The NetBSD Project

CVS log for pkgsrc/security/opendnssec2/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / opendnssec2

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.38: download - view: text, markup, annotated - select for diffs
Thu Nov 14 22:21:32 2024 UTC (3 weeks, 5 days ago) by wiz
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +2 -2 lines
*: recursive bump for icu 76 shlib major version bump

Revision 1.37: download - view: text, markup, annotated - select for diffs
Fri Nov 1 12:54:17 2024 UTC (5 weeks, 5 days ago) by wiz
Branches: MAIN
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +2 -2 lines
*: revbump for icu downgrade

Revision 1.36: download - view: text, markup, annotated - select for diffs
Fri Nov 1 00:53:31 2024 UTC (5 weeks, 5 days ago) by wiz
Branches: MAIN
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +2 -2 lines
*: recursive bump for icu 76.1 shlib bump

Revision 1.35: download - view: text, markup, annotated - select for diffs
Fri Oct 4 03:49:34 2024 UTC (2 months, 1 week ago) by ryoon
Branches: MAIN
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +2 -1 lines
*: Recursive revbump from Boost 1.86.0

Revision 1.34: download - view: text, markup, annotated - select for diffs
Sun Aug 25 17:15:50 2024 UTC (3 months, 2 weeks ago) by he
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +10 -9 lines
security/opendnssec2: update to version 2.1.14.

Pkgsrc changes:
 * None, other than patch adaptations and checksum updates.

Upstream changes:

OpenDNSSEC 2.1.14 - 2024-08-22

* OPENDNSSEC-965: Extra logging in case of HSM issues
* OPENDNSSEC-965: Extra check on HSM availability when starting signing
* OPENDNSSEC-966: Copy key function in hsmutil program
* OPENDNSSEC-960: Fix backup keys command when called with improper arguments
* OPENDNSSEC-964: No keys exported when exporting all keys with mysql back-end
* OPENDNSSEC-963: Keys not published in case of shared keys in combination
	  with purging keys

Revision 1.33: download - view: text, markup, annotated - select for diffs
Fri Aug 16 15:29:36 2024 UTC (3 months, 3 weeks ago) by he
Branches: MAIN
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +5 -2 lines
security/opendnssec2: Add a few fixes to this package:

 * If for some reason you end up with a key with no attached
   zone, "ods-enforcer key list -z <zonename>" would end up
   crashing ods-enforcerd.  Add a fix to protect against this.

   Ref.
   https://lists.opendnssec.org/pipermail/opendnssec-user/2024-August/004756.html

 * Make "ods-enforcer backup prepare" and "... backup commit"
   emit operator messages if no keys were flagged for the requested
   state transition.  Just doing "return 1" and possibly "exit 1"
   is operator-unfriendly if the requested operation didn't do
   anything.

 * Typo fixes in the xref section of ods-kasp(5) man page:
   It's "ods" not "pds", and ods-ksmutil(1) isn't part of
   OpenDNSSEC version 2.x.

Bump PKGREVISION.

Revision 1.32: download - view: text, markup, annotated - select for diffs
Wed May 29 16:34:17 2024 UTC (6 months, 1 week ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2024Q2-base, pkgsrc-2024Q2
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +2 -2 lines
revbump after icu and protobuf updates

Revision 1.31: download - view: text, markup, annotated - select for diffs
Mon Feb 26 21:37:07 2024 UTC (9 months, 2 weeks ago) by nros
Branches: MAIN
CVS tags: pkgsrc-2024Q1-base, pkgsrc-2024Q1
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +2 -2 lines
revbump due to security/botan2 update

Revision 1.30: download - view: text, markup, annotated - select for diffs
Fri Dec 29 18:24:57 2023 UTC (11 months, 1 week ago) by adam
Branches: MAIN
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +2 -1 lines
revbump for boost-libs

Revision 1.29: download - view: text, markup, annotated - select for diffs
Wed Dec 6 19:27:20 2023 UTC (12 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +2 -3 lines
security/opendnssec2: update to version 2.1.13.

Pkgsrc changes:
 * Checksums, reset PKGREVISION.

Upstream changes:

OpenDNSSEC 2.1.13 - 2023-06-26

* Emit warning when using ods-kaspcheck for RFC 5155
* Fix concurrent usage of command line.
* When using "keep" soa numbering policy mode and the input zone isn't
  available, change from exponential back-off to retry upon next resign
  interval and only emit a warning, unless this occurs a second time.

Revision 1.28: download - view: text, markup, annotated - select for diffs
Tue Dec 5 12:20:40 2023 UTC (12 months, 1 week ago) by he
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +2 -2 lines
security/opendnssec2: Work around a concurrency error + two cosmetic fixes.

 * Adopt the suggested patch from
   https://issues.opendnssec.org/browse/SUPPORT-278
   for what looks like a concurrency error in interfacing
   to the HSM module.
 * Give correct upper-case/lower-case hint if command
   is not configured in the error message.
 * Be a bit more verbose about which zone isn't found if
   indeed it isn't found.

Bump PKGREVISION.

Revision 1.27: download - view: text, markup, annotated - select for diffs
Wed Nov 8 13:20:48 2023 UTC (13 months ago) by wiz
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +2 -2 lines
*: recursive bump for icu 74.1

Revision 1.26: download - view: text, markup, annotated - select for diffs
Tue Oct 24 22:10:53 2023 UTC (13 months, 2 weeks ago) by wiz
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -2 lines
*: bump for openssl 3

Revision 1.25: download - view: text, markup, annotated - select for diffs
Tue Jun 6 12:42:14 2023 UTC (18 months ago) by riastradh
Branches: MAIN
CVS tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +2 -2 lines
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html

Revision 1.24: download - view: text, markup, annotated - select for diffs
Sun Apr 23 14:26:31 2023 UTC (19 months, 2 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -2 lines
revbump for boost

Revision 1.23: download - view: text, markup, annotated - select for diffs
Wed Apr 19 08:11:23 2023 UTC (19 months, 3 weeks ago) by adam
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +2 -2 lines
revbump after textproc/icu update

Revision 1.22: download - view: text, markup, annotated - select for diffs
Sun Jan 22 16:28:37 2023 UTC (22 months, 2 weeks ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +2 -2 lines
*: Recursive revbump from Boost 1.81.0

Revision 1.21: download - view: text, markup, annotated - select for diffs
Wed Nov 23 16:21:01 2022 UTC (2 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +2 -1 lines
massive revision bump after textproc/icu update

Revision 1.20: download - view: text, markup, annotated - select for diffs
Wed Nov 9 11:39:43 2022 UTC (2 years, 1 month ago) by he
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +2 -2 lines
Update OpenDNSSEC2 to version 2.1.12.

Pkgsrc changes:
 * Adapt patch, update checksums.

Upstream changes:

OpenDNSSEC 2.1.12 - 2022-11-08

* Ensure debug symbols on RPM-style builds.
* Bug fix that prevented restoring state from when salt length was zero.
* Bug fix for enforcer daemon crash after deleting key on some systems.

OpenDNSSEC 2.1.11 - 2022-09-17

* Improper re-use of already used keys when using <SharedKeys/> as
  a consequence of previous bug in 2.1.6
* Improved reporting upon segmentation faults or similar aborts.
* Fix for migration to resalt of length 0.
* Fix for upstream nameserver, implementing IXFR but without support
  for IXFR for that specific zone and responding without AXFR.
* Degraded log message key_update_failed because this action is retried.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Sun Jun 12 08:54:05 2022 UTC (2 years, 6 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +2 -3 lines
Update OpenDNSSEC2 to version 2.1.10.

Upstream changes:

OpenDNSSEC 2.1.10 - 2021-09-10

* OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
* OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
* OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count
  that is deemed too high.
* SUPPORT-265: Resolve conflict when deleting keys from HSM whilst
  also performing step in key roll process.  Typically a message
  "key_data_update failed" is present in logs.
* Provided RedHat/CentOS spec file in contrib directory.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Mon Apr 18 19:12:00 2022 UTC (2 years, 7 months ago) by adam
Branches: MAIN
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +2 -2 lines
revbump for textproc/icu update

Revision 1.17: download - view: text, markup, annotated - select for diffs
Thu Mar 31 23:30:17 2022 UTC (2 years, 8 months ago) by wiz
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -2 lines
*: recursive bump for botan-devel shlib bump

Revision 1.16: download - view: text, markup, annotated - select for diffs
Mon Jan 10 01:46:43 2022 UTC (2 years, 11 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -2 lines
*: Recursive revbump from boost 1.78.0

Revision 1.15: download - view: text, markup, annotated - select for diffs
Wed Dec 8 16:06:20 2021 UTC (3 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -2 lines
revbump for icu and libffi

Revision 1.14: download - view: text, markup, annotated - select for diffs
Wed Sep 29 19:01:18 2021 UTC (3 years, 2 months ago) by adam
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -1 lines
revbump for boost-libs

Revision 1.13: download - view: text, markup, annotated - select for diffs
Tue May 4 07:37:19 2021 UTC (3 years, 7 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -3 lines
Update OpenDNSSEC version 2 to 2.1.9.

