1baafe
#
1baafe
# Red Hat BIND9 package .spec file
1baafe
#
1baafe
# vim:expandtab ts=2:
1baafe
1baafe
# bcond_without is built by default, unless --without X is passed
1baafe
# bcond_with is built only when --with X is passed to build
1baafe
%bcond_with    SYSTEMTEST
1baafe
%bcond_without GSSTSIG
1baafe
# it is not possible to build the package without PKCS11 sub-package
1baafe
# due to extensive changes to Makefiles
1baafe
%bcond_with PKCS11
1baafe
%bcond_without JSON
1baafe
%bcond_with DLZ
1baafe
# New MaxMind GeoLite support
1baafe
%bcond_without GEOIP2
1baafe
# kyua no longer in buildroot in RHEL9
1baafe
%bcond_with    UNITTEST
1baafe
%bcond_without DNSTAP
1baafe
%bcond_without LMDB
1baafe
%bcond_without DOC
1baafe
# Because of issues with PDF rebuild, include only HTML pages
1baafe
%bcond_with    DOCPDF
1baafe
%bcond_with    TSAN
1baafe
1baafe
%{?!bind_uid:  %global bind_uid  25}
1baafe
%{?!bind_gid:  %global bind_gid  25}
1baafe
%{!?_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
1baafe
%global        bind_dir          /var/named
1baafe
%global        chroot_prefix     %{bind_dir}/chroot
1baafe
%global        chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
1baafe
                                         %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
1baafe
                                         %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
1baafe
1baafe
%global        selinuxbooleans   named_write_master_zones=1
1baafe
## The order of libs is important. See lib/Makefile.in for details
1baafe
%define bind_export_libs isc dns isccfg irs
1baafe
%{!?_export_dir:%global _export_dir /bind9-export/}
1baafe
# libisc-nosym requires to be linked with unresolved symbols
1baafe
# When libisc-nosym linking is fixed, it can be defined to 1
1baafe
# Visit https://bugzilla.redhat.com/show_bug.cgi?id=1540300
1baafe
%undefine _strict_symbol_defs_build
1baafe
#
1baafe
# significant changes:
1baafe
# no more isc-config.sh and bind9-config
1baafe
# lib*.so.X versions of selected libraries no longer provided,
1baafe
# lib*-%%{version}-RH.so is provided as an internal implementation detail
1baafe
1baafe
1baafe
Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
1baafe
Name:     bind
1baafe
License:  MPLv2.0
1baafe
Version:  9.16.23
bcb1e2
Release:  11%{?dist}
1baafe
Epoch:    32
1baafe
Url:      https://www.isc.org/downloads/bind/
1baafe
#
1baafe
Source0:  https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz
1baafe
Source1:  named.sysconfig
1baafe
Source2:  https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz.asc
1baafe
Source3:  named.logrotate
1baafe
Source4:  https://downloads.isc.org/isc/pgpkeys/codesign2021.txt
1baafe
Source16: named.conf
1baafe
# Refresh by command: dig @a.root-servers.net. +tcp +norec
1baafe
# or from URL
1baafe
Source17: https://www.internic.net/domain/named.root
1baafe
Source18: named.localhost
1baafe
Source19: named.loopback
1baafe
Source20: named.empty
1baafe
Source23: named.rfc1912.zones
1baafe
Source25: named.conf.sample
1baafe
Source27: named.root.key
1baafe
Source35: bind.tmpfiles.d
1baafe
Source36: trusted-key.key
1baafe
Source37: named.service
1baafe
Source38: named-chroot.service
1baafe
Source41: setup-named-chroot.sh
1baafe
Source42: generate-rndc-key.sh
1baafe
Source43: named.rwtab
1baafe
Source44: named-chroot-setup.service
1baafe
Source46: named-setup-rndc.service
1baafe
Source47: named-pkcs11.service
1baafe
Source48: setup-named-softhsm.sh
1baafe
Source49: named-chroot.files
1baafe
1baafe
# Common patches
1baafe
Patch10: bind-9.5-PIE.patch
1baafe
Patch16: bind-9.16-redhat_doc.patch
1baafe
Patch72: bind-9.5-dlz-64bit.patch
1baafe
Patch106:bind93-rh490837.patch
1baafe
Patch112:bind97-rh645544.patch
1baafe
Patch130:bind-9.9.1-P2-dlz-libdb.patch
1baafe
# Make PKCS11 used only for pkcs11 parts
1baafe
Patch135:bind-9.14-config-pkcs11.patch
1baafe
# Fedora specific patch to distribute native-pkcs#11 functionality
1baafe
Patch136:bind-9.10-dist-native-pkcs11.patch
1baafe
# Do not use isc-pkcs11.
1baafe
Patch149:bind-9.11-kyua-pkcs11.patch
1baafe
1baafe
Patch157:bind-9.11-fips-tests.patch
1baafe
Patch164:bind-9.11-rh1666814.patch
1baafe
Patch170:bind-9.11-feature-test-named.patch
1baafe
Patch171:bind-9.11-tests-variants.patch
bae432
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5987
bae432
Patch172:bind-9.16-CVE-2022-0396.patch
bae432
Patch173:bind-9.16-CVE-2021-25220.patch
bae432
Patch174:bind-9.16-CVE-2021-25220-test.patch
af07b8
Patch175:bind-9.16-CVE-2022-3080.patch
af07b8
Patch176:bind-9.16-CVE-2022-38177.patch
af07b8
Patch177:bind-9.16-CVE-2022-38178.patch
bcb1e2
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6793
bcb1e2
# https://gitlab.isc.org/isc-projects/bind9/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8
bcb1e2
Patch178:bind-9.16-CVE-2022-2795.patch
bcb1e2
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6695
bcb1e2
Patch179:bind-9.16-rh2101712.patch
bcb1e2
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7376
bcb1e2
Patch181:bind-9.16-rh2133889.patch
bcb1e2
# https://gitlab.isc.org/isc-projects/bind9/commit/82185f4f80d2fa39a4569f6740cb360ffff8f5c4
bcb1e2
Patch182: bind-9.16-CVE-2022-3094-1.patch
bcb1e2
Patch183: bind-9.16-CVE-2022-3094-2.patch
bcb1e2
Patch184: bind-9.16-CVE-2022-3094-3.patch
bcb1e2
Patch185: bind-9.16-CVE-2022-3094-test.patch
bcb1e2
# https://gitlab.isc.org/isc-projects/bind9/commit/ea79385990c564eb478c286c089ea7ed15520690
bcb1e2
Patch186: bind-9.16-CVE-2022-3736.patch
bcb1e2
# https://gitlab.isc.org/isc-projects/bind9/commit/b4a65aaea19762a3712932aa2270e8a833fbde22
bcb1e2
Patch187: bind-9.16-CVE-2022-3924.patch
1baafe
1baafe
%{?systemd_ordering}
1baafe
Requires:       coreutils
1baafe
Requires(pre):  shadow-utils
1baafe
Requires(post): shadow-utils
1baafe
Requires(post): glibc-common
1baafe
Requires(post): grep
1baafe
Requires:       bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
# This wild require should satisfy %%selinux_set_boolean macro only
1baafe
# in case it needs to be used
1baafe
Requires(post): ((policycoreutils-python-utils and libselinux-utils) if (selinux-policy-targeted or selinux-policy-mls))
1baafe
Requires(post): ((selinux-policy and selinux-policy-base) if (selinux-policy-targeted or selinux-policy-mls))
1baafe
Recommends:     bind-utils bind-dnssec-utils
1baafe
BuildRequires:  gcc, make
1baafe
BuildRequires:  openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
1baafe
BuildRequires:  libidn2-devel, libxml2-devel
1baafe
BuildRequires:  systemd-rpm-macros
1baafe
BuildRequires:  selinux-policy
1baafe
# needed for %%{__python3} macro
1baafe
BuildRequires:  python3-devel
1baafe
BuildRequires:  python3-ply
1baafe
BuildRequires:  findutils sed
1baafe
%if 0%{?fedora}
1baafe
BuildRequires:  gnupg2
1baafe
%endif
1baafe
BuildRequires:  libuv-devel
1baafe
%if %{with DLZ}
1baafe
BuildRequires:  openldap-devel, libpq-devel, sqlite-devel, mariadb-connector-c-devel
1baafe
%endif
1baafe
%if %{with UNITTEST}
1baafe
# make unit dependencies
1baafe
BuildRequires:  libcmocka-devel kyua
1baafe
%endif
1baafe
%if %{with PKCS11} && (%{with UNITTEST} || %{with SYSTEMTEST})
1baafe
BuildRequires:  softhsm
1baafe
%endif
1baafe
%if %{with SYSTEMTEST}
1baafe
# bin/tests/system dependencies
1baafe
BuildRequires:  perl(Net::DNS) perl(Net::DNS::Nameserver) perl(Time::HiRes) perl(Getopt::Long)
1baafe
# manual configuration requires this tool
1baafe
BuildRequires:  iproute
1baafe
%endif
1baafe
%if %{with GSSTSIG}
1baafe
BuildRequires:  krb5-devel
1baafe
%endif
1baafe
%if %{with LMDB}
1baafe
BuildRequires:  lmdb-devel
1baafe
%endif
1baafe
%if %{with JSON}
1baafe
BuildRequires:  json-c-devel
1baafe
%endif
1baafe
%if %{with GEOIP2}
1baafe
BuildRequires:  libmaxminddb-devel
1baafe
%endif
1baafe
%if %{with DNSTAP}
1baafe
BuildRequires:  fstrm-devel protobuf-c-devel
1baafe
%endif
1baafe
# Needed to regenerate dig.1 manpage
1baafe
%if %{with DOC}
1baafe
BuildRequires:  python3-sphinx python3-sphinx_rtd_theme
1baafe
BuildRequires:  doxygen
1baafe
%endif
1baafe
%if %{with DOCPDF}
1baafe
# Because remaining issues with COPR, allow turning off PDF (re)generation
1baafe
BuildRequires:  python3-sphinx-latex latexmk texlive-xetex texlive-xindy
1baafe
%endif
1baafe
%if %{with TSAN}
1baafe
BuildRequires: libtsan
1baafe
%endif
1baafe
1baafe
%description
1baafe
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
1baafe
(Domain Name System) protocols. BIND includes a DNS server (named),
1baafe
which resolves host names to IP addresses; a resolver library
1baafe
(routines for applications to use when interfacing with DNS); and
1baafe
tools for verifying that the DNS server is operating properly.
1baafe
1baafe
%if %{with PKCS11}
1baafe
%package pkcs11
1baafe
Summary: Bind with native PKCS#11 functionality for crypto
1baafe
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Recommends: softhsm
1baafe
1baafe
%description pkcs11
1baafe
This is a version of BIND server built with native PKCS#11 functionality.
1baafe
It is important to have SoftHSM v2+ installed and some token initialized.
1baafe
For other supported HSM modules please check the BIND documentation.
1baafe
1baafe
%package pkcs11-utils
1baafe
Summary: Bind tools with native PKCS#11 for using DNSSEC
1baafe
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Obsoletes: bind-pkcs11 < 32:9.9.4-16.P2
1baafe
Requires: bind-dnssec-doc = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description pkcs11-utils
1baafe
This is a set of PKCS#11 utilities that when used together create rsa
1baafe
keys in a PKCS11 keystore. Also utilities for working with DNSSEC
1baafe
compiled with native PKCS#11 functionality are included.
1baafe
1baafe
%package pkcs11-libs
1baafe
Summary: Bind libraries compiled with native PKCS#11
1baafe
Requires: bind-license = %{epoch}:%{version}-%{release}
1baafe
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description pkcs11-libs
1baafe
This is a set of BIND libraries (dns, isc) compiled with native PKCS#11
1baafe
functionality.
1baafe
1baafe
%package pkcs11-devel
1baafe
Summary: Development files for Bind libraries compiled with native PKCS#11
1baafe
Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Requires: bind-devel%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description pkcs11-devel
1baafe
This a set of development files for BIND libraries (dns, isc) compiled
1baafe
with native PKCS#11 functionality.
1baafe
%endif
1baafe
1baafe
%package libs
1baafe
Summary: Libraries used by the BIND DNS packages
1baafe
Requires: bind-license = %{epoch}:%{version}-%{release}
1baafe
Provides: bind-libs-lite = %{epoch}:%{version}-%{release}
1baafe
Obsoletes: bind-libs-lite < 32:9.16.13
1baafe
1baafe
%description libs
1baafe
Contains heavyweight version of BIND suite libraries used by both named DNS
1baafe
server and utilities in bind-utils package.
1baafe
1baafe
%package license
1baafe
Summary:  License of the BIND DNS suite
1baafe
BuildArch:noarch
1baafe
1baafe
%description license
1baafe
Contains license of the BIND DNS suite.
1baafe
1baafe
%package utils
1baafe
Summary: Utilities for querying DNS name servers
1baafe
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
# For compatibility with Debian package
1baafe
Provides: dnsutils = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description utils
1baafe
Bind-utils contains a collection of utilities for querying DNS (Domain
1baafe
Name System) name servers to find out information about Internet
1baafe
hosts. These tools will provide you with the IP addresses for given
1baafe
host names, as well as other information about registered domains and
1baafe
network addresses.
1baafe
1baafe
You should install bind-utils if you need to get information from DNS name
1baafe
servers.
1baafe
1baafe
%package dnssec-utils
1baafe
Summary: DNSSEC keys and zones management utilities
1baafe
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Recommends: bind-utils
1baafe
Requires: python3-bind = %{epoch}:%{version}-%{release}
1baafe
Requires: bind-dnssec-doc = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description dnssec-utils
1baafe
Bind-dnssec-utils contains a collection of utilities for editing
1baafe
DNSSEC keys and BIND zone files. These tools provide generation,
1baafe
revocation and verification of keys and DNSSEC signatures in zone files.
1baafe
1baafe
You should install bind-dnssec-utils if you need to sign a DNS zone
1baafe
or maintain keys for it.
1baafe
1baafe
%package dnssec-doc
1baafe
Summary: Manual pages of DNSSEC utilities
1baafe
Requires: bind-license = %{epoch}:%{version}-%{release}
1baafe
BuildArch:noarch
1baafe
1baafe
%description dnssec-doc
1baafe
Bind-dnssec-doc contains manual pages for bind-dnssec-utils.
1baafe
1baafe
%package devel
1baafe
Summary:  Header files and libraries needed for bind-dyndb-ldap
1baafe
Provides: bind-lite-devel = %{epoch}:%{version}-%{release}
1baafe
Obsoletes: bind-lite-devel < 32:9.16.6-3
1baafe
Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Requires: openssl-devel%{?_isa} libxml2-devel%{?_isa}
1baafe
Requires: libcap-devel%{?_isa}
1baafe
%if %{with GSSTSIG}
1baafe
Requires: krb5-devel%{?_isa}
1baafe
%endif
1baafe
%if %{with LMDB}
1baafe
Requires: lmdb-devel%{?_isa}
1baafe
%endif
1baafe
%if %{with JSON}
1baafe
Requires:  json-c-devel%{?_isa}
1baafe
%endif
1baafe
%if %{with DNSTAP}
1baafe
Requires:  fstrm-devel%{?_isa} protobuf-c-devel%{?_isa}
1baafe
%endif
1baafe
%if %{with GEOIP2}
1baafe
Requires:  libmaxminddb-devel%{?_isa}
1baafe
1baafe
%description devel
1baafe
The bind-devel package contains full version of the header files and libraries
1baafe
required for building bind-dyndb-ldap. Upstream no longer supports nor recommends
1baafe
bind libraries for third party applications.
1baafe
%endif
1baafe
1baafe
%package chroot
1baafe
Summary:        A chroot runtime environment for the ISC BIND DNS server, named(8)
1baafe
Prefix:         %{chroot_prefix}
1baafe
# grep is required due to setup-named-chroot.sh script
1baafe
Requires:       grep
1baafe
Requires:       bind%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description chroot
1baafe
This package contains a tree of files which can be used as a
1baafe
chroot(2) jail for the named(8) program from the BIND package.
1baafe
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
1baafe
1baafe
1baafe
%if %{with DLZ}
1baafe
%package dlz-filesystem
1baafe
Summary: BIND server filesystem DLZ module
1baafe
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description dlz-filesystem
1baafe
Dynamic Loadable Zones filesystem module for BIND server.
1baafe
1baafe
%package dlz-ldap
1baafe
Summary: BIND server ldap DLZ module
1baafe
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description dlz-ldap
1baafe
Dynamic Loadable Zones LDAP module for BIND server.
1baafe
1baafe
%package dlz-mysql
1baafe
Summary: BIND server mysql and mysqldyn DLZ modules
1baafe
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
Provides: %{name}-dlz-mysqldyn = %{epoch}:%{version}-%{release}
1baafe
Obsoletes: %{name}-dlz-mysqldyn < 32:9.16.6-3
1baafe
1baafe
%description dlz-mysql
1baafe
Dynamic Loadable Zones MySQL module for BIND server.
1baafe
Contains also mysqldyn module with dynamic DNS updates (DDNS) support.
1baafe
1baafe
%package dlz-sqlite3
1baafe
Summary: BIND server sqlite3 DLZ module
1baafe
Requires: bind%{?_isa} = %{epoch}:%{version}-%{release}
1baafe
1baafe
%description dlz-sqlite3
1baafe
Dynamic Loadable Zones sqlite3 module for BIND server.
1baafe
%endif
1baafe
1baafe
1baafe
%package -n python3-bind
1baafe
Summary:   A module allowing rndc commands to be sent from Python programs
1baafe
Requires:  bind-license = %{epoch}:%{version}-%{release}
1baafe
Requires:  python3 python3-ply %{?py3_dist:%py3_dist ply}
1baafe
BuildArch: noarch
1baafe
%{?python_provide:%python_provide python3-bind}
1baafe
%{?python_provide:%python_provide python3-isc}
1baafe
1baafe
%description -n python3-bind
1baafe
This package provides a module which allows commands to be sent to rndc directly from Python programs.
1baafe
1baafe
%if %{with DOC}
1baafe
%package doc
1baafe
Summary:   BIND 9 Administrator Reference Manual
1baafe
Requires:  bind-license = %{epoch}:%{version}-%{release}
1baafe
Requires:  python3-sphinx_rtd_theme
1baafe
BuildArch: noarch
1baafe
1baafe
%description doc
1baafe
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
1baafe
(Domain Name System) protocols. BIND includes a DNS server (named),
1baafe
which resolves host names to IP addresses; a resolver library
1baafe
(routines for applications to use when interfacing with DNS); and
1baafe
tools for verifying that the DNS server is operating properly.
1baafe
1baafe
This package contains BIND 9 Administrator Reference Manual
1baafe
in HTML and PDF format.
1baafe
%end
1baafe
1baafe
%endif
1baafe
1baafe
%prep
1baafe
%if 0%{?fedora}
1baafe
# RHEL does not yet support this verification
1baafe
%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE2}' --data='%{SOURCE0}'
1baafe
%endif
1baafe
%setup -q
1baafe
1baafe
# Common patches
1baafe
%patch10 -p1 -b .PIE
1baafe
%patch16 -p1 -b .redhat_doc
1baafe
%patch72 -p1 -b .64bit
1baafe
%patch106 -p1 -b .rh490837
1baafe
%patch112 -p1 -b .rh645544
1baafe
%patch130 -p1 -b .libdb
1baafe
%patch157 -p1 -b .fips-tests
1baafe
%patch164 -p1 -b .rh1666814
1baafe
%patch170 -p1 -b .featuretest-named
1baafe
%patch171 -p1 -b .test-variant
bae432
%patch172 -p1 -b .CVE-2022-0396
bae432
%patch173 -p1 -b .CVE-2021-25220
bae432
%patch174 -p1 -b .CVE-2021-25220-test
af07b8
%patch175 -p1 -b .CVE-2022-3080
af07b8
%patch176 -p1 -b .CVE-2022-38177
af07b8
%patch177 -p1 -b .CVE-2022-38178
bcb1e2
%patch178 -p1 -b .CVE-2022-2795
bcb1e2
%patch179 -p1 -b .rh2101712
bcb1e2
%patch181 -p1 -b .rh2133889
bcb1e2
%patch182 -p1 -b .CVE-2022-3094
bcb1e2
%patch183 -p1 -b .CVE-2022-3094
bcb1e2
%patch184 -p1 -b .CVE-2022-3094
bcb1e2
%patch185 -p1 -b .CVE-2022-3094-test
bcb1e2
%patch186 -p1 -b .CVE-2022-3736
bcb1e2
%patch187 -p1 -b .CVE-2022-3924
1baafe
1baafe
%if %{with PKCS11}
1baafe
%patch135 -p1 -b .config-pkcs11
1baafe
cp -r bin/named{,-pkcs11}
1baafe
cp -r bin/dnssec{,-pkcs11}
1baafe
cp -r lib/dns{,-pkcs11}
1baafe
cp -r lib/ns{,-pkcs11}
1baafe
