$Id$
OpenDNSSEC 1.0a5 - 2009-09-21
Features:
* support %zonefile expansion in the signer engine NotifyCommand
Bugfixes:
* Read correctly from the kasp.xml
* Correctly discover Empty Non-Terminals when reading input zonefile
* Don't error on space-only lines in input zonefile
OpenDNSSEC 1.0a4 - 2009-09-10
Features:
* warn (by sending a message to the log) about:
- impending key rollover
- Rollover occurrance
- when it is safe to remove a DS record
* add export of DNSKEY and DS records to ksmutil
* add configure option '--disable-auditor' to disable building the auditor
* Added tag to kasp.xml; this allows automatic rollovers
to be turned off in a policy for either keytype.
* Changes to the KASP DB, please apply:
If want to use your old DB:
sqlite3 < enforcer/utils/migrate_090901_1.sqlite3
Or start fresh (with loss of information. User should remove old keys from the HSM):
ksmutil setup
Bugfixes:
* "signer_engine_cli clear " dont crash on missing files anymore
and removes all internal files now
* Bugreport #18, #19: Fix segfault at nseccer, nsec3er or finalizer when
handling large zones.
* Signer Engine starts correctly (problem was python 2.4, not RHEL5).
OpenDNSSEC 1.0a3 - 2009-08-26
Features:
* ksmutil import key implemented for importing key ID of existing keys
* "hsmspeed" will test the speed of the HSM.
* "hsmutil test" will test the HSM against OpenDNSSEC.
* Changes to the KASP DB, please apply:
If want to use your old DB:
sqlite3 < enforcer/utils/migrate_090820_1.sqlite3
Or start fresh (with loss of information. User should remove old keys from the HSM):
ksmutil setup
Bugfixes:
* Better display of null backups (i.e. backup required) in ksmutil list
* Don't show historical rollovers in ksmutil list
* Fix key counting routines so that they all agree
* Missing SQLite includes in the Enforcer
Known bugs:
* Signer Engine not starting correctly in RHEL5.
Use "signer_engine -d" for now
* "signer_engine_cli clear " crashes on missing files
OpenDNSSEC 1.0a2 - 2009-08-14
Features:
* conf.xml format changed
* Read the default path to kasp.xml from conf.xml
* libksm integrated into enforcer (and no longer installed)
* Dropping privileges as specified
* Option to specify that a key from a specific repository
should not be used if it has not been backed up
* ksmutil backup done, to signal that the keys are backed up
* KASP Auditor should now function properly
* A quick start script is available
* XSLT to translate KASP into readable text (HTML)
* Changes to the KASP DB, please apply:
If want to use your old DB:
sqlite3 < enforcer/utils/migrate_090812_1.sqlite3
sqlite3 < enforcer/utils/migrate_090813_1.sqlite3
Or start fresh (with loss of information):
ksmutil setup
Bugfixes:
* Signer Engine can now read standard bind format correctly
* make install creates an incorrectly named directory
* ksmutil addzone defaults to wrong path
* SoftHSM links libsofthsm to build directory
* libksm install problem when builddir == srcdir
* Missing include of header file in SoftHSM
* Text about a problem with Botan on some systems.
OpenDNSSEC 1.0a1 - 2009-07-30
* Initial release (aka "Technology Preview")