rpms/bind - bind - AlmaLinux OS Foundation Git Server

rpms/bind

Fork 1

Commit Graph

Author	SHA1	Message	Date
Petr Menšík	ad7b3b8f12	Update to 9.11.5 Bump to higher version, update sources. More fixes to rebased BIND. Many patches are affected by stdbool change. Update libraries so versions.	2018-11-05 18:12:29 +01:00
Petr Menšík	e0ab89b893	Fix OpenSSL random patch - Add new notes into notes.xml - Initialize random provider before creation	2018-09-24 18:05:26 +02:00
Petr Menšík	595af1f3d5	[master] completed and corrected the crypto-random change 4724. [func] By default, BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. This is suitable for virtual machine environments which have limited entropy pools and lack hardware random number generators. This can be overridden by specifying another entropy source via the "random-device" option in named.conf, or via the -r command line option; however, for functions requiring full cryptographic strength, such as DNSSEC key generation, this cannot be overridden. In particular, the -r command line option no longer has any effect on dnssec-keygen. This can be disabled by building with "configure --disable-crypto-rand". [RT #31459] [RT #46047]	2018-09-19 21:04:52 +02:00

Author

SHA1

Message

Date

Petr Menšík

ad7b3b8f12

Update to 9.11.5

Bump to higher version, update sources.

More fixes to rebased BIND. Many patches are affected by stdbool change.
Update libraries so versions.

2018-11-05 18:12:29 +01:00

Petr Menšík

e0ab89b893

Fix OpenSSL random patch

- Add new notes into notes.xml
- Initialize random provider before creation

2018-09-24 18:05:26 +02:00

Petr Menšík

595af1f3d5

[master] completed and corrected the crypto-random change

4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]

2018-09-19 21:04:52 +02:00

3 Commits