Petr Menšík 2022-10-22 20:16:47 +02:00
parent e6424d1a09
commit 99fd53a106
8 changed files with 24 additions and 1920 deletions

2
.gitignore vendored
View File

@ -192,3 +192,5 @@ bind-9.7.2b1.tar.gz
/bind-9.18.6.tar.xz.asc
/bind-9.18.7.tar.xz
/bind-9.18.7.tar.xz.asc
/bind-9.18.8.tar.xz
/bind-9.18.8.tar.xz.asc

View File

@ -1,4 +1,4 @@
From b1e27453fadcf8ce453beed5b896ad995dfb5534 Mon Sep 17 00:00:00 2001
From 2ad42c7c23858f12d977526d6ebc3465907d7b1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -428,10 +428,10 @@ index 364f94b..9518f82 100644
};
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
index bbffe07..80da0fe 100644
index 01a13cf..3711c63 100644
--- a/bin/tests/system/allow-query/tests.sh
+++ b/bin/tests/system/allow-query/tests.sh
@@ -200,7 +200,7 @@ rndc_reload ns2 10.53.0.2
@@ -201,7 +201,7 @@ rndc_reload ns2 10.53.0.2
echo_i "test $n: key allowed - query allowed"
ret=0
@ -440,7 +440,7 @@ index bbffe07..80da0fe 100644
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -213,7 +213,7 @@ rndc_reload ns2 10.53.0.2
@@ -214,7 +214,7 @@ rndc_reload ns2 10.53.0.2
echo_i "test $n: key not allowed - query refused"
ret=0
@ -449,7 +449,7 @@ index bbffe07..80da0fe 100644
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
@@ -227,7 +227,7 @@ rndc_reload ns2 10.53.0.2
@@ -228,7 +228,7 @@ rndc_reload ns2 10.53.0.2
echo_i "test $n: key disallowed - query refused"
ret=0
@ -458,7 +458,7 @@ index bbffe07..80da0fe 100644
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
@@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2
@@ -367,7 +367,7 @@ rndc_reload ns2 10.53.0.2
echo_i "test $n: views key allowed - query allowed"
ret=0
@ -467,7 +467,7 @@ index bbffe07..80da0fe 100644
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -379,7 +379,7 @@ rndc_reload ns2 10.53.0.2
@@ -380,7 +380,7 @@ rndc_reload ns2 10.53.0.2
echo_i "test $n: views key not allowed - query refused"
ret=0
@ -476,7 +476,7 @@ index bbffe07..80da0fe 100644
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
@@ -393,7 +393,7 @@ rndc_reload ns2 10.53.0.2
@@ -394,7 +394,7 @@ rndc_reload ns2 10.53.0.2
echo_i "test $n: views key disallowed - query refused"
ret=0
@ -485,7 +485,7 @@ index bbffe07..80da0fe 100644
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
@@ -533,7 +533,7 @@ status=`expr $status + $ret`
@@ -534,7 +534,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "test $n: zone key allowed - query allowed"
ret=0
@ -494,7 +494,7 @@ index bbffe07..80da0fe 100644
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -543,7 +543,7 @@ status=`expr $status + $ret`
@@ -544,7 +544,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "test $n: zone key not allowed - query refused"
ret=0
@ -503,7 +503,7 @@ index bbffe07..80da0fe 100644
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
@@ -554,7 +554,7 @@ status=`expr $status + $ret`
@@ -555,7 +555,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "test $n: zone key disallowed - query refused"
ret=0
@ -513,16 +513,18 @@ index bbffe07..80da0fe 100644
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
index 1421281..424afb8 100644
index 3a8e401..82e720d 100644
--- a/bin/tests/system/catz/ns1/named.conf.in
+++ b/bin/tests/system/catz/ns1/named.conf.in
@@ -122,5 +122,5 @@ view "ch" ch {
@@ -122,7 +122,7 @@ view "ch" ch {
key tsig_key. {
secret "LSAnCU+Z";
- algorithm hmac-md5;
+ algorithm hmac-sha256;
};
key next_key. {
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
index 4af25b0..9f202d5 100644
--- a/bin/tests/system/checkconf/bad-tsig.conf

View File

@ -1,46 +0,0 @@
diff --git a/doc/arm/dnssec.inc.rst b/doc/arm/dnssec.inc.rst
index 0d72000..f4810ae 100644
--- a/doc/arm/dnssec.inc.rst
+++ b/doc/arm/dnssec.inc.rst
@@ -282,7 +282,7 @@ NSEC3
To sign using :ref:`NSEC3 <advanced_discussions_nsec3>` instead of :ref:`NSEC
<advanced_discussions_nsec>`, add an NSEC3PARAM record to the initial update
-request. The :term:`OPTOUT <opt-out>` bit in the NSEC3
+request. The :term:`OPTOUT <Opt-out>` bit in the NSEC3
chain can be set in the flags field of the
NSEC3PARAM record.
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index ef6c1c7..b59b0ac 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -35,7 +35,7 @@ The file :file:`named.conf` may contain three types of entities:
Block
:ref:`Blocks <configuration_blocks>` are containers for :term:`statements
- <statement>` which either have common functionality - for example,
+ <Statement>` which either have common functionality - for example,
the definition of a cryptographic key in a :namedconf:ref:`key` block - or which
define the scope of the statement - for example, a statement which appears
in a :namedconf:ref:`zone` block has scope only for that zone.
@@ -68,7 +68,7 @@ The file :file:`named.conf` may contain three types of entities:
more argument/value pairs. The :any:`also-notify` statement may take a number
of such argument/value pairs, such as ``also-notify port 5353;``,
where ``port`` is the argument and ``5353`` is the corresponding value.
- - Statements can appear in a single :term:`block` - for
+ - Statements can appear in a single :term:`block <Block>` - for
example, an :namedconf:ref:`algorithm` statement can appear only in a
:namedconf:ref:`key` block - or in multiple blocks - for example, an
:any:`also-notify` statement can appear in an :namedconf:ref:`options`
@@ -6550,8 +6550,8 @@ The following options can be specified in a :any:`dnssec-policy` statement:
of the indicated length.
.. warning::
- Do not use extra :term:`iterations`, :term:`salt`, and
- :term:`opt-out` unless their implications are fully understood.
+ Do not use extra :term:`iterations <Iterations>`, :term:`salt <Salt>`, and
+ :term:`opt-out <Opt-out>` unless their implications are fully understood.
A higher number of iterations causes interoperability problems and opens
servers to CPU-exhausting DoS attacks.

File diff suppressed because it is too large Load Diff

View File

@ -1,48 +0,0 @@
From 87a2eac7a8264a0e8d64a8db85d44ec22454e256 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 7 Sep 2022 13:46:31 +0200
Subject: [PATCH 1/3] Add ENGINE_init and ENGINE_finish calls
According to manual page of ENGINE_init, it should be called explicitly
before any key operations happens. Make it active whole lifetime.
---
lib/dns/openssl_link.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 333f34cb37..a3f63885fa 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -85,14 +85,20 @@ dst__openssl_init(const char *engine) {
result = DST_R_NOENGINE;
goto cleanup_rm;
}
+ if (!ENGINE_init(e)) {
+ result = DST_R_NOENGINE;
+ goto cleanup_rm;
+ }
/* This will init the engine. */
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
result = DST_R_NOENGINE;
- goto cleanup_rm;
+ goto cleanup_init;
}
}
return (ISC_R_SUCCESS);
+cleanup_init:
+ ENGINE_finish(e);
cleanup_rm:
if (e != NULL) {
ENGINE_free(e);
@@ -108,6 +114,7 @@ void
dst__openssl_destroy(void) {
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
if (e != NULL) {
+ ENGINE_finish(e);
ENGINE_free(e);
}
e = NULL;
--
2.37.2

