174a831 Update to 9.18.16 (#2216462)
https://downloads.isc.org/isc/bind9/9.18.16/doc/arm/html/notes.html#notes-for-bind-9-18-16

Resolves: CVE-2023-2828 CVE-2023-2911
2023-06-22 00:34:42 +02:00
Petr Menšík
9678d7855f Update to 9.18.15 (#2207908) 2023-05-17 18:59:49 +02:00
Petr Menšík
15dc7fb16a Update to 9.18.14 (#2187996)
https://downloads.isc.org/isc/bind9/9.18.14/doc/arm/html/notes.html#notes-for-bind-9-18-14
2023-04-21 22:18:36 +02:00
Petr Menšík
03b1f0a4e4 Enumerate all SPDX licenses used 2023-04-05 14:34:25 +02:00
Petr Menšík
13b1bcc0f0 Update to 9.18.3 (#2178717)
https://downloads.isc.org/isc/bind9/9.18.13/doc/arm/html/notes.html#notes-for-bind-9-18-13
2023-03-22 17:57:33 +01:00
Petr Menšík
10cb7fcdc5 Update to 9.18.12 (#2170096)
https://downloads.isc.org/isc/bind9/9.18.12/doc/arm/html/notes.html#notes-for-bind-9-18-12
2023-02-16 02:43:32 +01:00
Petr Menšík
6db5408538 Update to 9.18.11 (#2164395)
Resolves: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924

https://downloads.isc.org/isc/bind9/9.18.11/doc/arm/html/notes.html#notes-for-bind-9-18-11
2023-01-27 17:25:00 +01:00
Fedora Release Engineering
e1fa37e19c Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-18 22:52:41 +00:00
Petr Menšík
ced3b36a51 Ensure isc_rwlocktype_t is defined always
Prevent issues in compilation after dns/zt.h change.
2023-01-16 21:58:07 +01:00
Petr Menšík
9b329d0dd6 Update to 9.18.10 (#2143258)
https://downloads.isc.org/isc/bind9/9.18.10/doc/arm/html/notes.html#notes-for-bind-9-18-10
2023-01-16 14:32:06 +01:00
Petr Menšík
5e42931b09 Update to 9.18.9 (#2143258)
https://downloads.isc.org/isc/bind9/9.18.9/doc/arm/html/notes.html#notes-for-bind-9-18-9
2022-11-21 12:39:51 +01:00
Petr Menšík
99fd53a106 Update to 9.18.8 (#2136100)
https://downloads.isc.org/isc/bind9/9.18.8/doc/arm/html/notes.html#notes-for-bind-9-18-8
2022-10-22 22:07:38 +02:00
Petr Menšík
e6424d1a09 Enable automatic restart on crashes
named contains high number of assertions checking expected state of the
daemon. That is part of defensive code style to prevent many attacks.
The most common failure is failing some assertion check in rare
circumstances. Even when this should not happen, try keeping the service
running. If such failed assertion produces coredump just from time to
time, avoid failing hard the whole service. coredumpctl will keep track
of all crashes anyway.
2022-09-30 12:58:12 +02:00
Petr Menšík
dc511b8cc3 Update License to SPDX identifier 2022-09-30 12:58:12 +02:00
Petr Menšík
5b047433e1 Build ARM documentation also with older sphinx on RHEL9 2022-09-30 12:58:10 +02:00
Petr Menšík
bbdbcbc779 Update to 9.18.7 (#2128609)
https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7
2022-09-21 15:54:53 +02:00
Petr Menšík
24465000af Disable more test cases in netmgr_test (#2122010) 2022-09-14 15:59:18 +02:00
Petr Menšík
cb7d24f2e5 Properly obsolete bind-dnssec-doc
Last version installed can be 9.18.4-1, which still provides dnssec-doc
subpackage. Make it more specific to obsolete even that version and
allow smooth upgrade.
2022-09-13 12:54:19 +02:00
Petr Menšík
4562ffc7be Skip problematic netmgr unit tests (#2122010)
Set CI=true only when --with UNITTEST_ALL is not used, which is a
default. Should skip problematic and often failing test in netmgr:

- tcp_recv_two_quota
- tcp_noresponse
2022-09-12 10:48:32 +02:00
Petr Menšík
a912dbe98b Return engine implementation but use legacy OpenSSL
Engine interface were deprecated in OpenSSL and therefore removed from
normal compilation. But it is possible to compile on OpenSSL with compat
define. That disables deprecation warnings and use functions same as for
OpenSSL 1.1. That is required to keep working engine pkcs11 support.

Otherwise loading keys via ENGINE_load_private_key would always fail.

