Bug#694542: unblock: opendnssec/1.3.9-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#694542: unblock: opendnssec/1.3.9-3
From: Ondřej Surý <ondrej@debian.org>
Date: Tue, 27 Nov 2012 14:55:22 +0100
Message-id: <[🔎] 20121127135522.29420.81975.reportbug@localhost6.localdomain6>
Reply-to: OndÅ™ej SurÃ½ <ondrej@debian.org>, 694542@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package opendnssec

Hi,

please unblock opendnssec, I have included couple of critical upstream
fixes (after consulation with upstream).

 + OPENDNSSEC-303: ods-ksmutil update zonelist will delete all
   zones if unable to open/parse zonelist.xml
 + OPENDNSSEC-282: RRSIGs are left in the signed zone when
   authoritative RRsets become glue.
 + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work

Debdiff attached (and reasonably small).

unblock opendnssec/1.3.9-3

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog
--- opendnssec-1.3.9/debian/changelog	2012-09-18 09:27:50.000000000 +0200
+++ opendnssec-1.3.9/debian/changelog	2012-11-27 14:35:11.000000000 +0100
@@ -1,3 +1,15 @@
+opendnssec (1:1.3.9-3) unstable; urgency=low
+
+  * Pull couple of critical upstream fixes:
+    + OPENDNSSEC-303: for ods-ksmutil update zonelist will delete all
+      zones if unable to open/parse zonelist.xml
+    + OPENDNSSEC-282: RRSIGs are left in the signed zone when
+      authoritative RRsets become glue.
+    + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work
+
+
+ -- Ondřej Surý <ondrej@debian.org>  Tue, 27 Nov 2012 14:26:11 +0100
+
 opendnssec (1:1.3.9-2) unstable; urgency=low
 
   * Replace documentation directory with symlink. (Courtesy of Salvatore
diff -Nru opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS
--- opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,15 @@
+opendnssec (1:1.3.9-3) unstable; urgency=low
+
+  * Previous versions of OpenDNSSEC had an invalid foreign key in the
+    MySQL database, which causes issues when deleting --all zones from
+    KASP database.
+
+    If you have created your database in version 1.3.9, you should run
+    following statement in your OpenDNSSEC MySQL database:
+  
+        alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1;
+
+    For more information see: 
+      https://issues.opendnssec.org/browse/OPENDNSSEC-338
+
+ -- Ondřej Surý <ondrej@debian.org>  Tue, 27 Nov 2012 14:26:47 +0100
diff -Nru opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch
--- opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,26 @@
+--- a/enforcer/utils/ksmutil.c
++++ b/enforcer/utils/ksmutil.c
+@@ -1294,9 +1294,11 @@ cmd_listzone ()
+         xmlFreeTextReader(reader);
+         if (ret != 0) {
+             printf("%s : failed to parse\n", zonelist_filename);
++            return 1;
+         }
+     } else {
+         printf("Unable to open %s\n", zonelist_filename);
++        return 1;
+     }
+ 
+     /* Allocate space for the list of zone IDs */
+@@ -4710,9 +4712,11 @@ int update_zones(char* zone_list_filenam
+         xmlFreeTextReader(reader);
+         if (ret != 0) {
+             printf("%s : failed to parse\n", zone_list_filename);
++            return 1;
+         }
+     } else {
+         printf("Unable to open %s\n", zone_list_filename);
++        return 1;
+     }
+ 
+     /* Allocate space for the list of zone IDs */
diff -Nru opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch
--- opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,18 @@
+--- a/signer/src/signer/domain.c
++++ b/signer/src/signer/domain.c
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: domain.c 4975 2011-04-19 11:54:20Z matthijs $
++ * $Id: domain.c 6448 2012-06-20 11:57:01Z matthijs $
+  *
+  * Copyright (c) 2009 NLNet Labs. All rights reserved.
+  *
+@@ -963,7 +963,7 @@ domain_print(FILE* fd, domain_type* doma
+ */
+                     if (print_glue && (rrset->rr_type == LDNS_RR_TYPE_A ||
+                         rrset->rr_type == LDNS_RR_TYPE_AAAA)) {
+-                        rrset_print(fd, rrset, 0);
++                        rrset_print(fd, rrset, 1);
+                     }
+                 } else {
+                     rrset_print(fd, rrset, 0);
diff -Nru opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch
--- opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,23 @@
+--- a/enforcer/utils/database_create.sqlite3
++++ b/enforcer/utils/database_create.sqlite3
+@@ -114,8 +114,6 @@ create table dnsseckeys (
+   retire        varchar(64) null default null,  -- time when the key retires
+   dead          varchar(64) null default null,  -- time when key is slated for removal
+ 
+-
+-  foreign key (zone_id) references zones (id),
+   foreign key (keypair_id) references keypairs (id)
+ );
+ 
+--- a/enforcer/utils/database_create.mysql
++++ b/enforcer/utils/database_create.mysql
+@@ -125,8 +125,7 @@ create table dnsseckeys (
+   dead          timestamp null default null,  # time when key is slated for removal
+ 
+   constraint primary key (id),
+-  constraint foreign key (zone_id) references zones (id),
+-  constraint foreign key (keypair_id) references keypairs (id)
++  constraint dnsseckeys_keypairs_id foreign key (keypair_id) references keypairs (id)
+ )ENGINE=InnoDB;
+ 
+ # parameters_policies - join table to hold the values of parameters
diff -Nru opendnssec-1.3.9/debian/patches/series opendnssec-1.3.9/debian/patches/series
--- opendnssec-1.3.9/debian/patches/series	2012-09-18 09:27:50.000000000 +0200
+++ opendnssec-1.3.9/debian/patches/series	2012-11-27 14:35:11.000000000 +0100
@@ -2,3 +2,6 @@
 004-runas_opendnssec.patch
 005-rename_regress_for_autotest.patch
 009-ods-control.in_fixes.patch
+011-return_if_open_parse_of_zonelist.xml_fails.patch
+012-fix_RRSIGs_with_glue.patch
+013-fix_zone_delete_with_MySQL.patch

Reply to:

Follow-Ups:
- Processed: Re: Bug#694542: unblock: opendnssec/1.3.9-3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#694542: unblock: opendnssec/1.3.9-3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#694525: nmu: 227 source packages, for GStaticMutex
Next by Date: Bug#694550: tpu: libio-prompt-perl/0.997001-1+deb7u1
Previous by thread: Re: Please unblock libcitadel
Next by thread: Processed: Re: Bug#694542: unblock: opendnssec/1.3.9-3
Index(es):
- Date
- Thread