View File

@ -1,245 +0,0 @@
From cc8edfc6670ba97434bc5acb595539fd9c7d9123 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 8 Sep 2022 16:33:38 +0200
Subject: [PATCH 3/3] Remove engine related parts for OpenSSL 3.0
OpenSSL just cannot work with mixing ENGINE_* api mixed with OSSL_PARAM
builders. But it can be built in legacy mode, where deprecated but still
working API would be used.
It can work under OpenSSL 3.0, but only if using legacy code paths
matching OpenSSL 1.1 calls and functions.
Remove fromlabel processing by OpenSSL 3.0 only functions. They can
return later with a proper provider support for pkcs11.
---
lib/dns/opensslecdsa_link.c | 55 -------------------------------------
lib/dns/opensslrsa_link.c | 32 ---------------------
2 files changed, 87 deletions(-)
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 04f0d80b5e..f04f076e42 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -1311,15 +1311,9 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
isc_result_t ret = ISC_R_SUCCESS;
ENGINE *e;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
EC_KEY *eckey = NULL;
EC_KEY *pubeckey = NULL;
int group_nid;
-#else
- size_t len;
- const char *curve_name, *nist_curve_name;
- char buf[128]; /* Sufficient for all of the supported curves' names. */
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
EVP_PKEY *pkey = NULL;
EVP_PKEY *pubpkey = NULL;
@@ -1336,22 +1330,11 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
DST_RET(DST_R_NOENGINE);
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (key->key_alg == DST_ALG_ECDSA256) {
group_nid = NID_X9_62_prime256v1;
} else {
group_nid = NID_secp384r1;
}
-#else
- /* Get the expected curve names */
- if (key->key_alg == DST_ALG_ECDSA256) {
- curve_name = "prime256v1";
- nist_curve_name = "P-256";
- } else {
- curve_name = "secp384r1";
- nist_curve_name = "P-384";
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
/* Load private key. */
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
@@ -1363,7 +1346,6 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
eckey = EVP_PKEY_get1_EC_KEY(pkey);
if (eckey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -1371,20 +1353,6 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
if (EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey)) != group_nid) {
DST_RET(DST_R_INVALIDPRIVATEKEY);
}
-#else
- len = 0;
- if (EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
- buf, sizeof buf, &len) != 1 ||
- len == 0 || len >= sizeof buf)
- {
- DST_RET(DST_R_INVALIDPRIVATEKEY);
- }
- if (strncasecmp(buf, curve_name, strlen(curve_name)) != 0 &&
- strncasecmp(buf, nist_curve_name, strlen(nist_curve_name)) != 0)
- {
- DST_RET(DST_R_INVALIDPRIVATEKEY);
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
/* Load public key. */
pubpkey = ENGINE_load_public_key(e, label, NULL, NULL);
@@ -1396,7 +1364,6 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
if (EVP_PKEY_base_id(pubpkey) != EVP_PKEY_EC) {
DST_RET(DST_R_INVALIDPUBLICKEY);
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
pubeckey = EVP_PKEY_get1_EC_KEY(pubpkey);
if (pubeckey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -1404,30 +1371,10 @@ opensslecdsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
if (EC_GROUP_get_curve_name(EC_KEY_get0_group(pubeckey)) != group_nid) {
DST_RET(DST_R_INVALIDPUBLICKEY);
}
-#else
- len = 0;
- if (EVP_PKEY_get_utf8_string_param(pubpkey, OSSL_PKEY_PARAM_GROUP_NAME,
- buf, sizeof buf, &len) != 1 ||
- len == 0 || len >= sizeof buf)
- {
- DST_RET(DST_R_INVALIDPUBLICKEY);
- }
- if (strncasecmp(buf, curve_name, strlen(curve_name)) != 0 &&
- strncasecmp(buf, nist_curve_name, strlen(nist_curve_name)) != 0)
- {
- DST_RET(DST_R_INVALIDPUBLICKEY);
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ecdsa_check(eckey, pubeckey) != ISC_R_SUCCESS) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
-#else
- if (ecdsa_check(&pkey, pubpkey) != ISC_R_SUCCESS) {
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
key->label = isc_mem_strdup(key->mctx, label);
key->engine = isc_mem_strdup(key->mctx, engine);
@@ -1442,14 +1389,12 @@ err:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (pubeckey != NULL) {
EC_KEY_free(pubeckey);
}
if (eckey != NULL) {
EC_KEY_free(eckey);
}
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
return (ret);
#else
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index 867b486a2f..cf350610ba 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -1167,7 +1167,6 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->engine = isc_mem_strdup(key->mctx, engine);
key->label = isc_mem_strdup(key->mctx, label);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -1176,16 +1175,6 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
RSA_get0_key(rsa, NULL, &ex, NULL);
-#else
- if (rsa_check(pkey, pub != NULL ? pub->keydata.pkey : NULL) !=
- ISC_R_SUCCESS) {
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
- }
- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &ex) !=
- 1) {
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
if (ex == NULL) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
@@ -1437,12 +1426,8 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
ENGINE *e = NULL;
isc_result_t ret = ISC_R_SUCCESS;
EVP_PKEY *pkey = NULL, *pubpkey = NULL;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA *rsa = NULL, *pubrsa = NULL;
const BIGNUM *ex = NULL;
-#else
- BIGNUM *ex = NULL;
-#endif
UNUSED(pin);
@@ -1459,12 +1444,10 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
DST_RET(dst__openssl_toresult2("ENGINE_load_public_key",
DST_R_OPENSSLFAILURE));
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
pubrsa = EVP_PKEY_get1_RSA(pubpkey);
if (pubrsa == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
pkey = ENGINE_load_private_key(e, label, NULL, NULL);
if (pkey == NULL) {
@@ -1475,7 +1458,6 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
key->engine = isc_mem_strdup(key->mctx, engine);
key->label = isc_mem_strdup(key->mctx, label);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -1484,14 +1466,6 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
RSA_get0_key(rsa, NULL, &ex, NULL);
-#else
- if (rsa_check(pkey, pubpkey) != ISC_R_SUCCESS) {
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
- }
- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &ex) != 1) {
- DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
if (ex == NULL) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
@@ -1505,18 +1479,12 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
pkey = NULL;
err:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (rsa != NULL) {
RSA_free(rsa);
}
if (pubrsa != NULL) {
RSA_free(pubrsa);
}
-#else
- if (ex != NULL) {
- BN_free(ex);
- }
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
--
2.37.2

