Commit Graph

927 Commits

Author SHA1 Message Date
Petr Menšík
fe1a072435 Provide should not contain architecture 2020-09-16 16:09:08 +02:00
Petr Menšík
c2387c40c7 Add missing architecture to lmdb 2020-09-16 12:13:51 +02:00
Petr Menšík
11da1628d8 Allow easy upgrade of bind-devel
bind-lite-devel needs to be obsoleted. It demands license with its own
reason and block upgrade.
2020-09-16 12:12:55 +02:00
Petr Menšík
aa13488713 Create bind-dnssec-doc subpackage
Move there all manual pages of bind-dnssec-utils. They can be then
shared by bind-pkcs11-utils with just one package owning them.
2020-09-15 20:06:11 +02:00
Petr Menšík
4158647a7a Remove ancient version triggers 2020-09-15 19:34:43 +02:00
Petr Menšík
aa8fce7381 Remove ancient provides
Most of they are related to RHEL 5, which is far too long unsupported.
Stop dragging them along for ages.
2020-09-15 19:28:35 +02:00
Petr Menšík
bd20caa99a Move plugins to upstream default directory
Keep backward-compatible links from old directory. Any original
configuration should keep running like before.
2020-09-15 18:22:27 +02:00
Petr Menšík
f290ef8ed6 Move DLZ modules out of bind base package
All DLZ modules were installed by mistake in main bind package.
Remove them from there, they should be offered only by each dlz
subpackage.

Move modules to upstream used directory %{_libdir}/named.
2020-09-15 18:06:30 +02:00
Petr Menšík
8a73c57ad4 Remove DEVEL conditional define
I find no reason to turn off devel package creation. It can be ignored
if required, but is mandatory due to Fedora packaging guidelines.
Simplify it a bit.
2020-09-15 17:55:01 +02:00
Petr Menšík
1799c36d23 Merge bind-lite-devel into bind-devel
Those packages were very similar in BIND 9.11. Since there is no
isc-config.sh, no significant or required reason to have them separated
exist. Keep separated libraries, but only one devel package.
2020-09-15 17:51:50 +02:00
Petr Menšík
e1be70d96e Disable SDB remains and build only DLZ modules
DLZ modules turned built-in support into named, just like former
named-sdb package had. That was non-intentional and is disabled now.
Instead, build only dynamically loaded modules with support for various
database access.
2020-09-14 21:17:32 +02:00
Petr Menšík
ef5c71f941 Share static data in doc package
Fonts add unnecessary size to doc package. Instead of local copy, link
to theme package static directory and reuse data already installed.
2020-09-14 17:08:06 +02:00
Petr Menšík
89421c0410 Remove lwres remains 2020-08-31 16:31:40 +02:00
Petr Menšík
1667a58d2a Generate html man pages into man subdirectory 2020-08-31 16:31:40 +02:00
Petr Menšík
7be72b675e Disable PDF regeneration
Because pending issues with PDF regeneration, disable PDF for now.
Allow turning it on with --with DOCPDF.

It prevents building successfully on Rawhide/f33 for some reason.
2020-08-31 14:09:33 +02:00
Petr Menšík
bd765f0cce Ignore fmtutil command status
It is not important for the build, just inform about latex tools.
2020-08-28 11:15:29 +02:00
Petr Menšík
823e9d22cf List latex configuration before make 2020-08-26 16:48:02 +02:00
Petr Menšík
7d8ad626e7 Use fmtutil to generate local settings
COPR is missing fmtutil configuration. Try generating it.
2020-08-26 12:44:44 +02:00
Petr Menšík
04a7c5632c Do not use home for pdf build files
texlive stores some files in $HOME directory. Redirect those files to
build directory, where it belongs. Do not touch anything user has.
2020-08-26 12:10:38 +02:00
Petr Menšík
cb3f3691e4 Update to 9.16.6
Release notes:
https://downloads.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
2020-08-22 11:44:09 +02:00
Petr Menšík
2053b89207 Remove duplicate copy of HTML manual pages 2020-07-16 00:02:49 +02:00
Petr Menšík
23ca292909 Update to 9.16.5
Modifies API of libraries, needs rebuild of dependent packages.
2020-07-15 22:39:37 +02:00
Petr Menšík
9a4be75094 Move documentation from bind-doc subdir to bind
Subpackage is there just as shared documentation for main package.
I want to stay in original directory, even most of paths have changed
since move to sphinx generated documentation.
2020-06-19 22:17:03 +02:00
Petr Menšík
2a2d2faeae fixup! Update to 9.16.4 2020-06-18 14:07:00 +02:00
Petr Menšík
e8b35851c3 Delete installed manuals for disabled features
Some manuals are installed, even when those features are disabled.
Remove such manuals after installation.
2020-06-18 12:33:42 +02:00
Petr Menšík
0963df6403 Create doc subpackage and regenerate documentation
Regenerates full documentation on each build. Make documentation
optional in case some dependencies would be missing.
2020-06-18 04:45:07 +02:00
Petr Menšík
b8ccda0801 Update to 9.16.4
Documentation changed and requires another commit.
2020-06-18 04:30:24 +02:00
Petr Menšík
23458b3db1 Make usage of initscripts optional
Do not depend hard on initscript just to provide fancy colored status.
When started from systemd, it does not really matter.

