[nsd: 1/2] * Thu Jan 03 2013 Paul Wouters <pwouters at redhat.com> - 3.2.14-3 - Patch to not fail when MD5 is not
Paul Wouters
pwouters at fedoraproject.org
Tue Feb 5 05:04:58 UTC 2013
commit ecf94c8aaa3eab42694216625d957028710b65c1
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 1 11:50:51 2013 -0500
* Thu Jan 03 2013 Paul Wouters <pwouters at redhat.com> - 3.2.14-3
- Patch to not fail when MD5 is not available (FIPS mode)
(also be quiet in cron jobs)
nsd-3.2.14-nomd5-fips.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
nsd.spec | 17 ++++++++++-------
2 files changed, 52 insertions(+), 7 deletions(-)
---
diff --git a/nsd-3.2.14-nomd5-fips.patch b/nsd-3.2.14-nomd5-fips.patch
new file mode 100644
index 0000000..e3df021
--- /dev/null
+++ b/nsd-3.2.14-nomd5-fips.patch
@@ -0,0 +1,42 @@
+diff -Naur nsd-3.2.14-orig/tsig-openssl.c nsd-3.2.14/tsig-openssl.c
+--- nsd-3.2.14-orig/tsig-openssl.c 2012-05-31 09:48:19.000000000 -0400
++++ nsd-3.2.14/tsig-openssl.c 2013-01-03 00:19:26.337086846 -0500
+@@ -31,7 +31,9 @@
+
+ hmac_algorithm = EVP_get_digestbyname(digest);
+ if (!hmac_algorithm) {
+- log_msg(LOG_ERR, "%s digest not available", digest);
++ /* skip, but do not error
++ * log_msg(LOG_ERR, "%s digest not available", digest);
++ */
+ return 0;
+ }
+
+@@ -58,21 +60,19 @@
+ int
+ tsig_openssl_init(region_type *region)
+ {
++ int count = 0;
+ OpenSSL_add_all_digests();
+
+- /* TODO: walk lookup supported algorithms table */
+- if (!tsig_openssl_init_algorithm(region, "md5", "hmac-md5","hmac-md5.sig-alg.reg.int."))
+- return 0;
++ count += !tsig_openssl_init_algorithm(region, "md5", "hmac-md5","hmac-md5.sig-alg.reg.int.");
++
+ #ifdef HAVE_EVP_SHA1
+- if (!tsig_openssl_init_algorithm(region, "sha1", "hmac-sha1", "hmac-sha1."))
+- return 0;
++ count += !tsig_openssl_init_algorithm(region, "sha1", "hmac-sha1", "hmac-sha1.");
+ #endif /* HAVE_EVP_SHA1 */
+
+ #ifdef HAVE_EVP_SHA256
+- if (!tsig_openssl_init_algorithm(region, "sha256", "hmac-sha256", "hmac-sha256."))
+- return 0;
++ count +=!tsig_openssl_init_algorithm(region, "sha256", "hmac-sha256", "hmac-sha256.");
+ #endif /* HAVE_EVP_SHA256 */
+- return 1;
++ return count;
+ }
+
+ static void
diff --git a/nsd.spec b/nsd.spec
index 7ce03b9..b0bde79 100644
--- a/nsd.spec
+++ b/nsd.spec
@@ -1,7 +1,7 @@
Summary: Fast and lean authoritative DNS Name Server
Name: nsd
-Version: 3.2.14
-Release: 2%{?dist}
+Version: 3.2.15
+Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/%{name}/
Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
@@ -10,7 +10,6 @@ Source2: nsd.cron
Source3: nsd.sysconfig
Source4: tmpfiles-nsd.conf
Patch0: nsd-install.patch
-Patch1: nsd-fixlogfile.patch
Group: System Environment/Daemons
BuildRequires: flex, openssl-devel
BuildRequires: systemd-units
@@ -28,15 +27,15 @@ consult the REQUIREMENTS document which is a part of this distribution
%prep
%setup -q
-%patch0 -p1
-%patch1 -p1
+%patch0 -p1 -b .install
%build
%configure --enable-bind8-stats --enable-checking --enable-nsec3 \
--with-pidfile=%{_localstatedir}/run/%{name}/%{name}.pid --with-ssl \
--with-user=nsd --with-difffile=%{_localstatedir}/lib/%{name}/ixfr.db \
--with-xfrdfile=%{_localstatedir}/lib/%{name}/ixfr.state \
- --with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db
+ --with-dbfile=%{_localstatedir}/lib/%{name}/nsd.db \
+ --enable-ratelimit
%{__make} %{?_smp_mflags}
#convert to utf8
@@ -119,9 +118,13 @@ fi
%changelog
+* Fri Feb 01 2013 Paul Wouters <pwouters at redhat.com> - 3.2.15-1
+- Updated to 3.2.15 which includes the rate limit code
+- Patch to not fail when MD5 is not available (FIPS mode)
+ (also be quiet in cron jobs)
* Fri Nov 23 2012 Paul Wouters <pwouters at redhat.com> - 3.2.14-2
-- Updated to 32.14 with minor bugfixes and TCP writev support
+- Updated to 3.2.14 with minor bugfixes and TCP writev support
- Only run nsdc rebuild hourly cronjob when nsd service is running
* Fri Jul 27 2012 Paul Wouters <pwouters at redhat.com> - 3.2.13-1
More information about the scm-commits
mailing list