|
1 | | -1.6.10 |
| 1 | +1.6.12 2012-01-11 |
| 2 | + * bugfix #413: Fix manpage source for srcdir != builddir |
| 3 | + * Canonicalize the signers name rdata field in RRSIGs when signing |
| 4 | + * Ignore minor version of Private-key-format (so v1.3 may be used) |
| 5 | + * Allow a check_time to be given in stead of always checking against |
| 6 | + the current time. With ldns-verify-zone the check_time can be set |
| 7 | + with the -t option. |
| 8 | + * Added functions for updating and manipulating SOA serial numbers. |
| 9 | + ldns-read-zone has an option -S for updating and manipulating the |
| 10 | + serial numbers. |
| 11 | + * The library Makefile is now GNU and BSD make compatible. |
| 12 | + * bugfix #419: NSEC3 validation of a name covered by a wildcard with |
| 13 | + no data. |
| 14 | + * Two new options (--with-drill and --with-examples) to the main |
| 15 | + configure script (in the root of the source tree) to build drill |
| 16 | + and examples too. |
| 17 | + * Fix days_since_epoch to year_yday calculation on 32bits systems. |
| 18 | + |
| 19 | +1.6.11 2011-09-29 |
| 20 | + * bugfix #394: Fix socket leak on errors |
| 21 | + * bugfix #392: Apex only and percentage checks for ldns-verify-zone |
| 22 | + (thanks Miek Gieben) |
| 23 | + * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone |
| 24 | + * Fix python site package path from sitelib to sitearch for pyldns. |
| 25 | + * Fix python api to support python2 and python3 (thanks Karel Slany). |
| 26 | + * bugfix #401: Correction of date/time functions algorithm and |
| 27 | + prevention of an infinite loop therein |
| 28 | + * bugfix #402: Correct the minimum and maximum number of rdata fields |
| 29 | + in TSIG. (thanks David Keeler) |
| 30 | + * bugfix #403: Fix heap overflow (thanks David Keeler) |
| 31 | + * bugfix #404: Make parsing APL strings more robust |
| 32 | + (thanks David Keeler) |
| 33 | + * bugfix #391: Complete library assessment to prevent assertion errors |
| 34 | + through ldns_rdf_size usage. |
| 35 | + * Slightly more specific error messaging on wrong number of rdata |
| 36 | + fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and |
| 37 | + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes. |
| 38 | + * bugfix #406: More rigorous openssl result code handling to prevent |
| 39 | + future crashes within openssl. |
| 40 | + * Fix ldns_fetch_valid_domain_keys to search deeper than just one level |
| 41 | + for a DNSKEY that signed a DS RR. (this function was used in the |
| 42 | + check_dnssec_trace nagios module) |
| 43 | + * bugfix #407: Canonicalize TSIG dnames and algorithm fields |
| 44 | + * A new output specifier to accommodate configuration of what to show |
| 45 | + in comment texts when converting host and/or wire-format data to |
| 46 | + string. All conversion to string and printing functions have a new |
| 47 | + version that have such a format specifier as an extra argument. |
| 48 | + The default is changed so that only DNSKEY RR's are annotated with |
| 49 | + an comment show the Key Tag of the DNSKEY. |
| 50 | + * Fixed the ldns resolver to not mark a nameserver unreachable when |
| 51 | + edns0 is tried unsuccessfully with size 4096 (no return packet came), |
| 52 | + but to still try TCP. A big UDP packet might have been corrupted by |
| 53 | + fragments dropping firewalls. |
| 54 | + * Update of libdns.vim (thanks Miek Gieben) |
| 55 | + * Added the ldnsx Python module to our contrib section, which adds even |
| 56 | + more pythonisticism to the usage of ldns with Python. (Many thanks |
| 57 | + to Christpher Olah and Paul Wouters) |
| 58 | + The ldnsx module is automatically installed when --with-pyldns is |
| 59 | + used with configuring, but may explicitly be excluded with the |
| 60 | + --without-pyldnsx option to configure. |
| 61 | + * bugfix #410: Fix clearing out temporary data on stack in sha2.c |
| 62 | + * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure. |
| 63 | + |
| 64 | +1.6.10 2011-05-31 |
2 | 65 | * New example tool added: ldns-gen-zone. |
3 | 66 | * bugfix #359: Serial-arithmetic for the inception and expiration |
4 | 67 | fields of a RRSIG and correctly converting them to broken-out time |
5 | 68 | information. |
6 | 69 | * bugfix #364: Slight performance increase of ldns-verifyzone. |
7 | 70 | * bugfix #367: Fix to allow glue records with the same name as the |
8 | 71 | delegation. |
9 | | - * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* |
| 72 | + * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* |
10 | 73 | glue when the zone is opt-out. |
11 | | - * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, |
| 74 | + * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, |
12 | 75 | ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too. |
13 | 76 | * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit |
14 | 77 | performance) |
|
46 | 109 |
|
47 | 110 | 1.6.8 2011-01-24 |
48 | 111 | * Fix ldns zone, so that $TTL definition match RFC 2308. |
49 | | - * Fix lots of missing checks on allocation failures and parse of |
| 112 | + * Fix lots of missing checks on allocation failures and parse of |
50 | 113 | NSEC with many types and max parse length in hosts_frm_fp routine |
51 | 114 | and off by one in read_anchor_file routine (thanks Dan Kaminsky and |
52 | 115 | Justin Ferguson). |
|
111 | 174 | * Catch \X where X is a digit as an error. |
112 | 175 | * Fix segfault when ip6 ldns resolver only has ip4 servers. |
113 | 176 | * Fix NSEC record after DNSKEY at zone apex not properly signed. |
114 | | - * Fix syntax error if last label too long and no dot at end of domain. |
| 177 | + * Fix syntax error if last label too long and no dot at end of domain. |
115 | 178 | * Fix parse of \# syntax with space for type LOC. |
116 | 179 | * Fix ldns_dname_absolute for escape sequences, fixes some parse errs. |
117 | 180 | * bugfix #297: linking ssl, bug due to patch submitted as #296. |
|
240 | 303 | the SEP flag |
241 | 304 | * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to |
242 | 305 | the first non-default DNSKEY TTL value it sees) |
243 | | - |
| 306 | + |
244 | 307 | 1.5.1 |
245 | 308 | Example tools: |
246 | 309 | * ldns-signzone was broken in 1.5.0 for multiple keys, this |
247 | | - has been repaired |
| 310 | + has been repaired |
248 | 311 |
|
249 | 312 | Build system: |
250 | | - * Removed a small erroneous output warning in |
251 | | - examples/configure and drill/configure |
| 313 | + * Removed a small erroneous output warning in |
| 314 | + examples/configure and drill/configure |
252 | 315 |
|
253 | 316 | 1.5.0 |
254 | 317 | Bug fixes: |
|
265 | 328 | * ldns_key now has support for 'external' data, in which |
266 | 329 | case the OpenSSL EVP structures are not used; |
267 | 330 | ldns_key_set_external_key() and ldns_key_external_key() |
268 | | - * added ldns_key_get_file_base_name() which creates a |
| 331 | + * added ldns_key_get_file_base_name() which creates a |
269 | 332 | 'default' filename base string for key storage, of the |
270 | 333 | form "K<zone>+<algorithm>+<keytag>" |
271 | 334 | * the ldns_dnssec_* family of structures now have deep_free() |
|
283 | 346 | * added new example tool: ldns-nsec3-hash |
284 | 347 | * ldns-dpa can now filter on specific query name and types |
285 | 348 | * ldnsd has fixes for the zone name, a fix for the return |
286 | | - value of recvfrom(), and an memory initialization fix |
287 | | - (Thanks to Colm MacCárthaigh for the patch) |
288 | | - * Fixed memory leaks in ldnsd |
| 349 | + value of recvfrom(), and an memory initialization fix |
| 350 | + (Thanks to Colm MacCárthaigh for the patch) |
| 351 | + * Fixed memory leaks in ldnsd |
289 | 352 |
|
290 | 353 |
|
291 | 354 |
|
|
296 | 359 | * NSEC3 optout flag now correctly printed in string output |
297 | 360 | * inttypes.h moved to configured inclusion |
298 | 361 | * fixed NSEC3 type bitmaps for empty nonterminals and unsigned |
299 | | - delegations |
| 362 | + delegations |
300 | 363 |
|
301 | 364 | API addition: |
302 | 365 | * for that last fix, we added a new function |
303 | 366 | ldns_dname_add_from() that can clone parts of a dname |
304 | | - |
| 367 | + |
