<html class="apple-mail-supports-explicit-dark-mode"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><a href="https://gitlab.isc.org/isc-projects/bind9/-/issues/5628">https://gitlab.isc.org/isc-projects/bind9/-/issues/5628</a><br id="lineBreakAtBeginningOfSignature"><div dir="ltr"><div>--</div>Ondřej Surý — ISC (He/Him)<div><br></div><div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr"><br><blockquote type="cite">On 6. 11. 2025, at 13:58, Kelsey Cummings <kgc@corp.sonic.net> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>Ondřej, do you have an ETA for (9.18) releases which contain the fixes?</span><br><span></span><br><span></span><br><span>On 11/4/2025 4:27 AM, Ondřej Surý wrote:</span><br><blockquote type="cite"><span>Agreed.</span><br></blockquote><blockquote type="cite"><span>I would suggest doing a full bug report into an issue next time and including all the relevant details instead of piggybacking on an internal issue.</span><br></blockquote><blockquote type="cite"><span>There is a subtle difference between #5570 and the issue reported below, and thus these are two distinct bugs.</span><br></blockquote><blockquote type="cite"><span>Ondrej</span><br></blockquote><blockquote type="cite"><span>--</span><br></blockquote><blockquote type="cite"><span>Ondřej Surý (He/Him)</span><br></blockquote><blockquote type="cite"><span>ondrej@isc.org</span><br></blockquote><blockquote type="cite"><span>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span>On 4. 11. 2025, at 7:21, Petr Menšík via bind-users <bind-users@lists.isc.org> wrote:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Unfortunately this is a rare moment, when Ondřej is not correct. This affects all versions, which included fix for CVE-2025-8677. Yes, I verified also our builds are affected. Fedora 9.18.41 contains the same problem, but OpenSSL library does not prevent usage of 5 and 7 algorithms there. It is not visible.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>But in any case, similar reports should contain delv +vtrace output from your side. Especially because it should be able to reproduce it on any system, which disables RSASHA1 and RSASHA1NSEC3 algorithms. But delv tool shows wrong behaviour only on CentOS 9 or CentOS 10 derivatives. On other systems it seems unaffected on the first glance.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Development version contains code modifications, which has similar problem in a bit different place and with different fix needed. But unlike original assumption it affects also stable versions.</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Cheers,</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Petr</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>On 30/10/2025 22:39, Ondřej Surý wrote:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>No, you have not been caught by this. The issue you are referring to affects only a development</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>version of BIND 9 (9.21), so whatever you are experiencing is not related to this.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>You need to provide evidence (logs, reproducer) about what is going on, so we can help you</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>diagnose the issue you are experiencing.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Ondrej</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>--</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Ondřej Surý (He/Him)</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>ondrej@isc.org</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>-- </span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Petr Menšík</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Senior Software Engineer, RHEL</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Red Hat, https://www.redhat.com/</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>-- </span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.</span><br></blockquote></blockquote><span></span><br></div></blockquote></body></html>