[rpms/bind9-next] f44: Fix build with openssl4 (rhbz#2463851)

[rpms/bind9-next] f44: Fix build with openssl4 (rhbz#2463851)

[@ 2026-06-05 10:27 UTC (permalink / raw)]

            A new commit has been pushed.

            Repo   : rpms/bind9-next
            Branch : f44
            Commit : 4f4bfde477ee9f5686374bd72be0a782913421dc
            Author : Petr Menšík <pemensik@redhat.com>
            Date   : 2026-05-05T12:23:31+02:00
            Stats  : +152/-0 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/bind9-next/c/4f4bfde477ee9f5686374bd72be0a782913421dc?branch=f44

            Log:
            Fix build with openssl4 (rhbz#2463851)

Use upstream way to fix problem with openssl 4.0. That is removing whole
openssl crypto tracking.

---
diff --git a/bind-9.21-openssl4-malloc.patch b/bind-9.21-openssl4-malloc.patch
new file mode 100644
index 0000000..693cad4
--- /dev/null
+++ b/bind-9.21-openssl4-malloc.patch
@@ -0,0 +1,150 @@
+From c4b7f67b7d79150007412e370de3c21cc80057d6 Mon Sep 17 00:00:00 2001
+From: Aram Sargsyan <aram@isc.org>
+Date: Thu, 16 Apr 2026 17:31:04 +0000
+Subject: [PATCH] Remove OpenSSL memory tracking support from the ossl3.c
+ module
+
+OPENSSL_cleanup() in OpenSSL 4 doesn't free the memory, and that is
+not compatible with BIND 9's memory leak detection code. Don't use
+custom allocation/deallocation functions for OpenSSL's internal memory
+management in the ossl3.c module.
+
+See https://github.com/openssl/openssl/pull/29721
+
+(cherry picked from commit 4ede6edc547109af81dc5c5ec25cf3ff7991bc10)
+---
+ lib/isc/crypto/ossl3.c | 90 +++++-------------------------------------
+ 1 file changed, 9 insertions(+), 81 deletions(-)
+
+diff --git a/lib/isc/crypto/ossl3.c b/lib/isc/crypto/ossl3.c
+index 1c2f3cab9d..35344dc8b1 100644
+--- a/lib/isc/crypto/ossl3.c
++++ b/lib/isc/crypto/ossl3.c
+@@ -44,8 +44,6 @@ struct isc_hmac_key {
+ 
+ constexpr uint32_t hmac_key_magic = ISC_MAGIC('H', 'M', 'A', 'C');
+ 
+-static isc_mem_t *isc__crypto_mctx = NULL;
+-
+ static OSSL_PROVIDER *base = NULL, *fips = NULL;
+ 
+ static EVP_MAC *evp_hmac = NULL;
+@@ -320,69 +318,6 @@ isc_hmac_final(isc_hmac_t *hmac, isc_buffer_t *out) {
+ 	return ISC_R_SUCCESS;
+ }
+ 
+-#if ISC_MEM_TRACKLINES
+-/*
+- * We use the internal isc__mem API here, so we can pass the file and line
+- * arguments passed from OpenSSL >= 1.1.0 to our memory functions for better
+- * tracking of the OpenSSL allocations.  Without this, we would always just see
+- * isc__crypto_{malloc,realloc,free} in the tracking output, but with this in
+- * place we get to see the places in the OpenSSL code where the allocations
+- * happen.
+- */
+-
+-static void *
+-isc__crypto_malloc_ex(size_t size, const char *file, int line) {
+-	return isc__mem_allocate(isc__crypto_mctx, size, 0, __func__, file,
+-				 (unsigned int)line);
+-}
+-
+-static void *
+-isc__crypto_realloc_ex(void *ptr, size_t size, const char *file, int line) {
+-	return isc__mem_reallocate(isc__crypto_mctx, ptr, size, 0, __func__,
