pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/opendnssec Update OpenDNSSEC to version 1.4.10.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/4aff79b1c706
branches:  trunk
changeset: 348142:4aff79b1c706
user:      he <he%pkgsrc.org@localhost>
date:      Wed Jun 08 08:35:10 2016 +0000

description:
Update OpenDNSSEC to version 1.4.10.

News:

  This release fix targets stability issues which have had a history
  and had been hard to reproduce.  Stability should be improved,
  running OpenDNSSEC as a long term service.

  Changes in TTL in the input zone that seem not to be propagated,
  notifies to slaves under load that where not handled properly and
  could lead to assertions.  NSEC3PARAM that would appear duplicate
  in the resulting zone, and crashes in the signer daemon in seldom
  race conditions or re-opening due to a HSM reset.

  No migration steps needed when upgrading from OpenDNSSEC 1.4.9.

  Also have a look at our OpenDNSSEC 2.0 beta release, its impending
  release will help us forward with new development and signal phasing
  out historic releases.

Fixes:

 * SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed
   zone.  After a resalt the signer would fail to remove the old
   NSEC3PARAM RR until a manual resign or incoming transfer.  Old
   NSEC3PARAMS are removed when inserting a new record, even if
   they look the same.

 * OPENDNSSEC-725: Signer did not properly handle new update while
   still distributing notifies to slaves.  An AXFR disconnect looked
   not to be handled gracefully.

 * SUPPORT-171: Signer would sometimes hit an assertion using DNS
   output adapter when .ixfr was missing or corrupt but .backup file
   available.  Above two issues also in part addresses problems
   with seemingly corrected backup files (SOA serial).  Also an
   crash on badly configured DNS output adapters is averted.

 * The signer daemon will now refuse to start when failed to open
   a listen socket for DNS handling.

 * OPENDNSSEC-478 OPENDNSSEC-750 OPENDNSSEC-581 OPENDNSSEC-582
   SUPPORT-88: Segmentation fault in signer daemon when opening and
   closing hsm multiple times.  Also addresses other concurrency
   access by avoiding a common context to the HSM (a.k.a. NULL
   context).

 * OPENDNSSEC-798: Improper use of key handles across hsm reopen,
   causing keys not to be available after a re-open.

 * SUPPORT-186: IXFR disregards TTL changes, when only TTL of an
   RR is changed.  TTL changes should be treated like any other
   changes to records.  When OpenDNSSEC now overrides a TTL value,
   this is now reported in the log files.

diffstat:

 security/opendnssec/Makefile                                 |   5 +--
 security/opendnssec/distinfo                                 |  12 +++++-----
 security/opendnssec/patches/patch-enforcer_utils_Makefile.in |  14 ++---------
 3 files changed, 11 insertions(+), 20 deletions(-)

diffs (66 lines):

diff -r d6d1a6143d94 -r 4aff79b1c706 security/opendnssec/Makefile
--- a/security/opendnssec/Makefile      Wed Jun 08 08:19:52 2016 +0000
+++ b/security/opendnssec/Makefile      Wed Jun 08 08:35:10 2016 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.56 2016/04/11 19:02:03 ryoon Exp $
+# $NetBSD: Makefile,v 1.57 2016/06/08 08:35:10 he Exp $
 #
 
-DISTNAME=      opendnssec-1.4.9
-PKGREVISION=   3
+DISTNAME=      opendnssec-1.4.10
 CATEGORIES=    security net
 MASTER_SITES=  http://www.opendnssec.org/files/source/
 
diff -r d6d1a6143d94 -r 4aff79b1c706 security/opendnssec/distinfo
--- a/security/opendnssec/distinfo      Wed Jun 08 08:19:52 2016 +0000
+++ b/security/opendnssec/distinfo      Wed Jun 08 08:35:10 2016 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.32 2016/02/25 11:06:57 he Exp $
+$NetBSD: distinfo,v 1.33 2016/06/08 08:35:10 he Exp $
 
-SHA1 (opendnssec-1.4.9.tar.gz) = 08736372058b5f1e5344261b21cf950243d74abb
-RMD160 (opendnssec-1.4.9.tar.gz) = c44ed64fb1471d944d2964ec970d8e498a3927f6
-SHA512 (opendnssec-1.4.9.tar.gz) = 5cf571750ff205667f5162f28c7575e28f15a7367afce5bb3cd3da080f429c3e0457f597abb76ba260f781a340a4ef78e991252404e694a10a051190d50b5c7f
-Size (opendnssec-1.4.9.tar.gz) = 1043700 bytes
+SHA1 (opendnssec-1.4.10.tar.gz) = c83c452b9951df8dd784d7c39aae90363f1a1213
+RMD160 (opendnssec-1.4.10.tar.gz) = 0ee7e1b282da6839be919b18faf9fbe567bfc130
+SHA512 (opendnssec-1.4.10.tar.gz) = 00ba6ceba595f9d4d7736af982b78779f204eb52fcf92222256792368328647ca1a4c84b4db64dcdd9a0119292f132a4efd15e60436c2a125bf6a8fb3f33540e
+Size (opendnssec-1.4.10.tar.gz) = 1036069 bytes
 SHA1 (patch-aa) = 104e077af6c368cbb5fc3034d58b2f2249fcf991
 SHA1 (patch-enforcer_utils_Makefile.am) = 80915dee723535e5854e62bc18f00ba2d5d7496c
-SHA1 (patch-enforcer_utils_Makefile.in) = fa37bd2c31594b23a5fd3797361dcd6125678d94
+SHA1 (patch-enforcer_utils_Makefile.in) = 6c1b4ad25956bfcc8b410a8ca22f2581e64198d1
diff -r d6d1a6143d94 -r 4aff79b1c706 security/opendnssec/patches/patch-enforcer_utils_Makefile.in
--- a/security/opendnssec/patches/patch-enforcer_utils_Makefile.in      Wed Jun 08 08:19:52 2016 +0000
+++ b/security/opendnssec/patches/patch-enforcer_utils_Makefile.in      Wed Jun 08 08:35:10 2016 +0000
@@ -1,18 +1,10 @@
-$NetBSD: patch-enforcer_utils_Makefile.in,v 1.3 2015/11/16 10:09:08 he Exp $
+$NetBSD: patch-enforcer_utils_Makefile.in,v 1.4 2016/06/08 08:35:10 he Exp $
 
 Regenerate after adding installation of migration scripts to Makefile.am.
 
 --- enforcer/utils/Makefile.in.orig    2015-10-05 14:20:51.000000000 +0000
 +++ enforcer/utils/Makefile.in
-@@ -423,7 +423,6 @@ pkcs11_softhsm_module = @pkcs11_softhsm_
- prefix = @prefix@
- program_transform_name = @program_transform_name@
- psdir = @psdir@
--runstatedir = @runstatedir@
- sbindir = @sbindir@
- sharedstatedir = @sharedstatedir@
- srcdir = @srcdir@
-@@ -798,7 +797,8 @@ info: info-am
+@@ -797,7 +797,8 @@ info: info-am
  
  info-am:
  
@@ -22,7 +14,7 @@
  
  install-dvi: install-dvi-am
  
-@@ -856,20 +856,27 @@ uninstall-man: uninstall-man1
+@@ -855,20 +856,27 @@ uninstall-man: uninstall-man1
        ctags ctags-am distclean distclean-compile distclean-generic \
        distclean-libtool distclean-tags distdir dvi dvi-am html \
        html-am info info-am install install-am install-binPROGRAMS \



Home | Main Index | Thread Index | Old Index