Commit Graph

974 Commits

Author SHA1 Message Date
Petr Menšík
afa1fa2af7 Update to 9.11.9 2019-08-08 12:16:51 +02:00
Petr Menšík
1050b1aed6 Use monotonic time in export library (#1732883)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2019-08-08 12:16:51 +02:00
Fedora Release Engineering
3a67af20ad - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 19:16:14 +00:00
Petr Menšík
16ecf0736f Update to 9.11.8
Contains:
5244.	[security]	Fixed a race condition in dns_dispatch_getnext()
			that could cause an assertion failure if a
			significant number of incoming packets were
			rejected. (CVE-2019-6471) [GL #942]

5241.	[bug]		Fix Ed448 private and public key ASN.1 prefix blobs.
			[GL #225]

5237.	[bug]		Recurse to find the root server list with 'dig +trace'.
			[GL #1028]
2019-07-02 11:10:03 +02:00
Petr Menšík
564c143a1b Fix OpenSSL random generator initialization
Also fix warning in test.
2019-06-17 13:56:47 +02:00
Petr Menšík
ecef966359 Fix libisc so version 2019-06-11 14:56:08 +02:00
Petr Menšík
2a466330c5 Update patches to new sources
Modify current and remove already merged patches.
Adjust versions of so libs.
2019-06-11 12:08:54 +02:00
Petr Menšík
625ca235be Update to BIND 9.11.7
Fixes trusted-keys and managed-keys using the same filename.

https://downloads.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html
2019-06-10 10:41:28 +02:00
Petr Menšík
e97d036624 Fix also postun script 2019-05-06 14:04:12 +02:00
Petr Menšík
926c8e07af Fix error in scriptlet condition
Selinux boolean is not correctly set, correct syntax of bash condition.
2019-05-06 13:05:44 +02:00
Petr Menšík
4b42a5c162 5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
                        (CVE-2018-5743) [GL #615]
2019-05-02 14:49:56 +02:00
Petr Menšík
7232bc0a99 Attempt to use rich dependencies
Selinux boolean should be set only in case given selinux policy is
installed. Do not require it inside containers.
2019-04-09 22:18:22 +02:00
Petr Menšík
e2a32c8eca Revert shell change to /bin/false 2019-04-09 20:27:00 +02:00
Petr Menšík
ae423dfbeb Enable optional features by default 2019-03-15 17:48:06 +01:00
Petr Menšík
16bdca79ba Workaround to broken kyua handling of empty test
Also filter used subdirectories, run tests only for compiled libraries
for export-libs.
2019-03-15 15:46:04 +01:00
Petr Menšík
812f6fb336 Fix dnstap unit test issue with pkcs11 2019-03-14 15:59:22 +01:00
Petr Menšík
395fbedb17 Use libcmocka instead of libatf
Upstream no longer ships bundled libatf library and no longer uses ATF
in sources. kyua and cmocka are mandatory for unit tests now. Removes
--with KYUA, use --with UNITTEST on different builds when cmocka and
kyua are available.
2019-03-14 11:41:44 +01:00
Petr Menšík
bcfdb893b9 So versions change
Requires rebuild of all dependent packages.
2019-03-05 21:50:48 +01:00
Petr Menšík
7bc8b1b992 Atf support was removed
cmocka is used instead. Unfortunately it is not packaged in Fedora yet.
2019-03-05 21:50:22 +01:00
Petr Menšík
1e4169114f Adapted patches for new version
Removed merged upstream.
2019-03-05 21:49:26 +01:00
Petr Menšík
2aa49f0cec Update to 9.11.6
Update lastest release, patches not yet adepted for it.
2019-03-05 14:35:50 +01:00
Petr Menšík
25e332108e Make alternative named builds testable in system tests
Red Hat has alternative variant builds of named, which are not ever
tested by system tests. New variables make it relatively easy to test
alternative variants.

For sdb variant use:
export NAMED_VARIANT=-sdb DNSSEC_VARIANT=

For pkcs variant use:
export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11

followed by make test in build directory.

Note: PKCS11 tests are still skipped, it requires SLOT variable
exported. Fails in some cases.
2019-03-04 14:18:15 +01:00
Petr Menšík
d0d728803b Modify feature test to detect dlz support
System tests are failing for named, because it cannot detect it does not
support filesystem SDB. Move feature test to named directory, so it is
built for every variant.
2019-03-04 14:18:15 +01:00
Petr Menšík
321554b987 Update to BIND 9.11.5-P4
Add also PGP signature as part of repository.
2019-02-22 19:40:00 +01:00
Petr Menšík
d3fe8d6248 Enable json statistics format
Statistics channel would include also json format, use URL
http://localhost:80/v3/json/. XML format is still supported.
2019-02-22 19:19:59 +01:00
Petr Menšík
ec6f94669a Enable LMDB support
Provides faster adding and removing of dynamically created zones
runtime. Useful on higher number of zones used.
2019-02-22 19:18:45 +01:00
Petr Menšík
f0b6f15ced Enable DNSTAP (#1564776)
Enable support for DNSTAP. It will introduce new linked libraries to
bind and its tools, including bind-utils.
2019-02-22 19:14:36 +01:00
Petr Menšík
bd6e8b8965 Fix spec usage of softhsm helper
Output produced by helper is multiline starting with comment. Unless it
is enclosed in quotes, it will be concatenated into single line.

