head 1.31;
access;
symbols
pkgsrc-2023Q4:1.29.0.2
pkgsrc-2023Q4-base:1.29
pkgsrc-2023Q3:1.25.0.4
pkgsrc-2023Q3-base:1.25
pkgsrc-2023Q2:1.25.0.2
pkgsrc-2023Q2-base:1.25
pkgsrc-2023Q1:1.22.0.2
pkgsrc-2023Q1-base:1.22
pkgsrc-2022Q4:1.21.0.2
pkgsrc-2022Q4-base:1.21
pkgsrc-2022Q3:1.19.0.4
pkgsrc-2022Q3-base:1.19
pkgsrc-2022Q2:1.19.0.2
pkgsrc-2022Q2-base:1.19
pkgsrc-2022Q1:1.16.0.2
pkgsrc-2022Q1-base:1.16
pkgsrc-2021Q4:1.15.0.2
pkgsrc-2021Q4-base:1.15
pkgsrc-2021Q3:1.13.0.4
pkgsrc-2021Q3-base:1.13
pkgsrc-2021Q2:1.13.0.2
pkgsrc-2021Q2-base:1.13
pkgsrc-2021Q1:1.10.0.2
pkgsrc-2021Q1-base:1.10
pkgsrc-2020Q4:1.8.0.2
pkgsrc-2020Q4-base:1.8
pkgsrc-2020Q3:1.6.0.4
pkgsrc-2020Q3-base:1.6
pkgsrc-2020Q2:1.6.0.2
pkgsrc-2020Q2-base:1.6
pkgsrc-2020Q1:1.4.0.2
pkgsrc-2020Q1-base:1.4
pkgsrc-2019Q4:1.1.0.4
pkgsrc-2019Q4-base:1.1;
locks; strict;
comment @# @;
1.31
date 2024.02.26.21.37.07; author nros; state Exp;
branches;
next 1.30;
commitid 2VXmtblIPvvqpZZE;
1.30
date 2023.12.29.18.24.57; author adam; state Exp;
branches;
next 1.29;
commitid CbzM4kTH4d8WeoSE;
1.29
date 2023.12.06.19.27.20; author he; state Exp;
branches;
next 1.28;
commitid e3kKz9sa6AafkrPE;
1.28
date 2023.12.05.12.20.40; author he; state Exp;
branches;
next 1.27;
commitid AMcbI1DYspV9ZgPE;
1.27
date 2023.11.08.13.20.48; author wiz; state Exp;
branches;
next 1.26;
commitid PsuHTklAIsF4bOLE;
1.26
date 2023.10.24.22.10.53; author wiz; state Exp;
branches;
next 1.25;
commitid MTsrqKm6aGrQAVJE;
1.25
date 2023.06.06.12.42.14; author riastradh; state Exp;
branches;
next 1.24;
commitid xhspr6Z8JLQOWSrE;
1.24
date 2023.04.23.14.26.31; author adam; state Exp;
branches;
next 1.23;
commitid Laj8GRA8jxylXemE;
1.23
date 2023.04.19.08.11.23; author adam; state Exp;
branches;
next 1.22;
commitid B8gCWhWtMX9vZGlE;
1.22
date 2023.01.22.16.28.37; author ryoon; state Exp;
branches;
next 1.21;
commitid aiP40A5zgFwvyyaE;
1.21
date 2022.11.23.16.21.01; author adam; state Exp;
branches;
next 1.20;
commitid ju2K3LUYlTJKqQ2E;
1.20
date 2022.11.09.11.39.43; author he; state Exp;
branches;
next 1.19;
commitid oIlTaHgOJph3l11E;
1.19
date 2022.06.12.08.54.05; author he; state Exp;
branches;
next 1.18;
commitid CIbnrPUi8QjafJHD;
1.18
date 2022.04.18.19.12.00; author adam; state Exp;
branches;
next 1.17;
commitid eC9Na3jrfOOUpIAD;
1.17
date 2022.03.31.23.30.17; author wiz; state Exp;
branches;
next 1.16;
commitid UuMglaO90XsfrqyD;
1.16
date 2022.01.10.01.46.43; author ryoon; state Exp;
branches;
next 1.15;
commitid Cj0KeHK24VPiN1oD;
1.15
date 2021.12.08.16.06.20; author adam; state Exp;
branches;
next 1.14;
commitid 2PyWjHx5T8rqARjD;
1.14
date 2021.09.29.19.01.18; author adam; state Exp;
branches;
next 1.13;
commitid WsBUbBM52TSePSaD;
1.13
date 2021.05.04.07.37.19; author he; state Exp;
branches;
next 1.12;
commitid qRjhAVg0rLMZNNRC;
1.12
date 2021.04.21.13.25.20; author adam; state Exp;
branches;
next 1.11;
commitid RAyVO2K5RkoQ8aQC;
1.11
date 2021.04.21.11.42.36; author adam; state Exp;
branches;
next 1.10;
commitid fph0Axs0eT3az9QC;
1.10
date 2021.03.05.21.17.25; author he; state Exp;
branches;
next 1.9;
commitid hyKMcOGfNbAEgaKC;
1.9
date 2021.02.21.09.12.48; author he; state Exp;
branches;
next 1.8;
commitid ds3fuLeTsFbdEyIC;
1.8
date 2020.11.05.09.09.03; author ryoon; state Exp;
branches;
next 1.7;
commitid VqGaBtHnBBcd5GuC;
1.7
date 2020.10.05.07.19.33; author he; state Exp;
branches;
next 1.6;
commitid kFhxeknrUogeuGqC;
1.6
date 2020.06.02.08.24.41; author adam; state Exp;
branches;
next 1.5;
commitid nisovMpvvZm3RCaC;
1.5
date 2020.04.12.08.29.10; author adam; state Exp;
branches;
next 1.4;
commitid 7jZFLCnc3RCww44C;
1.4
date 2020.02.11.08.00.57; author he; state Exp;
branches;
next 1.3;
commitid qkaedKt1XwSLkeWB;
1.3
date 2020.01.31.16.08.48; author he; state Exp;
branches;
next 1.2;
commitid 7cR3RKVWlzOSnRUB;
1.2
date 2020.01.18.21.50.41; author jperkin; state Exp;
branches;
next 1.1;
commitid JW4hJgY8ZdoTFdTB;
1.1
date 2019.11.06.13.44.38; author he; state Exp;
branches;
next ;
commitid DvH3tfbhv2ERlNJB;
desc
@@
1.31
log
@revbump due to security/botan2 update
@
text
@# $NetBSD: Makefile,v 1.30 2023/12/29 18:24:57 adam Exp $
#
DISTNAME= opendnssec-2.1.13
PKGNAME= ${DISTNAME:S/opendnssec/opendnssec2/}
PKGREVISION= 2
CATEGORIES= security net
MASTER_SITES= https://www.opendnssec.org/files/source/
MAINTAINER= he@@NetBSD.org
HOMEPAGE= https://www.opendnssec.org/
COMMENT= OSS for a fast and easy DNSSEC deployment
LICENSE= 2-clause-bsd
TOOL_DEPENDS+= CUnit-[0-9]*:../../devel/cunit
DEPENDS+= ldns>=1.6.17:../../net/ldns
# Uses the same package name, but is not a full drop-in replacement for...
CONFLICTS+= opendnssec-1.*
BUILD_DEFS+= VARBASE
USE_TOOLS+= bash gmake
CONFIG_SHELL= ${BASH}
USE_LANGUAGES= c99 c++
USE_LIBTOOL= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --prefix=${PREFIX:Q}
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
CONFIGURE_ARGS+= --with-ssl=${BUILDLINK_PREFIX.openssl}
CONVERT_DIR= enforcer/utils/1.4-2.0_db_convert
REPLACE_BASH+= ${CONVERT_DIR}/convert_mysql
REPLACE_BASH+= ${CONVERT_DIR}/convert_sqlite
ODS_USER?= opendnssec
ODS_GROUP?= opendnssec
PKG_GROUPS= ${ODS_GROUP}
PKG_USERS= ${ODS_USER}:${ODS_GROUP}
PKG_GECOS.${ODS_USER}= OpenDNSSEC user
PKG_HOME.${ODS_USER}= ${VARBASE}/opendnssec
PKG_SHELL.${ODS_USER}= ${SH}
PKG_USERS_VARS+= ODS_USER
PKG_GROUPS_VARS+= ODS_GROUP
EGDIR= ${PREFIX}/share/examples/opendnssec
DOCDIR= ${PREFIX}/share/doc/opendnssec
MIGRATEDIR= ${PREFIX}/lib/opendnssec
PKG_SYSCONFSUBDIR= opendnssec
MIGRATE_FILES+= README.md convert_mysql convert_sqlite
MIGRATE_FILES+= find_problematic_zones.sql mysql_convert.sql
MIGRATE_FILES+= sqlite_convert.sql
SUBST_CLASSES+= paths
SUBST_FILES.paths= conf/Makefile.in
SUBST_STAGE.paths= pre-configure
SUBST_VARS.paths= EGDIR
# Prepare files for installation
SUBST_CLASSES+= migrate
SUBST_FILES.migrate+= ${CONVERT_DIR}/convert_sqlite
SUBST_FILES.migrate+= ${CONVERT_DIR}/convert_mysql
SUBST_STAGE.migrate= pre-configure
SUBST_SED.migrate= -e 's,SCHEMA=../../src/db/,SCHEMA=./,'
CXXFLAGS.NetBSD+= -D_NETBSD_SOURCE
CONF_FILES+= ${EGDIR}/addns.xml.sample \
${PKG_SYSCONFDIR}/addns.xml
CONF_FILES+= ${EGDIR}/conf.xml.sample \
${PKG_SYSCONFDIR}/conf.xml
CONF_FILES+= ${EGDIR}/kasp.xml.sample \
${PKG_SYSCONFDIR}/kasp.xml
CONF_FILES+= ${EGDIR}/zonelist.xml.sample \
${PKG_SYSCONFDIR}/zonelist.xml
INSTALLATION_DIRS= ${DOCDIR} ${EGDIR}
INSTALLATION_DIRS+= share/opendnssec
INSTALLATION_DIRS+= lib/opendnssec
INSTALLATION_DIRS+= lib/opendnssec/signer
INSTALLATION_DIRS+= lib/opendnssec/kasp_auditor
OWN_DIRS+= ${VARBASE}/opendnssec
OWN_DIRS+= ${VARBASE}/opendnssec/tmp
OWN_DIRS+= ${VARBASE}/opendnssec/signconf
OWN_DIRS+= ${VARBASE}/opendnssec/signed
OWN_DIRS+= ${VARBASE}/opendnssec/unsigned
RCD_SCRIPTS= opendnssec
.include "options.mk"
pre-install:
${MKDIR} ${DESTDIR}${PKG_SYSCONFDIR}
post-install:
for f in ${MIGRATE_FILES}; do \
${INSTALL} ${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/$$f \
${DESTDIR}/${MIGRATEDIR}; \
done
${INSTALL} ${WRKSRC}/enforcer/src/db/schema.mysql \
${DESTDIR}/${MIGRATEDIR}
${INSTALL} ${WRKSRC}/enforcer/src/db/schema.sqlite \
${DESTDIR}/${MIGRATEDIR}
USE_BUILTIN.sqlite3=NO
.include "../../databases/sqlite3/buildlink3.mk"
.include "../../net/ldns/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../textproc/libxml2/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
@
1.30
log
@revbump for boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.29 2023/12/06 19:27:20 he Exp $
d6 1
a6 1
PKGREVISION= 1
@
1.29
log
@security/opendnssec2: update to version 2.1.13.
Pkgsrc changes:
* Checksums, reset PKGREVISION.
Upstream changes:
OpenDNSSEC 2.1.13 - 2023-06-26
* Emit warning when using ods-kaspcheck for RFC 5155
* Fix concurrent usage of command line.
* When using "keep" soa numbering policy mode and the input zone isn't
available, change from exponential back-off to retry upon next resign
interval and only emit a warning, unless this occurs a second time.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.28 2023/12/05 12:20:40 he Exp $
d6 1
@
1.28
log
@security/opendnssec2: Work around a concurrency error + two cosmetic fixes.
* Adopt the suggested patch from
https://issues.opendnssec.org/browse/SUPPORT-278
for what looks like a concurrency error in interfacing
to the HSM module.
* Give correct upper-case/lower-case hint if command
is not configured in the error message.
* Be a bit more verbose about which zone isn't found if
indeed it isn't found.
Bump PKGREVISION.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.27 2023/11/08 13:20:48 wiz Exp $
d4 1
a4 1
DISTNAME= opendnssec-2.1.12
a5 1
PKGREVISION= 7
@
1.27
log
@*: recursive bump for icu 74.1
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.26 2023/10/24 22:10:53 wiz Exp $
d6 1
a6 1
PKGREVISION= 6
@
1.26
log
@*: bump for openssl 3
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.25 2023/06/06 12:42:14 riastradh Exp $
d6 1
a6 1
PKGREVISION= 5
@
1.25
log
@Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.
Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).
No change to BUILD_DEPENDS as used correctly inside buildlink3.
As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.24 2023/04/23 14:26:31 adam Exp $
d6 1
a6 1
PKGREVISION= 4
@
1.24
log
@revbump for boost
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.23 2023/04/19 08:11:23 adam Exp $
d15 1
a15 1
BUILD_DEPENDS+= CUnit-[0-9]*:../../devel/cunit
@
1.23
log
@revbump after textproc/icu update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.22 2023/01/22 16:28:37 ryoon Exp $
d6 1
a6 1
PKGREVISION= 3
@
1.22
log
@*: Recursive revbump from Boost 1.81.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.21 2022/11/23 16:21:01 adam Exp $
d6 1
a6 1
PKGREVISION= 2
@
1.21
log
@massive revision bump after textproc/icu update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.20 2022/11/09 11:39:43 he Exp $
d6 1
a6 1
PKGREVISION= 1
@
1.20
log
@Update OpenDNSSEC2 to version 2.1.12.
Pkgsrc changes:
* Adapt patch, update checksums.
Upstream changes:
OpenDNSSEC 2.1.12 - 2022-11-08
* Ensure debug symbols on RPM-style builds.
* Bug fix that prevented restoring state from when salt length was zero.
* Bug fix for enforcer daemon crash after deleting key on some systems.
OpenDNSSEC 2.1.11 - 2022-09-17
* Improper re-use of already used keys when using as
a consequence of previous bug in 2.1.6
* Improved reporting upon segmentation faults or similar aborts.
* Fix for migration to resalt of length 0.
* Fix for upstream nameserver, implementing IXFR but without support
for IXFR for that specific zone and responding without AXFR.
* Degraded log message key_update_failed because this action is retried.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.19 2022/06/12 08:54:05 he Exp $
d6 1
@
1.19
log
@Update OpenDNSSEC2 to version 2.1.10.
Upstream changes:
OpenDNSSEC 2.1.10 - 2021-09-10
* OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
* OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
* OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count
that is deemed too high.
* SUPPORT-265: Resolve conflict when deleting keys from HSM whilst
also performing step in key roll process. Typically a message
"key_data_update failed" is present in logs.
* Provided RedHat/CentOS spec file in contrib directory.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.18 2022/04/18 19:12:00 adam Exp $
d4 1
a4 1
DISTNAME= opendnssec-2.1.10
@
1.18
log
@revbump for textproc/icu update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.17 2022/03/31 23:30:17 wiz Exp $
d4 1
a4 1
DISTNAME= opendnssec-2.1.9
a5 1
PKGREVISION= 5
@
1.17
log
@*: recursive bump for botan-devel shlib bump
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.16 2022/01/10 01:46:43 ryoon Exp $
d6 1
a6 1
PKGREVISION= 4
@
1.16
log
@*: Recursive revbump from boost 1.78.0
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.15 2021/12/08 16:06:20 adam Exp $
d6 1
a6 1
PKGREVISION= 3
@
1.15
log
@revbump for icu and libffi
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.14 2021/09/29 19:01:18 adam Exp $
d6 1
a6 1
PKGREVISION= 2
@
1.14
log
@revbump for boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.13 2021/05/04 07:37:19 he Exp $
d6 1
a6 1
PKGREVISION= 1
@
1.13
log
@Update OpenDNSSEC version 2 to 2.1.9.
Upstream changes:
OpenDNSSEC 2.1.9 - 2021-05-03
* OPENDNSSEC-955: Prevent concurrency between C_Login/C_OpenSession and
C_FindObject in PKCS#11 operations as some HSMs do not like this and
the key may (transiently) not be available.
* OPENDNSSEC-956: Harden the signing procedure to still sign zones for
which there are unused keys specified in the signconf. These are
included by the enforcer because there may be (outdated) signatures
for them, but the signer doesn't need this reference anymore in 2.1.
However this was left in for backwards compatibility (probably).
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.12 2021/04/21 13:25:20 adam Exp $
d6 1
@
1.12
log
@revbump for boost-libs
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.11 2021/04/21 11:42:36 adam Exp $
d4 1
a4 1
DISTNAME= opendnssec-2.1.8
a5 1
PKGREVISION= 3
@
1.11
log
@revbump for textproc/icu
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.10 2021/03/05 21:17:25 he Exp $
d6 1
a6 1
PKGREVISION= 2
@
1.10
log
@Add a patch to fix a bug in the sqlite3 conversion script,
so that the salt value gets copied to the new kasp.db.
Bump PKGREVISION.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.9 2021/02/21 09:12:48 he Exp $
d6 1
a6 1
PKGREVISION= 1
@
1.9
log
@Update OpenDNSSEC version 2 to 2.1.8.
Upstream changes:
OpenDNSSEC 2.1.8 - 2021-02-20
* OPENDNSSEC-954: Upgrade autoconf/automake configuration chain for
version 2.69/1.16.2.
* SUPPORT-261: Fix to crash when using ods-enforcer set-policy command.
* OPENDNSSEC-953: Fix to crash in case zone file not present while getting
a signconf update and state flush command.
Thanks to Stefan Ubbink from SIDN for the co-operation in this fix.
* OPENDNSSEC-951: Modify the purging of keys, to make it automatic to purge
keys from the HSM.
Thanks to Stefan Ubbink from SIDN for the co-operation in this fix.
* OPENDNSSEC-950: Fix that caused crash when signer was offline for a
prolonged period (but the enforcer wasn't) in the middle of a ZSK roll.
* OPENDNSSEC-952: memory leak in when receiving NOTIFY for non-existent zone
Thanks Sébastien Tisserant to for reporting).
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.8 2020/11/05 09:09:03 ryoon Exp $
d6 1
d58 1
a58 1
SUBST_FILES.paths= ${WRKSRC}/conf/Makefile.in
d64 2
a65 2
SUBST_FILES.migrate+= ${WRKSRC}/${CONVERT_DIR}/convert_sqlite
SUBST_FILES.migrate+= ${WRKSRC}/${CONVERT_DIR}/convert_mysql
@
1.8
log
@*: Recursive revbump from textproc/icu-68.1
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.7 2020/10/05 07:19:33 he Exp $
d4 1
a4 1
DISTNAME= opendnssec-2.1.7
a5 1
PKGREVISION= 1
@
1.7
log
@Update OpenDNSSEC version 2 to 2.1.7.
Upstream changes:
OpenDNSSEC 2.1.7 - 2020-10-05
* OPENDNSSEC-949: Fix for migration bug not keeping proper parameters of NSEC3
signed zones. Amongst others the zone become NSEC. Loading the policies
fixes the situation, migration scripts now corrected. Since 1.4 does not
require a salt, a resalt might be automatic after migrating, as this is
a required parameter.
* OPENDNSSEC-948: do not recreate signatures for keys that are moving out
this fixes unexpected double signatures in the zone.
* SUPPORT-253: Incorrect keytag used when using Combined Signing keys (CSK)
(Thanks to Simon Arlott)
* SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)
* SUPPORT-222: Support ED25519/ED448 keys. This requires library ldns 1.7.0
or better, otherwise unavailable. (Thanks again to Simon Arlott)
* SUPPORT-260: Crash on OpenBSD systems in ixfr_del_rr; possible unverified
fix.
* Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow to run
migration tool on systems without libsqlite3.so.0 soft link.
(Thanks to Paul Wouters)
* Some compilation warnings, o.a. gcc10 related, code quality and
initialization improvements.
(Thanks to Jonas Berlin, and Mathieu MirMont, and Paul Wouters).
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.6 2020/06/02 08:24:41 adam Exp $
d6 1
@
1.6
log
@Revbump for icu
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.5 2020/04/12 08:29:10 adam Exp $
d4 1
a4 1
DISTNAME= opendnssec-2.1.6
a5 1
PKGREVISION= 2
@
1.5
log
@Recursive revision bump after textproc/icu update
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.4 2020/02/11 08:00:57 he Exp $
d6 1
a6 1
PKGREVISION= 1
@
1.4
log
@Update opendnssec2 to version 2.1.6.
Upstream changes:
OpenDNSSEC 2.1.6 - 2020-02-11:
* OPENDNSSEC-913: verify database connection upon every use.
* OPENDNSSEC-944: bad display of date of next transition (regression)
* SUPPORT-250: missing signatures on using combined keys (CSK)
* OPENDNSSEC-945: memory leak per command to enforcer.
* OPENDNSSEC-946: unclean enforcer exit in case of certain config
problems.
