Add support for disabled MD5

Do not crash named if MD5 function is not available. Instead gracefully refuse to use such functions. Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-08-02 23:41:37 +02:00 · 2018-08-02 23:41:37 +02:00 · 899014a8d1
parent aefd72cf8f
commit 899014a8d1
3 changed files with 3305 additions and 1 deletions
--- a/bind-9.11-fips-code.patch
+++ b/bind-9.11-fips-code.patch
--- a/bind-9.11-fips-tests.patch
+++ b/bind-9.11-fips-tests.patch
--- a/bind.spec
+++ b/bind.spec
@ -52,7 +52,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.4
-Release:  3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  4%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 #
@ -112,6 +112,8 @@ Patch149:bind-9.11-kyua-pkcs11.patch
 Patch153:bind-9.11-export-suffix.patch
 Patch154:bind-9.11-oot-manual.patch
 Patch155:bind-9.11-pk11.patch
+Patch156:bind-9.11-fips-code.patch
+Patch157:bind-9.11-fips-tests.patch

 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@ -447,6 +449,8 @@ are used for building ISC DHCP.
 %patch153 -p1 -b .export_suffix
 %patch154 -p1 -b .oot-man
 %patch155 -p1 -b .pk11-internal
+%patch156 -p1 -b .fips-code
+%patch157 -p1 -b .fips-tests

 %if %{with PKCS11}
 cp -r bin/named{,-pkcs11}
@ -1405,6 +1409,9 @@ rm -rf ${RPM_BUILD_ROOT}


 %changelog
+* Thu Aug 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-4
+- Support unavailable MD5 in FIPS mode
+
 * Thu Aug 02 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-3
 - Use OpenSSL for digest operations (#1611537)