Subject: CVS commit: pkgsrc/security/p5-Net-DNS-SEC
To: None <pkgsrc-changes@NetBSD.org>
From: Klaus Heinz <heinz@netbsd.org>
List: pkgsrc-changes
Date: 05/17/2007 17:30:21
Module Name:	pkgsrc
Committed By:	heinz
Date:		Thu May 17 17:30:21 UTC 2007

Modified Files:
	pkgsrc/security/p5-Net-DNS-SEC: Makefile distinfo

Log Message:
Updated to version 0.14.

Pkgsrc changes:
  - Added support for installation to DESTDIR.
  - p5-Digest-SHA is a new requirement.

Changes since version 0.12:
===========================
0.14 February 14, 2005

   FIX: The introducion of the keytag warning triggered a bug with RSAMD5
        keys, causing RSAMD5 keys not to be loaded.

0.13 December 9, 2005

   FEAT: rt.cpan.org 14588
        Added support for passing (a reference to) an array of keys to the
	RRSIG verify function.

   FIX/FEAT:
	The Net::DNS::SEC::Private function will for RSA based keys verify if
	the keytag in the filename is actually correct.
	Since at parsing the value of the DNSKEY RR flags is not known we
	test against the currently defined flag values 256 and 257.

	If we cannot find a keytag match a warning is printed and Private
	key generation fails

        This inconsistency was spotted by Jakob Shlyter.

   FEAT: Added support for SHA256 to the DS RR. Assigned the expected
        digest type2 for SHA256 type hashes.

        Note that this makes the Net::DNS::SEC depend on Digest::SHA instead
        of Digest::SHA1.

        The default digest type is still set to 1.

        NB. The code makes assumptions about the IANA assignment of the
            digest type. The assignment may change. Do not use SHA256 in
	    production zones!!

   FIX: rt.cpan.org #15662
	Roy Arends noticed and patched the label counting did not ignore
        an initial asterisk label.

   FIX: Wes Hardaker noticed the default TTL values for created signatures to
        be different from the TTLs from the data that is being signed.

   FIX: Wes Hardaker reported there was a problem with validating
        RRsets that had ownernames with capitals.
	The fix depends on a fix in Net::DNS::RR that is available in
	version 0.53_03 or later of the Net::DNS distribution.

  FEAT: Propper dealing with mnemonics for algorithm and digest type
	added to DS

  FIX/FEAT: Mnemonics were written as RSA/MD5 and RSA/SHA1. This has been
        corrected tp RSASHA1 and RSAMD5, as in the IANA registry.

0.12_02 June 6, 2005 (beta 2 release for 0.13)

   Bug: new_from_hash would not correctly create the RR since internally
	typebm is used to store the data this has been fixed so that
        the following works

        Net::DNS::RR->new(name=>$name,
                    ttl=>$ttl,
                    type=>"NSEC",
                    nxtdname=>$nxtdname,
                    typelist=>join(" ",@types)
                   );

   FEAT: Introduced the "use bytes" pragma to force character interpretation
         of all the scalars. Any utf processing by perl makes the code behave
         unpredictable.

0.12_01 April 18, 2005. (beta release for version 0.13)

   FEAT (!!!): Changed the symantics of the Net::DNS::Keyset::verify method.
	 Read the perldoc for details. The requirement that each key in a
         keyset has to be selfsigned has been loosened.

   FEAT: Added a "carp" to the new methods of the NXT RR. Warning that
	 that record is depricated.

   FEAT: Cleaned the tests so that RRSIG and DNSKEY are used except for
         SIG0 based tests.

   FEAT: Changed the name of the siginceptation[SIC] to siginception.
	 Thanks Jakob Schlyter for notifying me of this mistyping.
	 An alias for the method remains available.

   FEAT: Renamed unset_sep() to clear_sep().

   NOTE: To avoid confusion the Net::DNS::SIG::Private class has been
         removed. Use Net::DNS::SEC::Private!

   DOC:  Added references to RFC 4033, RFC 4034 and RFC 4035. Rewrote parts
         of the perlpod.


To generate a diff of this commit:
cvs rdiff -r1.14 -r1.15 pkgsrc/security/p5-Net-DNS-SEC/Makefile
cvs rdiff -r1.3 -r1.4 pkgsrc/security/p5-Net-DNS-SEC/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.