Update to 9.18.7 (#2128609)
https://downloads.isc.org/isc/bind9/9.18.7/doc/arm/html/notes.html#notes-for-bind-9-18-7
This commit is contained in:
parent
24465000af
commit
bbdbcbc779
2
.gitignore
vendored
2
.gitignore
vendored
@ -190,3 +190,5 @@ bind-9.7.2b1.tar.gz
|
||||
/bind-9.18.5.tar.xz.asc
|
||||
/bind-9.18.6.tar.xz
|
||||
/bind-9.18.6.tar.xz.asc
|
||||
/bind-9.18.7.tar.xz
|
||||
/bind-9.18.7.tar.xz.asc
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 09030b066846a9b7252b5cb4f483d4a55b4639fc Mon Sep 17 00:00:00 2001
|
||||
From b1e27453fadcf8ce453beed5b896ad995dfb5534 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||
Subject: [PATCH] FIPS tests changes
|
||||
@ -81,20 +81,18 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
||||
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
||||
bin/tests/system/nsupdate/setup.sh | 6 +-
|
||||
bin/tests/system/nsupdate/tests.sh | 11 ++-
|
||||
bin/tests/system/nsupdate/tests.sh | 9 ++-
|
||||
bin/tests/system/rndc/setup.sh | 2 +-
|
||||
bin/tests/system/rndc/tests.sh | 22 +++---
|
||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
||||
bin/tests/system/tsig/setup.sh | 5 ++
|
||||
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||
32 files changed, 159 insertions(+), 106 deletions(-)
|
||||
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
31 files changed, 147 insertions(+), 106 deletions(-)
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
index 745048a..93cb411 100644
|
||||
index 8787c6a..b781d0b 100644
|
||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
@ -113,7 +111,7 @@ index 745048a..93cb411 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
index 21aa991..78e71cc 100644
|
||||
index a95b4c1..3f3f471 100644
|
||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
@ -132,7 +130,7 @@ index 21aa991..78e71cc 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
index 3208c92..bed6325 100644
|
||||
index 14cc3fe..9507706 100644
|
||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||
@@ -35,17 +35,17 @@ options {
|
||||
@ -157,7 +155,7 @@ index 3208c92..bed6325 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
index 14e82ed..a22cafe 100644
|
||||
index 77cf110..029c91b 100644
|
||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||
@@ -35,12 +35,12 @@ options {
|
||||
@ -176,7 +174,7 @@ index 14e82ed..a22cafe 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
index f43f33c..f4a865a 100644
|
||||
index 5ccabf9..6154797 100644
|
||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||
@@ -37,12 +37,12 @@ options {
|
||||
@ -539,10 +537,10 @@ index 4af25b0..9f202d5 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
||||
index 897dc86..e4b6dc1 100644
|
||||
index 154bf75..e7a05cd 100644
|
||||
--- a/bin/tests/system/checkconf/good.conf
|
||||
+++ b/bin/tests/system/checkconf/good.conf
|
||||
@@ -270,6 +270,6 @@ dyndb "name" "library.so" {
|
||||
@@ -283,6 +283,6 @@ dyndb "name" "library.so" {
|
||||
system;
|
||||
};
|
||||
key "mykey" {
|
||||
@ -608,7 +606,7 @@ index 5cab276..d4a7bf3 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
||||
index 04fd34b..e5476ea 100644
|
||||
index 95158a4..9b9aa0a 100644
|
||||
--- a/bin/tests/system/notify/tests.sh
|
||||
+++ b/bin/tests/system/notify/tests.sh
|
||||
@@ -179,7 +179,7 @@ test_start "checking notify to multiple views using tsig"
|
||||
@ -633,7 +631,7 @@ index 04fd34b..e5476ea 100644
|
||||
grep "test string" "$fnb" > /dev/null &&
|
||||
grep "test string" "$fnc" > /dev/null &&
|
||||
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
index 81d0c99..effbe2e 100644
|
||||
index 2b67360..a734584 100644
|
||||
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
||||
@@ -39,7 +39,7 @@ controls {
|
||||
@ -646,7 +644,7 @@ index 81d0c99..effbe2e 100644
|
||||
};
|
||||
|
||||
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
index f1a1735..da2b3d1 100644
|
||||
index c85eef5..428b6b1 100644
|
||||
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
||||
@@ -34,7 +34,7 @@ controls {
|
||||
@ -676,26 +674,24 @@ index 50056dc..a4a1a3f 100644
|
||||
$TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
|
||||
$TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
|
||||
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
||||
index 0863d0a..559def7 100755
|
||||
index 0bb9d00..ecbc0df 100755
|
||||
--- a/bin/tests/system/nsupdate/tests.sh
|
||||
+++ b/bin/tests/system/nsupdate/tests.sh
|
||||
@@ -841,7 +841,14 @@ fi
|
||||
n=`expr $n + 1`
|
||||
@@ -841,7 +841,12 @@ fi
|
||||
n=$((n + 1))
|
||||
ret=0
|
||||
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
|
||||
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||
+if $FEATURETEST --md5
|
||||
+then
|
||||
+ ALGS="md5 sha1 sha224 sha256 sha384 sha512"
|
||||
+else
|
||||
+ ALGS="sha1 sha224 sha256 sha384 sha512"
|
||||
+MD5ALG='md5'
|
||||
+if ! $FEATURETEST --md5; then
|
||||
+ MD5ALG=''
|
||||
+ echo_i "skipping disabled md5 algorithm"
|
||||
+fi
|
||||
+for alg in $ALGS; do
|
||||
+for alg in $MD5ALG sha1 sha224 sha256 sha384 sha512; do
|
||||
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||
server 10.53.0.1 ${PORT}
|
||||
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||
@@ -849,7 +856,7 @@ send
|
||||
@@ -849,7 +854,7 @@ send
|
||||
END
|
||||
done
|
||||
sleep 2
|
||||
@ -718,7 +714,7 @@ index 4dd6fa7..1b79263 100644
|
||||
make_key 3 ${EXTRAPORT3} hmac-sha224
|
||||
make_key 4 ${EXTRAPORT4} hmac-sha256
|
||||
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
||||
index e678153..e7ec855 100644
|
||||
index a66ca15..6ebf78c 100644
|
||||
--- a/bin/tests/system/rndc/tests.sh
|
||||
+++ b/bin/tests/system/rndc/tests.sh
|
||||
@@ -350,15 +350,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@ -778,22 +774,6 @@ index 76cf970..22637af 100644
|
||||
|
||||
key "sha1-trunc" {
|
||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
new file mode 100644
|
||||
index 0000000..0682194
|
||||
--- /dev/null
|
||||
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||
@@ -0,0 +1,10 @@
|
||||
+# Conditionally included when support for MD5 is available
|
||||
+key "md5" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5;
|
||||
+};
|
||||
+
|
||||
+key "md5-trunc" {
|
||||
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||
+ algorithm hmac-md5-80;
|
||||
+};
|
||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||
index 34cc73b..d51ff21 100644
|
||||
--- a/bin/tests/system/tsig/setup.sh
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 561356ec1d46abb939e4eed10ee2c9e639eb88db Mon Sep 17 00:00:00 2001
|
||||
From 1ecf072a6a556aa386003d1d5b83fe172320e7ed Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 8 Sep 2022 17:19:20 +0200
|
||||
Subject: [PATCH 2/3] Do not use OSSL_PARAM when engine API is compiled
|
||||
Subject: [PATCH] Do not use OSSL_PARAM when engine API is compiled
|
||||
|
||||
OpenSSL has deprecated many things in version 3.0. If pkcs11 engine
|
||||
should work then no builder from OpenSSL 3.0 API can be used.
