From sara at sinodun.com Mon Mar 17 10:10:59 2014 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 17 Mar 2014 10:10:59 +0000 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.4rc1 release candidate Message-ID: <3F1B3601-0E4F-405D-87E3-7BD3C17DB3BB@sinodun.com> All, Version 1.4.4rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes: OpenDNSSEC 1.4.4rc1 -------------------------------- Updates: * SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-574]. * OPENDNSSEC-358: ods-ksmutil: Extend 'key list' command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output. * OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441). Bugfixes: * SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512]. * SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired [OPENDNSSEC-526]. * SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug [OPENDNSSEC-529]. * SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/ * SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace [OPENDNSSEC-520]. * SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain dates [OPENDNSSEC-553]. * SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576]. * SUPPORT-127: ods-signer: Fix manpage sections. * OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output type parameter to allow only File or DNS. * OPENDNSSEC-481: libhsm: Fix an off-by-one length check error. * OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects. * OPENDNSSEC-531: ods-ksmutil: Exported value of in 'policy export' output could be wrong on MySQL. * OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id. * OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR request with EDNS. * OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion. * OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA. * Signer Engine: Fix a race condition when stopping daemon. Download: * https://dist.opendnssec.org/source/testing/opendnssec-1.4.4rc1.tar.gz * https://dist.opendnssec.org/source/testing/opendnssec-1.4.4rc1.tar.gz.sig * Checksum sha1: b0618c9101c05c910ec5fa51781d992e9810eab7 * Checksum sha256: 4dea873ae6523f7ee3ef834ffd1709a21304de0837dc74b9d93236eba0429dd8 A full OpenDNSSEC 1.4.4 release is planned for Monday 24th March. //OpenDNSSEC team From jaap at NLnetLabs.nl Mon Mar 17 11:57:22 2014 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Mon, 17 Mar 2014 12:57:22 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.4rc1 release candidate In-Reply-To: <3F1B3601-0E4F-405D-87E3-7BD3C17DB3BB@sinodun.com> References: <3F1B3601-0E4F-405D-87E3-7BD3C17DB3BB@sinodun.com> Message-ID: <201403171157.s2HBvMhF051929@bela.nlnetlabs.nl> All, Version 1.4.4rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes: I notice that the README file in the top directory disappeared. Is this on purpose? jaap From jerry at opendnssec.org Mon Mar 17 12:05:09 2014 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 17 Mar 2014 13:05:09 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.4rc1 release candidate In-Reply-To: <201403171157.s2HBvMhF051929@bela.nlnetlabs.nl> References: <3F1B3601-0E4F-405D-87E3-7BD3C17DB3BB@sinodun.com> <201403171157.s2HBvMhF051929@bela.nlnetlabs.nl> Message-ID: On 17 Mar 2014, at 12:57 , Jaap Akkerhuis wrote: > I notice that the README file in the top directory disappeared. Is > this on purpose? No, it has been renamed to README.md and was missed in the make dist. I will make a rc2 with it shortly. -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 625 bytes Desc: Message signed with OpenPGP using GPGMail URL: From jerry at opendnssec.org Mon Mar 17 12:18:47 2014 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 17 Mar 2014 13:18:47 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.4rc1 release candidate In-Reply-To: References: <3F1B3601-0E4F-405D-87E3-7BD3C17DB3BB@sinodun.com> <201403171157.s2HBvMhF051929@bela.nlnetlabs.nl> Message-ID: <8DC02275-1AD7-42BB-A660-34BAEE198BAD@opendnssec.org> On 17 Mar 2014, at 13:05 , Jerry Lundstr?m wrote: > I will make a rc2 with it shortly. 1.4.4rc2 is now available with the missing README.md . https://dist.opendnssec.org/source/testing/opendnssec-1.4.4rc2.tar.gz https://dist.opendnssec.org/source/testing/opendnssec-1.4.4rc2.tar.gz.sig SHA1 2606427bdb935ab9c8b5e5e75cf48b424e9ac4dc SHA256 7d38db5a098f76a460b1b7d01c275cfddc08880b83ccd723ffa4fa9824500aa2 -- Jerry Lundstr?m - OpenDNSSEC Developer http://www.opendnssec.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 625 bytes Desc: Message signed with OpenPGP using GPGMail URL: From sara at sinodun.com Tue Mar 25 15:20:38 2014 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 25 Mar 2014 15:20:38 +0000 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.4 Message-ID: <1B07058C-B088-43EC-BA42-1F92D142D3DA@sinodun.com> All, Version 1.4.4 of OpenDNSSEC has now been released. This is the latest stable release. Updates: * SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-574]. * OPENDNSSEC-358: ods-ksmutil: Extend 'key list' command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output. * OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441). Bugfixes: * SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512]. * SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired [OPENDNSSEC-526]. * SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug [OPENDNSSEC-529]. * SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/ * SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace [OPENDNSSEC-520]. * SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain dates [OPENDNSSEC-553]. * SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576]. * SUPPORT-127: ods-signer: Fix manpage sections. * OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output type parameter to allow only File or DNS. * OPENDNSSEC-481: libhsm: Fix an off-by-one length check error. * OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects. * OPENDNSSEC-531: ods-ksmutil: Exported value of in 'policy export' output could be wrong on MySQL. * OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id. * OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR request with EDNS. * OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion. * OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA. * Signer Engine: Fix a race condition when stopping daemon. Documentation: * http://wiki.opendnssec.org/display/DOCS Download: * https://dist.opendnssec.org/source/opendnssec-1.4.4.tar.gz * https://dist.opendnssec.org/source/opendnssec-1.4.4.tar.gz.sig * Checksum SHA1: c204659dc53d47a16481f19fbc709b292c445c7d * Checksum SHA256: 71f930d871e3526f930ac57925f5d5b934988e0b2e9e858926bfc73d9ba9d00e //OpenDNSSEC team