Archive for the ‘Releases’ Category
OpenDNSSEC 1.3.13
Version 1.3.13 of OpenDNSSEC has now been released:
Bugfixes:
- OPENDNSSEC-388: Signer Engine: Internal serial should take into account the inbound serial.
- OPENDNSSEC-242: Signer Engine: Could get stuck on load signconf while signconf was not changed.
- Signer Engine: Fixed locking and notification on the drudge work queue, signals could be missed so that drudgers would stall when there was work to be done.
Download:
- opendnssec-1.3.13.tar.gz
- opendnssec-1.3.13.tar.gz.sig
- Checksum sha1: b71bf152efc07c9373f66498d14abb59ffb229d2
- Checksum sha256: 4d587882ffc68bca56d96807592366d1a87147d0b8aa518ccfd85b694c889a3f
**NOTE: This release is signed with the new OpenDNSSEC Distribution key (2013) available from: https://wiki.opendnssec.org/display/OpenDNSSEC/PGP
OpenDNSSEC 1.4.0rc2
Version 1.4.0rc2 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.
Updates:
- OPENDNSSEC-350: Signer Engine: Better log message when IXFR is not ready for reading.
- OPENDNSSEC-367: ods-ksmutil: Require user confirmation if the algorithm for a key is changed in a policy (as this rollover is not handled cleanly)
Bugfixes:
- SUPPORT-44: Signer Engine: Drop privileges after binding to socket [OPENDNSSEC-364].
- Signer Engine: XFR not ready should not be a fatal status for task read (thanks Ville Mattila).
- OPENDNSSEC-365: Enforcer: Nasty bug where KSKs could get prematurely retired.
Documentation:
Download:
- opendnssec-1.4.0rc2.tar.gz
- opendnssec-1.4.0rc2.tar.gz.sig
- Checksum sha1: 693fc66d81c39cb4856df59dee518d1224bf5a0f
- Checksum sha256: 0ac30e31f1bd391bc11387e9695918e63a6eb5c707fbe472c580871cd7920bf8
OpenDNSSEC 1.4.0rc1
Version 1.4.0rc1 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.
Updates:
- OPENDNSSEC-359: Remove eppclient
Documentation:
Download the tarball from: opendnssec-1.4.0rc1.tar.gz
OpenDNSSEC 1.4.0b2
Version 1.4.0b2 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.
Updates:
- ods-ksmutil: Deprecate the one-step ‘key backup’ command
- OPENDNSSEC-292: Provide scripts to convert database between different supported formats
- OPENDNSSEC-299: ods-ksmutil: ods-ksmutil <enter> now includes policy import
- OPENDNSSEC-300: ods-ksmutil: policy purge documented with a warning
- OPENDNSSEC-315: “ods-hsmutil logout” will delete any credentials in the shared memory.
- OPENDNSSEC-330: Signer Engine: NSEC3PARAM TTL should be set to zero.
- OPENDNSSEC-338: ods-ksmutil: fix zone delete on MySQL (broken by SUPPORT-27)
- OPENDNSSEC-345: ods-ksmutil: use ods-control to HUP the enforcerd process
Bugfixes:
- SUPPORT-40: Signer Engine: Keep occluded data in signed zone files/transfers.
- OPENDNSSEC-349: Enforcer: Fix some memory leaks in the enforcer found by valgrind.
- OPENDNSSEC-353: Signer Engine: Add/remove NSEC3s for empty non-terminals between apex and delegation when DS is added/removed.
- Signer Engine: Fixed locking and notification on the drudge work queue, signals could be missed so that drudgers would stall when there was work to be done.
- libhsm: Fixed PIN handling on OpenBSD.
- Enforcer: If enabled enforcer workers and configured number of workers is 1, make sure that enforcer runs the signer update command after signer configuration change.
- Signer Engine: Don’t add double RRSIGs generated by the same key for the DNSKEY RRset.
- Signer Engine: Rollback incompleted zone transfers on disk (could happen if a connection was reset during transfer).
- Multi-threaded enforcer: various minor fixes including deadlock problems.
Documentation:
Download the tarball from: opendnssec-1.4.0b2.tar.gz
OpenDNSSEC 1.3.12
Version 1.3.12 of OpenDNSSEC has now been released:
Bugfixes:
- SUPPORT-42: ./configure fails on FreeBSD (or if ldns is not installed in a directory in the default search path of the complier).
- OpenDNSSEC does not compile against ldns 1.6.16 on platforms that rely on the OpenDNSSEC implementation of strlcpy/cat
Download the tarball from: opendnssec-1.3.12.tar.gz
(Please note that the distribution site has now moved to http://dist.opendnssec.org/source/)
SoftHSM 1.3.4
Version 1.3.4 of SoftHSM has now been released.
- SOFTHSM-28: Support RSASSA-PSS signature scheme. (Patch from Aleksander Trofimowicz)
- SOFTHSM-29: The default location of the token database is now $localstatedir/lib/softhsm/
Download the tarball from: softhsm-1.3.4.tar.gz
OpenDNSSEC 1.3.11
Version 1.3.11 of OpenDNSSEC has now been released:
Updates:
- OPENDNSSEC-330: NSEC3PARAM TTL should be set to zero.
