Sync from SUSE:ALP:Source:Standard:1.0 ldns revision 4ade6950c3506913fe41fb4d3617b83c
This commit is contained in:
commit
b3edeffe48
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
BIN
ldns-1.8.3.tar.gz
(Stored with Git LFS)
Normal file
BIN
ldns-1.8.3.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
ldns-1.8.3.tar.gz.asc
Normal file
16
ldns-1.8.3.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAmL6IjQACgkQ5fj4IS93
|
||||
pJhiJA//eHb2+DVUz4StIrTwfCd5VSe0xETUkg2m3qfUT+7+blf/w+8aRzN6dwhQ
|
||||
bs44URFgmpy2dKUlC9Q2sCKX5RxLFI/8JnXWenaofIw/n320F0YhBN/kewH+8YTN
|
||||
KN9CMFbEsAR1ortzPPsM4r56JeHgcTwEwwIhYX+WaC9n6QMqk7pJVC+B6vrW1Gjc
|
||||
7loZ0vD1CeLSTKZrt9aknlQEjBe0CSpCAVOBlrh/fPghv9p0slIq6Ovol6Kt2w88
|
||||
OeheBWf6g/Ll4g1ke41VE40e3SETW5KxHsxyIuhUltaUyJHzpmrGac6ydoctipzT
|
||||
nJzwPA9PUIt+dX2qOKlUDD7PwRIGqmOG1pV6x0wz7eJq7tIjPgxgNk+xF2rTKjyt
|
||||
m3bRGgBOzYf0raOE1yGtnyanAtI9BK6HbsaEuLxsZswzNWByZ9Fgp5sOK5iTswQO
|
||||
xl2nhH9chyf0ktxbHvla6zZIi/Jj1mAumiZbkWUg6LHnIORYOqdeKByCg/aFHuNX
|
||||
t7IDpO9VL+EPdrrhnynX+JDRbAxxarQAYqOsi+ARWyygQ0tON+UyxJ2vtEoFQFhG
|
||||
LMQoal2h9mohYl5pJoWigsnPKdN4JMIhyxEyAS5HreDoeB8YX8x64cuvySVkUlyr
|
||||
Qi7eByrJuyw9YdWt8iWOO6chokzw9S3jOyuYiKH/G9cqMDpRgAY=
|
||||
=lSAh
|
||||
-----END PGP SIGNATURE-----
|
450
ldns.changes
Normal file
450
ldns.changes
Normal file
@ -0,0 +1,450 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 2 19:37:42 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
||||
|
||||
- use HTTPS URLs for URL and Source
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 15 19:23:59 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
||||
|
||||
- new version 1.8.3
|
||||
+ 1.8.3 2022-08-15
|
||||
* bugfix #183: Assertion failure with OPT record without rdata.
|
||||
This caused packet creation with only a DO bit (for DNSSEC OK) to crash.
|
||||
* Fix for syntax error in pyldns
|
||||
+ 1.8.2 2022-08-12
|
||||
* bugfix #147: Allow for tabs in whitespace before quoted rdata fields.
|
||||
* bugfix #149: Add some missing [out] annotations to doxygen parameters.
|
||||
* Fix build error on Solaris 10 with inet_ntop redeclaration error.
|
||||
* Fix -U flag with ldns-signzone.
|
||||
* Enable compile of SVCB and HTTPS support by default.
|
||||
* bugfix #179: Free line memory even if zone file parsing fails
|
||||
* bugfix #166: Grow buffer when writing chars and fixed size
|
||||
strings when converting to presentation format, preventing
|
||||
potential assersion errors.
|
||||
* bugfix #46: Print network errors when secure tracing.
|
||||
* EDNS0 Option handling and conversion into presentation format.
|
||||
* bugfix #145: ldns-verify-zone should not call occluded records glue.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 3 18:15:35 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||||
|
||||
- new version 1.8.1
|
||||
+ 1.8.1 2021-12-03
|
||||
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
|
||||
needs to larger.
|
||||
* Undo PR#123 fix ldns.pc installation when building out-of-source
|
||||
+ 1.8.0 2021-11-26
|
||||
* bugfix #38: Print "line" before line number when printing
|
||||
zone parse errors. Thanks Petr Špaček.
|
||||
* bugfix: Revert unused variables in ldns-config removal patch.
|
||||
* bugfix #50: heap Out-of-bound Read vulnerability in
|
||||
rr_frm_str_internal reported by pokerfacett.
|
||||
(bsc#1195057, CVE-2020-19860)
|
||||
* bugfix #51: Heap Out-of-bound Read vulnerability in
|
||||
ldns_nsec3_salt_data reported by pokerfacett.
