packages/bind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bind/bind.spec
JofDiamonds 133ba0f52a fix CVE-2022-2906CVE-2022-38177CVE-2022-38178CVE-2022-2795CVE-2022-2881 
Signed-off-by: huangyu <huangyu106@huawei.com>
2022-10-11 16:05:45 +08:00

1392 lines
43 KiB
RPMSpec
Raw Blame History

%bcond_without LMDB
%bcond_without JSON
%bcond_with DNSTAP
%bcond_with DLZ
%bcond_with SYSTEMTEST
%bcond_without UNITTEST
%bcond_with SDB
%bcond_without GSSTSIG
%bcond_without PKCS11
%bcond_without EXPORT_LIBS
%bcond_with TSAN
%{?!bind_uid: %global bind_uid 25}
%{?!bind_gid: %global bind_gid 25}
%{!?_export_dir:%global _export_dir /bind9-export/}
%undefine _strict_symbol_defs_build
Name: bind
Summary: Domain Name System (DNS) Server (named)
License: MPLv2.0
Version: 9.11.21
Release: 14
Epoch: 32
Url: http://www.isc.org/products/BIND/
Source0: https://ftp.isc.org/isc/bind9/9.11.21/bind-%{version}.tar.gz
Source1: named.sysconfig
Source2: named.logrotate
Source3: bind-9.3.1rc1-sdb_tools-Makefile.in
Source4: dnszone.schema
Source5: README.sdb_pgsql
Source6: named.conf.sample
Source7: named.conf
#Source8: config-18.tar.bz2
Source9: ldap2zone.c
Source10: ldap2zone.1
Source11: named-sdb.8
Source12: zonetodb.1
Source13: zone2sqlite.1
Source14: bind.tmpfiles.d
Source15: trusted-key.key
Source16: named.service
Source17: named-chroot.service
Source18: named-sdb.service
Source19: named-sdb-chroot.service
Source20: setup-named-chroot.sh
Source21: generate-rndc-key.sh
Source22: named.rwtab
Source23: named-chroot-setup.service
Source24: named-sdb-chroot-setup.service
Source25: named-setup-rndc.service
Source26: named-pkcs11.service
Source27: setup-named-softhsm.sh
Source28: named-chroot.files
Source29: random.data
Source30: https://www.internic.net/domain/named.root
Source31: named.rfc1912.zones
Source32: named.empty
Source33: named.localhost
Source34: named.loopback
Source35: named.root.key
BuildRequires: openssl-devel libtool autoconf pkgconfig libcap-devel python3-devel python3-ply docbook-style-xsl
BuildRequires: libidn2-devel libxml2-devel make systemd selinux-policy findutils sed libxslt
%if %{with SDB}
BuildRequires: openldap-devel libpq-devel sqlite-devel mariadb-connector-c-devel
%endif
%if %{with UNITTEST}
BuildRequires: libcmocka-devel kyua
%endif
%if %{with PKCS11}
BuildRequires: softhsm
%endif
%if %{with SYSTEMTEST}
BuildRequires: net-tools perl(Net::DNS) perl(Net::DNS::Nameserver)
%endif
%if %{with GSSTSIG}
BuildRequires: krb5-devel
%endif
%if %{with LMDB}
BuildRequires: lmdb-devel
%endif
%if %{with JSON}
BuildRequires: json-c-devel
%endif
%if %{with DNSTAP}
BuildRequires: fstrm-devel protobuf-c-devel
%endif
%if %{with TSAN}
BuildRequires: libtsan
%endif
Requires: systemd coreutils shadow-utils glibc-common grep policycoreutils-python-utils
Requires: python3-bind = %{epoch}:%{version}-%{release} libselinux-utils selinux-policy selinux-policy-targeted bind-libs = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release}
Provides: bind-config = 30:9.3.2-34.fc6 caching-nameserver = 31:9.4.1-7.fc8 dnssec-conf = 1.27-2
Provides: bind-license
Obsoletes: bind-config < 30:9.3.2-34.fc6 caching-nameserver < 31:9.4.1-7.fc8 dnssec-conf < 1.27-2
Obsoletes: bind-license
# Common patches
Patch10: bind-9.5-PIE.patch
Patch16: bind-9.3.2-redhat_doc.patch
Patch72: bind-9.5-dlz-64bit.patch
Patch101:bind-96-old-api.patch
Patch102:bind-95-rh452060.patch
Patch106:bind93-rh490837.patch
Patch109:bind97-rh478718.patch
Patch112:bind97-rh645544.patch
Patch130:bind-9.9.1-P2-dlz-libdb.patch
Patch131:bind-9.9.1-P2-multlib-conflict.patch
Patch133:bind99-rh640538.patch
Patch134:bind97-rh669163.patch
# Fedora specific patch to distribute native-pkcs#11 functionality
Patch136:bind-9.10-dist-native-pkcs11.patch
Patch137:bind-9.10-use-of-strlcat.patch
Patch140:bind-9.11-rh1410433.patch
Patch145:bind-9.11-rh1205168.patch
Patch149:bind-9.11-kyua-pkcs11.patch
Patch150:bind-9.11-engine-pkcs11.patch
Patch153:bind-9.11-export-suffix.patch
Patch154:bind-9.11-oot-manual.patch
Patch155:bind-9.11-pk11.patch
Patch156:bind-9.11-fips-code.patch
Patch157:bind-9.11-fips-tests.patch
Patch158:bind-9.11-rt31459.patch
Patch159:bind-9.11-rt46047.patch
Patch160:bind-9.11-rh1624100.patch
Patch161:bind-9.11-host-idn-disable.patch
Patch163:bind-9.11-rh1663318.patch
Patch164:bind-9.11-rh1666814.patch
Patch168:bind-9.11-unit-disable-random.patch
Patch170:bind-9.11-feature-test-named.patch
Patch171:bind-9.11-tests-variants.patch
Patch172:bind-9.11-tests-pkcs11.patch
Patch173:bind-9.11-rh1732883.patch
Patch174:bind-9.11-json-c.patch
Patch175:bind-9.11-fips-disable.patch
Patch177: bind-9.11-serve-stale.patch
Patch178: bind-9.11-serve-stale-dbfix.patch
Patch183: bind-9.11-rh1736762-5.patch
Patch184: feature-bind99-euler-range-port.patch
Patch186: bugfix-named-log-time.patch
Patch187: dnssec-checkds-s.patch
Patch188: do-not-treat-a-referral-with-a-non-empty-ANSWER-sect.patch
Patch189: Add-some-DBC-checks-in-dighost-fix-race-between-clea.patch
Patch190: Use-clock_gettime-instead-of-gettimeofday.patch
Patch191: CVE-2020-8622.patch
Patch192: CVE-2020-8623.patch
Patch193: CVE-2020-8624.patch
Patch194: Fix_the_difference_at_the_macro_definition_using_clock_gettime_instead_of_gettimeofda.patch
Patch195: CVE-2020-8625.patch
Patch196: CVE-2021-25214.patch
Patch197: CVE-2021-25215.patch
Patch198: backport-CVE-2021-25219.patch
Patch199: backport-CVE-2021-25220.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
Patch12: bind-9.10-sdb.patch
