Accepting request 694778 from home:nkukreja:branches:network
- Add FIPS patch back into bind (bsc#1128220) - File: bind-fix-fips.patch OBS-URL: https://build.opensuse.org/request/show/694778 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=255
This commit is contained in:
parent
54e402359e
commit
3f366a17af
22
bind-fix-fips.patch
Normal file
22
bind-fix-fips.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: bind-9.11.2/lib/dns/opensslgost_link.c
|
||||
===================================================================
|
||||
--- bind-9.11.2.orig/lib/dns/opensslgost_link.c
|
||||
+++ bind-9.11.2/lib/dns/opensslgost_link.c
|
||||
@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp
|
||||
|
||||
/* check if the gost engine works properly */
|
||||
e = ENGINE_by_id("gost");
|
||||
- if (e == NULL)
|
||||
+ if (e == NULL) {
|
||||
+ /* In FIPS mode we cannot get the gost engine, even if
|
||||
+ * openssl and bind was originally built with it. */
|
||||
+#if 0
|
||||
return (dst__openssl_toresult2("ENGINE_by_id",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
+#endif
|
||||
+ return (ISC_R_SUCCESS);
|
||||
+ }
|
||||
+
|
||||
if (ENGINE_init(e) <= 0) {
|
||||
ENGINE_free(e);
|
||||
e = NULL;
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 16 10:15:22 UTC 2019 - Navin Kukreja <navin.kukreja@suse.com>
|
||||
|
||||
- Add FIPS patch back into bind (bsc#1128220)
|
||||
- File: bind-fix-fips.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 10 09:25:44 UTC 2018 - Franck Bui <fbui@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package bind
|
||||
#
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -83,6 +83,7 @@ Patch53: bind-sdb-ldap.patch
|
||||
Patch54: bind-CVE-2017-3145.patch
|
||||
Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
|
||||
Patch56: bind-ldapdump-use-valid-host.patch
|
||||
Patch57: bind-fix-fips.patch
|
||||
BuildRequires: libcap-devel
|
||||
BuildRequires: libmysqlclient-devel
|
||||
BuildRequires: libopenssl-devel
|
||||
@ -315,6 +316,7 @@ This package provides a module which allows commands to be sent to rndc directly
|
||||
%patch54 -p1
|
||||
%patch55 -p1
|
||||
%patch56 -p1
|
||||
%patch57 -p1
|
||||
|
||||
# use the year from source gzip header instead of current one to make reproducible rpms
|
||||
year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
|
||||
|
Loading…
Reference in New Issue
Block a user