/opendnssec, OSS for a fast and easy DNSSEC deployment
1.4.6nb4, Package name:
opendnssec-1.4.6nb4, Maintainer: pettai
The OpenDNSSEC project announces the development of Open Source software
that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.
Required to run:
] Required to build:
] Package options
Master sites: SHA1:
Version history: (Expand)
- (2014-11-04) Updated to version: opendnssec-1.4.6nb4
- (2014-10-31) Updated to version: opendnssec-1.4.6nb3
- (2014-10-28) Updated to version: opendnssec-1.4.6nb2
- (2014-10-08) Updated to version: opendnssec-1.4.6nb1
- (2014-09-28) Updated to version: opendnssec-1.4.6
- (2014-06-09) Updated to version: opendnssec-1.4.5
CVS history: (Expand)
| 2014-11-04 10:41:02 by Havard Eidnes | Files touched by this commit (3) | |
There's one more useless ntohl(), get rid of that as well.
| 2014-10-31 17:32:39 by Havard Eidnes | Files touched by this commit (4) | |
Fix a bug related to restoring various data from .xfrd-state files:
there's no need to byte-swap values read from a local file.
This would cause some IXFRs to mysteriously and consistently fail
until manual intervention is done, because the wrong (byte-swapped)
SOA serial# was being stuffed into the IXFR requests.
Also fix the rc.d script to not insist that the components must be
running to allow "stop" to proceed, so that "restart" or \
be done if one or both of the processes have exited or crashed.
| 2014-10-28 14:26:37 by Havard Eidnes | Files touched by this commit (2) |
Add an rc.d script for NetBSD.
| 2014-10-07 18:47:38 by Adam Ciarcinski | Files touched by this commit (442) |
Revbump after updating libwebp and icu
| 2014-09-27 21:41:06 by Fredrik Pettai | Files touched by this commit (3) | |
OpenDNSSEC 1.4.6 - 2014-07-21
* Signer Engine: Print secondary server address when logging notify reply
* Build: Fixed various OpenBSD compatibility issues.
* OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and
signer, and <SocketFile> for the signer.
* New tool: ods-getconf: to retrieve a configuration value from conf.xml
given an expression.
* OPENDNSSEC-469: ods-ksmutil: 'zone add' command when zonelist.xml.backup
can't be written zone is still added to database, solved it by checking the
zonelist.xml.backup is writable before adding zones, and add error message
when add zone failed.
* OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone
the first time due to RFC 1982 serial arethmetic.
* OPENDNSSEC-619: memory leak when signer failed, solved it by add
ldns_rr_free(signature) in libhsm.c
* OPENDNSSEC-627: Signer Engine: Unable to update serial after restart
when the backup files has been removed.
* OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed
from debug to info.
* OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
* libhsm: Fixed a few other memory leaks.
* simple-dnskey-mailer.sh: Fix syntax error.
| 2014-06-09 12:18:13 by Fredrik Pettai | Files touched by this commit (2) |
* OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key
* OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4
| 2014-04-09 09:27:19 by OBATA Akio | Files touched by this commit (452) |
recursive bump from icu shlib major bump.
| 2014-03-27 20:51:06 by Fredrik Pettai | Files touched by this commit (2) |
* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
on key type and state. This allows keys in the GENERATE and DEAD state to be
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
derived from unsigned delegations (be compatible with servers that are
incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of \
'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.