bind9.16/SPECS/bind9.16.spec

4039 lines
143 KiB
RPMSpec

#
# Red Hat BIND9 package .spec file
#
# vim:expandtab ts=2:
# bcond_without is built by default, unless --without X is passed
# bcond_with is built only when --with X is passed to build
%bcond_with SYSTEMTEST
%bcond_without GSSTSIG
# it is not possible to build the package without PKCS11 sub-package
# due to extensive changes to Makefiles
%bcond_with PKCS11
%bcond_without JSON
%bcond_with DLZ
# New MaxMind GeoLite support
%bcond_without GEOIP2
# kyua no longer in buildroot in RHEL9
%bcond_with UNITTEST
%bcond_without DNSTAP
%bcond_without LMDB
%bcond_without DOC
# Because of issues with PDF rebuild, include only HTML pages
%bcond_with DOCPDF
%bcond_with TSAN
%{?!bind_uid: %global bind_uid 25}
%{?!bind_gid: %global bind_gid 25}
%{!?_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
%global bind_dir /var/named
%global chroot_prefix %{bind_dir}/chroot
%global chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
%{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
%global selinuxbooleans named_write_master_zones=1
## The order of libs is important. See lib/Makefile.in for details
%define bind_export_libs isc dns isccfg irs
%{!?_export_dir:%global _export_dir /bind9-export/}
# libisc-nosym requires to be linked with unresolved symbols
# When libisc-nosym linking is fixed, it can be defined to 1
# Visit https://bugzilla.redhat.com/show_bug.cgi?id=1540300
%undefine _strict_symbol_defs_build
#
# significant changes:
# no more isc-config.sh and bind9-config
# lib*.so.X versions of selected libraries no longer provided,
# lib*-%%{version}-RH.so is provided as an internal implementation detail
# Upstream package name
%global upname bind
%define upname_compat() \
%if "%{name}" != "%{upname}" \
Conflicts: %1 \
%endif
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind9.16
License: MPLv2.0
Version: 9.16.23
Release: 0.14%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
Source0: https://downloads.isc.org/isc/bind9/%{version}/%{upname}-%{version}.tar.xz
Source1: named.sysconfig
Source2: https://downloads.isc.org/isc/bind9/%{version}/%{upname}-%{version}.tar.xz.asc
Source3: named.logrotate
Source4: https://downloads.isc.org/isc/pgpkeys/codesign2021.txt
Source16: named.conf
# Refresh by command: dig @a.root-servers.net. +tcp +norec
# or from URL
Source17: https://www.internic.net/domain/named.root
Source18: named.localhost
Source19: named.loopback
Source20: named.empty
Source23: named.rfc1912.zones
Source25: named.conf.sample
Source27: named.root.key
Source35: bind.tmpfiles.d
Source36: trusted-key.key
Source37: named.service
Source38: named-chroot.service
Source41: setup-named-chroot.sh
Source42: generate-rndc-key.sh
Source43: named.rwtab
Source44: named-chroot-setup.service
Source46: named-setup-rndc.service
Source47: named-pkcs11.service
Source48: setup-named-softhsm.sh
Source49: named-chroot.files
# Common patches
Patch10: bind-9.5-PIE.patch
Patch16: bind-9.16-redhat_doc.patch
Patch72: bind-9.5-dlz-64bit.patch
Patch106:bind93-rh490837.patch
Patch112:bind97-rh645544.patch
Patch130:bind-9.9.1-P2-dlz-libdb.patch
# Make PKCS11 used only for pkcs11 parts
Patch135:bind-9.14-config-pkcs11.patch
# Fedora specific patch to distribute native-pkcs#11 functionality
Patch136:bind-9.10-dist-native-pkcs11.patch
# Do not use isc-pkcs11.
Patch149:bind-9.11-kyua-pkcs11.patch
Patch157:bind-9.11-fips-tests.patch
Patch164:bind-9.11-rh1666814.patch
Patch170:bind-9.11-feature-test-named.patch
Patch171:bind-9.11-tests-variants.patch
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5987
Patch172:bind-9.16-CVE-2022-0396.patch
Patch173:bind-9.16-CVE-2021-25220.patch
Patch174:bind-9.16-CVE-2021-25220-test.patch
Patch175:bind-9.16-CVE-2022-3080.patch
Patch176:bind-9.16-CVE-2022-38177.patch
Patch177:bind-9.16-CVE-2022-38178.patch
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6793
# https://gitlab.isc.org/isc-projects/bind9/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8
Patch178:bind-9.16-CVE-2022-2795.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/82185f4f80d2fa39a4569f6740cb360ffff8f5c4
Patch182: bind-9.16-CVE-2022-3094-1.patch
Patch183: bind-9.16-CVE-2022-3094-2.patch
Patch184: bind-9.16-CVE-2022-3094-3.patch
Patch185: bind-9.16-CVE-2022-3094-test.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/ea79385990c564eb478c286c089ea7ed15520690
Patch186: bind-9.16-CVE-2022-3736.patch
# https://gitlab.isc.org/isc-projects/bind9/commit/b4a65aaea19762a3712932aa2270e8a833fbde22
Patch187: bind-9.16-CVE-2022-3924.patch
%{?systemd_ordering}
Requires: coreutils
Requires(pre): shadow-utils
Requires(post): shadow-utils
Requires(post): glibc-common
Requires(post): grep
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
# This wild require should satisfy %%selinux_set_boolean macro only
# in case it needs to be used
Requires(post): ((policycoreutils-python-utils and libselinux-utils) if (selinux-policy-targeted or selinux-policy-mls))
Requires(post): ((selinux-policy and selinux-policy-base) if (selinux-policy-targeted or selinux-policy-mls))
Recommends: %{name}-utils %{name}-dnssec-utils
%upname_compat %{upname}
BuildRequires: gcc, make
BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
BuildRequires: libidn2-devel, libxml2-devel
BuildRequires: systemd-rpm-macros
BuildRequires: selinux-policy
# needed for %%{__python3} macro
BuildRequires: python3-devel
BuildRequires: python3-ply
BuildRequires: findutils sed
%if 0%{?fedora}
BuildRequires: gnupg2
%endif
BuildRequires: libuv-devel
%if %{with DLZ}
BuildRequires: openldap-devel, libpq-devel, sqlite-devel, mariadb-connector-c-devel
%endif
%if %{with UNITTEST}
# make unit dependencies
BuildRequires: libcmocka-devel kyua
%endif
%if %{with PKCS11} && (%{with UNITTEST} || %{with SYSTEMTEST})
BuildRequires: softhsm
%endif
%if %{with SYSTEMTEST}
# bin/tests/system dependencies
BuildRequires: perl(Net::DNS) perl(Net::DNS::Nameserver) perl(Time::HiRes) perl(Getopt::Long)
# manual configuration requires this tool
BuildRequires: iproute
%endif
%if %{with GSSTSIG}
BuildRequires: krb5-devel
%endif
%if %{with LMDB}
BuildRequires: lmdb-devel
%endif
%if %{with JSON}
BuildRequires: json-c-devel
%endif
%if %{with GEOIP2}
BuildRequires: libmaxminddb-devel
%endif
%if %{with DNSTAP}
BuildRequires: fstrm-devel protobuf-c-devel
%endif
# Needed to regenerate dig.1 manpage
%if %{with DOC}
BuildRequires: python3-sphinx python3-sphinx_rtd_theme
BuildRequires: doxygen
%endif
%if %{with DOCPDF}
# Because remaining issues with COPR, allow turning off PDF (re)generation
BuildRequires: python3-sphinx-latex latexmk texlive-xetex texlive-xindy
%endif
%if %{with TSAN}
BuildRequires: libtsan
%endif
%description
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
%if %{with PKCS11}
%package pkcs11
Summary: Bind with native PKCS#11 functionality for crypto
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
Recommends: softhsm
%description pkcs11
This is a version of BIND server built with native PKCS#11 functionality.
It is important to have SoftHSM v2+ installed and some token initialized.
For other supported HSM modules please check the BIND documentation.
%package pkcs11-utils
Summary: Bind tools with native PKCS#11 for using DNSSEC
Requires: %{name}-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-pkcs11 < 32:9.9.4-16.P2
%description pkcs11-utils
This is a set of PKCS#11 utilities that when used together create rsa
keys in a PKCS11 keystore. Also utilities for working with DNSSEC
compiled with native PKCS#11 functionality are included.
%package pkcs11-libs
Summary: Bind libraries compiled with native PKCS#11
Requires: %{name}-license = %{epoch}:%{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description pkcs11-libs
This is a set of BIND libraries (dns, isc) compiled with native PKCS#11
functionality.
%package pkcs11-devel
Summary: Development files for Bind libraries compiled with native PKCS#11
Requires: %{name}-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
%description pkcs11-devel
This a set of development files for BIND libraries (dns, isc) compiled
with native PKCS#11 functionality.
%endif
%package libs
Summary: Libraries used by the BIND DNS packages
Requires: %{name}-license = %{epoch}:%{version}-%{release}
Provides: %{name}-libs-lite = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-libs-lite < 32:9.16.13
%description libs
Contains heavyweight version of BIND suite libraries used by both named DNS
server and utilities in %{name}-utils package.
%package license
Summary: License of the BIND DNS suite
BuildArch:noarch
%description license
Contains license of the BIND DNS suite.
%package utils
Summary: Utilities for querying DNS name servers
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
# For compatibility with Debian package
Provides: dnsutils = %{epoch}:%{version}-%{release}
%upname_compat %{upname}-utils
%description utils
Bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.
You should install %{name}-utils if you need to get information from DNS name
servers.
%package dnssec-utils
Summary: DNSSEC keys and zones management utilities
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Recommends: %{name}-utils
Requires: python3-%{name} = %{epoch}:%{version}-%{release}
Provides: %{name}-dnssec-doc = %{epoch}:%{version}-%{release}
%upname_compat %{upname}-dnssec-utils
%upname_compat %{upname}-pkcs11-utils
%description dnssec-utils
Bind-dnssec-utils contains a collection of utilities for editing
DNSSEC keys and BIND zone files. These tools provide generation,
revocation and verification of keys and DNSSEC signatures in zone files.
You should install %{name}-dnssec-utils if you need to sign a DNS zone
or maintain keys for it.
%package devel
Summary: Header files and libraries needed for bind-dyndb-ldap
Provides: %{name}-lite-devel = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-lite-devel < 32:9.16.6-3
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa}
Requires: libcap-devel%{?_isa}
%if %{with GSSTSIG}
Requires: krb5-devel%{?_isa}
%endif
%if %{with LMDB}
Requires: lmdb-devel%{?_isa}
%endif
%if %{with JSON}
Requires: json-c-devel%{?_isa}
%endif
%if %{with DNSTAP}
Requires: fstrm-devel%{?_isa} protobuf-c-devel%{?_isa}
%endif
%if %{with GEOIP2}
Requires: libmaxminddb-devel%{?_isa}
%endif
%upname_compat %{upname}-devel
%upname_compat %{upname}-lite-devel
%description devel
The %{name}-devel package contains full version of the header files and libraries
required for building bind-dyndb-ldap. Upstream no longer supports nor recommends
bind libraries for third party applications.
%package chroot
Summary: A chroot runtime environment for the ISC BIND DNS server, named(8)
Prefix: %{chroot_prefix}
# grep is required due to setup-named-chroot.sh script
Requires: grep
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description chroot
This package contains a tree of files which can be used as a
chroot(2) jail for the named(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%if %{with DLZ}
%package dlz-filesystem
Summary: BIND server filesystem DLZ module
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description dlz-filesystem
Dynamic Loadable Zones filesystem module for BIND server.
%package dlz-ldap
Summary: BIND server ldap DLZ module
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description dlz-ldap
Dynamic Loadable Zones LDAP module for BIND server.
%package dlz-mysql
Summary: BIND server mysql and mysqldyn DLZ modules
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Provides: %{name}-dlz-mysqldyn = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-dlz-mysqldyn < 32:9.16.6-3
%description dlz-mysql
Dynamic Loadable Zones MySQL module for BIND server.
