Bug #46754 for bind9-public: checking for both KSK and ZSK in zone.c:add_sigs() is broken similarly to update.c:add

Report information

The Basics

Id:

46754

Status:

resolved

Priority:

Low/Low

Queue:

bind9-public

People

Owner:

Curtis Blackburn <ckb@isc.org>

Requestors:

Mark Andrews <marka@isc.org>

Cc:

AdminCc:

BugTracker

Version Fixed:

9.9.12, 9.9.12(sub), 9.10.7, 9.10.7(sub), 9.11.3, 9.12.0

Version Found:

(no value)

Versions Affected:

(no value)

Versions Planned:

(no value)

Priority:

P2 Normal

Severity:

S2 Normal

CVSS Score:

(no value)

CVE ID:

(no value)

Component:

(no value)

Area:

bug

Dates

Created:	Sun, 03 Dec 2017 18:27:15 -0500
Updated:	Wed, 06 Dec 2017 12:32:38 -0500
Closed:	Wed, 06 Dec 2017 12:32:38 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History

Sun, 03 Dec 2017 18:27:15 -0500 Mark Andrews <marka@isc.org> - Ticket created

Subject:	checking for both KSK and ZSK in zone.c:add_sigs() is broken similarly to update.c:add_sigs()
From:	marka@isc.org
To:	bind9-public@isc.org
Date:	Sun, 03 Dec 2017 13:27:15 -1000

Note zone.c:add_sigs did not error if no signatures were added with a single algorithm unlike update.c:add_sigs. Future work combine these two into a single instance.

Sun, 03 Dec 2017 20:38:54 -0500 Mark Andrews <marka@isc.org> - Correspondence added

ready for review.

Sun, 03 Dec 2017 20:38:56 -0500 The RT System itself - Status changed from 'new' to 'open'

Sun, 03 Dec 2017 20:38:57 -0500 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'review'

Mon, 04 Dec 2017 16:09:50 -0500 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

Looks okay. Please write a release note for this and 46743. If these are urgent enough to delay 9.12.0 then they're urgent enough to be noted. We actually need to discuss whether these are in fact urgent enough to delay 9.12.0. You told me via jabber that you didn't think they should wait. I'm not disputing it, but can you explain your reasoning?

Mon, 04 Dec 2017 16:10:31 -0500 Evan Hunt <Evan_Hunt@isc.org> - Given to Mark Andrews <marka@isc.org>

Mon, 04 Dec 2017 17:57:34 -0500 Mark Andrews <marka@isc.org> - Version Fixed 9.9.12, 9.9.12(sub), 9.10.7, 9.10.7(sub), 9.11.3, 9.12.0 added

Mon, 04 Dec 2017 17:57:34 -0500 Mark Andrews <marka@isc.org> - Correspondence added

4838. [bug] zone.c:add_sigs was not properly determining if there were active KSK and ZSK keys for a algorithm when update-check-ksk is true (default) leaving records unsigned with one or more DNSKEY algorithms. [RT #46754]

Mon, 04 Dec 2017 17:57:35 -0500 Mark Andrews <marka@isc.org> - Status changed from 'review' to 'qa'

Mon, 04 Dec 2017 17:57:35 -0500 Mark Andrews <marka@isc.org> - Untaken

Wed, 06 Dec 2017 12:30:02 -0500 Curtis Blackburn <ckb@isc.org> - Taken

Wed, 06 Dec 2017 12:32:38 -0500 Curtis Blackburn <ckb@isc.org> - Status changed from 'qa' to 'resolved'

Bug #46754 for bind9-public: checking for both KSK and ZSK in zone.c:add_sigs() is broken similarly to update.c:add_sigs()

This bug tracker is no longer active.