non port: dns/opendnssec/distinfo |
Number of commits found: 31 |
Tuesday, 2 May 2017
|
19:29 pi
dns/opendnssec: update 1.4.12 -> 1.4.14
- OPENDNSSEC-888: Fix up MySQL<->SQLite3 database conversion script.
- OPENDNSSEC-752: Incorrect calculated number of KSKs needed when
KSK and ZSK have exactly the same parameters. This would prevent
KSK rollovers.
- OPENDNSSEC-890: Bogus signatures on mismatching TTLs within the same RRset.
PR: 218994
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Thursday, 20 Oct 2016
|
09:09 robak
dns/opendnssec: update 1.4.10 -> 1.4.12
PR: 213610
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2016Q4
|
Thursday, 5 May 2016
|
17:09 pi
dns/opendnssec: 1.4.9 -> 1.4.10
This release fix targets stability issues which have had a history and
have been hard to reproduce. Issues that have been reported over the
past half year have been fixed that may have even come up earlier as
rare occasions.
Stability should be improved, running OpenDNSSEC as a long term service.
Changes in TTL in the input zone that seem not to be propagated,
notifies to slaves under heavy zone activity load that where not handled
properly and could lead to assertions.
NSEC3PARAM that would appear duplicate in the resulting zone, and
crashes in the signer daemon in seldom race conditions or re-opening due
to a HSM reset.
No migration steps needed when upgrading from OpenDNSSEC 1.4.9.
Also have a look at our OpenDNSSEC 2.0 beta release, its impending
release will help us forward with new development and signal phasing out
historic releases.
Fixes:
- SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed
zone. After a resalt the signer would fail to remove the old
NSEC3PARAM RR until a manual resign or incoming transfer.
Old NSEC3PARAMS are removed when inserting a new record, even if
they look the same.
- OPENDNSSEC-725: Signer did not properly handle new update while still
distributing notifies to slaves.
An AXFR disconnect looked not to be handled gracefully.
- SUPPORT-171: Signer would sometimes hit an assertion using DNS output
adapter when .ixfr was missing or corrupt but .backup file available.
- Above two issues also in part addresses problems with seemingly
corrected backup files (SOA serial). Also an crash on badly
configured DNS output adapters is averted.
- The signer daemon will now refuse to start when failed to open a
listen socket for DNS handling.
- OPENDNSSEC-478,750,581 and 582 and SUPPORT-88:
Segmentation fault in signer daemon when opening and closing HSM
multiple times. Also addresses other concurrency access by avoiding
a common context to the HSM (a.k.a. NULL context).
- OPENDNSSEC-798: Improper use of key handles across hsm reopen,
causing keys not to be available after a re-open.
- SUPPORT-186: IXFR disregards TTL changes, when only TTL of an RR is
changed. TTL changes should be treated like any other changes to
records.
- When OpenDNSSEC now overrides a TTL value, this is now reported in
the log files.
PR: 209261
Submitted by: jaap@NLnetLabs.nl (mainainer)
|
Wednesday, 16 Mar 2016
|
13:33 erwin
Update to 1.4.9
The main motivations for this release are bug fixes related to use
cases with large number of zones (more than 50 zones) in combination
with an XFR based setup. Too much concurrent zone transfers causes new
transfers to be held back. These excess transfers however were not
properly scheduled for later.
No migration steps needed when upgrading from OpenDNSSEC 1.4.8.
Bugfixes:
* Add TCP waiting queue. Fix signer getting 'stuck' when adding many
zones at once. Thanks to Haavard Eidnes to bringing this to our attention.
* OPENDNSSEC-723: received SOA serial reported as on disk.
* Fix potential locking issue on SOA serial.
* Crash on shutdown. At all times join xfr and dns handler threads.
* Make handling of notifies more consistent. Previous implementation would
bounce between code paths.