Contains also mysqldyn module with dynamic DNS updates (DDNS) support.
%package dlz-sqlite3
Summary: BIND server sqlite3 DLZ module
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description dlz-sqlite3
Dynamic Loadable Zones sqlite3 module for BIND server.
%endif
%package -n python3-%{name}
Summary: A module allowing rndc commands to be sent from Python programs
Requires: %{name}-license = %{epoch}:%{version}-%{release}
Requires: python3 python3-ply %{?py3_dist:%py3_dist ply}
BuildArch: noarch
%upname_compat python3-%{upname}
%{?python_provide:%python_provide python3-bind}
%{?python_provide:%python_provide python3-isc}
%description -n python3-%{name}
This package provides a module which allows commands to be sent to rndc directly from Python programs.
%if %{with DOC}
%package doc
Summary: BIND 9 Administrator Reference Manual
Requires: %{name}-license = %{epoch}:%{version}-%{release}
BuildArch: noarch
%description doc
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses; a resolver library
(routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating properly.
This package contains BIND 9 Administrator Reference Manual
in HTML and PDF format.
%end
%endif
%prep
%if 0%{?fedora}
# RHEL does not yet support this verification
%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
%endif
%setup -qn %{upname}-%{version}
# Common patches
%patch10 -p1 -b .PIE
%patch16 -p1 -b .redhat_doc
%patch72 -p1 -b .64bit
%patch106 -p1 -b .rh490837
%patch112 -p1 -b .rh645544
%patch130 -p1 -b .libdb
%patch157 -p1 -b .fips-tests
%patch164 -p1 -b .rh1666814
%patch170 -p1 -b .featuretest-named
%patch171 -p1 -b .test-variant
%patch172 -p1 -b .CVE-2022-0396
%patch173 -p1 -b .CVE-2021-25220
%patch174 -p1 -b .CVE-2021-25220-test
%patch175 -p1 -b .CVE-2022-3080
%patch176 -p1 -b .CVE-2022-38177
%patch177 -p1 -b .CVE-2022-38178
%patch178 -p1 -b .CVE-2022-2795
%patch182 -p1 -b .CVE-2022-3094
%patch183 -p1 -b .CVE-2022-3094
%patch184 -p1 -b .CVE-2022-3094
%patch185 -p1 -b .CVE-2022-3094-test
%patch186 -p1 -b .CVE-2022-3736
%patch187 -p1 -b .CVE-2022-3924
%if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11
cp -r bin/named{,-pkcs11}
cp -r bin/dnssec{,-pkcs11}
cp -r lib/dns{,-pkcs11}
cp -r lib/ns{,-pkcs11}
%patch136 -p1 -b .dist_pkcs11
%patch149 -p1 -b .kyua-pkcs11
%endif
# Sparc and s390 arches need to use -fPIE
%ifarch sparcv9 sparc64 s390 s390x
for i in bin/named/{,unix}/Makefile.in; do
sed -i 's|fpie|fPIE|g' $i
done
%endif
sed -e 's|"$TOP/config.guess"|"$TOP_SRCDIR/config.guess"|' -i bin/tests/system/ifconfig.sh
:;
%build
## We use out of tree configure/build for export libs
%define _configure "../configure"
# normal and pkcs11 unit tests
%define unit_prepare_build() \
cp -uv Kyuafile "%{1}/" \
find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \
find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \
find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
%define systemtest_prepare_build() \
cp -Tuav bin/tests "%{1}/bin/tests/" \
cp -uv version "%{1}" \
CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
%if %{with TSAN}
CFLAGS+=" -O1 -fsanitize=thread -fPIE -pie"
%endif
export CFLAGS
export STD_CDEFINES="$CPPFLAGS"
sed -i -e \
's/RELEASEVER=\(.*\)/RELEASEVER=\1-RH/' \
version
libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
mkdir build
%if %{with DLZ}
# DLZ modules do not support oot builds. Copy files into build
mkdir -p build/contrib/dlz
cp -frp contrib/dlz/modules build/contrib/dlz/modules
%endif
pushd build
LIBDIR_SUFFIX=
export LIBDIR_SUFFIX
%configure \
--with-python=%{__python3} \
--with-libtool \
--localstatedir=%{_var} \
--with-pic \
--disable-static \
--includedir=%{_includedir}/bind9 \
--with-tuning=large \
--with-libidn2 \
%if %{with GEOIP2}
--with-maxminddb \
%endif
%if %{with PKCS11}
--enable-native-pkcs11 \
--with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
%endif
--with-dlopen=yes \
%if %{with GSSTSIG}
--with-gssapi=yes \
%endif
%if %{with LMDB}
--with-lmdb=yes \
%else
--with-lmdb=no \
%endif
%if %{with JSON}
--without-libjson --with-json-c \
%endif
%if %{with DNSTAP}
--enable-dnstap \
%endif
%if %{with UNITTEST}
--with-cmocka \
%endif
--enable-fixed-rrset \
--enable-full-report \
;
%if %{with DNSTAP}
pushd lib
SRCLIB="../../../lib"
(cd dns && ln -s ${SRCLIB}/dns/dnstap.proto)
%if %{with PKCS11}
(cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto)
%endif
popd
%endif
%if %{with DOCPDF}
# avoid using home for pdf latex files
export TEXMFVAR="`pwd`"
export TEXMFCONFIG="`pwd`"
fmtutil-user --listcfg || :
fmtutil-user --missing || :
%endif
%make_build
# Regenerate dig.1 manpage
pushd bin/dig
make man
popd
pushd bin/python
make man
popd
%if %{with DOC}
make doc
%endif
%if %{with DLZ}
pushd contrib/dlz/modules
for DIR in mysql mysqldyn; do
sed -e 's/@DLZ_DRIVER_MYSQL_INCLUDES@/$(shell mysql_config --cflags)/' \
-e 's/@DLZ_DRIVER_MYSQL_LIBS@/$(shell mysql_config --libs)/' \
$DIR/Makefile.in > $DIR/Makefile
done
for DIR in filesystem ldap mysql mysqldyn sqlite3; do
make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"
done
popd
%endif
popd # build
%unit_prepare_build build
%systemtest_prepare_build build
%check
%if %{with PKCS11} && (%{with UNITTEST} || %{with SYSTEMTEST})
# Tests require initialization of pkcs11 token
eval "$(bash %{SOURCE48} -A "`pwd`/softhsm-tokens")"
%endif
%if %{with TSAN}
export TSAN_OPTIONS="log_exe_name=true log_path=ThreadSanitizer exitcode=0"
%endif
%if %{with UNITTEST}
pushd build
CPUS=$(lscpu -p=cpu,core | grep -v '^#' | wc -l)
if [ "$CPUS" -gt 16 ]; then
ORIGFILES=$(ulimit -n)
ulimit -n 4096 || : # Requires on some machines with many cores
fi
make unit
e=$?
if [ "$e" -ne 0 ]; then
echo "ERROR: this build of BIND failed 'make unit'. Aborting."
exit $e;
fi;
[ "$CPUS" -gt 16 ] && ulimit -n $ORIGFILES || :
popd
## End of UNITTEST
%endif
%if %{with SYSTEMTEST}
# Runs system test if ip addresses are already configured
# or it is able to configure them
if perl bin/tests/system/testsock.pl
then
CONFIGURED=already
else
CONFIGURED=
sh bin/tests/system/ifconfig.sh up
perl bin/tests/system/testsock.pl && CONFIGURED=build
fi
if [ -n "$CONFIGURED" ]
then
set -e
pushd build/bin/tests
chown -R ${USER} . # Can be unknown user
%make_build test 2>&1 | tee test.log
e=$?
popd
[ "$CONFIGURED" = build ] && sh bin/tests/system/ifconfig.sh down
if [ "$e" -ne 0 ]; then
echo "ERROR: this build of BIND failed 'make test'. Aborting."
exit $e;
fi;
else
echo 'SKIPPED: tests require root, CAP_NET_ADMIN or already configured test addresses.'
fi
%endif
:
%install
# Build directory hierarchy
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/{bind,named}
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named/{slaves,data,dynamic}
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
mkdir -p ${RPM_BUILD_ROOT}/run/named
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/log
#chroot
for D in %{chroot_create_directories}
do
mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}${D}
done
# create symlink as it is on real filesystem
pushd ${RPM_BUILD_ROOT}/%{chroot_prefix}/var
ln -s ../run run
popd
# these are required to prevent them being erased during upgrade of previous
touch ${RPM_BUILD_ROOT}/%{chroot_prefix}%{_sysconfdir}/named.conf
#end chroot
pushd build
%make_install
popd
# Remove unwanted files
rm -f ${RPM_BUILD_ROOT}/etc/bind.keys
# Systemd unit files
mkdir -p ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE37} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}
%if %{with PKCS11}
install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}
%else
# Not packaged without PKCS11
find ${RPM_BUILD_ROOT}%{_includedir}/bind9/pk11 ${RPM_BUILD_ROOT}%{_includedir}/bind9/pkcs11 \
-name '*.h' \! -name site.h -delete
%endif
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
%if %{with PKCS11}
install -m 755 %{SOURCE48} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh
%endif
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
install -m 644 %{SOURCE49} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files
%if %{with DLZ}
pushd build
pushd contrib/dlz/modules
for DIR in filesystem ldap mysql mysqldyn sqlite3; do
%make_install -C $DIR libdir=%{_libdir}/named
done
pushd ${RPM_BUILD_ROOT}/%{_libdir}/bind
cp -s ../named/dlz_*.so .
popd
mkdir -p doc/{mysql,mysqldyn}
cp -p mysqldyn/testing/README doc/mysqldyn/README.testing
cp -p mysqldyn/testing/* doc/mysqldyn
cp -p mysql/testing/* doc/mysql
popd
popd
%endif
# Install isc/errno2result.h header
install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc
# Remove libtool .la files:
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
# PKCS11 versions manpages
%if %{with PKCS11}
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
ln -s named.8.gz named-pkcs11.8.gz
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz
ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz
ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
popd
%endif
# 9.16.4 installs even manual pages for tools not generated
%if %{without DNSTAP}
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/dnstap-read.1* || true
%endif
%if %{without LMDB}
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/named-nzd2nzf.8* || true
%endif
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
ln -s ddns-confgen.8.gz tsig-keygen.8.gz
ln -s named-checkzone.8.gz named-compilezone.8.gz
popd
%if %{with DOC}
mkdir -p ${RPM_BUILD_ROOT}%{_pkgdocdir}
cp -a build/doc/arm/_build/html ${RPM_BUILD_ROOT}%{_pkgdocdir}
rm -rf ${RPM_BUILD_ROOT}%{_pkgdocdir}/html/.{buildinfo,doctrees}
# Backward compatible link to 9.11 documentation
(cd ${RPM_BUILD_ROOT}%{_pkgdocdir} && ln -s html/index.html Bv9ARM.html)
# Don't share static data from original sphinx theme package
# Because RPM is unable to replace symlink to directory with directory,
# move data copy directory and create link to it.
pushd "${RPM_BUILD_ROOT}%{_pkgdocdir}/html/_static"
for DIR in */
do
DDATA="${DIR%/}"
mv "$DIR" "$DDATA.data"
ln -s "$DDATA.data" "$DDATA"
done
popd
%endif
%if %{with DOCPDF}
cp -a build/doc/arm/Bv9ARM.pdf ${RPM_BUILD_ROOT}%{_pkgdocdir}
%endif
# Ghost config files:
touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
# configuration files:
install -m 640 %{SOURCE16} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.{key,conf}
install -m 644 %{SOURCE27} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.root.key
install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}%{_sysconfdir}/trusted-key.key
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/named
# data files:
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named
install -m 640 %{SOURCE17} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca
install -m 640 %{SOURCE18} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost
install -m 640 %{SOURCE19} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback
install -m 640 %{SOURCE20} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty
install -m 640 %{SOURCE23} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones
# sample bind configuration files for %%doc:
mkdir -p sample/etc sample/var/named/{data,slaves}
install -m 644 %{SOURCE25} sample/etc/named.conf
# Copy default configuration to %%doc to make it usable from system-config-bind
install -m 644 %{SOURCE16} named.conf.default
install -m 644 %{SOURCE23} sample/etc/named.rfc1912.zones
install -m 644 %{SOURCE18} %{SOURCE19} %{SOURCE20} sample/var/named
install -m 644 %{SOURCE17} sample/var/named/named.ca
for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do
echo '@ in soa localhost. root 1 3H 15M 1W 1D
ns localhost.' > sample/var/named/$f;
done
:;
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
install -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
%pre
if [ "$1" -eq 1 ]; then
/usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
/usr/sbin/useradd -u %{bind_uid} -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
fi;
:;
%post
%?ldconfig
if [ -e "%{_sysconfdir}/selinux/config" ]; then
%selinux_set_booleans -s targeted %{selinuxbooleans}
%selinux_set_booleans -s mls %{selinuxbooleans}
fi
if [ "$1" -eq 1 ]; then
# Initial installation
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
# rndc.key has to have correct perms and ownership, CVE-2007-6283
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
else
# Upgrade, use invalid shell
if getent passwd named | grep ':/bin/false$' >/dev/null; then
/sbin/usermod -s /sbin/nologin named
fi
# Checkconf will parse out comments
if /usr/sbin/named-checkconf -p /etc/named.conf 2>/dev/null | grep -q named.iscdlv.key
then
echo "Replacing obsolete named.iscdlv.key with named.root.key..."
