diff --git a/bind-fix-fips.patch b/bind-fix-fips.patch new file mode 100644 index 0000000..4d548cd --- /dev/null +++ b/bind-fix-fips.patch @@ -0,0 +1,22 @@ +Index: bind-9.11.2/lib/dns/opensslgost_link.c +=================================================================== +--- bind-9.11.2.orig/lib/dns/opensslgost_link.c ++++ bind-9.11.2/lib/dns/opensslgost_link.c +@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp + + /* check if the gost engine works properly */ + e = ENGINE_by_id("gost"); +- if (e == NULL) ++ if (e == NULL) { ++ /* In FIPS mode we cannot get the gost engine, even if ++ * openssl and bind was originally built with it. */ ++#if 0 + return (dst__openssl_toresult2("ENGINE_by_id", + DST_R_OPENSSLFAILURE)); ++#endif ++ return (ISC_R_SUCCESS); ++ } ++ + if (ENGINE_init(e) <= 0) { + ENGINE_free(e); + e = NULL; diff --git a/bind.changes b/bind.changes index a4221fb..5aebbae 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Apr 16 10:15:22 UTC 2019 - Navin Kukreja + +- Add FIPS patch back into bind (bsc#1128220) +- File: bind-fix-fips.patch + ------------------------------------------------------------------- Mon Dec 10 09:25:44 UTC 2018 - Franck Bui diff --git a/bind.spec b/bind.spec index 3556fef..82b4f45 100644 --- a/bind.spec +++ b/bind.spec @@ -1,7 +1,7 @@ # # spec file for package bind # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -83,6 +83,7 @@ Patch53: bind-sdb-ldap.patch Patch54: bind-CVE-2017-3145.patch Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch Patch56: bind-ldapdump-use-valid-host.patch +Patch57: bind-fix-fips.patch BuildRequires: libcap-devel BuildRequires: libmysqlclient-devel BuildRequires: libopenssl-devel @@ -315,6 +316,7 @@ This package provides a module which allows commands to be sent to rndc directly %patch54 -p1 %patch55 -p1 %patch56 -p1 +%patch57 -p1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})