non port: dns/opendnssec2/distinfo |
Number of commits found: 14 |
Thursday, 29 Jun 2023
|
06:35 Fernando ApesteguĂa (fernape) Author: Jaap Akkerhuis
dns/opendnssec2: Update t0 2.1.7
ChangeLog: https://www.opendnssec.org/2023/06/opendnssec-2-1-13/
This release fixes a bug that affects both signer and enforcer command
line handling. Under heavy usage of the command line there was a small
change for a crash.
Furthermore there is a small behavioural change for users of the "keep"
policy. The back-off for retrying a sign task change is now equal to
the resign period in case the input file isn't available or updated.
This because users nearly always will emit an external sign command for
this period. This will reduce logging errors.
PR: 272254
Reported by: jaap@NLnetLabs.nl (maintainer)
0c47b68 |
Sunday, 23 Apr 2023
|
17:17 Robert Clausecker (fuz) Author: Jaap Akkerhuis
dns/opendnssec2: update to 2.1.12
Changelog: https://www.opendnssec.org/2022/11/opendnssec-2-1-12
PR: 270931
dae0316 |
Monday, 18 Oct 2021
|
07:13 Yasuhiro Kimura (yasu) Author: Jaap Akkerhuis
dns/opendnssec2: Update to 2.1.10
* Pet portclippy
* Reformat Makefile with portfmt
ReleaseNotes: https://www.opendnssec.org/2021/09/opendnssec-2-1-10/
PR: 258631
Approved by: ygy (mentor)
Differential Revision: https://reviews.freebsd.org/D32536
0dc3b20 |
Wednesday, 5 May 2021
|
16:35 Neel Chauhan (nc) Author: Jaap Akkerhuis
dns/opendnssec2: Update to 2.1.9
Changes: https://www.opendnssec.org/2021/05/opendnssec-2-1-9/
PR: 255615
44de6e8 |
Friday, 5 Mar 2021
|
19:53 nc
dns/opendnssec2: Update to 2.1.8
Changes: https://www.opendnssec.org/2021/02/opendnssec-2-1-8/
PR: 253795
Submitted by: Jaap Akkerhuis <jaap AT NLnetLabs DOT nl> (maintainer)
|
Monday, 2 Nov 2020
|
14:11 dbaio
dns/opendnssec2: Update to 2.1.7
Patches removed were incorporated upstream.
Changelog: https://www.opendnssec.org/2020/10/opendnssec-2-1-7/
PR: 250293
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2020Q4 (blanket: bugfix release)
|
Tuesday, 11 Feb 2020
|
20:11 pi
dns/opendnssec2: upgrade 2.1.4 -> 2.1.6
This release of 2.1.6 fixes some issues regarding the key list
wrongfully displayed (a regression bug in 2.1.5) as well as a small
leak in the enforcer (which can add up when you bang the enforcer
with a lot of commands. And as well as a serious signing error when
using Combined Signing Keys (CSKs), this is only relevant if you
combine KSK and ZSK in one. Especially users of CSKs need this fix
now. Another nice fix is a reconnect to a MySQL/MariaDB database
you you don't have to tweak database parameters.
PR: 244047
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes: https://www.opendnssec.org/2019/11/opendnssec-2-1-5/
https://www.opendnssec.org/2020/02/opendnssec-2-1-6/
|
Wednesday, 5 Jun 2019
|
08:49 joneum
Update to 2.1.4
PR: 237988
Sponsored by: Netzkommune GmbH
|
Monday, 14 Aug 2017
|
14:46 matthew
Update to 2.1.3:
As of today version 2.1.3 of OpenDNSSEC has been released. No special
migration steps are required when upgrading from a previous 2.x.x
release. It includes fixes to the build system, some regressions w.r.t.
OpenDNSSEC 1.4 and a signing bug. Please note that version 2.1.2 was
skipped for release.
Build fixes:
* OPENDNSSEC-904: autoconfigure fails to properly identify functions in
ssl library on some distributions. This caused the "tsig unknown
algorithm hmac-sha256" error.
* OPENDNSSEC-894: repair configuration script to allow excluding the
build of the enforcer.
Regressions:
* OPENDNSSEC-508: Tag <RolloverNotification> was not functioning
correctly
* OPENDNSSEC-901: Enforcer would ignore <ManualKeyGeneration/> tag in
conf.xml
* OPENDNSSEC-906: Tag <AllowExtraction> tag included from late 1.4
development
Bugs Fixed:
* OPENDNSSEC-886: Improper time calculation on 32 bits machine causes
purge of keys not being scheduled. The purge would happen but some
time later than expected.
* OPENDNSSEC-890: Mismatching TTLs in record sets would cause bogus
signatures.
* OPENDNSSEC-908: Warn when TTL of resource record exceeds KASP's
MaxZoneTTL. Formerly the signer would cap such TTLs to prevent
situations where those records could get bogus during ZSK rollover.
However it has been realized that this can potentially lead to failing
IXFRs. We intend to bring back this feature in the near future when
our internal data representation allows this.
PR: 221515
Submitted by: jaap@NLnetLabs.nl (maintainer)
|
Tuesday, 2 May 2017
|
19:33 pi
dns/opendnssec2: update 2.1.0 -> 2.1.1
- OPENDNSSEC-889: MySQL migration script didnt work for all database
and MySQL versions.
- OPENDNSSEC-887: Segfault on extraneous tag.
- OPENDNSSEC-880: Command line parsing for import key command failed.
- OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs
for same rrset are mismatching.
PR: 218995
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
|
Wednesday, 8 Mar 2017
|
11:04 robak
dns/opendnssec2: update 2.0.3 -> 2.1.0
- Fix DB scripts from docs
PR: 217563
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2017Q1
|
Tuesday, 25 Oct 2016
|
08:23 robak
dns/opendnssec2: update 2.0.1 -> 2.0.3
PR: 213610
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2016Q4
|
Friday, 29 Jul 2016
|
07:45 erwin
- Update to 2.0.1
- Switch to options helpers
This release is primarily focused on ironing out the issues on the migration
path from 1.4 to 2.0. Besides that there are no functional changes.
* Fixed crash and linking issue in ods-migrate.
* Fixed case where 2.0.0 could not read backup files from 1.4.10.
* Fixed bug in migration script where key state in the database wasn't
transformed properly.
PR: 211403
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: DK Hostmaster A/S
|
Wednesday, 13 Jul 2016
|
13:29 erwin
The current opendnssec porthas seen a massive rewrite by the upstream
so it was rechristened opendnssec Version 2.
To quote the announcement at <https://www.opendnssec.org>:
"OpenDNSSEC got a entire re-write of the enforcer. This part of
OpenDNSSEC controls changing signing keys in the right way to perform
a roll-over. Before, the enforcer would perform a roll-over according
to a strict paradigm. One scenario in which deviations would not be
possible.
The new enforcer is more aware of the zone changes being propagated in
the Internet. It can therefore decide when it is safe to make changes,
rather than to rely upon a given scenario.
PR: 211018
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
Sponsored by: DK Hostmaster A/S
|
Number of commits found: 14 |