Created attachment 218688 [details]
patch to update
This release of 2.1.7 fixes a bug in the migration script to migrate
from 1.4 to 2.1. Additionally a bug in creating unnecessary signatures
during a ZSK roll was fixed. We also had some contributions regarding
edward curves and exporting keys by CKA identifier and other
corrections and improvements, see the full list below.
* OPENDNSSEC-949: Fix for migration bug not keeping proper parameters
of NSEC3 signed zones. Amongst others the zone become NSEC. Loading
* fixes the situation, migration scripts now corrected. Since 1.4
does not require a salt, a resalt might be automatic after
migrating, as this is a required parameter.
* OPENDNSSEC-948: do not recreate signatures for keys that are
moving out this fixes unexpected double signatures in the zone.
* SUPPORT-253: Incorrect keytag used when using Combined Signing
keys (CSK) (Thanks to Simon Arlott)
* SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)
* SUPPORT-222: Support ED25519/ED448 keys. This requires library
ldns 1.7.0 or better, otherwise unavailable. (Thanks again to
* Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow
to run migration tool on systems without libsqlite3.so.0 soft
link. (Thanks to Paul Wouters)
* Some compilation warnings, o.a. gcc10 related, code quality and
initialization improvements. (Thanks to Jonas Berlin, and Mathieu
MirMont, and Paul Wouters)
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/201336228
Note, this incorporate changes for bug #241270
Q/A: Makefile: : whitespace before end of line.