Bug#697681: fixed in bind9 1:9.9.2.dfsg.P1-2

Wed, 16 Jan 2013 05:51:26 -0800 

Hi,
Would it possible to add a second part of this fix? Without it, the log is still spammed with the following errors: 

Jan 16 14:44:19 sulphur named[3202]: RSA_verify failed

Jan 16 14:44:20 sulphur named[3202]: error:04091068:rsa 
routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:291:

Jan 16 14:44:20 sulphur named[3202]: RSA_verify failed

Jan 16 14:44:20 sulphur named[3202]: error:04091068:rsa 
routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:291:

Jan 16 14:44:20 sulphur named[3202]: RSA_verify failed

Jan 16 14:44:20 sulphur named[3202]: error:04091068:rsa 
routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:291:

Jan 16 14:44:20 sulphur named[3202]: RSA_verify failed



Patch was mentioned in the same thread [1] and when I apply the patch to 
the package it works OK. See patch in attach.



Did you ask for the more recent package to be unblocked for testing? Are 
you planning to and/or would you mind if I ask for it to be unblocked 
once the additional patch is applied?


Regards,

Rik

[1] http://www.mail-archive.com/bind-users@lists.isc.org/msg14759.html


On 01/10/2013 01:36 AM, Debian Bug Tracking System wrote:

This is an automatic notification regarding your Bug report
which was filed against the bind9 package:

#697681: bind9: DNSSEC validating resolver spams log file after
upgrade to 9.8.4

It has been closed by LaMont Jones <lam...@debian.org>.



--
Rik Theys
System Engineer
KU Leuven - Dept. Elektrotechniek (ESAT)
Kasteelpark Arenberg 10 bus 2440  - B-3001 Leuven-Heverlee
+32(0)16/32.11.07
----------------------------------------------------------------
<<Any errors in spelling, tact or fact are transmission errors>>

diff -ur bind9-9.8.4.dfsg.P1.orig/lib/dns/opensslrsa_link.c bind9-9.8.4.dfsg.P1/lib/dns/opensslrsa_link.c
--- bind9-9.8.4.dfsg.P1.orig/lib/dns/opensslrsa_link.c	2012-10-26 06:52:55.000000000 +0200
+++ bind9-9.8.4.dfsg.P1/lib/dns/opensslrsa_link.c	2013-01-08 14:26:58.996397527 +0100
@@ -633,8 +633,7 @@
 #endif
 #endif
 	if (status != 1)
-		return (dst__openssl_toresult2("RSA_verify",
-					       DST_R_VERIFYFAILURE));
+		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 
 	return (ISC_R_SUCCESS);
 }






















					Reply via email to