[opendnssec/opendnssec] 472307: - Bulk merge of signer 1.4 branch with current dev...

Yuri Schaeffer yuri at nlnetlabs.nl
Wed Sep 2 17:23:19 CEST 2015


  Branch: refs/heads/develop
  Home:   https://github.com/opendnssec/opendnssec
  Commit: 472307dd298760510238faa78761ef8a3bceff35
      https://github.com/opendnssec/opendnssec/commit/472307dd298760510238faa78761ef8a3bceff35
  Author: halderen <berry at nlnetlabs.nl>
  Date:   2015-08-24 (Mon, 24 Aug 2015)

  Changed paths:
    M signer/src/adapter/adapter.c
    M signer/src/adapter/addns.c
    M signer/src/adapter/adutil.c
    M signer/src/daemon/cmdhandler.c
    M signer/src/daemon/dnshandler.c
    M signer/src/daemon/engine.c
    M signer/src/daemon/worker.c
    M signer/src/daemon/xfrhandler.c
    M signer/src/signer/backup.c
    M signer/src/signer/namedb.c
    M signer/src/signer/tools.c
    M signer/src/signer/zone.c
    M signer/src/wire/axfr.c
    M signer/src/wire/buffer.h
    M signer/src/wire/notify.c
    M signer/src/wire/query.c
    M signer/src/wire/tsig.c
    M signer/src/wire/xfrd.c
    M signer/src/wire/xfrd.h

  Log Message:
  -----------
  - Bulk merge of signer 1.4 branch with current development.
  The development branch had falled into disrepair because updates
  to 1.4 were not performed on the 2.0 branch, however there were also
  fixes and developments on the 2.0 branch.
  Applied to following changes (amongst others):
  - Signer hits assertion when receiving a short reply.
  - ARM chars are unsigned by default, therefore c==EOF will always yield false.
  - Fix for [Opendnssec-user] Zone stuck, not updating.
  - Processed static code analysis results
  - code review Jerry: tbd not used in string
  - make sure time on disk increases
  - changes due to retransfer with xfr
  - try again, fix build, and other commits with less clear commit messages.
  Not merged:
  - Merge branch 'rfc5011', and other changes due to 5011
  - differences in src/signer/denial.c:denial_nsecify() the origin of these
    changes are not clear.
  Kept changes where 1.4 branch conflicted with 2.0 branch:
  - MaxTTL implementation


  Commit: bcf7e1c82a414c6ea7cd5e7d0d92561a26620539
      https://github.com/opendnssec/opendnssec/commit/bcf7e1c82a414c6ea7cd5e7d0d92561a26620539
  Author: halderen <berry at nlnetlabs.nl>
  Date:   2015-08-28 (Fri, 28 Aug 2015)

  Changed paths:
    M testing/test-cases.d/signer.adapters.input_basic/test.sh
    M testing/test-cases.d/signer.adapters.input_ixfr_notimpl/test.sh
    M testing/test-cases.d/signer.adapters.input_retry_expires/test.sh
    M testing/test-cases.d/signer.adapters.input_with_refresh/test.sh

  Log Message:
  -----------
  - modify for changes in output format later on the 1.4 branch


  Commit: 8da0ac62ba24c8d80d6c21bb466cef39418b323e
      https://github.com/opendnssec/opendnssec/commit/8da0ac62ba24c8d80d6c21bb466cef39418b323e
  Author: halderen <berry at nlnetlabs.nl>
  Date:   2015-08-28 (Fri, 28 Aug 2015)

  Changed paths:
    M testing/test-cases.d/signer.zones.opendnssec_0353/test.sh

  Log Message:
  -----------
  - Remove the test part as was done in the 1.4 branch, however this
  may actually not be correct that is was removed.


  Commit: 62c0b995348bc889365f41cdd8f990ce244df84b
      https://github.com/opendnssec/opendnssec/commit/62c0b995348bc889365f41cdd8f990ce244df84b
  Author: halderen <berry at nlnetlabs.nl>
  Date:   2015-08-28 (Fri, 28 Aug 2015)

  Changed paths:
    M testing/test-cases.d/signer.zones.opendnssec_0353/test.sh

  Log Message:
  -----------
  It is correct that the test part was removed, the test was in error.
The point is that for Opt-Out policies, the insecure delegations
should also get NSEC3 records.
The test is still incorrect by checking the non-presence of the NSEC3
records before adding the DS records, this because in fact the names
used in the first zone file are completely different, so their hashes
would be also.  This makes the initial test useless.


  Commit: cc62da55ed97e3f801266b2850729c883a72ade4
      https://github.com/opendnssec/opendnssec/commit/cc62da55ed97e3f801266b2850729c883a72ade4
  Author: halderen <berry at nlnetlabs.nl>
  Date:   2015-08-31 (Mon, 31 Aug 2015)

  Changed paths:
    M testing/test-cases.d/signer.zones.opendnssec_0353/kasp.xml
    M testing/test-cases.d/signer.zones.opendnssec_0353/test.sh
    R testing/test-cases.d/signer.zones.opendnssec_0353/unsigned/ods
    R testing/test-cases.d/signer.zones.opendnssec_0353/unsigned/ods.2
    R testing/test-cases.d/signer.zones.opendnssec_0353/unsigned/ods.3
    A testing/test-cases.d/signer.zones.opendnssec_0353/zonefile-a
    A testing/test-cases.d/signer.zones.opendnssec_0353/zonefile-b
    A testing/test-cases.d/signer.zones.opendnssec_0353/zonefile-c
    R testing/test-cases.d/signer.zones.opendnssec_0353/zonelist.xml

  Log Message:
  -----------
  - salt length of 0 not accepted
- flattend directory structure, removed extra files to simplify test
- introduced same pattern for opt-out NSEC3 policy.
- renamed ods-ksmutil to enforcer and other misc changes
- added tests that insecure deligations indeed have no NSEC3 record
  generated for them.
- taken the modification from OPENDNSSEC-549 into account (source and
  test change):
  - This is a workaround for servers that do not implement errata 3441.
    The errata clarifies that empty non-terminals indeed need no
    covering NSEC3 records.  However some servers still do not implement
    this.  These servers would not serve the right next-closer NSEC3
    proof to validating resolvers, which would lead to errors.  To
    solve this, it was decided that in the meantime the signer that would
    deliver the signed zone file to the server that is in actual
    error, would be able to overcome this.  If it would generate NSEC3
    records for these empty non-terminals with only insecure delegations
    below them.  This is not needed, it is only needed when
    there are secure delegations below a empty non-terminal, which was
    the test originally about.  It is however allowed.
    This makes the test less valuable, as now the NSEC3 records for
    empty non terminals are not added when a DS record is added, because
    they will always be there.


  Commit: 1c201b9cccad612df1a49c4caf89897273c3a436
      https://github.com/opendnssec/opendnssec/commit/1c201b9cccad612df1a49c4caf89897273c3a436
  Author: Yuri Schaeffer <yuri at nlnetlabs.nl>
  Date:   2015-09-02 (Wed, 02 Sep 2015)

  Changed paths:
    M signer/src/adapter/adapter.c
    M signer/src/adapter/addns.c
    M signer/src/adapter/adutil.c
    M signer/src/daemon/cmdhandler.c
    M signer/src/daemon/dnshandler.c
    M signer/src/daemon/engine.c
    M signer/src/daemon/worker.c
    M signer/src/daemon/xfrhandler.c
    M signer/src/signer/backup.c
    M signer/src/signer/namedb.c
    M signer/src/signer/tools.c
    M signer/src/signer/zone.c
    M signer/src/wire/axfr.c
    M signer/src/wire/buffer.h
    M signer/src/wire/notify.c
    M signer/src/wire/query.c
    M signer/src/wire/tsig.c
    M signer/src/wire/xfrd.c
    M signer/src/wire/xfrd.h
    M testing/test-cases.d/signer.adapters.input_basic/test.sh
    M testing/test-cases.d/signer.adapters.input_ixfr_notimpl/test.sh
    M testing/test-cases.d/signer.adapters.input_retry_expires/test.sh
    M testing/test-cases.d/signer.adapters.input_with_refresh/test.sh
    M testing/test-cases.d/signer.zones.opendnssec_0353/kasp.xml
    M testing/test-cases.d/signer.zones.opendnssec_0353/test.sh
    R testing/test-cases.d/signer.zones.opendnssec_0353/unsigned/ods
    R testing/test-cases.d/signer.zones.opendnssec_0353/unsigned/ods.2
    R testing/test-cases.d/signer.zones.opendnssec_0353/unsigned/ods.3
    A testing/test-cases.d/signer.zones.opendnssec_0353/zonefile-a
    A testing/test-cases.d/signer.zones.opendnssec_0353/zonefile-b
    A testing/test-cases.d/signer.zones.opendnssec_0353/zonefile-c
    R testing/test-cases.d/signer.zones.opendnssec_0353/zonelist.xml

  Log Message:
  -----------
  Merge pull request #173 from halderen/syncsigner14

- Bulk merge of signer 1.4 branch with current development.
Let's do it.


Compare: https://github.com/opendnssec/opendnssec/compare/6de8959ef21a...1c201b9cccad


More information about the Opendnssec-commits mailing list