From sara at sinodun.com Wed Feb 6 11:24:45 2013 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 6 Feb 2013 11:24:45 +0000 Subject: [Opendnssec-maintainers] RE: 1.4 release - issue found with the multi-threaded enforcer References: Message-ID: All, Last week a serious issue was uncovered with the multi-threaded enforcer functionality that was added in the 1.4 release. The issue was only seen when running in certain scenarios with multiple threads (the default for 1.4 was single-threaded mode). After an investigation it was agreed that the best solution was to remove the multi-threaded code from the 1.4 code base since the issue could not be fixed in a satisfactory way. Obviously this is a significant change to make at this stage and will unfortunately slightly delay the release. However, we are convinced that this is the correct technical decision in the long run. We are planning to briefly move the 1.4 release back to beta status while tests are run on the updated code. The code change is actually straightforward, and effectively reverts the enforcer component in 1.4 back to the 1.3 code base with very minor 1.4 specific changes. As such the basic functionality is not in question, however since the rollback is a manual process we feel a full sanity check of the result is necessary. The updated code has already been through a review process and initial testing and was committed to trunk yesterday. The 1.4.0b3 release will be available shortly. Once further testing is complete on this, we anticipate moving to a 1.4.0rc3 release asap. Regards Sara. From sara at sinodun.com Tue Feb 12 17:14:09 2013 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 12 Feb 2013 17:14:09 +0000 Subject: [Opendnssec-maintainers] RE: New OpenDNSSEC PGP Distribution key Message-ID: All, The OpenDNSSEC PGP Distribution key has been updated. The new key (Distribution Key 2013) is available from the following website: https://wiki.opendnssec.org/display/OpenDNSSEC/PGP All new releases will use this key. //OpenDNSSEC Team. From sara at sinodun.com Tue Feb 12 17:14:37 2013 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 12 Feb 2013 17:14:37 +0000 Subject: [Opendnssec-maintainers] RE: OpenDNSSEC 1.3.13 release candidate Message-ID: All, Version 1.3.13rc of OpenDNSSEC is now available for testing: Bugfixes: * OPENDNSSEC-388: Signer Engine: Internal serial should take into account the inbound serial. * OPENDNSSEC-242: Signer Engine: Could get stuck on load signconf while signconf was not changed. * Signer Engine: Fixed locking and notification on the drudge work queue, signals could be missed so that drudgers would stall when there was work to be done. Download: * http://dist.opendnssec.org/source/testing/opendnssec-1.3.13rc1.tar.gz * http://dist.opendnssec.org/source/testing/opendnssec-1.3.13rc1.tar.gz.sig * Checksum sha1: ceb34a2be0718b0ef84532aab8b7fdb5864e0bcf * Checksum sha256: aaae874d388ab815ac37f077cc56c62b743f55f05b78294e3b6fa14f8936b4f4 **NOTE: This release is signed with the new OpenDNSSEC Distribution key (2013) available from: https://wiki.opendnssec.org/display/OpenDNSSEC/PGP A full 1.3.13 release is planned for Wednesday 20th February. //OpenDNSSEC team. From sara at sinodun.com Wed Feb 20 20:17:26 2013 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 20 Feb 2013 20:17:26 +0000 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.3.13 release candidate References: Message-ID: <8913425D-8FED-4F12-AC5E-9CFBD2AAB551@sinodun.com> All, Version 1.3.13 of OpenDNSSEC has now been released. This is the latest stable release. Bugfixes: * OPENDNSSEC-388: Signer Engine: Internal serial should take into account the inbound serial. * OPENDNSSEC-242: Signer Engine: Could get stuck on load signconf while signconf was not changed. * Signer Engine: Fixed locking and notification on the drudge work queue, signals could be missed so that drudgers would stall when there was work to be done. Download: * http://dist.opendnssec.org/source/opendnssec-1.3.13.tar.gz * http://dist.opendnssec.org/source/opendnssec-1.3.13.tar.gz.sig * Checksum sha1: b71bf152efc07c9373f66498d14abb59ffb229d2 * Checksum sha256: 4d587882ffc68bca56d96807592366d1a87147d0b8aa518ccfd85b694c889a3f **NOTE: This release is signed with the new OpenDNSSEC Distribution key (2013) available from: https://wiki.opendnssec.org/display/OpenDNSSEC/PGP //OpenDNSSEC team. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sara at sinodun.com Thu Feb 21 07:54:46 2013 From: sara at sinodun.com (Sara (Sinodun)) Date: Thu, 21 Feb 2013 07:54:46 +0000 Subject: [Opendnssec-maintainers] Re: [Opendnssec-announce] OpenDNSSEC 1.3.13 release In-Reply-To: <8913425D-8FED-4F12-AC5E-9CFBD2AAB551@sinodun.com> References: <8913425D-8FED-4F12-AC5E-9CFBD2AAB551@sinodun.com> Message-ID: <7A9E2FDF-D554-4583-A0F6-C7154B61086F@sinodun.com> Apologies for the incorrect Subject on the previous email. This is the announcement of the 'release' not the 'release candidate'! On 20 Feb 2013, at 20:17, Sara Dickinson wrote: > All, > > Version 1.3.13 of OpenDNSSEC has now been released. This is the latest stable release. > > Bugfixes: > > * OPENDNSSEC-388: Signer Engine: Internal serial should take into account > the inbound serial. > * OPENDNSSEC-242: Signer Engine: Could get stuck on load signconf while > signconf was not changed. > * Signer Engine: Fixed locking and notification on the drudge work queue, > signals could be missed so that drudgers would stall when there was work to > be done. > > Download: > > * http://dist.opendnssec.org/source/opendnssec-1.3.13.tar.gz > * http://dist.opendnssec.org/source/opendnssec-1.3.13.tar.gz.sig > * Checksum sha1: b71bf152efc07c9373f66498d14abb59ffb229d2 > * Checksum sha256: 4d587882ffc68bca56d96807592366d1a87147d0b8aa518ccfd85b694c889a3f > > **NOTE: This release is signed with the new OpenDNSSEC Distribution key (2013) available from: > https://wiki.opendnssec.org/display/OpenDNSSEC/PGP > > > //OpenDNSSEC team. > > > _______________________________________________ > Opendnssec-announce mailing list > Opendnssec-announce at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-announce -------------- next part -------------- An HTML attachment was scrubbed... URL: From sara at sinodun.com Thu Feb 21 17:27:21 2013 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 21 Feb 2013 17:27:21 +0000 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.0b3 References: Message-ID: <9261E007-3615-4D27-8E11-12B9C33FF863@sinodun.com> Version 1.4.0b3 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments. *NOTE: This release is marked as a beta release (rather than rc3) due to OPENDNSSEC-387, which is a significant functional change compared to rc2. Updates: * OPENDNSSEC-387: Rollback of multi-threaded enforcer. Due to key allocation issues the usefulness of the threaded enforcer is outweighed by the code complications. The option still remains in conf.xml for compatibility with existing use; but it will now be silently ignored. Bugfixes: * OPENDNSSEC-388: Signer Engine: Internal serial should take into account the inbound serial. * SUPPORT-50/51: Signer Engine: Inbound DNS Adapter incorrectly updates NSEC3PARAM and DNSKEY RRset [OPENDNSSEC-389] * OPENDNSSEC-389: Input DNS Adapter incorrectly updating NSEC3PARAM and DNSKEY RRsets Documentation: * http://wiki.opendnssec.org/display/DOCSTRUNK/OpenDNSSEC+Documentation+Home * http://wiki.opendnssec.org/display/DOCSTRUNK/New+in+OpenDNSSEC+1.4 Download: * http://dist.opendnssec.org/source/testing/opendnssec-1.4.0b3.tar.gz * http://dist.opendnssec.org/source/testing/opendnssec-1.4.0b3.tar.gz.sig * Checksum sha1: c549c2e0c6e08ac7ed79e1d2999c4ccfd7cf481f * Checksum sha256: b1b5fe88fad3c8517b6921de50f88d6d8ce5b0c102ca5b0d4597b5420b44254b **NOTE: This release is signed with the new OpenDNSSEC Distribution key (2013) available from: https://wiki.opendnssec.org/display/OpenDNSSEC/PGP //OpenDNSSEC team. From sara at sinodun.com Thu Feb 28 10:45:14 2013 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 28 Feb 2013 10:45:14 +0000 Subject: [Opendnssec-maintainers] RE: SoftHSM version Message-ID: Hi All, We have had some more reports from users on older versions of SoftHSM experiencing a segmentation fault e.g.https://issues.opendnssec.org/browse/SUPPORT-52 SoftHSM 1.3.2 fixed this bug, however the NEWS file was somewhat vague about the severity of the problem. This email is a friendly appeal to maintainers to update to at least SoftHSM 1.3.2 wherever possible to avoid this issue. Regards //OpenDNSSEC team -------------- next part -------------- An HTML attachment was scrubbed... URL: