CVS commit: pkgsrc/security/opendnssec

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/opendnssec
From: "Fredrik Pettai" <pettai%netbsd.org@localhost>
Date: Sun, 18 Mar 2012 17:38:46 +0000

Module Name:    pkgsrc
Committed By:   pettai
Date:           Sun Mar 18 17:38:46 UTC 2012

Modified Files:
        pkgsrc/security/opendnssec: Makefile distinfo

Log Message:
OpenDNSSEC 1.3.7

* OPENDNSSEC-215: Signer Engine: Always recover serial from backup,
  even if it is corrupted, preventing unnecessary serial decrementals.
* OPENDNSSEC-217: Enforcer: Tries to detect pidfile staleness, so that
  the daemon will start after a power failure.

Bugfixes:
* ods-hsmutil: Fixed a small memory leak when printing a DNSKEY.
* OPENDNSSEC-216: Signer Engine: Fix duplicate NSEC3PARAM bug.
* OPENDNSSEC-218: Signer Engine: Prevent endless loop in case the locators
  in the signer backup files and the HSM are out of sync.
* OPENDNSSEC-225: Fix problem with pid found when not existing.
* SUPPORT-21: HSM SCA 6000 in combination with OpenCryptoki can return RSA key
  material with leading zeroes. DNSSEC does not allow leading zeroes in key
  data. You are affected by this bug if your DNSKEY RDATA e.g. begins with
  "BAABA". Normal keys begin with e.g. "AwEAA". OpenDNSSEC will now sanitize
  incoming data before adding it to the DNSKEY. Do not upgrade to this version
  if you are affected by the bug. You first need to go unsigned, then do the
  upgrade, and finally sign your zone again. SoftHSM and other HSM:s will not
  produce data with leading zeroes and the bug will thus not affect you.

OpenDNSSEC 1.3.6

* OPENDNSSEC-33: Signer Engine: Check HSM connection before use, attempt to
  reconnect if it is not valid.
* OPENDNSSEC-178: Signer Engine: Instead of waiting an arbitrary amount of
  time, let worker wait with pushing sign operations until the queue is
  non-full.
* Signer Engine: Adjust some log messages.

Bugfixes:
* ods-control: Wrong exit status if Enforcer was already running.
* OPENDNSSEC-56: ods-ksmutil had the wrong option for config file in the
  help usage text.
* OPENDNSSEC-207: Signer Engine: Fix communication from a process not
  attached to a shell.
* OPENDNSSEC-209: Signer Engine: Make output file adapter atomic by writing
  signed file to an intermediate file first.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/opendnssec/Makefile
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/opendnssec/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index