Update to 9.16.3
Changes some solib versions and fixes two important CVEs: CVE-2020-8616 CVE-2020-8617
This commit is contained in:
Petr Menšík
parent
8ad1379019
commit
7fe31e1892
|
|
@ -1,39 +0,0 @@
|
|||
From 84fc64b556d5b5145eb7831393b856a26a818dc1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 1 Mar 2019 15:55:46 +0100
|
||||
Subject: [PATCH] Detect correctly pkcs11 support
|
||||
|
||||
It fails now always, because oot builds are not supported by
|
||||
cleanpkcs11.sh.
|
||||
---
|
||||
bin/tests/system/cleanpkcs11.sh | 2 +-
|
||||
bin/tests/system/conf.sh.in | 1 +
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bin/tests/system/cleanpkcs11.sh b/bin/tests/system/cleanpkcs11.sh
|
||||
index b974708..3bbef4c 100644
|
||||
--- a/bin/tests/system/cleanpkcs11.sh
|
||||
+++ b/bin/tests/system/cleanpkcs11.sh
|
||||
@@ -12,6 +12,6 @@
|
||||
SYSTEMTESTTOP=.
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
-if [ ! -x ../../pkcs11/pkcs11-destroy ]; then exit 1; fi
|
||||
+if [ ! -x "$PK11DESTROY" ]; then exit 1; fi
|
||||
|
||||
$PK11DEL -w0 > /dev/null 2>&1
|
||||
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
||||
index e7831d8..aa2d841 100644
|
||||
--- a/bin/tests/system/conf.sh.in
|
||||
+++ b/bin/tests/system/conf.sh.in
|
||||
@@ -52,6 +52,7 @@ NSLOOKUP=$TOP/bin/dig/nslookup
|
||||
NSUPDATE=$TOP/bin/nsupdate/nsupdate
|
||||
NZD2NZF=$TOP/bin/tools/named-nzd2nzf
|
||||
PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p ${HSMPIN:-1234} -w 0"
|
||||
+PK11DESTROY=$TOP/bin/pkcs11/pkcs11-destroy
|
||||
PK11GEN="$TOP/bin/pkcs11/pkcs11-keygen -q -s ${SLOT:-0} -p ${HSMPIN:-1234}"
|
||||
PK11LIST="$TOP/bin/pkcs11/pkcs11-list -s ${SLOT:-0} -p ${HSMPIN:-1234}"
|
||||
RESOLVE=$TOP/lib/samples/resolve
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 2d8abd838870b58629ce55df411b6ba1b2c7288f Mon Sep 17 00:00:00 2001
|
||||
From 124c9e4c0500e7589ee63376e8f860f4abc675f2 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Mensik <pemensik@redhat.com>
|
||||
Date: Fri, 18 Oct 2019 21:30:52 +0200
|
||||
Subject: [PATCH] Move USE_PKCS11 and USE_OPENSSL out of config.h
|
||||
|
|
@ -26,15 +26,16 @@ index 1f5165a..ef3e70c 100644
|
|||
|
||||
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index c69bc37..de6a248 100644
|
||||
index fde41dc..e5cc3cd 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -883,9 +883,13 @@ AS_CASE([$enable_native_pkcs11],
|
||||
@@ -889,10 +889,14 @@ AS_CASE([$enable_native_pkcs11],
|
||||
AC_SUBST([PKCS11_TEST])
|
||||
AC_SUBST([PKCS11_TOOLS])
|
||||
|
||||
+USE_PKCS11='-DUSE_PKCS11=0'
|
||||
+USE_OPENSSL='-DUSE_OPENSSL=0'
|
||||
AC_SUBST([CRYPTO])
|
||||
AS_CASE([$CRYPTO],
|
||||
- [pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
|
||||
- [AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])
|
||||
|
|
@ -46,7 +47,7 @@ index c69bc37..de6a248 100644
|
|||
# preparation for automake
|
||||
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
|
||||
diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
|
||||
index bce2a9f..ef9d045 100644
|
||||
index 116e2d2..99bdf5b 100644
|
||||
--- a/lib/dns/dst_internal.h
|
||||
+++ b/lib/dns/dst_internal.h
|
||||
@@ -38,6 +38,13 @@
|
||||
|
|
|
|||
17
bind.spec
17
bind.spec
|
|
@ -53,18 +53,18 @@
|
|||
# no more isc-config.sh and bind9-config
|
||||
|
||||
# lib*.so.X versions of selected libraries
|
||||
%global sover_dns 1602
|
||||
%global sover_isc 1602
|
||||
%global sover_irs 1600
|
||||
%global sover_dns 1603
|
||||
%global sover_isc 1603
|
||||
%global sover_irs 1601
|
||||
%global sover_isccfg 1600
|
||||
%global sover_ns 1602
|
||||
%global sover_ns 1603
|
||||
|
||||
|
||||
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.16.2
|
||||
Release: 4%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Version: 9.16.3
|
||||
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
|
|
@ -121,7 +121,6 @@ Patch157:bind-9.11-fips-tests.patch
|
|||
Patch164:bind-9.11-rh1666814.patch
|
||||
Patch170:bind-9.11-feature-test-named.patch
|
||||
Patch171:bind-9.11-tests-variants.patch
|
||||
Patch172:bind-9.11-tests-pkcs11.patch
|
||||
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
|
|
@ -435,7 +434,6 @@ This package provides a module which allows commands to be sent to rndc directly
|
|||
%patch164 -p1 -b .rh1666814
|
||||
%patch170 -p1 -b .featuretest-named
|
||||
%patch171 -p1 -b .test-variant
|
||||
%patch172 -p1 -b .test-pkcs11
|
||||
|
||||
%if %{with PKCS11}
|
||||
%patch135 -p1 -b .config-pkcs11
|
||||
|
|
@ -1159,6 +1157,9 @@ fi;
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed May 20 2020 Petr Menšík <pemensik@redhat.com> - 32:9.16.3-1
|
||||
- Update to 9.16.3
|
||||
|
||||
* Mon Apr 27 2020 Petr Menšík <pemensik@redhat.com> - 32:9.16.2-4
|
||||
- Enable PKCS#11 builds again
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue