diff --git a/bind-rh1663318.patch b/bind-rh1663318.patch new file mode 100644 index 0000000..79487b0 --- /dev/null +++ b/bind-rh1663318.patch @@ -0,0 +1,32 @@ +From 48d86dd3d834bcedd0c977d193c36b12e8398b4e Mon Sep 17 00:00:00 2001 +From: Francis Dupont +Date: Sun, 17 Sep 2017 12:02:09 +0200 +Subject: [PATCH] Made RAND_status check optional (broke --disable-crypto-rand) + +--- + lib/dns/openssl_link.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c +index 91e87d0..3cddaa9 100644 +--- a/lib/dns/openssl_link.c ++++ b/lib/dns/openssl_link.c +@@ -289,6 +289,7 @@ dst__openssl_init(const char *engine) { + #endif + #endif /* !defined(OPENSSL_NO_ENGINE) */ + ++#ifdef ISC_PLATFORM_CRYPTORANDOM + /* Protect ourselves against unseeded PRNG */ + if (RAND_status() != 1) { + FATAL_ERROR(__FILE__, __LINE__, +@@ -296,6 +297,7 @@ dst__openssl_init(const char *engine) { + "cannot be initialized (see the `PRNG not " + "seeded' message in the OpenSSL FAQ)"); + } ++#endif + + return (ISC_R_SUCCESS); + +-- +2.20.1 + diff --git a/bind.spec b/bind.spec index 2b22c57..372bf59 100644 --- a/bind.spec +++ b/bind.spec @@ -52,7 +52,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.4 -Release: 12%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 13%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -124,6 +124,8 @@ Patch159:bind-9.11-rt46047.patch # commit 083461d3329ff6f2410745848a926090586a9846 Patch160:bind-9.11-rh1624100.patch Patch161:bind-9.11-host-idn-disable.patch +# https://gitlab.isc.org/isc-projects/bind9/commit/8a98277811e +Patch163:bind-rh1663318.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -468,6 +470,7 @@ are used for building ISC DHCP. %patch159 -p1 -b .rt46047 %patch160 -p1 -b .rh1624100 %patch161 -p1 -b .host-idn-disable +%patch163 -p1 -b .rh1663318 mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data @@ -679,6 +682,7 @@ export LIBDIR_SUFFIX --without-libjson \ --without-zlib \ --without-dlopen \ + --disable-crypto-rand \ --enable-full-report ## We don't want to build other libs than -export twice @@ -1446,6 +1450,9 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Mon Jan 14 2019 Petr Menšík - 32:9.11.4-13.P2 +- Disable crypto rand for DHCP (#1663318) + * Tue Oct 02 2018 Petr Menšík - 32:9.11.4-12.P2 - Add Requires to devel packages referenced by bind-devel