# needs inpection
Patch13: bind-9.3.2b1-fix_sdb_ldap.patch
Patch6000: backport-0000-Fix-nxdomain-redirect-assertion-failure.patch
Patch6001: backport-0001-Add-test-for-nxdomain-redirect-ncachenxdomain.patch
Patch6002: backport-0002-make-sure-new_zone_lock-is-locked-before-unlocking-i.patch
Patch6003: backport-0003-Prevent-crash-on-dst-initialization-failure.patch
Patch6004: backport-0004-IPSECKEY-require-non-zero-length-public-keys.patch
Patch6005: backport-0005-NSEC3PARAM-check-that-saltlen-is-consistent-with-the.patch
Patch6006: backport-0006-A6-return-FORMERR-in-fromwire-if-bits-are-non-zero.patch
Patch6007: backport-0007-Cast-the-original-rcode-to-dns_ttl_t-when-setting-ex.patch
Patch6008: backport-0008-Lock-on-msg-SELECT_POKE_CLOSE-as-it-triggers-a-tsan-.patch
Patch6009: backport-0009-Lock-access-when-updating-reading-manager-epoll_even.patch
Patch6010: backport-0010-Take-complete-ownership-of-aclp-before-calling-destr.patch
Patch6011: backport-0011-Take-complete-ownership-of-validatorp-before-calling.patch
Patch6012: backport-0012-Address-lock-order-inversion.patch
Patch6013: backport-0013-It-appears-that-you-can-t-change-what-you-are-pollin.patch
Patch6014: backport-0014-counter-used-was-read-without-the-lock-being-held.patch
Patch6015: backport-0015-Missing-locks-in-ns_lwresd_shutdown.patch
Patch6016: backport-0016-Use-atomics-to-update-counters.patch
Patch6017: backport-0017-Obtain-a-lock-on-the-quota-structure.patch
Patch6018: backport-0018-The-node-lock-was-released-too-early.patch
Patch6019: backport-0019-Address-lock-order-inversion-between-the-keytable-an.patch
Patch6020: backport-0020-Pause-dbiterator-to-release-rwlock-to-prevent-lock-o.patch
Patch6021: backport-0021-Address-lock-order-reversals-when-shutting-down-a-vi.patch
Patch6022: backport-0022-Hold-qid-lock-when-calling-deref_portentry-as.patch
Patch6023: backport-0023-Lock-zone-before-calling-zone_namerd_tostr.patch
Patch6024: backport-0024-Address-TSAN-error-between-dns_rbt_findnode-and-subt.patch
Patch6025: backport-0025-Address-data-race-in-dns_stats_detach-over-reference.patch
Patch6026: backport-0026-Lock-check-of-DNS_ZONEFLG_EXITING-flag.patch
Patch6027: backport-0027-Fix-locking-for-LMDB-0.9.26.patch
Patch6028: backport-0028-Correctly-encode-LOC-records-with-non-integer-negati.patch
Patch6029: backport-0029-isc_ratelimiter-needs-to-hold-a-reference-to-its-tas.patch
Patch6030: backport-0030-Lock-access-to-flags-in-dns__zone_loadpending.patch
Patch6031: backport-0031-Update-init_count-atomically-to-silence-tsan-errors.patch
Patch6032: backport-0032-dig-bufsize-0-failed-to-disable-EDNS-as-a-side-effec.patch
Patch6033: backport-0033-Remove-optimisation-on-obtaining-a-headlock-as-it-tr.patch
Patch6034: backport-0034-Address-tsan-error-in-view-destroy.patch
Patch6035: backport-0035-Lock-access-to-ctx-blocked-as-it-is-updated-by-multi.patch
Patch6036: backport-0036-Only-test-node-data-if-we-care-about-whether-data-is.patch
Patch6037: backport-0037-Test-if-linked-while-holding-the-queue-lock.patch
Patch6038: backport-0038-Address-data-race-in-dns_adbentry_overquota.patch
Patch6039: backport-0039-Address-lock-order-inversion.patch
Patch6040: backport-0040-Prevent-loads_pending-going-to-zero-while-kicking-th.patch
Patch6041: backport-0041-Address-data-races-between-socket-bitfields.patch
Patch6042: backport-0042-Only-read-dns_master_indent-and-dns_master_indentstr.patch
Patch6043: backport-0043-Defer-read-of-zl-server-and-zl-reconfig-until.patch
Patch6044: backport-0044-Use-a-reference-counter-for-zt.patch
Patch6045: backport-0045-Pause-dbiterator-to-release-rwlock-to-prevent-lock-o.patch
Patch6046: backport-0046-Pause-dbiterator-to-release-rwlock-to-prevent-lock-o.patch
Patch6047: backport-0047-Pause-dbiterator-to-release-rwlock-to-prevent-lock-o.patch
Patch6048: backport-0048-Pause-dbiterator-ealier-to-prevent-lock-order-invers.patch
Patch6049: backport-0049-Lock-access-to-control-symtab-to-prevent-data-race.patch
Patch6050: backport-0050-Address-lock-order-inversion.patch
Patch6051: backport-0051-Break-lock-order-loop-by-sending-TAT-in-an-event.patch
Patch6052: backport-0052-Handle-DNS_R_NCACHENXRRSET-in-fetch_callback_-dnskey.patch
Patch6053: backport-0053-Lock-read-of-refs-when-atomics-are-not-available.patch
Patch6054: backport-0054-Inactive-incorrectly-incremented.patch
Patch6055: backport-0055-Resolve-TSAN-data-race-in-zone_maintenance.patch
Patch6056: backport-0056-Free-resources-when-gss_accept_sec_context-fails.patch
Patch6057: backport-0057-Unload-a-zone-if-a-transfer-breaks-its-SOA-record.patch
Patch6058: backport-0058-Address-inconsistencies-in-checking-added-RRsets.patch
Patch6059: backport-0059-dns_rdata_tostruct-should-reject-rdata-with-DNS_RDAT.patch
Patch6060: backport-0060-Update-init_count-atomically-to-silence-tsan-errors.patch
Patch6061: backport-0061-Refactored-dns_message_t-for-using-attach-detach-sem.patch
Patch6062: backport-0062-Fix-invalid-dns-message-state-in-resolver-s-logic.patch
Patch6063: backport-0063-Properly-handling-dns_message_t-shared-references.patch
Patch6064: backport-CVE-2022-2795.patch
Patch6065: backport-CVE-2022-2881.patch
Patch6066: backport-CVE-2022-2906.patch
Patch6067: backport-CVE-2022-38177.patch
Patch6068: backport-CVE-2022-38178.patch
%description
Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols and provides an openly redistributable reference
implementation of the major components of the Domain Name System.