%patch136 -p1 -b .dist_pkcs11
1baafe
%patch149 -p1 -b .kyua-pkcs11
1baafe
%endif
1baafe
1baafe
# Sparc and s390 arches need to use -fPIE
1baafe
%ifarch sparcv9 sparc64 s390 s390x
1baafe
for i in bin/named/{,unix}/Makefile.in; do
1baafe
  sed -i 's|fpie|fPIE|g' $i
1baafe
done
1baafe
%endif
1baafe
1baafe
sed -e 's|"$TOP/config.guess"|"$TOP_SRCDIR/config.guess"|' -i bin/tests/system/ifconfig.sh
1baafe
:;
1baafe
1baafe
1baafe
%build
1baafe
## We use out of tree configure/build for export libs
1baafe
%define _configure "../configure"
1baafe
1baafe
# normal and pkcs11 unit tests
1baafe
%define unit_prepare_build() \
1baafe
  cp -uv Kyuafile "%{1}/" \
1baafe
  find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \
1baafe
  find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \
1baafe
  find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
1baafe
  find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
1baafe
1baafe
%define systemtest_prepare_build() \
1baafe
  cp -Tuav bin/tests "%{1}/bin/tests/" \
1baafe
  cp -uv version "%{1}" \
1baafe
1baafe
CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
1baafe
%if %{with TSAN}
1baafe
  CFLAGS+=" -O1 -fsanitize=thread -fPIE -pie"
1baafe
%endif
1baafe
export CFLAGS
1baafe
export STD_CDEFINES="$CPPFLAGS"
1baafe
1baafe
1baafe
sed -i -e \
1baafe
's/RELEASEVER=\(.*\)/RELEASEVER=\1-RH/' \
1baafe
version
1baafe
1baafe
libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
1baafe
1baafe
mkdir build
1baafe
1baafe
%if %{with DLZ}
1baafe
# DLZ modules do not support oot builds. Copy files into build
1baafe
mkdir -p build/contrib/dlz
1baafe
cp -frp contrib/dlz/modules build/contrib/dlz/modules
1baafe
%endif
1baafe
1baafe
pushd build
1baafe
LIBDIR_SUFFIX=
1baafe
export LIBDIR_SUFFIX
1baafe
%configure \
1baafe
  --with-python=%{__python3} \
1baafe
  --with-libtool \
1baafe
  --localstatedir=%{_var} \
1baafe
  --with-pic \
1baafe
  --disable-static \
1baafe
  --includedir=%{_includedir}/bind9 \
1baafe
  --with-tuning=large \
1baafe
  --with-libidn2 \
1baafe
%if %{with GEOIP2}
1baafe
  --with-maxminddb \
1baafe
%endif
1baafe
%if %{with PKCS11}
1baafe
  --enable-native-pkcs11 \
1baafe
  --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
1baafe
%endif
1baafe
  --with-dlopen=yes \
1baafe
%if %{with GSSTSIG}
1baafe
  --with-gssapi=yes \
1baafe
%endif
1baafe
%if %{with LMDB}
1baafe
  --with-lmdb=yes \
1baafe
%else
1baafe
  --with-lmdb=no \
1baafe
%endif
1baafe
%if %{with JSON}
1baafe
  --without-libjson --with-json-c \
1baafe
%endif
1baafe
%if %{with DNSTAP}
1baafe
  --enable-dnstap \
1baafe
%endif
1baafe
%if %{with UNITTEST}
1baafe
  --with-cmocka \
1baafe
%endif
1baafe
  --enable-fixed-rrset \
1baafe
  --enable-full-report \
1baafe
;
1baafe
%if %{with DNSTAP}
1baafe
  pushd lib
1baafe
  SRCLIB="../../../lib"
1baafe
  (cd dns && ln -s ${SRCLIB}/dns/dnstap.proto)
1baafe
%if %{with PKCS11}
1baafe
  (cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto)
1baafe
%endif
1baafe
  popd
1baafe
%endif
1baafe
1baafe
%if %{with DOCPDF}
1baafe
# avoid using home for pdf latex files
1baafe
export TEXMFVAR="`pwd`"
1baafe
export TEXMFCONFIG="`pwd`"
1baafe
fmtutil-user --listcfg || :
1baafe
fmtutil-user --missing || :
1baafe
%endif
1baafe
1baafe
%make_build
1baafe
1baafe
# Regenerate dig.1 manpage
1baafe
pushd bin/dig
1baafe
make man
1baafe
popd
1baafe
pushd bin/python
1baafe
make man
1baafe
popd
1baafe
1baafe
%if %{with DOC}
1baafe
  make doc
1baafe
%endif
1baafe
1baafe
%if %{with DLZ}
1baafe
  pushd contrib/dlz/modules
1baafe
  for DIR in mysql mysqldyn; do
1baafe
    sed -e 's/@DLZ_DRIVER_MYSQL_INCLUDES@/$(shell mysql_config --cflags)/' \
1baafe
        -e 's/@DLZ_DRIVER_MYSQL_LIBS@/$(shell mysql_config --libs)/' \
1baafe
        $DIR/Makefile.in > $DIR/Makefile
1baafe
  done
1baafe
  for DIR in filesystem ldap mysql mysqldyn sqlite3; do
1baafe
    make -C $DIR CFLAGS="-fPIC -I../include $CFLAGS $LDFLAGS"
1baafe
  done
1baafe
  popd
1baafe
%endif
1baafe
popd # build
1baafe
1baafe
%unit_prepare_build build
1baafe
%systemtest_prepare_build build
1baafe
1baafe
%check
1baafe
%if %{with PKCS11} && (%{with UNITTEST} || %{with SYSTEMTEST})
1baafe
  # Tests require initialization of pkcs11 token
1baafe
  eval "$(bash %{SOURCE48} -A "`pwd`/softhsm-tokens")"
1baafe
%endif
1baafe
1baafe
%if %{with TSAN}
1baafe
export TSAN_OPTIONS="log_exe_name=true log_path=ThreadSanitizer exitcode=0"
1baafe
%endif
1baafe
1baafe
%if %{with UNITTEST}
1baafe
  pushd build
1baafe
  CPUS=$(lscpu -p=cpu,core | grep -v '^#' | wc -l)
1baafe
  if [ "$CPUS" -gt 16 ]; then
1baafe
    ORIGFILES=$(ulimit -n)
1baafe
    ulimit -n 4096 || : # Requires on some machines with many cores
1baafe
  fi
1baafe
  make unit
1baafe
  e=$?
1baafe
  if [ "$e" -ne 0 ]; then
1baafe
    echo "ERROR: this build of BIND failed 'make unit'. Aborting."
1baafe
    exit $e;
1baafe
  fi;
1baafe
  [ "$CPUS" -gt 16 ] && ulimit -n $ORIGFILES || :
1baafe
  popd
1baafe
## End of UNITTEST
1baafe
%endif
1baafe
1baafe
%if %{with SYSTEMTEST}
1baafe
# Runs system test if ip addresses are already configured
1baafe
# or it is able to configure them
1baafe
if perl bin/tests/system/testsock.pl
1baafe
then
1baafe
  CONFIGURED=already
1baafe
else
1baafe
  CONFIGURED=
1baafe
  sh bin/tests/system/ifconfig.sh up
1baafe
  perl bin/tests/system/testsock.pl && CONFIGURED=build
1baafe
fi
1baafe
if [ -n "$CONFIGURED" ]
1baafe
then
1baafe
  set -e
1baafe
  pushd build/bin/tests
1baafe
  chown -R ${USER} . # Can be unknown user
1baafe
  %make_build test 2>&1 | tee test.log
1baafe
  e=$?
1baafe
  popd
1baafe
  [ "$CONFIGURED" = build ] && sh bin/tests/system/ifconfig.sh down
1baafe
  if [ "$e" -ne 0 ]; then
1baafe
    echo "ERROR: this build of BIND failed 'make test'. Aborting."
1baafe
    exit $e;
1baafe
  fi;
1baafe
else
1baafe
  echo 'SKIPPED: tests require root, CAP_NET_ADMIN or already configured test addresses.'
1baafe
fi
1baafe
%endif
1baafe
:
1baafe
1baafe
%install
1baafe
# Build directory hierarchy
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/{bind,named}
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named/{slaves,data,dynamic}
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
1baafe
mkdir -p ${RPM_BUILD_ROOT}/run/named
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/log
1baafe
1baafe
#chroot
1baafe
for D in %{chroot_create_directories}
1baafe
do
1baafe
  mkdir -p ${RPM_BUILD_ROOT}/%{chroot_prefix}${D}
1baafe
done
1baafe
1baafe
# create symlink as it is on real filesystem
1baafe
pushd ${RPM_BUILD_ROOT}/%{chroot_prefix}/var
1baafe
ln -s ../run run
1baafe
popd
1baafe
1baafe
# these are required to prevent them being erased during upgrade of previous
1baafe
touch ${RPM_BUILD_ROOT}/%{chroot_prefix}%{_sysconfdir}/named.conf
1baafe
#end chroot
1baafe
1baafe
pushd build
1baafe
%make_install
1baafe
popd
1baafe
1baafe
# Remove unwanted files
1baafe
rm -f ${RPM_BUILD_ROOT}/etc/bind.keys
1baafe
1baafe
# Systemd unit files
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_unitdir}
1baafe
install -m 644 %{SOURCE37} ${RPM_BUILD_ROOT}%{_unitdir}
1baafe
install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
1baafe
install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
1baafe
install -m 644 %{SOURCE46} ${RPM_BUILD_ROOT}%{_unitdir}
1baafe
1baafe
%if %{with PKCS11}
1baafe
install -m 644 %{SOURCE47} ${RPM_BUILD_ROOT}%{_unitdir}
1baafe
%else
1baafe
# Not packaged without PKCS11
1baafe
find ${RPM_BUILD_ROOT}%{_includedir}/bind9/pk11 ${RPM_BUILD_ROOT}%{_includedir}/bind9/pkcs11 \
1baafe
  -name '*.h' \! -name site.h -delete
1baafe
1baafe
%endif
1baafe
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
1baafe
install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
1baafe
install -m 755 %{SOURCE42} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
1baafe
1baafe
%if %{with PKCS11}
1baafe
install -m 755 %{SOURCE48} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh
1baafe
%endif
1baafe
1baafe
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/etc/logrotate.d/named
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
1baafe
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
1baafe
install -m 644 %{SOURCE49} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files
1baafe
1baafe
%if %{with DLZ}
1baafe
  pushd build
1baafe
  pushd contrib/dlz/modules
1baafe
  for DIR in filesystem ldap mysql mysqldyn sqlite3; do
1baafe
    %make_install -C $DIR libdir=%{_libdir}/named
1baafe
  done
1baafe
  pushd ${RPM_BUILD_ROOT}/%{_libdir}/bind
1baafe
    cp -s ../named/dlz_*.so .
