Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package opendnssec Hi, please unblock opendnssec, I have included couple of critical upstream fixes (after consulation with upstream). + OPENDNSSEC-303: ods-ksmutil update zonelist will delete all zones if unable to open/parse zonelist.xml + OPENDNSSEC-282: RRSIGs are left in the signed zone when authoritative RRsets become glue. + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work Debdiff attached (and reasonably small). unblock opendnssec/1.3.9-3 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru opendnssec-1.3.9/debian/changelog opendnssec-1.3.9/debian/changelog --- opendnssec-1.3.9/debian/changelog 2012-09-18 09:27:50.000000000 +0200 +++ opendnssec-1.3.9/debian/changelog 2012-11-27 14:35:11.000000000 +0100 @@ -1,3 +1,15 @@ +opendnssec (1:1.3.9-3) unstable; urgency=low + + * Pull couple of critical upstream fixes: + + OPENDNSSEC-303: for ods-ksmutil update zonelist will delete all + zones if unable to open/parse zonelist.xml + + OPENDNSSEC-282: RRSIGs are left in the signed zone when + authoritative RRsets become glue. + + OPENDNSSEC-338: ods-ksmutil zone delete --all does not work + + + -- Ondřej Surý <ond...@debian.org> Tue, 27 Nov 2012 14:26:11 +0100 + opendnssec (1:1.3.9-2) unstable; urgency=low * Replace documentation directory with symlink. (Courtesy of Salvatore diff -Nru opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS --- opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS 1970-01-01 01:00:00.000000000 +0100 +++ opendnssec-1.3.9/debian/opendnssec-enforcer-mysql.NEWS 2012-11-27 14:35:11.000000000 +0100 @@ -0,0 +1,15 @@ +opendnssec (1:1.3.9-3) unstable; urgency=low + + * Previous versions of OpenDNSSEC had an invalid foreign key in the + MySQL database, which causes issues when deleting --all zones from + KASP database. + + If you have created your database in version 1.3.9, you should run + following statement in your OpenDNSSEC MySQL database: + + alter table dnsseckeys drop foreign key dnsseckeys_ibfk_1; + + For more information see: + https://issues.opendnssec.org/browse/OPENDNSSEC-338 + + -- Ondřej Surý <ond...@debian.org> Tue, 27 Nov 2012 14:26:47 +0100 diff -Nru opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch --- opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch 1970-01-01 01:00:00.000000000 +0100 +++ opendnssec-1.3.9/debian/patches/011-return_if_open_parse_of_zonelist.xml_fails.patch 2012-11-27 14:35:11.000000000 +0100 @@ -0,0 +1,26 @@ +--- a/enforcer/utils/ksmutil.c ++++ b/enforcer/utils/ksmutil.c +@@ -1294,9 +1294,11 @@ cmd_listzone () + xmlFreeTextReader(reader); + if (ret != 0) { + printf("%s : failed to parse\n", zonelist_filename); ++ return 1; + } + } else { + printf("Unable to open %s\n", zonelist_filename); ++ return 1; + } + + /* Allocate space for the list of zone IDs */ +@@ -4710,9 +4712,11 @@ int update_zones(char* zone_list_filenam + xmlFreeTextReader(reader); + if (ret != 0) { + printf("%s : failed to parse\n", zone_list_filename); ++ return 1; + } + } else { + printf("Unable to open %s\n", zone_list_filename); ++ return 1; + } + + /* Allocate space for the list of zone IDs */ diff -Nru opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch --- opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch 1970-01-01 01:00:00.000000000 +0100 +++ opendnssec-1.3.9/debian/patches/012-fix_RRSIGs_with_glue.patch 2012-11-27 14:35:11.000000000 +0100 @@ -0,0 +1,18 @@ +--- a/signer/src/signer/domain.c ++++ b/signer/src/signer/domain.c +@@ -1,5 +1,5 @@ + /* +- * $Id: domain.c 4975 2011-04-19 11:54:20Z matthijs $ ++ * $Id: domain.c 6448 2012-06-20 11:57:01Z matthijs $ + * + * Copyright (c) 2009 NLNet Labs. All rights reserved. + * +@@ -963,7 +963,7 @@ domain_print(FILE* fd, domain_type* doma + */ + if (print_glue && (rrset->rr_type == LDNS_RR_TYPE_A || + rrset->rr_type == LDNS_RR_TYPE_AAAA)) { +- rrset_print(fd, rrset, 0); ++ rrset_print(fd, rrset, 1); + } + } else { + rrset_print(fd, rrset, 0); diff -Nru opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch --- opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch 1970-01-01 01:00:00.000000000 +0100 +++ opendnssec-1.3.9/debian/patches/013-fix_zone_delete_with_MySQL.patch 2012-11-27 14:35:11.000000000 +0100 @@ -0,0 +1,23 @@ +--- a/enforcer/utils/database_create.sqlite3 ++++ b/enforcer/utils/database_create.sqlite3 +@@ -114,8 +114,6 @@ create table dnsseckeys ( + retire varchar(64) null default null, -- time when the key retires + dead varchar(64) null default null, -- time when key is slated for removal + +- +- foreign key (zone_id) references zones (id), + foreign key (keypair_id) references keypairs (id) + ); + +--- a/enforcer/utils/database_create.mysql ++++ b/enforcer/utils/database_create.mysql +@@ -125,8 +125,7 @@ create table dnsseckeys ( + dead timestamp null default null, # time when key is slated for removal + + constraint primary key (id), +- constraint foreign key (zone_id) references zones (id), +- constraint foreign key (keypair_id) references keypairs (id) ++ constraint dnsseckeys_keypairs_id foreign key (keypair_id) references keypairs (id) + )ENGINE=InnoDB; + + # parameters_policies - join table to hold the values of parameters diff -Nru opendnssec-1.3.9/debian/patches/series opendnssec-1.3.9/debian/patches/series --- opendnssec-1.3.9/debian/patches/series 2012-09-18 09:27:50.000000000 +0200 +++ opendnssec-1.3.9/debian/patches/series 2012-11-27 14:35:11.000000000 +0100 @@ -2,3 +2,6 @@ 004-runas_opendnssec.patch 005-rename_regress_for_autotest.patch 009-ods-control.in_fixes.patch +011-return_if_open_parse_of_zonelist.xml_fails.patch +012-fix_RRSIGs_with_glue.patch +013-fix_zone_delete_with_MySQL.patch