This package includes the components to operate a DNS server.
%if %{with PKCS11}
%package pkcs11
Summary: Bind with native PKCS#11 functionality for crypto
Requires: systemd bind-libs-lite = %{epoch}:%{version}-%{release}
Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release}
Recommends: softhsm
Provides: bind-pkcs11-libs = %{epoch}:%{version}-%{release} bind-pkcs11-utils = %{epoch}:%{version}-%{release}
Obsoletes:bind-pkcs11-libs < %{epoch}:%{version}-%{release} bind-pkcs11-utils < %{epoch}:%{version}-%{release}
%description pkcs11
This is a version of BIND server built with native PKCS#11 functionality.
It is important to have SoftHSM v2+ installed and some token initialized.
For other supported HSM modules please check the BIND documentation.
%package pkcs11-devel
Summary: Development files for Bind libraries compiled with native PKCS#11
Requires: bind-pkcs11 = %{epoch}:%{version}-%{release}
Requires: bind-devel = %{epoch}:%{version}-%{release}
%description pkcs11-devel
This a set of development files for BIND libraries (dns, isc) compiled
with native PKCS#11 functionality.
%endif
%if %{with SDB}
%package sdb
Summary: BIND server with database backends and DLZ support
Requires: systemd bind-libs = %{epoch}:%{version}-%{release}
Requires: bind = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release}
%description sdb
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named-sdb)
which has compiled-in SDB (Simplified Database Backend) which includes
support for using alternative Zone Databases stored in an LDAP server
(ldapdb), a postgreSQL database (pgsqldb), an sqlite database (sqlitedb),
or in the filesystem (dirdb), in addition to the standard in-memory RBT
(Red Black Tree) zone database. It also includes support for DLZ
(Dynamic Loadable Zones)
%endif
%package libs-lite
Summary: Libraries for working with the DNS protocol
Obsoletes:bind-libbind-devel < 31:9.3.3-4.fc7
Provides: bind-libbind-devel = 31:9.3.3-4.fc7
Requires: bind-license = %{epoch}:%{version}-%{release}
%description libs-lite
Lite libs of BIND.
%package libs
Summary: Libraries for BIND
Requires: bind-license = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite = %{epoch}:%{version}-%{release}
%description libs
BIND suite libraries.
%package utils
Summary: Utilities for bind
Requires: bind-libs = %{epoch}:%{version}-%{release}
Requires: bind-libs-lite = %{epoch}:%{version}-%{release}
Requires: python3-bind = %{epoch}:%{version}-%{release}
%description utils
Bind-utils contains a collection of utilities for querying DNS (Domain
Name System) name servers to find out information about Internet
hosts. These tools will provide you with the IP addresses for given
host names, as well as other information about registered domains and
network addresses.
You should install bind-utils if you need to get information from DNS name
servers.
%package devel
Summary: Header files and libraries needed for BIND DNS development
Requires: bind = %{epoch}:%{version}-%{release} bind-libs = %{epoch}:%{version}-%{release} bind-libs-lite = %{epoch}:%{version}-%{release}
Provides: bind-libbind-devel = 31:9.3.3-4.fc7 bind-lite-devel
Obsoletes: bind-libbind-devel < 31:9.3.3-4.fc7 bind-lite-devel
%description devel
The bind-devel package contains full version of the header files and libraries
required for development with ISC BIND 9.
%package chroot
Summary: A chroot runtime environment for the ISC BIND DNS server, named(8)
Prefix: /var/named/chroot
Requires: bind = %{epoch}:%{version}-%{release} grep
%description chroot
This package contains a tree of files which can be used as a
chroot(2) jail for the named(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%if %{with SDB}
%package sdb-chroot
Summary: A chroot runtime environment for the ISC BIND DNS server, named-sdb(8)
Prefix: /var/named/chroot_sdb
Requires: bind-sdb = %{epoch}:%{version}-%{release} grep
%description sdb-chroot
This package contains a tree of files which can be used as a
chroot(2) jail for the named-sdb(8) program from the BIND package.
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
%endif
%package -n python3-bind
Summary: A module allowing rndc commands to be sent from Python programs
Requires: bind = %{epoch}:%{version}-%{release}
Requires: python3 python3-ply %{?py3_dist:%py3_dist ply}
BuildArch: noarch
%{?python_provide:%python_provide python3-bind}
%{?python_provide:%python_provide python3-isc}
%description -n python3-bind
This package provides a module which allows commands to be sent to rndc directly from Python programs.
%if %{with EXPORT_LIBS}
%package export-libs
Summary: ISC libs for DHCP application
Provides: bind99-libs = 9.9.11-4
Obsoletes: bind99-libs < 9.9.11-4
%description export-libs
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. This package set contains only export
version of BIND libraries, that are used for building ISC DHCP.
%package export-devel
Summary: Header files and libraries needed for BIND export libraries
Requires: bind-export-libs = %{epoch}:%{version}-%{release} openssl-devel libcap-devel
Obsoletes: bind99-devel < 9.9.11-4
Conflicts: bind99-devel
%description export-devel
This package contains export version of the header files and libraries
required for development with ISC BIND. These headers and libraries
are used for building ISC DHCP.
%endif
%prep
%setup -q -n %{name}-%{version}
# Common patches
%patch10 -p1 -b .PIE
%patch16 -p1 -b .redhat_doc
%patch72 -p1 -b .64bit
%patch102 -p1 -b .rh452060
%patch106 -p1 -b .rh490837
%patch109 -p1 -b .rh478718
%patch112 -p1 -b .rh645544
%patch130 -p1 -b .libdb
%patch131 -p1 -b .multlib-conflict
%patch140 -p1 -b .rh1410433
%patch145 -p1 -b .rh1205168
%patch153 -p1 -b .export_suffix
%patch154 -p1 -b .oot-man
%patch155 -p1 -b .pk11-internal
%patch156 -p1 -b .fips-code
%patch157 -p1 -b .fips-tests
%patch158 -p1 -b .rt31459
%patch159 -p1 -b .rt46047
%patch160 -p1 -b .rh1624100
%patch161 -p1 -b .host-idn-disable
%patch163 -p1 -b .rh1663318
%patch164 -p1 -b .rh1666814
%patch168 -p1 -b .random_test-disable
%patch170 -p1 -b .featuretest-named
%patch171 -p1 -b .test-variant
%patch172 -p1 -b .test-pkcs11
%patch173 -p1 -b .rh1732883
%patch174 -p1 -b .json-c
%patch175 -p1 -b .rh1709553
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .rh1770492
%patch183 -p1 -b .rh1736762-5
%patch184 -p1
%patch186 -p1
%patch187 -p1
%patch188 -p1
%patch189 -p1
%patch190 -p1
%patch191 -p1
%patch192 -p1
%patch193 -p1
%patch194 -p1
%patch195 -p1
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE29} lib/dns/tests/testdata/dstrandom/random.data
%patch133 -p1 -b .rh640538
%patch134 -p1 -b .rh669163
%patch6000 -p1
%patch6001 -p1
%patch6027 -p1
%patch6002 -p1
%patch6003 -p1
%patch6004 -p1
%patch6005 -p1
%patch6006 -p1
%patch6007 -p1
%patch6008 -p1
%patch6009 -p1
%patch6010 -p1
%patch6011 -p1
%patch6012 -p1
%patch6013 -p1
%patch6014 -p1
%patch6015 -p1
%patch6016 -p1
%patch6017 -p1
%patch6018 -p1
%patch6019 -p1
%patch6020 -p1
%patch6021 -p1
%patch6022 -p1
%patch6023 -p1
%patch6024 -p1
%patch6025 -p1
%patch6026 -p1
%patch196 -p1
%patch197 -p1
%patch6028 -p1
%patch6029 -p1
%patch6030 -p1
%patch6031 -p1
%patch6032 -p1
%patch6033 -p1
%patch6034 -p1
%patch6035 -p1
%patch6036 -p1
%patch6037 -p1
%patch6038 -p1
%patch6039 -p1
%patch6040 -p1
%patch6041 -p1
%patch6042 -p1
%patch6043 -p1
%patch6044 -p1
%patch6045 -p1
%patch6046 -p1
%patch6047 -p1
%patch6048 -p1
%patch6049 -p1
%patch6050 -p1
%patch6051 -p1
%patch6052 -p1
%patch6053 -p1
%patch6054 -p1
%patch6055 -p1
%patch6056 -p1
%patch6057 -p1
%patch6058 -p1
%patch6059 -p1
%patch6060 -p1
%patch198 -p1
%patch6061 -p1
%patch6062 -p1
%patch6063 -p1
%patch6064 -p1
%patch6065 -p1
%patch6066 -p1
%patch6067 -p1
%patch6068 -p1
%patch199 -p1
%if %{with PKCS11}
cp -r bin/named{,-pkcs11}
cp -r bin/dnssec{,-pkcs11}
cp -r lib/isc{,-pkcs11}
cp -r lib/dns{,-pkcs11}
%patch136 -p1 -b .dist_pkcs11
%patch149 -p1 -b .kyua-pkcs11
%patch150 -p1 -b .engine-pkcs11
%endif
%if %{with SDB}
%patch101 -p1 -b .old-api
mkdir bin/named-sdb
cp -r bin/named/* bin/named-sdb
%patch11 -p1 -b .sdbsrc
# SDB ldap
cp -fp contrib/sdb/ldap/ldapdb.[ch] bin/named-sdb
# SDB postgreSQL
cp -fp contrib/sdb/pgsql/pgsqldb.[ch] bin/named-sdb
# SDB sqlite
cp -fp contrib/sdb/sqlite/sqlitedb.[ch] bin/named-sdb
# SDB Berkeley DB - needs to be ported to DB4!
#cp -fp contrib/sdb/bdb/bdb.[ch] bin/named_sdb
# SDB dir
cp -fp contrib/sdb/dir/dirdb.[ch] bin/named-sdb
# SDB tools
mkdir -p bin/sdb_tools
cp -fp %{SOURCE9} bin/sdb_tools/ldap2zone.c
cp -fp %{SOURCE3} bin/sdb_tools/Makefile.in
#cp -fp contrib/sdb/bdb/zone2bdb.c bin/sdb_tools
cp -fp contrib/sdb/ldap/{zone2ldap.1,zone2ldap.c} bin/sdb_tools
cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools
cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools
%patch12 -p1 -b .sdb
%patch13 -p1 -b .fix_sdb_ldap
%patch137 -p1 -b .strlcat_fix
%endif
# Sparc and s390 arches need to use -fPIE
%ifarch sparcv9 sparc64 s390 s390x
for i in bin/named{,-sdb}/{,unix}/Makefile.in; do
sed -i 's|fpie|fPIE|g' $i
done
%endif
:;
%build
%define _configure "../configure"
%define unit_prepare_build() \
cp -uv Kyuafile "%{1}/" \
find lib -name 'K*.key' -exec cp -uv '{}' "%{1}/{}" ';' \
find lib -name 'Kyuafile' -exec cp -uv '{}' "%{1}/{}" ';' \
find lib -name 'testdata' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
find lib -name 'testkeys' -type d -exec cp -Tav '{}' "%{1}/{}" ';' \
%define systemtest_prepare_build() \
cp -Tuav bin/tests "%{1}/bin/tests/" \
cp -uv version "%{1}"
CFLAGS="$CFLAGS $RPM_OPT_FLAGS"
%if %{with TSAN}
CFLAGS+=" -O1 -fsanitize=thread -fPIE -pie"
%endif
export CFLAGS
export CPPFLAGS="$CPPFLAGS -DDIG_SIGCHASE"
export STD_CDEFINES="$CPPFLAGS"
sed -i -e 's/RELEASEVER=\(.*\)/RELEASEVER=\1-%{version}-%{release}/' version
libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f
mkdir build
pushd build
export LIBDIR_SUFFIXi=
%configure \
--with-python=%{__python3} --with-libtool --localstatedir=/var \
--enable-threads --enable-ipv6 --enable-filter-aaaa --with-pic \
--disable-static --includedir=%{_includedir}/bind9 \
--with-tuning=large --with-libidn2 --enable-openssl-hash \
--enable-fixed-rrset --enable-full-report \
--with-docbook-xsl=%{_datadir}/sgml/docbook/xsl-stylesheets \
%if %{with PKCS11}
--enable-native-pkcs11 --with-pkcs11=%{_libdir}/pkcs11/libsofthsm2.so \
%endif
%if %{with SDB}
--with-dlopen=yes --with-dlz-ldap=yes --with-dlz-postgres=yes \
--with-dlz-mysql=yes --with-dlz-filesystem=yes \
%endif
%if %{with GSSTSIG}
--with-gssapi=yes --disable-isc-spnego \
%endif
%if %{with LMDB}
--with-lmdb=yes \
%else
--with-lmdb=no \
%endif
%if %{with JSON}
--with-libjson \
%endif
%if %{with DNSTAP}
--enable-dnstap \
%endif
%if %{with UNITTEST}
--with-cmocka \
%endif
%if %{with DNSTAP}
pushd lib
SRCLIB="../../../lib"
(cd dns && ln -s ${SRCLIB}/dns/dnstap.proto)
%if %{with PKCS11}
(cd dns-pkcs11 && ln -s ${SRCLIB}/dns-pkcs11/dnstap.proto)
%endif
popd
%endif
make -j32
cp -rv doc/* ../doc/
pushd bin/dig
make man
popd
pushd bin/python
make man
popd
popd # build
%unit_prepare_build build
%systemtest_prepare_build build
%if %{with EXPORT_LIBS}
cp isc-config.sh.1 isc-export-config.sh.1
mkdir export-libs
pushd export-libs
export LIBDIR_SUFFIX=%{_export_dir}
%{configure} \
--with-libtool --disable-static --disable-epoll --disable-kqueue \
--libdir=%{_libdir}%{_export_dir} --enable-openssl-hash \
--includedir=%{_includedir}%{_export_dir}/ --disable-threads \
--enable-fixed-rrset --disable-rpz-nsip --disable-rpz-nsdname \
--without-lmdb --without-libxml2 --without-libjson \
--without-zlib --without-dlopen --enable-full-report \
%if %{with GSSTSIG}
--with-gssapi=yes --disable-isc-spnego \
%endif
%if %{with UNITTEST}
--with-cmocka \
%endif
mv isc-config.sh isc-export-config.sh
sed -i \
-e '/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \
-e 's/isc-config.sh/isc-export-config.sh/g' \
-e 's/bind9-config/bind9-export-config/g' \
Makefile
sed -i -e "/^SUBDIRS =/s/.*/SUBDIRS = isc dns isccfg irs/i" lib/Makefile
for lib in isc dns isccfg irs; do
find . -name Makefile -exec sed "s/lib${lib}\./lib${lib}-export\./g" -i {} \;
sed -e "s/-l${lib}\([^[:alpha:]]\)/-l${lib}-export\1/g" \
-e "s/lib${lib}\./lib${lib}-export\./g" \
-i isc-export-config.sh
done
make -j32
popd
%unit_prepare_build export-libs
# Test just compiled libraries
for lib in %{bind_export_libs}
do
sed -e "s,^\s*include(.*${lib}/.*,-- use &," -i export-libs/lib/Kyuafile
done
sed -e "/^\s*include(/ d" -e 's/^-- use //' -i export-libs/lib/Kyuafile
%endif #end EXPORT_LIBS
%check
%if %{with PKCS11}
# Tests require initialization of pkcs11 token
eval "$(bash %{SOURCE27} -A "`pwd`/softhsm-tokens")"
%endif
%if %{with TSAN}
export TSAN_OPTIONS="log_exe_name=true log_path=ThreadSanitizer exitcode=0"
%endif
%if %{with UNITTEST}
pushd build
make unit
e=$?
if [ "$e" -ne 0 ]; then
echo "ERROR: this build of BIND failed 'make unit'. Aborting."
exit $e;
fi;
popd
%if %{with EXPORT_LIBS}
pushd export-libs
make unit
e=$?
if [ "$e" -ne 0 ]; then
echo "ERROR: this build of BIND export-libs failed 'make unit'. Aborting."
exit $e;
fi;
popd
%endif
%endif
%if %{with SYSTEMTEST}
if [ "`whoami`" = 'root' ]; then
set -e
chmod -R a+rwX .
pushd bin/tests
pushd system
./ifconfig.sh up
popd
make test
e=$?
pushd system
./ifconfig.sh down
popd
popd
if [ "$e" -ne 0 ]; then
echo "ERROR: 'make test' failed. Aborting."
exit $e;
fi
fi
%endif
%install
mkdir -p ${RPM_BUILD_ROOT}/var/log
mkdir -p ${RPM_BUILD_ROOT}/run/named
mkdir -p ${RPM_BUILD_ROOT}/etc/logrotate.d
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}/bind
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
mkdir -p ${RPM_BUILD_ROOT}/var/named/{slaves,data,dynamic}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/{dev,etc,var,run/named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/var/{log,named,tmp}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/crypto-policies/back-ends
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/etc/{pki/dnssec-keys,named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot/%{_libdir}/bind
pushd ${RPM_BUILD_ROOT}/var/named/chroot/var
ln -s ../run run
popd
touch ${RPM_BUILD_ROOT}/var/named/chroot/etc/named.conf
%if %{with SDB}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/{dev,etc,var,run/named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var/{log,named,tmp}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/crypto-policies/back-ends
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/{pki/dnssec-keys,named}
mkdir -p ${RPM_BUILD_ROOT}/var/named/chroot_sdb/%{_libdir}/bind
pushd ${RPM_BUILD_ROOT}/var/named/chroot_sdb/var
ln -s ../run run
popd
touch ${RPM_BUILD_ROOT}/var/named/chroot_sdb/etc/named.conf
%endif
pushd build
%make_install
popd
%if %{with EXPORT_LIBS}
pushd export-libs
%make_install
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d
echo "%{_libdir}%{_export_dir}" > ${RPM_BUILD_ROOT}%{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf
cp -fp config.h ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}
rm -rf ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pkcs11/
rm -f ${RPM_BUILD_ROOT}%{_includedir}%{_export_dir}/pk11/{constants,internal,pk11,result}.h
popd
%endif
rm -f ${RPM_BUILD_ROOT}/etc/bind.keys
install -d ${RPM_BUILD_ROOT}%{_unitdir}
install -d ${RPM_BUILD_ROOT}%{_libexecdir}
install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
install -m 644 %{SOURCE16} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE17} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE23} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE25} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 755 %{SOURCE20} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
install -m 755 %{SOURCE21} ${RPM_BUILD_ROOT}%{_libexecdir}/generate-rndc-key.sh
install -m 644 %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/named
install -m 644 %{SOURCE28} ${RPM_BUILD_ROOT}%{_sysconfdir}/named-chroot.files
install -m 644 %{SOURCE2} ${RPM_BUILD_ROOT}/etc/logrotate.d/named
%if %{with SDB}
install -m 644 %{SOURCE18} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE19} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE24} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE10} ${RPM_BUILD_ROOT}%{_mandir}/man1/ldap2zone.1
install -m 644 %{SOURCE11} ${RPM_BUILD_ROOT}%{_mandir}/man8/named-sdb.8
install -m 644 %{SOURCE12} ${RPM_BUILD_ROOT}%{_mandir}/man1/zonetodb.1
install -m 644 %{SOURCE13} ${RPM_BUILD_ROOT}%{_mandir}/man1/zone2sqlite.1
%endif
%if %{with PKCS11}
install -m 644 %{SOURCE26} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 755 %{SOURCE27} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-softhsm.sh
pushd ${RPM_BUILD_ROOT}%{_mandir}/man8
ln -s named.8.gz named-pkcs11.8.gz
ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz
ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz
ln -s dnssec-verify.8.gz dnssec-verify-pkcs11.8.gz
ln -s dnssec-settime.8.gz dnssec-settime-pkcs11.8.gz
ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz
ln -s dnssec-coverage.8.gz dnssec-coverage-pkcs11.8.gz
ln -s dnssec-signzone.8.gz dnssec-signzone-pkcs11.8.gz
ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz
ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz
ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz
popd
%endif
%if %{with SDB}
install -d ${RPM_BUILD_ROOT}/etc/openldap/schema
install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/etc/openldap/schema/dnszone.schema
install -m 644 %{SOURCE5} contrib/sdb/pgsql/
%endif
install -m 644 lib/isc/unix/errno2result.h ${RPM_BUILD_ROOT}%{_includedir}/bind9/isc
cp -fp build/config.h ${RPM_BUILD_ROOT}/%{_includedir}/bind9
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
touch ${RPM_BUILD_ROOT}%{_localstatedir}/log/named.log
# configuration files
install -m 640 %{SOURCE7} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.conf
touch ${RPM_BUILD_ROOT}%{_sysconfdir}/rndc.{key,conf}
install -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.root.key
install -m 644 %{SOURCE15} ${RPM_BUILD_ROOT}%{_sysconfdir}/trusted-key.key
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/named
# data files
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/named
install -m 640 %{SOURCE30} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.ca
install -m 640 %{SOURCE33} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.localhost
install -m 640 %{SOURCE34} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.loopback
install -m 640 %{SOURCE32} ${RPM_BUILD_ROOT}%{_localstatedir}/named/named.empty
install -m 640 %{SOURCE31} ${RPM_BUILD_ROOT}%{_sysconfdir}/named.rfc1912.zones
mkdir -p sample/etc sample/var/named/{data,slaves}
install -m 644 %{SOURCE6} sample/etc/named.conf
install -m 644 %{SOURCE7} named.conf.default
install -m 644 %{SOURCE31} sample/etc/named.rfc1912.zones
install -m 644 %{SOURCE33} %{SOURCE34} %{SOURCE32} sample/var/named
install -m 644 %{SOURCE30} sample/var/named/named.ca
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
install -m 644 %{SOURCE14} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
install -m 644 %{SOURCE22} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
%pre
if [ "$1" -eq 1 ]; then
/usr/sbin/groupadd -g %{bind_gid} -f -r named >/dev/null 2>&1 || :;
/usr/sbin/useradd -u %{bind_uid} -r -N -M -g named -s /sbin/nologin -d /var/named -c Named named >/dev/null 2>&1 || :;
fi
%post
/sbin/ldconfig
%selinux_set_booleans named_write_master_zones=1
if [ "$1" -eq 1 ]; then
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ;
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
else
if getent passwd named | grep ':/bin/false$' >/dev/null; then
/sbin/usermod -s /sbin/nologin named
fi
fi
%systemd_post named.service
%preun
%systemd_preun named.service
%postun
/sbin/ldconfig
%selinux_unset_booleans named_write_master_zones=1
%systemd_postun_with_restart named.service
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%post libs-lite -p /sbin/ldconfig
%postun libs-lite -p /sbin/ldconfig
%if %{with SDB}
%post sdb
%systemd_post named-sdb.service
%preun sdb
%systemd_preun named-sdb.service
%postun sdb
%systemd_postun_with_restart named-sdb.service
%endif #end SDB
%if %{with PKCS11}
%post pkcs11
/sbin/ldconfig
%systemd_post named-pkcs11.service
%preun pkcs11
%systemd_preun named-pkcs11.service
%postun pkcs11
/sbin/ldconfig
%systemd_postun_with_restart named-pkcs11.service
%endif #end PKCS11
%triggerpostun -n bind -- bind <= 32:9.5.0-20.b1
if [ "$1" -gt 0 ]; then
[ -e /etc/rndc.key ] && chown root:named /etc/rndc.key
[ -e /etc/rndc.key ] && chmod 0640 /etc/rndc.key
fi
%triggerun -- bind < 32:9.9.0-0.6.rc1
/sbin/chkconfig --del named >/dev/null 2>&1 || :
/bin/systemctl try-restart named.service >/dev/null 2>&1 || :
%if %{with EXPORT_LIBS}
%post export-libs
/sbin/ldconfig
%end
%postun export-libs
/sbin/ldconfig
%end
%endif
%define chroot_fix_devices() \
if [ $1 -gt 1 ]; then \
for DEV in "%{1}/dev"/{null,random,zero}; do \
if [ -e "$DEV" -a "$(/bin/stat --printf="%G %a" "$DEV")" = "root 644" ]; then \
/bin/chmod 0664 "$DEV" \
/bin/chgrp named "$DEV" \
fi \
done \
fi
%post chroot
%systemd_post named-chroot.service
%chroot_fix_devices /var/named/chroot
%posttrans chroot
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
[ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot/dev/* > /dev/null 2>&1;
fi
%preun chroot
