Bug#694542: unblock: opendnssec/1.3.9-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package opendnssec
Hi,
please unblock opendnssec, I have included couple of critical upstream
fixes (after consulation with upstream).
+ OPENDNSSEC-303: ods-ksmutil update zonelist will delete all
zones if unable to open/parse zonelist.xml
+ OPENDNSSEC-282: RRSIGs are left in the signed zone when
authoritative RRsets become glue.
+ OPENDNSSEC-338: ods-ksmutil zone delete --all does not work
Debdiff attached (and reasonably small).
unblock opendnssec/1.3.9-3
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog
--- opendnssec-1.3.9/debian/changelog 2012-09-18 09:27:50.000000000 +0200
+++ opendnssec-1.3.9/debian/changelog 2012-11-27 14:35:11.000000000 +0100
@@ -1,3 +1,15 @@
+opendnssec (1:1.3.9-3) unstable; urgency=low
+
+ * Pull couple of critical upstream fixes:
+ + OPENDNSSEC-303: for ods-ksmutil update zonelist will delete all
+ zones if unable to open/parse zonelist.xml
+ + OPENDNSSEC-282: RRSIGs are left in the signed zone when
+ authoritative RRsets become glue.
+ + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work
+
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 27 Nov 2012 14:26:11 +0100
+
opendnssec (1:1.3.9-2) unstable; urgency=low
* Replace documentation directory with symlink. (Courtesy of Salvatore
diff -Nru opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS
--- opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS 1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS 2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,15 @@
+opendnssec (1:1.3.9-3) unstable; urgency=low
+
+ * Previous versions of OpenDNSSEC had an invalid foreign key in the
+ MySQL database, which causes issues when deleting --all zones from
+ KASP database.
+
+ If you have created your database in version 1.3.9, you should run
+ following statement in your OpenDNSSEC MySQL database:
+
+ alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1;
+
+ For more information see:
+ https://issues.opendnssec.org/browse/OPENDNSSEC-338
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 27 Nov 2012 14:26:47 +0100
diff -Nru opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch
--- opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch 1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch 2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,26 @@
+--- a/enforcer/utils/ksmutil.c
++++ b/enforcer/utils/ksmutil.c
+@@ -1294,9 +1294,11 @@ cmd_listzone ()
+ xmlFreeTextReader(reader);
+ if (ret != 0) {
+ printf("%s : failed to parse\n", zonelist_filename);
++ return 1;
+ }
+ } else {
+ printf("Unable to open %s\n", zonelist_filename);
++ return 1;
+ }
+
+ /* Allocate space for the list of zone IDs */
+@@ -4710,9 +4712,11 @@ int update_zones(char* zone_list_filenam
+ xmlFreeTextReader(reader);
+ if (ret != 0) {
+ printf("%s : failed to parse\n", zone_list_filename);
++ return 1;
+ }
+ } else {
+ printf("Unable to open %s\n", zone_list_filename);
++ return 1;
+ }
+
+ /* Allocate space for the list of zone IDs */
diff -Nru opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch
--- opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch 1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch 2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,18 @@
+--- a/signer/src/signer/domain.c
++++ b/signer/src/signer/domain.c
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: domain.c 4975 2011-04-19 11:54:20Z matthijs $
++ * $Id: domain.c 6448 2012-06-20 11:57:01Z matthijs $
+ *
+ * Copyright (c) 2009 NLNet Labs. All rights reserved.
+ *
+@@ -963,7 +963,7 @@ domain_print(FILE* fd, domain_type* doma
+ */
+ if (print_glue && (rrset->rr_type == LDNS_RR_TYPE_A ||
+ rrset->rr_type == LDNS_RR_TYPE_AAAA)) {
+- rrset_print(fd, rrset, 0);
++ rrset_print(fd, rrset, 1);
+ }
+ } else {
+ rrset_print(fd, rrset, 0);
diff -Nru opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch
--- opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch 1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch 2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,23 @@
+--- a/enforcer/utils/database_create.sqlite3
++++ b/enforcer/utils/database_create.sqlite3
+@@ -114,8 +114,6 @@ create table dnsseckeys (
+ retire varchar(64) null default null, -- time when the key retires
+ dead varchar(64) null default null, -- time when key is slated for removal
+
+-
+- foreign key (zone_id) references zones (id),
+ foreign key (keypair_id) references keypairs (id)
+ );
+
+--- a/enforcer/utils/database_create.mysql
++++ b/enforcer/utils/database_create.mysql
+@@ -125,8 +125,7 @@ create table dnsseckeys (
+ dead timestamp null default null, # time when key is slated for removal
+
+ constraint primary key (id),
+- constraint foreign key (zone_id) references zones (id),
+- constraint foreign key (keypair_id) references keypairs (id)
++ constraint dnsseckeys_keypairs_id foreign key (keypair_id) references keypairs (id)
+ )ENGINE=InnoDB;
+
+ # parameters_policies - join table to hold the values of parameters
diff -Nru opendnssec-1.3.9/debian/patches/series opendnssec-1.3.9/debian/patches/series
--- opendnssec-1.3.9/debian/patches/series 2012-09-18 09:27:50.000000000 +0200
+++ opendnssec-1.3.9/debian/patches/series 2012-11-27 14:35:11.000000000 +0100
@@ -2,3 +2,6 @@
004-runas_opendnssec.patch
005-rename_regress_for_autotest.patch
009-ods-control.in_fixes.patch
+011-return_if_open_parse_of_zonelist.xml_fails.patch
+012-fix_RRSIGs_with_glue.patch
+013-fix_zone_delete_with_MySQL.patch
Reply to: