./security/opendnssec, OSS for a fast and easy DNSSEC deployment

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.6nb4, Package name: opendnssec-1.4.6nb4, Maintainer: pettai

The OpenDNSSEC project announces the development of Open Source software
that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.


Required to run:
[textproc/libxml2] [net/ldns] [security/softhsm]

Required to build:
[devel/cunit]

Package options: softhsm

Master sites:

SHA1: 2318b31546d0d4118cd03b9591ba76d259e1b0b0
RMD160: a7c3bbfa42edd64fffbb0680db6f9c372ded2c85
Filesize: 990.541 KB

Version history: (Expand)


CVS history: (Expand)


   2014-11-04 10:41:02 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
There's one more useless ntohl(), get rid of that as well.

Bump PKGREVISION.
   2014-10-31 17:32:39 by Havard Eidnes | Files touched by this commit (4) | Package updated
Log message:
Fix a bug related to restoring various data from .xfrd-state files:
there's no need to byte-swap values read from a local file.
This would cause some IXFRs to mysteriously and consistently fail
until manual intervention is done, because the wrong (byte-swapped)
SOA serial# was being stuffed into the IXFR requests.

Ref. https://issues.opendnssec.org/browse/SUPPORT-147.

Also fix the rc.d script to not insist that the components must be
running to allow "stop" to proceed, so that "restart" or \ 
"stop" can
be done if one or both of the processes have exited or crashed.

Bump PKGREVISION.
   2014-10-28 14:26:37 by Havard Eidnes | Files touched by this commit (2)
Log message:
Add an rc.d script for NetBSD.
   2014-10-07 18:47:38 by Adam Ciarcinski | Files touched by this commit (442)
Log message:
Revbump after updating libwebp and icu
   2014-09-27 21:41:06 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
OpenDNSSEC 1.4.6 - 2014-07-21

* Signer Engine: Print secondary server address when logging notify reply
  errors.
* Build: Fixed various OpenBSD compatibility issues.
* OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and
  signer, and <SocketFile> for the signer.
* New tool: ods-getconf: to retrieve a configuration value from conf.xml
  given an expression.

Bugfixes:
* OPENDNSSEC-469: ods-ksmutil: 'zone add' command when zonelist.xml.backup
  can't be written zone is still added to database, solved it by checking the
  zonelist.xml.backup is writable before adding zones, and add error message
  when add zone failed.
* OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone
  the first time due to RFC 1982 serial arethmetic.
* OPENDNSSEC-619: memory leak when signer failed, solved it by add
  ldns_rr_free(signature) in libhsm.c
* OPENDNSSEC-627: Signer Engine: Unable to update serial after restart
  when the backup files has been removed.
* OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed
  from debug to info.
* OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
* libhsm: Fixed a few other memory leaks.
* simple-dnskey-mailer.sh: Fix syntax error.
   2014-06-09 12:18:13 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.5

Bugfixes:
* OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key
  generation.
* OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4
  on MySQL.
   2014-04-09 09:27:19 by OBATA Akio | Files touched by this commit (452)
Log message:
recursive bump from icu shlib major bump.
   2014-03-27 20:51:06 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.4:

* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
  key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
  on key type and state. This allows keys in the GENERATE and DEAD state to be
  output.
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
  type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
  derived from unsigned delegations (be compatible with servers that are
  incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.

Bugfixes:
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
  [OPENDNSSEC-526].
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
  [OPENDNSSEC-529].
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
  [OPENDNSSEC-520].
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
  dates [OPENDNSSEC-553].
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of \ 
<Parent><SOA><TTL> in
  'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
  request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
  and alloctaion.
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.