%systemd_preun named-chroot.service named-chroot-setup.service
%postun chroot
%systemd_postun_with_restart named-chroot.service
%if %{with SDB}
%post sdb-chroot
%systemd_post named-sdb-chroot.service
%chroot_fix_devices /var/named/chroot_sdb
%posttrans sdb-chroot
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
[ -x /sbin/restorecon ] && /sbin/restorecon /var/named/chroot_sdb/dev/* > /dev/null 2>&1;
fi
%preun sdb-chroot
%systemd_preun named-sdb-chroot.service
%postun sdb-chroot
%systemd_postun_with_restart named-sdb-chroot.service
%endif #end SDB
%clean
rm -rf ${RPM_BUILD_ROOT}
%files
%license COPYRIGHT
%doc CHANGES README named.conf.default doc/arm/*html doc/arm/*pdf sample/
%{_libdir}/bind
%{_bindir}/named-rrchecker
%{_bindir}/mdig
%{_sbindir}/named-journalprint
%{_sbindir}/named-checkconf
%{_sbindir}/lwresd
%{_sbindir}/named
%{_sbindir}/rndc*
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sysconfig/named
%config(noreplace) %attr(0644,root,named) %{_sysconfdir}/named.root.key
%{_tmpfilesdir}/named.conf
%{_sysconfdir}/rwtab.d/named
%{_libexecdir}/generate-rndc-key.sh
%{_unitdir}/named.service
%{_unitdir}/named-setup-rndc.service
%{_mandir}/man1/mdig.1*
%{_mandir}/man1/named-rrchecker.1*
%{_mandir}/man5/named.conf.5*
%{_mandir}/man5/rndc.conf.5*
%{_mandir}/man8/rndc.8*
%{_mandir}/man8/named.8*
%{_mandir}/man8/lwresd.8*
%{_mandir}/man8/named-checkconf.8*
%{_mandir}/man8/rndc-confgen.8*
%{_mandir}/man8/named-journalprint.8*
%defattr(0640,root,named,0750)
%dir %{_sysconfdir}/named
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
%defattr(0660,root,named,01770)
%dir %{_localstatedir}/named
%defattr(0660,named,named,0770)
%dir %{_localstatedir}/named/slaves
%dir %{_localstatedir}/named/data
%dir %{_localstatedir}/named/dynamic
%ghost %{_localstatedir}/log/named.log
%defattr(0640,root,named,0750)
%config %verify(not link) %{_localstatedir}/named/named.ca
%config %verify(not link) %{_localstatedir}/named/named.localhost
%config %verify(not link) %{_localstatedir}/named/named.loopback
%config %verify(not link) %{_localstatedir}/named/named.empty
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/named
%defattr(-,named,named,-)
%dir /run/named
%files libs
%{_libdir}/libbind9.so.161*
%{_libdir}/libisccc.so.161*
%{_libdir}/liblwres.so.161*
%files libs-lite
%{_libdir}/libdns.so.1110*
%{_libdir}/libirs.so.161*
%{_libdir}/libisc.so.1105*
%{_libdir}/libisccfg.so.163*
%files utils
%{_bindir}/dig
%{_bindir}/delv
%{_bindir}/host
%{_bindir}/nslookup
%{_bindir}/nsupdate
%{_bindir}/arpaname
%{_sbindir}/ddns-confgen
%{_sbindir}/tsig-keygen
%{_sbindir}/genrandom
%{_sbindir}/nsec3hash
%{_sbindir}/dnssec*
%{_sbindir}/isc-hmac-fixup
%{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone
%if %{with LMDB}
%{_sbindir}/named-nzd2nzf
%endif
%if %{with PKCS11}
%exclude %{_sbindir}/dnssec*pkcs11
%endif
%{_mandir}/man1/host.1*
%{_mandir}/man1/nsupdate.1*
%{_mandir}/man1/dig.1*
%{_mandir}/man1/delv.1*
%{_mandir}/man1/nslookup.1*
%{_mandir}/man1/arpaname.1*
%{_mandir}/man8/ddns-confgen.8*
%{_mandir}/man8/tsig-keygen.8*
%{_mandir}/man8/genrandom.8*
%{_mandir}/man8/nsec3hash.8*
%{_mandir}/man8/dnssec*.8*
%if %{with PKCS11}
%exclude %{_mandir}/man8/dnssec*-pkcs11.8*
%endif
%{_mandir}/man8/isc-hmac-fixup.8*
%{_mandir}/man8/named-checkzone.8*
%{_mandir}/man8/named-compilezone.8*
%if %{with LMDB}
%{_mandir}/man8/named-nzd2nzf.8*
%endif
%if %{with DNSTAP}
%{_bindir}/dnstap-read
%{_mandir}/man1/dnstap-read.1*
%endif
%{_sysconfdir}/trusted-key.key
%if %{with SDB}
%files sdb
%doc contrib/sdb/ldap/README.ldap contrib/sdb/ldap/INSTALL.ldap contrib/sdb/pgsql/README.sdb_pgsql
%dir %{_sysconfdir}/openldap/schema
%config(noreplace) %{_sysconfdir}/openldap/schema/dnszone.schema
%{_sbindir}/named-sdb
%{_sbindir}/zone2ldap
%{_sbindir}/ldap2zone
%{_sbindir}/zonetodb
%{_sbindir}/zone2sqlite
%{_unitdir}/named-sdb.service
%{_mandir}/man1/zone2ldap.1*
%{_mandir}/man1/ldap2zone.1*
%{_mandir}/man1/zonetodb.1*
%{_mandir}/man1/zone2sqlite.1*
%{_mandir}/man8/named-sdb.8*
%endif #end SDB
%files devel
%dir %{_includedir}/bind9
%dir %{_includedir}/bind9/pk11
%{_libdir}/libbind9.so
%{_libdir}/libisccc.so
%{_libdir}/liblwres.so
%{_libdir}/libdns.so
%{_libdir}/libirs.so
%{_libdir}/libisc.so
%{_libdir}/libisccfg.so
%{_includedir}/bind9/config.h
%{_includedir}/bind9/bind9
%{_includedir}/bind9/isccc
%{_includedir}/bind9/lwres
%{_includedir}/bind9/dns
%{_includedir}/bind9/dst
%{_includedir}/bind9/irs
%{_includedir}/bind9/isc
%{_includedir}/bind9/pk11/site.h
%{_includedir}/bind9/isccfg
%{_bindir}/isc-config.sh
%{_bindir}/bind9-config
%{_mandir}/man1/isc-config.sh.1*
%{_mandir}/man1/bind9-config.1*
%{_mandir}/man3/lwres*
%files chroot
%config(noreplace) %{_sysconfdir}/named-chroot.files
%{_unitdir}/named-chroot.service
%{_unitdir}/named-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%defattr(0664,root,named,-)
%ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot/dev/null
%ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot/dev/random
%ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot/dev/urandom
%ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot/dev/zero
%defattr(0640,root,named,0750)
%dir /var/named/chroot
%dir /var/named/chroot/{dev,etc,var,run}
%dir /var/named/chroot/etc/{named,pki}
%dir /var/named/chroot/etc/pki/dnssec-keys
%dir /var/named/chroot/etc/crypto-policies