Fixes commit fa1631eef7
2019-02-22 16:39:54 +01:00
Petr Menšík
ad76423202 Disable random_test in unit tests
It fails sometimes, but aborts whole build just because some fail. Keep
it disabled until fixed.
2019-02-21 22:50:12 +01:00
Petr Menšík
c2772a07e8 Disable ED448
It is breaking dnssec system test. Its implementation in BIND is broken.
2019-02-21 15:36:27 +01:00
Petr Menšík
fa1631eef7 Simplify pkcs11 token generation
Make default secure enough, no predefined pins are used. Generate pin
and save it into file protected by unix rights. HSM tools will probably
require it anyway. Use smart defaults.
2019-02-20 19:06:03 +01:00
Petr Menšík
6fee3d63e9 Remove revoked KSK 19164 from trusted root keys 2019-02-15 19:50:20 +01:00
Petr Menšík
6ecd16d458 Update project URL 2019-02-15 18:09:57 +01:00
Petr Menšík
1da60a891a More fixes to compile DLZ 2019-02-12 22:21:31 +01:00
Petr Menšík
de8fa0799a Improve descriptions for DLZ plugins 2019-02-12 20:46:17 +01:00
Petr Menšík
7a958a2a9f Disable dig IDN output into scripts
Dig could be used to receive zone via AXFR. If IDN data are inside and
are decoded, it cannot be used as named zone file. Disable +idnout if
stdin is not a tty.
2019-02-07 10:46:05 +01:00
Petr Menšík
a699858667 dig prints ASCII name instead of failure (#1647829) 2019-02-07 10:46:05 +01:00
Petr Menšík
432a81aeff Fix DLZ in oot builds
DLZ has no VPATH support. Just make duplicates in build directory
2019-02-06 22:08:27 +01:00
Fedora Release Engineering
9a4b768e18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 14:36:55 +00:00
Igor Gnatenko
b2a708808a Remove unneeded %clean section
It is the behavior since EPEL5.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-01-29 05:45:26 +01:00
Petr Menšík
13f8f23ec5 Update to 9.11.5-P1 2019-01-28 00:47:11 +01:00
Petr Menšík
32d91f12ca Made RAND_status check optional (broke --disable-crypto-rand)
Unlike upstream, skip it also for DHCP.

Disable RAND_status also in non-threaded builds. DHCP is built without
threads and should not check RAND_status on dns library initialization.
Lack of entropy is possible state for dhclient, but it must not fail
even in this case. Because DHCP itself does not require custom random
generator, leave default RAND_OpenSSL configured. It should help TLS
connection to LDAP in single DHCP binary, while keeping secure random
data if needed.

Resolves: #1663318

(modified upstream commit 8a98277811ea50035ff37b744fa3dc5b75bee099)
2019-01-23 21:15:03 +01:00
Petr Menšík
219b0e889f Remove conditional patch for alpha and ia64
It emits warning just because architectures no longer supported
2019-01-17 13:52:22 +01:00
Petr Menšík
2830e00b88 Move dnssec related tools to bind-dnssec-utils
Most often clients require just dig or host to lookup addresses.
Move dnssec and zone file into dedicated subpackage. For a limited time,
make bind-utils suggest bind-dnssec-utils, until all dependencies are
resolved. (#1649398)
2019-01-17 13:52:22 +01:00
Petr Menšík
685f10cbfd Reject invalid rbt file if header is corrupted
Resolves: rhbz#1666814
2019-01-16 17:43:33 +01:00
Petr Menšík
67a5cd83ff Made RAND_status check optional (broke --disable-crypto-rand)
dhclient can terminate if not enough entropy, but it never requires
random data. On a new virtual machine, lack of entropy can be common.
Ensure it does not prevent DHCP client assigning an IP address.
2019-01-16 17:43:33 +01:00
Petr Menšík
ae36af4c9f Add support for DNSTAP
Not enabled by default yet. Enables dumping of dns traffic.
Fix DNSTAP issues in build and unit tests.

Fool rpmlint to accept dnstap relative path. Rpmlint emited error
hardcoded-library-path on dnstap path. It is not system-wide library,
workaround by using variable.

Add dnstap-read utility to utils. When dnstap is enabled,
dnstap-read will be part of utils. Disadvantage is all utilities would have
dependency on protobuf library, including host and dig.

Resolves: #1564776
2018-11-05 18:28:47 +01:00
Petr Menšík
eba5779fc1 Add JSON statistics support
Optional support for HTTP statistics. For now it is still disabled.
2018-11-05 18:27:07 +01:00
Petr Menšík
ad7b3b8f12 Update to 9.11.5
Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
2018-11-05 18:12:29 +01:00
Petr Menšík
c64b079c36 Add Requires to devel packages referenced by bind-devel
bind-devel requires openssl-devel to be installed for any digest
function. Prevent failures of depending packages if they do not depend
on other devel packages themselves. bind-dyndb-ldap is one such example.
2018-10-11 12:35:49 +02:00
Igor Gnatenko
5efb1da1ac
fixup export-libs macro logic
1 /sbin/ldconfig: relative path `1' used to build cache
   2 warning: %postun(bind-export-libs-32:9.11.4-6.P1.fc29.x86_64) scriptlet failed, exit status 1

The reason for that is that macro defined below becomes part of
export-libs subpackage. %end will terminate post/postun immediately
without such side-effect.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-09-29 09:53:22 +02:00
Petr Menšík
e665b7deb0 Reenable IDN output but allow turning it off
Remove invalid downstream patch that disabled IDN output by default.
Dig could enable it, but it could not be enabled in nslookup and host.
Fix instead broken disable.

Resolves: #1580200
2018-09-26 20:31:46 +02:00
Petr Menšík
135784d7f2 Include /dev/urandom in chroot
Changed feature using OpenSSL RAND function requires /dev/urandom. It
was not provided in chroot and caused failure. Bug #1631515
2018-09-24 18:06:04 +02:00
Petr Menšík
fdbf64ca93 Fix changelog entry 2018-09-20 11:40:32 +02:00
Petr Menšík
0b3ef49c00 Update to bind-9.11.4-P2 2018-09-20 11:38:06 +02:00
Petr Menšík
8c65390bb6 Add versioned depends to all library subpackages 2018-09-19 21:04:52 +02:00
Petr Menšík
2ac37f7a75 Fix multilib conflict after 9.11 rebase
Conflict with devel headers reappeared after rebase to 9.11. Fix
socklen_t in a way that would generate the same types on 32 and 64 bit
architectures.
2018-09-19 21:04:52 +02:00
Petr Menšík
aeea22afaa Fix annobin failures
Replace isc_safe routines with their OpenSSL counter parts

(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)

Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()

(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)

Fix the isc_safe_memwipe() usage with (NULL, >0)

(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)

Resolves: rhbz#1624100
2018-09-19 21:04:52 +02:00
Petr Menšík
cc69cd1e32 Use sed to modify generated Makefile
Custom patch application is not recognized by checking tools.
Use more readable and understandable way.
2018-09-19 21:04:52 +02:00
Petr Menšík
328fbf43a1 Add manual page for new comand dnssec-importkey
Pkcs11 variant did not have it, add a symlink also to real manual.
2018-09-19 21:04:52 +02:00
Petr Menšík
595af1f3d5 [master] completed and corrected the crypto-random change
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
2018-09-19 21:04:52 +02:00
Petr Menšík
6e9104cae5 Add support for OpenSSL provided random data
Modified pkcs11 patch, problem with openssl/pkcs11 includes and
ISC_PLATFORM_CRYPTOLIB
2018-09-19 21:04:52 +02:00
Pavel Raiskup
0ae69e04e1 BuildRequires: s/postgresql-devel/libpq-devel/
That's because we moved libpq.so.5 into libpq package, per
devel list discussion:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/U3XR5EGU2TPI2CDHBRBUD4M4LK5OHKU3/

Related: rhbz#1618698, rhbz#1623764
2018-09-05 14:55:41 +02:00
Petr Menšík
37943d075e Do not print errors on configuration failure (#1595782) 2018-08-14 22:28:45 +02:00
Petr Menšík
95d8248d50 Automatically replace obsoleted ISC DLV key with root key (#1595782) 2018-08-14 22:13:44 +02:00
Petr Menšík
e1f8ad2217 Fix sdb-chroot devices upgrade (#1592873)
Move common part to rpm define, use similar parts with different
parameter. Correct /dev/zero instead of missing /dev/dev.
2018-08-14 17:43:33 +02:00
Petr Menšík
35334375ff Update to 9.11.4-P1
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
Petr Menšík
899014a8d1 Add support for disabled MD5
Do not crash named if MD5 function is not available. Instead gracefully
refuse to use such functions.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-08-02 23:51:45 +02:00
Petr Menšík
aefd72cf8f Use OpenSSL for digest operations (#1611537) 2018-08-02 12:57:04 +02:00
Petr Menšík
20ccb888af Install manpages generated by build
Upstream code will always install manual pages of upstream.
Manuals generated on build will be again installed. Broken by
out-of-tree build to support export-lib.
2018-07-31 22:17:56 +02:00
Petr Menšík
a38c250807 Update to 9.11.4
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
Petr Menšík
89e5350e43 Prevent errors on bind-chroot uninstall when running (#1600583) 2018-07-13 14:11:20 +02:00
Petr Menšík
572c587d29 Fix chroot devices verification (#1592873)
Moves creation of device files to setup instead of scriptlets.
Devices cleanup is left to RPM.
2018-07-13 14:11:20 +02:00
Petr Menšík
41d69089c7 Use new config named-chroot.files for chroot setup files (#1429656) 2018-07-13 14:11:20 +02:00
Fedora Release Engineering
5c1f40d412 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:04:39 +00:00
Jason Tibbitts
626855668d Remove needless use of %defattr 2018-07-10 00:26:47 -05:00
Miro Hrončok
80b88039e8 Rebuilt for Python 3.7 2018-07-02 18:22:06 +02:00
Petr Menšík
3159fb6a8e Require utils instead of library 2018-06-27 21:03:51 +02:00
Petr Menšík
ac50574b43 CVE-2018-5738 2018-06-27 18:18:57 +02:00
Petr Menšík
600bfd47ef Remove named.iscdlv.key file (#1595782) 2018-06-27 18:18:57 +02:00
Miro Hrončok
72c97d6c12 Rebuilt for Python 3.7 2018-06-19 10:40:25 +02:00
Petr Menšík
e3d0b186d1 Use selinux boolean to enable writing
Resolves: rhbz#1569466
2018-06-08 15:07:24 +02:00
Petr Menšík
5c4c792b8d Change named shell to /bin/false
Related: rhbz#1569466
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:24 +02:00
Petr Menšík
0188ce47c6 Make named home writeable (#1422680)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:18 +02:00
Petr Menšík
de74eb1feb Require C++ on build when shipped atf library is used 2018-05-25 16:09:37 +02:00
Petr Menšík
f3f402d7f2 Run tests also without kyua
Support start of unit tests without kyua and system atf libraries.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-10 16:53:59 +02:00
Petr Menšík
b8176e5eb4 Update named.ca 2018-04-05 16:38:16 +02:00
Petr Menšík
f17cd8fc68 Do not link libidn2 to all libraries (#1098783) 2018-04-05 16:38:16 +02:00
Petr Menšík
36ff6aebe6 Make +noidnout default 2018-04-03 11:26:44 +02:00
Petr Menšík
cc9419191f Compile export libs without GSSAPI
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:54:13 +02:00
Petr Menšík
8c4729c436 Enable libidn2 support (#1098783)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:53:35 +02:00
Petr Menšík
f505a47d9b Add dig support for libidn2 (#1098783)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 21:34:41 +01:00
Petr Menšík
86ff90b834 Rebase to 9.11.3
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
Petr Menšík
029f0510e6 Fix build with disabled unittest
Recommend softhsm from pkcs11 variant

