Commit Graph

1000 Commits

Author SHA1 Message Date
Petr Menšík
11da1628d8 Allow easy upgrade of bind-devel
bind-lite-devel needs to be obsoleted. It demands license with its own
reason and block upgrade.
2020-09-16 12:12:55 +02:00
Petr Menšík
aa13488713 Create bind-dnssec-doc subpackage
Move there all manual pages of bind-dnssec-utils. They can be then
shared by bind-pkcs11-utils with just one package owning them.
2020-09-15 20:06:11 +02:00
Petr Menšík
4158647a7a Remove ancient version triggers 2020-09-15 19:34:43 +02:00
Petr Menšík
aa8fce7381 Remove ancient provides
Most of they are related to RHEL 5, which is far too long unsupported.
Stop dragging them along for ages.
2020-09-15 19:28:35 +02:00
Petr Menšík
bd20caa99a Move plugins to upstream default directory
Keep backward-compatible links from old directory. Any original
configuration should keep running like before.
2020-09-15 18:22:27 +02:00
Petr Menšík
f290ef8ed6 Move DLZ modules out of bind base package
All DLZ modules were installed by mistake in main bind package.
Remove them from there, they should be offered only by each dlz
subpackage.

Move modules to upstream used directory %{_libdir}/named.
2020-09-15 18:06:30 +02:00
Petr Menšík
8a73c57ad4 Remove DEVEL conditional define
I find no reason to turn off devel package creation. It can be ignored
if required, but is mandatory due to Fedora packaging guidelines.
Simplify it a bit.
2020-09-15 17:55:01 +02:00
Petr Menšík
1799c36d23 Merge bind-lite-devel into bind-devel
Those packages were very similar in BIND 9.11. Since there is no
isc-config.sh, no significant or required reason to have them separated
exist. Keep separated libraries, but only one devel package.
2020-09-15 17:51:50 +02:00
Petr Menšík
e1be70d96e Disable SDB remains and build only DLZ modules
DLZ modules turned built-in support into named, just like former
named-sdb package had. That was non-intentional and is disabled now.
Instead, build only dynamically loaded modules with support for various
database access.
2020-09-14 21:17:32 +02:00
Petr Menšík
ef5c71f941 Share static data in doc package
Fonts add unnecessary size to doc package. Instead of local copy, link
to theme package static directory and reuse data already installed.
2020-09-14 17:08:06 +02:00
Petr Menšík
e761bce6ce Require libcap-devel from devel package
isc-config.sh --libs isc requires libcap devel, even when it is not
required by any headers. Make sure it is present.
2020-09-04 12:38:57 +02:00
Petr Menšík
89421c0410 Remove lwres remains 2020-08-31 16:31:40 +02:00
Petr Menšík
1667a58d2a Generate html man pages into man subdirectory 2020-08-31 16:31:40 +02:00
Petr Menšík
7be72b675e Disable PDF regeneration
Because pending issues with PDF regeneration, disable PDF for now.
Allow turning it on with --with DOCPDF.

It prevents building successfully on Rawhide/f33 for some reason.
2020-08-31 14:09:33 +02:00
Petr Menšík
bd765f0cce Ignore fmtutil command status
It is not important for the build, just inform about latex tools.
2020-08-28 11:15:29 +02:00
Petr Menšík
823e9d22cf List latex configuration before make 2020-08-26 16:48:02 +02:00
Petr Menšík
7d8ad626e7 Use fmtutil to generate local settings
COPR is missing fmtutil configuration. Try generating it.
2020-08-26 12:44:44 +02:00
Petr Menšík
04a7c5632c Do not use home for pdf build files
texlive stores some files in $HOME directory. Redirect those files to
build directory, where it belongs. Do not touch anything user has.
2020-08-26 12:10:38 +02:00
Petr Menšík
cb3f3691e4 Update to 9.16.6
Release notes:
https://downloads.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
2020-08-22 11:44:09 +02:00
Petr Menšík
745f43ac05 Update to 9.11.22
https://downloads.isc.org/isc/bind9/9.11.22/RELEASE-NOTES-bind-9.11.22.html
2020-08-21 10:29:56 +02:00
Fedora Release Engineering
2dfc59bcef - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-08-01 00:08:12 +00:00
Fedora Release Engineering
bd472bc593 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 13:07:40 +00:00
Petr Menšík
2053b89207 Remove duplicate copy of HTML manual pages 2020-07-16 00:02:49 +02:00
Petr Menšík
23ca292909 Update to 9.16.5
Modifies API of libraries, needs rebuild of dependent packages.
2020-07-15 22:39:37 +02:00
Petr Menšík
146cab7989 Update to 9.11.21
Only bugfix release without significant changes.

Release notes at:
https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html
2020-07-15 22:15:32 +02:00
Petr Menšík
b4eefd1f96 Add missing lite library depends 2020-06-23 12:31:14 +02:00
Petr Menšík
192c76c22a Create doc subpackage
Subpackage is there just as shared documentation for main package.
I want to stay in original directory, files should not move since they
were in bind package.

Documentation is not regenerated, but used as shipped by upstream.
2020-06-23 12:24:31 +02:00
Adrian Reber
78aed13f06
Rebuilt for protobuf 3.12 2020-06-20 18:38:36 +02:00
Petr Menšík
9a4be75094 Move documentation from bind-doc subdir to bind
Subpackage is there just as shared documentation for main package.
I want to stay in original directory, even most of paths have changed
since move to sphinx generated documentation.
2020-06-19 22:17:03 +02:00
Petr Menšík
2a2d2faeae fixup! Update to 9.16.4 2020-06-18 14:07:00 +02:00
Petr Menšík
e8b35851c3 Delete installed manuals for disabled features
Some manuals are installed, even when those features are disabled.
Remove such manuals after installation.
2020-06-18 12:33:42 +02:00
Petr Menšík
0963df6403 Create doc subpackage and regenerate documentation
Regenerates full documentation on each build. Make documentation
optional in case some dependencies would be missing.
2020-06-18 04:45:07 +02:00
Petr Menšík
b8ccda0801 Update to 9.16.4
Documentation changed and requires another commit.
2020-06-18 04:30:24 +02:00
Petr Menšík
f82859a3a0 Update to 9.11.20
Fixes CVE-2020-8619 and few more issues
2020-06-17 22:53:13 +02:00
Miro Hrončok
8aa5837978 Rebuilt for Python 3.9 2020-05-26 02:41:36 +02:00
Petr Menšík
674cbdbb3e Make usage of initscripts optional
Do not depend hard on initscript just to provide fancy colored status.
When started from systemd, it does not really matter.

Return exactly the same return code as returned by the original tool.
2020-05-25 22:52:44 +02:00
Petr Menšík
f9201b844d Update to 9.11.19
Includes new CVE fixes
2020-05-25 12:15:44 +02:00
Petr Menšík
23458b3db1 Make usage of initscripts optional
Do not depend hard on initscript just to provide fancy colored status.
When started from systemd, it does not really matter.

Return exactly the same return code as returned by the original tool.
2020-05-22 12:18:30 +02:00
Petr Menšík
7fe31e1892 Update to 9.16.3
Changes some solib versions and fixes two important CVEs:
CVE-2020-8616 CVE-2020-8617
2020-05-20 13:25:26 +02:00
Petr Menšík
8ad1379019 Do not request use of urandom and report failure
Original script did not report failure as exit status. Report error if
rndc key generation failed also by exit status, not only by failed
message.

-r parameter is unsupported now, do not require it anymore.
2020-05-11 18:09:54 +02:00
Petr Menšík
775befed48 Try successful build on epel8
softhsm is not provided on RHEL 8 as normal package. It is distributed
only in idm:DL1 module. If unittest or systemtest is not enabled, skip
configuring softhsm. It would not be used anyway.
2020-04-28 10:18:03 +02:00
Petr Menšík
40861268f3 Enable native PKCS11 build again
It was disabled because patches were not fixed. It compiles now, try it.
2020-04-27 22:22:47 +02:00
Petr Menšík
afbbd0be52 Add support to native PKCS11
Set of patches and changes, that fixes compilation of native PKCS11
support as subpackage. Moves definition of USE_PKCS11 from config.h to
Makefiles. Defaults to off and only PKCS11 subdirectories set it to
true.
2020-04-27 21:59:25 +02:00
Petr Menšík
3ef9cd3dce Replace initial key with just digest of it
Mentioned link if a file leads to XML with only checksums included.
Relation between them and included key is not obvious or specified.
Include initial digest, which is shorter and easier to validate.
2020-04-27 12:21:58 +02:00
Petr Menšík
8b8d05ffc0 Update sample config to match current version 2020-04-27 12:01:53 +02:00
Petr Menšík
aaa1cdaabf Update configuration to 9.16
Fixes warnings in default configuration file. Skip always enabled DNSSEC
and use more recent trust anchor format.
2020-04-24 15:21:33 +02:00
Björn Esser
b72488cc24 Rebuild (json-c) 2020-04-22 00:01:59 +02:00
Petr Menšík
076f5f80bc fixup! Make spec work also on CentOS 8 2020-04-16 12:46:45 +02:00
Petr Menšík
1d9c1cf435 fixup! Make spec work also on CentOS 8 2020-04-16 12:42:58 +02:00
Petr Menšík
1b133224fc Update to 9.16.2
Notes for BIND 9.16.2
Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]

Feature Changes

    The previous DNSSEC sign statistics used lots of memory. The number of keys to track is reduced to four per zone, which should be enough for 99% of all signed zones. [GL #1179]

Bug Fixes

    When an RPZ policy zone was updated via zone transfer and a large number of records was deleted, named could become nonresponsive for a short period while deleted names were removed from the RPZ summary database. This database cleanup is now done incrementally over a longer period of time, reducing such delays. [GL #1447]

    When trying to migrate an already-signed zone from auto-dnssec maintain to one based on dnssec-policy, the existing keys were immediately deleted and replaced with new ones. As the key rollover timing constraints were not being followed, it was possible that some clients would not have been able to validate responses until all old DNSSEC information had timed out from caches. BIND now looks at the time metadata of the existing keys and incorporates it into its DNSSEC policy operation. [GL #1706]
2020-04-16 12:38:00 +02:00