From 3f366a17afa9e8e9e6104b2e4f1656f86063ebf569b6c3e1c60b0af72c9bf0a1 Mon Sep 17 00:00:00 2001
From: Navin Kukreja <navin.kukreja@suse.com>
Date: Tue, 16 Apr 2019 10:45:29 +0000
Subject: [PATCH] Accepting request 694778 from home:nkukreja:branches:network

- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch

OBS-URL: https://build.opensuse.org/request/show/694778
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=255
---
 bind-fix-fips.patch | 22 ++++++++++++++++++++++
 bind.changes        |  6 ++++++
 bind.spec           |  6 ++++--
 3 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 bind-fix-fips.patch

diff --git a/bind-fix-fips.patch b/bind-fix-fips.patch
new file mode 100644
index 0000000..4d548cd
--- /dev/null
+++ b/bind-fix-fips.patch
@@ -0,0 +1,22 @@
+Index: bind-9.11.2/lib/dns/opensslgost_link.c
+===================================================================
+--- bind-9.11.2.orig/lib/dns/opensslgost_link.c
++++ bind-9.11.2/lib/dns/opensslgost_link.c
+@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp
+ 
+ 	/* check if the gost engine works properly */
+ 	e = ENGINE_by_id("gost");
+-	if (e == NULL)
++	if (e == NULL) {
++		/* In FIPS mode we cannot get the gost engine, even if
++		 * openssl and bind was originally built with it. */
++#if 0	
+ 		return (dst__openssl_toresult2("ENGINE_by_id",
+ 					       DST_R_OPENSSLFAILURE));
++#endif
++		return (ISC_R_SUCCESS);
++	}
++
+ 	if (ENGINE_init(e) <= 0) {
+ 		ENGINE_free(e);
+ 		e = NULL;
diff --git a/bind.changes b/bind.changes
index a4221fb..5aebbae 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Apr 16 10:15:22 UTC 2019 - Navin Kukreja <navin.kukreja@suse.com>
+
+- Add FIPS patch back into bind (bsc#1128220)
+- File: bind-fix-fips.patch 
+
 -------------------------------------------------------------------
 Mon Dec 10 09:25:44 UTC 2018 - Franck Bui <fbui@suse.com>
 
diff --git a/bind.spec b/bind.spec
index 3556fef..82b4f45 100644
--- a/bind.spec
+++ b/bind.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package bind
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
 
@@ -83,6 +83,7 @@ Patch53:        bind-sdb-ldap.patch
 Patch54:        bind-CVE-2017-3145.patch
 Patch55:        bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
 Patch56:        bind-ldapdump-use-valid-host.patch
+Patch57:        bind-fix-fips.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libmysqlclient-devel
 BuildRequires:  libopenssl-devel
@@ -315,6 +316,7 @@ This package provides a module which allows commands to be sent to rndc directly
 %patch54 -p1
 %patch55 -p1
 %patch56 -p1
+%patch57 -p1
 
 # use the year from source gzip header instead of current one to make reproducible rpms
 year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})