|
||||
@ -16,7 +16,7 @@ working keys loading from the engine passed on command line.
|
||||
3 files changed, 189 insertions(+), 184 deletions(-)
|
||||
|
||||
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
|
||||
index d5dbc2e889..96c1d523b7 100644
|
||||
index 1a01c2b..7df483f 100644
|
||||
--- a/lib/dns/openssldh_link.c
|
||||
+++ b/lib/dns/openssldh_link.c
|
||||
@@ -91,7 +91,7 @@ static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL;
|
||||
@ -68,16 +68,16 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
isc_buffer_add(secret, (unsigned int)secret_len);
|
||||
|
||||
@@ -165,7 +165,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
|
||||
|
||||
@@ -166,7 +166,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
|
||||
static bool
|
||||
openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
bool ret = true;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
DH *dh1, *dh2;
|
||||
const BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
|
||||
const BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
|
||||
@@ -175,9 +175,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -176,9 +176,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
|
||||
BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
|
||||
BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
|
||||
@ -89,7 +89,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
dh1 = key1->keydata.dh;
|
||||
dh2 = key2->keydata.dh;
|
||||
|
||||
@@ -209,7 +209,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -210,7 +210,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PUB_KEY, &pub_key2);
|
||||
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key1);
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key2);
|
||||
@ -99,15 +99,15 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0 ||
|
||||
BN_cmp(pub_key1, pub_key2) != 0)
|
||||
@@ -226,7 +226,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
}
|
||||
}
|
||||
|
||||
err:
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
if (p1 != NULL) {
|
||||
BN_free(p1);
|
||||
}
|
||||
@@ -251,22 +251,23 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -251,7 +251,8 @@ err:
|
||||
if (priv_key2 != NULL) {
|
||||
BN_clear_free(priv_key2);
|
||||
}
|
||||
@ -115,11 +115,12 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
|
||||
+ */
|
||||
|
||||
return (true);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
@@ -259,15 +260,15 @@ err:
|
||||
static bool
|
||||
openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
bool ret = true;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
DH *dh1, *dh2;
|
||||
@ -135,7 +136,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
dh1 = key1->keydata.dh;
|
||||
dh2 = key2->keydata.dh;
|
||||
|
||||
@@ -292,13 +293,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -293,14 +294,14 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_P, &p2);
|
||||
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_FFC_G, &g1);
|
||||
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_G, &g2);
|
||||
@ -143,15 +144,16 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
|
||||
|
||||
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0) {
|
||||
return (false);
|
||||
DST_RET(false);
|
||||
}
|
||||
|
||||
err:
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
if (p1 != NULL) {
|
||||
BN_free(p1);
|
||||
}
|
||||
@@ -311,12 +312,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
|
||||
@@ -313,12 +314,13 @@ err:
|
||||
if (g2 != NULL) {
|
||||
BN_free(g2);
|
||||
}
|
||||
@ -159,7 +161,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
|
||||
+ */
|
||||
|
||||
return (true);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
@ -167,7 +169,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
static int
|
||||
progress_cb(int p, int n, BN_GENCB *cb) {
|
||||
union {
|
||||
@@ -347,7 +349,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
|
||||
@@ -349,7 +351,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
@ -176,7 +178,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
static isc_result_t
|
||||
openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -357,7 +359,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -359,7 +361,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
void (*fptr)(int);