1baafe
  popd
1baafe
  mkdir -p doc/{mysql,mysqldyn}
1baafe
  cp -p mysqldyn/testing/README doc/mysqldyn/README.testing
1baafe
  cp -p mysqldyn/testing/* doc/mysqldyn
1baafe
  cp -p mysql/testing/* doc/mysql
1baafe
  popd
1baafe
  popd
1baafe
%endif
1baafe
1baafe
# Install isc/errno2result.h header
1baafe
install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc
1baafe
1baafe
# Remove libtool .la files:
1baafe
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
1baafe
1baafe
# PKCS11 versions manpages
1baafe
%if %{with PKCS11}
1baafe
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
1baafe
ln -s named.8.gz named-pkcs11.8.gz
1baafe
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
1baafe
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
1baafe
ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz
1baafe
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
1baafe
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
1baafe
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
1baafe
ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz
1baafe
ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz
1baafe
ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
1baafe
popd
1baafe
%endif
1baafe
1baafe
# 9.16.4 installs even manual pages for tools not generated
1baafe
%if %{without DNSTAP}
1baafe
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man1/dnstap-read.1* || true
1baafe
%endif
1baafe
%if %{without LMDB}
1baafe
rm -f ${RPM_BUILD_ROOT}%{_mandir}/man8/named-nzd2nzf.8* || true
1baafe
%endif
1baafe
1baafe
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
1baafe
ln -s ddns-confgen.8.gz tsig-keygen.8.gz
1baafe
ln -s named-checkzone.8.gz named-compilezone.8.gz
1baafe
popd
1baafe
1baafe
%if %{with DOC}
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_pkgdocdir}
1baafe
cp -a build/doc/arm/_build/html ${RPM_BUILD_ROOT}%{_pkgdocdir}
1baafe
rm -rf ${RPM_BUILD_ROOT}%{_pkgdocdir}/html/.{buildinfo,doctrees}
1baafe
# Backward compatible link to 9.11 documentation
1baafe
(cd ${RPM_BUILD_ROOT}%{_pkgdocdir} && ln -s html/index.html Bv9ARM.html)
1baafe
# Share static data from original sphinx package
1baafe
for DIR in %{python3_sitelib}/sphinx_rtd_theme/static/*
1baafe
do
1baafe
  BASE=$(basename -- "$DIR")
1baafe
  BINDTHEMEDIR="${RPM_BUILD_ROOT}%{_pkgdocdir}/html/_static/$BASE"
1baafe
  if [ -d "$BINDTHEMEDIR" ]; then
1baafe
    rm -rf "$BINDTHEMEDIR"
1baafe
    ln -s "$DIR" "$BINDTHEMEDIR"
1baafe
  fi
1baafe
done
1baafe
%endif
1baafe
%if %{with DOCPDF}
1baafe
cp -a build/doc/arm/Bv9ARM.pdf ${RPM_BUILD_ROOT}%{_pkgdocdir}
1baafe
%endif
1baafe
1baafe
# Ghost config files:
1baafe
touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
1baafe
1baafe
# configuration files:
1baafe
install -m 640 %{SOURCE16} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf
1baafe
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.{key,conf}
1baafe
install -m 644 %{SOURCE27} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.root.key
1baafe
install -m 644 %{SOURCE36} ${RPM_BUILD_ROOT}%{_sysconfdir}/trusted-key.key
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/named
1baafe
1baafe
# data files:
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named
1baafe
install -m 640 %{SOURCE17} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca
1baafe
install -m 640 %{SOURCE18} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost
1baafe
install -m 640 %{SOURCE19} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback
1baafe
install -m 640 %{SOURCE20} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty
1baafe
install -m 640 %{SOURCE23} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones
1baafe
1baafe
# sample bind configuration files for %%doc:
1baafe
mkdir -p sample/etc sample/var/named/{data,slaves}
1baafe
install -m 644 %{SOURCE25} sample/etc/named.conf
1baafe
# Copy default configuration to %%doc to make it usable from system-config-bind
1baafe
install -m 644 %{SOURCE16} named.conf.default
1baafe
install -m 644 %{SOURCE23} sample/etc/named.rfc1912.zones
1baafe
install -m 644 %{SOURCE18} %{SOURCE19} %{SOURCE20}  sample/var/named
1baafe
install -m 644 %{SOURCE17} sample/var/named/named.ca
1baafe
for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.internal.zone.db my.external.zone.db; do 
1baafe
  echo '@ in soa localhost. root 1 3H 15M 1W 1D
1baafe
  ns localhost.' > sample/var/named/$f; 
1baafe
done
1baafe
:;
1baafe
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
1baafe
install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
1baafe
1baafe
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
1baafe
install -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
1baafe
1baafe
%pre
1baafe
if [ "$1" -eq 1 ]; then
1baafe
  /usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
1baafe
  /usr/sbin/useradd  -u %{bind_uid} -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
1baafe
fi;
1baafe
:;
1baafe
1baafe
%post
1baafe
%?ldconfig
1baafe
if [ -e "%{_sysconfdir}/selinux/config" ]; then
1baafe
  %selinux_set_booleans -s targeted %{selinuxbooleans}
1baafe
  %selinux_set_booleans -s mls %{selinuxbooleans}
1baafe
fi
1baafe
if [ "$1" -eq 1 ]; then
1baafe
  # Initial installation
1baafe
  [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
1baafe
  # rndc.key has to have correct perms and ownership, CVE-2007-6283
1baafe
  [ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
1baafe
  [ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
1baafe
else
1baafe
  # Upgrade, use invalid shell
1baafe
  if getent passwd named | grep ':/bin/false$' >/dev/null; then
1baafe
    /sbin/usermod -s /sbin/nologin named
1baafe
  fi
1baafe
  # Checkconf will parse out comments
1baafe
  if /usr/sbin/named-checkconf -p /etc/named.conf 2>/dev/null | grep -q named.iscdlv.key
1baafe
  then
1baafe
    echo "Replacing obsolete named.iscdlv.key with named.root.key..."
1baafe
    if cp -Rf --preserve=all --remove-destination /etc/named.conf /etc/named.conf.rpmbackup; then
1baafe
      sed -e 's/named\.iscdlv\.key/named.root.key/' \
1baafe
        /etc/named.conf.rpmbackup > /etc/named.conf || \
1baafe
      mv /etc/named.conf.rpmbackup /etc/named.conf
1baafe
    fi
1baafe
  fi
1baafe
fi
1baafe
%systemd_post named.service
1baafe
:;
1baafe
1baafe
%preun
1baafe
# Package removal, not upgrade
1baafe
%systemd_preun named.service
1baafe
1baafe
%postun
1baafe
%?ldconfig
1baafe
# Package upgrade, not uninstall
1baafe
%systemd_postun_with_restart named.service
1baafe
if [ -e "%{_sysconfdir}/selinux/config" ]; then
1baafe
  %selinux_unset_booleans -s targeted %{selinuxbooleans}
1baafe
  %selinux_unset_booleans -s mls %{selinuxbooleans}
1baafe
fi
1baafe
1baafe
%if %{with PKCS11}
1baafe
%post pkcs11
1baafe
# Initial installation
1baafe
%systemd_post named-pkcs11.service
1baafe
1baafe
%preun pkcs11
1baafe
# Package removal, not upgrade
1baafe
%systemd_preun named-pkcs11.service
1baafe
1baafe
%postun pkcs11
1baafe
# Package upgrade, not uninstall
1baafe
%systemd_postun_with_restart named-pkcs11.service
1baafe
%endif
1baafe
1baafe
# Fix permissions on existing device files on upgrade
1baafe
%define chroot_fix_devices() \
1baafe
if [ $1 -gt 1 ]; then \
1baafe
  for DEV in "%{1}/dev"/{null,random,zero}; do \
1baafe
    if [ -e "$DEV" -a "$(/bin/stat --printf="%G %a" "$DEV")" = "root 644" ]; \
1baafe
    then \
1baafe
      /bin/chmod 0664 "$DEV" \
1baafe
      /bin/chgrp named "$DEV" \
1baafe
    fi \
1baafe
  done \
1baafe
fi
1baafe
1baafe
%triggerun -- bind < 32:9.9.0-0.6.rc1
1baafe
/sbin/chkconfig --del named >/dev/null 2>&1 || :
1baafe
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
1baafe
1baafe
%ldconfig_scriptlets libs
1baafe
1baafe
%if %{with PKCS11}
1baafe
%ldconfig_scriptlets pkcs11-libs
1baafe
%endif
1baafe
1baafe
%post chroot
1baafe
%systemd_post named-chroot.service
1baafe
%chroot_fix_devices %{chroot_prefix}
1baafe
:;
1baafe
1baafe
%posttrans chroot
1baafe
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
1baafe
  [ -x /sbin/restorecon ] && /sbin/restorecon %{chroot_prefix}/dev/* > /dev/null 2>&1;
1baafe
fi;
1baafe
1baafe
%preun chroot
1baafe
# wait for stop of both named-chroot and named-chroot-setup services
1baafe
# on uninstall
1baafe
%systemd_preun named-chroot.service named-chroot-setup.service
1baafe
:;
1baafe
1baafe
%postun chroot
1baafe
# Package upgrade, not uninstall
1baafe
%systemd_postun_with_restart named-chroot.service
1baafe
1baafe
1baafe
%files
1baafe
# TODO: Move from lib/bind to lib/named, as used by upstream
1baafe
%dir %{_libdir}/bind
1baafe
%dir %{_libdir}/named
1baafe
%{_libdir}/named/*.so
1baafe
%exclude %{_libdir}/named/dlz_*.so
1baafe
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named
1baafe
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key
1baafe
%config(noreplace) %{_sysconfdir}/logrotate.d/named
1baafe
%{_tmpfilesdir}/named.conf
1baafe
%{_sysconfdir}/rwtab.d/named
1baafe
%{_unitdir}/named.service
1baafe
%{_unitdir}/named-setup-rndc.service
1baafe
%{_sbindir}/named-journalprint
1baafe
%{_sbindir}/named-checkconf
1baafe
%{_bindir}/named-rrchecker
1baafe
%{_bindir}/mdig
1baafe
%{_sbindir}/named
1baafe
%{_sbindir}/rndc*
1baafe
%{_libexecdir}/generate-rndc-key.sh
1baafe
%{_mandir}/man1/mdig.1*
1baafe
%{_mandir}/man1/named-rrchecker.1*
1baafe
%{_mandir}/man5/named.conf.5*
1baafe
%{_mandir}/man5/rndc.conf.5*
1baafe
%{_mandir}/man8/rndc.8*
1baafe
%{_mandir}/man8/named.8*
1baafe
%{_mandir}/man8/named-checkconf.8*
1baafe
%{_mandir}/man8/rndc-confgen.8*
1baafe
%{_mandir}/man8/named-journalprint.8*
1baafe
%{_mandir}/man8/filter-aaaa.8.gz
1baafe
%doc CHANGES README named.conf.default
1baafe
%doc sample/
1baafe
1baafe
# Hide configuration
1baafe
%defattr(0640,root,named,0750)
1baafe
%dir %{_sysconfdir}/named
1baafe
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
1baafe
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
1baafe
%defattr(0660,root,named,01770)
1baafe
%dir %{_localstatedir}/named
1baafe
%defattr(0660,named,named,0770)
1baafe
%dir %{_localstatedir}/named/slaves
1baafe
%dir %{_localstatedir}/named/data
1baafe
%dir %{_localstatedir}/named/dynamic
1baafe
%ghost %{_localstatedir}/log/named.log
1baafe
%defattr(0640,root,named,0750)
