12:23:44 <jfqd1> jperkin: dnssec signing with algo 13 (ECDSAP256SHA256) with latest trunk powerdns update is now failimng with the following message: 
12:23:44 <jfqd1> Exception building answer packet for example.com/SOA (Request to create key object for unknown algorithm number 13) sending out servfail
12:23:44 <jfqd1> Any idea what is causing this issue?
12:25:53 <jfqd1> The powerdns-4.6.4 package is nb9 so for me it is not clear what changed?!
12:35:36 <jfqd1> The last powerdns-4.6.4 package before the update was nb7.
13:05:30 <jperkin> openssl 3.3.1 probably
13:08:48 <jfqd1> jperkin: ok, will try to move back to openssl 3.3.0. What is the best way to only uninstall openssl (nad not the dependencies) to pkg_add another version?
13:34:59 <jperkin> pkg_add -U /path/to/old/openssl.tgz
13:35:08 <jfqd1> jperkin: did a pkg_add -Dfu openssl-3.3.0nb1.tgz. But the problem with powerdns is still present (after the retart of the app).
13:35:36 <jperkin> ok, must be something else then ;)
13:43:44 <jesse_> in other news, https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
13:44:55 <jesse_> (remote exploit in openssh, poc for 32bit, no 64bit available yet)
14:34:38 <neuroserve> https://bugzilla.redhat.com/show_bug.cgi?id=2294879#c0 <- openssh-server
16:20:17 <bahamat> Yeah, we'll have a new PI coming up soon.
16:23:04 <bahamat> It's worth noting "Exploitation on non-glibc systems is conceivable but has not been examined", and SmartOS is non-glibc.
16:25:09 <bahamat> So it's currently not known to be vulnerable, but we're still assuming that it is and it's only a matter of time before someone figures it out. We'll likely have an updated PI out before a successful attack vector becomes known, even if someone is actively working on it now.
16:26:11 <jperkin> fwiw pkgsrc trunk is currently rebuilding with 9.8p1, I'll backport to LTS in turn
16:26:21 <jperkin> though nobody in reality should be using openssh from pkgsrc
16:50:26 <bahamat> And if you're using LX or HVM, whatever goes on inside there is independent of the platform image. Follow your distro's guidance.
17:39:26 <danmcd> I'm trying to dig into it right now.
21:01:28 <danmcd> Hey folks, We're respinning the platform image for 20240627 to #if-0-out the async-unsafe code like OmniOS.  We hope to have 9.8 in 20240711.