---
- branch: MAIN
  date: Sat Jul 16 19:49:07 UTC 2016
  files:
  - new: '1.58'
    old: '1.57'
    path: pkgsrc/security/opendnssec/Makefile
    pathrev: pkgsrc/security/opendnssec/Makefile@1.58
    type: modified
  - new: '1.34'
    old: '1.33'
    path: pkgsrc/security/opendnssec/distinfo
    pathrev: pkgsrc/security/opendnssec/distinfo@1.34
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/security/opendnssec/patches/patch-signer_src_signer_ixfr.c
    pathrev: pkgsrc/security/opendnssec/patches/patch-signer_src_signer_ixfr.c@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/security/opendnssec/patches/patch-signer_src_signer_zone.c
    pathrev: pkgsrc/security/opendnssec/patches/patch-signer_src_signer_zone.c@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/security/opendnssec/patches/patch-signer_src_wire_query.c
    pathrev: pkgsrc/security/opendnssec/patches/patch-signer_src_wire_query.c@1.1
    type: added
  id: 20160716T194907Z.e591b9ba30ab1ba19fa4486e2d27a226549d40a0
  log: |
    Add a couple of patches I have been using with opendnssec in our
    installation:
     * Log the zone before triggering the "part->soamin" assert.
       We've seen this fire with older versions, but it's a while
       since I saw it happen.  This is to provide more debugging info
       should it fire.
     * If an .ixfr journal file is detected as "corrupted", rename it
       to <zone>.ixfr-bad instead of unlinking it, which would leave
       no trace of OpenDNSSEC's own wrongdoing.
     * If the signer is exposed, avoid a potential DoS vector with a
       crafted message.
    Bump PKGREVISION.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/opendnssec'
  unixtime: '1468698547'
  user: he