Bug 237988 - dns/opendnssec2: Upgrade to release 2.1.4
Summary: dns/opendnssec2: Upgrade to release 2.1.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jochen Neumeister
Keywords: patch
Depends on:
Reported: 2019-05-19 23:08 UTC by Andrey Fesenko
Modified: 2019-06-05 08:50 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (jaap)
andrey: maintainer-feedback? (jaap)
andrey: merge-quarterly?

Upgrade to release 2.1.4 (790 bytes, patch)
2019-05-19 23:08 UTC, Andrey Fesenko
no flags Details | Diff
Slightly improved patch to upgrade (1.05 KB, patch)
2019-05-21 12:59 UTC, Jaap Akkerhuis
jaap: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Fesenko 2019-05-19 23:08:44 UTC
Created attachment 204470 [details]
Upgrade to release 2.1.4

"The 2.1 release has been quite stable with a few corner case problems. However there is now a need for a release to fix an issue with zone signing that can potentially lead to missing signatures so definitely warrants a release.

The 2.1.4 release is available immediately from the download site, we urge you to upgrade. Also for installations still on the 1.4 release should consider upgrading as a number of incidents reported against 1.4 have not occurred on 2.1 installations due to better stability.

To make sure this release is picked out we will not include a fix that was to the issue for a double KSK roll. This fix is available on our develop branch, but includes more changes, and this fix needs to go out on its own.


    OPENDNSSEC-904: autoconfigure fails to properly identify functions in ssl library on some distributions. This caused the “tsig unknown algorithm hmac-sha256″ error.
    OPENDNSSEC-894: repair configuration script to allow excluding the build of the enforcer.

    SUPPORT-229: Missing signatures for key new while signatures for old key still present under certain kasp policies, leading to bogus zones. Root cause for bug existed but made prominent since 2.1.3 release.
    OPENDNSSEC-943: support build on MacOS with missing pthread barriers
    SUPPORT-229: fixed for too early retivement of signatures upon double rrsig key roll signing strategy.
    Strip build directory from doxygen docs, remove bashisms from ods-kasp2html.in
    The ods-signer and ods-signerd man page should be in section 8 not 22. Note that this might mean that package managers should remove the older man pages from the old location."

testport: OK (poudriere: 11.2, amd64, tested)
testport: OK (poudriere: 12.0, amd64, tested)
testport: OK (poudriere: 12.0, i386, tested)
testport: OK (poudriere: 13, amd64, tested)
Comment 1 Jaap Akkerhuis 2019-05-21 12:59:07 UTC
Created attachment 204509 [details]
Slightly improved patch to upgrade


This patch silences portlint and removes a warning about USE_GNOME;
Comment 2 commit-hook freebsd_committer 2019-06-05 08:50:52 UTC
A commit references this bug:

Author: joneum
Date: Wed Jun  5 08:49:53 UTC 2019
New revision: 503499
URL: https://svnweb.freebsd.org/changeset/ports/503499

  Update to 2.1.4

  PR:		237988
  Sponsored by:	Netzkommune GmbH