head 1.9; access; symbols pkgsrc-2023Q4:1.9.0.8 pkgsrc-2023Q4-base:1.9 pkgsrc-2023Q3:1.9.0.6 pkgsrc-2023Q3-base:1.9 pkgsrc-2023Q2:1.9.0.4 pkgsrc-2023Q2-base:1.9 pkgsrc-2023Q1:1.9.0.2 pkgsrc-2023Q1-base:1.9 pkgsrc-2022Q4:1.8.0.10 pkgsrc-2022Q4-base:1.8 pkgsrc-2022Q3:1.8.0.8 pkgsrc-2022Q3-base:1.8 pkgsrc-2022Q2:1.8.0.6 pkgsrc-2022Q2-base:1.8 pkgsrc-2022Q1:1.8.0.4 pkgsrc-2022Q1-base:1.8 pkgsrc-2021Q4:1.8.0.2 pkgsrc-2021Q4-base:1.8 pkgsrc-2021Q3:1.6.0.10 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.8 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.6.0.6 pkgsrc-2021Q1-base:1.6 pkgsrc-2020Q4:1.6.0.4 pkgsrc-2020Q4-base:1.6 pkgsrc-2020Q3:1.6.0.2 pkgsrc-2020Q3-base:1.6 pkgsrc-2020Q2:1.5.0.36 pkgsrc-2020Q2-base:1.5 pkgsrc-2020Q1:1.5.0.16 pkgsrc-2020Q1-base:1.5 pkgsrc-2019Q4:1.5.0.38 pkgsrc-2019Q4-base:1.5 pkgsrc-2019Q3:1.5.0.34 pkgsrc-2019Q3-base:1.5 pkgsrc-2019Q2:1.5.0.32 pkgsrc-2019Q2-base:1.5 pkgsrc-2019Q1:1.5.0.30 pkgsrc-2019Q1-base:1.5 pkgsrc-2018Q4:1.5.0.28 pkgsrc-2018Q4-base:1.5 pkgsrc-2018Q3:1.5.0.26 pkgsrc-2018Q3-base:1.5 pkgsrc-2018Q2:1.5.0.24 pkgsrc-2018Q2-base:1.5 pkgsrc-2018Q1:1.5.0.22 pkgsrc-2018Q1-base:1.5 pkgsrc-2017Q4:1.5.0.20 pkgsrc-2017Q4-base:1.5 pkgsrc-2017Q3:1.5.0.18 pkgsrc-2017Q3-base:1.5 pkgsrc-2017Q2:1.5.0.14 pkgsrc-2017Q2-base:1.5 pkgsrc-2017Q1:1.5.0.12 pkgsrc-2017Q1-base:1.5 pkgsrc-2016Q4:1.5.0.10 pkgsrc-2016Q4-base:1.5 pkgsrc-2016Q3:1.5.0.8 pkgsrc-2016Q3-base:1.5 pkgsrc-2016Q2:1.5.0.6 pkgsrc-2016Q2-base:1.5 pkgsrc-2016Q1:1.5.0.4 pkgsrc-2016Q1-base:1.5 pkgsrc-2015Q4:1.5.0.2 pkgsrc-2015Q4-base:1.5 pkgsrc-2015Q3:1.4.0.22 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.20 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.18 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.16 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.14 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.12 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.10 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.8 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.6 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.4 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.2 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.3.0.6 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.4 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.2 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.2.0.10 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.8 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.6 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.2 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.1.1.1.0.8 pkgsrc-2010Q4-base:1.1.1.1 pkgsrc-2010Q3:1.1.1.1.0.6 pkgsrc-2010Q3-base:1.1.1.1 pkgsrc-2010Q2:1.1.1.1.0.4 pkgsrc-2010Q2-base:1.1.1.1 pkgsrc-2010Q1:1.1.1.1.0.2 pkgsrc-2010Q1-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.9 date 2023.03.03.09.24.20; author fcambus; state Exp; branches; next 1.8; commitid D4QBD5G8LYspVEfE; 1.8 date 2021.10.26.11.18.06; author nia; state Exp; branches; next 1.7; commitid PNswNV9GDLZeojeD; 1.7 date 2021.10.07.14.54.50; author nia; state Exp; branches; next 1.6; commitid nfjKlj1wTplMcTbD; 1.6 date 2020.09.01.14.06.52; author taca; state Exp; branches; next 1.5; commitid uP7ANS91rRFqPlmC; 1.5 date 2015.11.04.01.18.12; author agc; state Exp; branches; next 1.4; commitid agUNgZr58GM2fIHy; 1.4 date 2013.03.15.23.34.44; author pettai; state Exp; branches; next 1.3; 1.3 date 2012.06.16.22.55.26; author pettai; state Exp; branches; next 1.2; 1.2 date 2011.03.12.16.46.05; author pettai; state Exp; branches; next 1.1; 1.1 date 2010.03.13.19.19.51; author pettai; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2010.03.13.19.19.51; author pettai; state Exp; branches; next ; desc @@ 1.9 log @zkt: update to 1.1.6. zkt 1.1.6 -- 04. Jan 2023 * misc New configure.ac file generated by 'autoscan' * bug Jan Münnich found out that "-fcommon" is needed to compile ZKT with gcc 10. This is because of a double external definition caused by including header files while defining "extern" as empty. This is fixed now by eliminating includes within include files so "-fcommon" is not needed. * misc Increase of some string vars because of compiler warnings * bug Fixed an empty statement (semicolon) in freeconfig() (Thank you gcc!) zkt 1.1.5 -- 17. Jun 2019 * misc Option -r of dnssec-keygen has been deprecated since 9.13 (or so) Usage removed in dki_new() * func recursive_file_mtime() function added by Sven Stickroth This is useful if several zone files are included in a main zone.db file to track a change of any of the input files. It is not compiled in by default (use configure --enable-inc-file-tracking to enable) because for large zone files this could be a time consuming process. It is possible to add all included files to the local config parameter "DependFiles" instead. (Use zkt-conf to get a list of files to be added). * misc Log name of zone if KSK is expired Thanks to Sven Stickroth * misc DEST_DIR added to Makefile to install executables at common places Thanks to Sven Stickroth * bug Fix typos in rollover.c make clean also cleans OBJ_KLS files Thanks to Sven Stickroth @ text @$NetBSD: distinfo,v 1.8 2021/10/26 11:18:06 nia Exp $ BLAKE2s (zkt-1.1.6.tar.gz) = a05b2801d500a8c802cd40487cf547982b84aa9a4a46d1632c44bf443bd5e513 SHA512 (zkt-1.1.6.tar.gz) = e9acd651bc80d808b7fb9258cb14a0952adc736a2e7e7a72f4fc1d8f45006988c43157b3c26d725f98732be01f6dd7691b3931ebe12f9fda87c8bf5e9c51db6b Size (zkt-1.1.6.tar.gz) = 408892 bytes @ 1.8 log @security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2021/10/07 14:54:50 nia Exp $ d3 3 a5 3 BLAKE2s (zkt-1.1.4.tar.gz) = 360dd99a00a266269cdf8da01a3dfd32bf6501f283848b53533e3f6c2b6b7e14 SHA512 (zkt-1.1.4.tar.gz) = 349b49645557c9e03949c742bf4b37b4c3605b984c5990a3517519f31d23be3c6fb63349707a8c742f0c40c6aeb558592ce9c4e3b6656faec7947d2dfea6a178 Size (zkt-1.1.4.tar.gz) = 382629 bytes @ 1.7 log @security: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2020/09/01 14:06:52 taca Exp $ d3 1 a3 1 RMD160 (zkt-1.1.4.tar.gz) = e987e25d960d5dba19cbc54e18b0b8144e83aa1a @ 1.6 log @security/zkt: update to 1.1.4 * pkgsrc change: switch dependency from net/bind914 to net/bind916. zkt 1.1.4 -- 9. May 2016 * misc Hint to mailinglist removed from README file * bug pathname wasn't initialized in any case (dist_and_reload() in nscomm.c Thanks Jeremy C. Reed * bug move $(LIBS) at the end of the ggc link line in Makefile.in * misc Exitcode of external command is now visible in log messages stderr of each external command is redirected to stdin * bug Fixed some potential memory leaks in ncparse.c dki.c zfparse.c and zkt-soaserial.c (mostly a missing fclose() on error conditions). Thanks to Jeremy C. Reed * misc README file changed to Markdown syntax * bug running zkt-keyman -3 didn't change anything on the key database so a zkt-signer run afterwards didn't see anything to do. Now the timestamp of the dnskey.db will be reset to a value less than the timestamp of the (new) key signing key. Thanks to Sven Strickroth for finding this. * func New binary zkt-delegate added Because it depends on the ldns library, it is located in a separate directory and use a different Makefile * func New Compile time option "--enable-ds-tracking" added. Now dig is used on KSK rollover to check if the DS record is announced in the parent zone. Thanks to Sven Strickroth providing the patch. zkt 1.1.3 -- 21. Nov 2014 * func New Config Parameter DependFiles added. Contains a (comma separated) list of files which are included into the ZoneFile. The timestamps of this files are checked additional to the timestamp of the ZoneFile. Based on a suggestion from Sven Strickroth * misc Makefile changed to build tar file out of git repository * misc Minimum supported BIND version is now 9.8 * bug Fixed bug in BIND version parsing (9.10.1 was parsed as 910 which is similar to 9.1.0) Version 9.10.1 is parsed now as 091001 * misc Remove flag to request large exponent when creating keys (BIND always creates keys with large exponents since BIND 9.5.0) * misc Project moved to github Thanks to Jakob Schlyter for doing the initial stuff @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2015/11/04 01:18:12 agc Exp $ a2 1 SHA1 (zkt-1.1.4.tar.gz) = ad2d4422f05f83d04278ecccfe854852956dcc62 @ 1.5 log @Add SHA512 digests for distfiles for security category Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2013/03/15 23:34:44 pettai Exp $ d3 4 a6 4 SHA1 (zkt-1.1.2.tar.gz) = f954f0a918b71692ca3d7d53a71dce65d211c79e RMD160 (zkt-1.1.2.tar.gz) = 59d0139d7dc7eee137ddb9f3c4b0869296c5ef2a SHA512 (zkt-1.1.2.tar.gz) = 19271bf7e2d1877c81a42792266286b679532caa653437c25052770375634ac4f916c1ce9c08eb5f62a723746607f7f35d947de4f52df91d00609d476fbce4de Size (zkt-1.1.2.tar.gz) = 343388 bytes @ 1.4 log @zkt 1.1.2 * bug Fixed bug introduced by changes on inc_soa_serial() zkt 1.1.1 * bug Error fixed in zkt-conf in parsing the version number * misc inc_soa_serial() now returns 0 on success * bug Fixed bug in inc_serial() The zone file wasn't closed on succesful change of the soa record. Many thanks to Frederik Soderblom for fixing this. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2012/06/16 22:55:26 pettai Exp $ d5 1 @ 1.3 log @zkt 1.1 -- 30. Jan 2012 * misc Release numbering changed to three level "major.minor.revison" scheme * bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson) * doc Improved README file (Thanks to Jan-Piet Mens) * misc Fix of some typos in log messages * bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked) * misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode) Default Sig Lifetime changed from 10 days to 3 weeks (21 days) Default ZSK lifetime changed from 3 months to 4 times the sig lifetime Default KSK lifetime changed from 1 year to 2 years Parameter checks in checkconfig() adapted. KSK random device changed back from /dev/urandom to BIND default (Be aware of some possibly long delay in key generation) * func New configure option to set the bind utility path manually (--enable-bindutil_path) BIND_UTIL_PATH in config_zkt.h will no longer used * bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1 or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead. * bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz) * func Description added to (some of the) dnssec.conf parameters * func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs * misc Config file syntax changed to parameter names without underscores. zkt-conf uses ZKT_VERSION string as config version * bug "make install-man" now installs all man page * bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already included dnskey.db file if another file was included. * misc destination dnssec-zkt removed from Makefile.in * func dki_prt_managedkeys() added to dki.c zkt_list_managedkeys() added to zkt.c zkt-ls has new option -M to print out a list of managed-keys * bug Bug fixed in the config parser (zconf.c). Couldn't parse agorithm RSASHA512 correctly (Thanks to Michael Sinatra) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2011/03/12 16:46:05 pettai Exp $ d3 3 a5 3 SHA1 (zkt-1.1.0.tar.gz) = 3adbeba2547f971259c3e07fa4b8166daa3bf353 RMD160 (zkt-1.1.0.tar.gz) = 35629aa8bd31bc061f60f14abe3bf94b19041b4b Size (zkt-1.1.0.tar.gz) = 343811 bytes @ 1.2 log @zkt 1.0 -- 15. June 2010 * feat "/dev/urandom" check added to checkconfig() * feat Config compability switch (-C) added to zkt-conf * feat zkt-ls has a new switch -s to change sorting of domains from subdomain before parent to subdomain below the parent * feat "zkt-ls -T" prints only parent trust anchor zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) ) * feat