Accepting request 694778 from home:nkukreja:branches:network

- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch

OBS-URL: https://build.opensuse.org/request/show/694778
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=255
This commit is contained in:
Navin Kukreja 2019-04-16 10:45:29 +00:00 committed by Git OBS Bridge
parent 54e402359e
commit 3f366a17af
3 changed files with 32 additions and 2 deletions

22
bind-fix-fips.patch Normal file
View File

@ -0,0 +1,22 @@
Index: bind-9.11.2/lib/dns/opensslgost_link.c
===================================================================
--- bind-9.11.2.orig/lib/dns/opensslgost_link.c
+++ bind-9.11.2/lib/dns/opensslgost_link.c
@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp
/* check if the gost engine works properly */
e = ENGINE_by_id("gost");
- if (e == NULL)
+ if (e == NULL) {
+ /* In FIPS mode we cannot get the gost engine, even if
+ * openssl and bind was originally built with it. */
+#if 0
return (dst__openssl_toresult2("ENGINE_by_id",
DST_R_OPENSSLFAILURE));
+#endif
+ return (ISC_R_SUCCESS);
+ }
+
if (ENGINE_init(e) <= 0) {
ENGINE_free(e);
e = NULL;

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Apr 16 10:15:22 UTC 2019 - Navin Kukreja <navin.kukreja@suse.com>
- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch
-------------------------------------------------------------------
Mon Dec 10 09:25:44 UTC 2018 - Franck Bui <fbui@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package bind
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@ -83,6 +83,7 @@ Patch53: bind-sdb-ldap.patch
Patch54: bind-CVE-2017-3145.patch
Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
Patch56: bind-ldapdump-use-valid-host.patch
Patch57: bind-fix-fips.patch
BuildRequires: libcap-devel
BuildRequires: libmysqlclient-devel
BuildRequires: libopenssl-devel
@ -315,6 +316,7 @@ This package provides a module which allows commands to be sent to rndc directly
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
# use the year from source gzip header instead of current one to make reproducible rpms
year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})