From yuri at nlnetlabs.nl Mon Jan 4 13:28:10 2016 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Mon, 4 Jan 2016 14:28:10 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.9rc1 Message-ID: <568A736A.5070702@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Package Maintainers, Version 1.4.9rc1 of OpenDNSSEC has now been released. This is a release candidate for testing purposes. The main motivations for this release are bug fixes related to use cases with large number of zones (more than 50 zones) in combination with an XFR based setup. Too much concurrent zone transfers causes new transfers to be held back. These excess transfers however were not properly scheduled for later. No migration steps needed when upgrading from OpenDNSSEC 1.4.8. Bugfixes: * Add TCP waiting queue. Fix signer getting 'stuck' when adding many zones at once. Thanks to H?vard Eidnes to bringing this to our attention. * OPENDNSSEC-723: received SOA serial reported as on disk. * Fix potential locking issue on SOA serial. * Crash on shutdown. At all times join xfr and dns handler threads. * Make handling of notifies more consistent. Previous implementation would bounce between code paths. Download: * https://dist.opendnssec.org/source/testing/opendnssec-1.4.9rc1.tar.gz * https://dist.opendnssec.org/source/testing/ opendnssec-1.4.9rc1.tar.gz.sig * Checksum SHA256: 92b2000758b0ad0b686d37eb34a1ce608b065ef3a7c939bcccc05e6adc2bce56 // OpenDNSSEC team -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlaKc2kACgkQI3PTR4mhavj6DwCgy8A7kwQC97mGePSSNi544ttu xqEAnRKrsZoJNgHW3tS8aqQh1mLeO5pQ =ps8P -----END PGP SIGNATURE----- From patrik at sigterm.se Tue Jan 5 12:10:34 2016 From: patrik at sigterm.se (Patrik Lundin) Date: Tue, 5 Jan 2016 13:10:34 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.9rc1 In-Reply-To: <568A736A.5070702@nlnetlabs.nl> References: <568A736A.5070702@nlnetlabs.nl> Message-ID: <20160105121034.GA10458@major.strace.se> On Mon, Jan 04, 2016 at 02:28:10PM +0100, Yuri Schaeffer wrote: > > Version 1.4.9rc1 of OpenDNSSEC has now been released. This is a > release candidate for testing purposes. > It builds and is able to sign a zone on the following OpenBSD archs using the sqlite backend: i386 amd64 sparc64 I have not spotted any relevant warnings during any of the builds. -- Patrik Lundin From pwouters at redhat.com Tue Jan 5 17:17:59 2016 From: pwouters at redhat.com (Paul Wouters) Date: Tue, 5 Jan 2016 12:17:59 -0500 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.9rc1 In-Reply-To: <20160105121034.GA10458@major.strace.se> References: <568A736A.5070702@nlnetlabs.nl> <20160105121034.GA10458@major.strace.se> Message-ID: <568BFAC7.8070201@redhat.com> On 01/05/2016 07:10 AM, Patrik Lundin wrote: > On Mon, Jan 04, 2016 at 02:28:10PM +0100, Yuri Schaeffer wrote: >> >> Version 1.4.9rc1 of OpenDNSSEC has now been released. This is a >> release candidate for testing purposes. >> > > It builds and is able to sign a zone on the following OpenBSD archs > using the sqlite backend: > i386 > amd64 > sparc64 > > I have not spotted any relevant warnings during any of the builds. > I see many of these: In file included from /usr/include/assert.h:35:0, from wire/netio.c:10: /usr/include/features.h:148:3: warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" [-Wcpp] # warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" ^ and this: hsmutil.c: In function 'cmd_list': hsmutil.c:136:5: warning: format not a string literal, argument types not checked [-Wformat-nonliteral] fprintf(stdout, key_info_format, "Repository", "ID", "Type"); ^ hsmutil.c:137:5: warning: format not a string literal, argument types not checked [-Wformat-nonliteral] fprintf(stdout, key_info_format, "----------", "--", "----"); ^ hsmutil.c:164:9: warning: format not a string literal, argument types not checked [-Wformat-nonliteral] printf(key_info_format, key->module->name, key_id, key_type); ^ Also: ar cru libenforcer.a daemon.o daemon_util.o kaspaccess.o privdrop.o ar: `u' modifier ignored since `D' is the default (see `U') From yuri at nlnetlabs.nl Thu Jan 21 13:36:20 2016 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 21 Jan 2016 14:36:20 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.9rc1 In-Reply-To: <568BFAC7.8070201@redhat.com> References: <568A736A.5070702@nlnetlabs.nl> <20160105121034.GA10458@major.strace.se> <568BFAC7.8070201@redhat.com> Message-ID: <56A0DED4.1020703@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Paul, > I see many of these: > > and this: > > Also: Thanks for reporting. We will address these in the future. Since these have nothing to do with any changed code in this release I'll go ahead with the release candidate as is. //Yuri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlag3tMACgkQI3PTR4mhavhEsACgswyIzSGfp+bO1u+/MoFPUBIl VBgAn3j+ApTY23dJ55MvvIPP6UQI3TDV =QTx4 -----END PGP SIGNATURE----- From yuri at nlnetlabs.nl Thu Jan 21 15:27:16 2016 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Thu, 21 Jan 2016 16:27:16 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.9 Message-ID: <56A0F8D4.8010707@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Package Maintainers, Version 1.4.9 of OpenDNSSEC has now been released. No changes have been made w.r.t. the 1.4.9rc1. The main motivations for this release are bug fixes related to use cases with large number of zones (more than 50 zones) in combination with an XFR based setup. Too much concurrent zone transfers causes new transfers to be held back. These excess transfers however were not properly scheduled for later. No migration steps needed when upgrading from OpenDNSSEC 1.4.8. Bugfixes: * Add TCP waiting queue. Fix signer getting 'stuck' when adding many zones at once. Thanks to H?vard Eidnes to bringing this to our attention. * OPENDNSSEC-723: received SOA serial reported as on disk. * Fix potential locking issue on SOA serial. * Crash on shutdown. At all times join xfr and dns handler threads. * Make handling of notifies more consistent. Previous implementation would bounce between code paths. Known Issues: * When using SoftHSM2 compiled with OpenSSL, and libmysql with OpenSSL as database backend for OpenDNSSEC. "ods-ksmutil key list --verbose" crashes on exit. This is ultimately a bug in OpenSSL and not new for this particular release. Make sure you don't use this specific combination. Download: * https://dist.opendnssec.org/source/opendnssec-1.4.9.tar.gz * https://dist.opendnssec.org/source/opendnssec-1.4.9.tar.gz.sig * Checksum SHA256: 50a157d26d8b9ae370cd7fa52c7c6f43f4c77aeeb5d0fccd6a2e92c7dfc1d88e -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlag+NQACgkQI3PTR4mhavjqkwCghDmsUo1NHq/+0YJ1QZF7IUX6 ixIAoM2xBmKfJshJhRxMuPXU86V17OiV =H3Q6 -----END PGP SIGNATURE-----