Resolves: rhbz:#2122010
2022-09-08 22:33:55 +02:00
Petr Menšík
9ef018d129 Always display test suite errors (#2122010)
Previous change did not do anything, because rpm will terminate the
recipe on the first failed command. Make make check not failing
directly, but fail it later explicitly. Show details in the mean time.
2022-09-01 16:59:07 +02:00
Petr Menšík
e4b16641a8 Improve reporting of results after unittest 2022-08-30 20:21:14 +02:00
Petr Menšík
c0c776f659 Update to 9.18.6 (#2119132)
https://downloads.isc.org/isc/bind9/9.18.6/doc/arm/html/notes.html#notes-for-bind-9-18-6
2022-08-30 20:07:05 +02:00
Petr Menšík
bd4f2660ac Use multiple threads on unit tests, but 16 at most 2022-08-11 11:50:14 +02:00
Petr Menšík
b33592e3c6 Return doc symlink to main page
Bind 9.11 guide had different HTML manual, include backward compatible
link to the new place.
2022-08-03 20:38:51 +02:00
Petr Menšík
66ddbbdf47 Update to 9.18.5 (#2109170)
https://downloads.isc.org/isc/bind9/9.18.5/doc/arm/html/notes.html#notes-for-bind-9-18-5

Changes NSEC3 default count to zero.
2022-08-03 20:38:49 +02:00
Petr Menšík
989a3e3876 Remove all pkcs11 variants
Recent freeipa uses openssl backend pkcs11 to offload keys to secure
storage. Remove duplicate native builds of pkcs11 tools and daemon. Do
not build tools like pkcs11-tokens, rely or more advanced tools p11tool
and pkcs11-tool. Keep setup-named-softhsm as part of named package.
2022-08-03 20:38:08 +02:00
Petr Menšík
411463dad7 Deprecate python3-bind for smooth upgrade 2022-08-03 20:38:08 +02:00
Petr Menšík
55526b37a7 Stop enabling selinux booleans on every upgrade
SELinux booleans system pushes enablement into a stack. It saves
previous values and restores them on removal. But the default for
boolean named_write_master_zones has changed to true. Update it just
single time on upgrade from previous bind versions. Then rely on
previous version being a permanent value.
2022-08-03 20:38:06 +02:00
Petr Menšík
8a47aa2c75 Import version from branch v9_18
Uses git checkout 38726e67340b2b60715fa2f342dc800273d3772f -- .

Remove unused patches from distgit.
2022-08-03 20:37:06 +02:00
Fedora Release Engineering
d540d034df Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-20 21:59:12 +00:00
Petr Menšík
f887e16911 Update to 9.16.30 (#2097312)
https://downloads.isc.org/isc/bind9/9.16.30/doc/arm/html/notes.html#notes-for-bind-9-16-30
2022-06-20 14:21:46 +02:00
Python Maint
e3377c558b Rebuilt for Python 3.11 2022-06-13 18:18:12 +02:00
Petr Menšík
bb9452718a Correct failing test
Prevent failures of netmgr_test. Enable unit tests again, since issue
with kyua seems to be fixed.

Resolves: rhbz#2088125
2022-05-27 10:36:01 +02:00
Petr Menšík
bb1dcf68da Update to 9.16.29
Previously, CDS and CDNSKEY DELETE records were removed from
the zone when configured with the auto-dnssec maintain; option.
This has been fixed. [GL #2931]

https://downloads.isc.org/isc/bind9/9.16.29/doc/arm/html/notes.html#notes-for-bind-9-16-29

Resolves: rhbz#2087920
2022-05-26 23:14:06 +02:00
Petr Menšík
fdb091757f Reeanble unit tests 2022-05-17 17:28:20 +02:00
Petr Menšík
48bb18e175 Parse again timeout and attempts from resolv.conf
Resolves rhbz#2087156
2022-05-17 15:53:18 +02:00
Petr Menšík
0cc36e95a3 Update to 9.16.28 (#2076941)
https://downloads.isc.org/isc/bind9/9.16.28/doc/arm/html/notes.html#notes-for-bind-9-16-28
2022-04-20 18:07:44 +02:00
Petr Menšík
e52a502150 Upgrade to 9.16.27 (#2055120)
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27

Resolves: CVE-2021-25220 CVE-2022-0396
2022-03-18 11:13:18 +01:00
Petr Menšík
ee4347d7db Replace downstream change with upstream proposal
bind-dyndb-ldap requires sending from custom spawned thread to main
named threads. Change queue type to locked variant, which would not
crash when isc_send_task() is called from dyndb worker thread.

Related: rhbz#2048235
2022-03-18 11:13:18 +01:00
Petr Menšík
36d2b49469 Remove lame server errors hiding patch
Those errors can be dropped by simple configuration:

logging {
category lame_servers { null; };
};

Do not hide them into debug log on all servers. Expect lame servers are
not so common to drop it always.
2022-03-01 19:19:17 +01:00
Petr Menšík
cc49e08ee9 Renumber native PKCS11 patches to beginning
Allow all subsequent patches with higher number to be added to normal
common list of patches. Make just initial patches special.

Ensure all patch chunks use -p1 prefix.
2022-03-01 19:18:40 +01:00
Petr Menšík
24d1ecd259 Switch to %autosetup
Renumber high numbered patches to two digits patch. It does not really
matter for autosetup. Simplify applying of new patches.
2022-02-21 14:49:19 +01:00
Petr Menšík
74f70469b1 Update to 9.16.26 (#2055120) 2022-02-17 23:21:17 +01:00
Petr Menšík
3f2a16fed6 Allow manual reservation of additional hp threads
bind-dyndb-ldap started crashing after memory optimization made in
9.16.25 release. It attempts to use now uninitialized memory part. Work
around this problem by extra command line parameters, which would
request additional threads. Those threads then would be safely used by
bind-dyndb-ldap. Requires change to bind-dyndb-ldap and freeipa
packages.

Needs freeipa to add OPTIONS+="-H 200" to /etc/sysconfig/named

Related: rhbz#2048235
2022-02-11 15:58:50 +01:00
Petr Menšík
5df92605e8 Use upstream applied fix to DLZ modules 2022-02-11 15:58:40 +01:00