./security/opendnssec, OSS for a fast and easy DNSSEC deployment

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.4nb1, Package name: opendnssec-1.4.4nb1, Maintainer: pettai

The OpenDNSSEC project announces the development of Open Source software
that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.


Required to run:
[textproc/libxml2] [net/ldns] [security/softhsm]

Required to build:
[devel/cunit]

Package options: softhsm

Master sites:

SHA1: c204659dc53d47a16481f19fbc709b292c445c7d
RMD160: 3c19c6625f37410356f292c8792421d6becb0043
Filesize: 986.063 KB

Version history: (Expand)


CVS history: (Expand)


   2014-04-09 09:27:19 by OBATA Akio | Files touched by this commit (452)
Log message:
recursive bump from icu shlib major bump.
   2014-03-27 20:51:06 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.4:

* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
  key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
  on key type and state. This allows keys in the GENERATE and DEAD state to be
  output.
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
  type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
  derived from unsigned delegations (be compatible with servers that are
  incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.

Bugfixes:
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
  [OPENDNSSEC-526].
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
  [OPENDNSSEC-529].
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
  [OPENDNSSEC-520].
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
  dates [OPENDNSSEC-553].
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of \ 
<Parent><SOA><TTL> in
  'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
  request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
  and alloctaion.
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-12-05 13:56:14 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
OpenDNSSEC 1.4.3:

Updates:
* SUPPORT-72: Improve logging when failed to increment serial in case of
  key rollover and serial value "keep" [OPENDNSSEC-461].
* OPENDNSSEC-106: Add 'ods-enforcerd -p <policy>' option. This prompts
  the enforcer to run once and only process the specified policy
  and associated zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml.
  Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen'
  command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command could
  warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default <input>
  and <output> values for DNS adapters.
* OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import'
  to check if there is a matching key in the repository before import.

Bugfixes:
* OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
* OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
* OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back
  to AXFR.
* OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use
  inbound serial.
   2013-12-04 18:03:02 by Jonathan Perkin | Files touched by this commit (1)
Log message:
Pull in OpenSSL to fix non-builtin case.  Use C99.  Fixes SunOS build.

Patches from Sebastian Wiedenroth.
   2013-10-19 11:07:13 by Adam Ciarcinski | Files touched by this commit (346)
Log message:
Revbump after updating textproc/icu
   2013-09-17 14:34:45 by Fredrik Pettai | Files touched by this commit (1) | Package updated
Log message:
Updated MESSAGE file to reflect current
   2013-09-13 23:59:51 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.2 - 2013-09-11

* OPENDNSSEC-428: ods-ksmutil: Add option for 'ods-ksmutil key generate' to
  take number of zones as a parameter

Bugfixes:
* SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write
  error [OPENDNSSEC-427].
* SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection
  error during signing [OPENDNSSEC-444].
* OPENDNSSEC-401: 'ods-signer sign <zone> --serial <nr>' command \ 
produces seg
  fault when run directly on command line (i.e. not via interactive mode)
* OPENDNSSEC-440: 'ods-ksmutil key generate' and the enforcer can create
  too many keys if there are keys already available and the KSK and ZSK use
  same algorithm and length
* OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead
  of memory. Makes response non-blocking.
* OPENDNSSEC-425 Change "hsmutil list" output so that the table header goes
  to stdout not stderr
* OPENDNSSEC-438: 'ods-ksmutil key generate' and the enforcer can create
  too many keys for <SharedKeys/> policies when KSK and ZSK use same
  algorithm and length
* OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling
* Signer Engine: Improved Inbound XFR checking.
* Signer Engine: Fix double free corruption in case of adding zone with
  DNS Outbound Adapters and NotifyCommand enabled.