Commit Graph

4 Commits

Author SHA1 Message Date
Adam Williamson
a1558710fb Correct a backport inconsistency in bind-9.11-rt46047.patch
The patch seems to have been generated from a more recent bind
tree in which `ns_g_lctx` was renamed `named_g_lctx`. So the
patch uses the `named_g_lctx` name, but the rest of server.c
in bind-9.11 still uses the name `ns_g_lctx`, so if you compile
with --disable-crypto-rand, the build actually fails with an
undeclared name error.
2019-01-11 23:35:03 -08:00
Petr Menšík
ad7b3b8f12 Update to 9.11.5
Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.
2018-11-05 18:12:29 +01:00
Petr Menšík
e0ab89b893 Fix OpenSSL random patch
- Add new notes into notes.xml
- Initialize random provider before creation
2018-09-24 18:05:26 +02:00
Petr Menšík
595af1f3d5 [master] completed and corrected the crypto-random change
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
2018-09-19 21:04:52 +02:00