Return exactly the same return code as returned by the original tool.
2020-05-22 12:18:30 +02:00
Petr Menšík
7fe31e1892 Update to 9.16.3
Changes some solib versions and fixes two important CVEs:
CVE-2020-8616 CVE-2020-8617
2020-05-20 13:25:26 +02:00
Petr Menšík
8ad1379019 Do not request use of urandom and report failure
Original script did not report failure as exit status. Report error if
rndc key generation failed also by exit status, not only by failed
message.

-r parameter is unsupported now, do not require it anymore.
2020-05-11 18:09:54 +02:00
Petr Menšík
775befed48 Try successful build on epel8
softhsm is not provided on RHEL 8 as normal package. It is distributed
only in idm:DL1 module. If unittest or systemtest is not enabled, skip
configuring softhsm. It would not be used anyway.
2020-04-28 10:18:03 +02:00
Petr Menšík
40861268f3 Enable native PKCS11 build again
It was disabled because patches were not fixed. It compiles now, try it.
2020-04-27 22:22:47 +02:00
Petr Menšík
afbbd0be52 Add support to native PKCS11
Set of patches and changes, that fixes compilation of native PKCS11
support as subpackage. Moves definition of USE_PKCS11 from config.h to
Makefiles. Defaults to off and only PKCS11 subdirectories set it to
true.
2020-04-27 21:59:25 +02:00
Petr Menšík
3ef9cd3dce Replace initial key with just digest of it
Mentioned link if a file leads to XML with only checksums included.
Relation between them and included key is not obvious or specified.
Include initial digest, which is shorter and easier to validate.
2020-04-27 12:21:58 +02:00
Petr Menšík
8b8d05ffc0 Update sample config to match current version 2020-04-27 12:01:53 +02:00
Petr Menšík
aaa1cdaabf Update configuration to 9.16
Fixes warnings in default configuration file. Skip always enabled DNSSEC
and use more recent trust anchor format.
2020-04-24 15:21:33 +02:00
Petr Menšík
1d9c1cf435 fixup! Make spec work also on CentOS 8 2020-04-16 12:42:58 +02:00
Petr Menšík
1b133224fc Update to 9.16.2
Notes for BIND 9.16.2
Security Fixes

    DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]

Known Issues

    We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685]

Feature Changes

    The previous DNSSEC sign statistics used lots of memory. The number of keys to track is reduced to four per zone, which should be enough for 99% of all signed zones. [GL #1179]

Bug Fixes

    When an RPZ policy zone was updated via zone transfer and a large number of records was deleted, named could become nonresponsive for a short period while deleted names were removed from the RPZ summary database. This database cleanup is now done incrementally over a longer period of time, reducing such delays. [GL #1447]

    When trying to migrate an already-signed zone from auto-dnssec maintain to one based on dnssec-policy, the existing keys were immediately deleted and replaced with new ones. As the key rollover timing constraints were not being followed, it was possible that some clients would not have been able to validate responses until all old DNSSEC information had timed out from caches. BIND now looks at the time metadata of the existing keys and incorporates it into its DNSSEC policy operation. [GL #1706]
2020-04-16 12:38:00 +02:00
Petr Menšík
5e13eb8e75 Make spec work also on CentOS 8
Move some conditional requirements to be enabled just on Fedora.
2020-04-16 11:21:47 +02:00
Petr Menšík
304cfaa8e0 Enable source verification only on Fedora builds 2020-04-08 20:50:01 +02:00
Petr Menšík
6b3788d026 Provide link to merge request for lastest patch
Document when it should be removed
2020-04-08 20:15:42 +02:00
Petr Menšík
ec5a01d972 Remove SDB sections
Since 9.12 BIND no longer ships required files to create SDB version.
Limited support should still be possible with DLZ modules.
2020-04-01 20:25:56 +02:00
Petr Menšík
74c92fb0da Enable DLZ dependencies without SDB 2020-04-01 20:17:37 +02:00
Petr Menšík
29036faad7 Link all used libraries to libisc
Library should link all required libraries. Link all used libraries
directly to libisc. Should help with dynamic linking of -lisc alone.
2020-04-01 19:56:12 +02:00
Petr Menšík
fcefdeb129 Disable SDB and its patches, enable DLZ
SDB is no longer part of bind distribution. Do not try to compile static
linked version named-sdb. But DLZ modules work, enable them without
tools.
2020-03-27 16:06:37 +01:00
Petr Menšík
15cfc8b402 Disable GEOIP and compile on s390x without SDB 2020-03-27 13:35:09 +01:00
Petr Menšík
80d0367669 Remove GEOIP and EXPORT_LIBS
Most recent release is no longer able to statisfy export libs and geoip
legacy. Remove its support from GeoIP.
2020-03-27 12:53:49 +01:00
Petr Menšík
a6f9fe005e Remove unused 9.14 patches 2020-03-27 12:39:30 +01:00
Petr Menšík
814547323e Update patches after rebase 2020-03-27 12:30:39 +01:00
Petr Menšík
78968700e2 Fix tsig system test
During rebase, custom md5 part gone missing.
2020-03-27 11:28:13 +01:00