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 16:55:46 +01:00
Petr Menšík
40e8ab1f0c - Conflict with bind99-devel
- Require openssl-devel and libcap-devel from bind-export-devel
2018-02-26 10:29:11 +01:00
Petr Menšík
9d24906d8d Remove Group: from spec 2018-02-17 09:29:59 +01:00
Petr Menšík
5fe0b21885 - Use bcond_with to define optional features instead of %global
- Move export libs closer to PKCS11 libs, simplify soversion updates
- Remove unnecesary spec parts
2018-02-17 09:29:59 +01:00
Petr Menšík
56e7b0f856 Export libs should distribute own copy of license 2018-02-17 09:29:59 +01:00
Petr Menšík
cb2172301b Rebase to 9.11.3b1
Remove merged upstream patches

Signed-off-by: Petr Menšík <pemensik@redhat.com>

Update new so names
2018-02-17 09:29:59 +01:00
Petr Menšík
128dd7c787 - Use versioned provides
- Use spaces instead of tabs and minor cleanup
2018-02-17 09:29:58 +01:00
Petr Menšík
3931fea548 Rename devel export package to bind-export-devel.
Matches name to bind-devel and bind-libs in similar manner.
2018-02-17 09:29:55 +01:00
Petr Menšík
9a235f827e Forward export libs path to isc-config 2018-02-17 09:28:56 +01:00
Petr Menšík
6787c0592a Skip pkcs11 unit tests in export library
Modify also export configure script to use real libraries

Make sure only the replaced library is changed to export
2018-02-17 09:28:56 +01:00
Petr Menšík
46c6c4cd84 - Correct path for running make unit
- Prepare always for unit test
- Prepare only main build for system test, export test does not build
named
- Copy the key also to lib/dns-pkcs11
- BuildRequire findutils always
2018-02-17 09:28:36 +01:00
Petr Menšík
4f517bd499 Prepare system and unit test files
Enable unit tests also for export library
2018-02-17 09:28:36 +01:00
Petr Menšík
21ad2a883e Copy unit rules into build directories.
Run unittest for both build and export libs.
2018-02-17 09:28:36 +01:00
Petr Menšík
bd8ef642c3 Remove unneeded export header files for pk11 and pkcs11 2018-02-17 09:28:36 +01:00
Petr Menšík
7d67be0060 Install export isc-config.sh
Use bind9-export includes. Fix patching isc-export-config.sh
2018-02-17 09:28:36 +01:00
Petr Menšík
1d54148484 Create bind-export-devel package with headers for single-threaded. 2018-02-16 21:07:08 +01:00
Petr Menšík
f75d562486 Provide description to package. Disable most of autodetected features for export libraries. 2018-02-16 21:07:08 +01:00
Petr Menšík
539c207dc9 Fix indentation 2018-02-16 21:07:08 +01:00
Pavel Zhukov
687255db6e Add forgotten ldconfig for export-libs 2018-02-14 21:36:43 +01:00
Pavel Zhukov
c117ea001f Obsolete/provide bind99 package for smooth update 2018-02-14 21:36:43 +01:00
Pavel Zhukov
76e1f1a098 Add export-libs-devel package 2018-02-14 21:34:55 +01:00
Pavel Zhukov
cdabc47c40 Disable epoll/kqueue as untested 2018-02-14 21:32:44 +01:00
Pavel Zhukov
27e37d675a Build man in builddir 2018-02-14 21:30:59 +01:00
Pavel Zhukov
028f8c2ce4 Build export libs and deprecate bind99 2018-02-14 21:30:59 +01:00
Fedora Release Engineering
a10892eed8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 03:49:58 +00:00
Petr Menšík
3582b7047d Note -z defs cannot be enabled until more work 2018-01-30 19:00:58 +01:00
Petr Menšík
358a6cb08d Remove ldconfig calls where possible 2018-01-30 17:34:53 +01:00
Petr Menšík
da51426156 Remove already included patch adding Kyuafile 2018-01-16 23:57:12 +01:00
Petr Menšík
7556fb076a Fix CVE-2017-3145, rebase to 9.11.2-P1
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-16 23:38:29 +01:00
Petr Menšík
db0b09231c Proper fix for python3-bind subpackage directory ownership (#1522944) 2018-01-10 12:53:57 +01:00
Petr Menšík
9647ab2c58 Provide internal tool to prepare softhsm token storage 2018-01-10 12:34:53 +01:00
Petr Menšík
661d72987e 4776. [bug] Improve portability of ht_test. [RT #46333] 2018-01-09 19:07:42 +01:00
Petr Menšík
dd79d39eee Fix machine portability issues, fixes unit tests on non-x86 architectures 2018-01-09 18:19:55 +01:00
Petr Menšík
e5f6b89e92 Enable unit tests with kyua tool (#1532694) 2018-01-09 18:19:43 +01:00
Petr Menšík
50d9fbf691 Make tsstsig system test pass again (#1500017)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-12-15 16:31:14 +01:00
Petr Menšík
7536ed9d37 Own python3-bind isc directory (#1522944) 2017-12-15 15:20:27 +01:00
Petr Menšík
bdc5ebdfa5 Include protocols and services in chroot 2017-10-31 19:58:06 +01:00
Petr Menšík
f5cbbc1a87 Use hmac-sha256 for new RNDC keys (#1508003)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-31 17:37:27 +01:00
Petr Menšík
4d8c709975 Fix dynamic symbols conflict with ldap (#1205168) 2017-10-31 17:11:44 +01:00
Petr Menšík
4645641491 include DNSKEY 20326 also in trusted-key.key (#1505476) 2017-10-23 18:35:00 +02:00
Petr Menšík
2dc24d7a28 build against mariadb-connector-c-devel (#1493615)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-23 18:03:38 +02:00
Petr Menšík
1f8ab5c253 Fix nsupdate GSSAPI auth against AD server (#1484451) 2017-09-13 17:59:46 +02:00
Petr Menšík
0b15f32821 Add secroots and recursing path overrides, to write into data directory. 2017-09-13 17:48:11 +02:00
Petr Menšík
5d8eb8cf1d Update named.ca, move named.conf out of config archive 2017-08-16 22:47:09 +02:00
Petr Menšík
e9f0f4543b Optional LMDB support, disabled by default 2017-08-14 12:33:48 +02:00
Petr Menšík
7584e54e6c Update to 9.11.2 2017-08-14 12:17:30 +02:00
Petr Menšík
79d28ed32a Update to 9.11.2b1 2017-08-08 17:14:41 +02:00
Fedora Release Engineering
c81a9f4bd4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 18:13:28 +00:00
Fedora Release Engineering
268c28154e - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 03:56:37 +00:00
Petr Menšík
84de79cc62 Fix different formating spaces 2017-07-14 17:07:00 +02:00
Petr Menšík
6bf59b0f11 Make comment how to use different config file 2017-07-14 17:02:15 +02:00
Petr Menšík
508d643480 Use distribution flags for modules 2017-07-14 16:49:47 +02:00
Petr Menšík
43f0ac7c91 Distribute DLZ modules in separate packages.
Optional feature not yet enabled.
2017-07-14 16:49:47 +02:00
Petr Menšík
f2fb8b7545 Use mysql_config for SDB variant 2017-07-14 16:49:47 +02:00
Petr Menšík
e42c700db9 Update to 9.11.1-P3 2017-07-10 10:21:43 +02:00
Petr Menšík
85d0fb613e Update to 9.11.1-P2 2017-06-30 16:06:24 +02:00
Petr Menšík
b0ccd9af19 Make utils depend on python module 2017-06-30 13:58:39 +02:00
Björn Esser
3c983e38ec Fix build for bumped SO-names 2017-06-25 16:26:22 +02:00
Petr Menšík
102df25a21 Fix changed patches 2017-06-15 21:42:29 +02:00
Petr Menšík
08bdf0ebe6 Update to 9.11.1-P1 2017-06-15 17:19:36 +02:00
Petr Menšík
19b1efe0bb Fix queries for TKEY in nsupdate, when using GSSAPI (#1236087) 2017-04-21 17:38:45 +02:00
Petr Menšík
09e4b5788e - Update to 9.11.0-P5
- Use BINDVERSION for upstream version

