./security/opendnssec, OSS for a fast and easy DNSSEC deployment

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.13nb1, Package name: opendnssec-1.4.13nb1, Maintainer: pettai

The OpenDNSSEC project announces the development of Open Source software
that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.


Required to run:
[textproc/libxml2] [net/ldns] [security/softhsm]

Required to build:
[devel/cunit] [pkgtools/cwrappers]

Package options: softhsm

Master sites:

SHA1: 739e1d0178124e0930f48de529c85a6fea4fa02b
RMD160: 033059b39acb9675df0db85a3476b678fdf7e193
Filesize: 1042.248 KB

Version history: (Expand)


CVS history: (Expand)


   2017-08-07 19:56:13 by Johnny C. Lam | Files touched by this commit (26)
Log message:
Fix packages that had INSTALLATION_DIRS+=$(PKG_SYSCONFDIR}.

Set PKG_SYSCONFSUBDIR where appropriate, and use {MAKE,OWN}_DIRS to
create the directory tree under ${PKG_SYSCONFDIR} instead of using
INSTALLATION_DIRS.

Bump the PKGREVISION of packages that changed due to changes in the
package install scripts.
   2017-04-22 23:04:05 by Adam Ciarcinski | Files touched by this commit (670) | Package updated
Log message:
Revbump after icu update
   2017-01-20 17:12:39 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Update OpenDNSSEC to version 1.4.13.

Pkgsrc changes:
 * Remove patch now integrated.

Upstream changes:

OpenDNSSEC 1.4.13 - 2017-01-20

* OPENDNSSEC-778: Double NSEC3PARAM record after resalt.
* OPENDNSSEC-853: Fixed serial_xfr_acquired not updated in state file.
* Wrong error was sometimes being print on failing TCP connect.
* Add support for OpenSSL 1.1.0.
* OPENDNSSEC-866: Script for migration between MySQL and SQLite was outdated.
   2017-01-16 10:21:13 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Update OpenDNSSEC to version 1.4.12nb3.
 * Apply fix from OPENDNSSEC-778: double NSEC3PARAMS on re-salt.
   2016-12-04 06:17:46 by Ryo ONODERA | Files touched by this commit (667)
Log message:
Recursive revbump from textproc/icu 58.1
   2016-11-27 15:25:41 by Havard Eidnes | Files touched by this commit (4) | Package updated
Log message:
Avoid in effect calling xmlCleanupThreads twice, xmlCleanupParser
has already internally called the former, and doing it twice causes
an abort internally in the pthread library in NetBSD 7.0.
Bump PKGREVISION.
   2016-11-06 13:54:35 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Update OpenDNSSEC to version 1.4.12.

Local changes (retained from earlier versions):
 * Some adaptations of the build setup (conversion scripts etc.)
 * in signer/ixfr.c, log the zone name if the soamin assertion trigers
 * in signer/zone.c, if there's a bad ixfr journal file, save it, for debug

Upstream changes:

News:

  This is a bug fix release targeting a memory leak in the signer
  when being used in the "bump in the wire" model where the signer
  would send out notify messages and respond to IXFR requests for
  the signed zone. This typically would manifest itself with very
  frequent outgoing IXFRs over a longer period of time.

  When upgrading from 1.4.10 (the 1.4.11 release was skipped) no
  migration steps are needed. For upgrading from earlier releases
  see the migration steps in the individual releases, most notably
  in 1.4.8.2. This version of OpenDNSSEC does however require a
  slightly less older minimal version of the library ldns.

Fixes:

 * OPENDNSSEC-808: Crash on query with empty query section
   (thanks Havard Eidnes).
 * SUPPORT-191: Regression, Must accept notify without SOA (thanks
   Christos Trochalakis).
 * OPENDNSSEC-845: memory leak occuring when responding to IXFR
   out when having had multiple updates.
 * OPENDNSSEC-805: Avoid full resign due to mismatch in backup file
   when upgrading from 1.4.8 or later.
 * OPENDNSSEC-828: parsing zone list could show data from next zone
   when zones iterated on single line.
 * OPENDNSSEC-811,OPENDNSSEC-827,e.o.: compiler warnings and other
   static code analysis cleanup
 * OPENDNSSEC-847: Broken DNS IN notifications when pkt answer
   section is empty.
 * OPENDNSSEC-838: Crash in signer after having removed a zone.
 * Update dependency to ldns to version 1.6.17 enabling the DNS HIP record.
 * Prevent responding to queries when not fully started yet.
   2016-07-16 21:49:07 by Havard Eidnes | Files touched by this commit (5) | Package updated
Log message:
Add a couple of patches I have been using with opendnssec in our
installation:
 * Log the zone before triggering the "part->soamin" assert.
   We've seen this fire with older versions, but it's a while
   since I saw it happen.  This is to provide more debugging info
   should it fire.
 * If an .ixfr journal file is detected as "corrupted", rename it
   to <zone>.ixfr-bad instead of unlinking it, which would leave
   no trace of OpenDNSSEC's own wrongdoing.
 * If the signer is exposed, avoid a potential DoS vector with a
   crafted message.
Bump PKGREVISION.