pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/opendnssec

Module Name:    pkgsrc
Committed By:   pettai
Date:           Mon Jan 24 20:30:28 UTC 2011

Modified Files:
        pkgsrc/security/opendnssec: Makefile PLIST distinfo
        pkgsrc/security/opendnssec/patches: patch-aa

Log Message:
OpenDNSSEC 1.2.0:

* Enforcer: Fixed a number of build warnings.

OpenDNSSEC 1.2.0rc3:

* Moved migration instructions to the file MIGRATION

* Bugreport #199: The previous DB schema change made the zone removal broken.
* Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk).
* Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand.
* Enforcer: Replace tab with a space character in the DNSKEY printed to syslog.
* Enforcer: Fixed pontential format string bug.
* ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby.
* Signer Engine: Don't be smart with RRSIG TTLs, the hsm will set them for you.
* Signer Engine: Set notify command for zone when receiving ods-signer update.
* Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed
  in KASP.
* Signer Engine: Now logs to the correct facility.
* Signer Engine: Also remove NSEC records when detecting changes in
  signconf <Denial>
* Signer Engine: Dropped privileges before starting Zonefetcher.

OpenDNSSEC 1.2.0rc2:

* Signer Engine: Use the correct TTL for RRs after the $INCLUDE directive.
* Signer Engine: Also create new signature if TTL of RR has changed.
* Signer Engine: Drop old NSEC/NSEC3 records.
* ods-ksmutil: Fixed some memory leaks.

OpenDNSSEC 1.2.0rc1:

* New commandline option for the signer: ods-signer running.
* Allow connection to different MySQL ports in the Enforcer.
* Tone down and explain warning when converting M or Y to seconds
* ldns 1.6.7 is required for bugfixes
* dnsruby 1.51 is required for bugfixes

* Bugreport #187: ods-control signer start will return non-zero if start up
  failed (uses ods-signer running).
* Narrow glue at the zone cut is allowed, do not consider it as occluded.
* Move zone fetcher output to correct input adapter file.
* Enforcer shared keys on zones with ShareKeys disabled.
* Make names of key states consistent.
* Signer Engine file descriptor leak fix on engine.sock.
* Set explicit "unlimited" repository capacity to prevent random integer being
  read. Requires "ods-ksmutil update conf" to be run if using an existing
* Fix issue with key generation creating too many keys Ticket #194.
* Bugreport #189: Auditor did not handle white-space-seperated substrings
  for base64 text
* Bugreport #190: Auditor (and signer) does not handle case correctly
* Signer now silence stdout-output from the notify command

OpenDNSSEC 1.2.0b1:

* A new signer engine, written in c. Zones are maintained in memory, instead of
  in files on disk.
* Removed the python and python-4suite-xml dependencies.
* Remove separate autoconf for libhsm/conf/enforcer.
* Add option to disable building the signer.
* Signer logs statistics just after outputting a new signed zone.
* libhsm will skip processing (and not create) any public keys if the
  per repository option <SkipPublicKey/> is set.
* Keysharing improved - keys can now exist in different states on each zone
  that the key is in use for.
* Backup prepare/commit/rollback added for 2-step backups without taking the
  enforcer offline.
* Standby keys are now optional (default to 0) and should be considered

* Fix semantics of refresh value in Signer Engine.
* Auditor handles chains of empty nonterminals correctly.
* Recalculate salt immediately if the saltlength is changed.
* libhsm connected to slot 0 if the token label was not found.
  An error is now returned instead of connecting to the slot.
* Bugreport #102: Removed the obsoleted python-4suite-xml dependency.
* Fixed Known Issue: KSK rollover requires manual timing.
* Fixed Known Issue: Key rollover and reuse of signatures.
* Fixed Known Issue: Issue with sharing keys and adding zones.
* Fixed Known Issue: Quicksorter does not allow certain owner names
  (Quicksorter is removed, signer now reads and sorts the zone).

To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/opendnssec/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/opendnssec/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/opendnssec/distinfo
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/security/opendnssec/
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/opendnssec/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index