|
||||
(bsc#1195058, CVE-2020-19861)
|
||||
* Fix memory leak in examples/ldns-testns handle_tcp routine.
|
||||
* Detect fixed time memory compare for openssl 0.9.8.
|
||||
* Fix compile warning by variable initialisation for older gcc.
|
||||
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
|
||||
available on tvOS.
|
||||
* Fix for #93: fix packaging/libldns.pc Makefile rule.
|
||||
* ZONEMD support in ldns-signzone and ldns-verify-zone
|
||||
* ldns-testns can answer several queries over one tcp connection,
|
||||
if they arrive within 100msec of each other.
|
||||
* Fix so that ldns-testns does not leak sockets if the read fails.
|
||||
* SVCB and HTTPS draft rrtypes.
|
||||
Enable with --enable-rrtype-svcb-https.
|
||||
* bugfix #117: Assertion failure with DNSSEC validating of
|
||||
non existence of RR types at the root. Thanks ZjYwMj
|
||||
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
|
||||
record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
|
||||
* bugfix #119: Let example tools read longer RR's than
|
||||
LDNS_MAX_LINELEN
|
||||
* Add SVCPARAMS to python ldns_rdf_type2str function.
|
||||
* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
|
||||
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
|
||||
the $INCLUDE not implemented error.
|
||||
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
|
||||
number for an empty line after a comment.
|
||||
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
|
||||
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
|
||||
compression optional when converting packets to wire format.
|
||||
Thanks Eli Lindsey
|
||||
* Option to ldns-keygen to create symlinks with known names
|
||||
(i.e. without the key id) to the created files.
|
||||
Thanks Andreas Schulze
|
||||
* Fix #121: Correct handling of centimetres by LOC parser.
|
||||
Thanks Felipe Gasper
|
||||
* PR #126: Link with libldns.la in Makefile.in.
|
||||
Thanks orbea
|
||||
* PR #127: Addes option -Q to drill to give short answer.
|
||||
Thanks niknah
|
||||
* PR #133: Update m4 files for python modules.
|
||||
Thanks Petr Menšík
|
||||
* Bufix CAA value fields may be empty: Thanks Robert Mortimer
|
||||
* PR #108: Fix for ldns-compare-zones net detecting when first zone
|
||||
has a RRset that shrinks from two to one RRs, or grows from one
|
||||
to two RRs. Thanks Emilio Caballero
|
||||
* Fix #131: Drill sig chasing breaks with gcc-11 and
|
||||
strict-aliasing. Thanks Stanislav Levin
|
||||
* Fix #130: Unless $TLL is defined, ttl defaults to the last
|
||||
explicitly stated value. Thanks Benno
|
||||
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
|
||||
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
|
||||
Thanks Daniel J. Luke
|
||||
* Let ldns-signzone warn for high NSEC3 iteration counts.
|
||||
Thanks Andreas Schulze
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 6 10:24:54 UTC 2019 - Ludwig Nussel <lnussel@suse.de>
|
||||
|
||||
- new version 1.7.1
|
||||
https://open.nlnetlabs.nl/pipermail/ldns-users/2019-July/000946.html
|
||||
* Support for DNSSEC algorithms ED25519 and ED448
|
||||
when compiled with OpenSSL 1.1.1
|
||||
* An -I option to ldns-notify to specify a source IP address
|
||||
to send to notify from.
|
||||
* Complete OpenSSL engine support with ldns-signzone
|
||||
contributed by Vadim Penzin
|
||||
* security fixes CVE-2017-1000231 (boo#1068711), CVE-2017-1000232 (boo#1068709)
|
||||
* includes ldns-swig4.0.patch
|
||||
- add keyring and signature
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 7 14:18:17 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Add ldns-swig4.0.patch: Fix build wih SWIG 4.0 (boo#1135750).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 8 10:08:13 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Switch directly to python3 in order for us to proceed with py2
|
||||
obsoletion for future releases
|
||||
* Upstream sadly can build only against one of the two
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 16 14:17:03 UTC 2017 - vcizek@suse.com
|
||||
|
||||
- disable DANE verification when building with openssl < 1.1 to fix
|
||||
build on distributions that have openssl 1.0.x
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Aug 27 20:46:30 UTC 2017 - jengelh@inai.de
|
||||
|
||||
- Update descriptions.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 18 10:57:32 UTC 2017 - pmonrealgonzalez@suse.com
|
||||
|
||||
- Update to version 1.7.0
|
||||
* Ldns built with openssl-1.1.0 [bsc#1042653]
|
||||
* Fix #551 change Regent to Copyright holder in BSD license in some of
|
||||
the headings of the file, to match the opensource.org BSD license.