1baafe
%config %verify(not link) %{_localstatedir}/named/named.ca
1baafe
%config %verify(not link) %{_localstatedir}/named/named.localhost
1baafe
%config %verify(not link) %{_localstatedir}/named/named.loopback
1baafe
%config %verify(not link) %{_localstatedir}/named/named.empty
1baafe
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
1baafe
# ^- rndc.key now created on first install only if it does not exist
1baafe
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf
1baafe
# ^- The default rndc.conf which uses rndc.key is in named's default internal config -
1baafe
#    so rndc.conf is not necessary.
1baafe
%defattr(-,named,named,-)
1baafe
%dir /run/named
1baafe
1baafe
%files libs
1baafe
%{_libdir}/libbind9-%{version}*.so
1baafe
%{_libdir}/libisccc-%{version}*.so
1baafe
%{_libdir}/libns-%{version}*.so
1baafe
%{_libdir}/libdns-%{version}*.so
1baafe
%{_libdir}/libirs-%{version}*.so
1baafe
%{_libdir}/libisc-%{version}*.so
1baafe
%{_libdir}/libisccfg-%{version}*.so
1baafe
1baafe
%files license
1baafe
%{!?_licensedir:%global license %%doc}
1baafe
%license COPYRIGHT
1baafe
1baafe
%files utils
1baafe
%{_bindir}/dig
1baafe
%{_bindir}/delv
1baafe
%{_bindir}/host
1baafe
%{_bindir}/nslookup
1baafe
%{_bindir}/nsupdate
1baafe
%{_bindir}/arpaname
1baafe
%{_sbindir}/ddns-confgen
1baafe
%{_sbindir}/tsig-keygen
1baafe
%{_sbindir}/nsec3hash
1baafe
%{_sbindir}/named-checkzone
1baafe
%{_sbindir}/named-compilezone
1baafe
%if %{with DNSTAP}
1baafe
%{_bindir}/dnstap-read
1baafe
%{_mandir}/man1/dnstap-read.1*
1baafe
%endif
1baafe
%if %{with LMDB}
1baafe
%{_sbindir}/named-nzd2nzf
1baafe
%{_mandir}/man8/named-nzd2nzf.8*
1baafe
%endif
1baafe
%{_mandir}/man1/host.1*
1baafe
%{_mandir}/man1/nsupdate.1*
1baafe
%{_mandir}/man1/dig.1*
1baafe
%{_mandir}/man1/delv.1*
1baafe
%{_mandir}/man1/nslookup.1*
1baafe
%{_mandir}/man1/arpaname.1*
1baafe
%{_mandir}/man8/ddns-confgen.8*
1baafe
%{_mandir}/man8/tsig-keygen.8*
1baafe
%{_mandir}/man8/nsec3hash.8*
1baafe
%{_mandir}/man8/named-checkzone.8*
1baafe
%{_mandir}/man8/named-compilezone.8*
1baafe
%{_sysconfdir}/trusted-key.key
1baafe
1baafe
%files dnssec-utils
1baafe
%{_sbindir}/dnssec*
1baafe
%if %{with PKCS11}
1baafe
%exclude %{_sbindir}/dnssec*pkcs11
1baafe
%endif
1baafe
1baafe
%files dnssec-doc
1baafe
%{_mandir}/man8/dnssec*.8*
1baafe
%if %{with PKCS11}
1baafe
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
1baafe
%endif
1baafe
1baafe
%files devel
1baafe
%{_libdir}/libbind9.so
1baafe
%{_libdir}/libisccc.so
1baafe
%{_libdir}/libns.so
1baafe
%{_libdir}/libdns.so
1baafe
%{_libdir}/libirs.so
1baafe
%{_libdir}/libisc.so
1baafe
%{_libdir}/libisccfg.so
1baafe
%dir %{_includedir}/bind9
1baafe
%{_includedir}/bind9/bind9
1baafe
%{_includedir}/bind9/isccc
1baafe
%{_includedir}/bind9/ns
1baafe
%{_includedir}/bind9/dns
1baafe
%{_includedir}/bind9/dst
1baafe
%{_includedir}/bind9/irs
1baafe
%{_includedir}/bind9/isc
1baafe
%dir %{_includedir}/bind9/pk11
1baafe
%{_includedir}/bind9/pk11/site.h
1baafe
%{_includedir}/bind9/isccfg
1baafe
1baafe
%files chroot
1baafe
%config(noreplace) %{_sysconfdir}/named-chroot.files
1baafe
%{_unitdir}/named-chroot.service
1baafe
%{_unitdir}/named-chroot-setup.service
1baafe
%{_libexecdir}/setup-named-chroot.sh
1baafe
%defattr(0664,root,named,-)
1baafe
%ghost %dev(c,1,3) %verify(not mtime) %{chroot_prefix}/dev/null
1baafe
%ghost %dev(c,1,8) %verify(not mtime) %{chroot_prefix}/dev/random
1baafe
%ghost %dev(c,1,9) %verify(not mtime) %{chroot_prefix}/dev/urandom
1baafe
%ghost %dev(c,1,5) %verify(not mtime) %{chroot_prefix}/dev/zero
1baafe
%defattr(0640,root,named,0750)
1baafe
%dir %{chroot_prefix}
1baafe
%dir %{chroot_prefix}/dev
1baafe
%dir %{chroot_prefix}%{_sysconfdir}
1baafe
%dir %{chroot_prefix}%{_sysconfdir}/named
1baafe
%dir %{chroot_prefix}%{_sysconfdir}/pki
1baafe
%dir %{chroot_prefix}%{_sysconfdir}/pki/dnssec-keys
1baafe
%dir %{chroot_prefix}%{_sysconfdir}/crypto-policies
1baafe
%dir %{chroot_prefix}%{_sysconfdir}/crypto-policies/back-ends
1baafe
%dir %{chroot_prefix}%{_localstatedir}
1baafe
%dir %{chroot_prefix}/run
1baafe
%ghost %config(noreplace) %{chroot_prefix}%{_sysconfdir}/named.conf
1baafe
%defattr(-,root,root,-)
1baafe
%dir %{chroot_prefix}/usr
1baafe
%dir %{chroot_prefix}/%{_libdir}
1baafe
%dir %{chroot_prefix}/%{_libdir}/bind
bcb1e2
%dir %{chroot_prefix}/%{_libdir}/named
1baafe
%dir %{chroot_prefix}/%{_datadir}/GeoIP
1baafe
%{chroot_prefix}/proc
1baafe
%defattr(0660,root,named,01770)
1baafe
%dir %{chroot_prefix}%{_localstatedir}/named
1baafe
%defattr(0660,named,named,0770)
1baafe
%dir %{chroot_prefix}%{_localstatedir}/tmp
1baafe
%dir %{chroot_prefix}%{_localstatedir}/log
1baafe
%defattr(-,named,named,-)
1baafe
%dir %{chroot_prefix}/run/named
1baafe
%{chroot_prefix}%{_localstatedir}/run
1baafe
1baafe
%if %{with PKCS11}
1baafe
%files pkcs11
1baafe
%{_sbindir}/named-pkcs11
1baafe
%{_unitdir}/named-pkcs11.service
1baafe
%{_mandir}/man8/named-pkcs11.8*
1baafe
%{_libexecdir}/setup-named-softhsm.sh
1baafe
1baafe
%files pkcs11-utils
1baafe
%{_sbindir}/dnssec*pkcs11
1baafe
%{_sbindir}/pkcs11-destroy
1baafe
%{_sbindir}/pkcs11-keygen
1baafe
%{_sbindir}/pkcs11-list
1baafe
%{_sbindir}/pkcs11-tokens
1baafe
%{_mandir}/man8/pkcs11*.8*
1baafe
%{_mandir}/man8/dnssec*-pkcs11.8*
1baafe
1baafe
%files pkcs11-libs
1baafe
%{_libdir}/libdns-pkcs11-%{version}*.so
1baafe
%{_libdir}/libns-pkcs11-%{version}*.so
1baafe
1baafe
%files pkcs11-devel
1baafe
%{_includedir}/bind9/pk11/*.h
1baafe
%exclude %{_includedir}/bind9/pk11/site.h
1baafe
%{_includedir}/bind9/pkcs11
1baafe
%{_libdir}/libdns-pkcs11.so
1baafe
%{_libdir}/libns-pkcs11.so
1baafe
%endif
1baafe
1baafe
%if %{with DLZ}
1baafe
%files dlz-filesystem
1baafe
%{_libdir}/{named,bind}/dlz_filesystem_dynamic.so
1baafe
1baafe
%files dlz-mysql
1baafe
%{_libdir}/{named,bind}/dlz_mysql_dynamic.so
1baafe
%doc build/contrib/dlz/modules/doc/mysql
1baafe
%{_libdir}/{named,bind}/dlz_mysqldyn_mod.so
1baafe
%doc build/contrib/dlz/modules/doc/mysqldyn
1baafe
1baafe
%files dlz-ldap
1baafe
%{_libdir}/{named,bind}/dlz_ldap_dynamic.so
1baafe
%doc contrib/dlz/modules/ldap/testing/*
1baafe
1baafe
%files dlz-sqlite3
1baafe
%{_libdir}/{named,bind}/dlz_sqlite3_dynamic.so
1baafe
%doc contrib/dlz/modules/sqlite3/testing/*
1baafe
1baafe
%endif
1baafe
1baafe
%files -n python3-bind
1baafe
%{python3_sitelib}/*.egg-info
1baafe
%{python3_sitelib}/isc/
1baafe
1baafe
%if %{with DOC}
1baafe
%files doc
1baafe
%dir %{_pkgdocdir}
1baafe
%doc %{_pkgdocdir}/Bv9ARM.html
1baafe
%doc %{_pkgdocdir}/html
1baafe
%endif
1baafe
%if %{with DOCPDF}
1baafe
%doc %{_pkgdocdir}/Bv9ARM.pdf
1baafe
%endif
1baafe
1baafe
%changelog
bcb1e2
* Mon Feb 27 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-11
bcb1e2
- Correct backport issue in statistics rendering fix (#2126912)
bcb1e2
bcb1e2
* Sat Feb 25 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-10
bcb1e2
- Handle subtle difference between upstream and rhel (CVE-2022-3094)
bcb1e2
bcb1e2
* Wed Feb 08 2023 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-9
bcb1e2
- Prevent flooding with UPDATE requests (CVE-2022-3094)
bcb1e2
- Handle RRSIG queries when server-stale is active (CVE-2022-3736)
bcb1e2
- Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924)
bcb1e2
bcb1e2
* Thu Oct 13 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-8
bcb1e2
- Correct regression preventing bind-dyndb-ldap build (#2162795)
bcb1e2
bcb1e2
* Tue Oct 04 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-7
bcb1e2
- Prevent freeing zone during statistics rendering (#2101712)
bcb1e2
bcb1e2
* Tue Oct 04 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-6
bcb1e2
- Bound the amount of work performed for delegations (CVE-2022-2795)
bcb1e2
- Add %_libdir/named to bind-chroot (#2129466)
bcb1e2
bae432
* Thu Sep 22 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-5
af07b8
- Fix possible serve-stale related crash (CVE-2022-3080)
af07b8
- Fix memory leak in ECDSA verify processing (CVE-2022-38177)
af07b8
- Fix memory leak in EdDSA verify processing (CVE-2022-38178)
af07b8
bae432
* Thu Jul 14 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-4
bae432
- Export bind-doc package (#2104863)
bae432
bae432
* Mon Apr 11 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-3
bae432
- Tighten cache protection against record from forwarders (CVE-2021-25220)
bae432
- Include test of forwarders
bae432
bae432
* Fri Mar 25 2022 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-2
bae432
- TCP connections with 'keep-response-order' are properly close in all cases
bae432
  (CVE-2022-0396)
bae432
1baafe
* Fri Nov 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-1
1baafe
- Update to 9.16.23 (#2024210)
1baafe
1baafe
* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-5
1baafe
- Propagate ephemeral port ranges to chroot (#2013595)
1baafe
1baafe
* Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-4
1baafe
- Fixes listening on TCP in some race conditions (#1999691)
1baafe
1baafe
* Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-3
1baafe
- Include documentation of dig return codes (#1989909)
1baafe
1baafe
* Thu Aug 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-2
1baafe
- Fix map file format incompatibility
1baafe
- Actually enable LMDB support
1baafe
1baafe
* Tue Aug 17 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-1
1baafe
- Update to 9.16.20
1baafe
1baafe
* Mon Aug 09 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-4
1baafe
- Do not depend on systemd package
1baafe
1baafe
* Mon Aug 09 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-3
1baafe
- Include backward compatible html symlink in doc subpackage
1baafe
1baafe
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 32:9.16.19-2
1baafe
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
1baafe
  Related: rhbz#1991688
1baafe
1baafe
* Wed Jul 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.19-1
1baafe
- Update to 9.16.19 (#1956777)
1baafe
1baafe
* Thu Jun 24 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.16-1
1baafe
- Update to 9.16.16 (#1956777)
1baafe
1baafe
* Thu Jun 24 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.15-3
1baafe
- Disable building of DLZ and PKCS11
1baafe
- Build HTML documentation into separate bind-doc subpackage
1baafe
- Enable DNSTAP feature (#1975268)
1baafe
- Enable LMDB support (#1975775)
1baafe
1baafe
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 32:9.16.15-2
1baafe
- Rebuilt for RHEL 9 BETA for openssl 3.0
1baafe
  Related: rhbz#1971065
1baafe
1baafe
* Thu Apr 29 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.15-1
1baafe
- Update to 9.16.15
1baafe
1baafe
* Thu Apr 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.13-1
1baafe
- Update to 9.16.13
1baafe
- Changed displayed version just to include -RH suffix, not release
1baafe
- Version is now part of library names, soname versions are no longer provided
1baafe
- Removed bind-libs-lite subpackage
1baafe
1baafe
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 32:9.16.11-6
1baafe
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
1baafe
1baafe
* Fri Feb 26 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.11-5
1baafe
- Make logrotate.d world-readable (#1917061)
1baafe
1baafe
* Mon Feb 22 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.11-4
1baafe
- Fix off-by-one bug in ISC SPNEGO implementation (#1929965)
1baafe
1baafe
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 32:9.16.11-3
1baafe
- rebuild for libpq ABI fix rhbz#1908268
1baafe
1baafe
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.16.11-2
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
1baafe
1baafe
* Thu Jan 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.11-1
1baafe
- Update to 9.16.11 (#1827602)
1baafe
- Avoid unit test failures on machines with many cores
1baafe
1baafe
* Thu Jan 14 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.10-2
1baafe
- Update to 9.16.10
1baafe
- Remove bind-sdb package
1baafe
- https://fedoraproject.org/wiki/Changes/BIND9.16
1baafe
1baafe
* Wed Jan 13 08:55:11 CET 2021 Adrian Reber <adrian@lisas.de> - 32:9.11.26-3
1baafe
- Rebuilt for protobuf 3.14
1baafe
1baafe
* Wed Jan 06 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-2
1baafe
- Use make macros
1baafe
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
1baafe
1baafe
* Mon Jan 04 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-1
1baafe
- Update to 9.11.26
1baafe
1baafe
* Mon Nov 30 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.25-2
1baafe
- Regenerate all manual pages on build
1baafe
1baafe
* Thu Nov 26 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.25-1
1baafe
- Update to 9.11.25
1baafe
1baafe
* Wed Nov 04 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-2
1baafe
- Fix crash on NTA recheck failure (#1893761)
1baafe
1baafe
* Fri Oct 23 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.24-1
1baafe
- Update to 9.11.24
1baafe
1baafe
* Wed Sep 23 2020 Adrian Reber <adrian@lisas.de> - 32:9.11.23-2
1baafe
- Rebuilt for protobuf 3.13
1baafe
1baafe
* Thu Sep 17 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.23-1
1baafe
- Update to 9.11.23
1baafe
- Merge bind-lite-devel into devel package
1baafe
1baafe
* Tue Sep 01 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.22-2
1baafe
- Require libcap from devel package
1baafe
1baafe
* Thu Aug 20 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.22-1
1baafe
- Update to 9.11.22
1baafe
1baafe
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.21-3
1baafe
- Second attempt - Rebuilt for
1baafe
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
1baafe
1baafe
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.21-2
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
1baafe
1baafe
* Wed Jul 15 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.21-1
1baafe
- Update to 9.11.21
1baafe
1baafe
* Tue Jun 23 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-3
1baafe
- Move documentation to separate bind-doc package
1baafe
1baafe
* Sat Jun 20 2020 Adrian Reber <adrian@lisas.de> - 32:9.11.20-2
1baafe
- Rebuilt for protobuf 3.12
1baafe
1baafe
* Wed Jun 17 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-1
1baafe
- Update to 9.11.20
1baafe
1baafe
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.19-2
1baafe
- Rebuilt for Python 3.9
1baafe
1baafe
* Fri May 15 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.19-1
1baafe
- Update to 9.11.19 (CVE-2020-8616, CVE-2020-8617)
1baafe
- Make initscripts just optional dependency
1baafe
1baafe
* Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 32:9.11.18-2
1baafe
- Rebuild (json-c)
1baafe
1baafe
* Thu Apr 16 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.18-1
1baafe
- Update to 9.11.18
1baafe
1baafe
* Tue Mar 31 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.17-1
1baafe
- Update to 9.11.17
1baafe
1baafe
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.14-5
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
1baafe
1baafe
 * Wed Jan 08 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-4
1baafe
- Remove libmaxminddb-devel from devel package dependencies
1baafe
1baafe
* Fri Jan 03 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-3
1baafe
- Preserve symlinks to named.conf on iscdlv modification (#1786626)
1baafe
1baafe
* Thu Dec 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-2
1baafe
- Include more Thread Sanitizer detected changes (#1736762)
1baafe
1baafe
* Thu Dec 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.14-1
1baafe
- Update to 9.11.14
1baafe
1baafe
* Tue Dec 03 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-4
1baafe
- Disable Berkeley DB support (#1779190)
1baafe
1baafe
* Mon Dec 02 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-3
1baafe
- Backport few thread safety related fixed from upstream (#1736762)
1baafe
1baafe
* Tue Nov 26 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-2
1baafe
- Complete explicit disabling of RSAMD5 in FIPS mode (#1709553)
1baafe
1baafe
* Tue Nov 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.13-1
1baafe
- Update to 9.11.13
1baafe
1baafe
* Tue Nov 19 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-6
1baafe
- Report failures on systemctl reload
1baafe
1baafe
* Tue Nov 12 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-5
1baafe
- Fix binary compatibility after serve-stale patch (#1770492)
1baafe
1baafe
* Wed Nov 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-4
1baafe
- Backported serve-stale feature
1baafe
1baafe
* Wed Nov 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-3
1baafe
- Fix wrong default GeoIP directory (#1768258)
1baafe
1baafe
* Mon Nov 04 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-2
1baafe
- Move data files outside config archive
1baafe
- Specify geoip data directory in config file (#1768258)
1baafe
1baafe
* Mon Oct 21 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.12-1
1baafe
- Update to 9.11.12 (#1557762)
1baafe
1baafe
* Wed Sep 25 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.11-1
1baafe
- Update to 9.11.11
1baafe
1baafe
* Wed Sep 04 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.10-3
1baafe
- Share pkcs11-utils and dnssec-utils manuals instead of recommend
1baafe
1baafe
* Tue Sep 03 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.10-2
1baafe
- Move some administration utilities back to bind-utils (#1720380)
1baafe
- Add GeoIP to bind-chroot (#1497646)
1baafe
- Recommend bind-dnssec-utils from bind-pkcs11-utils
1baafe
1baafe
* Tue Aug 27 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.10-1
1baafe
- Update to 9.11.10
1baafe
1baafe
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.9-4
1baafe
- Rebuilt for Python 3.8
1baafe
1baafe
* Fri Aug 09 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.9-3
1baafe
- Display errors from rndc reload (#1739441)
1baafe
1baafe
* Thu Aug 08 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.9-2
1baafe
- Permit explicit disabling of RSAMD5 in FIPS mode (#1709553)
1baafe
1baafe
* Wed Jul 24 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.9-1
1baafe
- Update to 9.11.9
1baafe
- Add GeoLite2 support
1baafe
- Disable export-libs
1baafe
1baafe
* Wed Jul 24 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.8-2
1baafe
- Use monotonic time in export library (#1732883)
1baafe
1baafe
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.8-2
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
1baafe
1baafe
* Tue Jul 02 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.8-1
1baafe
- Update to 9.11.8
1baafe
1baafe
* Mon Jun 17 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.7-2
1baafe
- Fix OpenSSL random generator initialization
1baafe
1baafe
* Mon Jun 10 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.7-1
1baafe
- Update to 9.11.7
1baafe
1baafe
* Mon May 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-5.P1
1baafe
- Fix also postun script
1baafe
1baafe
* Mon May 06 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-4.P1
1baafe
- Fix error in scriptlet condition
1baafe
1baafe
* Thu May 02 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-3.P1
1baafe
- Fix inefective limit of TCP clients (CVE-2018-5743)
1baafe
1baafe
* Thu Mar 14 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-2
1baafe
- Fix dnstap and timer issues in unit test
1baafe
- Enable DLZ modules
1baafe
1baafe
* Tue Mar 05 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.6-1
1baafe
- Update to 9.11.6
1baafe
1baafe
* Fri Mar 01 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-15.P4
1baafe
- Support testing of named variants
1baafe
1baafe
* Thu Feb 28 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-14.P4
1baafe
- Modify feature-test detection of dlz-filesystem
1baafe
1baafe
* Fri Feb 22 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-13.P4
1baafe
- Update to 9.11.5-P4
1baafe
1baafe
* Fri Feb 22 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-12.P1
1baafe
- Enable DNSTAP support (#1564776)
1baafe
- Enable LMDB support for rndc addzone
1baafe
- Enable json format in statistics-channel
1baafe
1baafe
* Thu Feb 21 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-11.P1
1baafe
- Disable often failing unit test random_test
1baafe
1baafe
* Thu Feb 21 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-10.P1
1baafe
- Disable autodetected eddsa algorithm ED448
1baafe
1baafe
* Thu Jan 31 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-9.P1
1baafe
- dig prints ASCII name instead of failure (#1647829)
1baafe
- disable IDN output from scripts
1baafe
- Update project URL
1baafe
- Removed revoked KSK 19164 from trusted keys
1baafe
1baafe
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.5-8.P1
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
1baafe
1baafe
* Sun Jan 27 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-7.P1
1baafe
- Update to 9.11.5-P1
1baafe
1baafe
* Wed Jan 23 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-6
1baafe
- Reenable crypto rand for DHCP, disable just entropy check (#1663318)
1baafe
1baafe
* Thu Jan 17 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-5
1baafe
- Move dnssec related tools from bind-utils to bind-dnssec-utils (#1649398)
1baafe
1baafe
* Wed Jan 16 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-4
1baafe
- Reject invalid binary file (#1666814)
1baafe
1baafe
* Mon Jan 14 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-3
1baafe
- Disable crypto rand for DHCP (#1663318)
1baafe
1baafe
* Thu Oct 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-2
1baafe
- Add optional support for JSON statistics
1baafe
- Add optional DNSTAP support (#1564776), new dnstap-read tool
1baafe
1baafe
* Wed Oct 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-1
1baafe
- Update to 9.11.5
1baafe
1baafe
* Tue Oct 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-12.P2
1baafe
- Add Requires to devel packages referenced by bind-devel
1baafe
1baafe
* Sat Sep 29 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 32:9.11.4-11.P2
1baafe
- Fix export-libs macro & scriptlet
1baafe
1baafe
* Wed Sep 26 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-10.P2
1baafe
- Reenable IDN output but allow turning it off (#1580200)
1baafe
1baafe
* Thu Sep 20 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-9.P2
1baafe
- Update to bind-9.11.4-P2
1baafe
- Add /dev/urandom to chroot (#1631515)
1baafe
1baafe
* Fri Aug 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-8.P1
1baafe
- Replace unoptimized code by OpenSSL counterparts
1baafe
- Fix multilib conflicts of devel package
1baafe
- Add versioned depends to all library subpackages
1baafe
1baafe
* Fri Aug 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-7.P1
1baafe
- Add support for OpenSSL provided random data
1baafe
1baafe
* Mon Aug 13 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-6.P1
1baafe
- Fix sdb-chroot devices upgrade (#1592873)
1baafe
- Automatically replace obsoleted ISC DLV key with root key (#1595782)
1baafe
1baafe
* Thu Aug 09 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-5.P1
1baafe
- Update to 9.11.4-P1
1baafe
- Adds root key sentinel support
1baafe
- Large IXFR zone transfers are rejected to prevent journal corruption
1baafe
1baafe
* Thu Aug 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-4
1baafe
- Support unavailable MD5 in FIPS mode
1baafe
1baafe
* Thu Aug 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-3
1baafe
- Use OpenSSL for digest operations (#1611537)
1baafe
1baafe
* Tue Jul 31 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-2
1baafe
- Install generated manual pages
1baafe
1baafe
* Thu Jul 12 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-1
1baafe
- Update to 9.11.4
1baafe
- Use kyua instead of kyua-cli for unit tests
1baafe
1baafe
* Thu Jul 12 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-15
1baafe
- Use new config file named-chroot.files for chroot setup (#1429656)
1baafe
- Fix chroot devices file verification (#1592873)
1baafe
- Prevent errors on bind-chroot uninstall when running (#1600583)
1baafe
1baafe
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.3-14
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
1baafe
1baafe
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.3-13
1baafe
- Rebuilt for Python 3.7
1baafe
1baafe
* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-12
1baafe
- Require utils instead of library
1baafe
1baafe
* Wed Jun 27 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-11
1baafe
- Remove named.iscdlv.key file (#1595782)
1baafe
- Fix CVE-2018-5738
1baafe
1baafe
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.3-10
1baafe
- Rebuilt for Python 3.7
1baafe
1baafe
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-9
1baafe
- Make named home writeable (#1422680)
1baafe
- Change named shell to /bin/false
1baafe
1baafe
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-8
1baafe
- Require C++ on build when shipped atf library is used
1baafe
1baafe
* Mon Apr 09 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-7
1baafe
- Run tests also without kyua
1baafe
1baafe
* Thu Apr 05 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-6
1baafe
- Do not link libidn2 to all libraries (#1098783)
1baafe
- Update named.ca
1baafe
1baafe
* Tue Apr 03 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-5
1baafe
- Enable libidn2 support (#1098783)
1baafe
- Make +noidnout default
1baafe
- Compile export libs without GSSAPI
1baafe
1baafe
* Wed Mar 21 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-4
1baafe
- Rebase to 9.11.3
1baafe
- Add dig support for libidn2 (#1098783)
1baafe
1baafe
* Wed Mar 21 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-3.b1
1baafe
- Fix build with disabled unittest
1baafe
- Recommend softhsm from pkcs11 variant
1baafe
1baafe
* Thu Feb 22 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-2.b1
1baafe
- Require openssl-devel and libcap-devel from bind-export-devel
1baafe
- Conflict with bind99-devel
1baafe
- Change spec globals to rpmbuild --with feature
1baafe
1baafe
* Thu Feb 15 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-1.b1
1baafe
- Rebase to 9.11.3b1
1baafe
1baafe
* Wed Feb 07 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-11.P1
1baafe
- Use versioned provides
1baafe
- Fix starting of unit tests
1baafe
- Forward export libs path to isc-config
1baafe
- Rename export devel subpackage to bind-export-devel
1baafe
1baafe
* Wed Feb 07 2018 Pavel Zhukov <pzhukov@redhat.com> - 32:9.11.2-10.P1
1baafe
- Add obsoletes/provides tags for smooth update
1baafe
1baafe
* Wed Feb 07 2018 Pavel Zhukov <pzhukov@redhat.com> - 32:9.11.2-9.P1
1baafe
- Build devel package for export-libs
1baafe
1baafe
* Wed Feb 07 2018 Pavel Zhukov <pzhukov@redhat.com> - 32:9.11.2-8.P1
1baafe
- Build export libraries with disabled threads and selects
1baafe
1baafe
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.2-7.P1
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
1baafe
1baafe
* Tue Jan 30 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-6.P1
1baafe
- Remove ldconfig calls where possible
1baafe
- Note -z defs cannot be enabled until more work
1baafe
1baafe
* Tue Jan 16 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-5.P1
1baafe
- Fix CVE-2017-3145, rebase to 9.11.2-P1
1baafe
1baafe
* Tue Jan 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-4
1baafe
- Enable unit tests with kyua tool (#1532694)
1baafe
- Provide internal tool to prepare softhsm token storage
1baafe
- Proper fix for python3-bind subpackage directory ownership (#1522944)
1baafe
1baafe
* Fri Dec 15 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-3
1baafe
- Own python3-bind isc directory (#1522944)
1baafe
- Make tsstsig system test pass again (#1500017)
1baafe
1baafe
* Mon Oct 23 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-2
1baafe
- Build against mariadb-connector-c-devel (#1493615)
1baafe
- Include DNSKEY 20326 also in trusted-key.key (#1505476)
1baafe
- Fix dynamic symbols conflict with ldap (#1205168)
1baafe
- Use hmac-sha256 for new RNDC keys (#1508003)
1baafe
- Include protocols and services in chroot
1baafe
1baafe
* Wed Aug 02 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-1
1baafe
- Update to 9.11.2
1baafe
- Add recursing and secroots file into default and sample config
1baafe
- Fix nsupdate GSSAPI auth against AD server (#1484451)
1baafe
1baafe
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.1-6.P3
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
1baafe
1baafe
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.1-5.P3
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
1baafe
1baafe
* Fri Jul 14 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-4.P3
1baafe
- Simplify change of default configuration file path
1baafe
1baafe
* Thu Jul 13 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-3.P3
1baafe
- Use mysql_config for SDB variant, build against mariadb-devel
1baafe
1baafe
* Mon Jul 10 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-2.P3
1baafe
- Update to 9.11.1-P3
1baafe
1baafe
* Fri Jun 30 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-2.P2
1baafe
- Update to 9.11.1-P2
1baafe
1baafe
* Thu Jun 29 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-2.P1
1baafe
- dnssec-checkds and dnssec-coverage requires python module (#1466183)
1baafe
1baafe
* Thu Jun 15 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.1-1.P1
1baafe
- Update to 9.11.1-P1
1baafe
1baafe
* Fri Apr 21 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-8.P5
1baafe
- Fix queries for TKEY in nsupdate, when using GSSAPI (#1236087)
1baafe
1baafe
* Thu Apr 13 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-7.P5
1baafe
- Update to 9.11.0-P5
1baafe
- Use BINDVERSION for upstream version
1baafe
1baafe
* Fri Feb 10 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-7.P3
1baafe
- Update to 9.11.0-P3
1baafe
1baafe
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.11.0-7.P2
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
1baafe
1baafe
* Wed Jan 18 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-6.P2
1baafe
- RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb (#1410433)
1baafe
- Fix some rpm warnings
1baafe
1baafe
* Mon Jan 16 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-5.P2
1baafe
- Fix manual pages generated by recent docbook-style-xsl (#1397186)
1baafe
1baafe
* Thu Jan 12 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-4.P2
1baafe
- Update to 9.11.0-P2
1baafe
1baafe
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.0-4.P1
1baafe
- Rebuild for Python 3.6
1baafe
1baafe
* Tue Nov 22 2016 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-3.P1
1baafe
- Split pk11 includes, include real functions only in pkcs11 variant
1baafe
1baafe
* Wed Nov 16 2016 Petr Menšík <pemensik@redhat.com> - 32:9.11.0-2.P1
1baafe
- Do not change lib permissions in chroot
1baafe
1baafe
* Wed Nov 16 2016 Michal Ruprich <mruprich@redhat.com> - 32:9.11.0-1.P1
1baafe
- Update to 9.11.0-P1
1baafe
1baafe
* Tue Nov 08 2016 Petr Menšík <pemensik@redhat.com> - 32:9.10.4-3.P4
1baafe
- Build with OpenSSL 1.1
1baafe
1baafe
* Thu Nov 03 2016 Petr Menšík <pemensik@redhat.com> - 32:9.10.4-2.P4
1baafe
- Update to 9.10.4-P4
1baafe
1baafe
* Thu Sep 29 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.4-2.P3
1baafe
- Update to 9.10.4-P3
1baafe
1baafe
* Wed Jul 20 2016 Michal Ruprich <mruprich@redhat.com> - 32:9.10.4-1.P2
1baafe
- Update to 9.10.4-P2
1baafe
1baafe
* Thu May 26 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.4-1.P1
1baafe
- Update to 9.10.4-P1
1baafe
1baafe
* Fri May 20 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-14.P4
1baafe
- (un)mount /var/named in -chroot packages as the last directory (Related: #1279188)
1baafe
1baafe
* Thu May 12 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-13.P4
1baafe
- Remove NM dispatcher script, since it is not needed any more (#1277257)
1baafe
- Replaced After=network-online.target with After=network.target in all unit files
1baafe
1baafe
* Fri Mar 11 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-12.P4
1baafe
- Update to 9.10.3-P4 due to CVE-2016-1285 CVE-2016-1286 CVE-2016-2088
1baafe
1baafe
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.10.3-11.P3
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
1baafe
1baafe
* Thu Jan 21 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-10.P3
1baafe
- Update to 9.10.3-P3 due to CVE-2015-8704 and CVE-2015-8705 (#1300051)
1baafe
1baafe
* Wed Jan 06 2016 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-9.P2
1baafe
- Commented out bindkeys-file statement in default configuration (#1223365#c3)
1baafe
- Removed unrecognized configure option --enable-developer
1baafe
- Added configure option --enable-full-report to get report on enabled features
1baafe
1baafe
* Sat Dec 26 2015 Robert Scheck <robert@fedoraproject.org> - 32:9.10.3-8.P2
1baafe
- Remove unrecognized build options for %%configure
1baafe
- Own %%{_includedir}/bind9 directory in -lite-devel
1baafe
- Fixed building without (optional) PKCS#11 support
1baafe
1baafe
* Wed Dec 16 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-7.P2
1baafe
- bump release to maintain update path
1baafe
1baafe
* Wed Dec 16 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-4.P2
1baafe
- Update to 9.10.3-P2
1baafe
1baafe
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.10.3-3
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
1baafe
1baafe
* Wed Nov 04 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-2
1baafe
- Fixed named-checkconf call in *-chroot.service files (#1277820)
1baafe
1baafe
* Thu Sep 17 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.3-1
1baafe
- Update to 9.10.3 stable
1baafe
1baafe
* Thu Sep 03 2015 Tomas Hozza <thozza@redhat.com>
1baafe
- Update to 9.10.3rc1
1baafe
1baafe
* Wed Jul 29 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-9.P3
1baafe
- Update to 9.10.2-P3 to fix CVE-2015-5477
1baafe
1baafe
* Thu Jul 09 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-8.P2
1baafe
- Update to 9.10.2-P2
1baafe
1baafe
* Mon Jun 29 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-7.P1
1baafe
- Reintroduce the DISABLE_ZONE_CHECKING into /etc/sysconfig/named
1baafe
1baafe
* Fri Jun 19 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-6.P1
1baafe
- Update to 9.10.2-P1
1baafe
1baafe
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.10.2-5
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
1baafe
1baafe
* Wed May 27 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-4
1baafe
- Don't copy /etc/localtime on -chroot package installation
1baafe
1baafe
* Fri May 22 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-3
1baafe
- Don't use ISC's DLV by default (#1223365)
1baafe
- Utilize system-wide crypto-policies (#1179925)
1baafe
1baafe
* Thu May 21 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-2
1baafe
- enable tuning for large systems - increases hardcoded internal limits
1baafe
- enable GeoIP access control feature
1baafe
1baafe
* Thu Feb 26 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-1
1baafe
- update to 9.10.2 stable
1baafe
- remove parallel-build patch after discussion with upstream [ISC-Bugs #38739]
1baafe
1baafe
* Wed Feb 25 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-0.3.rc1
1baafe
- update to 9.10.2rc2
1baafe
- call ldconfig for pkcs11-libs
1baafe
- Use Python3 by default (#1186791)
1baafe
1baafe
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 32:9.10.2-0.2.rc1
1baafe
- Rebuilt for Fedora 23 Change
1baafe
  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
1baafe
1baafe
* Mon Feb 02 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.2-0.1.rc1
1baafe
- update to 9.10.2rc1
1baafe
- fix nsupdate server auto-detection (#1184151)
1baafe
- drop merged patch bind99-rh985918.patch
1baafe
1baafe
* Fri Jan 16 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.1-2.P1
1baafe
- Install config for tmpfiles under %%{_tmpfilesdir} (#1181020)
1baafe
1baafe
* Tue Jan 13 2015 Tomas Hozza <thozza@redhat.com> - 32:9.10.1-1.P1
1baafe
- Update to 9.10.1-P1 stable
1baafe
1baafe
* Fri Dec 12 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-6.P1
1baafe
- Drop downstream patch for nslookup/host rejected by upstream
1baafe
1baafe
* Tue Dec 09 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-5.P1
1baafe
- Update to 9.9.6-P1 (CVE-2014-8500)
1baafe
1baafe
* Fri Nov 14 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-4
1baafe
- Fixed systemctl path in logrotate configuration (#1148360)
1baafe
- drop engine_pkcs11 dependency, since we use native PKCS#11 implementation
1baafe
1baafe
* Wed Oct 22 2014 Petr Spacek <pspacek@redhat.com> - 32:9.9.6-3
1baafe
- Fix crash during GSS-TSIG processing (#1155334, #1155127)
1baafe
  introduced in 32:9.9.6-2
1baafe
1baafe
* Tue Oct 14 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-2
1baafe
- Added native PKCS#11 functionality (#1097752)
1baafe
- bind-sdb now requires bind due to configuration and other utilities
1baafe
- bind-pkcs11 now requires bind due to configuration and other utilities
1baafe
1baafe
* Thu Oct 02 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-1
1baafe
- Update to 9.9.6
1baafe
- drop merged patches and rebase some of existing patches
1baafe
- Add architecture specific dependencies.