Known Issues:
When using SoftHSM2 compiled with OpenSSL, and libmysql with OpenSSL
as database backend for OpenDNSSEC. "ods-ksmutil key list --verbose"
crashes on exit. This is ultimately a bug in OpenSSL and not new for
this particular release. Make sure you don't use this specific
combination.
From <https://www.opendnssec.org>
PR: 206491
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
|
Tuesday, 6 Oct 2015
|
13:54 erwin
Upgrade from version 1.4.7 to 1.4.8.2
NEWS:
* Support for RFC5011 style KSK rollovers. KSK section in the KASP now
accepts <RFC5011/> element.
* Enforcer: New repository option <AllowExtraction/> allows to generate
keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped
and extracted from HSM.
Bugfixes:
* SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
* Fixed signer hitting assertion on short reply XFR handler.
* Include revoke bit in keytag calculation.
* Increased stacksize on some systems (thanks Patrik Lundin!).
* Stop ods-signerd on SIGINT.
Fixes port problem (reported by *geoffroy desvernay*)
* Now also installs previous missing migration script convert_database.pl
PR: 203574
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
|
Wednesday, 10 Dec 2014
|
15:14 erwin
Update to 1.4.7 which fixes a bug when using DNS adapters
PR: 195686
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Wednesday, 23 Jul 2014
|
08:30 erwin
- Fix location of libsofthsm.so [1]
- Fix depency on sqlite with non-default LOCALBASE [2]
- Update to 1.4.6
Updates:
Signer Engine: Print secondary server address when logging notify reply errors.
Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin
<patrik.lundin.swe () gmail.com>.
OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and signer,
and <SocketFile> for the signer.
New tool: ods-getconf: to retrieve a configuration value from conf.xml given an
expression.
Bugfixes:
OPENDNSSEC-469: ods-ksmutil: 'zone add' command when zonelist.xml.backup can't
be written zone is still added to database, solved it by checking the
zonelist.xml.backup is writable before adding zones, and add error message when
add zone failed.
OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone the
first time due to RFC 1982 serial arethmetic.
OPENDNSSEC-619: memory leak when signer failed, solved it by add
ldns_rr_free(signature) in libhsm.c
OPENDNSSEC-627: Signer Engine: Unable to update serial after restart when the
backup files has been removed.
OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed from debug
to info.
OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
libhsm: Fixed a few other memory leaks.
simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin
https://github.com/eest)
PR: 191272 [1], 192021 [2], 192023 [3]
Submitted by: Andrew Fyfe <andrew@neptune-one.net> [1],
jhujhiti@adjectivism.org [2],
Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer) [3]
|
Wednesday, 30 Apr 2014
|
08:45 erwin
- Update to 1.4.5
Added Staging support;
Modern options handling where possible.
Bugfixes:
OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key
generation.
OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4 on
MySQL. Reported by Mark Elkins <mje@posix.co.za>
Includes the update to 1.4.4:
Updates:
SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly
if SkipPublicKey is used [OPENDNSSEC-574].
OPENDNSSEC-358: ods-ksmutil: Extend 'key list' command with options to filter on
key type and state. This allows keys in the GENERATE and DEAD state to be
output.
OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived
from unsigned delegations (be compatible with servers that are incompatible with
RFC 5155 errata 3441).
Bugfixes:
SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
[OPENDNSSEC-526].
SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
[OPENDNSSEC-529].
SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
[OPENDNSSEC-520].
SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain dates
[OPENDNSSEC-553].
SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
SUPPORT-127: ods-signer: Fix manpage sections.
OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output type
parameter to allow only File or DNS.
OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
OPENDNSSEC-531: ods-ksmutil: Exported value of in 'policy export' output could
be wrong on MySQL.
OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
request with EDNS.
OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and
alloctaion.
OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
Signer Engine: Fix a race condition when stopping daemon.
