Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2019-04-18 13:57:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.5536 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Thu Apr 18 13:57:04 2019 rev:141 rq:694780 version:9.11.2 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2018-12-19 13:23:54.769345595 +0100 +++ /work/SRC/openSUSE:Factory/.bind.new.5536/bind.changes 2019-04-18 13:57:38.271979471 +0200 @@ -1,0 +2,6 @@ +Tue Apr 16 10:15:22 UTC 2019 - Navin Kukreja <[email protected]> + +- Add FIPS patch back into bind (bsc#1128220) +- File: bind-fix-fips.patch + +------------------------------------------------------------------- New: ---- bind-fix-fips.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.zCCSD0/_old 2019-04-18 13:57:41.387980510 +0200 +++ /var/tmp/diff_new_pack.zCCSD0/_new 2019-04-18 13:57:41.387980510 +0200 @@ -1,7 +1,7 @@ # # spec file for package bind # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -83,6 +83,7 @@ Patch54: bind-CVE-2017-3145.patch Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch Patch56: bind-ldapdump-use-valid-host.patch +Patch57: bind-fix-fips.patch BuildRequires: libcap-devel BuildRequires: libmysqlclient-devel BuildRequires: libopenssl-devel @@ -315,6 +316,7 @@ %patch54 -p1 %patch55 -p1 %patch56 -p1 +%patch57 -p1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0}) ++++++ bind-fix-fips.patch ++++++ Index: bind-9.11.2/lib/dns/opensslgost_link.c =================================================================== --- bind-9.11.2.orig/lib/dns/opensslgost_link.c +++ bind-9.11.2/lib/dns/opensslgost_link.c @@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp /* check if the gost engine works properly */ e = ENGINE_by_id("gost"); - if (e == NULL) + if (e == NULL) { + /* In FIPS mode we cannot get the gost engine, even if + * openssl and bind was originally built with it. */ +#if 0 return (dst__openssl_toresult2("ENGINE_by_id", DST_R_OPENSSLFAILURE)); +#endif + return (ISC_R_SUCCESS); + } + if (ENGINE_init(e) <= 0) { ENGINE_free(e); e = NULL;
