Bug 1981324

Summary: opendnssec-2.1.10 is available
Product: Red Hat Enterprise Linux 9 Reporter: François Cami <fcami>
Component: opendnssecAssignee: Rafael Jeffman <rjeffman>
Status: CLOSED ERRATA QA Contact: Michal Polovka <mpolovka>
Severity: unspecified Docs Contact: Filip Hanzelka <fhanzelk>
Priority: unspecified    
Version: 9.0CC: abokovoy, amore, antorres, extras-qa, fcami, frenaud, ftrivino, gfialova, paul.wouters, sumenon, upstream-release-monitoring
Target Milestone: betaKeywords: FutureFeature, Rebase, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opendnssec-2.1.10-1.el9 Doc Type: Enhancement
Doc Text:
Important: if this rebase instead contains *only bug fixes,* or *only enhancements*, select the correct option from the Doc Type drop-down list. Rebase package(s) to version: 2.1.10 Highlights, important fixes, or notable enhancements: see https://www.opendnssec.org/2021/09/opendnssec-2-1-10/
 Story Points: ---
Clone Of: 1981318 Environment:
Last Closed: 2023-11-07 08:33:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1956561, 1981318, 2020204    
Bug Blocks:    

Description François Cami 2021-07-12 11:56:53 UTC 
+++ This bug was initially created as a clone of Bug #1981318 +++

+++ This bug was initially created as a clone of Bug #1956561 +++

Latest upstream release: 2.1.9
Current version/release in rawhide: 2.1.8-2.fc35
URL: http://dist.opendnssec.org/source/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/2546/

--- Additional comment from Upstream Release Monitoring on 2021-05-03 22:32:12 UTC ---



--- Additional comment from Upstream Release Monitoring on 2021-05-03 22:39:29 UTC ---

the-new-hotness/release-monitoring.org's scratch build of opendnssec-2.1.9-1.fc32.src.rpm for rawhide completed http://koji.fedoraproject.org/koji/taskinfo?taskID=67175156

--- Additional comment from François Cami on 2021-07-12 11:44:14 UTC ---

Closing ( https://koji.fedoraproject.org/koji/buildinfo?buildID=1778223 ).

--- Additional comment from Fedora Update System on 2021-07-12 11:46:56 UTC ---

FEDORA-2021-daba24d590 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-daba24d590
Comment 1 François Cami 2021-09-15 13:17:38 UTC 
Moving to target 2.1.10.

Upstream (Fedora) bug: https://bugzilla.redhat.com/show_bug.cgi?id=2003250

Changelog:
https://www.opendnssec.org/
OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM operations to avoid some keys to be (transiently) unavailable.
OPENDNSSEC-956: Harden signing procedure to still sign zones for which there are unused keys specified in the zone which are unavailable.
OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count that is deemed too high.
SUPPORT-265: Resolve conflict when deleting keys from HSM whilst also performing step in key roll process. Typically a message “key_data_update failed” is present in logs.

Of these:
- OPENDNSSEC-955
- SUPPORT-265
are stability enhancers while:
- OPENDNSSEC-957
makes testing easier.
Comment 2 François Cami 2021-10-18 19:16:09 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=2003250 is closed as that version is now built in rawhide.
Comment 9 Michal Polovka 2023-05-26 11:13:50 UTC 
Moving ITM as the build is not yet available.
Comment 10 Michal Polovka 2023-05-31 09:28:39 UTC 
Verified manually using RHEL9.3 with the test compose enabled.

# rpm -q opendnssec
opendnssec-2.1.10-1.el9.x86_64

# rpm -q --changelog opendnssec
* Thu Apr 27 2023 Rafael Guterres Jeffman <rjeffman> - 2.1.10-1
- Upstream release 2.1.10.
  Resolves: rhbz#1981324

* Mon Aug 09 2021 Mohan Boddu <mboddu> - 2.1.8-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688

* Wed Jun 16 2021 Mohan Boddu <mboddu> - 2.1.8-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065

Therefore marking as preverified: tested. No automation required.
Comment 16 Michal Polovka 2023-06-19 08:47:47 UTC 
Verified manually using RHEL9.3 with the nightly build present.

# rpm -q opendnssec
opendnssec-2.1.10-1.el9.x86_64

# rpm -q --changelog opendnssec
* Thu Apr 27 2023 Rafael Guterres Jeffman <rjeffman> - 2.1.10-1
- Upstream release 2.1.10.
  Resolves: rhbz#1981324

* Mon Aug 09 2021 Mohan Boddu <mboddu> - 2.1.8-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688

* Wed Jun 16 2021 Mohan Boddu <mboddu> - 2.1.8-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065

Therefore marking as Verified.
Comment 18 errata-xmlrpc 2023-11-07 08:33:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (opendnssec bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6458