pool/ldns
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ff570ab817
ldns/ldns.changes
Marcus Rueckert ff570ab817 - update to 1.6.17 
- enable rrtype-ninfo, rrtype-rkey, rrtype-cds, rrtype-uri, rrtype-ta
- build pyldnsx bindings
- build perl bindings
- pass the path to our CA store

OBS-URL: https://build.opensuse.org/package/show/server:dns/ldns?expand=0&rev=24
2014-05-27 22:06:18 +00:00

214 lines
10 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Thu May 22 17:03:27 UTC 2014 - mrueckert@suse.de
- update to 1.6.17
* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
* Add --disable-dane option to configure and check availability of the
for dane needed X509_check_ca function in openssl.
* bugfix #490: Get rid of type-punned pointer warnings.
Thanks Adam Tkac.
* Make sure executables are linked against libcrypto with the
LIBSSL_LDFLAGS. Thanks Leo Baltus.
* Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
* README now shows preferred way to configure for examples and drill.
* Bind to source address for resolvers. drill binds to source with -I.
Thanks Bryan Duff.
* -T option for ldns-dane that has specific exit status for PKIX
validated connections without (secure) TLSA records.
* Fix b{32,64}_{ntop,pton} detection and handling.
* New RR type TKEY, but without operational practice.
* New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
* New output format flag (and accompanying functions) to print certain
RR's as unknown type
* -u and -U parameter for ldns-read-zone to mark/unmark a RR type
for printing as unknown type
* bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
* bugfix #497: Properly test for EOF when reading key files with drill.
* New functions: ldns_pkt_ixfr_request_new and
ldns_pkt_ixfr_request_new_frm_str.
* Use SNI with ldns-dane
* bugfix #507: ldnsx Fix use of non-existent variables and not
properly referring to instance variable. Patch from shussain.
* bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
dictionary. Patch from shussain.
* bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
file pointer.
* Fix memory leak in contrib/python: ldns_pkt.new_query.
* Fix buffer overflow in fget_token and bget_token.
* ldns-verify-zone NSEC3 checking from quadratic to linear performance.
Thanks NIC MX (nicmexico.mx)
* ldns-dane setup new ssl session for each new connect to prevent hangs
* bugfix #521: drill trace continue on empty non-terminals with NSEC3
* bugfix #525: Fix documentation of ldns_resolver_set_retry
* Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
* Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
* Configure option to build perl bindings: --with-p5-dns-ldns
(DNS::LDNS is a contribution from Erik Ostlyngen)
* bugfix #527: Move -lssl before -lcrypto when linking
* Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
* Compare names case insensitive with ldns_pkt_rr_list_by_name and
ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
* A separate --enable for each draft RR type: --enable-rrtype-ninfo,
--enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
--enable-rrtype-ta
* bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
* Adjust ldns_sha1() so that the input data is not modified (Thanks
Marc Buijsman)
* Messages to stderr are now off by default and can be reenabled with
the --enable-stderr-msgs configure option.
- enable rrtype-ninfo, rrtype-rkey, rrtype-cds, rrtype-uri, rrtype-ta
- build pyldnsx bindings
- build perl bindings
- pass the path to our CA store
-------------------------------------------------------------------
Mon Jan 21 13:40:47 UTC 2013 - johann.luce@wanadoo.fr
- Fix spec file for submit in Server:dns repos
-------------------------------------------------------------------
Mon Dec 3 15:20:36 UTC 2012 - johann.luce@wanadoo.fr
- Upgrade to 1.6.16
1.6.16 2012-11-13
* Fix Makefile to build pyldns with BSD make
* Fix typo in exporting b32_* symbols to make pyldns load again
* Allow leaving the RR owner name empty in ldns-testns datafiles.
* Fix fail to create NSEC3 bitmap for empty non-terminal (bug
introduced in 1.6.14).
1.6.15 2012-10-25
* Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns
binary compatible with earlier releases again.
1.6.14 2012-10-23
* DANE support (RFC6698), including ldns-dane example tool.
* Configurable default CA certificate repository for ldns-dane with
--with-ca-file=CAFILE and --with-ca-path=CAPATH
* Configurable default trust anchor with --with-trust-anchor=FILE
for drill, ldns-verify-zone and ldns-dane
* bugfix #474: Define socklen_t when undefined (like in Win32)
* bugfix #473: Dead code removal and resource leak fix in drill
* bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too.
* Various bugfixes from code reviews from CZ.NIC and Paul Wouters
* ldns-notify TSIG option argument checking
* Let ldns_resolver_nameservers_randomize keep nameservers and rtt's
in sync.
* Let ldns_pkt_push_rr now return false on (memory) errors.
* Make buffer_export comply to documentation and fix buffer2str
* Various improvements and fixes of pyldns from Katel Slany
now documented in their own Changelog.
* bugfix: Make ldns_resolver_pop_nameserver clear the array when
there was only one.
* bugfix #459: Remove ldns_symbols and export symbols based on regex
* bugfix #458: Track all newly created signatures when signing.
* bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
* bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
* pyldns memory handling fixes and the python3/ldns-signzone.py
examples script contribution from Karel Slany.
* bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed
to be bigger (or equal) P in ldns_key_dsa2bin.
* bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new.
* bugfix #448: Copy nameserver value (in stead of reference) of the
answering nameserver to the answer packet in ldns_send_buffer, so
the original value may be deep freed with the ldns_resolver struct.
* New -0 option for ldns-read-zone to replace inception, expiration
and signature rdata fields with (null). Thanks Paul Wouters.
* New -p option for ldns-read-zone to prepend-pad SOA serial to take
up ten characters.
* Return error if printing RR fails due to unknown/null RDATA.
-------------------------------------------------------------------
Sun Jun 10 20:33:18 UTC 2012 - johann.luce@wanadoo.fr
- Upgrade to 1.6.13
* New -S option for ldns-verify-zone to chase signatures online.
* New -k option for ldns-verify-zone to validate using a trusted key.
* New inception and expiration margin options (-i and -e) to
ldns-verify-zone.
* New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l
functions.
* New ldns_duration* functions (copied from OpenDNSSEC source)
* fix ldns-verify-zone to allow NSEC3 signatures to come before
the NSEC3 RR in all cases. Thanks Wolfgang Nagele.
* Zero the correct flag (opt-out) when creating NSEC3PARAMS.
Thanks Peter van Dijk.
* Canonicalize RRSIG's Signer's name too when validating, because
bind and unbound do that too. Thanks Peter van Dijk.
* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
* bugfix #427: Explicitely link ssl with the programs that use it.
* Fix reading \DDD: Error on values that are outside range (>255).
* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
path to perl.
* New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
* fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.
Thanks John Barnitz
-------------------------------------------------------------------
Thu Apr 19 14:05:39 UTC 2012 - johann.luce@wanadoo.fr
- Upgrade in 1.6.12
* bugfix #413: Fix manpage source for srcdir != builddir
* Canonicalize the signers name rdata field in RRSIGs when signing
* Ignore minor version of Private-key-format (so v1.3 may be used)
* Allow a check_time to be given in stead of always checking against
the current time. With ldns-verify-zone the check_time can be set
with the -t option.
* Added functions for updating and manipulating SOA serial numbers.
ldns-read-zone has an option -S for updating and manipulating the
serial numbers.
* The library Makefile is now GNU and BSD make compatible.
* bugfix #419: NSEC3 validation of a name covered by a wildcard with
no data.
* Two new options (--with-drill and --with-examples) to the main
configure script (in the root of the source tree) to build drill
and examples too.
* Fix days_since_epoch to year_yday calculation on 32bits systems.
-------------------------------------------------------------------
Tue Jan 10 11:21:38 UTC 2012 - dimstar@opensuse.org
- Add openssl-devel Requires to -devel package: dnssec.h includes
ssl.h, which in turn is provided by openssl-devel. Without this
Requires, depending packages need to be aware of underlying
implementations of ldns.
-------------------------------------------------------------------
Mon Oct 17 15:17:12 UTC 2011 - lnussel@suse.de
- new version 1.6.11
* new ldnsx python module
* fix heap overflow (bnc#720277, CVE-2011-3581)
-------------------------------------------------------------------
Wed May 25 13:38:43 UTC 2011 - lnussel@suse.de
- new version 1.6.9
- enable python bindings, used by sshfp's dane tool
- merge with Factory version
-------------------------------------------------------------------
Mon Apr 27 15:34:10 CEST 2009 - crrodriguez@suse.de
- initial version, required by unbound
-------------------------------------------------------------------
Wed May 21 17:59:04 CEST 2008 - mrueckert@suse.de
- fix the rpmlint warnings
-------------------------------------------------------------------
Wed May 21 05:53:12 CEST 2008 - mrueckert@suse.de
- update to 1.3.0.pre20080229 (taken from unbound-1.0.0 tarball)
required version update to make it work with unbound
-------------------------------------------------------------------
Wed May 21 04:43:07 CEST 2008 - mrueckert@suse.de
- initial package
Reference in New Issue View Git Blame Copy Permalink