./security/opendnssec, OSS for a fast and easy DNSSEC deployment

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.5, Package name: opendnssec-1.4.5, Maintainer: pettai

The OpenDNSSEC project announces the development of Open Source software
that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.


Required to run:
[textproc/libxml2] [net/ldns] [security/softhsm]

Required to build:
[devel/cunit]

Package options: softhsm

Master sites:

SHA1: da2d97669a7688321ea563e0a512531d932f19d6
RMD160: 59982e781baa71f3a61be4c64c588668512e4da0
Filesize: 986.282 KB

Version history: (Expand)


CVS history: (Expand)


   2014-06-09 12:18:13 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.5

Bugfixes:
* OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key
  generation.
* OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4
  on MySQL.
   2014-04-09 09:27:19 by OBATA Akio | Files touched by this commit (452)
Log message:
recursive bump from icu shlib major bump.
   2014-03-27 20:51:06 by Fredrik Pettai | Files touched by this commit (2)
Log message:
OpenDNSSEC 1.4.4:

* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
  key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
  on key type and state. This allows keys in the GENERATE and DEAD state to be
  output.
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
  type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
  derived from unsigned delegations (be compatible with servers that are
  incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.

Bugfixes:
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
  [OPENDNSSEC-526].
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
  [OPENDNSSEC-529].
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
  [OPENDNSSEC-520].
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
  dates [OPENDNSSEC-553].
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of \ 
<Parent><SOA><TTL> in
  'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
  request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
  and alloctaion.
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-12-05 13:56:14 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
OpenDNSSEC 1.4.3:

Updates:
* SUPPORT-72: Improve logging when failed to increment serial in case of
  key rollover and serial value "keep" [OPENDNSSEC-461].
* OPENDNSSEC-106: Add 'ods-enforcerd -p <policy>' option. This prompts
  the enforcer to run once and only process the specified policy
  and associated zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml.
  Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen'
  command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command could
  warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default <input>
  and <output> values for DNS adapters.
* OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import'
  to check if there is a matching key in the repository before import.

Bugfixes:
* OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
* OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
* OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back
  to AXFR.
* OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use
  inbound serial.
   2013-12-04 18:03:02 by Jonathan Perkin | Files touched by this commit (1)
Log message:
Pull in OpenSSL to fix non-builtin case.  Use C99.  Fixes SunOS build.

Patches from Sebastian Wiedenroth.
   2013-10-19 11:07:13 by Adam Ciarcinski | Files touched by this commit (346)
Log message:
Revbump after updating textproc/icu
   2013-09-17 14:34:45 by Fredrik Pettai | Files touched by this commit (1) | Package updated
Log message:
Updated MESSAGE file to reflect current