diff options
author | he <he@pkgsrc.org> | 2016-06-08 08:35:10 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2016-06-08 08:35:10 +0000 |
commit | 7fc38a46f71b3cee35fe318bcd574d5622805070 (patch) | |
tree | 3a90ce312c2c47377a0bdded79174b017df83b24 /net/proftpd | |
parent | 682f1d174a5b7c1d524c7e58e12f64ff38c8a1b7 (diff) | |
download | pkgsrc-7fc38a46f71b3cee35fe318bcd574d5622805070.tar.gz |
Update OpenDNSSEC to version 1.4.10.
News:
This release fix targets stability issues which have had a history
and had been hard to reproduce. Stability should be improved,
running OpenDNSSEC as a long term service.
Changes in TTL in the input zone that seem not to be propagated,
notifies to slaves under load that where not handled properly and
could lead to assertions. NSEC3PARAM that would appear duplicate
in the resulting zone, and crashes in the signer daemon in seldom
race conditions or re-opening due to a HSM reset.
No migration steps needed when upgrading from OpenDNSSEC 1.4.9.
Also have a look at our OpenDNSSEC 2.0 beta release, its impending
release will help us forward with new development and signal phasing
out historic releases.
Fixes:
* SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed
zone. After a resalt the signer would fail to remove the old
NSEC3PARAM RR until a manual resign or incoming transfer. Old
NSEC3PARAMS are removed when inserting a new record, even if
they look the same.
* OPENDNSSEC-725: Signer did not properly handle new update while
still distributing notifies to slaves. An AXFR disconnect looked
not to be handled gracefully.
* SUPPORT-171: Signer would sometimes hit an assertion using DNS
output adapter when .ixfr was missing or corrupt but .backup file
available. Above two issues also in part addresses problems
with seemingly corrected backup files (SOA serial). Also an
crash on badly configured DNS output adapters is averted.
* The signer daemon will now refuse to start when failed to open
a listen socket for DNS handling.
* OPENDNSSEC-478 OPENDNSSEC-750 OPENDNSSEC-581 OPENDNSSEC-582
SUPPORT-88: Segmentation fault in signer daemon when opening and
closing hsm multiple times. Also addresses other concurrency
access by avoiding a common context to the HSM (a.k.a. NULL
context).
* OPENDNSSEC-798: Improper use of key handles across hsm reopen,
causing keys not to be available after a re-open.
* SUPPORT-186: IXFR disregards TTL changes, when only TTL of an
RR is changed. TTL changes should be treated like any other
changes to records. When OpenDNSSEC now overrides a TTL value,
this is now reported in the log files.
Diffstat (limited to 'net/proftpd')
0 files changed, 0 insertions, 0 deletions