* OPENDNSSEC-411: set-policy command to change policy of zone
(experimental). Requestes explicit enforce command to take effect.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.3 2020/01/31 16:08:48 he Exp $
d6 1
@
1.3
log
@Insist on using pkgsrc sqlite3; I got SEGV's via call of null pointers
with the built-in sqlite3 on NetBSD 8.0.
Bump PKGREVISION.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.2 2020/01/18 21:50:41 jperkin Exp $
d4 1
a4 1
DISTNAME= opendnssec-2.1.5
a5 1
PKGREVISION= 2
@
1.2
log
@*: Recursive revision bump for openssl 1.1.1.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.1 2019/11/06 13:44:38 he Exp $
d6 1
a6 1
PKGREVISION= 1
d108 1
@
1.1
log
@Make a separate package for OpenDNSSEC version 2.1.5.
OpenDNSSEC version 2 is not a drop-in replacement for OpenDNSSEC version 1.
See lib/opendnssec/README.md for migration instructions if you were
previously using version 1.
Upstream changes since OpenDNSSEC version 1.4.x:
OpenDNSSEC 2.1.5 - 2019-11-05
* SUPPORT-245: Resolve memory leak in signer introduced in 2.1.4.
* SUPPORT-244: Don't require Host and Port to be specified in conf.xml
when migrating with a MySQL-based enforcer database backend.
* Allow for MySQL database to pre-exist when performing a migration,
and be a bit more verbose during migration.
* New -f argument to ods-enforcer key list to show the full list of key states,
similar to combinining -d and -v.
* Fix AllowExtraction tag in configuration file definition (thanks to raixie1A).
* SUPPORT-242: Skip over EDNS cookie option (thanks to HÃ¥vard Eidne and
Ulrich-Lorenz Schlueter).
* SUPPORT-240: Prevent exit of enforcer daemon upon interrupted interaction
with CLI commands.
* Correct some error messages (thanks to Jonas Berlin).
OpenDNSSEC 2.1.4 - 2019-05-16
* SUPPORT-229: Missing signatures for key new while signatures for old key
still present under certain kasp policies, leading to bogus zones.
Root cause for bug existed but made prominent since 2.1.3 release.
* OPENDNSSEC-942: time leap command for signer for debugging purposes
only, not to be used on actual deployments.
* OPENDNSSEC-943: support build on MacOS with missing pthread barriers
* SUPPORT-229: fixed for too early retivement of signatures upon double
rrsig key roll signing strategy.
* Strip build directory from doxygen docs
* remove bashisms from ods-kasp2html.in
* upgrade developer build scripts to softhsm-2.5.0 update some platform
dependent files (only for developers).
* The ods-signer and ods-signerd man page should be in section 8 not 22
Note that this might mean that package managers should remove the older
man pages from the old location.
OpenDNSSEC 2.1.3 - 2017-08-10
* OPENDNSSEC-508: Tag was not functioning correctly
* OPENDNSSEC-901: Enforcer would ignore tag in conf.xml
* OPENDNSSEC-906: Tag tag included from late 1.4 development
* OPENDNSSEC-894: repair configuration script to allow excluding the build of
the enforcer.
* OPENDNSSEC-890: Mismatching TTLs in record sets would cause bogus signatures.
* OPENDNSSEC-886: Improper time calculation on 32 bits machine causes purge
time to be skipped.
* OPENDNSSEC-904 / SUPPORT-216 autoconfigure fails to properly identify
functions in ssl library on certain distributions
causing tsig unknown algorithm hmac-sha256
* OPENDNSSEC-908: Warn when TTL exceeds KASP's MaxZoneTTL instead of capping.
OpenDNSSEC 2.1.1 - 2017-04-28
* OPENDNSSEC-882: Signerd exit code always non-zero.
* OPENDNSSEC-889: MySQL migration script didn't work for all database and
MySQL versions.
* OPENDNSSEC-887: Segfault on extraneous tag.
* OPENDNSSEC-880: Command line parsing for import key command failed.
* OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for
same rrset are mismatching.
OpenDNSSEC 2.1.0 - 2017-02-22
* If listening port for signer is not set in conf file, the default value
"15354" is used.
* Enforce and signconf tasks are now scheduled individually per zone. Resign
per policy.
* OPENDNSSEC-450: Implement support for ECDSA P-256, P-384, GOST.
Notice: SoftHSMv1 only supports RSA. SoftHSMv2 can be compiled with
support for these.
* zone delete removes tasks associated with zone from queue.