|
||||
} u;
|
||||
BIGNUM *p = NULL, *g = NULL;
|
||||
@ -185,7 +187,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
DH *dh = NULL;
|
||||
BN_GENCB *cb = NULL;
|
||||
#if !HAVE_BN_GENCB_NEW
|
||||
@@ -370,9 +372,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -372,9 +374,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
EVP_PKEY *param_pkey = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
@ -197,7 +199,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
dh = DH_new();
|
||||
if (dh == NULL) {
|
||||
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
|
||||
@@ -386,7 +388,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -388,7 +390,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
if (param_ctx == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
@ -206,7 +208,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
if (generator == 0) {
|
||||
/*
|
||||
@@ -406,7 +408,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -408,7 +410,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
if (p == NULL || g == NULL) {
|
||||
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
|
||||
}
|
||||
@ -215,7 +217,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
|
||||
DST_RET(dst__openssl_toresult2(
|
||||
"DH_set0_pqg", DST_R_OPENSSLFAILURE));
|
||||
@@ -430,7 +432,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -432,7 +434,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
params = OSSL_PARAM_BLD_to_param(bld);
|
||||
@ -224,7 +226,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
} else {
|
||||
/*
|
||||
@@ -443,7 +445,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -445,7 +447,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
}
|
||||
|
||||
if (generator != 0) {
|
||||
@ -233,7 +235,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
cb = BN_GENCB_new();
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
if (cb == NULL) {
|
||||
@@ -486,10 +488,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -488,10 +490,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
params = OSSL_PARAM_BLD_to_param(bld);
|
||||
@ -246,7 +248,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (DH_generate_key(dh) == 0) {
|
||||
DST_RET(dst__openssl_toresult2("DH_generate_key",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
@@ -557,12 +559,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
@@ -559,12 +561,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
|
||||
|
||||
key->keydata.pkey = pkey;
|
||||
pkey = NULL;
|
||||
@ -261,7 +263,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (dh != NULL) {
|
||||
DH_free(dh);
|
||||
}
|
||||
@@ -594,14 +596,14 @@ err:
|
||||
@@ -596,14 +598,14 @@ err:
|
||||
if (g != NULL) {
|
||||
BN_free(g);
|
||||
}
|
||||
@ -278,7 +280,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
DH *dh = key->keydata.dh;
|
||||
const BIGNUM *priv_key = NULL;
|
||||
|
||||
@@ -626,12 +628,12 @@ openssldh_isprivate(const dst_key_t *key) {
|
||||
@@ -628,12 +630,12 @@ openssldh_isprivate(const dst_key_t *key) {
|
||||
}
|
||||
|
||||
return (ret);
|
||||
@ -293,7 +295,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
DH *dh = key->keydata.dh;
|
||||
|
||||
if (dh == NULL) {
|
||||
@@ -649,7 +651,7 @@ openssldh_destroy(dst_key_t *key) {
|
||||
@@ -651,7 +653,7 @@ openssldh_destroy(dst_key_t *key) {
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
key->keydata.pkey = NULL;
|
||||
@ -302,10 +304,10 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -675,17 +677,17 @@ uint16_fromregion(isc_region_t *region) {
|
||||
|
||||
@@ -678,17 +680,17 @@ uint16_fromregion(isc_region_t *region) {
|
||||
static isc_result_t
|
||||
openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
isc_result_t ret = ISC_R_SUCCESS;
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
|
||||
DH *dh;
|
||||
@ -323,7 +325,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
REQUIRE(key->keydata.dh != NULL);
|
||||
|
||||
dh = key->keydata.dh;
|
||||
@@ -698,7 +700,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -701,7 +703,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
|
||||
@ -332,16 +334,16 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
isc_buffer_availableregion(data, &r);
|
||||
|
||||
@@ -745,7 +747,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
