432a81aeff
Fix DLZ in oot builds
...
DLZ has no VPATH support. Just make duplicates in build directory
2019-02-06 22:08:27 +01:00
9a4b768e18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 14:36:55 +00:00
b2a708808a
Remove unneeded %clean section
...
It is the behavior since EPEL5.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2019-01-29 05:45:26 +01:00
13f8f23ec5
Update to 9.11.5-P1
2019-01-28 00:47:11 +01:00
32d91f12ca
Made RAND_status check optional (broke --disable-crypto-rand)
...
Unlike upstream, skip it also for DHCP.
Disable RAND_status also in non-threaded builds. DHCP is built without
threads and should not check RAND_status on dns library initialization.
Lack of entropy is possible state for dhclient, but it must not fail
even in this case. Because DHCP itself does not require custom random
generator, leave default RAND_OpenSSL configured. It should help TLS
connection to LDAP in single DHCP binary, while keeping secure random
data if needed.
Resolves : #1663318
(modified upstream commit 8a98277811ea50035ff37b744fa3dc5b75bee099)
2019-01-23 21:15:03 +01:00
219b0e889f
Remove conditional patch for alpha and ia64
...
It emits warning just because architectures no longer supported
2019-01-17 13:52:22 +01:00
2830e00b88
Move dnssec related tools to bind-dnssec-utils
...
Most often clients require just dig or host to lookup addresses.
Move dnssec and zone file into dedicated subpackage. For a limited time,
make bind-utils suggest bind-dnssec-utils, until all dependencies are
resolved. (#1649398 )
2019-01-17 13:52:22 +01:00
685f10cbfd
Reject invalid rbt file if header is corrupted
...
Resolves: rhbz#1666814
2019-01-16 17:43:33 +01:00
67a5cd83ff
Made RAND_status check optional (broke --disable-crypto-rand)
...
dhclient can terminate if not enough entropy, but it never requires
random data. On a new virtual machine, lack of entropy can be common.
Ensure it does not prevent DHCP client assigning an IP address.
2019-01-16 17:43:33 +01:00
ae36af4c9f
Add support for DNSTAP
...
Not enabled by default yet. Enables dumping of dns traffic.
Fix DNSTAP issues in build and unit tests.
Fool rpmlint to accept dnstap relative path. Rpmlint emited error
hardcoded-library-path on dnstap path. It is not system-wide library,
workaround by using variable.
Add dnstap-read utility to utils. When dnstap is enabled,
dnstap-read will be part of utils. Disadvantage is all utilities would have
dependency on protobuf library, including host and dig.
Resolves : #1564776
2018-11-05 18:28:47 +01:00
eba5779fc1
Add JSON statistics support
...
Optional support for HTTP statistics. For now it is still disabled.
2018-11-05 18:27:07 +01:00
ad7b3b8f12
Update to 9.11.5
...
Bump to higher version, update sources.
More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
2018-11-05 18:12:29 +01:00
c64b079c36
Add Requires to devel packages referenced by bind-devel
...
bind-devel requires openssl-devel to be installed for any digest
function. Prevent failures of depending packages if they do not depend
on other devel packages themselves. bind-dyndb-ldap is one such example.
2018-10-11 12:35:49 +02:00
5efb1da1ac
fixup export-libs macro logic
...
1 /sbin/ldconfig: relative path `1' used to build cache
2 warning: %postun(bind-export-libs-32:9.11.4-6.P1.fc29.x86_64) scriptlet failed, exit status 1
The reason for that is that macro defined below becomes part of
export-libs subpackage. %end will terminate post/postun immediately
without such side-effect.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-09-29 09:53:22 +02:00
e665b7deb0
Reenable IDN output but allow turning it off
...
Remove invalid downstream patch that disabled IDN output by default.
Dig could enable it, but it could not be enabled in nslookup and host.
Fix instead broken disable.
Resolves : #1580200
2018-09-26 20:31:46 +02:00
135784d7f2
Include /dev/urandom in chroot
...
Changed feature using OpenSSL RAND function requires /dev/urandom. It
was not provided in chroot and caused failure. Bug #1631515
2018-09-24 18:06:04 +02:00
fdbf64ca93
Fix changelog entry
2018-09-20 11:40:32 +02:00
0b3ef49c00
Update to bind-9.11.4-P2
2018-09-20 11:38:06 +02:00
8c65390bb6
Add versioned depends to all library subpackages
2018-09-19 21:04:52 +02:00
2ac37f7a75
Fix multilib conflict after 9.11 rebase
...
Conflict with devel headers reappeared after rebase to 9.11. Fix
socklen_t in a way that would generate the same types on 32 and 64 bit
architectures.
2018-09-19 21:04:52 +02:00
aeea22afaa
Fix annobin failures
...
Replace isc_safe routines with their OpenSSL counter parts
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
Fix the isc_safe_memwipe() usage with (NULL, >0)
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
Resolves: rhbz#1624100
2018-09-19 21:04:52 +02:00
cc69cd1e32
Use sed to modify generated Makefile
...
Custom patch application is not recognized by checking tools.
Use more readable and understandable way.
2018-09-19 21:04:52 +02:00
328fbf43a1
Add manual page for new comand dnssec-importkey
...
Pkcs11 variant did not have it, add a symlink also to real manual.
2018-09-19 21:04:52 +02:00
595af1f3d5
[master] completed and corrected the crypto-random change
...
4724. [func] By default, BIND now uses the random number
functions provided by the crypto library (i.e.,
OpenSSL or a PKCS#11 provider) as a source of
randomness rather than /dev/random. This is
suitable for virtual machine environments
which have limited entropy pools and lack
hardware random number generators.
This can be overridden by specifying another
entropy source via the "random-device" option
in named.conf, or via the -r command line option;
however, for functions requiring full cryptographic
strength, such as DNSSEC key generation, this
cannot be overridden. In particular, the -r
command line option no longer has any effect on
dnssec-keygen.
This can be disabled by building with
"configure --disable-crypto-rand".
[RT #31459 ] [RT #46047 ]
2018-09-19 21:04:52 +02:00
6e9104cae5
Add support for OpenSSL provided random data
...
Modified pkcs11 patch, problem with openssl/pkcs11 includes and
ISC_PLATFORM_CRYPTOLIB
2018-09-19 21:04:52 +02:00
0ae69e04e1
BuildRequires: s/postgresql-devel/libpq-devel/
...
That's because we moved libpq.so.5 into libpq package, per
devel list discussion:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/U3XR5EGU2TPI2CDHBRBUD4M4LK5OHKU3/
Related: rhbz#1618698, rhbz#1623764
2018-09-05 14:55:41 +02:00
37943d075e
Do not print errors on configuration failure ( #1595782 )
2018-08-14 22:28:45 +02:00
95d8248d50
Automatically replace obsoleted ISC DLV key with root key ( #1595782 )
2018-08-14 22:13:44 +02:00
e1f8ad2217
Fix sdb-chroot devices upgrade ( #1592873 )
...
Move common part to rpm define, use similar parts with different
parameter. Correct /dev/zero instead of missing /dev/dev.
2018-08-14 17:43:33 +02:00
35334375ff
Update to 9.11.4-P1
...
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
899014a8d1
Add support for disabled MD5
...
Do not crash named if MD5 function is not available. Instead gracefully
refuse to use such functions.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-08-02 23:51:45 +02:00
aefd72cf8f
Use OpenSSL for digest operations ( #1611537 )
2018-08-02 12:57:04 +02:00
20ccb888af
Install manpages generated by build
...
Upstream code will always install manual pages of upstream.
Manuals generated on build will be again installed. Broken by
out-of-tree build to support export-lib.
2018-07-31 22:17:56 +02:00
a38c250807
Update to 9.11.4
...
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
89e5350e43
Prevent errors on bind-chroot uninstall when running ( #1600583 )
2018-07-13 14:11:20 +02:00
572c587d29
Fix chroot devices verification ( #1592873 )
...
Moves creation of device files to setup instead of scriptlets.
Devices cleanup is left to RPM.
2018-07-13 14:11:20 +02:00
41d69089c7
Use new config named-chroot.files for chroot setup files ( #1429656 )
2018-07-13 14:11:20 +02:00
5c1f40d412
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:04:39 +00:00
626855668d
Remove needless use of %defattr
2018-07-10 00:26:47 -05:00
80b88039e8
Rebuilt for Python 3.7
2018-07-02 18:22:06 +02:00
3159fb6a8e
Require utils instead of library
2018-06-27 21:03:51 +02:00
ac50574b43
CVE-2018-5738
2018-06-27 18:18:57 +02:00
600bfd47ef
Remove named.iscdlv.key file ( #1595782 )
2018-06-27 18:18:57 +02:00
72c97d6c12
Rebuilt for Python 3.7
2018-06-19 10:40:25 +02:00
e3d0b186d1
Use selinux boolean to enable writing
...
Resolves: rhbz#1569466
2018-06-08 15:07:24 +02:00
5c4c792b8d
Change named shell to /bin/false
...
Related: rhbz#1569466
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:24 +02:00
0188ce47c6
Make named home writeable ( #1422680 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:18 +02:00
de74eb1feb
Require C++ on build when shipped atf library is used
2018-05-25 16:09:37 +02:00
f3f402d7f2
Run tests also without kyua
...
Support start of unit tests without kyua and system atf libraries.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-10 16:53:59 +02:00
b8176e5eb4
Update named.ca
2018-04-05 16:38:16 +02:00
f17cd8fc68
Do not link libidn2 to all libraries ( #1098783 )
2018-04-05 16:38:16 +02:00
36ff6aebe6
Make +noidnout default
2018-04-03 11:26:44 +02:00
cc9419191f
Compile export libs without GSSAPI
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:54:13 +02:00
8c4729c436
Enable libidn2 support ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:53:35 +02:00
f505a47d9b
Add dig support for libidn2 ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 21:34:41 +01:00
86ff90b834
Rebase to 9.11.3
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
029f0510e6
Fix build with disabled unittest
...
Recommend softhsm from pkcs11 variant
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 16:55:46 +01:00
40e8ab1f0c
- Conflict with bind99-devel
...
- Require openssl-devel and libcap-devel from bind-export-devel
2018-02-26 10:29:11 +01:00
9d24906d8d
Remove Group: from spec
2018-02-17 09:29:59 +01:00
5fe0b21885
- Use bcond_with to define optional features instead of %global
...
- Move export libs closer to PKCS11 libs, simplify soversion updates
- Remove unnecesary spec parts
2018-02-17 09:29:59 +01:00
56e7b0f856
Export libs should distribute own copy of license
2018-02-17 09:29:59 +01:00
cb2172301b
Rebase to 9.11.3b1
...
Remove merged upstream patches
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Update new so names
2018-02-17 09:29:59 +01:00
128dd7c787
- Use versioned provides
...
- Use spaces instead of tabs and minor cleanup
2018-02-17 09:29:58 +01:00
3931fea548
Rename devel export package to bind-export-devel.
...
Matches name to bind-devel and bind-libs in similar manner.
2018-02-17 09:29:55 +01:00
9a235f827e
Forward export libs path to isc-config
2018-02-17 09:28:56 +01:00
6787c0592a
Skip pkcs11 unit tests in export library
...
Modify also export configure script to use real libraries
Make sure only the replaced library is changed to export
2018-02-17 09:28:56 +01:00
46c6c4cd84
- Correct path for running make unit
...
- Prepare always for unit test
- Prepare only main build for system test, export test does not build
named
- Copy the key also to lib/dns-pkcs11
- BuildRequire findutils always
2018-02-17 09:28:36 +01:00
4f517bd499
Prepare system and unit test files
...
Enable unit tests also for export library
2018-02-17 09:28:36 +01:00
21ad2a883e
Copy unit rules into build directories.
...
Run unittest for both build and export libs.
2018-02-17 09:28:36 +01:00
bd8ef642c3
Remove unneeded export header files for pk11 and pkcs11
2018-02-17 09:28:36 +01:00
7d67be0060
Install export isc-config.sh
...
Use bind9-export includes. Fix patching isc-export-config.sh
2018-02-17 09:28:36 +01:00
1d54148484
Create bind-export-devel package with headers for single-threaded.
2018-02-16 21:07:08 +01:00
f75d562486
Provide description to package. Disable most of autodetected features for export libraries.