%dir /var/named/chroot/etc/crypto-policies/back-ends
%ghost %config(noreplace) /var/named/chroot/etc/named.conf
%defattr(-,root,root,-)
%dir /var/named/chroot/{usr,%{_libdir}}
%dir /var/named/chroot/%{_libdir}/bind
%defattr(0660,root,named,01770)
%dir /var/named/chroot/var/named
%defattr(0660,named,named,0770)
%dir /var/named/chroot/var/{tmp,log}
%defattr(-,named,named,-)
%dir /var/named/chroot/run/named
/var/named/chroot/var/run
%if %{with SDB}
%files sdb-chroot
%config(noreplace) %{_sysconfdir}/named-chroot.files
%{_unitdir}/named-sdb-chroot.service
%{_unitdir}/named-sdb-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%defattr(0664,root,named,-)
%ghost %dev(c,1,3) %verify(not mtime) /var/named/chroot_sdb/dev/null
%ghost %dev(c,1,8) %verify(not mtime) /var/named/chroot_sdb/dev/random
%ghost %dev(c,1,9) %verify(not mtime) /var/named/chroot_sdb/dev/urandom
%ghost %dev(c,1,5) %verify(not mtime) /var/named/chroot_sdb/dev/zero
%defattr(0640,root,named,0750)
%dir /var/named/chroot_sdb
%dir /var/named/chroot_sdb/{dev,etc,var,run}
%dir /var/named/chroot_sdb/etc/{named,pki}
%dir /var/named/chroot_sdb/etc/pki/dnssec-keys
%dir /var/named/chroot_sdb/etc/crypto-policies
%dir /var/named/chroot_sdb/etc/crypto-policies/back-ends
%ghost %config(noreplace) /var/named/chroot_sdb/etc/named.conf
%defattr(0660,root,named,01770)
%dir /var/named/chroot_sdb/var/named
%defattr(-,root,root,-)
%dir /var/named/chroot_sdb/{usr,%{_libdir}}
%dir /var/named/chroot_sdb/%{_libdir}/bind
%defattr(0660,named,named,0770)
%dir /var/named/chroot_sdb/var/{tmp,log}
%defattr(-,named,named,-)
%dir /var/named/chroot_sdb/run/named
/var/named/chroot_sdb/var/run
%endif #end SDB
%if %{with PKCS11}
%files pkcs11
%{_sbindir}/named-pkcs11
%{_sbindir}/dnssec*pkcs11
%{_sbindir}/pkcs11-*
%{_libdir}/libdns-pkcs11.so.1110*
%{_libdir}/libisc-pkcs11.so.1105*
%{_unitdir}/named-pkcs11.service
%{_libexecdir}/setup-named-softhsm.sh
%{_mandir}/man8/*pkcs11*.8*
%files pkcs11-devel
%{_libdir}/lib*-pkcs11.so
%{_includedir}/bind9/pk11/*.h
%{_includedir}/bind9/pkcs11
%exclude %{_includedir}/bind9/pk11/site.h
%endif #end PKCS11
%if %{with EXPORT_LIBS}
%files export-libs
%dir %{_libdir}/%{_export_dir}
%{_libdir}/%{_export_dir}/libdns-export.so.1110*
%{_libdir}/%{_export_dir}/libirs-export.so.161*
%{_libdir}/%{_export_dir}/libisc-export.so.1105*
%{_libdir}/%{_export_dir}/libisccfg-export.so.163*
%config(noreplace) %{_sysconfdir}/ld.so.conf.d/%{name}-export-%{_arch}.conf
%files export-devel
%{_libdir}/%{_export_dir}/lib*-export.so
%{_includedir}/%{_export_dir}/{dns,dst,irs,isc,isccfg}
%{_includedir}/%{_export_dir}/pk11/site.h
%{_includedir}/%{_export_dir}/config.h
%attr(0755,root,root) %{_bindir}/isc-export-config.sh
%{_bindir}/bind9-export-config
%{_mandir}/man1/*-export-config*.1*
%endif #end EXPORT_LIBS
%files -n python3-bind
%{python3_sitelib}/*.egg-info
%{python3_sitelib}/isc/
%changelog
* Tue Oct 11 2022 huangyu <huangyu106@huawei.com> - 32:9.11.21-14
- Type:CVE
- ID:CVE-2022-2906 CVE-2022-38177 CVE-2022-38178 CVE-2022-2795 CVE-2022-2881
- SUG:NA
- DESC:FIX CVE-2022-2906CVE-2022-38177CVE-2022-38178CVE-2022-2795CVE-2022-2881
* Sat Sep 03 2022 jiangheng <jiangheng12@huawei.com> - 32:9.11.21-13
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:backport some patches from community
* Fri Sep 02 2022 jiangheng <jiangheng12@huawei.com> - 32:9.11.21-12
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:remove obsolete patch
* Wed Apr 20 2022 jiangheng <jiangheng12@huawei.com> - 9.11.21-11
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add selinux-policy-targeted requires
* Wed Mar 30 2022 jiangheng <jiangheng12@huawei.com> - 9.11.21-10
- Type:CVE
- ID:CVE-2021-25220
- SUG:NA
- DESC:fix CVE-2021-25220
* Mon Nov 15 2021 jiangheng <jiangheng12@huawei.com> - 9.11.21-9
- Type:CVE
- ID:CVE-2021-25219
- SUG:NA
- DESC:fix CVE-2021-25219
* Sat Jul 24 2021 jiangheng <jiangheng12@huawei.com> - 9.11.21-8
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:remove gdb buildrequires
* Wed May 26 2021 jiangheng <jiangheng12@huawei.com> - 9.11.21-7
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2021-25214 CVE-2021-25215
* Fri Mar 12 2021 yanan <yanan@huawei.com> - 9.11.21-6
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:remove useless bind-sdb package
* Thu Feb 18 2021 liulong <liulong20@huawei.com> - 9.11.21-5
- Type:CVE
- ID:NA
- SUG:NA
- DESC:fix CVE-2020-8625
* Wed Jan 13 2021 gaihuiying <gaihuiying1@huawei.com> - 9.11.21-4
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove GeoIP and libdb dependency
* Wed Dec 9 2020 hanzhijun <hanzhijun1@huawei.com> - 9.11.21-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Fix the difference at the macro definition using clock gettime instead of gettimeofda
* Wed Sep 30 2020 yuanxin <yuanxin21@huawei.com> - 9.11.21-2
- Type:CVE
- ID:CVE-2020-8622.patch CVE-2020-8623.patch CVE-2020-8624.patch
- SUG:NA
- DESC:fix CVE-2020-8622.patch CVE-2020-8623.patch CVE-2020-8624.patch
* Tue Aug 25 2020 gaihuiying <gaihuiying1@huawei.com> - 9.11.21-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:update bind version to 9.11.21
* Thu Mar 19 2020 songnannan <songnannan2@huawei.com> - 9.11.4-13
- add gdb in buildrequires
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 9.11.4-12
- Package init
Reference in New Issue View Git Blame Copy Permalink