Update to 2.1.7

- OPENDNSSEC-949: Fix for migration bug not keeping proper parameters
   of NSEC3 signed zones. Amongst others the zone become NSEC. Loading
   the policies fixes the situation, migration scripts now corrected. Since
   1.4 does not require a salt, a resalt might be automatic after
   migrating, as this is a required parameter.

 - OPENDNSSEC-948: do not recreate signatures for keys that are moving
   out this fixes unexpected double signatures in the zone.

 - SUPPORT-253: Incorrect keytag used when using Combined Signing keys
   (CSK) (Thanks to Simon Arlott)

 - SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)

 - SUPPORT-222: Support ED25519/ED448 keys. This requires library ldns
   1.7.0 or better, otherwise unavailable. (Thanks again to Simon
   Arlott)

 - Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow to run
   migration tool on systems without libsqlite3.so.0 soft link. (Thanks
   to Paul Wouters)

 - Some compilation warnings, o.a. gcc10 related, code quality and
   initialization improvements. (Thanks to Jonas Berlin, and Mathieu
   MirMont, and Paul Wouters)

.gitignore

@@ -16,3 +16,4 @@
 /opendnssec-1.4.9.tar.gz
 /opendnssec-1.4.14.tar.gz
 /opendnssec-2.1.6.tar.gz
+/opendnssec-2.1.7.tar.gz

opendnssec-2.1.6-sqlite.patch

@@ -1,21 +0,0 @@
-diff --git a/enforcer/src/ods-migrate.c b/enforcer/src/ods-migrate.c
-index aece5058a..c440a36af 100644
---- a/enforcer/src/ods-migrate.c
-+++ b/enforcer/src/ods-migrate.c
-@@ -97,10 +97,13 @@ dblayer_sqlite3_initialize(void)
-     char const *error;
- 
-     dlerror();
--    handle = dlopen("libsqlite3.so", RTLD_NOW);
-+    handle = dlopen("libsqlite3.so.0", RTLD_NOW);
-     if ((error = dlerror()) != NULL) {
--	    printf("Failed to load sqlite3 library. dlerror(): %s\n", error);
--	    exit(1);
-+          handle = dlopen("libsqlite3.so", RTLD_NOW); /* unversioned is a -devel package file on some distros */
-+          if ((error = dlerror()) != NULL) {
-+             printf("Failed to load sqlite3 library. dlerror(): %s\n", error);
-+             exit(1);
-+          }
-     }
- 
-     dblayer_sqlite3.sqlite3_prepare_v2 = (int(*)(sqlite3*, const char*, int, sqlite3_stmt**, const char **))functioncast(dlsym(handle, "sqlite3_prepare_v2"));

opendnssec.spec

@@ -3,8 +3,8 @@
 
 Summary: DNSSEC key and zone management software
 Name: opendnssec
-Version: 2.1.6
-Release: 8%{?prever}%{?dist}
+Version: 2.1.7
+Release: 1%{?prever}%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source0: http://www.opendnssec.org/files/source/%{?prever:testing/}%{name}-%{version}%{?prever}.tar.gz
@@ -17,9 +17,6 @@ Source6: opendnssec.cron
 Source7: opendnssec-2.1.sqlite_convert.sql
 Source8: opendnssec-2.1.sqlite_rpmversion.sql
 
-Patch1: opendnssec-2.1.6-gcc10-fixups.patch
-Patch2: opendnssec-2.1.6-sqlite.patch
-
 Requires: opencryptoki, softhsm >= 2.5.0 , systemd-units
 Requires: libxml2, libxslt sqlite
 BuildRequires:  gcc
@@ -49,8 +46,6 @@ name server. It requires a PKCS#11 crypto module library, such as softhsm
 %setup -q -n %{name}-%{version}%{?prever}
 # bump default policy ZSK keysize to 2048
 sed -i "s/1024/2048/" conf/kasp.xml.in
-%patch1 -p1
-%patch2 -p1
 
 %build
 export LDFLAGS="-Wl,-z,relro,-z,now -pie -specs=/usr/lib/rpm/redhat/redhat-hardened-ld"
@@ -182,6 +177,9 @@ ods-enforcer update all >/dev/null 2>/dev/null ||:
 %systemd_postun_with_restart ods-signerd.service
 
 %changelog
+* Fri Dec 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.7-1
+- Upstream release 2.1.7
+
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.6-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 

sources

@@ -1 +1 @@
-SHA512 (opendnssec-2.1.6.tar.gz) = 9dad545d4ec92bb6fc74fd568160f0515cdfa23af4a901ce147f2c82b684224237687461a13c0e37ce6d3813494e4292dfa98cfb17f871d444eb69baf72a1afd
+SHA512 (opendnssec-2.1.7.tar.gz) = 6f2ca2115195fd2fcd0b22186c41c9e64ec24d98b34a10a8a75d64b4671b5afe3a655f32bbd241a0df84affda1f6cecd4daac0e6fa7081e4c9fa02d1bb4ed1eb