Upstream changes:

OpenDNSSEC 2.1.9 - 2021-05-03

* OPENDNSSEC-955: Prevent concurrency between C_Login/C_OpenSession and
  C_FindObject in PKCS#11 operations as some HSMs do not like this and
  the key may (transiently) not be available.
* OPENDNSSEC-956: Harden the signing procedure to still sign zones for
  which there are unused keys specified in the signconf.  These are
  included by the enforcer because there may be (outdated) signatures
  for them, but the signer doesn't need this reference anymore in 2.1.
  However this was left in for backwards compatibility (probably).

Revision 1.12: download - view: text, markup, annotated - select for diffs
Wed Apr 21 13:25:20 2021 UTC (3 years, 7 months ago) by adam
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -2 lines
revbump for boost-libs

Revision 1.11: download - view: text, markup, annotated - select for diffs
Wed Apr 21 11:42:36 2021 UTC (3 years, 7 months ago) by adam
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +2 -2 lines
revbump for textproc/icu

Revision 1.10: download - view: text, markup, annotated - select for diffs
Fri Mar 5 21:17:25 2021 UTC (3 years, 9 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +5 -4 lines
Add a patch to fix a bug in the sqlite3 conversion script,
so that the salt value gets copied to the new kasp.db.

Bump PKGREVISION.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sun Feb 21 09:12:48 2021 UTC (3 years, 9 months ago) by he
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -3 lines
Update OpenDNSSEC version 2 to 2.1.8.

Upstream changes:

OpenDNSSEC 2.1.8 - 2021-02-20

* OPENDNSSEC-954: Upgrade autoconf/automake configuration chain for
  version 2.69/1.16.2.
* SUPPORT-261: Fix to crash when using ods-enforcer set-policy command.
* OPENDNSSEC-953: Fix to crash in case zone file not present while getting
  a signconf update and state flush command.
  Thanks to Stefan Ubbink from SIDN for the co-operation in this fix.
* OPENDNSSEC-951: Modify the purging of keys, to make it automatic to purge
  keys from the HSM.
  Thanks to Stefan Ubbink from SIDN for the co-operation in this fix.
* OPENDNSSEC-950: Fix that caused crash when signer was offline for a
  prolonged period (but the enforcer wasn't) in the middle of a ZSK roll.
* OPENDNSSEC-952: memory leak in when receiving NOTIFY for non-existent zone
  Thanks Sébastien Tisserant to for reporting).

Revision 1.8: download - view: text, markup, annotated - select for diffs
Thu Nov 5 09:09:03 2020 UTC (4 years, 1 month ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -1 lines
*: Recursive revbump from textproc/icu-68.1

Revision 1.7: download - view: text, markup, annotated - select for diffs
Mon Oct 5 07:19:33 2020 UTC (4 years, 2 months ago) by he
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -3 lines
Update OpenDNSSEC version 2 to 2.1.7.

Upstream changes:

OpenDNSSEC 2.1.7 - 2020-10-05

* OPENDNSSEC-949: Fix for migration bug not keeping proper parameters of NSEC3
  signed zones. Amongst others the zone become NSEC.  Loading the policies
  fixes the situation, migration scripts now corrected.  Since 1.4 does not
  require a salt, a resalt might be automatic after migrating, as this is
  a required parameter.
* OPENDNSSEC-948: do not recreate signatures for keys that are moving out
  this fixes unexpected double signatures in the zone.
* SUPPORT-253: Incorrect keytag used when using Combined Signing keys (CSK)
  (Thanks to Simon Arlott)
* SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)
* SUPPORT-222: Support ED25519/ED448 keys.  This requires library ldns 1.7.0
  or better, otherwise unavailable.  (Thanks again to Simon Arlott)
* SUPPORT-260: Crash on OpenBSD systems in ixfr_del_rr; possible unverified
  fix.
* Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow to run
  migration tool on systems without libsqlite3.so.0 soft link.
  (Thanks to Paul Wouters)
* Some compilation warnings, o.a. gcc10 related, code quality and
  initialization improvements.
  (Thanks to Jonas Berlin, and Mathieu MirMont, and Paul Wouters).