if cp -Rf --preserve=all --remove-destination /etc/named.conf /etc/named.conf.rpmbackup; then
sed -e 's/named\.iscdlv\.key/named.root.key/' \
/etc/named.conf.rpmbackup > /etc/named.conf || \
mv /etc/named.conf.rpmbackup /etc/named.conf
fi
fi
fi
%systemd_post named.service
:;
%preun
# Package removal, not upgrade
%systemd_preun named.service
%postun
%?ldconfig
# Package upgrade, not uninstall
%systemd_postun_with_restart named.service
if [ -e "%{_sysconfdir}/selinux/config" ]; then
%selinux_unset_booleans -s targeted %{selinuxbooleans}
%selinux_unset_booleans -s mls %{selinuxbooleans}
fi
%if %{with PKCS11}
%post pkcs11
# Initial installation
%systemd_post named-pkcs11.service
%preun pkcs11
# Package removal, not upgrade
%systemd_preun named-pkcs11.service
%postun pkcs11
# Package upgrade, not uninstall
%systemd_postun_with_restart named-pkcs11.service
%endif
# Fix permissions on existing device files on upgrade
%define chroot_fix_devices() \
if [ $1 -gt 1 ]; then \
for DEV in "%{1}/dev"/{null,random,zero}; do \
if [ -e "$DEV" -a "$(/bin/stat --printf="%G %a" "$DEV")" = "root 644" ]; \
then \
/bin/chmod 0664 "$DEV" \
/bin/chgrp named "$DEV" \
fi \
done \
fi
%triggerun -- bind < 32:9.9.0-0.6.rc1
/sbin/chkconfig --del named >/dev/null 2>&1 || :
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
%ldconfig_scriptlets libs
%if %{with PKCS11}
%ldconfig_scriptlets pkcs11-libs
%endif
%post chroot
%systemd_post named-chroot.service
%chroot_fix_devices %{chroot_prefix}
:;
%posttrans chroot
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
[ -x /sbin/restorecon ] && /sbin/restorecon %{chroot_prefix}/dev/* > /dev/null 2>&1;
fi;
%preun chroot
# wait for stop of both named-chroot and named-chroot-setup services
# on uninstall
%systemd_preun named-chroot.service named-chroot-setup.service
:;
%postun chroot
# Package upgrade, not uninstall
%systemd_postun_with_restart named-chroot.service
%files
# TODO: Move from lib/bind to lib/named, as used by upstream
%dir %{_libdir}/bind
%dir %{_libdir}/named
%{_libdir}/named/*.so
%exclude %{_libdir}/named/dlz_*.so
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key
%config(noreplace) %{_sysconfdir}/logrotate.d/named
%{_tmpfilesdir}/named.conf
%{_sysconfdir}/rwtab.d/named
%{_unitdir}/named.service
%{_unitdir}/named-setup-rndc.service
%{_sbindir}/named-journalprint
%{_sbindir}/named-checkconf
%{_bindir}/named-rrchecker
%{_bindir}/mdig
%{_sbindir}/named
%{_sbindir}/rndc*
%{_libexecdir}/generate-rndc-key.sh
%{_mandir}/man1/mdig.1*
%{_mandir}/man1/named-rrchecker.1*
%{_mandir}/man5/named.conf.5*
%{_mandir}/man5/rndc.conf.5*
%{_mandir}/man8/rndc.8*
%{_mandir}/man8/named.8*
%{_mandir}/man8/named-checkconf.8*
%{_mandir}/man8/rndc-confgen.8*
%{_mandir}/man8/named-journalprint.8*
%{_mandir}/man8/filter-aaaa.8.gz
%doc CHANGES README named.conf.default
%doc sample/
# Hide configuration
%defattr(0640,root,named,0750)
%dir %{_sysconfdir}/named
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
%defattr(0660,root,named,01770)
%dir %{_localstatedir}/named
%defattr(0660,named,named,0770)
%dir %{_localstatedir}/named/slaves
%dir %{_localstatedir}/named/data
%dir %{_localstatedir}/named/dynamic
%ghost %{_localstatedir}/log/named.log
%defattr(0640,root,named,0750)
%config %verify(not link) %{_localstatedir}/named/named.ca
%config %verify(not link) %{_localstatedir}/named/named.localhost
%config %verify(not link) %{_localstatedir}/named/named.loopback
%config %verify(not link) %{_localstatedir}/named/named.empty
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
# ^- rndc.key now created on first install only if it does not exist
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf
# ^- The default rndc.conf which uses rndc.key is in named's default internal config -
# so rndc.conf is not necessary.
%defattr(-,named,named,-)
%dir /run/named
%files libs
%{_libdir}/libbind9-%{version}*.so
%{_libdir}/libisccc-%{version}*.so
%{_libdir}/libns-%{version}*.so
%{_libdir}/libdns-%{version}*.so
%{_libdir}/libirs-%{version}*.so
%{_libdir}/libisc-%{version}*.so
%{_libdir}/libisccfg-%{version}*.so
%files license
%{!?_licensedir:%global license %%doc}
%license COPYRIGHT
%files utils
%{_bindir}/dig
%{_bindir}/delv
%{_bindir}/host
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_bindir}/arpaname
%{_sbindir}/ddns-confgen
%{_sbindir}/tsig-keygen
%{_sbindir}/nsec3hash
%{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone
%if %{with DNSTAP}
%{_bindir}/dnstap-read
%{_mandir}/man1/dnstap-read.1*
%endif
%if %{with LMDB}
%{_sbindir}/named-nzd2nzf
%{_mandir}/man8/named-nzd2nzf.8*
%endif
%{_mandir}/man1/host.1*
%{_mandir}/man1/nsupdate.1*
%{_mandir}/man1/dig.1*
%{_mandir}/man1/delv.1*
%{_mandir}/man1/nslookup.1*
%{_mandir}/man1/arpaname.1*
%{_mandir}/man8/ddns-confgen.8*
%{_mandir}/man8/tsig-keygen.8*
%{_mandir}/man8/nsec3hash.8*
%{_mandir}/man8/named-checkzone.8*
%{_mandir}/man8/named-compilezone.8*
%{_sysconfdir}/trusted-key.key
%files dnssec-utils
%{_sbindir}/dnssec*
%{_mandir}/man8/dnssec*.8*
%if %{with PKCS11}
%exclude %{_sbindir}/dnssec*pkcs11
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
%endif
%files devel
%{_libdir}/libbind9.so
%{_libdir}/libisccc.so
%{_libdir}/libns.so
%{_libdir}/libdns.so
%{_libdir}/libirs.so
%{_libdir}/libisc.so
%{_libdir}/libisccfg.so
%dir %{_includedir}/bind9
%{_includedir}/bind9/bind9
%{_includedir}/bind9/isccc
%{_includedir}/bind9/ns
%{_includedir}/bind9/dns
%{_includedir}/bind9/dst
%{_includedir}/bind9/irs
%{_includedir}/bind9/isc
%dir %{_includedir}/bind9/pk11
%{_includedir}/bind9/pk11/site.h
%{_includedir}/bind9/isccfg
%files chroot
%config(noreplace) %{_sysconfdir}/named-chroot.files
%{_unitdir}/named-chroot.service
%{_unitdir}/named-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%defattr(0664,root,named,-)
%ghost %dev(c,1,3) %verify(not mtime) %{chroot_prefix}/dev/null
%ghost %dev(c,1,8) %verify(not mtime) %{chroot_prefix}/dev/random
%ghost %dev(c,1,9) %verify(not mtime) %{chroot_prefix}/dev/urandom
%ghost %dev(c,1,5) %verify(not mtime) %{chroot_prefix}/dev/zero
%defattr(0640,root,named,0750)
%dir %{chroot_prefix}
%dir %{chroot_prefix}/dev
%dir %{chroot_prefix}%{_sysconfdir}
%dir %{chroot_prefix}%{_sysconfdir}/named
%dir %{chroot_prefix}%{_sysconfdir}/pki
%dir %{chroot_prefix}%{_sysconfdir}/pki/dnssec-keys
%dir %{chroot_prefix}%{_sysconfdir}/crypto-policies
%dir %{chroot_prefix}%{_sysconfdir}/crypto-policies/back-ends
%dir %{chroot_prefix}%{_localstatedir}
%dir %{chroot_prefix}/run
%ghost %config(noreplace) %{chroot_prefix}%{_sysconfdir}/named.conf
%defattr(-,root,root,-)
%dir %{chroot_prefix}/usr
%dir %{chroot_prefix}/%{_libdir}
%dir %{chroot_prefix}/%{_libdir}/bind
%dir %{chroot_prefix}/%{_datadir}/GeoIP
%{chroot_prefix}/proc
%defattr(0660,root,named,01770)
%dir %{chroot_prefix}%{_localstatedir}/named
%defattr(0660,named,named,0770)
%dir %{chroot_prefix}%{_localstatedir}/tmp
%dir %{chroot_prefix}%{_localstatedir}/log
%defattr(-,named,named,-)
%dir %{chroot_prefix}/run/named
%{chroot_prefix}%{_localstatedir}/run
%if %{with PKCS11}
%files pkcs11
%{_sbindir}/named-pkcs11
%{_unitdir}/named-pkcs11.service
%{_mandir}/man8/named-pkcs11.8*
%{_libexecdir}/setup-named-softhsm.sh
%files pkcs11-utils
%{_sbindir}/dnssec*pkcs11
%{_sbindir}/pkcs11-destroy
%{_sbindir}/pkcs11-keygen
%{_sbindir}/pkcs11-list
%{_sbindir}/pkcs11-tokens
%{_mandir}/man8/pkcs11*.8*
%{_mandir}/man8/dnssec*-pkcs11.8*
%files pkcs11-libs
%{_libdir}/libdns-pkcs11-%{version}*.so
%{_libdir}/libns-pkcs11-%{version}*.so
%files pkcs11-devel
%{_includedir}/bind9/pk11/*.h
%exclude %{_includedir}/bind9/pk11/site.h
%{_includedir}/bind9/pkcs11
%{_libdir}/libdns-pkcs11.so
%{_libdir}/libns-pkcs11.so
%endif
%if %{with DLZ}
%files dlz-filesystem
%{_libdir}/{named,bind}/dlz_filesystem_dynamic.so
%files dlz-mysql
%{_libdir}/{named,bind}/dlz_mysql_dynamic.so
%doc build/contrib/dlz/modules/doc/mysql
%{_libdir}/{named,bind}/dlz_mysqldyn_mod.so
%doc build/contrib/dlz/modules/doc/mysqldyn
%files dlz-ldap
%{_libdir}/{named,bind}/dlz_ldap_dynamic.so
%doc contrib/dlz/modules/ldap/testing/*
%files dlz-sqlite3
%{_libdir}/{named,bind}/dlz_sqlite3_dynamic.so
%doc contrib/dlz/modules/sqlite3/testing/*
%endif
%files -n python3-%{name}
%{python3_sitelib}/*.egg-info
%{python3_sitelib}/isc/
%if %{with DOC}
%files doc
%dir %{_pkgdocdir}
%doc %{_pkgdocdir}/Bv9ARM.html
%doc %{_pkgdocdir}/html
%endif
%if %{with DOCPDF}
%doc %{_pkgdocdir}/Bv9ARM.pdf
%endif
%changelog
* Sat Feb 25 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.14
- Handle subtle difference between upstream and rhel (CVE-2022-3094)
* Wed Feb 08 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.13
- Prevent flooding with UPDATE requests (CVE-2022-3094)
- Handle RRSIG queries when server-stale is active (CVE-2022-3736)
- Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924)
* Tue Dec 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.12
- Include bind9.16-dnssec-utils in public repository (#2115322)
* Tue Oct 04 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.11
- Bound the amount of work performed for delegations (CVE-2022-2795)
* Thu Sep 22 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.10
- Fix possible serve-stale related crash (CVE-2022-3080)
- Fix memory leak in ECDSA verify processing (CVE-2022-38177)
- Fix memory leak in EdDSA verify processing (CVE-2022-38178)
* Mon Apr 11 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.9
- Tighten cache protection against record from forwarders (CVE-2021-25220)
- Include test of forwarders
* Fri Mar 25 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.8
- TCP connections with 'keep-response-order' are properly close in all cases
(CVE-2022-0396)
* Thu Jan 20 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.7
- Keep symlink to static data but keep them in package
- Workaround to RPM limitation
* Tue Jan 18 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.6
- Make doc static data bundled, omit sphinx dependency
* Wed Jan 12 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.5
- Conflict also with lite-devel and pkcs11-utils subpackages
* Tue Jan 11 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.4
- Conflict with bind-devel
- Move dnssec-utils manual pages back to package with binaries
* Mon Dec 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.3
- Stop providing bind and bind-utils
* Thu Dec 02 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.2
- Move backward compatibility to shared define
* Fri Nov 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-0.1
- Update to 9.16.23 (#2024210)
* Fri Oct 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-5.1
- Fork separate bind9.16 package (#1873486)
* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-5
- Propagate ephemeral port ranges to chroot (#2013595)
* Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-4
- Fixes listening on TCP in some race conditions (#1999691)
* Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-3
- Include documentation of dig return codes (#1989909)
* Thu Aug 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-2
- Fix map file format incompatibility
- Actually enable LMDB support
* Tue Aug 17 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-1
- Update to 9.16.20
* Mon Aug 09 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-4
- Do not depend on systemd package
* Mon Aug 09 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-3
- Include backward compatible html symlink in doc subpackage
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 32:9.16.19-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-1
- Update to 9.16.19 (#1956777)
* Thu Jun 24 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.16-1
- Update to 9.16.16 (#1956777)
* Thu Jun 24 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.15-3
- Disable building of DLZ and PKCS11
- Build HTML documentation into separate bind-doc subpackage
- Enable DNSTAP feature (#1975268)
- Enable LMDB support (#1975775)
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 32:9.16.15-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Apr 29 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.15-1
- Update to 9.16.15
* Thu Apr 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.13-1
- Update to 9.16.13
- Changed displayed version just to include -RH suffix, not release
- Version is now part of library names, soname versions are no longer provided
- Removed bind-libs-lite subpackage
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 32:9.16.11-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Feb 26 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.11-5
- Make logrotate.d world-readable (#1917061)
* Mon Feb 22 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.11-4
- Fix off-by-one bug in ISC SPNEGO implementation (#1929965)
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 32:9.16.11-3
- rebuild for libpq ABI fix rhbz#1908268
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.16.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.11-1
- Update to 9.16.11 (#1827602)
- Avoid unit test failures on machines with many cores
* Thu Jan 14 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.10-2
- Update to 9.16.10
- Remove bind-sdb package
- https://fedoraproject.org/wiki/Changes/BIND9.16
* Wed Jan 13 08:55:11 CET 2021 Adrian Reber <adrian@lisas.de> - 32:9.11.26-3
- Rebuilt for protobuf 3.14
* Wed Jan 06 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Mon Jan 04 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-1
- Update to 9.11.26
* Mon Nov 30 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.25-2
- Regenerate all manual pages on build
* Thu Nov 26 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.25-1
- Update to 9.11.25
* Wed Nov 04 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-2
- Fix crash on NTA recheck failure (#1893761)
* Fri Oct 23 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-1
- Update to 9.11.24
* Wed Sep 23 2020 Adrian Reber <adrian@lisas.de> - 32:9.11.23-2
- Rebuilt for protobuf 3.13
* Thu Sep 17 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.23-1
- Update to 9.11.23
- Merge bind-lite-devel into devel package
* Tue Sep 01 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.22-2
- Require libcap from devel package
* Thu Aug 20 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.22-1
- Update to 9.11.22
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.21-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 15 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.21-1
- Update to 9.11.21
* Tue Jun 23 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-3
- Move documentation to separate bind-doc package
* Sat Jun 20 2020 Adrian Reber <adrian@lisas.de> - 32:9.11.20-2
- Rebuilt for protobuf 3.12
* Wed Jun 17 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-1
- Update to 9.11.20
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.19-2
- Rebuilt for Python 3.9
* Fri May 15 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.19-1
- Update to 9.11.19 (CVE-2020-8616, CVE-2020-8617)
- Make initscripts just optional dependency
* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 32:9.11.18-2
- Rebuild (json-c)
* Thu Apr 16 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.18-1
- Update to 9.11.18
* Tue Mar 31 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.17-1
- Update to 9.11.17
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.14-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 08 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-4
- Remove libmaxminddb-devel from devel package dependencies
* Fri Jan 03 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-3
- Preserve symlinks to named.conf on iscdlv modification (#1786626)
* Thu Dec 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-2
- Include more Thread Sanitizer detected changes (#1736762)
* Thu Dec 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-1
- Update to 9.11.14
* Tue Dec 03 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-4
- Disable Berkeley DB support (#1779190)
* Mon Dec 02 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-3
- Backport few thread safety related fixed from upstream (#1736762)
* Tue Nov 26 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-2
- Complete explicit disabling of RSAMD5 in FIPS mode (#1709553)
* Tue Nov 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-1
- Update to 9.11.13
* Tue Nov 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-6
- Report failures on systemctl reload
* Tue Nov 12 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-5
- Fix binary compatibility after serve-stale patch (#1770492)
* Wed Nov 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-4
- Backported serve-stale feature
* Wed Nov 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-3
- Fix wrong default GeoIP directory (#1768258)
* Mon Nov 04 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-2
- Move data files outside config archive
- Specify geoip data directory in config file (#1768258)
* Mon Oct 21 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-1
- Update to 9.11.12 (#1557762)
* Wed Sep 25 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.11-1
- Update to 9.11.11
* Wed Sep 04 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.10-3
- Share pkcs11-utils and dnssec-utils manuals instead of recommend
* Tue Sep 03 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.10-2
- Move some administration utilities back to bind-utils (#1720380)
- Add GeoIP to bind-chroot (#1497646)
- Recommend bind-dnssec-utils from bind-pkcs11-utils
* Tue Aug 27 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.10-1
- Update to 9.11.10
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.9-4
- Rebuilt for Python 3.8
* Fri Aug 09 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.9-3
- Display errors from rndc reload (#1739441)
* Thu Aug 08 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.9-2
- Permit explicit disabling of RSAMD5 in FIPS mode (#1709553)
* Wed Jul 24 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.9-1
- Update to 9.11.9
- Add GeoLite2 support
- Disable export-libs
* Wed Jul 24 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.8-2
- Use monotonic time in export library (#1732883)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 02 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.8-1
- Update to 9.11.8
* Mon Jun 17 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.7-2
- Fix OpenSSL random generator initialization
* Mon Jun 10 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.7-1
- Update to 9.11.7
* Mon May 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-5.P1
- Fix also postun script
* Mon May 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-4.P1
- Fix error in scriptlet condition
* Thu May 02 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-3.P1
- Fix inefective limit of TCP clients (CVE-2018-5743)
* Thu Mar 14 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-2
- Fix dnstap and timer issues in unit test
- Enable DLZ modules
* Tue Mar 05 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-1
- Update to 9.11.6
* Fri Mar 01 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-15.P4
- Support testing of named variants
* Thu Feb 28 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-14.P4
- Modify feature-test detection of dlz-filesystem
* Fri Feb 22 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-13.P4
- Update to 9.11.5-P4
* Fri Feb 22 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-12.P1
- Enable DNSTAP support (#1564776)
- Enable LMDB support for rndc addzone
- Enable json format in statistics-channel
* Thu Feb 21 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-11.P1
- Disable often failing unit test random_test
* Thu Feb 21 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-10.P1
- Disable autodetected eddsa algorithm ED448
* Thu Jan 31 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-9.P1
- dig prints ASCII name instead of failure (#1647829)
- disable IDN output from scripts
- Update project URL
- Removed revoked KSK 19164 from trusted keys
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.5-8.P1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sun Jan 27 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-7.P1
- Update to 9.11.5-P1
* Wed Jan 23 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-6
- Reenable crypto rand for DHCP, disable just entropy check (#1663318)
* Thu Jan 17 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-5
- Move dnssec related tools from bind-utils to bind-dnssec-utils (#1649398)
* Wed Jan 16 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-4
- Reject invalid binary file (#1666814)
* Mon Jan 14 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-3
- Disable crypto rand for DHCP (#1663318)
* Thu Oct 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-2
- Add optional support for JSON statistics
- Add optional DNSTAP support (#1564776), new dnstap-read tool
* Wed Oct 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-1
- Update to 9.11.5
* Tue Oct 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-12.P2
- Add Requires to devel packages referenced by bind-devel
* Sat Sep 29 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 32:9.11.4-11.P2
- Fix export-libs macro & scriptlet
* Wed Sep 26 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-10.P2
- Reenable IDN output but allow turning it off (#1580200)
* Thu Sep 20 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-9.P2
- Update to bind-9.11.4-P2
- Add /dev/urandom to chroot (#1631515)
* Fri Aug 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-8.P1
- Replace unoptimized code by OpenSSL counterparts
- Fix multilib conflicts of devel package
- Add versioned depends to all library subpackages
* Fri Aug 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-7.P1
- Add support for OpenSSL provided random data
* Mon Aug 13 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-6.P1
- Fix sdb-chroot devices upgrade (#1592873)
- Automatically replace obsoleted ISC DLV key with root key (#1595782)
* Thu Aug 09 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-5.P1
- Update to 9.11.4-P1
- Adds root key sentinel support
- Large IXFR zone transfers are rejected to prevent journal corruption
* Thu Aug 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-4
- Support unavailable MD5 in FIPS mode
* Thu Aug 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-3
- Use OpenSSL for digest operations (#1611537)
* Tue Jul 31 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-2
- Install generated manual pages
* Thu Jul 12 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-1
- Update to 9.11.4
- Use kyua instead of kyua-cli for unit tests
* Thu Jul 12 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-15
- Use new config file named-chroot.files for chroot setup (#1429656)
- Fix chroot devices file verification (#1592873)
