* New commandline option for the signer: ods-signer running.
* Allow connection to different MySQL ports in the Enforcer.
* Tone down and explain warning when converting M or Y to seconds
* ldns 1.6.7 is required for bugfixes
* dnsruby 1.51 is required for bugfixes
Migration:
* There is a kasp schema change from the 1.1 branch (or trunk if you built
prior to r3823). To make this transition you have 2 options:
1) Run ods-ksmutil setup again. This will remove _all_ the current
information from the kasp database and start you off again with a fresh
environment.
If that is not an option, or you want to try something else then:
2) run one of the migration scripts
enforcer/utils/migrate_keyshare_mysql.pl
or
enforcer/utils/migrate_keyshare_sqlite3.pl
depending on your database.
NOTE: Although these scripts have been tested it is recommended to make a
backup of your database prior to running them.
Bugfixes:
* Bugreport #187: ods-control signer start will return non-zero if start up
failed (uses ods-signer running).
* Narrow glue at the zone cut is allowed, do not consider it as occluded.
* Move zone fetcher output to correct input adapter file.
* Enforcer shared keys on zones with ShareKeys disabled.
* Make names of key states consistent.
* Signer Engine file descriptor leak fix on engine.sock.
* Set explicit "unlimited" repository capacity to prevent random integer being
read. Requires "ods-ksmutil update conf" to be run if using an existing
database.
* Fix issue with key generation creating too many keys Ticket #194.
* Bugreport #189: Auditor did not handle white-space-seperated substrings
for base64 text
* Bugreport #190: Auditor (and signer) does not handle case correctly
* Signer now silence stdout-output from the notify command
OpenDNSSEC 1.2.0b1:
* A new signer engine, written in c. Zones are maintained in memory, instead of
in files on disk.
* Removed the python and python-4suite-xml dependencies.
* Remove separate autoconf for libhsm/conf/enforcer.
* Add option to disable building the signer.
* Signer logs statistics just after outputting a new signed zone.
* libhsm will skip processing (and not create) any public keys if the
per repository option <SkipPublicKey/> is set.
* Keysharing improved - keys can now exist in different states on each zone
that the key is in use for.
* Backup prepare/commit/rollback added for 2-step backups without taking the
enforcer offline.
* Standby keys are now optional (default to 0) and should be considered
experimental.
Bugfixes:
* Fix semantics of refresh value in Signer Engine.
* Auditor handles chains of empty nonterminals correctly.
* Recalculate salt immediately if the saltlength is changed.
* libhsm connected to slot 0 if the token label was not found.
An error is now returned instead of connecting to the slot.
* Bugreport #102: Removed the obsoleted python-4suite-xml dependency.
* Fixed Known Issue: KSK rollover requires manual timing.
* Fixed Known Issue: Key rollover and reuse of signatures.
* Fixed Known Issue: Issue with sharing keys and adding zones.
* Fixed Known Issue: Quicksorter does not allow certain owner names
(Quicksorter is removed, signer now reads and sorts the zone).
* Performance improvements for large zones
* Clarification to the KSK rollover process
* Partial auditing of large zones
* Improved registrar support (EPP client plugin)
