rpms/bind
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Disable ED448

Browse Source 
It is breaking dnssec system test. Its implementation in BIND is broken.
This commit is contained in:
Petr Menšík 2019-02-21 15:36:27 +01:00
parent fa1631eef7
commit c2772a07e8
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
bind-9.11-ed448-disable.patch Normal file
View File

@ -0,0 +1,41 @@
From e6bad0789c731f06de781997e33e864c71510ff2 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Thu, 21 Feb 2019 12:36:17 +0100
Subject: [PATCH] Disable autodetected ED448 algorithm support
Implementation is broken in bind, disabled also in more recent versions.
Makes bin/tests/system/dnssec fail.
---
configure.in | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/configure.in b/configure.in
index ca84ff3239..da4dd5f249 100644
--- a/configure.in
+++ b/configure.in
@@ -1917,6 +1917,9 @@ int main() {
}
],
[AC_MSG_RESULT(yes)
+ # ED448 support is broken in BIND
+ # https://gitlab.isc.org/isc-projects/bind9/issues/225
+ # disable if autodetected, can be enabled by --with-eddsa=all
have_ed448="yes"],
[AC_MSG_RESULT(no)
have_ed448="no"],
@@ -1929,8 +1932,10 @@ int main() {
esac
case $have_ed448 in
yes)
- AC_DEFINE(HAVE_OPENSSL_ED448, 1,
- [Define if your OpenSSL version supports Ed448.])
+ # ED448 support is broken in BIND
+ # https://gitlab.isc.org/isc-projects/bind9/issues/225
+ # AC_DEFINE(HAVE_OPENSSL_ED448, 1,
+ # [Define if your OpenSSL version supports Ed448.])
;;
*)
;;
--
2.20.1

8
bind.spec
View File

@ -54,7 +54,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.11.5 Version: 9.11.5
Release: 9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Release: 10%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32 Epoch: 32
Url: https://www.isc.org/downloads/bind/ Url: https://www.isc.org/downloads/bind/
# #
@ -137,6 +137,8 @@ Patch164:bind-9.11-rh1666814.patch
Patch165:bind-9.11-rh1647829.patch Patch165:bind-9.11-rh1647829.patch
# commit 8e1cc95c943b7dfaaaaf2d9a4971861735cc3fb2 # commit 8e1cc95c943b7dfaaaaf2d9a4971861735cc3fb2
Patch166:bind-9.11-rh1647829-2.patch Patch166:bind-9.11-rh1647829-2.patch
# https://gitlab.isc.org/isc-projects/bind9/issues/225
Patch167:bind-9.11-ed448-disable.patch
# SDB patches # SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch Patch11: bind-9.3.2b2-sdbsrc.patch
@ -516,6 +518,7 @@ are used for building ISC DHCP.
%patch164 -p1 -b .rh1666814 %patch164 -p1 -b .rh1666814
%patch165 -p1 -b .rh1647829 %patch165 -p1 -b .rh1647829
%patch166 -p1 -b .rh1647829-2 %patch166 -p1 -b .rh1647829-2
%patch167 -p1 -b .noed448
mkdir lib/dns/tests/testdata/dstrandom mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1523,6 +1526,9 @@ fi;
%changelog %changelog
* Thu Feb 21 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-10.P1
- Disable autodetected eddsa algorithm ED448
* Thu Jan 31 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-9.P1 * Thu Jan 31 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.5-9.P1
- dig prints ASCII name instead of failure (#1647829) - dig prints ASCII name instead of failure (#1647829)
- disable IDN output from scripts - disable IDN output from scripts