Petr Menšík
e0ab89b893
Fix OpenSSL random patch
...
- Add new notes into notes.xml
- Initialize random provider before creation
2018-09-24 18:05:26 +02:00
Petr Menšík
fdbf64ca93
Fix changelog entry
2018-09-20 11:40:32 +02:00
Petr Menšík
0b3ef49c00
Update to bind-9.11.4-P2
2018-09-20 11:38:06 +02:00
Petr Menšík
8c65390bb6
Add versioned depends to all library subpackages
2018-09-19 21:04:52 +02:00
Petr Menšík
2ac37f7a75
Fix multilib conflict after 9.11 rebase
...
Conflict with devel headers reappeared after rebase to 9.11. Fix
socklen_t in a way that would generate the same types on 32 and 64 bit
architectures.
2018-09-19 21:04:52 +02:00
Petr Menšík
aeea22afaa
Fix annobin failures
...
Replace isc_safe routines with their OpenSSL counter parts
(cherry picked from commit 66ba2fdad583d962a1f4971c85d58381f0849e4d)
Remove isc_safe_memcompare, it's not needed anywhere and can't be replaced with CRYPTO_memcmp()
(cherry picked from commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c)
Fix the isc_safe_memwipe() usage with (NULL, >0)
(cherry picked from commit 083461d3329ff6f2410745848a926090586a9846)
Resolves: rhbz#1624100
2018-09-19 21:04:52 +02:00
Petr Menšík
cc69cd1e32
Use sed to modify generated Makefile
...
Custom patch application is not recognized by checking tools.
Use more readable and understandable way.
2018-09-19 21:04:52 +02:00
Petr Menšík
328fbf43a1
Add manual page for new comand dnssec-importkey
...
Pkcs11 variant did not have it, add a symlink also to real manual.
2018-09-19 21:04:52 +02:00
Petr Menšík
595af1f3d5
[master] completed and corrected the crypto-random change
...
4724. [func] By default, BIND now uses the random number
functions provided by the crypto library (i.e.,
OpenSSL or a PKCS#11 provider) as a source of
randomness rather than /dev/random. This is
suitable for virtual machine environments
which have limited entropy pools and lack
hardware random number generators.
This can be overridden by specifying another
entropy source via the "random-device" option
in named.conf, or via the -r command line option;
however, for functions requiring full cryptographic
strength, such as DNSSEC key generation, this
cannot be overridden. In particular, the -r
command line option no longer has any effect on
dnssec-keygen.
This can be disabled by building with
"configure --disable-crypto-rand".
[RT #31459 ] [RT #46047 ]
2018-09-19 21:04:52 +02:00
Petr Menšík
6e9104cae5
Add support for OpenSSL provided random data
...
Modified pkcs11 patch, problem with openssl/pkcs11 includes and
ISC_PLATFORM_CRYPTOLIB
2018-09-19 21:04:52 +02:00
Pavel Raiskup
0ae69e04e1
BuildRequires: s/postgresql-devel/libpq-devel/
...
That's because we moved libpq.so.5 into libpq package, per
devel list discussion:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/U3XR5EGU2TPI2CDHBRBUD4M4LK5OHKU3/
Related: rhbz#1618698, rhbz#1623764
2018-09-05 14:55:41 +02:00
Petr Menšík
37943d075e
Do not print errors on configuration failure ( #1595782 )
2018-08-14 22:28:45 +02:00
Petr Menšík
95d8248d50
Automatically replace obsoleted ISC DLV key with root key ( #1595782 )
2018-08-14 22:13:44 +02:00
Petr Menšík
e1f8ad2217
Fix sdb-chroot devices upgrade ( #1592873 )
...
Move common part to rpm define, use similar parts with different
parameter. Correct /dev/zero instead of missing /dev/dev.
2018-08-14 17:43:33 +02:00
Petr Menšík
35334375ff
Update to 9.11.4-P1
...
- Fixes CVE-2018-5740
- Adds root key sentinel mechanism support
- incremental zone transfer limit to prevent journal corruption
- rndc reload memory leak
2018-08-09 13:13:02 +02:00
Petr Menšík
899014a8d1
Add support for disabled MD5
...
Do not crash named if MD5 function is not available. Instead gracefully
refuse to use such functions.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-08-02 23:51:45 +02:00
Petr Menšík
aefd72cf8f
Use OpenSSL for digest operations ( #1611537 )
2018-08-02 12:57:04 +02:00
Petr Menšík
20ccb888af
Install manpages generated by build
...
Upstream code will always install manual pages of upstream.
Manuals generated on build will be again installed. Broken by
out-of-tree build to support export-lib.
2018-07-31 22:17:56 +02:00
Petr Menšík
3fdc82d222
Make original setup backward compatible, do not require explicit path to
...
list of files.
2018-07-31 20:14:21 +02:00
Petr Menšík
a38c250807
Update to 9.11.4
...
- Use more recent kyua, upstream bind now requires parallelism.
- Make global so version variables for libraries with multiple builds.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-13 14:14:38 +02:00
Petr Menšík
89e5350e43
Prevent errors on bind-chroot uninstall when running ( #1600583 )
2018-07-13 14:11:20 +02:00
Petr Menšík
572c587d29
Fix chroot devices verification ( #1592873 )
...
Moves creation of device files to setup instead of scriptlets.
Devices cleanup is left to RPM.
2018-07-13 14:11:20 +02:00
Petr Menšík
41d69089c7
Use new config named-chroot.files for chroot setup files ( #1429656 )
2018-07-13 14:11:20 +02:00
Fedora Release Engineering
5c1f40d412
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:04:39 +00:00
Jason Tibbitts
626855668d
Remove needless use of %defattr
2018-07-10 00:26:47 -05:00
Miro Hrončok
80b88039e8
Rebuilt for Python 3.7
2018-07-02 18:22:06 +02:00
Petr Menšík
3159fb6a8e
Require utils instead of library
2018-06-27 21:03:51 +02:00
Petr Menšík
ac50574b43
CVE-2018-5738
2018-06-27 18:18:57 +02:00
Petr Menšík
600bfd47ef
Remove named.iscdlv.key file ( #1595782 )
2018-06-27 18:18:57 +02:00
Miro Hrončok
72c97d6c12
Rebuilt for Python 3.7
2018-06-19 10:40:25 +02:00
Bruno Goncalves
69a52c5216
replace rths role by beakerlib
2018-06-13 16:52:36 +02:00
Petr Menšík
e3d0b186d1
Use selinux boolean to enable writing
...
Resolves: rhbz#1569466
2018-06-08 15:07:24 +02:00
Petr Menšík
5c4c792b8d
Change named shell to /bin/false
...
Related: rhbz#1569466
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:24 +02:00
Petr Menšík
0188ce47c6
Make named home writeable ( #1422680 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-06-08 15:07:18 +02:00
Petr Menšík
de74eb1feb
Require C++ on build when shipped atf library is used
2018-05-25 16:09:37 +02:00
Petr Menšík
f3f402d7f2
Run tests also without kyua
...
Support start of unit tests without kyua and system atf libraries.
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-10 16:53:59 +02:00
Petr Menšík
b8176e5eb4
Update named.ca
2018-04-05 16:38:16 +02:00
Petr Menšík
f17cd8fc68
Do not link libidn2 to all libraries ( #1098783 )
2018-04-05 16:38:16 +02:00
Petr Menšík
36ff6aebe6
Make +noidnout default
2018-04-03 11:26:44 +02:00
Petr Menšík
cc9419191f
Compile export libs without GSSAPI
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:54:13 +02:00
Petr Menšík
8c4729c436
Enable libidn2 support ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-03 10:53:35 +02:00
Petr Menšík
f505a47d9b
Add dig support for libidn2 ( #1098783 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 21:34:41 +01:00
Petr Menšík
86ff90b834
Rebase to 9.11.3
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 17:59:41 +01:00
Petr Menšík
029f0510e6
Fix build with disabled unittest
...
Recommend softhsm from pkcs11 variant
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-03-21 16:55:46 +01:00
Petr Menšík
98bc345e0b
Add some basic information about the package. Main goal is to replace
...
autodetected README in pagure.
2018-03-13 12:45:16 +01:00
Petr Menšík
40e8ab1f0c
- Conflict with bind99-devel
...
- Require openssl-devel and libcap-devel from bind-export-devel
2018-02-26 10:29:11 +01:00
Petr Menšík
9d24906d8d
Remove Group: from spec
2018-02-17 09:29:59 +01:00
Petr Menšík
5fe0b21885
- Use bcond_with to define optional features instead of %global
...
- Move export libs closer to PKCS11 libs, simplify soversion updates
- Remove unnecesary spec parts
2018-02-17 09:29:59 +01:00
Petr Menšík
56e7b0f856
Export libs should distribute own copy of license
2018-02-17 09:29:59 +01:00
Petr Menšík
cb2172301b
Rebase to 9.11.3b1
...
Remove merged upstream patches
Signed-off-by: Petr Menšík <pemensik@redhat.com>
Update new so names
2018-02-17 09:29:59 +01:00