+-				   file, (unsigned int)line);
+-}
+-
+-static void
+-isc__crypto_free_ex(void *ptr, const char *file, int line) {
+-	if (ptr == NULL) {
+-		return;
+-	}
+-	if (isc__crypto_mctx != NULL) {
+-		isc__mem_free(isc__crypto_mctx, ptr, 0, __func__, file,
+-			      (unsigned int)line);
+-	}
+-}
+-
+-#else /* ISC_MEM_TRACKLINES */
+-
+-static void *
+-isc__crypto_malloc_ex(size_t size, const char *file, int line) {
+-	UNUSED(file);
+-	UNUSED(line);
+-	return isc_mem_allocate(isc__crypto_mctx, size);
+-}
+-
+-static void *
+-isc__crypto_realloc_ex(void *ptr, size_t size, const char *file, int line) {
+-	UNUSED(file);
+-	UNUSED(line);
+-	return isc_mem_reallocate(isc__crypto_mctx, ptr, size);
+-}
+-
+-static void
+-isc__crypto_free_ex(void *ptr, const char *file, int line) {
+-	UNUSED(file);
+-	UNUSED(line);
+-	if (ptr == NULL) {
+-		return;
+-	}
+-	if (isc__crypto_mctx != NULL) {
+-		isc__mem_free(isc__crypto_mctx, ptr, 0);
+-	}
+-}
+-
+-#endif /* ISC_MEM_TRACKLINES */
+-
+ bool
+ isc_crypto_fips_mode(void) {
+ 	return EVP_default_properties_is_fips_enabled(NULL) != 0;
+@@ -424,9 +359,17 @@ isc_crypto_fips_enable(void) {
+ 	return ISC_R_SUCCESS;
+ }
+ 
++/*
++ * OPENSSL_cleanup() in OpenSSL 4 doesn't free the memory, which is not
++ * compatible with BIND 9's memory leak detection code, that is why the memory
++ * tracking has been disabled in this module, and this function is a no-op.
++ * This can be cleaned up once OpenSSL 1.1.x support is removed.
++ *
++ * See https://github.com/openssl/openssl/pull/29721
++ */
+ void
+ isc__crypto_setdestroycheck(bool check) {
+-	isc_mem_setdestroycheck(isc__crypto_mctx, check);
++	UNUSED(check);
+ }
+ 
+ void
+@@ -437,19 +380,6 @@ isc__crypto_initialize(void) {
+ 	 */
+ 	uint64_t opts = OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_NO_ATEXIT;
+ 
+-	isc_mem_create("OpenSSL", &isc__crypto_mctx);
+-	isc_mem_setdebugging(isc__crypto_mctx, 0);
+-	isc_mem_setdestroycheck(isc__crypto_mctx, false);
+-
+-	/*
+-	 * CRYPTO_set_mem_(_ex)_functions() returns 1 on success or 0 on
+-	 * failure, which means OpenSSL already allocated some memory.  There's
+-	 * nothing we can do about it.
+-	 */
+-	(void)CRYPTO_set_mem_functions(isc__crypto_malloc_ex,
+-				       isc__crypto_realloc_ex,
+-				       isc__crypto_free_ex);
+-
+ 	RUNTIME_CHECK(OPENSSL_init_ssl(opts, NULL) == 1);
+ 
+ 	register_algorithms();
+@@ -486,6 +416,4 @@ isc__crypto_shutdown(void) {
+ 	}
+ 
+ 	OPENSSL_cleanup();
+-
+-	isc_mem_detach(&isc__crypto_mctx);
+ }
+-- 
+2.54.0
+

diff --git a/bind9-next.spec b/bind9-next.spec
index 0696d42..c7343da 100644
--- a/bind9-next.spec
+++ b/bind9-next.spec
@@ -90,6 +90,8 @@ Patch1: bind-9.16-redhat_doc.patch
 Patch4: bind-9.21-unittest-qpdb-i386.patch
 # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/11825
 Patch5: bind-9.21-unittest-32b-mem.patch
+# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/11865
+Patch6: bind-9.21-openssl4-malloc.patch
 
 %{?systemd_ordering}
 Requires:       coreutils