2018-02-16 21:07:08 +01:00
539c207dc9
Fix indentation
2018-02-16 21:07:08 +01:00
687255db6e
Add forgotten ldconfig for export-libs
2018-02-14 21:36:43 +01:00
c117ea001f
Obsolete/provide bind99 package for smooth update
2018-02-14 21:36:43 +01:00
76e1f1a098
Add export-libs-devel package
2018-02-14 21:34:55 +01:00
cdabc47c40
Disable epoll/kqueue as untested
2018-02-14 21:32:44 +01:00
27e37d675a
Build man in builddir
2018-02-14 21:30:59 +01:00
028f8c2ce4
Build export libs and deprecate bind99
2018-02-14 21:30:59 +01:00
a10892eed8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 03:49:58 +00:00
3582b7047d
Note -z defs cannot be enabled until more work
2018-01-30 19:00:58 +01:00
358a6cb08d
Remove ldconfig calls where possible
2018-01-30 17:34:53 +01:00
da51426156
Remove already included patch adding Kyuafile
2018-01-16 23:57:12 +01:00
7556fb076a
Fix CVE-2017-3145, rebase to 9.11.2-P1
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-01-16 23:38:29 +01:00
db0b09231c
Proper fix for python3-bind subpackage directory ownership ( #1522944 )
2018-01-10 12:53:57 +01:00
9647ab2c58
Provide internal tool to prepare softhsm token storage
2018-01-10 12:34:53 +01:00
661d72987e
4776. [bug] Improve portability of ht_test. [RT #46333 ]
2018-01-09 19:07:42 +01:00
dd79d39eee
Fix machine portability issues, fixes unit tests on non-x86 architectures
2018-01-09 18:19:55 +01:00
e5f6b89e92
Enable unit tests with kyua tool ( #1532694 )
2018-01-09 18:19:43 +01:00
50d9fbf691
Make tsstsig system test pass again ( #1500017 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-12-15 16:31:14 +01:00
7536ed9d37
Own python3-bind isc directory ( #1522944 )
2017-12-15 15:20:27 +01:00
bdc5ebdfa5
Include protocols and services in chroot
2017-10-31 19:58:06 +01:00
f5cbbc1a87
Use hmac-sha256 for new RNDC keys ( #1508003 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-31 17:37:27 +01:00
4d8c709975
Fix dynamic symbols conflict with ldap ( #1205168 )
2017-10-31 17:11:44 +01:00
4645641491
include DNSKEY 20326 also in trusted-key.key ( #1505476 )
2017-10-23 18:35:00 +02:00
2dc24d7a28
build against mariadb-connector-c-devel ( #1493615 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-10-23 18:03:38 +02:00
1f8ab5c253
Fix nsupdate GSSAPI auth against AD server ( #1484451 )
2017-09-13 17:59:46 +02:00
0b15f32821
Add secroots and recursing path overrides, to write into data directory.
2017-09-13 17:48:11 +02:00
5d8eb8cf1d
Update named.ca, move named.conf out of config archive
2017-08-16 22:47:09 +02:00
e9f0f4543b
Optional LMDB support, disabled by default
2017-08-14 12:33:48 +02:00
7584e54e6c
Update to 9.11.2
2017-08-14 12:17:30 +02:00
79d28ed32a
Update to 9.11.2b1
2017-08-08 17:14:41 +02:00
c81a9f4bd4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-02 18:13:28 +00:00
268c28154e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 03:56:37 +00:00
84de79cc62
Fix different formating spaces
2017-07-14 17:07:00 +02:00
6bf59b0f11
Make comment how to use different config file
2017-07-14 17:02:15 +02:00
508d643480
Use distribution flags for modules
2017-07-14 16:49:47 +02:00
43f0ac7c91
Distribute DLZ modules in separate packages.
...
Optional feature not yet enabled.
2017-07-14 16:49:47 +02:00
f2fb8b7545
Use mysql_config for SDB variant
2017-07-14 16:49:47 +02:00
e42c700db9
Update to 9.11.1-P3
2017-07-10 10:21:43 +02:00
85d0fb613e
Update to 9.11.1-P2
2017-06-30 16:06:24 +02:00
b0ccd9af19
Make utils depend on python module
2017-06-30 13:58:39 +02:00
3c983e38ec
Fix build for bumped SO-names
2017-06-25 16:26:22 +02:00
102df25a21
Fix changed patches
2017-06-15 21:42:29 +02:00
08bdf0ebe6
Update to 9.11.1-P1
2017-06-15 17:19:36 +02:00
19b1efe0bb
Fix queries for TKEY in nsupdate, when using GSSAPI ( #1236087 )
2017-04-21 17:38:45 +02:00
09e4b5788e
- Update to 9.11.0-P5
...
- Use BINDVERSION for upstream version
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-04-18 10:51:38 +02:00
bbe4229562
Update to 9.11.0-P3
2017-02-10 09:20:33 +01:00
29088fe6b4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-10 06:52:02 +00:00
7e15fd4b3f
Fix some rpm warnings
2017-01-18 17:26:26 +01:00
3d5ea105bd
RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb ( #1410433 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-18 17:22:50 +01:00
fdce4eb560
Fix manual pages generated by recent docbook-style-xsl (bz#1397186)
...
4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831 ]
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-16 13:12:32 +01:00
f696d69809
Update to 9.11.0-P2
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2017-01-12 16:09:05 +01:00
9775c204db
Rebuild for Python 3.6
2016-12-19 18:20:36 +01:00
a925732bd1
Split pk11 includes, include real functions only in pkcs11 variant
2016-11-22 19:36:32 +01:00
8afcc7945f
Merge branch 'rhbz1392538-chroot'
2016-11-16 13:54:14 +01:00
d886cd072d
Update to 9.11.0-P1
2016-11-16 08:46:09 +01:00
59793ad00a
Do not change lib permissions in chroot
2016-11-11 15:40:13 +01:00
20cebfb8c5
Build with OpenSSL 1.1
2016-11-08 20:39:14 +01:00
e94c66494e
Update to 9.10.4-P4
2016-11-08 16:31:48 +01:00
27a8e54aa7
Update to 9.10.4-P3
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-09-29 10:23:55 +02:00
02e0755d17
Update to 9.10.4-P2
...
Signed-off-by: Michal Ruprich <mruprich@redhat.com>
2016-07-20 13:51:14 +02:00
3fed71e579
Update to 9.10.4-P1
2016-05-26 17:23:15 +02:00
aeb3d0fc5d
(un)mount /var/named in -chroot packages as the last directory (Related: #1279188 )
2016-05-20 16:19:54 +02:00
d591319212
Replaced After=network-online.target with After=network.target in all unit files
...
BIND is able to react to network configuration changes and therefore it can start even before all interfaces are fully configured. There is no need to wait until interfaces are fully configured.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-05-12 13:31:49 +02:00
379b90d05d
Remove NM dispatcher script, since it is not needed any more ( #1277257 )
2016-05-12 13:23:35 +02:00
03a1eba10d
Use HTTPS instead of FTP for Source0
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-21 12:41:27 +01:00
8ac7bef51e
Cleanup dependencies to reflect reality
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-21 12:38:15 +01:00
83466f11b9
Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-03-11 15:02:53 +01:00
d273b747cd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-03 17:01:35 +00:00
4f7493080f
Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 ( #1300051 )
2016-01-21 09:51:24 +01:00
bbb4f1d9a7
Commented out bindkeys-file statement in default configuration (#1223365#c3)
...
- Removed unrecognized configure option --enable-developer
- Added configure option --enable-full-report to get report on enabled features
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:59:44 +01:00
1a8262dde0
Commented out bindkeys-file statement in default configuration (#1223365#c3)
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:46:32 +01:00
c009763d23
Added some comments and notes to operations and definitions in SPEC
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2016-01-06 14:42:27 +01:00
c94cea9133
- Remove unrecognized build options for %configure
...