- Prevent errors on bind-chroot uninstall when running (#1600583)
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.3-13
- Rebuilt for Python 3.7
* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-12
- Require utils instead of library
* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-11
- Remove named.iscdlv.key file (#1595782)
- Fix CVE-2018-5738
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.3-10
- Rebuilt for Python 3.7
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-9
- Make named home writeable (#1422680)
- Change named shell to /bin/false
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-8
- Require C++ on build when shipped atf library is used
* Mon Apr 09 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-7
- Run tests also without kyua
* Thu Apr 05 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-6
- Do not link libidn2 to all libraries (#1098783)
- Update named.ca
* Tue Apr 03 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-5
- Enable libidn2 support (#1098783)
- Make +noidnout default
- Compile export libs without GSSAPI
* Wed Mar 21 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-4
- Rebase to 9.11.3
- Add dig support for libidn2 (#1098783)
* Wed Mar 21 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-3.b1
- Fix build with disabled unittest
- Recommend softhsm from pkcs11 variant
* Thu Feb 22 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-2.b1
- Require openssl-devel and libcap-devel from bind-export-devel
- Conflict with bind99-devel
- Change spec globals to rpmbuild --with feature
* Thu Feb 15 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-1.b1
- Rebase to 9.11.3b1
* Wed Feb 07 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-11.P1
- Use versioned provides
- Fix starting of unit tests
- Forward export libs path to isc-config
- Rename export devel subpackage to bind-export-devel
* Wed Feb 07 2018 Pavel Zhukov <pzhukov@redhat.com> - 32:9.11.2-10.P1
- Add obsoletes/provides tags for smooth update
* Wed Feb 07 2018 Pavel Zhukov <pzhukov@redhat.com> - 32:9.11.2-9.P1
- Build devel package for export-libs
* Wed Feb 07 2018 Pavel Zhukov <pzhukov@redhat.com> - 32:9.11.2-8.P1
- Build export libraries with disabled threads and selects
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.2-7.P1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 30 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-6.P1
- Remove ldconfig calls where possible
- Note -z defs cannot be enabled until more work
* Tue Jan 16 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-5.P1
- Fix CVE-2017-3145, rebase to 9.11.2-P1
* Tue Jan 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-4
- Enable unit tests with kyua tool (#1532694)
- Provide internal tool to prepare softhsm token storage
- Proper fix for python3-bind subpackage directory ownership (#1522944)
* Fri Dec 15 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-3
- Own python3-bind isc directory (#1522944)
- Make tsstsig system test pass again (#1500017)
* Mon Oct 23 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-2
- Build against mariadb-connector-c-devel (#1493615)
- Include DNSKEY 20326 also in trusted-key.key (#1505476)
- Fix dynamic symbols conflict with ldap (#1205168)
- Use hmac-sha256 for new RNDC keys (#1508003)
- Include protocols and services in chroot
* Wed Aug 02 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-1
- Update to 9.11.2
- Add recursing and secroots file into default and sample config
- Fix nsupdate GSSAPI auth against AD server (#1484451)
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.1-6.P3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.1-5.P3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jul 14 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-4.P3
- Simplify change of default configuration file path
* Thu Jul 13 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-3.P3
- Use mysql_config for SDB variant, build against mariadb-devel
* Mon Jul 10 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-2.P3
- Update to 9.11.1-P3
* Fri Jun 30 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-2.P2
- Update to 9.11.1-P2
* Thu Jun 29 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-2.P1
- dnssec-checkds and dnssec-coverage requires python module (#1466183)
* Thu Jun 15 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-1.P1
- Update to 9.11.1-P1
* Fri Apr 21 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-8.P5
- Fix queries for TKEY in nsupdate, when using GSSAPI (#1236087)
* Thu Apr 13 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-7.P5
- Update to 9.11.0-P5
- Use BINDVERSION for upstream version
* Fri Feb 10 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-7.P3
- Update to 9.11.0-P3
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.0-7.P2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Jan 18 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-6.P2
- RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb (#1410433)
- Fix some rpm warnings
* Mon Jan 16 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-5.P2
- Fix manual pages generated by recent docbook-style-xsl (#1397186)
* Thu Jan 12 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-4.P2
- Update to 9.11.0-P2
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.0-4.P1
- Rebuild for Python 3.6
* Tue Nov 22 2016 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-3.P1
- Split pk11 includes, include real functions only in pkcs11 variant
* Wed Nov 16 2016 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-2.P1
- Do not change lib permissions in chroot
* Wed Nov 16 2016 Michal Ruprich <mruprich@redhat.com> - 32:9.11.0-1.P1
- Update to 9.11.0-P1
* Tue Nov 08 2016 Petr Menšík <pemensik@redhat.com> - 32:9.10.4-3.P4
- Build with OpenSSL 1.1
* Thu Nov 03 2016 Petr Menšík <pemensik@redhat.com> - 32:9.10.4-2.P4
- Update to 9.10.4-P4
* Thu Sep 29 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.4-2.P3
- Update to 9.10.4-P3
* Wed Jul 20 2016 Michal Ruprich <mruprich@redhat.com> - 32:9.10.4-1.P2
- Update to 9.10.4-P2
* Thu May 26 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.4-1.P1
- Update to 9.10.4-P1
* Fri May 20 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-14.P4
- (un)mount /var/named in -chroot packages as the last directory (Related: #1279188)
* Thu May 12 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-13.P4
- Remove NM dispatcher script, since it is not needed any more (#1277257)
- Replaced After=network-online.target with After=network.target in all unit files
* Fri Mar 11 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-12.P4
- Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.10.3-11.P3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jan 21 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-10.P3
- Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 (#1300051)
* Wed Jan 06 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-9.P2
- Commented out bindkeys-file statement in default configuration (#1223365#c3)
- Removed unrecognized configure option --enable-developer
- Added configure option --enable-full-report to get report on enabled features
* Sat Dec 26 2015 Robert Scheck <robert@fedoraproject.org> - 32:9.10.3-8.P2
- Remove unrecognized build options for %%configure
- Own %%{_includedir}/bind9 directory in -lite-devel
- Fixed building without (optional) PKCS#11 support
* Wed Dec 16 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-7.P2
- bump release to maintain update path
* Wed Dec 16 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-4.P2
- Update to 9.10.3-P2
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.10.3-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
* Wed Nov 04 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-2
- Fixed named-checkconf call in *-chroot.service files (#1277820)
* Thu Sep 17 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-1
- Update to 9.10.3 stable
* Thu Sep 03 2015 Tomas Hozza <thozza@redhat.com>
- Update to 9.10.3rc1
* Wed Jul 29 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-9.P3
- Update to 9.10.2-P3 to fix CVE-2015-5477
* Thu Jul 09 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-8.P2
- Update to 9.10.2-P2
* Mon Jun 29 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-7.P1
- Reintroduce the DISABLE_ZONE_CHECKING into /etc/sysconfig/named
* Fri Jun 19 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-6.P1
- Update to 9.10.2-P1
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.10.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed May 27 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-4
- Don't copy /etc/localtime on -chroot package installation
* Fri May 22 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-3
- Don't use ISC's DLV by default (#1223365)
- Utilize system-wide crypto-policies (#1179925)
* Thu May 21 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-2
- enable tuning for large systems - increases hardcoded internal limits
- enable GeoIP access control feature
* Thu Feb 26 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-1
- update to 9.10.2 stable
- remove parallel-build patch after discussion with upstream [ISC-Bugs #38739]
* Wed Feb 25 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-0.3.rc1
- update to 9.10.2rc2
- call ldconfig for pkcs11-libs
- Use Python3 by default (#1186791)
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 32:9.10.2-0.2.rc1
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Mon Feb 02 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-0.1.rc1
- update to 9.10.2rc1
- fix nsupdate server auto-detection (#1184151)
- drop merged patch bind99-rh985918.patch
* Fri Jan 16 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.1-2.P1
- Install config for tmpfiles under %%{_tmpfilesdir} (#1181020)
* Tue Jan 13 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.1-1.P1
- Update to 9.10.1-P1 stable
* Fri Dec 12 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-6.P1
- Drop downstream patch for nslookup/host rejected by upstream
* Tue Dec 09 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-5.P1
- Update to 9.9.6-P1 (CVE-2014-8500)
* Fri Nov 14 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-4
- Fixed systemctl path in logrotate configuration (#1148360)
- drop engine_pkcs11 dependency, since we use native PKCS#11 implementation
* Wed Oct 22 2014 Petr Spacek <pspacek@redhat.com> - 32:9.9.6-3
- Fix crash during GSS-TSIG processing (#1155334, #1155127)
introduced in 32:9.9.6-2
* Tue Oct 14 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-2
- Added native PKCS#11 functionality (#1097752)
- bind-sdb now requires bind due to configuration and other utilities
- bind-pkcs11 now requires bind due to configuration and other utilities
* Thu Oct 02 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-1
- Update to 9.9.6
- drop merged patches and rebase some of existing patches
- Add architecture specific dependencies.
- Fix assert in dig when using +sigchase (#985918)
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.5-9.P1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 18 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-8.P1
- Use network-online.target instead of network.target (#1117086)
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> 32:9.9.5-7.P1
- fix license handling
* Thu Jun 12 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-6.P1
- Update to 9.9.5-P1
* Mon Jun 09 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-5
- Use /dev/urandom for generation of rndc.key (#1079799)
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Apr 22 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-3
- configure bind with --with-dlopen=yes to support dynamically loadable DLZ drivers
* Wed Mar 05 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-2
- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781)
- Fix race condition when freeing fetch object (ISC-Bugs #35385)
* Thu Feb 13 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-1
- Update to 9.9.5 stable
* Sun Jan 26 2014 Rex Dieter <rdieter@fedoraproject.org> 32:9.9.5-0.5.rc2
- -libs, -libs-lite: track sonames, so abi bumps aren't a surprise
* Fri Jan 24 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.4.rc2
- update to 9.9.5rc2
- merged patches dropped
- some patches rebased to the new version
* Wed Jan 15 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.3.b1
- non-existance of resolv.conf should not be fatal (#1052343)
* Tue Jan 14 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.2.b1
- Fix CVE-2014-0591
* Mon Jan 06 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.1.b1
- Update to bind-9.9.5b1
- Build bind-sdb against libdb instead of libdb4
* Wed Dec 18 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-11
- Fix crash in rbtdb after two sucessive getoriginnode() calls
* Tue Dec 17 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-10
- Split chroot package for named and named-sdb
- Extract setting-up/destroying of chroot to a separate systemd service (#997030)
* Thu Nov 28 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-9
- Fixed memory leak in nsupdate if 'realm' was used multiple times (#984687)
* Tue Nov 12 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-8
- Install configuration for rwtab and fix chroot setup script
* Thu Oct 31 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-7
- Correct the upstream patch for #794940
* Thu Oct 31 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-6
- use --enable-filter-aaaa when building bind to enable use of filter-aaaa-on-v4 option
* Wed Oct 30 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-5
- Create symlink /var/named/chroot/var/run -> /var/named/chroot/run
- Added session-keyfile statement into default named.conf since we use /run/named
* Tue Oct 29 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-4
- Use upstream version of patch for previously fixed #794940
* Fri Oct 18 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-3
- Fix race condition on send buffers in dighost.c (#794940)
* Tue Oct 08 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-2
- install isc/errno2result.h header
* Fri Sep 20 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-1
- Update to bind-9.9.4 stable
* Tue Sep 10 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.9.rc2
- Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack
* Mon Sep 09 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.8.rc2
- update to bind-9.9.4rc2
* Tue Aug 20 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.7.rc1
- Move named-checkzone and named-compilezone to bind-utils package
* Tue Aug 20 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.6.rc1
- Move tools that don't need the server to run, from main package to bind-utils (#964313)
* Fri Aug 16 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.5.rc1
- Don't generate rndc.key if there exists rndc.conf
* Fri Aug 16 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.4.rc1
- don't install named-sdb.service if SDB macro is defined to zero
* Mon Aug 05 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.3.rc1
- Fix setup-named-chroot.sh to mount/umount everything successfully
- update to bind-9.9.4rc1
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.4-0.2.b1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul 15 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.1.b1
- update to bind-9.9.4b1
- drop merged RRL patch
- drop merged stat.h patch
* Wed Jun 05 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-3.P1
- update to 9.9.3-P1 (fix for CVE-2013-3919)
- update RRL patch to 9.9.3-P1-rl.156.01
* Mon Jun 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-2
- bump release to prevent update path issues
* Mon Jun 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-1
- update to 9.9.3
- install dns/update.h header
- update RRL patch to the latest version 9.9.3-rl.150.20
* Fri May 17 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.7.rc2
- Fix segfault in host/nslookup (#878139)
* Mon May 13 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.6.rc2
- update to 9.9.3rc2
- part of bind97-exportlib.patch not needed any more
- bind-9.9.1-P2-multlib-conflict.patch modified to reflect latest source
- rl-9.9.3rc1.patch -> rl-9.9.3rc2.patch
- bind99-opts.patch merged
* Fri May 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.5.rc1
- Include recursion Warning in named.conf and named.conf.sample (#740894)
- Include managed-keys-directory statement in named.conf.sample (#948026)
* Thu May 02 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.4.rc1
- Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
* Fri Apr 19 2013 Adam Tkac <atkac redhat com> 32:9.9.3-0.3.rc1
- fix crash in nsupdate when processing "-r" parameter (#949544)
* Tue Apr 16 2013 Adam Tkac <atkac redhat com> 32:9.9.3-0.2.rc1
- ship dns/rrl.h in -devel subpkg
* Tue Apr 16 2013 Adam Tkac <atkac redhat com> 32:9.9.3-0.1.rc1
- update to 9.9.3rc1
- bind-96-libtool2.patch has been merged
- fix bind tmpfiles.d for named.pid /run migration (#920713)
* Wed Mar 27 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-12.P2
- New upstream patch version fixing CVE-2013-2266 (#928032)
* Tue Mar 19 2013 Adam Tkac <atkac redhat com> 32:9.9.2-11.P1
- move pidfile to /run/named/named.pid
* Wed Mar 06 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-10.P1
- Fix Makefile.in to include header added by rate limiting patch (#918330)
* Tue Mar 05 2013 Adam Tkac <atkac redhat com> 32:9.9.2-9.P1
- drop some developer-only documentation and move ARM to %%docdir
* Mon Feb 18 2013 Adam Tkac <atkac redhat com> 32:9.9.2-8.P1
- include rate limiting patch
* Tue Jan 29 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-7.P1
- Corrected IP addresses in named.ca (#901741)
- mount/umount /var/named in setup-named-chroot.sh as the last one (#904666)
* Thu Dec 20 2012 Adam Tkac <atkac redhat com> 32:9.9.2-6.P1
- generate /etc/rndc.key during named service startup if doesn't exist
- increase startup timeout in systemd units to 90sec (default)
- fix IDN related statement in dig.1 manpage
* Wed Dec 05 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.2-5.P1
- update to bind-9.9.2-P1
* Mon Nov 12 2012 Adam Tkac <atkac redhat com> 32:9.9.2-4
- document dig exit codes in manpage
- ignore empty "search" options in resolv.conf
* Mon Nov 12 2012 Adam Tkac <atkac redhat com> 32:9.9.2-3
- drop PKCS11 support on rhel
* Thu Oct 11 2012 Adam Tkac <atkac redhat com> 32:9.9.2-2
- install isc/stat.h
* Thu Oct 11 2012 Adam Tkac <atkac redhat com> 32:9.9.2-1
- update to 9.9.2
- bind97-rh714049.patch has been dropped
- patches merged
- bind98-rh816164.patch
* Thu Sep 13 2012 Adam Tkac <atkac redhat com> 32:9.9.1-10.P3
- update to bind-9.9.1-P3
* Wed Aug 22 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-9.P2
- fixed SPEC file so it comply with new systemd-rpm macros guidelines (#850045)
- changed %%define macros to %%global and fixed several rpmlint warnings
* Wed Aug 08 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-8.P2
- Changed PrivateTmp to "false" in *-chroot.service unit files (#825869)
* Wed Aug 01 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-7.P2
- Fixed bind-devel multilib conflict (#478718)
* Mon Jul 30 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.1-6.P2
- Fixed bad path to systemctl in /etc/NetworkManager/dispatcher.d/13-named (#844047)
- Fixed path to libdb.so in config.dlz.in
* Thu Jul 26 2012 Adam Tkac <atkac redhat com> 32:9.9.1-5.P2
- update to 9.9.1-P2
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.1-4.P1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 11 2012 Ville Skyttä <ville.skytta@iki.fi> - 32:9.9.1-3.P1
- Avoid shell invocation and dep for -libs-lite %%postun.
* Mon Jun 04 2012 Adam Tkac <atkac redhat com> 32:9.9.1-2.P1
- update to 9.9.1-P1 (CVE-2012-1667)
* Thu May 24 2012 Adam Tkac <atkac redhat com> 32:9.9.1-1
- update to 9.9.1
- bind99-coverity.patch merged
- bind-9.5-overflow.patch merged
* Mon May 07 2012 Adam Tkac <atkac redhat com> 32:9.9.0-6
- nslookup: return non-zero exit code when fail to get answer (#816164)
* Thu Apr 26 2012 Adam Tkac <atkac redhat com> 32:9.9.0-5
- initscript: don't umount /var/named when didn't mount it
* Tue Apr 24 2012 Adam Tkac <atkac redhat com> 32:9.9.0-4
- apply all non-SDB patches before SDB ones (#804475)
- enable Berkeley DB DLZ backend (#804478)
* Thu Apr 12 2012 Adam Tkac <atkac redhat com> 32:9.9.0-3
- bind97-rh699951.patch is no longer needed (different fix is in 9.9.0)
* Mon Mar 26 2012 Adam Tkac <atkac redhat com> 32:9.9.0-2
- remove unneeded bind99-v6only.patch
* Mon Mar 05 2012 Adam Tkac <atkac redhat com> 32:9.9.0-1
- update to 9.9.0
- load dynamic DBs later (and update dyndb patch)
- fix memory leak in named during processing of rndc command
- don't call `rndc-confgen -a` in "post" section
- fix some packaging bugs in bind-chroot
* Wed Feb 15 2012 Adam Tkac <atkac redhat com> 32:9.9.0-0.8.rc2
- build with "--enable-fixed-rrset"
* Wed Feb 01 2012 Adam Tkac <atkac redhat com> 32:9.9.0-0.7.rc2
- update to 9.9.0rc2
- doc/rfc and doc/draft are no longer shipped in tarball
* Mon Jan 30 2012 Adam Tkac <atkac redhat com> 32:9.9.0-0.6.rc1
- retire initscript in favour of systemd unit files (#719419)
* Thu Jan 12 2012 Adam Tkac <atkac redhat com> 32:9.9.0-0.5.rc1
- update to 9.9.0rc1
* Wed Dec 07 2011 Adam Tkac <atkac redhat com> 32:9.9.0-0.4.b2
- ship dns/forward.h in -devel subpkg
* Tue Nov 22 2011 Adam Tkac <atkac redhat com> 32:9.9.0-0.3.b2
- update to 9.9.0b2 (CVE-2011-4313)
- patches merged
- bind97-rh700097.patch
- bind99-cinfo.patch
* Mon Nov 14 2011 Adam Tkac <atkac redhat com> 32:9.9.0-0.2.b1
- ship dns/clientinfo.h in bind-devel
* Fri Nov 11 2011 Adam Tkac <atkac redhat com> 32:9.9.0-0.1.b1
- update to 9.9.0b1
- bind98-dlz_buildfix.patch merged
* Fri Oct 28 2011 Adam Tkac <atkac redhat com> 32:9.8.1-4
- nslookup failed to resolve name in certain cases
* Mon Sep 26 2011 Adam Tkac <atkac redhat com> 32:9.8.1-3
- remove deps filter, it is no longer needed (#739663)
* Fri Sep 09 2011 Adam Tkac <atkac redhat com> 32:9.8.1-2
- fix logrotate config file (#725256)
* Wed Sep 07 2011 Adam Tkac <atkac redhat com> 32:9.8.1-1
- update to 9.8.1
- ship /etc/trusted-key.key (needed by dig)
- use select instead of epoll in export libs (#735103)
* Wed Aug 31 2011 Adam Tkac <atkac redhat com> 32:9.8.1-0.3.rc1
- fix DLZ related compilation issues
- make /etc/named.{root,iscdlv}.key world-readable
- add bind-libs versioned requires to bind pkg
* Wed Aug 31 2011 Adam Tkac <atkac redhat com> 32:9.8.1-0.2.rc1
- fix rare race condition in request.c
- print "the working directory is not writable" as debug message
- re-add configtest target to initscript
- initscript: sybsys name is always named, not named-sdb
- nsupdate returned zero when target zone didn't exist (#700097)
- nsupdate could have failed if server has multiple IPs and the first