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-04-18 10:51:38 +02:00
Petr Menšík
bbe4229562 Update to 9.11.0-P3 2017-02-10 09:20:33 +01:00
Fedora Release Engineering
29088fe6b4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 06:52:02 +00:00
Petr Menšík
7e15fd4b3f Fix some rpm warnings 2017-01-18 17:26:26 +01:00
Petr Menšík
3d5ea105bd RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb (#1410433)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-18 17:22:50 +01:00
Petr Menšík
fdce4eb560 Fix manual pages generated by recent docbook-style-xsl (bz#1397186)
4527.  [doc]           Support DocBook XSL Stylesheets v1.79.1. [RT #43831]

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-16 13:12:32 +01:00
Petr Menšík
f696d69809 Update to 9.11.0-P2
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-12 16:09:05 +01:00
Miro Hrončok
9775c204db Rebuild for Python 3.6 2016-12-19 18:20:36 +01:00
Petr Menšík
a925732bd1 Split pk11 includes, include real functions only in pkcs11 variant 2016-11-22 19:36:32 +01:00
Petr Menšík
8afcc7945f Merge branch 'rhbz1392538-chroot' 2016-11-16 13:54:14 +01:00
Michal Ruprich
d886cd072d Update to 9.11.0-P1 2016-11-16 08:46:09 +01:00
Petr Menšík
59793ad00a Do not change lib permissions in chroot 2016-11-11 15:40:13 +01:00
Petr Menšík
20cebfb8c5 Build with OpenSSL 1.1 2016-11-08 20:39:14 +01:00
Petr Menšík
e94c66494e Update to 9.10.4-P4 2016-11-08 16:31:48 +01:00
Tomas Hozza
27a8e54aa7 Update to 9.10.4-P3
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-09-29 10:23:55 +02:00
Michal Ruprich
02e0755d17 Update to 9.10.4-P2
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
2016-07-20 13:51:14 +02:00
Tomas Hozza
3fed71e579 Update to 9.10.4-P1 2016-05-26 17:23:15 +02:00
Tomas Hozza
aeb3d0fc5d (un)mount /var/named in -chroot packages as the last directory (Related: #1279188) 2016-05-20 16:19:54 +02:00
Tomas Hozza
d591319212 Replaced After=network-online.target with After=network.target in all unit files
BIND is able to react to network configuration changes and therefore it can start even before all interfaces are fully configured. There is no need to wait until interfaces are fully configured.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-05-12 13:31:49 +02:00
Tomas Hozza
379b90d05d Remove NM dispatcher script, since it is not needed any more (#1277257) 2016-05-12 13:23:35 +02:00
Tomas Hozza
03a1eba10d Use HTTPS instead of FTP for Source0
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-21 12:41:27 +01:00
Tomas Hozza
8ac7bef51e Cleanup dependencies to reflect reality
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-21 12:38:15 +01:00
Tomas Hozza
83466f11b9 Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-11 15:02:53 +01:00
Dennis Gilmore
d273b747cd - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-03 17:01:35 +00:00
Tomas Hozza
4f7493080f Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 (#1300051) 2016-01-21 09:51:24 +01:00
Tomas Hozza
bbb4f1d9a7 Commented out bindkeys-file statement in default configuration (#1223365#c3)
- Removed unrecognized configure option --enable-developer
- Added configure option --enable-full-report to get report on enabled features

