[Bug 258631] dns/opendnssec2: Update to 2.1.10

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 20 Sep 2021 13:07:35 UTC

            Bug ID: 258631
           Summary: dns/opendnssec2: Update to 2.1.10
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.opendnssec.org/2021/09/opendnssec-2-1-10/
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: jaap@NLnetLabs.nl
 Attachment #228052 maintainer-approval+

Created attachment 228052
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=228052&action=edit
Patch to upgrade

This release addresses an automatic re-salting after a migration from 1.4
and an error manifesting as a key_data_update failure in the logs where
a retired key wasn’t removed from the signer configuration in time in
certain circumstances.
Also an RPM is now provided for RHEL/CentOS distros at the same download


 * OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM
operations to avoid some keys to be (transiently) unavailable.

 * OPENDNSSEC-956: Harden signing procedure to still sign zones for which there
are unused keys specified in the zone which are unavailable.
 * OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.

 * OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.

 * OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count that
is deemed too high.

 * SUPPORT-265: Resolve conflict when deleting keys from HSM whilst also
performing step in key roll process. Typically a message “key_data_update
failed” is present in logs.

Provided RedHat/CentOS spec file in contrib directory.

You are receiving this mail because:
You are the assignee for the bug.