Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in at 2019-04-18 13:57:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new.5536 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Thu Apr 18 13:57:04 2019 rev:141 rq:694780 version:9.11.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2018-12-19 13:23:54.769345595 +0100
+++ /work/SRC/openSUSE:Factory/.bind.new.5536/bind.changes 2019-04-18 13:57:38.271979471 +0200
@@ -1,0 +2,6 @@
+Tue Apr 16 10:15:22 UTC 2019 - Navin Kukreja
+
+- Add FIPS patch back into bind (bsc#1128220)
+- File: bind-fix-fips.patch
+
+-------------------------------------------------------------------
New:
----
bind-fix-fips.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.zCCSD0/_old 2019-04-18 13:57:41.387980510 +0200
+++ /var/tmp/diff_new_pack.zCCSD0/_new 2019-04-18 13:57:41.387980510 +0200
@@ -1,7 +1,7 @@
#
# spec file for package bind
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -83,6 +83,7 @@
Patch54: bind-CVE-2017-3145.patch
Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
Patch56: bind-ldapdump-use-valid-host.patch
+Patch57: bind-fix-fips.patch
BuildRequires: libcap-devel
BuildRequires: libmysqlclient-devel
BuildRequires: libopenssl-devel
@@ -315,6 +316,7 @@
%patch54 -p1
%patch55 -p1
%patch56 -p1
+%patch57 -p1
# use the year from source gzip header instead of current one to make reproducible rpms
year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
++++++ bind-fix-fips.patch ++++++
Index: bind-9.11.2/lib/dns/opensslgost_link.c
===================================================================
--- bind-9.11.2.orig/lib/dns/opensslgost_link.c
+++ bind-9.11.2/lib/dns/opensslgost_link.c
@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp
/* check if the gost engine works properly */
e = ENGINE_by_id("gost");
- if (e == NULL)
+ if (e == NULL) {
+ /* In FIPS mode we cannot get the gost engine, even if
+ * openssl and bind was originally built with it. */
+#if 0
return (dst__openssl_toresult2("ENGINE_by_id",
DST_R_OPENSSLFAILURE));
+#endif
+ return (ISC_R_SUCCESS);
+ }
+
if (ENGINE_init(e) <= 0) {
ENGINE_free(e);
e = NULL;