./security/opendnssec, OSS for a fast and easy DNSSEC deployment

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.6nb2, Package name: opendnssec-1.4.6nb2, Maintainer: pettai

The OpenDNSSEC project announces the development of Open Source software
that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.


Required to run:
[textproc/libxml2] [net/ldns] [security/softhsm]

Required to build:
[devel/cunit]

Package options: softhsm

Master sites:

SHA1: 2318b31546d0d4118cd03b9591ba76d259e1b0b0
RMD160: a7c3bbfa42edd64fffbb0680db6f9c372ded2c85
Filesize: 990.541 KB

Version history: (Expand)


CVS history: (Expand)


   2014-10-28 14:26:37 by Havard Eidnes | Files touched by this commit (2)
Log message:
Add an rc.d script for NetBSD.
   2014-10-07 18:47:38 by Adam Ciarcinski | Files touched by this commit (442)
Log message:
Revbump after updating libwebp and icu
   2014-09-27 21:41:06 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
OpenDNSSEC 1.4.6 - 2014-07-21

* Signer Engine: Print secondary server address when logging notify reply
  errors.
* Build: Fixed various OpenBSD compatibility issues.
* OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and
  signer, and <SocketFile> for the signer.
* New tool: ods-getconf: to retrieve a configuration value from conf.xml
  given an expression.

Bugfixes:
* OPENDNSSEC-469: ods-ksmutil: 'zone add' command when zonelist.xml.backup
  can't be written zone is still added to database, solved it by checking the
  zonelist.xml.backup is writable before adding zones, and add error message
  when add zone failed.
* OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone
  the first time due to RFC 1982 serial arethmetic.
* OPENDNSSEC-619: memory leak when signer failed, solved it by add
  ldns_rr_free(signature) in libhsm.c
* OPENDNSSEC-627: Signer Engine: Unable to update serial after restart
  when the backup files has been removed.
* OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed
  from debug to info.
* OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
* libhsm: Fixed a few other memory leaks.
* simple-dnskey-mailer.sh: Fix syntax error.
   2014-06-09 12:18:13 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.5

Bugfixes:
* OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key
  generation.
* OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4
  on MySQL.
   2014-04-09 09:27:19 by OBATA Akio | Files touched by this commit (452)
Log message:
recursive bump from icu shlib major bump.
   2014-03-27 20:51:06 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.4:

* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
  key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
  on key type and state. This allows keys in the GENERATE and DEAD state to be
  output.
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
  type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
  derived from unsigned delegations (be compatible with servers that are
  incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.

Bugfixes:
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
  [OPENDNSSEC-526].
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
  [OPENDNSSEC-529].
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
  [OPENDNSSEC-520].
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
  dates [OPENDNSSEC-553].
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of \ 
<Parent><SOA><TTL> in
  'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
  request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
  and alloctaion.
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-12-05 13:56:14 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
OpenDNSSEC 1.4.3:

Updates:
* SUPPORT-72: Improve logging when failed to increment serial in case of
  key rollover and serial value "keep" [OPENDNSSEC-461].
* OPENDNSSEC-106: Add 'ods-enforcerd -p <policy>' option. This prompts
  the enforcer to run once and only process the specified policy
  and associated zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml.
  Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen'
  command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command could
  warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default <input>
  and <output> values for DNS adapters.
* OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import'
  to check if there is a matching key in the repository before import.

Bugfixes:
* OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
* OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
* OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back
  to AXFR.
* OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use
  inbound serial.