Changeset View
Changeset View
Standalone View
Standalone View
contrib/ldns/Changelog
1.8.3 2022-08-15 | |||||
* bugfix #183: Assertion failure with OPT record without rdata. | |||||
This caused packet creation with only a DO bit (for DNSSEC OK) | |||||
to crash. Thanks Anand Buddhdev and others for reporting this | |||||
so quickly. | |||||
* Fix for syntax error in pyldns | |||||
1.8.2 2022-08-12 | |||||
* bugfix #147: Allow for tabs in whitespace before quoted rdata | |||||
fields. Thanks Felipe Gasper | |||||
* bugfix #149: Add some missing [out] annotations to doxygen | |||||
parameters. Thanks aldot. | |||||
* Fix build error on Solaris 10 with inet_ntop redeclaration error. | |||||
* Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan | |||||
* Enable compile of SVCB and HTTPS support by default. | |||||
* bugfix #179: Free line memory even if zone file parsing fails | |||||
Thanks Claudius Zingerli | |||||
* bugfix #166: Grow buffer when writing chars and fixed size | |||||
strings when converting to presentation format, preventing | |||||
potential assersion errors. | |||||
* bugfix #46: Print network errors when secure tracing. | |||||
Thanks reedjc | |||||
* EDNS0 Option handling and conversion into presentation format. | |||||
* bugfix #145: ldns-verify-zone should not call occluded records | |||||
glue. Thanks Habbie | |||||
1.8.1 2021-12-03 | |||||
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname | |||||
needs to larger. Thanks Leah Neukirchen & Felipe Gasper | |||||
* Undo PR#123 fix ldns.pc installation when building out-of-source | |||||
Thanks Axel Xu | |||||
1.8.0 2021-11-26 | |||||
* bugfix #38: Print "line" before line number when printing | |||||
zone parse errors. Thanks Petr Špaček. | |||||
* bugfix: Revert unused variables in ldns-config removal patch. | |||||
* bugfix #50: heap Out-of-bound Read vulnerability in | |||||
rr_frm_str_internal reported by pokerfacett. | |||||
* bugfix #51: Heap Out-of-bound Read vulnerability in | |||||
ldns_nsec3_salt_data reported by pokerfacett. | |||||
* Fix memory leak in examples/ldns-testns handle_tcp routine. | |||||
* Detect fixed time memory compare for openssl 0.9.8. | |||||
* Fix compile warning by variable initialisation for older gcc. | |||||
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not | |||||
available on tvOS. | |||||
* Fix for #93: fix packaging/libldns.pc Makefile rule. | |||||
* ZONEMD support in ldns-signzone and ldns-verify-zone | |||||
* ldns-testns can answer several queries over one tcp connection, | |||||
if they arrive within 100msec of each other. | |||||
* Fix so that ldns-testns does not leak sockets if the read fails. | |||||
* SVCB and HTTPS draft rrtypes. | |||||
Enable with --enable-rrtype-svcb-https. | |||||
* bugfix #117: Assertion failure with DNSSEC validating of | |||||
non existence of RR types at the root. Thanks ZjYwMj | |||||
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA | |||||
record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl | |||||
* bugfix #119: Let example tools read longer RR's than | |||||
LDNS_MAX_LINELEN | |||||
* Add SVCPARAMS to python ldns_rdf_type2str function. | |||||
* PR #134 Miscellaneous spelling fixes. Thanks jsoref! | |||||
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return | |||||
the $INCLUDE not implemented error. | |||||
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line | |||||
number for an empty line after a comment. | |||||
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2. | |||||
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname | |||||
compression optional when converting packets to wire format. | |||||
Thanks Eli Lindsey | |||||
* Option to ldns-keygen to create symlinks with known names | |||||
(i.e. without the key id) to the created files. | |||||
Thanks Andreas Schulze | |||||
* Fix #121: Correct handling of centimetres by LOC parser. | |||||
Thanks Felipe Gasper | |||||
* PR #126: Link with libldns.la in Makefile.in. | |||||
Thanks orbea | |||||
* PR #127: Added option -Q to drill to give short answer. | |||||
Thanks niknah | |||||
* PR #133: Update m4 files for python modules. | |||||
Thanks Petr Menšík | |||||
* Bufix CAA value fields may be empty: Thanks Robert Mortimer | |||||
* PR #108: Fix for ldns-compare-zones net detecting when first zone | |||||
has a RRset that shrinks from two to one RRs, or grows from one | |||||
to two RRs. Thanks Emilio Caballero | |||||
* Fix #131: Drill sig chasing breaks with gcc-11 and | |||||
strict-aliasing. Thanks Stanislav Levin | |||||
* Fix #130: Unless $TLL is defined, ttl defaults to the last | |||||
explicitly stated value. Thanks Benno | |||||
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc | |||||
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 | |||||
Thanks Daniel J. Luke | |||||
* Let ldns-signzone warn for high NSEC3 iteration counts. | |||||
Thanks Andreas Schulze | |||||
1.7.1 2019-07-26 | |||||
* bugfix: Manage verification paths for OpenSSL >= 1.1.0 | |||||
Thanks Marco Davids | |||||
* bugfix #4106: find the SDK on MacOS X <= 10.6 | |||||
Thanks Bill Cole | |||||
* bugfix #4155: ldns-config contains never used variables | |||||
Thanks Petr Menšík | |||||
* bugfix #4221: drill -x crashes with malformed IPv4 address | |||||
Thanks Oleksandr Tymoshenko | |||||
* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK | |||||
Thanks Tony Finch | |||||
* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences | |||||
Thanks Bill Parker | |||||
* bugfix #1260: Anticipate strchr returning NULL on unfound char | |||||
Thanks Stephan Zeisberg | |||||
* bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232) | |||||
Thanks Stephan Zeisberg | |||||
* bugfix #1256: Check parse limit before t increment (CVE-2017-1000231) | |||||
Thanks Stephan Zeisberg | |||||
* bugfix #1245: Only one signature per RRset needs to be valid with | |||||
ldns-verify-zone. Thanks Emil Natan. | |||||
* ldns-notify can use all supported hash algorithms with -y. | |||||
* bugfix #1209: make install ldns.pc file | |||||
Thanks Oleksandr Natalenko | |||||
* bugfix #1218: Only chase DS if signer is parent of owner. | |||||
Thanks Emil Natan | |||||
* bugfix #617: Retry WKS service and protocol names lower case. | |||||
Thanks Siali Yan | |||||
* Spelling errors in binaries and man pages | |||||
Thanks Andreas Schulze | |||||
* removed duplicate condition in ldns_udp_send_query. | |||||
* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails | |||||
and fix memory leak with more EDNS sections | |||||
Thanks Jan Vcelak | |||||
* bugfix #1399: ldns_pkt2wire() Python binding is broken. | |||||
Thanks James Raftery | |||||
* ED25519 and ED448 support. Default is to autodetect support in | |||||
OpenSSL. Disable with --disable-ed25519 and --disable-ed448. | |||||
* ldns-notify: can have IPv6 address as argument. | |||||
* Fix time sensitive TSIG compare vulnerability. | |||||
* Fix that ldns-testns ignores sigpipe. | |||||
* Fix that ldns-notify sets the query RR as question RR, this | |||||
removes the wrong TTL and 0 rdata from the packet printout. | |||||
* Allow -T flag to be used together with drill -x | |||||
* Python bindings compile with swig 4.0 | |||||
Thanks Jitka Plesníková | |||||
* bugfix #4248: drill -DT fails for CNAME domain | |||||
Thanks Thom Wiggers | |||||
* bugfix #4214: Various fixes and leaks found by coverity. | |||||
Thanks Petr Menšík | |||||
* Feature #3394: An -I option to ldns-notify to specify a source | |||||
IP address to send to notify from. Thanks Geert Hendrickx | |||||
* Bugfix #279: New API functions ldns_udp_connect2, | |||||
ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2, | |||||
that return -1 on failure and allow socket number 0 | |||||
to be returned too. Thanks Joerg Sonnenberger | |||||
* Bugfix #1447: More verbose reporting of chasing problems with | |||||
ldns-verify-zone. Thanks Stephane Guedon | |||||
* OpenSSL engine support with ldns-signzone. | |||||
See also https://penzin.net/ldns-signzone/ | |||||
Many thanks Vadim Penzin. | |||||
* Various improvements found with shellcheck. | |||||
Thanks Jeffrey Walton | |||||
* PR #36 Update manpage of ldns-notify to mention algorithm | |||||
support with TSIG. Thanks Anand Buddhdev | |||||
* Compile warnings with signed char input to to_lower() | |||||
and is_digit() with NetBSD. Thanks Håvard Eidnes | |||||
* Missing Makefile.PL in DNS-LDNS perl module contribution. | |||||
Thanks Jaap Akkerhuis | |||||
1.7.0 2016-12-20 | 1.7.0 2016-12-20 | ||||
* Fix lookup of relative names in ldns_resolver_search. | * Fix lookup of relative names in ldns_resolver_search. | ||||
* bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt | * bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt | ||||
* Follow CNAME's when tracing with drill (TODO dnssec trace) | * Follow CNAME's when tracing with drill (TODO dnssec trace) | ||||
* Fix #551 change Regent to Copyright holder in BSD license in | * Fix #551 change Regent to Copyright holder in BSD license in | ||||
some of the headings of the file, to match the opensource.org | some of the headings of the file, to match the opensource.org | ||||
BSD license. | BSD license. | ||||
* -e option makes ldns-compare-zones exit with status code 2 on difference | * -e option makes ldns-compare-zones exit with status code 2 on difference | ||||
▲ Show 20 Lines • Show All 84 Lines • ▼ Show 20 Lines | 1.7.0 2016-12-20 | ||||
* bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys. | * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys. | ||||
Thanks Harald Jenny | Thanks Harald Jenny | ||||
* bugfix #680: ldns fails to reject invalidly formatted | * bugfix #680: ldns fails to reject invalidly formatted | ||||
RFC 7553 URI RRs. Thanks Robert Edmonds | RFC 7553 URI RRs. Thanks Robert Edmonds | ||||
* bugfix #678: Use poll i.s.o. select to support > 1024 fds | * bugfix #678: Use poll i.s.o. select to support > 1024 fds | ||||
Thanks William King | Thanks William King | ||||
* Use OpenSSL DANE functions for verification (unless explicitly | * Use OpenSSL DANE functions for verification (unless explicitly | ||||
disabled with --disable-dane-ta-usage). | disabled with --disable-dane-ta-usage). | ||||
* Bumb .so version | * Bump .so version | ||||
* Include OPENPGPKEY RR type by default | * Include OPENPGPKEY RR type by default | ||||
* rdata processing for SMIMEA RR type | * rdata processing for SMIMEA RR type | ||||
* Fix crash in displaying TLSA RR's. | * Fix crash in displaying TLSA RR's. | ||||
Thanks Andreas Schulze | Thanks Andreas Schulze | ||||
* Update ldns-key2ds man page to mention GOST and SHA384 hash | * Update ldns-key2ds man page to mention GOST and SHA384 hash | ||||
functions. Thanks Harald Jenny | functions. Thanks Harald Jenny | ||||
* Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser | * Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser | ||||
* Clarify data ownership with consts for tsig parameters. | * Clarify data ownership with consts for tsig parameters. | ||||
▲ Show 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | * Compare names case insensitive with ldns_pkt_rr_list_by_name and | ||||
ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) | ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) | ||||
* A separate --enable for each draft RR type: --enable-rrtype-ninfo, | * A separate --enable for each draft RR type: --enable-rrtype-ninfo, | ||||
--enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and | --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and | ||||
--enable-rrtype-ta | --enable-rrtype-ta | ||||
* bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) | * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) | ||||
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza) | * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza) | ||||
* Adjust ldns_sha1() so that the input data is not modified (Thanks | * Adjust ldns_sha1() so that the input data is not modified (Thanks | ||||
Marc Buijsman) | Marc Buijsman) | ||||
* Messages to stderr are now off by default and can be reenabled with | * Messages to stderr are now off by default and can be re-enabled with | ||||
the --enable-stderr-msgs configure option. | the --enable-stderr-msgs configure option. | ||||
1.6.16 2012-11-13 | 1.6.16 2012-11-13 | ||||
* Fix Makefile to build pyldns with BSD make | * Fix Makefile to build pyldns with BSD make | ||||
* Fix typo in exporting b32_* symbols to make pyldns load again | * Fix typo in exporting b32_* symbols to make pyldns load again | ||||
* Allow leaving the RR owner name empty in ldns-testns datafiles. | * Allow leaving the RR owner name empty in ldns-testns datafiles. | ||||
* Fix fail to create NSEC3 bitmap for empty non-terminal (bug | * Fix fail to create NSEC3 bitmap for empty non-terminal (bug | ||||
introduced in 1.6.14). | introduced in 1.6.14). | ||||
Show All 12 Lines | 1.6.14 2012-10-23 | ||||
* bugfix #473: Dead code removal and resource leak fix in drill | * bugfix #473: Dead code removal and resource leak fix in drill | ||||
* bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too. | * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too. | ||||
* Various bugfixes from code reviews from CZ.NIC and Paul Wouters | * Various bugfixes from code reviews from CZ.NIC and Paul Wouters | ||||
* ldns-notify TSIG option argument checking | * ldns-notify TSIG option argument checking | ||||
* Let ldns_resolver_nameservers_randomize keep nameservers and rtt's | * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's | ||||
in sync. | in sync. | ||||
* Let ldns_pkt_push_rr now return false on (memory) errors. | * Let ldns_pkt_push_rr now return false on (memory) errors. | ||||
* Make buffer_export comply to documentation and fix buffer2str | * Make buffer_export comply to documentation and fix buffer2str | ||||
* Various improvements and fixes of pyldns from Katel Slany | * Various improvements and fixes of pyldns from Karel Slany | ||||
now documented in their own Changelog. | now documented in their own Changelog. | ||||
* bugfix: Make ldns_resolver_pop_nameserver clear the array when | * bugfix: Make ldns_resolver_pop_nameserver clear the array when | ||||
there was only one. | there was only one. | ||||
* bugfix #459: Remove ldns_symbols and export symbols based on regex | * bugfix #459: Remove ldns_symbols and export symbols based on regex | ||||
* bugfix #458: Track all newly created signatures when signing. | * bugfix #458: Track all newly created signatures when signing. | ||||
* bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given. | * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given. | ||||
* bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm. | * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm. | ||||
* pyldns memory handling fixes and the python3/ldns-signzone.py | * pyldns memory handling fixes and the python3/ldns-signzone.py | ||||
Show All 22 Lines | * fix ldns-verify-zone to allow NSEC3 signatures to come before | ||||
the NSEC3 RR in all cases. Thanks Wolfgang Nagele. | the NSEC3 RR in all cases. Thanks Wolfgang Nagele. | ||||
* Zero the correct flag (opt-out) when creating NSEC3PARAMS. | * Zero the correct flag (opt-out) when creating NSEC3PARAMS. | ||||
Thanks Peter van Dijk. | Thanks Peter van Dijk. | ||||
* Canonicalize RRSIG's Signer's name too when validating, because | * Canonicalize RRSIG's Signer's name too when validating, because | ||||
bind and unbound do that too. Thanks Peter van Dijk. | bind and unbound do that too. Thanks Peter van Dijk. | ||||
* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label | * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label | ||||
* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free | * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free | ||||
* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT | * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT | ||||
* bugfix #427: Explicitely link ssl with the programs that use it. | * bugfix #427: Explicitly link ssl with the programs that use it. | ||||
* Fix reading \DDD: Error on values that are outside range (>255). | * Fix reading \DDD: Error on values that are outside range (>255). | ||||
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified | * bugfix #429: fix doxyparse.pl fails on NetBSD because specified | ||||
path to perl. | path to perl. | ||||
* New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. | * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. | ||||
* fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. | * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. | ||||
Thanks John Barnitz | Thanks John Barnitz | ||||
1.6.12 2012-01-11 | 1.6.12 2012-01-11 | ||||
▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | * A new output specifier to accommodate configuration of what to show | ||||
an comment show the Key Tag of the DNSKEY. | an comment show the Key Tag of the DNSKEY. | ||||
* Fixed the ldns resolver to not mark a nameserver unreachable when | * Fixed the ldns resolver to not mark a nameserver unreachable when | ||||
edns0 is tried unsuccessfully with size 4096 (no return packet came), | edns0 is tried unsuccessfully with size 4096 (no return packet came), | ||||
but to still try TCP. A big UDP packet might have been corrupted by | but to still try TCP. A big UDP packet might have been corrupted by | ||||
fragments dropping firewalls. | fragments dropping firewalls. | ||||
* Update of libdns.vim (thanks Miek Gieben) | * Update of libdns.vim (thanks Miek Gieben) | ||||
* Added the ldnsx Python module to our contrib section, which adds even | * Added the ldnsx Python module to our contrib section, which adds even | ||||
more pythonisticism to the usage of ldns with Python. (Many thanks | more pythonisticism to the usage of ldns with Python. (Many thanks | ||||
to Christpher Olah and Paul Wouters) | to Christopher Olah and Paul Wouters) | ||||
The ldnsx module is automatically installed when --with-pyldns is | The ldnsx module is automatically installed when --with-pyldns is | ||||
used with configuring, but may explicitly be excluded with the | used with configuring, but may explicitly be excluded with the | ||||
--without-pyldnsx option to configure. | --without-pyldnsx option to configure. | ||||
* bugfix #410: Fix clearing out temporary data on stack in sha2.c | * bugfix #410: Fix clearing out temporary data on stack in sha2.c | ||||
* bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure. | * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure. | ||||
1.6.10 2011-05-31 | 1.6.10 2011-05-31 | ||||
* New example tool added: ldns-gen-zone. | * New example tool added: ldns-gen-zone. | ||||
Show All 11 Lines | * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit | ||||
performance) | performance) | ||||
* Better handling of reference variables in ldns_rr_new_frm_fp_l from | * Better handling of reference variables in ldns_rr_new_frm_fp_l from | ||||
pyldns, with a very nice generator function by Bedrich Kosata. | pyldns, with a very nice generator function by Bedrich Kosata. | ||||
* Decoupling of the rdfs in rrs in the python wrappers to enable | * Decoupling of the rdfs in rrs in the python wrappers to enable | ||||
the python garbage collector by Bedrich Kosata. | the python garbage collector by Bedrich Kosata. | ||||
* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at | * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at | ||||
build time and when used. | build time and when used. | ||||
* bugfix #383: Fix detection of empty nonterminals of multiple labels. | * bugfix #383: Fix detection of empty nonterminals of multiple labels. | ||||
* Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded | * Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded | ||||
names (in stead of just the ones that contain glue only) and all | names (in stead of just the ones that contain glue only) and all | ||||
occluded records on the delegation points (in stead of just the glue). | occluded records on the delegation points (in stead of just the glue). | ||||
* Clarify the operation of ldns_dnssec_mark_glue and the usage of | * Clarify the operation of ldns_dnssec_mark_glue and the usage of | ||||
ldns_dnssec_node_next_nonglue functions in the documentation. | ldns_dnssec_node_next_nonglue functions in the documentation. | ||||
* Added function ldns_dnssec_mark_and_get_glue as an real fast | * Added function ldns_dnssec_mark_and_get_glue as an real fast | ||||
alternative for ldns_zone_glue_rr_list. | alternative for ldns_zone_glue_rr_list. | ||||
* Fix parse buffer overflow for max length domain names. | * Fix parse buffer overflow for max length domain names. | ||||
* Fix Makefile for U in environment, since wrong U is more common than | * Fix Makefile for U in environment, since wrong U is more common than | ||||
▲ Show 20 Lines • Show All 166 Lines • ▼ Show 20 Lines | * Feature: Added period (e.g. '3m6d') support at explicit TTLs. | ||||
* Feature: DNSKEY rrset by default signed with minimal signatures | * Feature: DNSKEY rrset by default signed with minimal signatures | ||||
but -A option for ldns-signzone to sign it with all keys. | but -A option for ldns-signzone to sign it with all keys. | ||||
This makes the DNSKEY responses smaller for signed domains. | This makes the DNSKEY responses smaller for signed domains. | ||||
1.6.1 2009-09-14 | 1.6.1 2009-09-14 | ||||
* --enable-gost : use the GOST algorithm (experimental). | * --enable-gost : use the GOST algorithm (experimental). | ||||
* Added some missing options to drill manpage | * Added some missing options to drill manpage | ||||
* Some fixes to --without-ssl option | * Some fixes to --without-ssl option | ||||
* Fixed quote parsing withing strings | * Fixed quote parsing within strings | ||||
* Bitmask fix in EDNS handling | * Bitmask fix in EDNS handling | ||||
* Fixed non-fqdn domain name completion for rdata field domain | * Fixed non-fqdn domain name completion for rdata field domain | ||||
names of length 1 | names of length 1 | ||||
* Fixed chain validation with SHA256 DS records | * Fixed chain validation with SHA256 DS records | ||||
1.6.0 | 1.6.0 | ||||
Additions: | Additions: | ||||
* Addition of an ldns-config script which gives cflags and libs | * Addition of an ldns-config script which gives cflags and libs | ||||
▲ Show 20 Lines • Show All 90 Lines • ▼ Show 20 Lines | |||||
1.4.0 | 1.4.0 | ||||
Bug fixes: | Bug fixes: | ||||
* sig chase return code fix (patch from Rafael Justo, bug id 189) | * sig chase return code fix (patch from Rafael Justo, bug id 189) | ||||
* rdata.c memory leaks on error and allocation checks fixed (patch | * rdata.c memory leaks on error and allocation checks fixed (patch | ||||
from Shane Kerr, bug id 188) | from Shane Kerr, bug id 188) | ||||
* zone.c memory leaks on error and allocation checks fixed (patch | * zone.c memory leaks on error and allocation checks fixed (patch | ||||
from Shane Kerr, bug id 189) | from Shane Kerr, bug id 189) | ||||
* ldns-zplit output and error messages fixed (patch from Shane Kerr, | * ldns-zsplit output and error messages fixed (patch from Shane Kerr, | ||||
bug id 190) | bug id 190) | ||||
* Fixed potential buffer overflow in ldns_str2rdf_dname | * Fixed potential buffer overflow in ldns_str2rdf_dname | ||||
* Signing code no longer signs delegation NS rrsets | * Signing code no longer signs delegation NS rrsets | ||||
* Some minor configure/makefile updates | * Some minor configure/makefile updates | ||||
* Fixed a bug in the randomness initialization | * Fixed a bug in the randomness initialization | ||||
* Fixed a bug in the reading of resolv.conf | * Fixed a bug in the reading of resolv.conf | ||||
* Fixed a bug concerning whitespace in zone data (with patch from Ondrej | * Fixed a bug concerning whitespace in zone data (with patch from Ondrej | ||||
Sury, bug 213) | Sury, bug 213) | ||||
Show All 12 Lines | * ldns_rr_new_frm_str() now returns an error on missing RDATA fields. | ||||
there is now a function called ldns_rr_new_question_frm_str() | there is now a function called ldns_rr_new_question_frm_str() | ||||
LIBRARY FEATURES: | LIBRARY FEATURES: | ||||
* DS RRs string representation now add bubblebabble in a comment | * DS RRs string representation now add bubblebabble in a comment | ||||
(patch from Jakob Schlyter) | (patch from Jakob Schlyter) | ||||
* DLV RR type added | * DLV RR type added | ||||
* TCP fallback system has been improved | * TCP fallback system has been improved | ||||
* HMAC-SHA256 TSIG support has been added. | * HMAC-SHA256 TSIG support has been added. | ||||
* TTLS are now correcly set in NSEC(3) records when signing zones | * TTLS are now correctly set in NSEC(3) records when signing zones | ||||
EXAMPLE TOOLS: | EXAMPLE TOOLS: | ||||
* New example: ldns-revoke to revoke DNSKEYs according to RFC5011 | * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 | ||||
* ldns-testpkts has been fixed and updated | * ldns-testpkts has been fixed and updated | ||||
* ldns-signzone now has the option to not add the DNSKEY | * ldns-signzone now has the option to not add the DNSKEY | ||||
* ldns-signzone now has an (full zone only) opt-out option for | * ldns-signzone now has an (full zone only) opt-out option for | ||||
NSEC3 | NSEC3 | ||||
* ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys | * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys | ||||
▲ Show 20 Lines • Show All 58 Lines • ▼ Show 20 Lines | 1.3 | ||||
Contrib: | Contrib: | ||||
* new contrib/ dir with user contributions | * new contrib/ dir with user contributions | ||||
* added compilation script for solaris (thanks to Jakob Schlyter) | * added compilation script for solaris (thanks to Jakob Schlyter) | ||||
28 Nov 2007 1.2.2: | 28 Nov 2007 1.2.2: | ||||
* Added support for HMAC-MD5 keys in generator | * Added support for HMAC-MD5 keys in generator | ||||
* Added a new example tool (written by Ondrej Sury): ldns-compare-zones | * Added a new example tool (written by Ondrej Sury): ldns-compare-zones | ||||
* ldns-keygen now checks key sizes for rfc conformancy | * ldns-keygen now checks key sizes for rfc conformance | ||||
* ldns-signzone outputs SSL error if present | * ldns-signzone outputs SSL error if present | ||||
* Fixed manpages (thanks to Ondrej Sury) | * Fixed manpages (thanks to Ondrej Sury) | ||||
* Fixed Makefile for -j <x> | * Fixed Makefile for -j <x> | ||||
* Fixed a $ORIGIN error when reading zones | * Fixed a $ORIGIN error when reading zones | ||||
* Fixed another off-by-one error | * Fixed another off-by-one error | ||||
03 Oct 2007 1.2.1: | 03 Oct 2007 1.2.1: | ||||
* Fixed an offset error in rr comparison | * Fixed an offset error in rr comparison | ||||
▲ Show 20 Lines • Show All 61 Lines • ▼ Show 20 Lines | * Preliminary sha-256 support was added. Currently is your | ||||
OpenSSL supports it, it is supported in the DS creation. | OpenSSL supports it, it is supported in the DS creation. | ||||
* ldns_resolver_search was implemented | * ldns_resolver_search was implemented | ||||
* Fixed a lot of bugs | * Fixed a lot of bugs | ||||
Drill: | Drill: | ||||
* -r was killed in favor of -o <header bit mnemonic> which | * -r was killed in favor of -o <header bit mnemonic> which | ||||
allows for a header bits setting (and maybe more in the | allows for a header bits setting (and maybe more in the | ||||
future) | future) | ||||
* DNSSEC is never automaticaly set, even when you query | * DNSSEC is never automatically set, even when you query | ||||
for DNSKEY/RRSIG or DS. | for DNSKEY/RRSIG or DS. | ||||
* Implement a crude RTT check, it now distinguishes between | * Implement a crude RTT check, it now distinguishes between | ||||
reachable and unreachable. | reachable and unreachable. | ||||
* A form of secure tracing was added | * A form of secure tracing was added | ||||
* Secure Chasing has been improved | * Secure Chasing has been improved | ||||
* -x does a reverse lookup for the given IP address | * -x does a reverse lookup for the given IP address | ||||
Examples: | Examples: | ||||
* ldns-dpa was added to the examples - this is the Dns Packet | * ldns-dpa was added to the examples - this is the Dns Packet | ||||
Analyzer tool. | Analyzer tool. | ||||
* ldnsd - as very, very simple nameserver impl. | * ldnsd - as very, very simple nameserver impl. | ||||
* ldns-zsplit - split zones for parrallel signing | * ldns-zsplit - split zones for parallel signing | ||||
* ldns-zcat - cat split zones back together | * ldns-zcat - cat split zones back together | ||||
* ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, | * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, | ||||
non-DNSSEC) anti-spoofing techniques. | non-DNSSEC) anti-spoofing techniques. | ||||
* ldns-walk - 'Walks' a DNSSEC signed zone | * ldns-walk - 'Walks' a DNSSEC signed zone | ||||
* Added an all-static target to the makefile so you can use examples | * Added an all-static target to the makefile so you can use examples | ||||
without installing the library | without installing the library | ||||
* When building in the source tree or in a direct subdirectory of | * When building in the source tree or in a direct subdirectory of | ||||
the build dir, configure does not need --with-ldns=../ anymore | the build dir, configure does not need --with-ldns=../ anymore | ||||
Code: | Code: | ||||
* All networking code was moved to net.c | * All networking code was moved to net.c | ||||
* rdata.c: added asserts to the rdf set/get functions | * rdata.c: added asserts to the rdf set/get functions | ||||
* const keyword was added to pointer arguments that | * const keyword was added to pointer arguments that | ||||
aren't changed | aren't changed | ||||
API: | API: | ||||
Changed: | Changed: | ||||
* renamed ldns/dns.h to ldns/ldns.h | * renamed ldns/dns.h to ldns/ldns.h | ||||
* ldns_rr_new_frm_str() is extented with an extra variable which | * ldns_rr_new_frm_str() is extended with an extra variable which | ||||
in common use may be NULL. This trickles through to: | in common use may be NULL. This trickles through to: | ||||
o ldns_rr_new_frm_fp | o ldns_rr_new_frm_fp | ||||
o ldns_rr_new_frm_fp_l | o ldns_rr_new_frm_fp_l | ||||
Which also get an extra variable | Which also get an extra variable | ||||
Also the function has been changed to return a status message. | Also the function has been changed to return a status message. | ||||
The compiled RR is returned in the first argument. | The compiled RR is returned in the first argument. | ||||
* ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are | * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are | ||||
changed to return a status msg. | changed to return a status msg. | ||||
Show All 24 Lines | 7 Jul 2006: 1.1.0: ldns-team | ||||
Removed: | Removed: | ||||
* ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now | * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now | ||||
* ldns_udp_server_connect(): was faulty and isn't really part of | * ldns_udp_server_connect(): was faulty and isn't really part of | ||||
the core ldns idea any how. | the core ldns idea any how. | ||||
* ldns_rr_list_insert_rr(): obsoleted, because not used. | * ldns_rr_list_insert_rr(): obsoleted, because not used. | ||||
* char *_when was removed from the ldns_pkt structure | * char *_when was removed from the ldns_pkt structure | ||||
18 Oct 2005: 1.0.0: ldns-team | 18 Oct 2005: 1.0.0: ldns-team | ||||
* Commited a patch from Håkan Olsson | * Committed a patch from Håkan Olsson | ||||
* Added UPDATE support (Jakob Schlyter and Håkan Olsson) | * Added UPDATE support (Jakob Schlyter and Håkan Olsson) | ||||
* License change: ldns is now BSD licensed | * License change: ldns is now BSD licensed | ||||
* ldns now depends on SSL | * ldns now depends on SSL | ||||
* Networking code cleanup, added (some) server udp/tcp support | * Networking code cleanup, added (some) server udp/tcp support | ||||
* A zone type is introduced. Currently this is a list | * A zone type is introduced. Currently this is a list | ||||
of RRs, so it will not scale well. | of RRs, so it will not scale well. | ||||
* [beta] Zonefile parsing was added | * [beta] Zonefile parsing was added | ||||
* [tools] Drill was added to ldns - see drill/ | * [tools] Drill was added to ldns - see drill/ | ||||
Show All 16 Lines | 20 Jun 2005: 0.66: ldns-team | ||||
not in 0.65 | not in 0.65 | ||||
* dnssec_cd bit function was added | * dnssec_cd bit function was added | ||||
* Zone infrastructure was added | * Zone infrastructure was added | ||||
* Usual fixes in documentation and code | * Usual fixes in documentation and code | ||||
13 Jun 2005: 0.65: ldns-team | 13 Jun 2005: 0.65: ldns-team | ||||
* Repository is online at: | * Repository is online at: | ||||
http://www.nlnetlabs.nl/ldns/svn/ | http://www.nlnetlabs.nl/ldns/svn/ | ||||
* Apply reference copying throuhgout ldns, except in 2 | * Apply reference copying throughout ldns, except in 2 | ||||
places in the ldns_resolver structure (._domain and | places in the ldns_resolver structure (._domain and | ||||
._nameservers) | ._nameservers) | ||||
* Usual array of bugfixes | * Usual array of bugfixes | ||||
* Documentation added | * Documentation added | ||||
* keygen.c added as an example for DNSSEC programming | * keygen.c added as an example for DNSSEC programming | ||||
23 May 2005: 0.60: ldns-team | 23 May 2005: 0.60: ldns-team | ||||
* Removed config.h from the header installed files | * Removed config.h from the header installed files | ||||
(you're not supposed to include that in a libary) | (you're not supposed to include that in a library) | ||||
* Further tweaking | * Further tweaking | ||||
- DNSSEC signing/verification works | - DNSSEC signing/verification works | ||||
- Assorted bug fixes and tweaks (memory management) | - Assorted bug fixes and tweaks (memory management) | ||||
May 2005: 0.50: ldns-team | May 2005: 0.50: ldns-team | ||||
* First usable release | * First usable release | ||||
* Basic DNS functionality works | * Basic DNS functionality works | ||||
* DNSSEC validation works | * DNSSEC validation works |