|
||||
* -e option makes ldns-compare-zones exit with status code 2 on difference
|
||||
* Filter out specified RR types with ldns-read-zone -e and -E options
|
||||
* bugfix #563: Correct DNSKEY from DSA private key.
|
||||
* bugfix #562: ldns-keygen match DSA key maximum size with library.
|
||||
And check keysizes with all algorithms.
|
||||
* ldns-verify-zone accepts only one single zonefile as argument.
|
||||
* bugfix #573: ldns-keygen write private keys with mode 0600.
|
||||
* Fix configure to make ldns compile with LibreSSL 2.0
|
||||
* drill now also accepts dig style -y option
|
||||
(-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
|
||||
* OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
|
||||
* bugfix #608: Correct comment about escaped characters
|
||||
* CDS and CDNSKEY rr type from RFC 7344. --enable-rrtype-cds configure
|
||||
option removed
|
||||
* fix: Memory leak in ldns_pkt_rr_list_by_name()
|
||||
* fix: Memory leak in ldns_dname2buffer_wire_compress()
|
||||
* bugfix #613: Allow tab as whitespace too in last rdata field of types
|
||||
of variable length.
|
||||
* bugfix: strip trailing whitespace from $ORIGIN lines in zone files
|
||||
* Let ldns-keygen output .ds files only for KSK keys
|
||||
* Parse RFC7218 TLSA mnemonics, but do not output them
|
||||
* Let ldns-dane use SPKI as the default selector i.s.o. Cert
|
||||
* bugfix: Fit left over NSEC3s once more before adding empty non terminals
|
||||
* bugfix #605: Determine default trust anchor location at compile time
|
||||
* bugfix #697: Double free with ldns-dane create
|
||||
* bugfix #623: Do not redefine bool type and boolean values
|
||||
* bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
|
||||
* bugfix #575: ldns_pkt_clone() does not copy timestamp field
|
||||
* bugfix #584: ldns-update fixes. Send update to port 53, bring manpage
|
||||
in sync with the usage text, and don't alter the ldns_resolver passed
|
||||
to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone()
|
||||
function in the process.
|
||||
* bugfix #633: ldns_pkt_clone() parameter isn't const.
|
||||
* bugfix: ldns-dane manpage correction
|
||||
* RFC7553 RR Type URI is supported by default.
|
||||
* Fix ECDSA signature generation, do not omit leading zeroes.
|
||||
* bugfix: Get rid of superfluous newline in ldns-keyfetcher
|
||||
* bugfix: -U option to ldns-signzone to sign with every algorithm
|
||||
* const function parameters whenever possible.
|
||||
* bugfix #725: allow RR-types on the type bitmap window border
|
||||
* Add type CSYNC support, RFC 7477.
|
||||
* Prepare for ED25519, ED448 support: todo convert* routines in dnssec.h,
|
||||
once openssl has support for signing with these algorithms. The dns
|
||||
algorithm number is not yet allocated. These features are not fully
|
||||
implemented yet, openssl (1.1) does not support the algorithms enough
|
||||
to generate keys and sign and verify with them.
|
||||
* Fix drill axfr ipv4/ipv6 queries.
|
||||
* Fix for openssl 1.1.0 API changes.
|
||||
* bugfix #825: Module import breaks with newer SWIG versions.
|
||||
* bugfix #769: Add support for :: in an IPv6 address
|
||||
* bugfix #708: warnings and errors with xcode 6.1/7.0
|
||||
* bugfix #754: Memory leak in ldns_str2rdf_ipseckey
|
||||
* bugfix #661: Fail NSEC3 signing when NSEC domainname length would
|
||||
overflow.
|
||||
* bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
|
||||
* bugfix #680: ldns fails to reject invalidly formatted RFC 7553 URI RRs.
|
||||
* bugfix #678: Use poll i.s.o. select to support > 1024 fds
|
||||
* Use OpenSSL DANE functions for verification (unless explicitly disabled
|
||||
with --disable-dane-ta-usage).
|
||||
* Bumb .so version
|
||||
* Include OPENPGPKEY RR type by default
|
||||
* rdata processing for SMIMEA RR type
|
||||
* Fix crash in displaying TLSA RR's.
|
||||
* Update ldns-key2ds man page to mention GOST and SHA384 hash functions.
|
||||
* Add sha384 and sha512 tsig algorithm.
|
||||
* Clarify data ownership with consts for tsig parameters.
|
||||
* bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
|
||||
* bugfix #1160: Provide sha256 for release tarballs
|
||||
* --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0 even
|
||||
when the GOST engine is not available.
|
||||
|
||||
- Dropped patch ldns-perl-5.22.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 10 22:52:09 UTC 2016 - mrueckert@suse.de
|
||||
|
||||
- disable python because the bindings dont match the old python
|
||||
version either
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 10 22:44:17 UTC 2016 - mrueckert@suse.de
|
||||
|
||||
- disable perl on sle11 as it needs at least 5.14.2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 10 22:23:24 UTC 2016 - mrueckert@suse.de
|
||||
|
||||
- fix building on SLE11 by disabling gost
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 1 11:46:20 UTC 2015 - dimstar@opensuse.org
|
||||
|
||||
- Add ldns-perl-5.22.patch: Fix build with perl 5.22.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 22 17:03:27 UTC 2014 - mrueckert@suse.de
|
||||
|
||||
- update to 1.6.17
|
||||
* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
|
||||
zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
|
||||
* Add --disable-dane option to configure and check availability of the
|
||||
for dane needed X509_check_ca function in openssl.
|
||||
* bugfix #490: Get rid of type-punned pointer warnings.
|
||||
Thanks Adam Tkac.
|
||||
* Make sure executables are linked against libcrypto with the
|
||||
LIBSSL_LDFLAGS. Thanks Leo Baltus.
|
||||
* Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
|
||||
* README now shows preferred way to configure for examples and drill.
|
||||
* Bind to source address for resolvers. drill binds to source with -I.
|
||||
Thanks Bryan Duff.
|
||||
* -T option for ldns-dane that has specific exit status for PKIX
|
||||
validated connections without (secure) TLSA records.
|
||||
* Fix b{32,64}_{ntop,pton} detection and handling.
|
||||
* New RR type TKEY, but without operational practice.
|
||||
* New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
|
||||
* New output format flag (and accompanying functions) to print certain
|
||||
RR's as unknown type
|
||||
* -u and -U parameter for ldns-read-zone to mark/unmark a RR type
|
||||
for printing as unknown type
|
||||
* bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
|
||||
* bugfix #497: Properly test for EOF when reading key files with drill.
|
||||
* New functions: ldns_pkt_ixfr_request_new and
|
||||
ldns_pkt_ixfr_request_new_frm_str.
|
||||
* Use SNI with ldns-dane
|
||||
* bugfix #507: ldnsx Fix use of non-existent variables and not
|
||||
properly referring to instance variable. Patch from shussain.
|
||||
* bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
|
||||
dictionary. Patch from shussain.
|
||||
* bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
|
||||
file pointer.
|
||||
* Fix memory leak in contrib/python: ldns_pkt.new_query.
|
||||
* Fix buffer overflow in fget_token and bget_token.
|
||||
* ldns-verify-zone NSEC3 checking from quadratic to linear performance.
|
||||
Thanks NIC MX (nicmexico.mx)
|
||||
* ldns-dane setup new ssl session for each new connect to prevent hangs
|
||||
* bugfix #521: drill trace continue on empty non-terminals with NSEC3
|
||||
* bugfix #525: Fix documentation of ldns_resolver_set_retry
|
||||
* Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
|
||||
* Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
|
||||
* Configure option to build perl bindings: --with-p5-dns-ldns
|
||||
(DNS::LDNS is a contribution from Erik Ostlyngen)
|
||||
* bugfix #527: Move -lssl before -lcrypto when linking
|
||||
* Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
|
||||
* Compare names case insensitive with ldns_pkt_rr_list_by_name and
|
||||
ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
|
||||
* A separate --enable for each draft RR type: --enable-rrtype-ninfo,
|
||||
--enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
|
||||
--enable-rrtype-ta
|
||||
* bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
|
||||
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
|
||||
* Adjust ldns_sha1() so that the input data is not modified (Thanks
|
||||
Marc Buijsman)
|
||||
* Messages to stderr are now off by default and can be reenabled with
|
||||
the --enable-stderr-msgs configure option.
|
||||
- enable rrtype-ninfo, rrtype-rkey, rrtype-cds, rrtype-uri, rrtype-ta
|
||||
- build pyldnsx bindings
|
||||
- build perl bindings
|
||||
- pass the path to our CA store
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 21 13:40:47 UTC 2013 - johann.luce@wanadoo.fr
|
||||
|
||||
- Fix spec file for submit in Server:dns repos
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 3 15:20:36 UTC 2012 - johann.luce@wanadoo.fr
|
||||
|
||||
- Upgrade to 1.6.16
|
||||
1.6.16 2012-11-13
|
||||
* Fix Makefile to build pyldns with BSD make
|
||||
* Fix typo in exporting b32_* symbols to make pyldns load again
|
||||
* Allow leaving the RR owner name empty in ldns-testns datafiles.
|
||||
* Fix fail to create NSEC3 bitmap for empty non-terminal (bug
|
||||
introduced in 1.6.14).
|
||||
|
||||
1.6.15 2012-10-25
|
||||
* Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns
|
||||
binary compatible with earlier releases again.
|
||||
|
||||
1.6.14 2012-10-23
|
||||
* DANE support (RFC6698), including ldns-dane example tool.
|
||||
* Configurable default CA certificate repository for ldns-dane with
|
||||
--with-ca-file=CAFILE and --with-ca-path=CAPATH
|
||||
* Configurable default trust anchor with --with-trust-anchor=FILE
|
||||
for drill, ldns-verify-zone and ldns-dane
|
||||
* bugfix #474: Define socklen_t when undefined (like in Win32)
|
||||
* bugfix #473: Dead code removal and resource leak fix in drill
|
||||
* bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too.
|
||||
* Various bugfixes from code reviews from CZ.NIC and Paul Wouters
|
||||
* ldns-notify TSIG option argument checking
|
||||
* Let ldns_resolver_nameservers_randomize keep nameservers and rtt's
|
||||
in sync.
|
||||
* Let ldns_pkt_push_rr now return false on (memory) errors.
|
||||
* Make buffer_export comply to documentation and fix buffer2str
|
||||
* Various improvements and fixes of pyldns from Katel Slany
|
||||
now documented in their own Changelog.
|
||||
* bugfix: Make ldns_resolver_pop_nameserver clear the array when
|
||||
there was only one.
|
||||
* bugfix #459: Remove ldns_symbols and export symbols based on regex
|
||||
* bugfix #458: Track all newly created signatures when signing.
|
||||
* bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
|
||||
* bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
|
||||
* pyldns memory handling fixes and the python3/ldns-signzone.py
|
||||
examples script contribution from Karel Slany.
|
||||
* bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed
|
||||
to be bigger (or equal) P in ldns_key_dsa2bin.
|
||||
* bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new.
|
||||
* bugfix #448: Copy nameserver value (in stead of reference) of the
|
||||
answering nameserver to the answer packet in ldns_send_buffer, so
|
||||
the original value may be deep freed with the ldns_resolver struct.
|
||||
* New -0 option for ldns-read-zone to replace inception, expiration
|
||||
and signature rdata fields with (null). Thanks Paul Wouters.
|
||||
* New -p option for ldns-read-zone to prepend-pad SOA serial to take
|
||||
up ten characters.
|
||||
* Return error if printing RR fails due to unknown/null RDATA.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 10 20:33:18 UTC 2012 - johann.luce@wanadoo.fr
|
||||
|
||||
- Upgrade to 1.6.13
|
||||
* New -S option for ldns-verify-zone to chase signatures online.
|
||||
* New -k option for ldns-verify-zone to validate using a trusted key.
|
||||
* New inception and expiration margin options (-i and -e) to
|
||||
ldns-verify-zone.
|
||||
* New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l
|
||||
functions.
|
||||
* New ldns_duration* functions (copied from OpenDNSSEC source)
|
||||
* fix ldns-verify-zone to allow NSEC3 signatures to come before
|
||||
the NSEC3 RR in all cases. Thanks Wolfgang Nagele.
|
||||
* Zero the correct flag (opt-out) when creating NSEC3PARAMS.
|
||||
Thanks Peter van Dijk.
|
||||
* Canonicalize RRSIG's Signer's name too when validating, because
|
||||
bind and unbound do that too. Thanks Peter van Dijk.
|
||||
* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
|
||||
* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
|
||||
* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
|
||||
* bugfix #427: Explicitely link ssl with the programs that use it.
|
||||
* Fix reading \DDD: Error on values that are outside range (>255).
|
||||
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
|
||||
path to perl.
|
||||
* New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
|
||||
* fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.
|
||||
Thanks John Barnitz
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 19 14:05:39 UTC 2012 - johann.luce@wanadoo.fr
|
||||
|
||||
- Upgrade in 1.6.12
|
||||
* bugfix #413: Fix manpage source for srcdir != builddir
|
||||
* Canonicalize the signers name rdata field in RRSIGs when signing
|
||||
* Ignore minor version of Private-key-format (so v1.3 may be used)
|
||||
* Allow a check_time to be given in stead of always checking against
|
||||
the current time. With ldns-verify-zone the check_time can be set
|
||||
with the -t option.
|
||||
* Added functions for updating and manipulating SOA serial numbers.
|
||||
ldns-read-zone has an option -S for updating and manipulating the
|
||||
serial numbers.
|
||||
* The library Makefile is now GNU and BSD make compatible.
|
||||
* bugfix #419: NSEC3 validation of a name covered by a wildcard with
|
||||
no data.
|
||||
* Two new options (--with-drill and --with-examples) to the main
|
||||
configure script (in the root of the source tree) to build drill
|
||||
and examples too.
|
||||
* Fix days_since_epoch to year_yday calculation on 32bits systems.
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 10 11:21:38 UTC 2012 - dimstar@opensuse.org
|
||||
|
||||
- Add openssl-devel Requires to -devel package: dnssec.h includes
|
||||
ssl.h, which in turn is provided by openssl-devel. Without this
|
||||
Requires, depending packages need to be aware of underlying
|
||||
implementations of ldns.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 17 15:17:12 UTC 2011 - lnussel@suse.de
|
||||
|
||||
- new version 1.6.11
|
||||
* new ldnsx python module
|
||||
* fix heap overflow (bnc#720277, CVE-2011-3581)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 25 13:38:43 UTC 2011 - lnussel@suse.de
|
||||
|
||||
- new version 1.6.9
|
||||
- enable python bindings, used by sshfp's dane tool
|
||||
- merge with Factory version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 27 15:34:10 CEST 2009 - crrodriguez@suse.de
|
||||
|
||||
- initial version, required by unbound
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 21 17:59:04 CEST 2008 - mrueckert@suse.de
|
||||
|
||||
- fix the rpmlint warnings
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 21 05:53:12 CEST 2008 - mrueckert@suse.de
|
||||
|
||||
- update to 1.3.0.pre20080229 (taken from unbound-1.0.0 tarball)
|
||||
required version update to make it work with unbound
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 21 04:43:07 CEST 2008 - mrueckert@suse.de
|
||||
|
||||
- initial package
|
||||
|
51
ldns.keyring
Normal file
51
ldns.keyring
Normal file
@ -0,0 +1,51 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07
|
||||
WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTp
|
||||
Mnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRai
|
||||
a54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZ
|
||||
xR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20
|
||||
tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXi
|
||||
DqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbO
|
||||
tgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpy
|
||||
cDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/
|
||||
45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdim
|
||||
pAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQAB
|
||||
tCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAIb
|
||||
IwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlbUE5oFCRDr7kkACgkQ5fj4IS93
|
||||
pJiGfA/8C1+/M+EaQItVzQ/iPCbagBTqWOSispMzJne9gmimJzPs+lxgnrXOuYlI
|
||||
BywHpWB2Jmz45h+Cc4+di48WQfV9tHENn9MVFkwKzSdcY6v5eot6xSY5FRHS226M
|
||||
PR9UJ8/z5PvlizZUVbbM+Ngxg3Rx045Q0FnQm0o5VasEJ1PoR3CSiELJoZ13ukTk
|
||||
5pQlKyVknUKH1E1ds+Xtg1jpZBqiLiBzcLkKWYqBvrXI6XAEPr+woRgj3xV8P24U
|
||||
j232uK7xoe82jWIeZWXt/AbHBSmNOWPIgMd9i3FjdeTDml5sZSy3BlDYMr8hINen
|
||||
hYLhdLpJnXwPcsaj0ivcV+xSjLtSh0mE4gudcVhk5XR1M6emSlATC6+Bqn0M9JNT
|
||||
n4SHhkNSyo87aPwKqWFDlvjAZlRyPym9miJBlzech2uOlYSk6GFuead7MpGAipf5
|
||||
PwNNRKDMDi3y+H47YG2izbrqj3cOZdqZmErwrzCU8xVkxzY/EY6w/MNMFNeqmXVG
|
||||
xzIZ8y9KAjH6JO96M/AxS4mXHJh1ocfHtSm90Ahy/HPJK+2+5+IgkAymKsvyIbvj
|
||||
s7FccMUo+OiSPWYi+xO/NXA4pBlUuGmV55Kog7ym1flzo8OD9uHfLPrVORBHgnsI
|
||||
Tbzf9vgJ0emy8fxMCkzFT334gC1OVhD1ff1frbPXyVbcGI8AO+q5Ag0ETWzzUQEQ
|
||||
AKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuU
|
||||
ia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd
|
||||
6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/c
|
||||
laxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNG
|
||||
Qplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124Ybc
|
||||
WC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC
|
||||
6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+
|
||||
hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/
|
||||
NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzr
|
||||
avs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ
|
||||
5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiUEGAECAA8C
|
||||
GwwFAlbUE5oFCRDr7kkACgkQ5fj4IS93pJjBwxAAnko5CSFDX/ZqW97satNacACH
|
||||
SAOOM8/jz1p2QtJSwbrbLsJRMpN1mSnjXWPBTmXoP4SGHGtxTVZxrYCpSMEHMqOV
|
||||
4yK3QlUnQXnf+CSvo2Ud3rpCh/lFLVHqG2Sy5Ietf/T+GGsoPd9DIdTHO0aFlW2y
|
||||
RQPxSrbYpv1v2aACgRO4114qkex2j36diqlLod/OU4OQ51nuSesjTrUM9Fz6ikBJ
|
||||
1UDjakjAXe/HiRxUmdv4LANCmso+Gn17Co5lUdpn3fa8zTwNNAgLm6RBiBSSdaYE
|
||||
xM9ir6pHrcWL5N+iZKnVmfE5CBufziZq7V1E3I4FRuvDN4echbf58c6YxBQDsd9V
|
||||
ZMJeFWY60w4JEXpHQdt129GS1FN/2PQ8NmAUXYCkYYk6Lv1tnGJCSLnD3ObLyWm+
|
||||
sjA5yAK2H8WU+nutsDF63yFJujNMpmB3bi9+699TzsyQNVKd2fH38cgk1gZFb6Nb
|
||||
x9+lrTIwzAJJlOu8UwbR0HgGuRmrWp0EIm3tcy4xqWF3CavnM22BAOKKKH+qnwx8
|
||||
BRrx58coHQFMswW4W7Bo+jpKbQJ4RV2cXUEbmHbYUoXDHZyv/RzOI46dXAoWFc3o
|
||||
CoqLqpsZYZstJ4UJHXB5aHi1zxJDwzKxsflmSKfIUr3glRWCy/ylcPMEXzPBb3qb
|
||||
GFMUboioUjqLuNV4SSY=
|
||||
=n3Or
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
193
ldns.spec
Normal file
193
ldns.spec
Normal file
@ -0,0 +1,193 @@
|
||||
#
|
||||
# spec file for package ldns
|
||||
#
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define libname libldns3
|
||||
Name: ldns
|
||||
Version: 1.8.3
|
||||
Release: 0
|
||||
Summary: A library for developing the Domain Name System
|
||||
License: BSD-3-Clause
|
||||
Group: Development/Libraries/C and C++
|
||||
URL: https://www.nlnetlabs.nl/projects/ldns/
|
||||
Source: https://www.nlnetlabs.nl/downloads/ldns/ldns-%{version}.tar.gz
|
||||
Source1: https://www.nlnetlabs.nl/downloads/ldns/ldns-%{version}.tar.gz.asc
|
||||
Source2: ldns.keyring
|
||||
BuildRequires: doxygen
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: libopenssl-devel
|
||||
BuildRequires: libpcap-devel
|
||||
BuildRequires: perl-Devel-CheckLib
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: swig
|
||||
|
||||
%description
|
||||
ldns is a C library that can be used for domain name system (DNS)
|
||||
development. It supports RFCs like the DNSSEC documents, and allows
|
||||
developers to create software conforming to RFCs, as well as
|
||||
experimental software for current Internet Drafts.
|
||||
|
||||
This package holds the tools/examples from ldns.
|
||||
|
||||
%package -n %{libname}
|
||||
Summary: A library for developing the Domain Name System
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n %{libname}
|
||||
ldns is a C library that can be used for domain name system (DNS)
|
||||
development. It supports RFCs like the DNSSEC documents, and allows
|
||||
developers to create software conforming to RFCs, as well as
|
||||
experimental software for current Internet Drafts.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for ldns
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %{libname} = %{version}
|
||||
Requires: openssl-devel
|
||||
|
||||
%description devel
|
||||
ldns is a C library that can be used for domain name system (DNS)
|
||||
development. It supports RFCs like the DNSSEC documents, and allows
|
||||
developers to create software conforming to RFCs, as well as
|
||||
experimental software for current Internet Drafts.
|
||||
|
||||
This package holds the development files.
|
||||
|
||||
%package -n python3-ldns
|
||||
Summary: Python3 bindings for ldns
|
||||
Group: Development/Languages/Python
|
||||
Requires: %{libname} >= %{version}
|
||||
|
||||
%description -n python3-ldns
|
||||
Python bindings for the ldns library
|
||||
|
||||
%package -n perl-DNS-LDNS
|
||||
Summary: Perl bindings for ldns
|
||||
Group: Development/Languages/Perl
|
||||
Requires: %{libname} >= %{version}
|
||||
%libperl_requires
|
||||
|
||||
%description -n perl-DNS-LDNS
|
||||
Perl bindings for the ldns library.
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
||||
if pkg-config --max-version=1.1.0 openssl; then
|
||||
DISABLE_DANE="--disable-dane-verify"
|
||||
fi
|
||||
export PYTHON=%{_bindir}/python3
|
||||
%configure \
|
||||
--disable-rpath \
|
||||
--disable-static \
|
||||
--enable-rrtype-ninfo \
|
||||
--enable-rrtype-rkey \
|
||||
--enable-rrtype-cds \
|
||||
--enable-rrtype-uri \
|
||||
--enable-rrtype-ta \
|
||||
--with-pyldns \
|
||||
--with-pyldnsx \
|
||||
--with-drill \
|
||||
--with-examples \
|
||||
--with-ca-path=%{_sysconfdir}/ssl/certs/ \
|
||||
$DISABLE_DANE
|
||||
make %{?_smp_mflags}
|
||||
|
||||
# We cannot use the built-in --with-p5-dns-ldns
|
||||
pushd contrib/DNS-LDNS
|
||||
LD_LIBRARY_PATH="../../lib:$LD_LIBRARY_PATH" perl \
|
||||
Makefile.PL INSTALLDIRS=vendor INC="-I. -I../.." LIBS="-L../../lib"
|
||||
make %{?_smp_mflags}
|
||||
popd
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} \
|
||||
install \
|
||||
install-drill \
|
||||
install-examples
|
||||
|
||||
make DESTDIR=%{buildroot} \
|
||||
install-pyldns \
|
||||
install-pyldnsx
|
||||
rm -v %{buildroot}%{python3_sitearch}/*.la
|
||||
|
||||
make -C contrib/DNS-LDNS DESTDIR=%{buildroot} pure_install
|
||||
chmod 755 %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/LDNS.so
|
||||
rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs}
|
||||
|
||||
rm -v %{buildroot}%{_libdir}/libldns.*a
|
||||
%fdupes %{buildroot}%{_mandir}
|
||||
|
||||
%post -n %{libname} -p /sbin/ldconfig
|
||||
%postun -n %{libname} -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%{_bindir}/drill
|
||||
%{_bindir}/ldns-chaos
|
||||
%{_bindir}/ldns-compare-zones
|
||||
%{_bindir}/ldns-dpa
|
||||
%{_bindir}/ldns-gen-zone
|
||||
%{_bindir}/ldns-key2ds
|
||||
%{_bindir}/ldns-keyfetcher
|
||||
%{_bindir}/ldns-keygen
|
||||
%{_bindir}/ldns-mx
|
||||
%{_bindir}/ldns-notify
|
||||
%{_bindir}/ldns-nsec3-hash
|
||||
%{_bindir}/ldns-read-zone
|
||||
%{_bindir}/ldns-resolver
|
||||
%{_bindir}/ldns-revoke
|
||||
%{_bindir}/ldns-rrsig
|
||||
%{_bindir}/ldns-signzone
|
||||
%{_bindir}/ldns-test-edns
|
||||
%{_bindir}/ldns-testns
|
||||
%{_bindir}/ldns-update
|
||||
%{_bindir}/ldns-verify-zone
|
||||
%{_bindir}/ldns-version
|
||||
%{_bindir}/ldns-walk
|
||||
%{_bindir}/ldns-zcat
|
||||
%{_bindir}/ldns-zsplit
|
||||
%{_bindir}/ldnsd
|
||||
%{_bindir}/ldns-dane
|
||||
%{_mandir}/man1/drill.1%{?ext_man}
|
||||
%{_mandir}/man1/ldns*.1%{?ext_man}
|
||||
|
||||
%files -n %{libname}
|
||||
%license LICENSE
|
||||
%{_libdir}/libldns.so.*
|
||||
|
||||
%files devel
|
||||
%{_bindir}/ldns-config
|
||||
%{_includedir}/ldns/
|
||||
%{_libdir}/libldns.so
|
||||
%{_libdir}/pkgconfig/ldns.pc
|
||||
%{_mandir}/man3/ldns*.3%{?ext_man}
|
||||
%doc libdns.vim README*
|
||||
|
||||
%files -n perl-DNS-LDNS
|
||||
%{perl_vendorarch}/DNS/LDNS.pm
|
||||
%dir %{perl_vendorarch}/DNS/
|
||||
%{perl_vendorarch}/DNS/LDNS/
|
||||
%dir %{perl_vendorarch}/auto/DNS/
|
||||
%{perl_vendorarch}/auto/DNS/LDNS/
|
||||
%{_mandir}/man3/DNS::LDNS*3pm*
|
||||
|
||||
%files -n python3-ldns
|
||||
%{python3_sitearch}/*ldns*
|
||||
|
||||
%changelog
|
Loading…
Reference in New Issue
Block a user