1baafe
- Fix assert in dig when using +sigchase (#985918)
1baafe
1baafe
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.5-9.P1
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
1baafe
1baafe
* Fri Jul 18 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-8.P1
1baafe
- Use network-online.target instead of network.target (#1117086)
1baafe
1baafe
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> 32:9.9.5-7.P1
1baafe
- fix license handling
1baafe
1baafe
* Thu Jun 12 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-6.P1
1baafe
- Update to 9.9.5-P1
1baafe
1baafe
* Mon Jun 09 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-5
1baafe
- Use /dev/urandom for generation of rndc.key (#1079799)
1baafe
1baafe
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.5-4
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
1baafe
1baafe
* Tue Apr 22 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-3
1baafe
- configure bind with --with-dlopen=yes to support dynamically loadable DLZ drivers
1baafe
1baafe
* Wed Mar 05 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-2
1baafe
- dlz_dlopen driver could return the wrong error leading to a segfault (#1052781)
1baafe
- Fix race condition when freeing fetch object (ISC-Bugs #35385)
1baafe
1baafe
* Thu Feb 13 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-1
1baafe
- Update to 9.9.5 stable
1baafe
1baafe
* Sun Jan 26 2014 Rex Dieter <rdieter@fedoraproject.org> 32:9.9.5-0.5.rc2
1baafe
- -libs, -libs-lite: track sonames, so abi bumps aren't a surprise
1baafe
1baafe
* Fri Jan 24 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.4.rc2
1baafe
- update to 9.9.5rc2
1baafe
- merged patches dropped
1baafe
- some patches rebased to the new version
1baafe
1baafe
* Wed Jan 15 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.3.b1
1baafe
- non-existance of resolv.conf should not be fatal (#1052343)
1baafe
1baafe
* Tue Jan 14 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.2.b1
1baafe
- Fix CVE-2014-0591
1baafe
1baafe
* Mon Jan 06 2014 Tomas Hozza <thozza@redhat.com> 32:9.9.5-0.1.b1
1baafe
- Update to bind-9.9.5b1
1baafe
- Build bind-sdb against libdb instead of libdb4
1baafe
1baafe
* Wed Dec 18 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-11
1baafe
- Fix crash in rbtdb after two sucessive getoriginnode() calls
1baafe
1baafe
* Tue Dec 17 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-10
1baafe
- Split chroot package for named and named-sdb
1baafe
- Extract setting-up/destroying of chroot to a separate systemd service (#997030)
1baafe
1baafe
* Thu Nov 28 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-9
1baafe
- Fixed memory leak in nsupdate if 'realm' was used multiple times (#984687)
1baafe
1baafe
* Tue Nov 12 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-8
1baafe
- Install configuration for rwtab and fix chroot setup script
1baafe
1baafe
* Thu Oct 31 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-7
1baafe
- Correct the upstream patch for #794940
1baafe
1baafe
* Thu Oct 31 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-6
1baafe
- use --enable-filter-aaaa when building bind to enable use of filter-aaaa-on-v4 option
1baafe
1baafe
* Wed Oct 30 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-5
1baafe
- Create symlink /var/named/chroot/var/run -> /var/named/chroot/run
1baafe
- Added session-keyfile statement into default named.conf since we use /run/named
1baafe
1baafe
* Tue Oct 29 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-4
1baafe
- Use upstream version of patch for previously fixed #794940
1baafe
1baafe
* Fri Oct 18 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-3
1baafe
- Fix race condition on send buffers in dighost.c (#794940)
1baafe
1baafe
* Tue Oct 08 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-2
1baafe
- install isc/errno2result.h header
1baafe
1baafe
* Fri Sep 20 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-1
1baafe
- Update to bind-9.9.4 stable
1baafe
1baafe
* Tue Sep 10 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.9.rc2
1baafe
- Fix [ISC-Bugs #34738] dns_journal_open() returns a pointer to stack
1baafe
1baafe
* Mon Sep 09 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.8.rc2
1baafe
- update to bind-9.9.4rc2
1baafe
1baafe
* Tue Aug 20 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.7.rc1
1baafe
- Move named-checkzone and named-compilezone to bind-utils package
1baafe
1baafe
* Tue Aug 20 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.6.rc1
1baafe
- Move tools that don't need the server to run, from main package to bind-utils (#964313)
1baafe
1baafe
* Fri Aug 16 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.5.rc1
1baafe
- Don't generate rndc.key if there exists rndc.conf
1baafe
1baafe
* Fri Aug 16 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.4.rc1
1baafe
- don't install named-sdb.service if SDB macro is defined to zero
1baafe
1baafe
* Mon Aug 05 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.3.rc1
1baafe
- Fix setup-named-chroot.sh to mount/umount everything successfully
1baafe
- update to bind-9.9.4rc1
1baafe
1baafe
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 32:9.9.4-0.2.b1
1baafe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
1baafe
1baafe
* Mon Jul 15 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.4-0.1.b1
1baafe
- update to bind-9.9.4b1
1baafe
- drop merged RRL patch
1baafe
- drop merged stat.h patch
1baafe
1baafe
* Wed Jun 05 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-3.P1
1baafe
- update to 9.9.3-P1 (fix for CVE-2013-3919)
1baafe
- update RRL patch to 9.9.3-P1-rl.156.01
1baafe
1baafe
* Mon Jun 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-2
1baafe
- bump release to prevent update path issues
1baafe
1baafe
* Mon Jun 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-1
1baafe
- update to 9.9.3
1baafe
- install dns/update.h header
1baafe
- update RRL patch to the latest version 9.9.3-rl.150.20
1baafe
1baafe
* Fri May 17 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.7.rc2
1baafe
- Fix segfault in host/nslookup (#878139)
1baafe
1baafe
* Mon May 13 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.6.rc2
1baafe
- update to 9.9.3rc2
1baafe
- part of bind97-exportlib.patch not needed any more
1baafe
- bind-9.9.1-P2-multlib-conflict.patch modified to reflect latest source
1baafe
- rl-9.9.3rc1.patch -> rl-9.9.3rc2.patch
1baafe
- bind99-opts.patch merged
1baafe
1baafe
* Fri May 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.5.rc1
1baafe
- Include recursion Warning in named.conf and named.conf.sample (#740894)
1baafe
- Include managed-keys-directory statement in named.conf.sample (#948026)
1baafe
1baafe
* Thu May 02 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.4.rc1
1baafe
- Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
1baafe
1baafe
* Fri Apr 19 2013 Adam Tkac <atkac redhat com> 32:9.9.3-0.3.rc1
1baafe
- fix crash in nsupdate when processing "-r" parameter (#949544)
1baafe
1baafe
* Tue Apr 16 2013 Adam Tkac <atkac redhat com> 32:9.9.3-0.2.rc1
1baafe
- ship dns/rrl.h in -devel subpkg
1baafe
1baafe
* Tue Apr 16 2013 Adam Tkac <atkac redhat com> 32:9.9.3-0.1.rc1
1baafe
- update to 9.9.3rc1
1baafe
- bind-96-libtool2.patch has been merged
1baafe
- fix bind tmpfiles.d for named.pid /run migration (#920713)
1baafe
1baafe
* Wed Mar 27 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-12.P2
1baafe
- New upstream patch version fixing CVE-2013-2266 (#928032)
1baafe
1baafe
* Tue Mar 19 2013 Adam Tkac <atkac redhat com> 32:9.9.2-11.P1
1baafe
- move pidfile to /run/named/named.pid
1baafe
1baafe
* Wed Mar 06 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-10.P1
1baafe
- Fix Makefile.in to include header added by rate limiting patch (#918330)
1baafe
1baafe
* Tue Mar 05 2013 Adam Tkac <atkac redhat com> 32:9.9.2-9.P1
1baafe
- drop some developer-only documentation and move ARM to %%docdir
1baafe
1baafe
* Mon Feb 18 2013 Adam Tkac <atkac redhat com> 32:9.9.2-8.P1
1baafe
- include rate limiting patch
1baafe
1baafe
* Tue Jan 29 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.2-7.P1
1baafe
- Corrected IP addresses in named.ca (#901741)
1baafe
- mount/umount /var/named in setup-named-chroot.sh as the last one (#904666)
1baafe
1baafe
* Thu Dec 20 2012 Adam Tkac <atkac redhat com> 32:9.9.2-6.P1
1baafe
- generate /etc/rndc.key during named service startup if doesn't exist
1baafe
- increase startup timeout in systemd units to 90sec (default)
1baafe
- fix IDN related statement in dig.1 manpage
1baafe
1baafe
* Wed Dec 05 2012 Tomas Hozza <thozza@redhat.com> 32:9.9.2-5.P1
1baafe
- update to bind-9.9.2-P1
1baafe
1baafe
* Mon Nov 12 2012 Adam Tkac <atkac redhat com> 32:9.9.2-4
1baafe
- document dig exit codes in manpage
1baafe
- ignore empty "search" options in resolv.conf
1baafe
1baafe
* Mon Nov 12 2012 Adam Tkac <atkac redhat com> 32:9.9.2-3
1baafe
- drop PKCS11 support on rhel
1baafe
1baafe
* Thu Oct 11 2012 Adam Tkac <atkac redhat com> 32:9.9.2-2