OpenDNSSEC 1.4.0a2

* OPENDNSSEC-226: Change in conf.xml: Configure the DNS listener IP address
  with /Listener/Interface/Address instead of /Listener/Interface/IPv{4,6}.
* OPENDNSSEC-249: ods-ksmutil: If key export finds nothing to do then say so
  rather than display nothing which might be misinterpreted.
* OPENDNSSEC-262: Signer Engine: Make DNS Adapter ACL optional.
* OPENDNSSEC-263: Signer Engine: Added EDNS0 support, so that zone transfers
  and SOA requests with OPT RRs are possible.
* Enforcer: Add indexes for foreign keys. (sqlite only, MySQL already has them.)

Bugfixes:
* OPENDNSSEC-259: Signer Engine: Fix assertion failure for outbound AXFR for
  large zones.
* OPENDNSSEC-264: Signer Engine: Fix assertion error on reading IXFR from
  backup.
* OPENDNSSEC-265: Signer Engine: Fix crash in corner cases when signing zone
  with NSEC3 and Opt-out.
* OPENDNSSEC-267: Signer Engine: Sign NOTIFY OK response with TSIG, if present
  in the query and ACL.


OpenDNSSEC 1.4.0a1

* Auditor: The Auditor has been removed.
* Enforcer: Key label logging upon deletion (#192 Sebastian Castro)
* Enforcer: Stop multiple instances of the Enforcer running by checking for
  the pidfile at startup. If you want to run multiple instances then a
  different pidfile will need to be specified with the -P flag.
* Enforcer/ods-ksmutil: Use TTLs from KASP when generating DNSKEY and DS
  records for output.
* Enforcer/ods-ksmutil: Give a more descriptive error message if the
  <Datastore> tag in conf.xml does not match the database-backend set at
  compile time.
* ods-ksmutil: Add warnings on "key export --ds" if no active or ready keys
  were seen, or if both were seen (so a key rollover is happening).
* ods-ksmutil: Prevent MySQL username or password being interpreted by the
  shell when running "ods-ksmutil setup"
* ods-ksmutil: "zone delete" renames the signconf file; so that if the zone is
  put back the signer will not pick up the old file.
* ods-ksmutil: "key delete" added. It allows keys that are not currently in
  use to be deleted from the database and HSM.
* OPENDNSSEC-1: Enforcer: Check DelegationSignerSubmitCommand exists and can
  be executed by ods-enforcerd.
* OPENDNSSEC-10: ods-ksmutil: Include key size and algorithm in "key list"
  with -v flag.
* OPENDNSSEC-28: ods-ksmutil: "key list" shows next state with -v flag.
* OPENDNSSEC-35: ods-ksmutil: "rollover list -v" now includes more information
  on the KSKs waiting for the ds-seen command.
* OPENDNSSEC-83: ods-ksmutil: "key generate" now displays how many keys will
  be generated and presents the user with the opportunity to stop the
  operation.
* OPENDNSSEC-124: ods-ksmutil: Suppress database connection information when
  no -v flag is given.
* Signer Engine: Input and Output DNS Adapters.
* Signer Engine: Zonefetcher has been removed.

Known issues:
* Signer Engine: The backup files do not work correctly in this alpha release.

Bugfixes:
* Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.
* ods-ksmutil: "update kasp" now reflects changes in policy descriptions.
* ods-ksmutil: Policy descriptions now have special characters quoted.
* ods-ksmutil: Fix typo in policy export with NSEC3.

opendnssec/Makefile

@@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.32 2011/06/12 17:38:49 pettai Exp $
+# $NetBSD: Makefile,v 1.33 2012/05/31 05:38:16 pettai Exp $
 #
 
-DISTNAME=	opendnssec-1.3.0rc3
+DISTNAME=	opendnssec-1.4.0a2
 CATEGORIES=	net security
-MASTER_SITES=	http://www.opendnssec.org/files/source/
+MASTER_SITES=	http://www.opendnssec.org/files/source/testing/
 
-MAINTAINER=	pettai@nordu.net
+MAINTAINER=	pettai@NetBSD.org
 HOMEPAGE=	http://www.opendnssec.org/
 COMMENT=	OSS for a fast and easy DNSSEC deployment
 LICENSE=	2-clause-bsd
 
-DEPENDS+=	ldns>=1.6.9:../../net/ldns
+DEPENDS+=	ldns>=1.6.12:../../net/ldns
 DEPENDS+=	${RUBY_PKGPREFIX}-rubygems-[0-9]*:../../misc/rubygems
-DEPENDS+=	${RUBY_PKGPREFIX}-dnsruby>=1.52:../../net/ruby-dnsruby
+DEPENDS+=	${RUBY_PKGPREFIX}-dnsruby>=1.53:../../net/ruby-dnsruby
 BUILD_DEPENDS+=	CUnit-[0-9]*:../../devel/cunit
 
 PKG_DESTDIR_SUPPORT=	user-destdir
@@ -51,12 +51,12 @@ SUBST_SED.paths=	-e 's,@EGDIR@,${EGDIR},'
 
 CXXFLAGS.NetBSD+=	-D_NETBSD_SOURCE
 
+CONF_FILES=	${EGDIR}/addns.xml.sample \
+			${ODS_SYSCONFDIR}/addns.xml
 CONF_FILES=	${EGDIR}/conf.xml.sample \
 			${ODS_SYSCONFDIR}/conf.xml
 CONF_FILES+=	${EGDIR}/kasp.xml.sample \
 			${ODS_SYSCONFDIR}/kasp.xml
-CONF_FILES+=	${EGDIR}/zonefetch.xml.sample \
-			${ODS_SYSCONFDIR}/zonefetch.xml
 CONF_FILES+=	${EGDIR}/zonelist.xml.sample \
 			${ODS_SYSCONFDIR}/zonelist.xml
 

opendnssec/PLIST

@@ -1,22 +1,9 @@
-@comment $NetBSD: PLIST,v 1.13 2010/11/17 11:12:00 pettai Exp $
-bin/ods-auditor
+@comment $NetBSD: PLIST,v 1.14 2012/05/31 05:38:16 pettai Exp $
 bin/ods-hsmspeed
 bin/ods-hsmutil
 bin/ods-kasp2html
 bin/ods-kaspcheck
 bin/ods-ksmutil
-lib/opendnssec/kasp_auditor.rb
-lib/opendnssec/kasp_auditor/auditor.rb
-lib/opendnssec/kasp_auditor/changed_config.rb
-lib/opendnssec/kasp_auditor/commands.rb
-lib/opendnssec/kasp_auditor/config.rb
-lib/opendnssec/kasp_auditor/key_tracker.rb
-lib/opendnssec/kasp_auditor/parse.rb
-lib/opendnssec/kasp_auditor/partial_auditor.rb
-lib/opendnssec/kasp_auditor/preparser.rb
-lib/opendnssec/kasp_checker.rb
-lib/opendnssec/time_shift.rb
-man/man1/ods-auditor.1
 man/man1/ods-hsmspeed.1
 man/man1/ods-hsmutil.1
 man/man1/ods-kaspcheck.1
@@ -31,25 +18,29 @@ sbin/ods-control
 sbin/ods-enforcerd
 sbin/ods-signer
 sbin/ods-signerd
+share/examples/opendnssec/addns.xml
+share/examples/opendnssec/addns.xml.sample
 share/examples/opendnssec/conf.xml
 share/examples/opendnssec/conf.xml.sample
 share/examples/opendnssec/kasp.xml
 share/examples/opendnssec/kasp.xml.sample
-share/examples/opendnssec/zonefetch.xml
-share/examples/opendnssec/zonefetch.xml.sample
 share/examples/opendnssec/zonelist.xml
 share/examples/opendnssec/zonelist.xml.sample
+share/opendnssec/addns.rnc
+share/opendnssec/addns.rng
 share/opendnssec/conf.rnc
 share/opendnssec/conf.rng
 share/opendnssec/database_create.sqlite3
+share/opendnssec/enforcerstate.rnc
+share/opendnssec/enforcerstate.rng
 share/opendnssec/kasp.rnc
 share/opendnssec/kasp.rng
 share/opendnssec/kasp2html.xsl
 share/opendnssec/signconf.rnc
 share/opendnssec/signconf.rng
-share/opendnssec/zonefetch.rnc
-share/opendnssec/zonefetch.rng
 share/opendnssec/zonelist.rnc
 share/opendnssec/zonelist.rng
+@pkgdir share/doc/opendnssec
 @pkgdir lib/opendnssec/signer
+@pkgdir lib/opendnssec/kasp_auditor
 @pkgdir etc/opendnssec

opendnssec/distinfo

@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.17 2011/06/12 17:38:49 pettai Exp $
+$NetBSD: distinfo,v 1.18 2012/05/31 05:38:16 pettai Exp $
 
-SHA1 (opendnssec-1.3.0rc3.tar.gz) = 904a45f804ba1efb4f49ef2ebe8b7ccfc9bcb9d3
-RMD160 (opendnssec-1.3.0rc3.tar.gz) = 77aae4c569ab15f86ec257d9610fb0432e4ec628
-Size (opendnssec-1.3.0rc3.tar.gz) = 1071837 bytes
-SHA1 (patch-aa) = ec0db5d0fe2cb5f0808e5113006b1243040b547d
+SHA1 (opendnssec-1.4.0a2.tar.gz) = de000e8bb7e7f7fc1a78e50f47e3febd5c601589
+RMD160 (opendnssec-1.4.0a2.tar.gz) = ee9b9690dcc7baac2422e3464de7eeb12dde419d
+Size (opendnssec-1.4.0a2.tar.gz) = 1008935 bytes
+SHA1 (patch-aa) = d23d7c3cfb7a0a3f21823aa79c6557cbaf818975

opendnssec/patches/patch-aa

@@ -1,16 +1,16 @@
-$NetBSD: patch-aa,v 1.7 2010/11/17 11:12:00 pettai Exp $
+$NetBSD: patch-aa,v 1.8 2012/05/31 05:38:16 pettai Exp $
 
---- conf/Makefile.in.orig	2010-11-17 09:07:35.000000000 +0000
+--- conf/Makefile.in.orig	2012-05-29 07:08:03.000000000 +0000
 +++ conf/Makefile.in
-@@ -277,6 +277,7 @@ sharedstatedir = @sharedstatedir@
+@@ -309,6 +309,7 @@ sbindir = @sbindir@
+ sharedstatedir = @sharedstatedir@
  srcdir = @srcdir@
- subdirs = @subdirs@
  sysconfdir = @sysconfdir@/opendnssec
 +EGDIR=@EGDIR@
  target_alias = @target_alias@
  top_build_prefix = @top_build_prefix@
  top_builddir = @top_builddir@
-@@ -530,19 +531,19 @@ regress: $(RNG)
+@@ -578,19 +579,19 @@ regress: $(RNG)
  		(echo "kasp.xml built")
  
  install-data-hook:
@@ -18,12 +18,12 @@ $NetBSD: patch-aa,v 1.7 2010/11/17 11:12:00 pettai Exp $
 -	test -f ${DESTDIR}${sysconfdir}/conf.xml || \
 -		${INSTALL_DATA} -m 0640 conf.xml ${DESTDIR}${sysconfdir}
 -	${INSTALL_DATA} -m 640 conf.xml ${DESTDIR}${sysconfdir}/conf.xml.sample
+-	test -f ${DESTDIR}${sysconfdir}/addns.xml || \
+-		${INSTALL_DATA} addns.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} addns.xml ${DESTDIR}${sysconfdir}/addns.xml.sample
 -	test -f ${DESTDIR}${sysconfdir}/zonelist.xml || \
 -		${INSTALL_DATA} zonelist.xml ${DESTDIR}${sysconfdir}
 -	${INSTALL_DATA} zonelist.xml ${DESTDIR}${sysconfdir}/zonelist.xml.sample
--	test -f ${DESTDIR}${sysconfdir}/zonefetch.xml || \
--		${INSTALL_DATA} -m 0640 zonefetch.xml ${DESTDIR}${sysconfdir}
--	${INSTALL_DATA} -m 640 zonefetch.xml ${DESTDIR}${sysconfdir}/zonefetch.xml.sample
 -	test -f ${DESTDIR}${sysconfdir}/kasp.xml || \
 -		${INSTALL_DATA} kasp.xml ${DESTDIR}${sysconfdir}
 -	${INSTALL_DATA} kasp.xml ${DESTDIR}${sysconfdir}/kasp.xml.sample
@@ -31,15 +31,15 @@ $NetBSD: patch-aa,v 1.7 2010/11/17 11:12:00 pettai Exp $
 +	test -f ${DESTDIR}${EGDIR}/conf.xml || \
 +		${INSTALL_DATA} -m 0640 conf.xml ${DESTDIR}${EGDIR}
 +	${INSTALL_DATA} -m 640 conf.xml ${DESTDIR}${EGDIR}/conf.xml.sample
++	test -f ${DESTDIR}${EGDIR}/addns.xml || \
++		${INSTALL_DATA} addns.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} addns.xml ${DESTDIR}${EGDIR}/addns.xml.sample
 +	test -f ${DESTDIR}${EGDIR}/zonelist.xml || \
 +		${INSTALL_DATA} zonelist.xml ${DESTDIR}${EGDIR}
 +	${INSTALL_DATA} zonelist.xml ${DESTDIR}${EGDIR}/zonelist.xml.sample
-+	test -f ${DESTDIR}${EGDIR}/zonefetch.xml || \
-+		${INSTALL_DATA} -m 0640 zonefetch.xml ${DESTDIR}${EGDIR}
-+	${INSTALL_DATA} -m 640 zonefetch.xml ${DESTDIR}${EGDIR}/zonefetch.xml.sample
 +	test -f ${DESTDIR}${EGDIR}/kasp.xml || \
 +		${INSTALL_DATA} kasp.xml ${DESTDIR}${EGDIR}
 +	${INSTALL_DATA} kasp.xml ${DESTDIR}${EGDIR}/kasp.xml.sample
+ 
  # Tell versions [3.59,3.63) of GNU make to not export all variables.
  # Otherwise a system limit (for SysV at least) may be exceeded.
- .NOEXPORT: