From 816f9a09872277c7614d51e7473a76a0a54e6bee Mon Sep 17 00:00:00 2001 From: pettai <pettai@pkgsrc.org> Date: Sun, 18 Mar 2012 17:38:46 +0000 Subject: OpenDNSSEC 1.3.7 * OPENDNSSEC-215: Signer Engine: Always recover serial from backup, even if it is corrupted, preventing unnecessary serial decrementals. * OPENDNSSEC-217: Enforcer: Tries to detect pidfile staleness, so that the daemon will start after a power failure. Bugfixes: * ods-hsmutil: Fixed a small memory leak when printing a DNSKEY. * OPENDNSSEC-216: Signer Engine: Fix duplicate NSEC3PARAM bug. * OPENDNSSEC-218: Signer Engine: Prevent endless loop in case the locators in the signer backup files and the HSM are out of sync. * OPENDNSSEC-225: Fix problem with pid found when not existing. * SUPPORT-21: HSM SCA 6000 in combination with OpenCryptoki can return RSA key material with leading zeroes. DNSSEC does not allow leading zeroes in key data. You are affected by this bug if your DNSKEY RDATA e.g. begins with "BAABA". Normal keys begin with e.g. "AwEAA". OpenDNSSEC will now sanitize incoming data before adding it to the DNSKEY. Do not upgrade to this version if you are affected by the bug. You first need to go unsigned, then do the upgrade, and finally sign your zone again. SoftHSM and other HSM:s will not produce data with leading zeroes and the bug will thus not affect you. OpenDNSSEC 1.3.6 * OPENDNSSEC-33: Signer Engine: Check HSM connection before use, attempt to reconnect if it is not valid. * OPENDNSSEC-178: Signer Engine: Instead of waiting an arbitrary amount of time, let worker wait with pushing sign operations until the queue is non-full. * Signer Engine: Adjust some log messages. Bugfixes: * ods-control: Wrong exit status if Enforcer was already running. * OPENDNSSEC-56: ods-ksmutil had the wrong option for config file in the help usage text. * OPENDNSSEC-207: Signer Engine: Fix communication from a process not attached to a shell. * OPENDNSSEC-209: Signer Engine: Make output file adapter atomic by writing signed file to an intermediate file first. --- security/opendnssec/Makefile | 4 ++-- security/opendnssec/distinfo | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'security') diff --git a/security/opendnssec/Makefile b/security/opendnssec/Makefile index 222ff933227..d037859fea5 100644 --- a/security/opendnssec/Makefile +++ b/security/opendnssec/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.18 2012/01/23 11:19:26 pettai Exp $ +# $NetBSD: Makefile,v 1.19 2012/03/18 17:38:46 pettai Exp $ # -DISTNAME= opendnssec-1.3.5 +DISTNAME= opendnssec-1.3.7 CATEGORIES= security net MASTER_SITES= http://www.opendnssec.org/files/source/ diff --git a/security/opendnssec/distinfo b/security/opendnssec/distinfo index 3785cf3955e..7d0eeb1d4bc 100644 --- a/security/opendnssec/distinfo +++ b/security/opendnssec/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.12 2012/01/23 11:19:26 pettai Exp $ +$NetBSD: distinfo,v 1.13 2012/03/18 17:38:46 pettai Exp $ -SHA1 (opendnssec-1.3.5.tar.gz) = 761a4b3f90045a9b7405255df4eaf2940e50fc05 -RMD160 (opendnssec-1.3.5.tar.gz) = d05cd5bc921c8b33b7961dc1d30e036923d3b157 -Size (opendnssec-1.3.5.tar.gz) = 1084245 bytes +SHA1 (opendnssec-1.3.7.tar.gz) = 2542541da1fe466f40b55f6bfee53c9b202ee014 +RMD160 (opendnssec-1.3.7.tar.gz) = 99810b4bc21f2f75ccb97af5b31ed6d4ee6a992d +Size (opendnssec-1.3.7.tar.gz) = 1085010 bytes SHA1 (patch-aa) = b29e1620649d8e348d428f6933a3c9d5c1747f8b -- cgit v1.2.3