dnsmasq/dnsmasq-2.78-fips.patch

From 7d77bd1038de810c3f916d2117742b0d8fa2429c Mon Sep 17 00:00:00 2001
From: liaichun <liaichun@huawei.com>
Date: Mon, 20 Apr 2020 15:32:27 +0800
Subject: [PATCH] dnsmasq-2.78-fips

---
 src/dnsmasq.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 878167c..fc085eb 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -876,7 +876,10 @@ int main (int argc, char **argv)
 	my_syslog(LOG_INFO, _("DNSSEC validation enabled but all unsigned answers are trusted"));
       else
 	my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
-      
+
+      if (access("/etc/system-fips", F_OK) == 0)
+        my_syslog(LOG_WARNING, _("DNSSEC support is not FIPS 140-2 compliant"));
+
       daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
       if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
 	my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT"));
-- 
2.23.0