@@ -749,7 +751,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
isc_buffer_add(data, dnslen);
|
||||
|
||||
err:
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
|
||||
if (p != NULL) {
|
||||
BN_free(p);
|
||||
}
|
||||
@@ -755,7 +757,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -759,7 +761,8 @@ err:
|
||||
if (pub_key != NULL) {
|
||||
BN_free(pub_key);
|
||||
}
|
||||
@ -349,9 +351,9 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
|
||||
+ */
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
return (ret);
|
||||
}
|
||||
@@ -763,14 +766,14 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -767,14 +770,14 @@ err:
|
||||
static isc_result_t
|
||||
openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
isc_result_t ret;
|
||||
@ -368,7 +370,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
|
||||
int key_size;
|
||||
isc_region_t r;
|
||||
@@ -782,7 +785,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -786,7 +789,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
@ -377,7 +379,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
dh = DH_new();
|
||||
if (dh == NULL) {
|
||||
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
|
||||
@@ -797,7 +800,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -801,7 +804,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
if (ctx == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
@ -386,7 +388,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
/*
|
||||
* Read the prime length. 1 & 2 are table entries, > 16 means a
|
||||
@@ -873,7 +876,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -877,7 +880,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
key_size = BN_num_bits(p);
|
||||
|
||||
@ -395,7 +397,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
|
||||
DST_RET(dst__openssl_toresult2("DH_set0_pqg",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
@@ -889,7 +892,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -893,7 +896,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
@ -404,7 +406,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
if (r.length < 2) {
|
||||
DST_RET(DST_R_INVALIDPUBLICKEY);
|
||||
@@ -907,7 +910,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -911,7 +914,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
isc_buffer_forward(data, plen + glen + publen + 6);
|
||||
|
||||
@ -413,7 +415,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && \
|
||||
(LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
|
||||
/*
|
||||
@@ -951,14 +954,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
@@ -955,14 +958,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
||||
|
||||
key->keydata.pkey = pkey;
|
||||
pkey = NULL;
|
||||
@ -430,7 +432,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (dh != NULL) {
|
||||
DH_free(dh);
|
||||
}
|
||||
@@ -975,7 +978,7 @@ err:
|
||||
@@ -979,7 +982,7 @@ err:
|
||||
if (bld != NULL) {
|
||||
OSSL_PARAM_BLD_free(bld);
|
||||
}
|
||||
@ -439,7 +441,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (p != NULL) {
|
||||
BN_free(p);
|
||||
}
|
||||
@@ -991,13 +994,13 @@ err:
|
||||
@@ -995,13 +998,13 @@ err:
|
||||
|
||||
static isc_result_t
|
||||
openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@ -455,7 +457,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
dst_private_t priv;
|
||||
unsigned char *bufs[4] = { NULL };
|
||||
unsigned short i = 0;
|
||||
@@ -1007,7 +1010,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1011,7 +1014,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
return (DST_R_EXTERNALKEY);
|
||||
}
|
||||
|
||||
@ -464,7 +466,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (key->keydata.dh == NULL) {
|
||||
return (DST_R_NULLKEY);
|
||||
}
|
||||
@@ -1025,7 +1028,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1029,7 +1032,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key);
|
||||
@ -473,7 +475,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
priv.elements[i].tag = TAG_DH_PRIME;
|
||||
priv.elements[i].length = BN_num_bytes(p);
|
||||
@@ -1065,7 +1068,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1069,7 +1072,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -482,7 +484,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (p != NULL) {
|
||||
BN_free(p);
|
||||
}
|
||||
@@ -1078,7 +1081,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
@@ -1082,7 +1085,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
|
||||
if (priv_key != NULL) {
|
||||
BN_clear_free(priv_key);
|
||||
}
|
||||
@ -492,7 +494,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
return (result);
|
||||
}
|
||||
@@ -1088,14 +1092,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1092,14 +1096,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
dst_private_t priv;
|
||||
isc_result_t ret;
|
||||
int i;
|
||||
@ -509,7 +511,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
|
||||
int key_size = 0;
|
||||
isc_mem_t *mctx;
|
||||
@@ -1113,7 +1117,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1117,7 +1121,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
DST_RET(DST_R_EXTERNALKEY);
|
||||
}
|
||||
|
||||
@ -518,7 +520,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
dh = DH_new();
|
||||
if (dh == NULL) {
|
||||
DST_RET(ISC_R_NOMEMORY);
|
||||
@@ -1128,7 +1132,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1132,7 +1136,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
if (ctx == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
@ -527,7 +529,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
|
||||
for (i = 0; i < priv.nelements; i++) {
|
||||
BIGNUM *bn;
|
||||
@@ -1155,7 +1159,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1159,7 +1163,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
}
|
||||
}
|
||||
|
||||
@ -536,7 +538,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (DH_set0_key(dh, pub_key, priv_key) != 1) {
|
||||
DST_RET(dst__openssl_toresult2("DH_set0_key",
|
||||
DST_R_OPENSSLFAILURE));
|
||||
@@ -1202,13 +1206,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
@@ -1206,13 +1210,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
|
||||
|
||||
key->keydata.pkey = pkey;
|
||||
pkey = NULL;
|
||||
@ -552,7 +554,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
if (dh != NULL) {
|
||||
DH_free(dh);
|
||||
}
|
||||
@@ -1225,7 +1229,7 @@ err:
|
||||
@@ -1229,7 +1233,7 @@ err:
|
||||
if (bld != NULL) {
|
||||
OSSL_PARAM_BLD_free(bld);
|
||||
}
|
||||
@ -562,7 +564,7 @@ index d5dbc2e889..96c1d523b7 100644
|
||||
BN_free(p);
|
||||
}
|
||||
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
|
||||
index 519e88b7e7..04f0d80b5e 100644
|
||||
index 519e88b..04f0d80 100644
|
||||
--- a/lib/dns/opensslecdsa_link.c
|
||||
+++ b/lib/dns/opensslecdsa_link.c
|
||||
@@ -17,14 +17,14 @@
|
||||
@ -1045,7 +1047,7 @@ index 519e88b7e7..04f0d80b5e 100644
|
||||
key->keydata.generic = NULL;
|
||||
}
|
||||
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
|
||||
index fc905b7d60..867b486a2f 100644
|
||||
index fc905b7..867b486 100644
|
||||
--- a/lib/dns/opensslrsa_link.c
|
||||
+++ b/lib/dns/opensslrsa_link.c
|
||||
@@ -18,7 +18,7 @@
|
||||
@ -1550,5 +1552,5 @@ index fc905b7d60..867b486a2f 100644
|
||||
RSA_free(rsa);
|
||||
}
|
||||
--
|
||||
2.37.2
|
||||
2.37.3
|
||||
|
||||
|
@ -62,8 +62,8 @@ Conflicts: %1 \
|
||||
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.18.6
|
||||
Release: 4%{?dist}
|
||||
Version: 9.18.7
|
||||
Release: 1%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
@ -954,6 +954,9 @@ fi;
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Sep 21 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.7-1
|
||||
- Update to 9.18.7 (#2128609)
|
||||
|
||||
* Wed Sep 14 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.6-4
|
||||
- Disable yet another test (##2122010)
|
||||
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (bind-9.18.6.tar.xz) = 6b31eb56cf25b2cb1d8af0f76f9cac0e0985c78cbe3ba80164d773cb0bf77116dd98b5c4b84e3c74fd35b5da501ee6ba2dc0fae12267104edde2cb2daa1e1ba7
|
||||
SHA512 (bind-9.18.6.tar.xz.asc) = 13629b56acb02ca1fe861e6a17e949fee276de83624d972174893e48cc5de650a2a0081262e5e0d6913360861e2c91fed6b808ed8ae702e5cb2e2380eacf163b
|
||||
SHA512 (bind-9.18.7.tar.xz) = 2cdceb4125b8759f5225296c6ffecdbb895b0a27dfcfcd98b04b9ad78552d16c16b0452fb823dc47d11cec21d2c6ecb05a107dd3094f8e7419bb9717d68820c5
|
||||
SHA512 (bind-9.18.7.tar.xz.asc) = 40030c2259858f1ba7ce4fbcd523025631ed78687ca87863d0f0bcd0fd530d96052e0601808ffa37e59d574a9a9c84bb2ededc66f730b9eaf560a00a6ef29c48
|
||||
|
Loading…
Reference in New Issue
Block a user