Created attachment 224690 [details]
Patch to update
This release contains two changes that avoid some problems with certain HSM configuration, one of them is SoftHSMv2 in database back-end mode.
This can lead to temporarily not being able to sign zones, hence upgrading is really recommended.
It does not occur on all systems and configurations though.
OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM operations to avoid some keys to be (transiently) unavailable.
OPENDNSSEC-956: Harden signing procedure to still sign zones for which there are unused keys specified in the zone which are unavailable.
A commit in branch main references this bug:
Author: Jaap Akkerhuis <jaap@NLnetLabs.nl>
AuthorDate: 2021-05-05 16:34:33 +0000
Commit: Neel Chauhan <nc@FreeBSD.org>
CommitDate: 2021-05-05 16:35:54 +0000
dns/opendnssec2: Update to 2.1.9
dns/opendnssec2/Makefile | 4 ++--
dns/opendnssec2/distinfo | 6 +++---
dns/opendnssec2/files/patch-configure (gone) | 10 ----------
3 files changed, 5 insertions(+), 15 deletions(-)