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:59:44 +01:00
Tomas Hozza
1a8262dde0 Commented out bindkeys-file statement in default configuration (#1223365#c3)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:46:32 +01:00
Tomas Hozza
c009763d23 Added some comments and notes to operations and definitions in SPEC
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:42:27 +01:00
Robert Scheck
c94cea9133 - Remove unrecognized build options for %configure
- Own %{_includedir}/bind9 directory in -lite-devel
- Fixed building without (optional) PKCS#11 support
2015-12-27 00:17:45 +01:00
Tomas Hozza
226577f014 bump release to maintain update path 2015-12-16 19:05:05 +01:00
Tomas Hozza
703982aa78 Update to 9.10.3-P2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-12-16 15:39:32 +01:00
Peter Robinson
b4715c5089 - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 2015-11-10 14:07:10 +00:00
Tomas Hozza
c76f58f6ea Fixed named-checkconf call in *-chroot.service files (#1277820)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-11-04 17:34:38 +01:00
Tomas Hozza
caf3603af7 Update to 9.10.3 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-17 16:17:35 +02:00
Tomas Hozza
a3771cee48 Update to 9.10.3rc1 (#1259690)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-04 01:50:26 +02:00
Tomas Hozza
d6c0550f5c Update to 9.10.2-P3 to fix CVE-2015-5477
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-29 10:53:07 +02:00
Tomas Hozza
1d29922e18 Update to 9.10.2-P2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-09 12:13:13 +02:00
Tomas Hozza
566e7ed5b9 Reintroduce the DISABLE_ZONE_CHECKING into /etc/sysconfig/named
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-29 13:33:28 +02:00
Tomas Hozza
5196f25446 Update to 9.10.2-P1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-19 20:48:19 +02:00
Dennis Gilmore
0a65866650 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 01:48:25 +00:00
Tomas Hozza
e09c558cc5 Don't copy /etc/localtime on -chroot package installation
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-27 12:54:51 +02:00
Tomas Hozza
71f9fb4731 Utilize system-wide crypto-policies (#1179925)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-22 19:09:39 +02:00
Tomas Hozza
c501776f39 Don't use ISC's DLV by default (#1223365)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-22 17:45:37 +02:00
Tomas Hozza
ca42323df8 enable GeoIP access control feature
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-21 09:37:42 +02:00
Tomas Hozza
c1e4a2fd32 enable tuning for large systems - increases hardcoded internal limits
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-21 09:31:01 +02:00
Tomas Hozza
be760938ec update to 9.10.2 stable
- remove parallel-build patch after discussion with upstream [ISC-Bugs #38739]

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-03-05 13:01:25 +01:00
Tomas Hozza
548cd90fb3 Add build dependency on python3-devel
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-25 17:02:42 +01:00
Tomas Hozza
7345adf157 Use Python3 by default (#1186791)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-25 12:48:17 +01:00
Tomas Hozza
f011164832 Call ldconfig for pkcs11 version of libraries
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-23 16:26:28 +01:00
Tomas Hozza
a62625f0bd Fix the libdns version
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-23 13:17:47 +01:00
Tomas Hozza
f3967f6469 update to 9.10.2rc2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-23 09:59:32 +01:00
Till Maas
d0351fe60b Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
2015-02-21 21:23:38 +01:00
Tomas Hozza
4e2098e221 update to 9.10.2rc1
- fix nsupdate server auto-detection (#1184151)
- drop merged patch bind99-rh985918.patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-02 12:39:57 +01:00
Tomas Hozza
407c2d38c0 Install config for tmpfiles under %{_tmpfilesdir} (#1181020)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-01-16 15:16:06 +01:00
Tomas Hozza
02be4819ea Require systemd not systemd-units
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-01-16 14:58:12 +01:00
Tomas Hozza
4fa9972d29 Update to 9.10.1-P1 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-01-14 12:47:51 +01:00
Tomas Hozza
e001c1a066 Drop downstream patch for nslookup/host rejected by upstream
Upstream response:
26337  nslookup fails to get answer from non-recursive auth server
There has been a lot of email back and forth with Adam on this.
We have decided we cannot accept it, we disagree on the appropriate DNS behavior.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-12-12 14:17:08 +01:00
Tomas Hozza
460bee9b36 Update to 9.9.6-P1 (CVE-2014-8500)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-12-09 19:01:49 +01:00
Tomas Hozza
c906894bd5 drop engine_pkcs11 dependency, since we use native PKCS#11 implementation
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-14 13:54:21 +01:00
Tomas Hozza
075927bb1c Fixed systemctl path in logrotate configuration (#1148360)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-14 13:53:09 +01:00
Petr Spacek
b6d2bfe08a Fix crash during GSS-TSIG processing introduced in 32:9.9.6-2
Resolves: #1155334, #1155127

Signed-off-by: Petr Spacek <pspacek@redhat.com>
2014-10-22 11:36:11 -04:00
Tomas Hozza
83a76bb0d8 Remove old Requires: bind in bind-sdb
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-14 14:38:48 +02:00
Tomas Hozza
dce2d1bd1c Added native PKCS#11 functionality
Resolves: rhbz#1097752
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-14 14:02:38 +02:00
Tomas Hozza
23b1421845 Fix assert in dig when using +sigchase (#985918)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-03 11:21:44 +02:00
Tomas Hozza
1407f656a4 Add architecture specific dependencies.
Also modify existing Requires to be architecture specific.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-03 11:21:44 +02:00
Tomas Hozza
b746061914 Update to 9.9.6
- drop merged patches and rebase some of existing patches

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-03 11:21:38 +02:00
Peter Robinson
c095b972f6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-15 22:35:38 +00:00
Tomas Hozza
55b0a6bfc2 Use network-online.target instead of network.target (#1117086)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-07-18 13:32:25 +02:00
Tom Callaway
7f37d19d5d mark license files properly 2014-07-11 16:13:05 -04:00
Tomas Hozza
4e390f5349 Use only one VERSION macro
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-12 16:28:18 +02:00
Tomas Hozza
4b0aa8b659 Include the 'dot' if PATCHVER or PREVER are defined
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-12 16:09:44 +02:00
Tomas Hozza
7809ef4347 Update to 9.9.5-P1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-12 16:05:32 +02:00
Tomas Hozza
ed837c4f03 Use /dev/urandom for generation of rndc.key (#1079799
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-09 13:47:34 +02:00
Dennis Gilmore
d18b5e4f2e - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-06 21:58:28 -05:00
Tomas Hozza
4ecbfd89d6 Squash libidn patches into one
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-05-26 15:42:49 +02:00
Tomas Hozza
9f33a20115 configure bind with --with-dlopen=yes to support dynamically loadable DLZ drivers
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-04-22 14:22:24 +02:00
Tomas Hozza
230113feee Fix two issues
- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781)
- Fix race condition when freeing fetch object (ISC-Bugs #35385)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-03-05 14:43:00 +01:00
Tomas Hozza
7ebf9a3e72 Update to 9.9.5 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-02-13 09:31:31 +01:00
Rex Dieter
e983ad30af libs, -libs-lite: track sonames, so abi bumps aren't a surprise 2014-01-26 13:15:09 -06:00
Tomas Hozza
9d09f43a80 Fix spec file error causing FTBFS in rawhide
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-24 14:43:23 +01:00
Tomas Hozza
fb62390fbb update to 9.9.5rc2
- merged patches dropped
- some patches rebased to the new version

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-24 13:08:12 +01:00
Tomas Hozza
01ddf2c8af non-existance of resolv.conf should not be fatal
Resolves rhbz#1052343

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-15 10:17:36 +01:00
Tomas Hozza
14a63be5be Fix CVE-2014-0591
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-14 14:05:20 +01:00
Tomas Hozza
1a8c6bc42b Build bind-sdb against libdb instead of libdb4
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-06 22:02:48 +01:00
Tomas Hozza
abe4be5502 Update to bind-9.9.5b1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-06 15:06:20 +01:00
Tomas Hozza
cfca698d2b Fix crash in rbtdb after two sucessive getoriginnode() calls
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-12-18 13:03:52 +01:00
Tomas Hozza
7eb562bbab Rework the chroot setup/destruction workflow
- Split chroot package for named and named-sdb
- Extract setting-up/destroying of chroot to a separate systemd service (#997030)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-12-17 17:09:44 +01:00
Tomas Hozza
0cd5a0ff48 Fixed memory leak in nsupdate if 'realm' was used multiple times
Resolves: #984687
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-11-28 10:05:22 +01:00
Tomas Hozza
3267c0ac54 Install configuration for rwtab and fix chroot setup script
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-11-12 14:29:33 +01:00
Tomas Hozza
cb97bbcb9f Conditionaly build bind for developers
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-11-04 09:05:55 +01:00
Tomas Hozza
ab389647c8 Correct the upstream patch for #794940
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-31 16:51:24 +01:00
Tomas Hozza
f9f4e84366 use --enable-filter-aaaa when building bind to enable use of filter-aaaa-on-v4 option
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-31 11:33:29 +01:00
Tomas Hozza
426c09470b Forgot to change config-11.tar.bz2 -> config-12.tar.bz2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 13:25:47 +01:00
Tomas Hozza
8beb2b82a5 Bump the release number
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 12:57:45 +01:00
Tomas Hozza
93a69bb161 Added session-keyfile statement into default named.conf since we use /run/named
Since we don't use default /var/run/named path for PID file, we should not
use it also for Dynamic DNS session key.

Therefore the following line was added into the named.conf:
session-keyfile "/run/named/session.key";

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 12:45:06 +01:00
Tomas Hozza
09394b223a Create symlink /var/named/chroot/var/run -> /var/named/chroot/run
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 12:43:31 +01:00
Tomas Hozza
48fc9b39c5 Use upstream version of patch for previously fixed #794940
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-29 10:49:29 +01:00
Tomas Hozza
3ddaff2ea9 Fix race condition on send buffers in dighost.c (#794940)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-18 11:48:03 +02:00
Tomas Hozza
3d99690d74 install isc/errno2result.h header
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-08 14:07:46 +02:00
Tomas Hozza
55d3302131 Update to bind-9.9.4 stable
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-23 09:26:20 +02:00
Tomas Hozza
4a918b84b0 Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-10 10:03:44 +02:00
Tomas Hozza
d010f7191d update to bind-9.9.4rc2
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-09 12:35:04 +02:00
Tomas Hozza
a249bc6298 Move named-checkzone and named-compilezone to bind-utils package
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-20 17:05:29 +02:00
Tomas Hozza
5caf68e0f8 Move tools that don't need the server to run, from main package to bind-utils (#964313)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-20 15:37:54 +02:00
Tomas Hozza
5154ca3352 Don't generate rndc.key if there exists rndc.conf
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-16 13:08:20 +02:00
Tomas Hozza
ba646ed5d4 don't install named-sdb.service if SDB macro is defined to zero
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-16 12:03:32 +02:00
Tomas Hozza
65cc9d95ad update to bind-9.9.4rc1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-05 15:28:53 +02:00
Tomas Hozza
f4daa58a90 Fix setup-named-chroot.sh to mount/umount everything successfully
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-05 15:18:52 +02:00
Dennis Gilmore
d60cf6630d - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-02 22:26:19 -05:00
Tomas Hozza
37d1c73624 update to bind-9.9.4b1
- drop merged RRL patch
- drop merged stat.h patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-15 13:58:12 +02:00
Tomas Hozza
bd600e49c8 Fix dates in Changelog
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-10 10:47:23 +02:00
Tomas Hozza
0c054b2ac8 update to 9.9.3-P1 (fix for CVE-2013-3919)
- update RRL patch to 9.9.3-P1-rl.156.01

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-05 09:52:49 +02:00
Tomas Hozza
76b23b8702 bump release to prevent update path issues
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-03 20:03:00 +02:00
Tomas Hozza
df0cae9e8b update RRL patch to the latest version 9.9.3-rl.150.20
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-03 14:40:31 +02:00
Tomas Hozza
1bf060007d update to 9.9.3
- install dns/update.h header

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-03 09:47:13 +02:00
Tomas Hozza
2cc782fdff Fix segfault in host/nslookup (#878139)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-17 09:58:20 +02:00
Tomas Hozza
0a46a99c61 Change config-10.tar.bz2 to config-11.tar.bz2 in sources
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-13 13:21:33 +02:00
Tomas Hozza
60039a5407 update to 9.9.3rc2
- part of bind97-exportlib.patch not needed any more
- bind-9.9.1-P2-multlib-conflict.patch modified to reflect latest source
- rl-9.9.3rc1.patch -> rl-9.9.3rc2.patch
- bind99-opts.patch merged

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-13 12:50:46 +02:00
Tomas Hozza
ad6dbbdee6 Include managed-keys-directory statement in named.conf.sample (#948026)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-03 12:55:45 +02:00
Tomas Hozza
d0fda06135 Include recursion Warning in named.conf and named.conf.sample (#740894)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-03 12:50:12 +02:00
Tomas Hozza
4242e4f1c1 Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-02 15:54:40 +02:00
Adam Tkac
7731d63afb Fix crash in nsupdate when processing "-r" parameter (#949544)
Signed-off-by: Adam Tkac <adam.tkac@geodis.cz>
2013-04-19 12:21:30 +02:00
Adam Tkac
4ebe3dc7ef Ship dns/rrl.h in -devel subpkg
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-04-16 16:44:05 +02:00
Adam Tkac
c9b9417fb2 Update to 9.9.3rc1
- bind-96-libtool2.patch has been merged
- fix bind tmpfiles.d for named.pid /run migration (#920713)

Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-04-16 15:42:36 +02:00
Tomas Hozza
31f953d106 New upstream patch version fixing CVE-2013-2266 (#928032)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-03-27 12:57:26 +01:00
Adam Tkac
2043f0c3c9 Move pidfile to /run/named/named.pid
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-03-19 16:03:18 +01:00
Tomas Hozza
c69f33f779 Fix Makefile.in to include header added by rate limiting patch (#918330)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-03-07 09:22:55 +01:00
Adam Tkac
2d741bb523 Drop some developer-only documentation and move ARM to %%docdir
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-03-05 13:45:29 +01:00
Adam Tkac
05cf2799f8 Include rate limiting patch
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-02-18 14:47:30 +01:00
Tomas Hozza
a54c4dc454 mount/umount /var/named in setup-named-chroot.sh as the last one (#904666)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-01-29 17:39:29 +01:00
Tomas Hozza
619831eeff Corrected IP addresses in named.ca (#901741)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-01-28 16:12:15 +01:00
Adam Tkac
151d963a40 Fix IDN related statement in dig.1 manpage
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-12-20 14:40:30 +01:00
Adam Tkac
0f7d49832f Renerate /etc/rndc.key during named service startup if doesn't exist
- increase startup timeout in systemd units to 90sec (default)

Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-12-20 14:34:39 +01:00
Tomas Hozza
e73262808d update to bind-9.9.2-P1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2012-12-05 09:30:24 +01:00
Adam Tkac
cd3db89ffb Minor bugfixes
- document dig exit codes in manpage
- ignore empty "search" options in resolv.conf

Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-11-12 15:35:59 +01:00
Adam Tkac
15281fbc42 Drop PKCS11 support on rhel
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-11-12 11:23:18 +01:00
Adam Tkac
7d40dc1da5 Install isc/stat.h
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-10-11 16:07:10 +02:00
Adam Tkac
d6323c1def Update to 9.9.2
- bind97-rh714049.patch has been dropped
- patches merged
  - bind98-rh816164.patch

Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-10-11 13:34:19 +02:00
Tomas Hozza
2aeaf22a1a Adjusted Requires from systemd-units to systemd. 2012-10-09 15:25:22 +02:00
Adam Tkac
51e3f36892 Update to bind-9.9.1-P3
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-09-13 17:16:08 +02:00
Tomas Hozza
7519c842dd changed %define macros to %global and fixed several rpmlint warnings 2012-08-22 15:41:02 +02:00
Tomas Hozza
d9b90b5d92 fixed SPEC file so it comply with new systemd-rpm macros guidelines (#850045) 2012-08-22 14:47:47 +02:00
Tomas Hozza
fd468c0f80 Changed PrivateTmp to "false" in *-chroot.service unit files (#825869) 2012-08-08 12:59:35 +02:00
Tomas Hozza
a013398319 Fixed bind-devel multilib conflict (#478718) 2012-08-01 15:29:55 +02:00
Tomas Hozza
2421460d24 Fixed path to libdb.so in config.dlz.in 2012-07-30 16:27:33 +02:00
Tomas Hozza
99402419a5 Fixed bad path to systemctl in /etc/NetworkManager/dispatcher.d/13-named (#844047) 2012-07-30 15:18:43 +02:00