PR: 188482
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
Sponsored by: DK Hostmaster A/S
|
Thursday, 5 Dec 2013
|
20:25 sunpoet
- Update to 1.4.3
- While I'm here, add LICENSE and convert to new LIB_DEPENDS format
Changes: http://www.opendnssec.org/2013/12/04/opendnssec-1-4-3/
PR: ports/184516
Submitted by: Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)
|
Monday, 16 Sep 2013
|
12:17 mat
Update to 1.4.2
PR: 182012
Submitted by: mat
Approved by: maintainer
|
Tuesday, 2 Jul 2013
|
13:12 wg
dns/opendnssec: update to 1.4.1
- Update to 1.4.1
Changes: http://www.opendnssec.org/2013/06/27/opendnssec-1-4-1/
PR: ports/180194
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Monday, 3 Jun 2013
|
22:13 wg
- Update to 1.4.0 [1]
- Add PORTDOCS
- Install extra migration files
- Preserve 1.3.x as dns/opendnssec13
Changes: https://wiki.opendnssec.org/display/DOCS/New+in+OpenDNSSEC+1.4
PR: ports/178861 [1]
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> [1]
Approved by: culot (mentor), maintainer
|
Thursday, 21 Feb 2013
|
00:44 miwi
- Update to 1.3.13
PR: 176303
Submitted by: maintainer
|
Tuesday, 4 Dec 2012
|
08:37 rm
- update to 1.3.12
while here:
- trim Makefile header
- remove trailin dots from options descriptions
PR: 174094
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe: yes
|
Sunday, 12 Aug 2012
|
07:52 scheidell
- Update to 1.3.10
PR: ports/170544
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Sunday, 8 Jul 2012
|
12:39 scheidell
- Update to 1.3.9
- Add GIDs/UIDs 215
PR: ports/169646
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Sunday, 18 Mar 2012
|
04:44 miwi
- Update to 1.3.7
PR: 166125
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>(maintainer)
Feature safe: yes
|
Friday, 17 Feb 2012
|
17:52 jgh
- Update to 1.3.6
PR: ports/165216
Submitted by: maintainer, jaap at NLnetLabs.nl
|
Monday, 30 Jan 2012
|
12:27 culot
- Update to 1.3.5
Changes: http://www.opendnssec.org/2012/01/23/opendnssec-1-3-5/
PR: ports/164628
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Sunday, 18 Dec 2011
|
08:54 miwi
- Update to 1.3.4
PR: 163080
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Tuesday, 20 Sep 2011
|
17:40 dhn
- Update to 1.3.2
PR: ports/160828
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Friday, 15 Jul 2011
|
20:55 jlaffaye
Update to 1.3.0
PR: ports/158865
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Approved by: bapt (mentor)
|
Thursday, 24 Mar 2011
|
16:33 dhn
- Update to 1.2.1
PR: ports/155889
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Wednesday, 19 Jan 2011
|
10:49 pav
- Update to 1.2.0
PR: ports/154026
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe: yes
|
Saturday, 11 Dec 2010
|
22:48 nivit
- Add databases/sqlite3 to BUILD_DEPENDS (minimal version required 3.4.2)
- Bump PORTREVISION
- Remove MD5 checksum from distinfo
PR: ports/152542
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Sunday, 12 Sep 2010
|
18:03 araujo
- Update to 1.1.3.
PR: ports/150487
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Monday, 6 Sep 2010
|
12:11 sylvio
- Update to 1.1.2
PR: ports/150248
Submitted by: Jaap Akkerhuis <japp@nlnetlabs.nl> (maintainer)
|
Sunday, 11 Jul 2010
|
13:34 araujo
- Update to 1.1.1.
PR: ports/148476
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Saturday, 29 May 2010
|
11:47 sylvio
- Update to 1.1.0
PR: ports/147134
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Thursday, 11 Feb 2010
|
10:33 pav
- Update to 1.0.0 release
PR: ports/143712
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Thursday, 7 Jan 2010
|
06:25 wen
OpenDNSSEC was created as an open-source turn-key solution for
DNSSEC. It secures zone data just before it is published in an
authoritative name server.
WWW: http://www.opendnssec.org
PR: ports/142103
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
|
Number of commits found: 31 |