From sara at sinodun.com  Thu Nov 28 13:37:03 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Thu, 28 Nov 2013 13:37:03 +0000
Subject: [Opendnssec-maintainers] OpenDNSSEC 1.3.16rc1 release candidate
Message-ID: <1F1293FD-710E-4016-8CB3-09499688F93A@sinodun.com>

All, 

Version 1.3.16rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes:


OpenDNSSEC 1.3.16rc1
-----------------------------------

Updates:
* SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value "keep" [OPENDNSSEC-441].
* OPENDNSSEC-436: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
* OPENDNSSEC-458: Add 'ods-enforcerd -p <policy>' option. This prompts the enforcer to run once and only process the specified policy and associated zones. 
* OPENDNSSEC-460: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen' command so the user can choose not to notify the enforcer.
* OPENDNSSEC-472: ods-ksmutil: Add option for 'ods-ksmutil key import' to check if there is a matching key in the repository before import.
* OPENDNSSEC-473: ods-ksmutil: Improve 'zone add' - Support default <input> and <output> values for DNS adapters.

Bugfixes:
* OPENDNSSEC-451: Signer Engine: Prevent CKA_ID and DNSKEY mixup by using a separate HSM context when loading signer configuration.
* OPENDNSSEC-462: Signer Engine: Duration PT0S is not printed correctly.
* ods-ksmutil: Fix typo in policy export with NSEC3 <Iterations>.

Download: 
* http://dist.opendnssec.org/source/testing/opendnssec-1.3.16rc1.tar.gz
* http://dist.opendnssec.org/source/testing/opendnssec-1.3.16rc1.tar.gz.sig
* Checksum sha1: eea7d0ede9066f5dd65beeba775aafc4db98f592
* Checksum sah256: 5fa05df278932d0125dcb93efc3b08fa7adabea6867bec95ecf59af1e9349612


A full 1.3.16 release is planned for Wednesday 4th December. 

// OpenDNSSEC team



From sara at sinodun.com  Thu Nov 28 13:37:05 2013
From: sara at sinodun.com (Sara Dickinson)
Date: Thu, 28 Nov 2013 13:37:05 +0000
Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.3rc1 release candidate
Message-ID: <66F0969D-DFBE-4ACD-BAAC-F0E004903265@sinodun.com>

All, 

Version 1.4.3rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes:


OpenDNSSEC 1.4.3rc1 
----------------------------------

Updates:
* SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value "keep" [OPENDNSSEC-461].
* OPENDNSSEC-106: Add 'ods-enforcerd -p <policy>' option. This prompts the enforcer to run once and only process the specified policy and associated zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen' command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command could warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default <input> and <output> values for DNS adapters.
* OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import' to check if there is a matching key in the repository before import.

Bugfixes:
* OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
* OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
* OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back to AXFR.
* OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use inbound serial.


Downloads:
* http://dist.opendnssec.org/source/testing/opendnssec-1.4.3rc1.tar.gz
* http://dist.opendnssec.org/source/testing/opendnssec-1.4.3rc1.tar.gz.sig
* Checksum sha1: ab62a1d224c86635617cfad74c59d2237605b1e4
* Checksum sha256: 42b97694b1fdef7b41929446b3939e4c5b34f4f029014d917d71ce20d40eee8d


A full 1.4.3 release is planned for Wednesday 4th December. 

//OpenDNSSEC team