Issues solved:
- OPENDNSSEC-955: Prevent concurrency between certain valid
PKCS#11 HSM operations to avoid some keys
to be (transiently) unavailable.
- OPENDNSSEC-956: Harden signing procedure to still sign zones
for which there are unused keys specified in
the zone which are unavailable.
Known issue:
- OPENDNSSEC-957: Signer daemon stops with failure exit code
even when no error occured.
- OPENDNSSEC-949: Fix for migration bug not keeping proper parameters
of NSEC3 signed zones. Amongst others the zone become NSEC. Loading
the policies fixes the situation, migration scripts now corrected. Since
1.4 does not require a salt, a resalt might be automatic after
migrating, as this is a required parameter.
- OPENDNSSEC-948: do not recreate signatures for keys that are moving
out this fixes unexpected double signatures in the zone.
- SUPPORT-253: Incorrect keytag used when using Combined Signing keys
(CSK) (Thanks to Simon Arlott)
- SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)
- SUPPORT-222: Support ED25519/ED448 keys. This requires library ldns
1.7.0 or better, otherwise unavailable. (Thanks again to Simon
Arlott)
- Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow to run
migration tool on systems without libsqlite3.so.0 soft link. (Thanks
to Paul Wouters)
- Some compilation warnings, o.a. gcc10 related, code quality and
initialization improvements. (Thanks to Jonas Berlin, and Mathieu
MirMont, and Paul Wouters)
- Update to 1.4.14 as first steop to migrating to 2.x
- Resolves: rhbz#1413254 Move tmpfiles.d config to %%{_tmpfilesdir}, install LICENSE as %%license
See:
https://fedoraproject.org/wiki/Packaging:Perl#Build_Dependencies
No rebuild is required.
The original error was:
...
checking time.h presence... yes
checking for time.h... yes
checking for SSL... found in /usr
checking for HMAC_CTX_init in -lcrypto... yes
checking for EVP_sha1... yes
checking for EVP_sha256... yes
checking for dlopen... no
checking for dlopen in -ldl... yes
checking for perl... no
configure: error: perl not found
- Resolves rhbz#1219746 ods-signerd.service misplaced After= in section Service
- Resolves rhbz#1220443 OpenDNSSEC fails to initialise a slot in softhsm on first install
- Updated to 1.4.4 (compatibility with non RFC 5155 errata 3441)
- Change the default ZSK policy from 1024 to 2048 bit RSA keys
- Fix post to be quiet when upgrading opendnssec
- Updated to 1.4.3i (rhel#1048449) - minor bugfixes, minor feature enhancements
- rhel#1025985 OpenDNSSEC signer cannot be started due to a typo in service file