View File

@ -62,8 +62,8 @@ Conflicts: %1 \
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPL-2.0
Version: 9.18.7
Release: 3%{?dist}
Version: 9.18.8
Release: 1%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -99,16 +99,8 @@ Source49: named-chroot.files
Patch10: bind-9.5-PIE.patch
Patch16: bind-9.16-redhat_doc.patch
Patch22: bind-9.11-fips-tests.patch
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5385
# https://bugzilla.redhat.com/show_bug.cgi?id=2122841
Patch23: bind-9.18-pkcs11-engine-init.patch
Patch24: bind-9.18-pkcs11-engine-compat-api.patch
Patch25: bind-9.18-pkcs11-engine-remove-deadcode.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2122010
Patch26: bind-9.18-unittest-netmgr-unstable.patch
# Fix building ARM docs in EPEL9
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6815
Patch27: bind-9.18-doc-arm-rhel9.patch
%{?systemd_ordering}
Requires: coreutils
@ -957,6 +949,9 @@ fi;
%endif
%changelog
* Sat Oct 22 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.8-1
- Update to 9.18.8 (#2136100)
* Fri Sep 30 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.7-3
- Update License to SPDX identifier
- Enable automatic restart on crashes

View File

@ -1,2 +1,2 @@
SHA512 (bind-9.18.7.tar.xz) = 2cdceb4125b8759f5225296c6ffecdbb895b0a27dfcfcd98b04b9ad78552d16c16b0452fb823dc47d11cec21d2c6ecb05a107dd3094f8e7419bb9717d68820c5
SHA512 (bind-9.18.7.tar.xz.asc) = 40030c2259858f1ba7ce4fbcd523025631ed78687ca87863d0f0bcd0fd530d96052e0601808ffa37e59d574a9a9c84bb2ededc66f730b9eaf560a00a6ef29c48
SHA512 (bind-9.18.8.tar.xz) = ea6cad5276269a320fa1e666544888ed88b9d058ecab56c82aebff24e841a4ad221ce9c1209b1258884d71f7c03eed4d1c6a7e1922780073644344bc939a0e89
SHA512 (bind-9.18.8.tar.xz.asc) = 06a880eb3af14e760f52ab5bd666b6512487d724a16a0fdf646ad9a07f17249e68a9a59ddf902f9111aee6450d96ed8dfe36d6fb433808f993d9bbc6dd4e665c