* Show help for ods-enforcer-db-setup
* OPENDNSSEC-778: Double NSEC3PARAM record after resalt.
* In the kasp file, KSK/ZSK section, the algorithm length MUST be set now.
* signer clear would assert when signconf wasn't read yet.
* The tag had been deprecated, and is now no longer allowed to
be specified in the conf.xml for the Enforcer.
* OPENDNSSEC-864: ods-signer didn't print help. Also --version and --socket
options where not processed.
* OPENDNSSEC-869: ds-seen command did not give error on badly formatted keytag.
* OPENDNSSEC-681: After fork() allow child process to pass error messages to
parent so they can be printed to the console in case of failed start.
* OPENDNSSEC-849: Crash on free of part of IXFR structure.
* OPENDNSSEC-759: Reduce HSM access during ods-signerd start. Daemon should
start quicker and earlier available for user input.
* OPENDNSSEC-479: Transferring zones and sending notifies through
a bound socket , using the same interface as listener.
* Key cache is now shared between threads.
* OPENDNSSEC-858: Don't print "completed in x seconds" to stderr for enforcer
commands.
* Various memory leaks
* OPENDNSSEC-601: signer and enforcer working dir would not properly
fallback to default when not specified.
* OPENDNSSEC-503: Speed up initial signing and algorithm rollover.
* A bash autocompletion script is included in contrib for ods-enforcer and
ods-signer.
* SUPPORT-208: Strip comment from key export.
* OPENDNSSEC-552: On key export don't print SHA1 DS by default.
(introduced --sha1 option to key export.) Usage of sha1 is deprecated and
will be removed from future versions of OpenDNSSEC.
OpenDNSSEC 2.0.1 - 2016-07-21
* Fixed crash and linking issue in ods-migrate.
* Fixed case where 2.0.0 could not read backup files from 1.4.10.
* Fixed bug in migration script where key state wasn't transformed properly.
OpenDNSSEC 2.0.0-1
* include db creation scripts in dist tarball needed for migration from 1.4.
OpenDNSSEC 2.0.0 - 2016-07-07
* OpenDNSSEC-99: Skip "are you sure" messages. Add --force and -f flag to
ods-enforcer-db-setup and hsmutil purge
* OPENDNSSEC-808: Crash on query with empty query section (thanks
Havard Eidnes)
* OpenDNSSEC-771: Signer. Do not log warning on deleting a missing
NSEC3PARAM RR.
* OPENDNSSEC-801: Set AA flag on outgoing AXFR.
* SUPPORT-191: Regression, Must accept notify without SOA (thanks
Christos Trochalakis)
OpenDNSSEC 2.0b1 - 2016-04-14
First public release of OpenDNSSEC. Initial pre-releases have been
made to a smaller audience, this pre-release is explicitly made available
to all. At this moment, there are no known functional bugs. There are
naturally issues, especially to make working with OpenDNSSEC easier, however
none should prevent you to use OpenDNSSEC in production for the average
case, even though this is a pre-release. Which is because of the still
limited documentation, and is not being run in production yet.
* The enforcer can no longer be run on a single policy at a time
anymore. An enforce run will always process all zones.
* The key generate method is at this time not available.
* The key export method will not allow you to export keys for all zones
at once (--all flag) or for a particular type of key (--keystate).
It will not export ZSK keys.
* The zonelist.xml in etc/opendnssec is no longer updated automatically,
and by default works as if the --no-xml flag was specified. Use
--xml to the zone add command to update the zonelist.xml. If updating
the zonelist fails, the zone will still be added and not updated in
the xml with future zone adds.
* Plugins directory renamed to contrib.
* Default signer working directory renamed from tmp to signer.
* Configure option --with-database-backend renamed --with-enforcer-database
* Zones on a manual rollover policy will not get a key assigned to them
immediately.
OpenDNSSEC 2.0.0a5
Project transfer to NLnetLabs, performing code drop as-is for evaluation
purposes only.
OpenDNSSEC 2.0.0a4 (EnforcerNG branch)
* SUPPORT-72: Improve logging when failed to increment serial in case
of key rollover and serial value "keep" [OPENDNSSEC-461].
* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
key directly if SkipPublicKey is used [OPENDNSSEC-573].
* OPENDNSSEC-106: Add 'ods-enforcerd -p ' option. This prompts the
enforcer to run once and only process the specified policy and associated
zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml.
Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen'
command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command
could warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default
and