ipa-4.12.2-14

- Resolves: RHEL-80345 Use new bind9.18-dyndb-ldap and bind9.18 only for DNS over TLS with the ipa-server-encrypted-dns package

freeipa.spec

@@ -85,8 +85,6 @@
 
 # Fix for TLS 1.3 PHA, RHBZ#1775158
 %global httpd_version 2.4.37-21
-%global bind_name bind9.18
-%global bind_version 9.18.29-2
 
 # support for passkey
 %global sssd_version 2.9.5
@@ -136,12 +134,6 @@
 %global httpd_version 2.4.41-9
 
 # Fix for RHBZ#2117342
-%global bind_name bind
-%if 0%{?fedora} < 37
-%global bind_version 9.11.24-1
-%else
-%global bind_version 32:9.18.7-1
-%endif
 # Don't use Fedora's Python dependency generator on Fedora 30/rawhide yet.
 # Some packages don't provide new dist aliases.
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/
@@ -226,7 +218,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        13%{?rc_version:.%rc_version}%{?dist}
+Release:        14%{?rc_version:.%rc_version}%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 License:        GPL-3.0-or-later
@@ -654,14 +646,14 @@ If you are installing an IPA server, you need to install this package.
 Summary: IPA integrated DNS server with support for automatic DNSSEC signing
 BuildArch: noarch
 Requires: %{name}-server = %{version}-%{release}
-Requires: bind-dyndb-ldap >= 11.11-1
-Requires: %{bind_name} >= %{bind_version}
-Requires: %{bind_name}-utils >= %{bind_version}
+Requires: bind-dyndb-ldap
+Requires: bind
+Requires: bind-utils
 # bind-dnssec-utils is required by the OpenDNSSec integration
 # https://pagure.io/freeipa/issue/9026
-Requires: %{bind_name}-dnssec-utils >= %{bind_version}
+Requires: bind-dnssec-utils
 %if %{with bind_pkcs11}
-Requires: %{bind_name}-pkcs11 >= %{bind_version}
+Requires: bind-pkcs11
 %else
 Requires: softhsm >= %{softhsm_version}
 Requires: openssl-pkcs11 >= %{openssl_pkcs11_version}
@@ -669,7 +661,6 @@ Requires: openssl-pkcs11 >= %{openssl_pkcs11_version}
 # See https://bugzilla.redhat.com/show_bug.cgi?id=1825812
 # RHEL 8.3+ and Fedora 32+ have 2.1
 Requires: opendnssec >= 2.1.6-5
-Recommends: %{name}-server-encrypted-dns
 %{?systemd_requires}
 
 Provides: %{alt_name}-server-dns = %{version}
@@ -687,6 +678,11 @@ Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
 %package server-encrypted-dns
 Summary: support for encrypted DNS in IPA integrated DNS server
 Requires: %{name}-client-encrypted-dns
+Requires: %{name}-server-dns
+Requires: bind9.18
+Requires: bind9.18-utils
+Requires: bind9.18-dnssec-utils
+Requires: bind9.18-dyndb-ldap
 
 %description server-encrypted-dns
 Provides support for enabling DNS over TLS in the IPA integrated DNS
@@ -765,7 +761,7 @@ Requires: sssd-idp >= %{sssd_version}
 Requires: sssd-krb5 >= %{sssd_version}
 Requires: certmonger >= %{certmonger_version}
 Requires: nss-tools >= %{nss_version}
-Requires: %{bind_name}-utils
+Requires: bind-utils
 Requires: oddjob-mkhomedir
 Requires: libsss_autofs
 Requires: autofs
@@ -773,7 +769,6 @@ Requires: libnfsidmap
 Requires: (nfs-utils or nfsv4-client-utils)
 Requires: sssd-tools >= %{sssd_version}
 Requires(post): policycoreutils
-Recommends: %{name}-client-encrypted-dns
 
 # https://pagure.io/freeipa/issue/8530
 Recommends: libsss_sudo
@@ -817,6 +812,7 @@ This package provides command-line tools for IPA administrators.
 
 %package client-encrypted-dns
 Summary: Enable encrypted DNS support for clients
+Requires: %{name}-client
 Requires: unbound
 
 %description client-encrypted-dns
@@ -1947,6 +1943,9 @@ fi
 %endif
 
 %changelog
+* Thu Mar 20 2025 Thomas Woerner <twoerner@redhat.com> - 4.12.2-14
+- Resolves: RHEL-80345 Use new bind9.18-dyndb-ldap and bind9.18 only for DNS over TLS with the ipa-server-encrypted-dns package
+
 * Wed Feb 12 2025 Florence Blanc-Renaud <flo@redhat.com> - 4.12.2-13
 - Resolves: RHEL-67913 Add DNS over TLS Support