From owner-svn-ports-head@freebsd.org Thu May 5 17:09:43 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3955B2EEBE; Thu, 5 May 2016 17:09:43 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7B354197A; Thu, 5 May 2016 17:09:43 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u45H9gkn095141; Thu, 5 May 2016 17:09:42 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u45H9gKI095139; Thu, 5 May 2016 17:09:42 GMT (envelope-from pi@FreeBSD.org) Message-Id: <201605051709.u45H9gKI095139@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Thu, 5 May 2016 17:09:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r414652 - head/dns/opendnssec X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2016 17:09:43 -0000 Author: pi Date: Thu May 5 17:09:42 2016 New Revision: 414652 URL: https://svnweb.freebsd.org/changeset/ports/414652 Log: dns/opendnssec: 1.4.9 -> 1.4.10 This release fix targets stability issues which have had a history and have been hard to reproduce. Issues that have been reported over the past half year have been fixed that may have even come up earlier as rare occasions. Stability should be improved, running OpenDNSSEC as a long term service. Changes in TTL in the input zone that seem not to be propagated, notifies to slaves under heavy zone activity load that where not handled properly and could lead to assertions. NSEC3PARAM that would appear duplicate in the resulting zone, and crashes in the signer daemon in seldom race conditions or re-opening due to a HSM reset. No migration steps needed when upgrading from OpenDNSSEC 1.4.9. Also have a look at our OpenDNSSEC 2.0 beta release, its impending release will help us forward with new development and signal phasing out historic releases. Fixes: - SUPPORT-156 OPENDNSSEC-771: Multiple NSEC3PARAM records in signed zone. After a resalt the signer would fail to remove the old NSEC3PARAM RR until a manual resign or incoming transfer. Old NSEC3PARAMS are removed when inserting a new record, even if they look the same. - OPENDNSSEC-725: Signer did not properly handle new update while still distributing notifies to slaves. An AXFR disconnect looked not to be handled gracefully. - SUPPORT-171: Signer would sometimes hit an assertion using DNS output adapter when .ixfr was missing or corrupt but .backup file available. - Above two issues also in part addresses problems with seemingly corrected backup files (SOA serial). Also an crash on badly configured DNS output adapters is averted. - The signer daemon will now refuse to start when failed to open a listen socket for DNS handling. - OPENDNSSEC-478,750,581 and 582 and SUPPORT-88: Segmentation fault in signer daemon when opening and closing HSM multiple times. Also addresses other concurrency access by avoiding a common context to the HSM (a.k.a. NULL context). - OPENDNSSEC-798: Improper use of key handles across hsm reopen, causing keys not to be available after a re-open. - SUPPORT-186: IXFR disregards TTL changes, when only TTL of an RR is changed. TTL changes should be treated like any other changes to records. - When OpenDNSSEC now overrides a TTL value, this is now reported in the log files. PR: 209261 Submitted by: jaap@NLnetLabs.nl (mainainer) Modified: head/dns/opendnssec/Makefile head/dns/opendnssec/distinfo Modified: head/dns/opendnssec/Makefile ============================================================================== --- head/dns/opendnssec/Makefile Thu May 5 16:55:11 2016 (r414651) +++ head/dns/opendnssec/Makefile Thu May 5 17:09:42 2016 (r414652) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= opendnssec -PORTVERSION= 1.4.9 +PORTVERSION= 1.4.10 CATEGORIES= dns MASTER_SITES= http://dist.opendnssec.org/source/ Modified: head/dns/opendnssec/distinfo ============================================================================== --- head/dns/opendnssec/distinfo Thu May 5 16:55:11 2016 (r414651) +++ head/dns/opendnssec/distinfo Thu May 5 17:09:42 2016 (r414652) @@ -1,2 +1,2 @@ -SHA256 (opendnssec-1.4.9.tar.gz) = 50a157d26d8b9ae370cd7fa52c7c6f43f4c77aeeb5d0fccd6a2e92c7dfc1d88e -SIZE (opendnssec-1.4.9.tar.gz) = 1043700 +SHA256 (opendnssec-1.4.10.tar.gz) = 55b44c1da3a665eef0af1d1b3f4d1c57d20f50f77858b1dd3d03ca6ebc1df7cb +SIZE (opendnssec-1.4.10.tar.gz) = 1036069