[Opendnssec-announce] OpenDNSSEC 1.3.3

Rickard Bellgrim rickard at opendnssec.org
Thu Nov 17 18:24:37 UTC 2011


Version 1.3.3 of OpenDNSSEC has now been released.

* Auditor: Handle ruby 1.9 differences in ods-kaspcheck.
* Auditor: Require dnsruby 1.53 for bugfixes.
* Bugfix #262: Drudgers seem to be in a waiting state, but the RRset
FIFO queue is full. Do an additional broadcast.
* Enforcer: Check HSM connection when waking up from sleep, attempt to
reconnect if it is not valid. (r5511 in trunk, ported into the branch
due to issues seen when CKR_DEVICE_ERROR returned by HSM.)
* libhsm: Added hsm_check_context() to check if the associated
sessions are still alive. (Required for the above.)
* ods-ksmutil: key import was not setting the retire time.
* Signer Engine: Fix a threading issue, that could leave a zone without a task.
* Signer Engine: Update the signed zone file if only the $TTL or
explicit TTL has been changed.
* Signer Engine: Remove the NSEC3PARAM RR when doing NSEC3 to NSEC rollover.
* Signer Engine: Deal with carriage returns (dos format) in zone file.
* Signer Engine: is PT0S means that refresh equals signtime.
* Signer Engine: Defense in depth in signer for duplicate keys.
* Signer Engine: Make sure that all required zonelist elements exist,
otherwise error.
* Signer Engine: Warn the user if the serial is b0rk, and you can not
use the serial from the signconf.
* Signer Engine: Log Auditor exit code.
* Fix a similar bug like #257: Error in ods-signerd, where a corrupted
backup file results in an invalid pointer free().

Download the tarball from:

// OpenDNSSEC team

More information about the Opendnssec-announce mailing list