was unreachable (#714049)
* Wed Aug 31 2011 Adam Tkac <atkac redhat com> 32:9.8.1-0.1.rc1
- update to 9.8.1rc1
- patches merged
- bind97-rh674334.patch
- bind97-cleanup.patch
- bind98-includes.patch
* Wed Aug 03 2011 Adam Tkac <atkac redhat com> 32:9.8.0-9.P4
- improve patch for #725741
* Tue Jul 26 2011 Adam Tkac <atkac redhat com> 32:9.8.0-8.P4
- named could have crashed during reload when dyndb module is used (#725741)
* Tue Jul 05 2011 Adam Tkac <atkac redhat com> 32:9.8.0-7.P4
- update to 9.8.0-P4
- bind98-libdns-export.patch merged
* Thu Jun 02 2011 Adam Tkac <atkac redhat com> 32:9.8.0-6.P2
- update the dyndb patch
* Fri May 27 2011 Adam Tkac <atkac redhat com> 32:9.8.0-5.P2
- fix compilation of libdns-export.so
* Fri May 27 2011 Adam Tkac <atkac redhat com> 32:9.8.0-4.P2
- update to 9.8.0-P2 (CVE-2011-1910)
* Fri May 06 2011 Adam Tkac <atkac redhat com> 32:9.8.0-3.P1
- update to 9.8.0-P1 (CVE-2011-1907)
* Wed Mar 23 2011 Dan Horák <dan@danny.cz> - 32:9.8.0-2
- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient)
* Thu Mar 03 2011 Adam Tkac <atkac redhat com> 32:9.8.0-1
- update to 9.8.0
- bind97-rh665971.patch merged
* Thu Mar 03 2011 Adam Tkac <atkac redhat com> 32:9.8.0-0.4.rc1
- revert previous change (integration with libnmserver)
* Tue Feb 22 2011 Adam Tkac <atkac redhat com> 32:9.8.0-0.3.rc1
- integrate named with libnmserver library
* Tue Feb 22 2011 Adam Tkac <atkac redhat com> 32:9.8.0-0.2.rc1
- include dns/rpz.h in -devel subpkg
* Mon Feb 21 2011 Adam Tkac <atkac redhat com> 32:9.8.0-0.1.rc1
- update to 9.8.0rc1
* Fri Feb 18 2011 Adam Tkac <atkac redhat com> 32:9.7.3-1
- update to 9.7.3
- fix dig +trace on dualstack systems (#674334)
- fix linkage order when building on system with older BIND (#665971)
- reduce number of gcc warnings
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.7.3-0.6.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Jan 25 2011 Adam Tkac <atkac redhat com> 32:9.7.3-0.5.rc1
- update to 9.7.3rc1
- bind97-krb5-self.patch merged
* Wed Jan 12 2011 Adam Tkac <atkac redhat com> 32:9.7.3-0.4.b1
- fix typo in initscript
* Thu Jan 06 2011 Adam Tkac <atkac redhat com> 32:9.7.3-0.3.b1
- fix "service named status" when used with named-sdb
- don't check MD5, size and mtime of sysconfig/named
* Wed Jan 05 2011 Adam Tkac <atkac redhat com> 32:9.7.3-0.2.b1
- add new option DISABLE_ZONE_CHECKING to sysconfig/named
* Wed Jan 05 2011 Adam Tkac <atkac redhat com> 32:9.7.3-0.1.b1
- update to 9.7.3b1
* Wed Jan 05 2011 Adam Tkac <atkac redhat com> 32:9.7.2-10.P3
- initscript should terminate only the correct "named" process (#622785)
* Mon Dec 20 2010 Adam Tkac <atkac redhat com> 32:9.7.2-9.P3
- fix "krb5-self" update-policy rule processing
* Thu Dec 02 2010 Adam Tkac <atkac redhat com> 32:9.7.2-8.P3
- update to 9.7.2-P3
* Mon Nov 29 2010 Jan Görig <jgorig redhat com> 32:9.7.2-7.P2
- added tmpfiles.d support (#656550)
- removed old PID checking in initscript
* Mon Nov 08 2010 Adam Tkac <atkac redhat com> 32:9.7.2-6.P2
- don't emit various informational messages by default (#645544)
* Wed Oct 20 2010 Adam Tkac <atkac redhat com> 32:9.7.2-5.P2
- move BIND9 internal libs back to %%{_libdir}
- add "-export" suffix to public libraries (-lite subpkg)
* Thu Oct 07 2010 Adam Tkac <atkac redhat com> 32:9.7.2-4.P2
- ship -devel subpkg for internal libs, dnsperf needs it
* Thu Oct 07 2010 Adam Tkac <atkac redhat com> 32:9.7.2-3.P2
- new bind-libs-lite and bind-lite-devel subpkgs which contain
public version of BIND 9 libraries
- don't ship devel files for internal version of BIND 9 libraries
* Wed Sep 29 2010 Adam Tkac <atkac redhat com> 32:9.7.2-2.P2
- update to 9.7.2-P2
* Thu Sep 16 2010 Adam Tkac <atkac redhat com> 32:9.7.2-1
- update to 9.7.2
* Fri Aug 27 2010 Adam Tkac <atkac redhat com> 32:9.7.2-0.3.rc1
- update to 9.7.2rc1
* Tue Aug 10 2010 Adam Tkac <atkac redhat com> 32:9.7.2-0.2.b1
- host: handle "debug", "attempts" and "timeout" options in resolv.conf well
* Tue Aug 03 2010 Adam Tkac <atkac redhat com> 32:9.7.2-0.1.b1
- update to 9.7.2b1
- patches merged
- bind97-rh507429.patch
* Mon Jul 19 2010 Adam Tkac <atkac redhat com> 32:9.7.1-5.P2
- supply root zone DNSKEY in default configuration
* Mon Jul 19 2010 Adam Tkac <atkac redhat com> 32:9.7.1-4.P2
- update to 9.7.1-P2 (CVE-2010-0213)
* Mon Jul 12 2010 Adam Tkac <atkac redhat com> 32:9.7.1-3.P1
- remove outdated Copyright.caching-nameserver file
- remove rfc1912.txt, it is already located in %%doc/rfc directory
- move COPYRIGHT to the bind-libs subpkg
- add COPYRIGHT to the -pkcs11 subpkg
* Fri Jul 09 2010 Adam Tkac <atkac redhat com> 32:9.7.1-2.P1
- update to 9.7.1-P1
* Mon Jun 28 2010 Adam Tkac <atkac redhat com> 32:9.7.1-1
- update to 9.7.1
- improve the "dnssec-conf" trigger
* Wed Jun 09 2010 Adam Tkac <atkac redhat com> 32:9.7.1-0.2.rc1
- update to 9.7.1rc1
- patches merged
- bind97-keysdir.patch
* Mon May 31 2010 Adam Tkac <atkac redhat com> 32:9.7.1-0.1.b1
- update to 9.7.1b1
- make /var/named/dynamic as a default directory for managed DNSSEC keys
- add patch to get "managed-keys-directory" option working
- patches merged
- bind97-managed-keyfile.patch
- bind97-rh554316.patch
* Fri May 21 2010 Adam Tkac <atkac redhat com> 32:9.7.0-11.P2
- update dnssec-conf Obsoletes/Provides
* Thu May 20 2010 Adam Tkac <atkac redhat com> 32:9.7.0-10.P2
- update to 9.7.0-P2
* Fri Mar 26 2010 Adam Tkac <atkac redhat com> 32:9.7.0-9.P1
- added lost patch for #554316 (occasional crash in keytable.c)
* Fri Mar 26 2010 Adam Tkac <atkac redhat com> 32:9.7.0-8.P1
- active query might be destroyed in resume_dslookup() which triggered REQUIRE
failure (#507429)
* Mon Mar 22 2010 Adam Tkac <atkac redhat com> 32:9.7.0-7.P1
- install SDB related manpages only when build with SDB
* Fri Mar 19 2010 Adam Tkac <atkac redhat com> 32:9.7.0-6.P1
- update to 9.7.0-P1
* Tue Mar 16 2010 Jan Görig <jgorig redhat com> 32:9.7.0-5
- bind-sdb now requires bind
* Mon Mar 15 2010 Jan Görig <jgorig redhat com> 32:9.7.0-4
- add man-pages ldap2zone.1 zonetodb.1 zone2sqlite.1 named-sdb.8 (#525655)
* Mon Mar 01 2010 Adam Tkac <atkac redhat com> 32:9.7.0-3
- fix multilib issue (#478718) [jgorig]
* Mon Mar 01 2010 Adam Tkac <atkac redhat com> 32:9.7.0-2
- improve automatic DNSSEC reconfiguration trigger
- initscript now returns 2 in case that action doesn't exist (#523435)
- enable/disable chroot when bind-chroot is installed/uninstalled
* Wed Feb 17 2010 Adam Tkac <atkac redhat com> 32:9.7.0-1
- update to 9.7.0 final
* Mon Feb 15 2010 Adam Tkac <atkac redhat com> 32:9.7.0-0.14.rc2
- obsolete dnssec-conf
- automatically update configuration from old dnssec-conf based
- improve default configuration; enable DLV by default
- remove obsolete triggerpostun from bind-libs subpackage
* Thu Jan 28 2010 Adam Tkac <atkac redhat com> 32:9.7.0-0.13.rc2
- update to 9.7.0rc2
* Wed Jan 27 2010 Adam Tkac <atkac redhat com> 32:9.7.0-0.12.rc1
- initscript LSB related fixes (#523435)
* Wed Jan 27 2010 Adam Tkac <atkac redhat com> 32:9.7.0-0.11.rc1
- revert the "DEBUG" feature (#510283), it causes too many problems (#545128)
* Tue Dec 15 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.10.rc1
- update to 9.7.0rc1
- bind97-headers.patch merged
- update default configuration
* Tue Dec 01 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.9.b3
- update to 9.7.0b3
* Thu Nov 26 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.8.b2
- install isc/namespace.h header
* Fri Nov 06 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.7.b2
- update to 9.7.0b2
* Tue Nov 03 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.6.b1
- update to 9.7.0b1
- add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC
keys
* Thu Oct 08 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.5.a3
- don't package named-bootconf utility, it is very outdated and unneeded
* Mon Sep 21 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.4.a3
- determine file size via `stat` instead of `ls` (#523682)
* Wed Sep 16 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.3.a3
- update to 9.7.0a3
* Tue Sep 15 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.2.a2
- improve chroot related documentation (#507795)
- add NetworkManager dispatcher script to reload named when network interface is
activated/deactivated (#490275)
- don't set/unset named_write_master_zones SELinux boolean every time in
initscript, modify it only when it's actually needed
* Tue Sep 15 2009 Adam Tkac <atkac redhat com> 32:9.7.0-0.1.a2
- update to 9.7.0a2
- merged patches
- bind-96-db_unregister.patch
- bind96-rh507469.patch
* Tue Sep 01 2009 Adam Tkac <atkac redhat com> 32:9.6.1-9.P1
- next attempt to fix the postun trigger (#520385)
- remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 32:9.6.1-8.P1
- rebuilt with new openssl
* Tue Aug 04 2009 Martin Nagy <mnagy redhat com> 32:9.6.1-7.P1
- update the patch for dynamic loading of database backends
* Wed Jul 29 2009 Adam Tkac <atkac redhat com> 32:9.6.1-6.P1
- 9.6.1-P1 release (CVE-2009-0696)
- fix postun trigger (#513016, hopefully)
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.6.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Mon Jul 20 2009 Adam Tkac <atkac redhat com> 32:9.6.1-4
- remove useless bind-9.3.3rc2-rndckey.patch
* Mon Jul 13 2009 Adam Tkac <atkac redhat com> 32:9.6.1-3
- fix broken symlinks in bind-libs (#509635)
- fix typos in /etc/sysconfig/named (#509650)
- add DEBUG option to /etc/sysconfig/named (#510283)
* Wed Jun 24 2009 Adam Tkac <atkac redhat com> 32:9.6.1-2
- improved "chroot automount" patches (#504596)
- host should fail if specified server doesn't respond (#507469)
* Wed Jun 17 2009 Adam Tkac <atkac redhat com> 32:9.6.1-1
- 9.6.1 release
- simplify chroot maintenance. Important files and directories are mounted into
chroot (see /etc/sysconfig/named for more info, #504596)
- fix doc/named.conf.default perms
* Wed May 27 2009 Adam Tkac <atkac redhat com> 32:9.6.1-0.4.rc1
- 9.6.1rc1 release
* Wed Apr 29 2009 Martin Nagy <mnagy redhat com> 32:9.6.1-0.3.b1
- update the patch for dynamic loading of database backends
- create %%{_libdir}/bind directory
- copy default named.conf to doc directory, shared with s-c-bind (atkac)
* Fri Apr 24 2009 Martin Nagy <mnagy redhat com> 32:9.6.1-0.2.b1
- update the patch for dynamic loading of database backends
- fix dns_db_unregister()
- useradd now takes "-N" instead of "-n" (atkac, #495726)
- print nicer error msg when zone file is actually a directory (atkac, #490837)
* Mon Mar 30 2009 Adam Tkac <atkac redhat com> 32:9.6.1-0.1.b1
- 9.6.1b1 release
- patches merged
- bind-96-isc_header.patch
- bind-95-rh469440.patch
- bind-96-realloc.patch
- bind9-fedora-0001.diff
- use -version-number instead of -version-info libtool param
* Mon Mar 23 2009 Adam Tkac <atkac redhat com> 32:9.6.0-11.1.P1
- logrotate configuration file now points to /var/named/data/named.run by
default (#489986)
* Tue Mar 17 2009 Adam Tkac <atkac redhat com> 32:9.6.0-11.P1
- fall back to insecure mode when no supported DNSSEC algorithm is found
instead of SERVFAIL
- don't fall back to non-EDNS0 queries when DO bit is set
* Tue Mar 10 2009 Adam Tkac <atkac redhat com> 32:9.6.0-10.P1
- enable DNSSEC only if it is enabled in sysconfig/dnssec
* Mon Mar 09 2009 Adam Tkac <atkac redhat com> 32:9.6.0-9.P1
- add DNSSEC support to initscript, enabled it per default
- add requires dnssec-conf
* Mon Mar 09 2009 Adam Tkac <atkac redhat com> 32:9.6.0-8.P1
- fire away libbind, it is now separate package
* Wed Mar 04 2009 Adam Tkac <atkac redhat com> 32:9.6.0-7.P1
- fixed some read buffer overflows (upstream)
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 32:9.6.0-6.P1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Feb 12 2009 Martin Nagy <mnagy redhat com> 32:9.6.0-5.P1
- update the patch for dynamic loading of database backends
- include iterated_hash.h
* Sat Jan 24 2009 Caolán McNamara <caolanm@redhat.com> 32:9.6.0-4.P1
- rebuild for dependencies
* Wed Jan 21 2009 Adam Tkac <atkac redhat com> 32:9.6.0-3.P1
- rebuild against new openssl
* Thu Jan 08 2009 Adam Tkac <atkac redhat com> 32:9.6.0-2.P1
- 9.6.0-P1 release (CVE-2009-0025)
* Mon Jan 05 2009 Adam Tkac <atkac redhat com> 32:9.6.0-1
- Happy new year
- 9.6.0 release
* Thu Dec 18 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.7.rc2
- 9.6.0rc2 release
- bind-96-rh475120.patch merged
* Tue Dec 16 2008 Martin Nagy <mnagy redhat com> 32:9.6.0-0.6.rc1
- add patch for dynamic loading of database backends
* Tue Dec 09 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.5.1.rc1
- allow to reuse address for non-random query-source ports (#475120)
* Wed Dec 03 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.5.rc1
- 9.6.0rc1 release
- patches merged
- bind-9.2.0rc3-varrun.patch
- bind-95-sdlz-include.patch
- bind-96-libxml2.patch
- fixed rare use-after-free problem in host utility (#452060)
- enabled chase of DNSSEC signature chains in dig
* Mon Dec 01 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.4.1.b1
- improved sample config file (#473586)
* Wed Nov 26 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.4.b1
- reverted previous change, koji doesn't like it
* Wed Nov 26 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.3.b1
- build bind-chroot as noarch
* Mon Nov 24 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.2.1.b1
- updates due libtool 2.2.6
- don't pass -DLDAP_DEPRECATED to cpp, handle it directly in sources
* Tue Nov 11 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.2.b1
- make statistics http server working, patch backported from 9.6 HEAD
* Mon Nov 10 2008 Adam Tkac <atkac redhat com> 32:9.6.0-0.1.b1
- 9.6.0b1 release
- don't build ODBC and Berkeley DB DLZ drivers
- end of bind-chroot-admin script, copy config files to chroot manually
- /proc doesn't have to be mounted to chroot
- temporary use libbind from 9.5 series, noone has been released for 9.6 yet
* Mon Nov 03 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.8.4.b2
- dig/host: use only IPv4 addresses when -4 option is specified (#469440)
* Thu Oct 30 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.8.2.b2
- removed unneeded bind-9.4.1-ldap-api.patch
* Thu Oct 30 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.8.1.b2
- ship dns/{s,}dlz.h and isc/radix.h in bind-devel
* Tue Oct 07 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.8.b2
- removed bind-9.4.0-dnssec-directory.patch, it is wrong
* Wed Sep 24 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.7.b2
- 9.5.1b2 release
- patches merged
- bind95-rh454783.patch
- bind-9.5-edns.patch
- bind95-rh450995.patch
- bind95-rh457175.patch
* Wed Sep 17 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.6.b1
- IDN output strings didn't honour locale settings (#461409)
* Tue Aug 05 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.5.b1
- disable transfer stats on DLZ zones (#454783)
* Mon Aug 04 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.4.b1
- add forgotten patch for #457175
- build with -O2
* Thu Jul 31 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.3.b1
- static libraries are no longer supported
- IP acls weren't merged correctly (#457175)
- use fPIE on sparcv9/sparc64 (Dennis Gilmore)
- add sparc64 to list of 64bit arches in spec (Dennis Gilmore)
* Mon Jul 21 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.2.b1
- updated patches due new rpm (--fuzz=0 patch parameter)
* Mon Jul 14 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.1.1.b1
- use %%patch0 for Patch0 (#455061)
- correct source address (#455118)
* Tue Jul 08 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.1.b1
- 9.5.1b1 release (CVE-2008-1447)
- dropped bind-9.5-recv-race.patch because upstream doesn't want it
* Mon Jun 30 2008 Adam Tkac <atkac redhat com> 32:9.5.0-37.1
- update default named.conf statements (#452708)
* Thu Jun 26 2008 Adam Tkac <atkac redhat com> 32:9.5.0-37
- some compat changes to fix building on RHEL4
* Mon Jun 23 2008 Adam Tkac <atkac redhat com> 32:9.5.0-36.3
- fixed typo in %%posttrans script
* Wed Jun 18 2008 Adam Tkac <atkac redhat com> 32:9.5.0-36.2
- parse inner acls correctly (#450995)
* Mon Jun 02 2008 Adam Tkac <atkac redhat com> 32:9.5.0-36.1
- removed dns-keygen utility in favour of rndc-confgen -a (#449287)
- some minor sample fixes (#449274)
* Thu May 29 2008 Adam Tkac <atkac redhat com> 32:9.5.0-36
- updated to 9.5.0 final
- use getifaddrs to find available interfaces
* Mon May 26 2008 Adam Tkac <atkac redhat com> 32:9.5.0-35.rc1
- make /var/run/named writable by named (#448277)
- fixed one non-utf8 file
* Thu May 22 2008 Adam Tkac <atkac redhat com> 32:9.5.0-34.rc1
- fixes needed to pass package review (#225614)
* Wed May 21 2008 Adam Tkac <atkac redhat com> 32:9.5.0-33.1.rc1
- bind-chroot now depends on bind (#446477)
* Wed May 14 2008 Adam Tkac <atkac redhat com> 32:9.5.0-33.rc1
- updated to 9.5.0rc1
- merged patches
- bind-9.5-libcap.patch
- make binaries readable by others (#427826)
* Tue May 13 2008 Adam Tkac <atkac redhat com> 32:9.5.0-32.b3
- reverted "any" patch, upstream says not needed
- log EDNS failure only when we really switch to plain EDNS (#275091)
- detect configuration file better
* Tue May 06 2008 Adam Tkac <atkac redhat com> 32:9.5.0-31.1.b3
- addresses 0.0.0.0 and ::0 really match any (#275091, comment #28)
* Mon May 05 2008 Adam Tkac <atkac redhat com> 32:9.5.0-31.b3
- readded bind-9.5-libcap.patch
- added bind-9.5-recv-race.patch from F8 branch (#400461)
* Wed Apr 23 2008 Adam Tkac <atkac redhat com> 32:9.5.0-30.1.b3
- build Berkeley DB DLZ backend
* Mon Apr 21 2008 Adam Tkac <atkac redhat com> 32:9.5.0-30.b3
- 9.5.0b3 release
- dropped patches (upstream)
- bind-9.5-transfer-segv.patch
- bind-9.5-mudflap.patch
- bind-9.5.0-generate-xml.patch
- bind-9.5-libcap.patch
* Wed Apr 02 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.3.b2
- fixed named.conf.sample file (#437569)
* Fri Mar 14 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.2.b2
- fixed URLs
* Mon Feb 25 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.1.b2
- BuildRequires cleanup
* Sun Feb 24 2008 Adam Tkac <atkac redhat com> 32:9.5.0-29.b2
- rebuild without mudflap (#434159)
* Wed Feb 20 2008 Adam Tkac <atkac redhat com> 32:9.5.0-28.b2
- port named to use libcap library, enable threads (#433102)
- removed some unneeded Requires
* Tue Feb 19 2008 Adam Tkac <atkac redhat com> 32:9.5.0-27.b2
- removed conditional build with libefence (use -fmudflapth instead)
- fixed building of DLZ stuff (#432497)
- do not build Berkeley DB DLZ backend
- temporary build with --disable-linux-caps and without threads (#433102)
- update named.ca file to affect IPv6 changes in root zone
* Mon Feb 11 2008 Adam Tkac <atkac redhat com> 32:9.5.0-26.b2
- build with -D_GNU_SOURCE (#431734)
- improved fix for #253537, posttrans script is now used
- improved fix for #400461
- 9.5.0b2
- bind-9.3.2b1-PIE.patch replaced by bind-9.5-PIE.patch
- only named, named-sdb and lwresd are PIE
- bind-9.5-sdb.patch has been updated
- bind-9.5-libidn.patch has been updated
- bind-9.4.0-sdb-sqlite-bld.patch replaced by bind-9.5-sdb-sqlite-bld.patch
- removed bind-9.5-gssapi-header.patch (upstream)
- removed bind-9.5-CVE-2008-0122.patch (upstream)
- removed bind-9.2.2-nsl.patch
- improved sdb_tools Makefile.in
* Mon Feb 04 2008 Adam Tkac <atkac redhat com> 32:9.5.0-25.b1
- fixed segfault during sending notifies (#400461)
- rebuild with gcc 4.3 series
* Tue Jan 22 2008 Adam Tkac <atkac redhat com> 32:9.5.0-24.b1
- removed bind-9.3.2-prctl_set_dumpable.patch (upstream)
- allow parallel building of libdns library
- CVE-2008-0122
* Thu Dec 27 2007 Adam Tkac <atkac redhat com> 32:9.5.0-23.b1
- fixed initscript wait loop (#426382)
- removed dependency on policycoreutils and libselinux (#426515)
* Thu Dec 20 2007 Adam Tkac <atkac redhat com> 32:9.5.0-22.b1
- fixed regression caused by libidn2 patch (#426348)
* Wed Dec 19 2007 Adam Tkac <atkac redhat com> 32:9.5.0-21.b1
- fixed typo in post section (CVE-2007-6283)
* Wed Dec 19 2007 Adam Tkac <atkac redhat com> 32:9.5.0-20.b1
- removed obsoleted triggers
- CVE-2007-6283
* Wed Dec 12 2007 Adam Tkac <atkac redhat com> 32:9.5.0-19.2.b1
- added dst/gssapi.h to -devel subpackage (#419091)
- improved fix for (#417431)
* Mon Dec 10 2007 Adam Tkac <atkac redhat com> 32:9.5.0-19.1.b1
- fixed shutdown with initscript when rndc doesn't work (#417431)
- fixed IDN patch (#412241)
* Thu Dec 06 2007 Adam Tkac <atkac redhat com> 32:9.5.0-19.b1
- 9.5.0b1 (#405281, #392491)
* Thu Dec 06 2007 Release Engineering <rel-eng at fedoraproject dot org> 32:9.5.0-18.6.a7
- Rebuild for deps
* Wed Dec 05 2007 Adam Tkac <atkac redhat com> 32:9.5.0-18.5.a7
- build with -O0
* Mon Dec 03 2007 Adam Tkac <atkac redhat com> 32:9.5.0-18.4.a7
- bind-9.5-random_ports.patch was removed because upstream doesn't
like it. query-source{,v6} options are sufficient (#391931)
- bind-chroot-admin called restorecon on /proc filesystem (#405281)
* Mon Nov 26 2007 Adam Tkac <atkac redhat com> 32:9.5.0-18.3.a7
- removed edns patch to keep compatibility with vanilla bind
(#275091, comment #20)
* Wed Nov 21 2007 Adam Tkac <atkac redhat com> 32:9.5.0-18.2.a7
- use system port selector instead ISC's (#391931)
* Mon Nov 19 2007 Adam Tkac <atkac redhat com> 32:9.5.0-18.a7
- removed statement from initscript which passes -D to named
* Thu Nov 15 2007 Adam Tkac <atkac redhat com> 32:9.5.0-17.a7
- 9.5.0a7
- dropped patches (upstream)
- bind-9.5-update.patch
- bind-9.5-pool_badfree.patch
- bind-9.5-_res_errno.patch
* Thu Nov 15 2007 Adam Tkac <atkac redhat com> 32:9.5.0-16.5.a6
- added bind-sdb again, contains SDB modules and DLZ modules
- bind-9.3.1rc1-sdb.patch replaced by bind-9.5-sdb.patch
* Mon Nov 12 2007 Adam Tkac <atkac redhat com> 32:9.5.0-16.4.a6
- removed Requires: openldap, postgresql, mysql, db4, unixODBC
- new L.ROOT-SERVERS.NET address
* Mon Oct 29 2007 Adam Tkac <atkac redhat com> 32:9.5.0-16.3.a6
- completely disable DBUS
* Fri Oct 26 2007 Adam Tkac <atkac redhat com> 32:9.5.0-16.2.a6
- minor cleanup in bind-chroot-admin
* Thu Oct 25 2007 Adam Tkac <atkac redhat com> 32:9.5.0-16.1.a6
- fixed typo in initscript
* Tue Oct 23 2007 Adam Tkac <atkac redhat com> 32:9.5.0-16.a6
- disabled DBUS (dhcdbd doesn't exist & #339191)
* Thu Oct 18 2007 Adam Tkac <atkac redhat com> 32:9.5.0-15.1.a6
- fixed missing va_end () functions (#336601)
- fixed memory leak when dbus initialization fails
* Tue Oct 16 2007 Adam Tkac <atkac redhat com> 32:9.5.0-15.a6
- corrected named.5 SDB statement (#326051)
* Mon Sep 24 2007 Adam Tkac <atkac redhat com> 32:9.5.0-14.a6
- added edns patch again (#275091)
* Mon Sep 24 2007 Adam Tkac <atkac redhat com> 32:9.5.0-13.a6
- removed bind-9.3.3-edns.patch patch (see #275091 for reasons)
* Thu Sep 20 2007 Adam Tkac <atkac redhat com> 32:9.5.0-12.4.a6
- build with O2
- removed "autotools" patch
- bugfixing in bind-chroot-admin (#279901)
* Thu Sep 06 2007 Adam Tkac <atkac redhat com> 32:9.5.0-12.a6
- bind-9.5-2119_revert.patch and bind-9.5-fix_h_errno.patch are