Commit Graph

879 Commits

Author SHA1 Message Date
Petr Menšík
f82859a3a0 Update to 9.11.20
Fixes CVE-2020-8619 and few more issues
2020-06-17 22:53:13 +02:00
Miro Hrončok
8aa5837978 Rebuilt for Python 3.9 2020-05-26 02:41:36 +02:00
Petr Menšík
674cbdbb3e Make usage of initscripts optional
Do not depend hard on initscript just to provide fancy colored status.
When started from systemd, it does not really matter.

Return exactly the same return code as returned by the original tool.
2020-05-25 22:52:44 +02:00
Petr Menšík
f9201b844d Update to 9.11.19
Includes new CVE fixes
2020-05-25 12:15:44 +02:00
Björn Esser
b72488cc24 Rebuild (json-c) 2020-04-22 00:01:59 +02:00
Petr Menšík
076f5f80bc fixup! Make spec work also on CentOS 8 2020-04-16 12:46:45 +02:00
Petr Menšík
96e1d963a4 Make spec work also on CentOS 8
Move some conditional requirements to be enabled just on Fedora.
2020-04-16 11:10:15 +02:00
Petr Menšík
6e3b160e37 Update to BIND 9.11.18
From Upstream Release notes:

Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]
2020-04-16 10:53:28 +02:00
Petr Menšík
485d16a77e Cleanup test definition
Leave installation of dependencies on tests itself. Use beakerlib to
install packages.
2020-04-14 11:37:49 +02:00
Petr Menšík
449ff581ad Move filter to correct location 2020-04-14 11:37:49 +02:00
Petr Menšík
ce9edd09af Run master branch instead 2020-04-14 11:37:49 +02:00
Petr Menšík
2e8a3a9146 Use fmf filter for test case selection 2020-04-14 11:37:49 +02:00
Petr Menšík
93e0db889f Not sure how to specify tests to run
check https://fmf.readthedocs.io/en/latest/ for help
2020-04-14 11:37:49 +02:00
Petr Menšík
f3b42f85fe Try to pass with modified branch 2020-04-14 11:37:49 +02:00
Petr Menšík
5c15ad824e Remove unused patches 2020-03-31 20:50:35 +02:00
Petr Menšík
c223e3e275 Update to 9.11.17
Updated a bit SDB related patches.
2020-03-31 20:37:08 +02:00
Fedora Release Engineering
a1d448dbef - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 12:57:50 +00:00
Petr Menšík
c23c15d73b Remove libmaxminddb-devel from devel dependencies
Unlike other build dependencies, no public headers include from
libmaxminddb any symbols. That means no build would ever fail
if libmaxminddb-devel package is not installed. Do not require it when
installing bind-lite-devel but keep the requirement when building from
sources.
2020-01-08 16:36:11 +01:00
Petr Menšík
4fa84d9ccc Preserve symlinks to named.conf on iscdlv modification (#1786626) 2020-01-03 20:26:39 +01:00
Petr Menšík
b4802c2e65 Fix oot build
gen would not compile under oot build
2020-01-02 11:44:53 +01:00
Petr Menšík
43f4de9bf3 Include more Thread Sanitizer changes
Fix as much race conditions as possible.
2019-12-19 19:38:56 +01:00
Petr Menšík
23657868e6 Update to 9.11.14
Includes ThreadSanitizer fixes already included as downstream patches.
Adjusts serve-stale patch, one new statistics.
2019-12-19 18:43:23 +01:00
Petr Menšík
9406a85e89 Fix dnf builddep when python3-devel is not installed
Build requirements fetch fail on clean system with just basic utils.
2019-12-19 18:42:50 +01:00
Petr Menšík
d5106d287e Add one more candidate for issue fixing
Imported from upstream commit 6eed12605154b8ce10e9be0f51253e6ec318550e
2019-12-19 18:42:47 +01:00
Petr Menšík
9cfd91a473 Add ThreadSanitizer support
Has to be enabled in build by --with TSAN.
Would make build fail unit tests and print many warnings about possible
race conditions. Not useful for production build, but useful for
debugging thread related problems in system tests.
2019-12-04 17:57:12 +01:00
Petr Menšík
ccf1b03734 Disable Berkeley DB support (#1779190)
Allow enabling it by build --with BDB, but keep it disabled by default.
2019-12-03 19:05:53 +01:00
Petr Menšík
c44ebdeade Bump spec for bug #1736762 2019-12-02 20:35:43 +01:00
Petr Menšík
1a4de8b956 Backport a few upstream thread safety fixes
It might not fix all issues, but was detected by upstream using
automated tool. Should not break anything new, but might fix issue
triggered usually on ppc64le platform.
2019-12-02 20:34:08 +01:00
Petr Menšík
6f27f8e4a7 Complete explicit disabling of RSAMD5 in FIPS mode (#1709553)
Previous fix included just part inside named. However, checking part
would check algorithm support also in check library. The code is almost
the same. Permit already disabled algoritms also in libbind9.