Revision 1.6: download - view: text, markup, annotated - select for diffs
Tue Jun 2 08:24:41 2020 UTC (4 years, 6 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -2 lines
Revbump for icu

Revision 1.5: download - view: text, markup, annotated - select for diffs
Sun Apr 12 08:29:10 2020 UTC (4 years, 8 months ago) by adam
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -1 lines
Recursive revision bump after textproc/icu update

Revision 1.4: download - view: text, markup, annotated - select for diffs
Tue Feb 11 08:00:57 2020 UTC (4 years, 10 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -3 lines
Update opendnssec2 to version 2.1.6.

Upstream changes:

OpenDNSSEC 2.1.6 - 2020-02-11:

* OPENDNSSEC-913: verify database connection upon every use.
* OPENDNSSEC-944: bad display of date of next transition (regression)
* SUPPORT-250: missing signatures on using combined keys (CSK)
* OPENDNSSEC-945: memory leak per command to enforcer.
* OPENDNSSEC-946: unclean enforcer exit in case of certain config
  problems.
* OPENDNSSEC-411: set-policy command to change policy of zone
  (experimental).  Requestes explicit enforce command to take effect.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Fri Jan 31 16:08:48 2020 UTC (4 years, 10 months ago) by he
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +3 -2 lines
Insist on using pkgsrc sqlite3; I got SEGV's via call of null pointers
with the built-in sqlite3 on NetBSD 8.0.
Bump PKGREVISION.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Sat Jan 18 21:50:41 2020 UTC (4 years, 10 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -1 lines
*: Recursive revision bump for openssl 1.1.1.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Wed Nov 6 13:44:38 2019 UTC (5 years, 1 month ago) by he
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Make a separate package for OpenDNSSEC version 2.1.5.

OpenDNSSEC version 2 is not a drop-in replacement for OpenDNSSEC version 1.
See lib/opendnssec/README.md for migration instructions if you were
previously using version 1.

Upstream changes since OpenDNSSEC version 1.4.x:


OpenDNSSEC 2.1.5 - 2019-11-05

* SUPPORT-245: Resolve memory leak in signer introduced in 2.1.4.
* SUPPORT-244: Don't require Host and Port to be specified in conf.xml
  when migrating with a MySQL-based enforcer database backend.
* Allow for MySQL database to pre-exist when performing a migration,
  and be a bit more verbose during migration.
* New -f argument to ods-enforcer key list to show the full list of key states,
  similar to combinining -d and -v.
* Fix AllowExtraction tag in configuration file definition (thanks to raixie1A).
* SUPPORT-242: Skip over EDNS cookie option (thanks to HÃ¥vard Eidne and
  Ulrich-Lorenz Schlueter).
* SUPPORT-240: Prevent exit of enforcer daemon upon interrupted interaction
  with CLI commands.
* Correct some error messages (thanks to Jonas Berlin).


OpenDNSSEC 2.1.4 - 2019-05-16

* SUPPORT-229: Missing signatures for key new while signatures for old key
  still present under certain kasp policies, leading to bogus zones.
  Root cause for bug existed but made prominent since 2.1.3 release.
* OPENDNSSEC-942: time leap command for signer for debugging purposes
  only, not to be used on actual deployments.
* OPENDNSSEC-943: support build on MacOS with missing pthread barriers
* SUPPORT-229: fixed for too early retivement of signatures upon double
  rrsig key roll signing strategy.
* Strip build directory from doxygen docs
* remove bashisms from ods-kasp2html.in
* upgrade developer build scripts to softhsm-2.5.0 update some platform
  dependent files (only for developers).
* The ods-signer and ods-signerd man page should be in section 8 not 22
  Note that this might mean that package managers should remove the older
  man pages from the old location.


OpenDNSSEC 2.1.3 - 2017-08-10

* OPENDNSSEC-508: Tag <RolloverNotification> was not functioning correctly
* OPENDNSSEC-901: Enforcer would ignore <ManualKeyGeneration/> tag in conf.xml
* OPENDNSSEC-906: Tag <AllowExtraction> tag included from late 1.4 development
* OPENDNSSEC-894: repair configuration script to allow excluding the build of
                  the enforcer.
* OPENDNSSEC-890: Mismatching TTLs in record sets would cause bogus signatures.
* OPENDNSSEC-886: Improper time calculation on 32 bits machine causes purge
                  time to be skipped.
* OPENDNSSEC-904 / SUPPORT-216 autoconfigure fails to properly identify
                  functions in ssl library on certain distributions
                  causing tsig unknown algorithm hmac-sha256
* OPENDNSSEC-908: Warn when TTL exceeds KASP's MaxZoneTTL instead of capping.


OpenDNSSEC 2.1.1 - 2017-04-28

* OPENDNSSEC-882: Signerd exit code always non-zero.
* OPENDNSSEC-889: MySQL migration script didn't work for all database and
  MySQL versions.
* OPENDNSSEC-887: Segfault on extraneous <Interval> tag.
* OPENDNSSEC-880: Command line parsing for import key command failed.
* OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for
  same rrset are mismatching.


OpenDNSSEC 2.1.0 - 2017-02-22

* If listening port for signer is not set in conf file, the default value
  "15354" is used.
* Enforce and signconf tasks are now scheduled individually per zone. Resign
  per policy.
* OPENDNSSEC-450: Implement support for ECDSA P-256, P-384, GOST.
  Notice: SoftHSMv1 only supports RSA. SoftHSMv2 can be compiled with
  support for these.
* zone delete removes tasks associated with zone from queue.
* Show help for ods-enforcer-db-setup
* OPENDNSSEC-778: Double NSEC3PARAM record after resalt.
* In the kasp file, KSK/ZSK section, the algorithm length MUST be set now.
* signer clear <zone> would assert when signconf wasn't read yet.
* The <Interval> tag had been deprecated, and is now no longer allowed to
  be specified in the conf.xml for the Enforcer.
* OPENDNSSEC-864: ods-signer didn't print help. Also --version and --socket
  options where not processed.
* OPENDNSSEC-869: ds-seen command did not give error on badly formatted keytag.
* OPENDNSSEC-681: After fork() allow child process to pass error messages to
  parent so they can be printed to the console in case of failed start.
* OPENDNSSEC-849: Crash on free of part of IXFR structure.
* OPENDNSSEC-759: Reduce HSM access during ods-signerd start. Daemon should
  start quicker and earlier available for user input.
* OPENDNSSEC-479: Transferring zones and sending notifies through
  a bound socket , using the same interface as listener.
* Key cache is now shared between threads.
* OPENDNSSEC-858: Don't print "completed in x seconds" to stderr for enforcer
  commands.
* Various memory leaks
* OPENDNSSEC-601: signer and enforcer working dir would not properly
  fallback to default when not specified.
* OPENDNSSEC-503: Speed up initial signing and algorithm rollover.
* A bash autocompletion script is included in contrib for ods-enforcer and
  ods-signer.
* SUPPORT-208: Strip comment from key export.
* OPENDNSSEC-552: On key export don't print SHA1 DS by default.
  (introduced --sha1 option to key export.) Usage of sha1 is deprecated and
  will be removed from future versions of OpenDNSSEC.


OpenDNSSEC 2.0.1 - 2016-07-21

* Fixed crash and linking issue in ods-migrate.
* Fixed case where 2.0.0 could not read backup files from 1.4.10.
* Fixed bug in migration script where key state wasn't transformed properly.


OpenDNSSEC 2.0.0-1

* include db creation scripts in dist tarball needed for migration from 1.4.


OpenDNSSEC 2.0.0 - 2016-07-07

* OpenDNSSEC-99: Skip "are you sure" messages. Add --force and -f flag to
  ods-enforcer-db-setup and hsmutil purge
* OPENDNSSEC-808: Crash on query with empty query section (thanks
  Havard Eidnes)
* OpenDNSSEC-771: Signer. Do not log warning on deleting a missing
  NSEC3PARAM RR.
* OPENDNSSEC-801: Set AA flag on outgoing AXFR.
* SUPPORT-191: Regression, Must accept notify without SOA (thanks
  Christos Trochalakis)


OpenDNSSEC 2.0b1 - 2016-04-14

First public release of OpenDNSSEC.  Initial pre-releases have been
made to a smaller audience, this pre-release is explicitly made available
to all.  At this moment, there are no known functional bugs.  There are
naturally issues, especially to make working with OpenDNSSEC easier, however
none should prevent you to use OpenDNSSEC in production for the average
case, even though this is a pre-release.  Which is because of the still
limited documentation, and is not being run in production yet.

* The enforcer can no longer be run on a single policy at a time
  anymore.  An enforce run will always process all zones.
* The key generate method is at this time not available.
* The key export method will not allow you to export keys for all zones
  at once (--all flag) or for a particular type of key (--keystate).
  It will not export ZSK keys.
* The zonelist.xml in etc/opendnssec is no longer updated automatically,
  and by default works as if the --no-xml flag was specified.  Use
  --xml to the zone add command to update the zonelist.xml.  If updating
  the zonelist fails, the zone will still be added and not updated in
  the xml with future zone adds.
* Plugins directory renamed to contrib.
* Default signer working directory renamed from tmp to signer.
* Configure option --with-database-backend renamed --with-enforcer-database
* Zones on a manual rollover policy will not get a key assigned to them
  immediately.


OpenDNSSEC 2.0.0a5

Project transfer to NLnetLabs, performing code drop as-is for evaluation
purposes only.


OpenDNSSEC 2.0.0a4 (EnforcerNG branch)

* SUPPORT-72: Improve logging when failed to increment serial in case
  of key rollover and serial value "keep" [OPENDNSSEC-461].
* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
  key directly if SkipPublicKey is used [OPENDNSSEC-573].
* OPENDNSSEC-106: Add 'ods-enforcerd -p <policy>' option. This prompts the
  enforcer to run once and only process the specified policy and associated
  zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml.
  Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen'
  command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command
  could warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default <input>
  and <output> values for DNS adapters.
* OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import' to
  check if there is a matching key in the repository before import.
* OPENDNSSEC-281: Enforcer NG: Commandhandler sometimes unresponsive.
* OPENDNSSEC-276, Enforcer NG: HSM initialized after fork().
* OPENDNSSEC-330: Signer Engine: NSEC3PARAM TTL is default TTL again, to
  prevent bad caching effects on resolvers.
* OPENDNSSEC-428: Add option for 'ods-ksmutil key generate' to take
  number of zones as a parameter
* OPENDNSSEC-515: Signer Engine: Don't replace tabs in RR with whitespace.

Bugfixes:
* OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature
  cleanup.
* OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
* OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back
  to AXFR.
* OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use
  inbound serial.


OpenDNSSEC 2.0.0a3 (EnforcerNG branch) - 2012-06-18
Bugfixes:
* SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write
  error [OPENDNSSEC-427].
* SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection
  error during signing [OPENDNSSEC-444].
* OPENDNSSEC-401: 'ods-signer sign <zone> --serial <nr>' command produces seg
  fault when run directly on command line (i.e. not via interactive mode)
* OPENDNSSEC-440: 'ods-ksmutil key generate' and the enforcer can create
  too many keys if there are keys already available and the KSK and ZSK use
  same algorithm and length
* OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead
  of memory. Makes response non-blocking.
* OPENDNSSEC-425 Change "hsmutil list" output so that the table header goes
  to stdout not stderr
* OPENDNSSEC-438: 'ods-ksmutil key generate' and the enforcer can create
  too many keys for <SharedKeys/> policies when KSK and ZSK use same
  algorithm and length
* OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling
* Signer Engine: Improved Inbound XFR checking.
* Signer Engine: Fix double free corruption in case of adding zone with
  DNS Outbound Adapters and NotifyCommand enabled.
* Enforcer: Limit number of pregenerated keys when using <SharedKeys>.
* Enforcer: MySQL database backend implemented.
* Enforcer: New directive <MaxZoneTTL> to make safe assumptions about
  zonefile.
* Enforcer: New zone add command, allow specifying adapters.
* Enforcer: New zone del command, use --force for still signed zones.
* Enforcer: Pre-generate keys on the HSM.
* Enforcer: SQLite database backend implemented.
* OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA
  Minimum change.

Bugfixes:
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>