Bug#694542: marked as done (unblock: opendnssec/1.3.9-4)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 15 Jan 2013 19:00:44 +0000
with message-id <1358276444.16752.1.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#694542: unblock: opendnssec/1.3.9-3
has caused the Debian Bug report #694542,
regarding unblock: opendnssec/1.3.9-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
694542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694542
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: opendnssec/1.3.9-3
• From: Ondřej Surý <ondrej@debian.org>
• Date: Tue, 27 Nov 2012 14:55:22 +0100
• Message-id: <20121127135522.29420.81975.reportbug@localhost6.localdomain6>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package opendnssec

Hi,

please unblock opendnssec, I have included couple of critical upstream
fixes (after consulation with upstream).

 + OPENDNSSEC-303: ods-ksmutil update zonelist will delete all
   zones if unable to open/parse zonelist.xml
 + OPENDNSSEC-282: RRSIGs are left in the signed zone when
   authoritative RRsets become glue.
 + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work

Debdiff attached (and reasonably small).

unblock opendnssec/1.3.9-3

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog
--- opendnssec-1.3.9/debian/changelog	2012-09-18 09:27:50.000000000 +0200
+++ opendnssec-1.3.9/debian/changelog	2012-11-27 14:35:11.000000000 +0100
@@ -1,3 +1,15 @@
+opendnssec (1:1.3.9-3) unstable; urgency=low
+
+  * Pull couple of critical upstream fixes:
+    + OPENDNSSEC-303: for ods-ksmutil update zonelist will delete all
+      zones if unable to open/parse zonelist.xml
+    + OPENDNSSEC-282: RRSIGs are left in the signed zone when
+      authoritative RRsets become glue.
+    + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work
+
+
+ -- Ondřej Surý <ondrej@debian.org>  Tue, 27 Nov 2012 14:26:11 +0100
+
 opendnssec (1:1.3.9-2) unstable; urgency=low
 
   * Replace documentation directory with symlink. (Courtesy of Salvatore
diff -Nru opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS
--- opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,15 @@
+opendnssec (1:1.3.9-3) unstable; urgency=low
+
+  * Previous versions of OpenDNSSEC had an invalid foreign key in the
+    MySQL database, which causes issues when deleting --all zones from
+    KASP database.
+
+    If you have created your database in version 1.3.9, you should run
+    following statement in your OpenDNSSEC MySQL database:
+  
+        alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1;
+
+    For more information see: 
+      https://issues.opendnssec.org/browse/OPENDNSSEC-338
+
+ -- Ondřej Surý <ondrej@debian.org>  Tue, 27 Nov 2012 14:26:47 +0100
diff -Nru opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch
--- opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,26 @@
+--- a/enforcer/utils/ksmutil.c
++++ b/enforcer/utils/ksmutil.c
+@@ -1294,9 +1294,11 @@ cmd_listzone ()
+         xmlFreeTextReader(reader);
+         if (ret != 0) {
+             printf("%s : failed to parse\n", zonelist_filename);
++            return 1;
+         }
+     } else {
+         printf("Unable to open %s\n", zonelist_filename);
++        return 1;
+     }
+ 
+     /* Allocate space for the list of zone IDs */
+@@ -4710,9 +4712,11 @@ int update_zones(char* zone_list_filenam
+         xmlFreeTextReader(reader);
+         if (ret != 0) {
+             printf("%s : failed to parse\n", zone_list_filename);
++            return 1;
+         }
+     } else {
+         printf("Unable to open %s\n", zone_list_filename);
++        return 1;
+     }
+ 
+     /* Allocate space for the list of zone IDs */
diff -Nru opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch
--- opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,18 @@
+--- a/signer/src/signer/domain.c
++++ b/signer/src/signer/domain.c
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: domain.c 4975 2011-04-19 11:54:20Z matthijs $
++ * $Id: domain.c 6448 2012-06-20 11:57:01Z matthijs $
+  *
+  * Copyright (c) 2009 NLNet Labs. All rights reserved.
+  *
+@@ -963,7 +963,7 @@ domain_print(FILE* fd, domain_type* doma
+ */
+                     if (print_glue && (rrset->rr_type == LDNS_RR_TYPE_A ||
+                         rrset->rr_type == LDNS_RR_TYPE_AAAA)) {
+-                        rrset_print(fd, rrset, 0);
++                        rrset_print(fd, rrset, 1);
+                     }
+                 } else {
+                     rrset_print(fd, rrset, 0);
diff -Nru opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch
--- opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch	1970-01-01 01:00:00.000000000 +0100
+++ opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch	2012-11-27 14:35:11.000000000 +0100
@@ -0,0 +1,23 @@
+--- a/enforcer/utils/database_create.sqlite3
++++ b/enforcer/utils/database_create.sqlite3
+@@ -114,8 +114,6 @@ create table dnsseckeys (
+   retire        varchar(64) null default null,  -- time when the key retires
+   dead          varchar(64) null default null,  -- time when key is slated for removal
+ 
+-
+-  foreign key (zone_id) references zones (id),
+   foreign key (keypair_id) references keypairs (id)
+ );
+ 
+--- a/enforcer/utils/database_create.mysql
++++ b/enforcer/utils/database_create.mysql
+@@ -125,8 +125,7 @@ create table dnsseckeys (
+   dead          timestamp null default null,  # time when key is slated for removal
+ 
+   constraint primary key (id),
+-  constraint foreign key (zone_id) references zones (id),
+-  constraint foreign key (keypair_id) references keypairs (id)
++  constraint dnsseckeys_keypairs_id foreign key (keypair_id) references keypairs (id)
+ )ENGINE=InnoDB;
+ 
+ # parameters_policies - join table to hold the values of parameters
diff -Nru opendnssec-1.3.9/debian/patches/series opendnssec-1.3.9/debian/patches/series
--- opendnssec-1.3.9/debian/patches/series	2012-09-18 09:27:50.000000000 +0200
+++ opendnssec-1.3.9/debian/patches/series	2012-11-27 14:35:11.000000000 +0100
@@ -2,3 +2,6 @@
 004-runas_opendnssec.patch
 005-rename_regress_for_autotest.patch
 009-ods-control.in_fixes.patch
+011-return_if_open_parse_of_zonelist.xml_fails.patch
+012-fix_RRSIGs_with_glue.patch
+013-fix_zone_delete_with_MySQL.patch

--- End Message ---

--- Begin Message ---

• To: Ondřej Surý <ondrej@debian.org>, 694542-done@bugs.debian.org
• Subject: Re: Bug#694542: unblock: opendnssec/1.3.9-3
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Tue, 15 Jan 2013 19:00:44 +0000
• Message-id: <1358276444.16752.1.camel@jacala.jungle.funky-badger.org>
• In-reply-to: <CALjhHG94igvDU=7aiX1t4GNxaPGB0CUzogN51YoRs68E4KtYZw@mail.gmail.com>
• References: <20121127135522.29420.81975.reportbug@localhost6.localdomain6> <1354048659.9783.10.camel@jacala.jungle.funky-badger.org> <CALjhHG8m-jjFxvpKhr9HMrJuoguhBWiXcQNgVPwXzFayKM7jxQ@mail.gmail.com> <1356738444.4281.18.camel@jacala.jungle.funky-badger.org> <CALjhHG94igvDU=7aiX1t4GNxaPGB0CUzogN51YoRs68E4KtYZw@mail.gmail.com>

On Tue, 2013-01-15 at 10:28 +0100, Ondřej Surý wrote:
> On Sat, Dec 29, 2012 at 12:47 AM, Adam D. Barratt
> <adam@adam-barratt.org.uk> wrote:
[...]
> >> > On Tue, 2012-11-27 at 14:55 +0100, Ondřej Surý wrote:
> >> >>  + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work
> >> > [...]
> >> > +    If you have created your database in version 1.3.9, you should run
> >> > +    following statement in your OpenDNSSEC MySQL database:
> >> > +
> >> > +        alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1;
[...]
> > This also means that all opendnssec users upgrading from squeeze will
> > potentially be presented with the prompt, which isn't an ideal upgrade
> > experience.
> 
> True. I have decided to remove the NEWS file, since the conditions of
> triggering this bug are rare (deleting all keys), and number people
> using MySQL with OpenDNSSEC is low. I just put the text to
> README.Debian, where it could happily live.
> 
> I will be uploading new version with those changes today.

-4 unblocked; thanks.

Regards,

Adam

--- End Message ---