rpms/bind
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Add support for OpenSSL provided random data

Browse Source 
Modified pkcs11 patch, problem with openssl/pkcs11 includes and
ISC_PLATFORM_CRYPTOLIB
This commit is contained in:
Petr Menšík 2018-05-02 22:31:49 +02:00
parent 0ae69e04e1
commit 6e9104cae5
4 changed files with 2223 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
bind-9.10-dist-native-pkcs11.patch
View File

@ -270,7 +270,7 @@ index d92bc9a..6d2bfd1 100644
CWARNINGS = CWARNINGS =
diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
index 70ee8b5..0fd8644 100644 index a058c91..d4b689a 100644
--- a/bin/pkcs11/Makefile.in --- a/bin/pkcs11/Makefile.in
+++ b/bin/pkcs11/Makefile.in +++ b/bin/pkcs11/Makefile.in
@@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@ @@ -15,13 +15,13 @@ top_srcdir = @top_srcdir@
@ -291,7 +291,7 @@ index 70ee8b5..0fd8644 100644
DEPLIBS = ${ISCDEPLIBS} DEPLIBS = ${ISCDEPLIBS}
diff --git a/configure.in b/configure.in diff --git a/configure.in b/configure.in
index 9a1d16d..2f13059 100644 index 849fa94..69e6373 100644
--- a/configure.in --- a/configure.in
+++ b/configure.in +++ b/configure.in
@@ -1164,12 +1164,14 @@ AC_SUBST(USE_GSSAPI) @@ -1164,12 +1164,14 @@ AC_SUBST(USE_GSSAPI)
@ -346,10 +346,10 @@ index 9a1d16d..2f13059 100644
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
- CRYPTO="-DPKCS11CRYPTO" - CRYPTO="-DPKCS11CRYPTO"
+ CRYPTO_PK11="-DPKCS11CRYPTO" + CRYPTO_PK11="-DPKCS11CRYPTO"
CRYPTOLIB="pkcs11"
OPENSSLECDSALINKOBJS="" OPENSSLECDSALINKOBJS=""
OPENSSLECDSALINKSRCS="" OPENSSLECDSALINKSRCS=""
OPENSSLEDDSALINKOBJS="" @@ -1606,7 +1608,9 @@ case "$use_openssl" in
@@ -1605,7 +1607,9 @@ case "$use_openssl" in
OPENSSLGOSTLINKSRCS="" OPENSSLGOSTLINKSRCS=""
OPENSSLLINKOBJS="" OPENSSLLINKOBJS=""
OPENSSLLINKSRCS="" OPENSSLLINKSRCS=""
@ -360,24 +360,16 @@ index 9a1d16d..2f13059 100644
no) no)
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
DST_OPENSSL_INC="" DST_OPENSSL_INC=""
@@ -1635,11 +1639,11 @@ case "$use_openssl" in @@ -1638,7 +1642,7 @@ case "$use_openssl" in
If you don't want OpenSSL, use --without-openssl]) If you do not want OpenSSL, use --without-openssl])
;; ;;
*) *)
- if test "yes" = "$want_native_pkcs11" - if test "yes" = "$want_native_pkcs11"
- then + if false # test "yes" = "$want_native_pkcs11"
- AC_MSG_RESULT()
- AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
- fi
+ # if test "yes" = "$want_native_pkcs11"
+ # then
+ # AC_MSG_RESULT()
+ # AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
+ # fi
if test "yes" = "$use_openssl"
then then
# User did not specify a path - guess it AC_MSG_RESULT()
@@ -2062,6 +2066,7 @@ AC_SUBST(OPENSSL_ED25519) AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
@@ -2066,6 +2070,7 @@ AC_SUBST(OPENSSL_ED25519)
AC_SUBST(OPENSSL_GOST) AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS" DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -385,7 +377,7 @@ index 9a1d16d..2f13059 100644
ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES" ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
if test "yes" = "$with_aes" if test "yes" = "$with_aes"
@@ -2381,6 +2386,7 @@ esac @@ -2384,6 +2389,7 @@ esac
AC_SUBST(PKCS11LINKOBJS) AC_SUBST(PKCS11LINKOBJS)
AC_SUBST(PKCS11LINKSRCS) AC_SUBST(PKCS11LINKSRCS)
AC_SUBST(CRYPTO) AC_SUBST(CRYPTO)
@ -393,7 +385,7 @@ index 9a1d16d..2f13059 100644
AC_SUBST(PKCS11_ECDSA) AC_SUBST(PKCS11_ECDSA)
AC_SUBST(PKCS11_GOST) AC_SUBST(PKCS11_GOST)
AC_SUBST(PKCS11_ED25519) AC_SUBST(PKCS11_ED25519)
@@ -5434,8 +5440,11 @@ AC_CONFIG_FILES([ @@ -5497,8 +5503,11 @@ AC_CONFIG_FILES([
bin/delv/Makefile bin/delv/Makefile
bin/dig/Makefile bin/dig/Makefile
bin/dnssec/Makefile bin/dnssec/Makefile
@ -405,7 +397,7 @@ index 9a1d16d..2f13059 100644
bin/nsupdate/Makefile bin/nsupdate/Makefile
bin/pkcs11/Makefile bin/pkcs11/Makefile
bin/python/Makefile bin/python/Makefile
@@ -5509,6 +5518,10 @@ AC_CONFIG_FILES([ @@ -5572,6 +5581,10 @@ AC_CONFIG_FILES([
lib/dns/include/dns/Makefile lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile lib/dns/include/dst/Makefile
lib/dns/tests/Makefile lib/dns/tests/Makefile
@ -416,7 +408,7 @@ index 9a1d16d..2f13059 100644
lib/irs/Makefile lib/irs/Makefile
lib/irs/include/Makefile lib/irs/include/Makefile
lib/irs/include/irs/Makefile lib/irs/include/irs/Makefile
@@ -5533,6 +5546,24 @@ AC_CONFIG_FILES([ @@ -5596,6 +5609,24 @@ AC_CONFIG_FILES([
lib/isc/unix/include/Makefile lib/isc/unix/include/Makefile
lib/isc/unix/include/isc/Makefile lib/isc/unix/include/isc/Makefile
lib/isc/unix/include/pkcs11/Makefile lib/isc/unix/include/pkcs11/Makefile

2199
bind-9.11-rt31459.patch Normal file
View File

File diff suppressed because it is too large Load Diff

11
bind.spec
View File

@ -52,7 +52,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.11.4 Version: 9.11.4
Release: 6%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Release: 7%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32 Epoch: 32
Url: http://www.isc.org/products/BIND/ Url: http://www.isc.org/products/BIND/
# #
@ -85,6 +85,7 @@ Source46: named-setup-rndc.service
Source47: named-pkcs11.service Source47: named-pkcs11.service
Source48: setup-named-softhsm.sh Source48: setup-named-softhsm.sh
Source49: named-chroot.files Source49: named-chroot.files
Source50: random.data
# Common patches # Common patches
Patch10: bind-9.5-PIE.patch Patch10: bind-9.5-PIE.patch
@ -114,6 +115,7 @@ Patch154:bind-9.11-oot-manual.patch
Patch155:bind-9.11-pk11.patch Patch155:bind-9.11-pk11.patch
Patch156:bind-9.11-fips-code.patch Patch156:bind-9.11-fips-code.patch
Patch157:bind-9.11-fips-tests.patch Patch157:bind-9.11-fips-tests.patch
Patch158:bind-9.11-rt31459.patch
# SDB patches # SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch Patch11: bind-9.3.2b2-sdbsrc.patch
@ -451,6 +453,10 @@ are used for building ISC DHCP.
%patch155 -p1 -b .pk11-internal %patch155 -p1 -b .pk11-internal
%patch156 -p1 -b .fips-code %patch156 -p1 -b .fips-code
%patch157 -p1 -b .fips-tests %patch157 -p1 -b .fips-tests
%patch158 -p1 -b .rt31459
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
%if %{with PKCS11} %if %{with PKCS11}
cp -r bin/named{,-pkcs11} cp -r bin/named{,-pkcs11}
@ -1415,6 +1421,9 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog %changelog
* Fri Aug 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-7.P1
- Add support for OpenSSL provided random data
* Mon Aug 13 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-6.P1 * Mon Aug 13 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-6.P1
- Fix sdb-chroot devices upgrade (#1592873) - Fix sdb-chroot devices upgrade (#1592873)
- Automatically replace obsoleted ISC DLV key with root key (#1595782) - Automatically replace obsoleted ISC DLV key with root key (#1595782)

BIN
random.data Normal file
View File

Binary file not shown.