- Own %{_includedir}/bind9 directory in -lite-devel
- Fixed building without (optional) PKCS#11 support
2015-12-27 00:17:45 +01:00
226577f014
bump release to maintain update path
2015-12-16 19:05:05 +01:00
703982aa78
Update to 9.10.3-P2
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-12-16 15:39:32 +01:00
b4715c5089
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
2015-11-10 14:07:10 +00:00
c76f58f6ea
Fixed named-checkconf call in *-chroot.service files ( #1277820 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-11-04 17:34:38 +01:00
caf3603af7
Update to 9.10.3 stable
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-17 16:17:35 +02:00
a3771cee48
Update to 9.10.3rc1 ( #1259690 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-04 01:50:26 +02:00
d6c0550f5c
Update to 9.10.2-P3 to fix CVE-2015-5477
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-29 10:53:07 +02:00
1d29922e18
Update to 9.10.2-P2
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-09 12:13:13 +02:00
566e7ed5b9
Reintroduce the DISABLE_ZONE_CHECKING into /etc/sysconfig/named
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-29 13:33:28 +02:00
5196f25446
Update to 9.10.2-P1
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-19 20:48:19 +02:00
0a65866650
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 01:48:25 +00:00
e09c558cc5
Don't copy /etc/localtime on -chroot package installation
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-27 12:54:51 +02:00
71f9fb4731
Utilize system-wide crypto-policies ( #1179925 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-22 19:09:39 +02:00
c501776f39
Don't use ISC's DLV by default ( #1223365 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-22 17:45:37 +02:00
ca42323df8
enable GeoIP access control feature
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-21 09:37:42 +02:00
c1e4a2fd32
enable tuning for large systems - increases hardcoded internal limits
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-21 09:31:01 +02:00
be760938ec
update to 9.10.2 stable
...
- remove parallel-build patch after discussion with upstream [ISC-Bugs #38739 ]
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-03-05 13:01:25 +01:00
548cd90fb3
Add build dependency on python3-devel
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-25 17:02:42 +01:00
7345adf157
Use Python3 by default ( #1186791 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-25 12:48:17 +01:00
f011164832
Call ldconfig for pkcs11 version of libraries
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-23 16:26:28 +01:00
a62625f0bd
Fix the libdns version
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-23 13:17:47 +01:00
f3967f6469
update to 9.10.2rc2
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-23 09:59:32 +01:00
d0351fe60b
Rebuilt for Fedora 23 Change
...
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
2015-02-21 21:23:38 +01:00
4e2098e221
update to 9.10.2rc1
...
- fix nsupdate server auto-detection (#1184151 )
- drop merged patch bind99-rh985918.patch
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-02-02 12:39:57 +01:00
407c2d38c0
Install config for tmpfiles under %{_tmpfilesdir} ( #1181020 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-01-16 15:16:06 +01:00
02be4819ea
Require systemd not systemd-units
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-01-16 14:58:12 +01:00
4fa9972d29
Update to 9.10.1-P1 stable
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-01-14 12:47:51 +01:00
e001c1a066
Drop downstream patch for nslookup/host rejected by upstream
...
Upstream response:
26337 nslookup fails to get answer from non-recursive auth server
There has been a lot of email back and forth with Adam on this.
We have decided we cannot accept it, we disagree on the appropriate DNS behavior.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-12-12 14:17:08 +01:00
460bee9b36
Update to 9.9.6-P1 (CVE-2014-8500)
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-12-09 19:01:49 +01:00
c906894bd5
drop engine_pkcs11 dependency, since we use native PKCS#11 implementation
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-14 13:54:21 +01:00
075927bb1c
Fixed systemctl path in logrotate configuration ( #1148360 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-14 13:53:09 +01:00
b6d2bfe08a
Fix crash during GSS-TSIG processing introduced in 32:9.9.6-2
...
Resolves : #1155334 , #1155127
Signed-off-by: Petr Spacek <pspacek@redhat.com>
2014-10-22 11:36:11 -04:00
83a76bb0d8
Remove old Requires: bind in bind-sdb
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-14 14:38:48 +02:00
dce2d1bd1c
Added native PKCS#11 functionality
...
Resolves: rhbz#1097752
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-14 14:02:38 +02:00
23b1421845
Fix assert in dig when using +sigchase ( #985918 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-03 11:21:44 +02:00
1407f656a4
Add architecture specific dependencies.
...
Also modify existing Requires to be architecture specific.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-03 11:21:44 +02:00
b746061914
Update to 9.9.6
...
- drop merged patches and rebase some of existing patches
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-10-03 11:21:38 +02:00
c095b972f6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-15 22:35:38 +00:00
55b0a6bfc2
Use network-online.target instead of network.target ( #1117086 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-07-18 13:32:25 +02:00
7f37d19d5d
mark license files properly
2014-07-11 16:13:05 -04:00
4e390f5349
Use only one VERSION macro
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-12 16:28:18 +02:00
4b0aa8b659
Include the 'dot' if PATCHVER or PREVER are defined
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-12 16:09:44 +02:00
7809ef4347
Update to 9.9.5-P1
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-12 16:05:32 +02:00
ed837c4f03
Use /dev/urandom for generation of rndc.key ( #1079799
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-06-09 13:47:34 +02:00
d18b5e4f2e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-06 21:58:28 -05:00
4ecbfd89d6
Squash libidn patches into one
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-05-26 15:42:49 +02:00
9f33a20115
configure bind with --with-dlopen=yes to support dynamically loadable DLZ drivers
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-04-22 14:22:24 +02:00
230113feee
Fix two issues
...
- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781 )
- Fix race condition when freeing fetch object (ISC-Bugs #35385 )
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-03-05 14:43:00 +01:00
7ebf9a3e72
Update to 9.9.5 stable
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-02-13 09:31:31 +01:00
e983ad30af
libs, -libs-lite: track sonames, so abi bumps aren't a surprise
2014-01-26 13:15:09 -06:00
9d09f43a80
Fix spec file error causing FTBFS in rawhide
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-24 14:43:23 +01:00
fb62390fbb
update to 9.9.5rc2
...
- merged patches dropped
- some patches rebased to the new version
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-24 13:08:12 +01:00
01ddf2c8af
non-existance of resolv.conf should not be fatal
...
Resolves rhbz#1052343
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-15 10:17:36 +01:00
14a63be5be
Fix CVE-2014-0591
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-14 14:05:20 +01:00
1a8c6bc42b
Build bind-sdb against libdb instead of libdb4
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-06 22:02:48 +01:00
abe4be5502
Update to bind-9.9.5b1
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-06 15:06:20 +01:00
cfca698d2b
Fix crash in rbtdb after two sucessive getoriginnode() calls
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-12-18 13:03:52 +01:00
7eb562bbab
Rework the chroot setup/destruction workflow
...
- Split chroot package for named and named-sdb
- Extract setting-up/destroying of chroot to a separate systemd service (#997030 )
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-12-17 17:09:44 +01:00
0cd5a0ff48
Fixed memory leak in nsupdate if 'realm' was used multiple times
...
Resolves : #984687
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-11-28 10:05:22 +01:00
3267c0ac54
Install configuration for rwtab and fix chroot setup script
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-11-12 14:29:33 +01:00
cb97bbcb9f
Conditionaly build bind for developers
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-11-04 09:05:55 +01:00
ab389647c8
Correct the upstream patch for #794940
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-31 16:51:24 +01:00
f9f4e84366
use --enable-filter-aaaa when building bind to enable use of filter-aaaa-on-v4 option
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-31 11:33:29 +01:00
426c09470b
Forgot to change config-11.tar.bz2 -> config-12.tar.bz2
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 13:25:47 +01:00
8beb2b82a5
Bump the release number
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 12:57:45 +01:00
93a69bb161
Added session-keyfile statement into default named.conf since we use /run/named
...
Since we don't use default /var/run/named path for PID file, we should not
use it also for Dynamic DNS session key.
Therefore the following line was added into the named.conf:
session-keyfile "/run/named/session.key";
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 12:45:06 +01:00
09394b223a
Create symlink /var/named/chroot/var/run -> /var/named/chroot/run
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-30 12:43:31 +01:00
48fc9b39c5
Use upstream version of patch for previously fixed #794940
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-29 10:49:29 +01:00
3ddaff2ea9
Fix race condition on send buffers in dighost.c ( #794940 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-18 11:48:03 +02:00
3d99690d74
install isc/errno2result.h header
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-08 14:07:46 +02:00
55d3302131
Update to bind-9.9.4 stable
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-23 09:26:20 +02:00
4a918b84b0
Fix [ISC-Bugs #34738 ] dns_journal_open() returns a pointer to stack
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-10 10:03:44 +02:00
d010f7191d
update to bind-9.9.4rc2
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-09-09 12:35:04 +02:00
a249bc6298
Move named-checkzone and named-compilezone to bind-utils package
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-20 17:05:29 +02:00
5caf68e0f8
Move tools that don't need the server to run, from main package to bind-utils ( #964313 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-20 15:37:54 +02:00
5154ca3352
Don't generate rndc.key if there exists rndc.conf
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-16 13:08:20 +02:00
ba646ed5d4
don't install named-sdb.service if SDB macro is defined to zero
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-16 12:03:32 +02:00
65cc9d95ad
update to bind-9.9.4rc1
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-05 15:28:53 +02:00
f4daa58a90
Fix setup-named-chroot.sh to mount/umount everything successfully
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-05 15:18:52 +02:00
d60cf6630d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-08-02 22:26:19 -05:00
37d1c73624
update to bind-9.9.4b1
...
- drop merged RRL patch
- drop merged stat.h patch
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-15 13:58:12 +02:00
bd600e49c8
Fix dates in Changelog
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-10 10:47:23 +02:00
0c054b2ac8
update to 9.9.3-P1 (fix for CVE-2013-3919)
...
- update RRL patch to 9.9.3-P1-rl.156.01
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-05 09:52:49 +02:00
76b23b8702
bump release to prevent update path issues
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-03 20:03:00 +02:00
df0cae9e8b
update RRL patch to the latest version 9.9.3-rl.150.20
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-03 14:40:31 +02:00
1bf060007d
update to 9.9.3
...
- install dns/update.h header
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-06-03 09:47:13 +02:00
2cc782fdff
Fix segfault in host/nslookup ( #878139 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-17 09:58:20 +02:00
0a46a99c61
Change config-10.tar.bz2 to config-11.tar.bz2 in sources
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-13 13:21:33 +02:00
60039a5407
update to 9.9.3rc2
...
- part of bind97-exportlib.patch not needed any more
- bind-9.9.1-P2-multlib-conflict.patch modified to reflect latest source
- rl-9.9.3rc1.patch -> rl-9.9.3rc2.patch
- bind99-opts.patch merged
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-13 12:50:46 +02:00
ad6dbbdee6
Include managed-keys-directory statement in named.conf.sample ( #948026 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-03 12:55:45 +02:00
d0fda06135
Include recursion Warning in named.conf and named.conf.sample ( #740894 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-03 12:50:12 +02:00
4242e4f1c1
Fix zone2sqlite to quote table names when creating/dropping/inserting ( #919417 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-05-02 15:54:40 +02:00
7731d63afb
Fix crash in nsupdate when processing "-r" parameter ( #949544 )
...
Signed-off-by: Adam Tkac <adam.tkac@geodis.cz>
2013-04-19 12:21:30 +02:00
4ebe3dc7ef
Ship dns/rrl.h in -devel subpkg
...
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-04-16 16:44:05 +02:00
c9b9417fb2
Update to 9.9.3rc1
...
- bind-96-libtool2.patch has been merged
- fix bind tmpfiles.d for named.pid /run migration (#920713 )
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-04-16 15:42:36 +02:00
31f953d106
New upstream patch version fixing CVE-2013-2266 ( #928032 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-03-27 12:57:26 +01:00
2043f0c3c9
Move pidfile to /run/named/named.pid
...
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-03-19 16:03:18 +01:00
c69f33f779
Fix Makefile.in to include header added by rate limiting patch ( #918330 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-03-07 09:22:55 +01:00
2d741bb523
Drop some developer-only documentation and move ARM to %%docdir
...
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-03-05 13:45:29 +01:00
05cf2799f8
Include rate limiting patch
...
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-02-18 14:47:30 +01:00
a54c4dc454
mount/umount /var/named in setup-named-chroot.sh as the last one ( #904666 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-01-29 17:39:29 +01:00
619831eeff
Corrected IP addresses in named.ca ( #901741 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-01-28 16:12:15 +01:00
151d963a40
Fix IDN related statement in dig.1 manpage
...
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-12-20 14:40:30 +01:00
0f7d49832f
Renerate /etc/rndc.key during named service startup if doesn't exist
...
- increase startup timeout in systemd units to 90sec (default)
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-12-20 14:34:39 +01:00
Petr Menšík
Fedora Release Engineering
Igor Gnatenko
Pavel Raiskup
Jason Tibbitts
Miro Hrončok
Pavel Zhukov
Björn Esser
Michal Ruprich
Tomas Hozza
Michal Ruprich
Dennis Gilmore
Robert Scheck
Peter Robinson
Till Maas
Petr Spacek
Tom Callaway
Rex Dieter
Adam Tkac
Adam Tkac