Bug 1077799
Summary: | ldns could produce bad DSA sign | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomáš Hozza <thozza> | ||||||||
Component: | ldns | Assignee: | Tomáš Hozza <thozza> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Radka Brychtova <rskvaril> | ||||||||
Severity: | low | Docs Contact: | |||||||||
Priority: | low | ||||||||||
Version: | 7.0 | CC: | bgollahe, jscotka, psimerda, pwouters, rskvaril, thozza | ||||||||
Target Milestone: | rc | Keywords: | EasyFix, Patch, Reproducer | ||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | ldns-1.6.16-10.el7 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | 1077776 | Environment: | |||||||||
Last Closed: | 2016-11-04 05:05:05 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Tomáš Hozza
2014-03-18 15:17:34 UTC
Created attachment 875982 [details]
patch
Created attachment 876040 [details]
patch
No one is really using DSA for DNSSEC any. I would not worry about it too much. http://secspider.cs.ucla.edu/stats.html 800 out of 1M DNSKEYs seems to be DSA - prob mostly legacy and test sites So I wouldn't make this a high priority item (In reply to Paul Wouters from comment #4) > No one is really using DSA for DNSSEC any. I would not worry about it too > much. > > http://secspider.cs.ucla.edu/stats.html > > 800 out of 1M DNSKEYs seems to be DSA - prob mostly legacy and test sites > > So I wouldn't make this a high priority item I agree it is not high priority. This bug is more for tracking that the issue is there and if possible, it can be easily fixed and tested. Created automated test, which runs the reproducer ******************************** Old package: ldns-1.6.16-7.el7.x86_64 :: [ FAIL ] :: Run test script (Expected 0, got 1) ******************************** New packge: ldns-1.6.16-10.el7.x86_64 :: [ PASS ] :: Run test script (Expected 0, got 0) Since the test Passed => verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2386.html |