Use the same change as RHEL.
2019-11-26 19:37:29 +01:00
Petr Menšík
adcfd20cb2 Remove tabs from spec
rpmlint complains about mixed spaces and tabs. Set vim mode and remove
tabs added by recent commit.
2019-11-25 21:32:36 +01:00
Petr Menšík
547656b469 Add source verification on build
Include verification on build time, with link to GPG keys on upstream
site.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
2019-11-25 21:06:06 +01:00
Petr Menšík
74b53c3a58 Update to 9.11.13 2019-11-25 21:06:06 +01:00
Petr Menšík
4f643ffc70 Remove reload related comments from services
Seems systemd already fixes reload return codes. Remove comment from
systemd service files.
2019-11-19 14:01:06 +01:00
Petr Menšík
b29a7e26db Report error on reload failure
Return failed status code to command. Not only report error message to
the log, but also report reload success. Must not terminate running
service on failed reload.
2019-11-19 13:37:14 +01:00
Petr Menšík
c45a218eef fixup! Remove config archive with zone files 2019-11-19 12:01:15 +01:00
Petr Menšík
9bef003ee5 Fix binary compatibility after serve-stale patch (#1770492)
Move new entry to the end. Do not break already compiled bind-dyndb-ldap
compatibility.
2019-11-12 11:17:43 +01:00
Petr Menšík
8f4225c8a7 Add helper for testing system daemons
Modifies already generated Makefiles to link against system libraries,
instead of static built artifacts.
2019-11-07 14:41:36 +01:00
Petr Menšík
8544584691 Add serve-stale feature
Backported from 9.12 version, adds support for stale-answer-enable
option, as well stale-answer-ttl and max-stale-ttl.
2019-11-07 14:36:47 +01:00
Petr Menšík
dff9083e8c Fix wrong default GeoIP directory (#1768258) 2019-11-06 21:31:14 +01:00
Petr Menšík
be8074fddc Update chroot test to check RPM verify
In bug #1592873, error on chroot was reported. Ensure it does not
reappear.
2019-11-06 13:33:49 +01:00
Petr Menšík
cba49a643a Improve SYSTEMTEST running on build time
Use parallel execution on test run. Support already configured
interfaces without special permissions on build. It can either use
already present addresses or configure it on build time. If it has no
rights to configure it, just skip the test and continue.
2019-11-05 13:03:34 +01:00
Petr Menšík
63bb1cf127 Add GeoIP configuration into config file
Upstream has wrong default path of GeoIP2. Use it explicitly.
2019-11-04 21:48:36 +01:00
Petr Menšík
ed8f6043d7 Bump version 2019-11-04 21:45:08 +01:00
Petr Menšík
86712fc834 Remove config archive with zone files
Few configuration and zone files were moved into tarball by commit
55b04de09a. It makes tracking of changes difficult, hardens rebases,
makes difficult building without proper lookaside cache. Those files are
tiny, no need to hold them inside compressed binary archive. Move them
out.

Replaces also few places with proper directory macros.
2019-11-04 21:45:08 +01:00
Petr Menšík
2129c87815 fixup! Update to 9.11.12 (#1557762) 2019-10-21 15:44:10 +02:00
Petr Menšík
176d144f32 Adjust patches to 9.11.12
Few changes occured, remove one upstream applied patch.
2019-10-21 14:40:42 +02:00
Petr Menšík
d0053ae530 Update to 9.11.12 (#1557762) 2019-10-21 14:26:32 +02:00
Petr Menšík
833ef7b7b4 Adjust downstream patches to 9.11.11 2019-09-25 21:30:47 +02:00
Petr Menšík
69b861316f Update to 9.11.11
- Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
  cause unexpected results; this has been fixed. [GL #1106]

- named-checkconf now checks DNS64 prefixes
  to ensure bits 64-71 are zero. [GL #1159]

- named-checkconf could crash during configuration
  if configured to use "geoip continent" ACLs with
  legacy GeoIP. [GL #1163]

- named-checkconf now correctly reports missing
  dnstap-output option when
  dnstap is set. [GL #1136

- Handle ETIMEDOUT error on connect() with a non-blocking
  socket. [GL #1133]
2019-09-25 21:24:23 +02:00
Petr Menšík
277938ec6c Use just normal variant by default
Testing takes quite long. For now, use by default only normal variant.
SDB variant is not much used and pkcs11 variant is failing now. Keep
ability to enable variants by parameter:
   TEST_VARIANTS="normal sdb pkcs11"
2019-09-25 20:37:03 +02:00