Bugfixes:
- OPENDNSSEC-306: Cant delete zone until Enforcer made signerconf.
- OPENDNSSEC-281: Commandhandler sometimes unresponsive.
- OPENDNSSEC-299: ods-ksmutil <enter> now includes policy import
- OPENDNSSEC-300: ods-ksmutil policy purge documented with a warning
- OPENDNSSEC-338: ods-ksmutil: fix zone delete on MySQL (broken by SUPPORT-27)
- OPENDNSSEC-342: Auditor comparisons made case-insensitive
- OPENDNSSEC-345: ods-ksmutil: use ods-control to HUP the enforcerd process
Download the tarball from: opendnssec-1.3.11.tar.gz
OpenDNSSEC 1.4.0b1
Version 1.4.0b1 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.
Updates:
- OPENDNSSEC-130: libhsm: The PIN is now optional in conf.xml. The PIN can be entered using “ods-hsmutil login” and is stored in shared memory. The daemons will not start until this has been donr by the user.
- OPENDNSSEC-297: Enforcer: Multi-threaded option available for the enforcer to improve performance (MySQL only).
- OPENDNSSEC-320: Signer Engine: The <ProvideTransfer>, <Notify>, <AllowNotify> and <RequestTransfer> elements are now optional, but if provided they require one or more <Peer> or <Remote> elements.
Bugfixes:
- OPENDNSSEC-255: Signer Engine: OpenDNSSEC 1.4.0a1 writes out mangled RRSIG record.
- OPENDNSSEC-261: Signer Engine: Ldns fails to parse RR that seems syntactically correct.
- OPENDNSSEC-269: Signer Engine: Crash when multiple threads access ixfr struct.
- OPENDNSSEC-281: Commandhandler sometimes unresponsive.
- OPENDNSSEC-318: Signer Engine: Don’t stop dns and xfr handlers if these threads have not yet been started.
- OPENDNSSEC-319: Signer Engine: Fix TSIG segfault on signer shutdown.
- OPENDNSSEC-325: Signer Engine: Don’t include RRSIG records when DO bit is not set.
- OPENDNSSEC-326: Signer Engine: Stop serving a zone that could not be transferred from master and has been expired.
Documentation:
Download the tarball from: opendnssec-1.4.0b1.tar.gz
OpenDNSSEC 1.3.10
Version 1.3.10 of OpenDNSSEC has now been released:
Bugfixes:
- SUPPORT-30: RRSIGs are left in the signed zone when authoritative RRsets become glue [OPENDNSSEC-282].
- OPENDNSSEC-261: Ldns fails to parse RR that seems syntactically correct. Was due to memory allocation issues. Provided better log message.
- OPENDNSSEC-285: Signer segfault for 6 or more -v options
- OPENDNSSEC-298: Only unlink existing pidfile on exit if we wrote it.
- OPENDNSSEC-303: Return if open/parse of zonelist.xml fails in ksmutil.c update_zones() and cmd_listzone().
- OPENDNSSEC-304: Signer Engine: Check pidfile on startup, if pidfile exists and corresponding process is running, then complain and exit.
- Signer seems to hang on a ods-signer command. Shutdown client explicitly with shutdown().
- opendnssec.spec file removed
Download the tarball from: opendnssec-1.3.10.tar.gz
OpenDNSSEC 1.4.0a3
Version 1.4.0a3 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.
Updates:
- OPENDNSSEC-258: Optionally include cka_id in output to DelegationSignerSubmitCommand.
Bugfixes:
- SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys as dead (rather than actually removing them). Leave the key removal to purge jobs.
- SUPPORT-29: Signer Engine: Fix ods-signer clear <zone> command exits prematurely [OPENDNSSEC-289].
- SUPPORT-30: Signer Engine: RRSIGs are left in the signed zone when authoritative RRsets become glue [OPENDNSSEC-282].
- OPENDNSSEC-278: ods-ksmutil processes waiting forever to get DB lock
- OPENDNSSEC-290: Signer Engine: Fix false conflict when changing CNAME into other RRtype.
- OPENDNSSEC-298: Enforcer: Only unlink existing pidfile on exit if we wrote it.
- OPENDNSSEC-304: Signer Engine: Check pidfile on startup, if pidfile exists and corresponding process is running, then complain and exit.
- OPENDNSSEC-306: Can’t delete zone until Enforcer made signconf.
- Fix assertion error when printing signed zone with empty non-terminals and NSEC.
- Make setting QUERY ID in XFR requests more random.
The documentation for the new DNS adapters can be found here:
DOCSTRUNK/conf.xml
DOCSTRUNK/zonelist.xml
DOCSTRUNK/addns.xml
Download the tarball from: opendnssec-1.4.0a3.tar.gz
You are currently browsing the archives for the Releases category.