Several config parameter are printed now in a more consistent and user friendly form. SerialFormat "Incremental" could be abbreviated as "inc" on input. * bug use of AC_ARG_ENABLE macros changed in a way that it is possible to use it as a "--disable-FEATURE" switch. * port no longer checking for malloc() in configue script. Mainly because it checks only if malloc(0) is allowed and we do not need this. * port --disable-color-mode added to configure script * bug Makro PRINT_AGE_OF_YEAR renamed to PRINT_AGE_WITH_YEAR in configure.ac * misc man page zkt-keyman added * misc New command zkt-keyman added as replacement for dnssec-zkt's key management functionality * misc man page zkt-ls added * port Check for ncurses added to Makefile.in * misc Color mode (Option -C) added to zkt-ls (experimental) New source file tcap.c. * misc Deprecate "single linked list" version of ZKT. The binary tree version is the default for years, so the VERSION string does no longer contain a "T". Now, if someone insist on the single link list version (configure --disable-tree) a "S" is added to the version string. Anyway, the code for the single link list version does no longer have the same functionality and will be removed in one of the later releases. * misc New command zkt-ls added as replacement for dnssec-zkt's key listing functionality * func New key algorithms RSASHA256 and RSAHSHA512 added to dki.[ch] and zconf.c New parameter NSEC3 added. Now it's possible to configure an NSEC3_OPTOUT zone. * bug Token parsing function gettok() fixed to recognize tokens with dashes ("zone-statistics" was seen as "zone"). Thanks to Andreas Baess for finding this bug. * bug Fixed bug in (re)salting dynamic zones. sig_zone() and gensalt() needs parameter change for this * func New option -a added to zkt-conf * func In zconf.c CONF_TIMEINT parameter are now able to recognize "unset" values (which is represented internaly as 0) * func Set Max_TTL to sig lifetime for dynamic zones or if Max_TTL is less than 1. max_ttl checks in checkconfig() fixed. * func printconfigdiff() added to zconf.c and used by zkt-conf. Now local configs are printed as diff to site wide config. * misc man page zkt-signer.8 changed to new command syntax * func Per domain logging added. Use parameter LogDomainDir to enable it. For more details see file README.logging. * func distribute.sh supports new action type "distkeys" but is currently not used * misc LOG_FNAMETMPL changed and moved from config_zkt.h to log.h * misc Default soa serial format changed from "Incremental" to "Unixtime" * func dnssec-signer command renamed to zkt-signer. Man page updated. * func New command zkt-conf added as replacement for dnssec-zkt -Z * misc timeint2str() is now global (zconf.c) * func zfparse.c - a rudimentary zone file parser scans minimum and maximum ttl values; adds $INCLUDE dnskey.db zkt 0.99d -- Not released * func Option SIG_DnsKeyKSK for DNSKEY signing with KSK only added * misc BIND 9.7 compability @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1.1.1 2010/03/13 19:19:51 pettai Exp $ d3 3 a5 3 SHA1 (zkt-1.0.tar.gz) = c4ecf607854943dab9cb05478b5b4a09cfec0acc RMD160 (zkt-1.0.tar.gz) = 9a52acd41ac136907f0050bd4258fb2040e40adc Size (zkt-1.0.tar.gz) = 331260 bytes @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 SHA1 (zkt-0.99c.tar.gz) = 306302167a2628d0a3c82720f651299a4e5f2018 RMD160 (zkt-0.99c.tar.gz) = d37f42a2f7e484eaf58b4ea47381c9edadd438e4 Size (zkt-0.99c.tar.gz) = 288922 bytes @ 1.1.1.1 log @ZKT is a tool to manage keys and signatures for DNSSEC-zones. The Zone Key Tool consist of two commands: * dnssec-zkt to create and list dnssec zone keys and * dnssec-signer to sign a zone and manage the lifetime of the zone signing keys Both commands are simple wrapper commands around the dnssec-keygen(8) and dnssec-signzone(8) commands provided by BIND. @ text @@