jperkin: dnssec signing with algo 13 (ECDSAP256SHA256) with latest trunk powerdns update is now failimng with the following message:

Exception building answer packet for example.com/SOA (Request to create key object for unknown algorithm number 13) sending out servfail

Any idea what is causing this issue?

The powerdns-4.6.4 package is nb9 so for me it is not clear what changed?!

The last powerdns-4.6.4 package before the update was nb7.

openssl 3.3.1 probably

jperkin: ok, will try to move back to openssl 3.3.0. What is the best way to only uninstall openssl (nad not the dependencies) to pkg_add another version?

pkg_add -U /path/to/old/openssl.tgz

jperkin: did a pkg_add -Dfu openssl-3.3.0nb1.tgz. But the problem with powerdns is still present (after the retart of the app).

ok, must be something else then ;)

in other news, qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

(remote exploit in openssh, poc for 32bit, no 64bit available yet)

bugzilla.redhat.com/show_bug.cgi?id=2294879#c0 <- openssh-server

Yeah, we'll have a new PI coming up soon.

It's worth noting "Exploitation on non-glibc systems is conceivable but has not been examined", and SmartOS is non-glibc.

So it's currently not known to be vulnerable, but we're still assuming that it is and it's only a matter of time before someone figures it out. We'll likely have an updated PI out before a successful attack vector becomes known, even if someone is actively working on it now.

fwiw pkgsrc trunk is currently rebuilding with 9.8p1, I'll backport to LTS in turn

though nobody in reality should be using openssh from pkgsrc

And if you're using LX or HVM, whatever goes on inside there is independent of the platform image. Follow your distro's guidance.

I'm trying to dig into it right now.

Hey folks, We're respinning the platform image for 20240627 to #if-0-out the async-unsafe code like OmniOS. We hope to have 9.8 in 20240711.