diff --git a/bind-9.11-fips-disable.patch b/bind-9.11-fips-disable.patch deleted file mode 100644 index c01d914..0000000 --- a/bind-9.11-fips-disable.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 2b0dce163a119f5f62eb4428b485f7575f321d6f Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Mon, 5 Aug 2019 11:54:03 +0200 -Subject: [PATCH] Allow explicit disabling of autodisabled MD5 - -Default security policy might include explicitly disabled RSAMD5 -algorithm. Current FIPS code automatically disables in FIPS mode. But if -RSAMD5 is included in security policy, it fails to start, because that -algorithm is not recognized. Allow it disabled, but fail on any -other usage. ---- - bin/named/server.c | 4 ++-- - lib/bind9/check.c | 4 ++++ - lib/dns/rcode.c | 1 + - 3 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/bin/named/server.c b/bin/named/server.c -index ee23f10..22a5c01 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -1689,12 +1689,12 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { - r.length = strlen(r.base); - - result = dns_secalg_fromtext(&alg, &r); -- if (result != ISC_R_SUCCESS) { -+ if (result != ISC_R_SUCCESS && result != ISC_R_DISABLED) { - uint8_t ui; - result = isc_parse_uint8(&ui, r.base, 10); - alg = ui; - } -- if (result != ISC_R_SUCCESS) { -+ if (result != ISC_R_SUCCESS && result != ISC_R_DISABLED) { - cfg_obj_log(cfg_listelt_value(element), named_g_lctx, - ISC_LOG_ERROR, "invalid algorithm"); - CHECK(result); -diff --git a/lib/bind9/check.c b/lib/bind9/check.c -index f49a346..dbf9ddb 100644 ---- a/lib/bind9/check.c -+++ b/lib/bind9/check.c -@@ -317,6 +317,10 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) { - r.length = strlen(r.base); - - tresult = dns_secalg_fromtext(&alg, &r); -+ if (tresult == ISC_R_DISABLED) { -+ // Recognize disabled algorithms, disable it explicitly -+ tresult = ISC_R_SUCCESS; -+ } - if (tresult != ISC_R_SUCCESS) { - cfg_obj_log(cfg_listelt_value(element), logctx, - ISC_LOG_ERROR, "invalid algorithm '%s'", -diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c -index 327248e..78adf63 100644 ---- a/lib/dns/rcode.c -+++ b/lib/dns/rcode.c -@@ -152,6 +152,7 @@ static struct tbl rcodes[] = { RCODENAMES ERCODENAMES }; - static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES }; - static struct tbl certs[] = { CERTNAMES }; - static struct tbl secalgs[] = { SECALGNAMES }; -+static struct tbl md5_secalgs[] = { MD5_SECALGNAMES }; - static struct tbl secprotos[] = { SECPROTONAMES }; - static struct tbl hashalgs[] = { HASHALGNAMES }; - static struct tbl dsdigests[] = { DSDIGESTNAMES }; --- -2.21.1 - diff --git a/bind-9.14-json-c.patch b/bind-9.14-json-c.patch deleted file mode 100644 index 870b46b..0000000 --- a/bind-9.14-json-c.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 0698eb93f6e618d2882ae2c8758c5fa87524bea6 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Tue, 23 Jul 2019 12:10:39 +0200 -Subject: [PATCH] Allow explicitly using json-c but not libjson - -Separate detection of json support. Allows explicit use of json-c when -jsoncpp package is found. Have to use --without-libjson --with-json-c. ---- - configure.ac | 52 +++++++++++++++++++++++++++++++++++++++++----------- - 1 file changed, 41 insertions(+), 11 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f7978e4..40b4f9f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1331,7 +1331,6 @@ AC_ARG_WITH(libjson, - use_libjson="$withval", use_libjson="auto") - - have_libjson="" --have_libjson_c="" - case "$use_libjson" in - no) - libjson_libs="" -@@ -1347,7 +1346,43 @@ case "$use_libjson" in - LIBS="$LIBS -L${d}/lib" - fi - have_libjson="yes" -- elif test -f "${d}/include/json-c/json.h" -+ fi -+ done -+ ;; -+ *) -+ if test -f "${use_libjson}/include/json/json.h" -+ then -+ libjson_cflags="-I${use_libjson}/include" -+ LIBS="$LIBS -L${use_libjson}/lib" -+ have_libjson="yes" -+ else -+ AC_MSG_ERROR([$use_libjson/include/json/json.h not found.]) -+ fi -+ ;; -+esac -+ -+# -+# was --with-json-c specified? -+# -+AC_ARG_WITH(json-c, -+ AS_HELP_STRING([--with-json-c[=PATH]], -+ [build with json-c library [yes|no|path]]), -+ use_json_c="$withval", use_json_c="$use_libjson") -+ -+if test "X${have_libjson}" != "X" -+then -+ # Do not use if libjson were found -+ use_json_c=no -+fi -+ -+have_libjson_c="" -+case "$use_json_c" in -+ no) -+ ;; -+ auto|yes) -+ for d in /usr /usr/local /opt/local -+ do -+ if test -f "${d}/include/json-c/json.h" - then - if test ${d} != /usr - then -@@ -1360,19 +1395,14 @@ case "$use_libjson" in - done - ;; - *) -- if test -f "${use_libjson}/include/json/json.h" -- then -- libjson_cflags="-I${use_libjson}/include" -- LIBS="$LIBS -L${use_libjson}/lib" -- have_libjson="yes" -- elif test -f "${use_libjson}/include/json-c/json.h" -+ if test -f "${use_json_c}/include/json-c/json.h" - then -- libjson_cflags="-I${use_libjson}/include" -- LIBS="$LIBS -L${use_libjson}/lib" -+ libjson_cflags="-I${use_json_c}/include" -+ LIBS="$LIBS -L${use_json_c}/lib" - have_libjson="yes" - have_libjson_c="yes" - else -- AC_MSG_ERROR([$use_libjson/include/json{,-c}/json.h not found.]) -+ AC_MSG_ERROR([$use_json_c/include/json-c/json.h not found.]) - fi - ;; - esac --- -2.20.1 -