305 | 368 | 1.4.0 |
306 | 369 | Bug fixes: |
307 | 370 | * sig chase return code fix (patch from Rafael Justo, bug id 189) |
|
319 | 382 | * Fixed a bug concerning whitespace in zone data (with patch from Ondrej |
320 | 383 | Sury, bug 213) |
321 | 384 | * Fixed a small fallback problem in axfr client code |
322 | | - |
| 385 | + |
323 | 386 | API CHANGES: |
324 | 387 | * added 2str convenience functions: |
325 | 388 | - ldns_rr_type2str |
|
339 | 402 | * TCP fallback system has been improved |
340 | 403 | * HMAC-SHA256 TSIG support has been added. |
341 | 404 | * TTLS are now correcly set in NSEC(3) records when signing zones |
342 | | - |
| 405 | + |
343 | 406 | EXAMPLE TOOLS: |
344 | 407 | * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 |
345 | 408 | * ldns-testpkts has been fixed and updated |
|
409 | 472 | Contrib: |
410 | 473 | * new contrib/ dir with user contributions |
411 | 474 | * added compilation script for solaris (thanks to Jakob Schlyter) |
412 | | - |
| 475 | + |
413 | 476 | 28 Nov 2007 1.2.2: |
414 | 477 | * Added support for HMAC-MD5 keys in generator |
415 | 478 | * Added a new example tool (written by Ondrej Sury): ldns-compare-zones |
|
432 | 495 |
|
433 | 496 | 11 Apr 2007 1.2.0: |
434 | 497 | * canonicalization of rdata in DNSSEC functions now adheres to the |
435 | | - rr type list in rfc3597, not rfc4035, which will be updated |
| 498 | + rr type list in rfc3597, not rfc4035, which will be updated |
436 | 499 | (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html) |
437 | 500 | * ldns-walk now support dnames with maximum label length |
438 | 501 | * ldnsd now takes an extra argument containing the address to listen on |
|
476 | 539 | platform; some gnuism were identified and fixed. |
477 | 540 | * The ldns_zone structure was stress tested. The current setup |
478 | 541 | (ie. just a list of rrs) can scale to zone file in order of |
479 | | - megabytes. Sorting such zone is still difficult. |
| 542 | + megabytes. Sorting such zone is still difficult. |
480 | 543 | * Reading multiline b64 encoded rdata works. |
481 | 544 | * OpenSSL was made optional, configure --without-ssl. |
482 | 545 | Ofcourse all dnssec/tsig related functions are disabled |
483 | 546 | * Building of examples and drill now happens with the same |
484 | 547 | defines as the building of ldns itself. |
485 | 548 | * Preliminary sha-256 support was added. Currently is your |
486 | | - OpenSSL supports it, it is supported in the DS creation. |
| 549 | + OpenSSL supports it, it is supported in the DS creation. |
487 | 550 | * ldns_resolver_search was implemented |
488 | 551 | * Fixed a lot of bugs |
489 | 552 |
|
490 | 553 | Drill: |
491 | | - * -r was killed in favor of -o <header bit mnemonic> which |
| 554 | + * -r was killed in favor of -o <header bit mnemonic> which |
492 | 555 | allows for a header bits setting (and maybe more in the |
493 | 556 | future) |
494 | 557 | * DNSSEC is never automaticaly set, even when you query |
495 | 558 | for DNSKEY/RRSIG or DS. |
496 | 559 | * Implement a crude RTT check, it now distinguishes between |
497 | 560 | reachable and unreachable. |
498 | | - * A form of secure tracing was added |
499 | | - * Secure Chasing has been improved |
| 561 | + * A form of secure tracing was added |
| 562 | + * Secure Chasing has been improved |
500 | 563 | * -x does a reverse lookup for the given IP address |
501 | | - |
| 564 | + |
502 | 565 | Examples: |
503 | 566 | * ldns-dpa was added to the examples - this is the Dns Packet |
504 | 567 | Analyzer tool. |
505 | 568 | * ldnsd - as very, very simple nameserver impl. |
506 | 569 | * ldns-zsplit - split zones for parrallel signing |
507 | 570 | * ldns-zcat - cat split zones back together |
508 | | - * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, |
| 571 | + * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, |
509 | 572 | non-DNSSEC) anti-spoofing techniques. |
510 | 573 | * ldns-walk - 'Walks' a DNSSEC signed zone |
511 | 574 | * Added an all-static target to the makefile so you can use examples |
|
516 | 579 | Code: |
517 | 580 | * All networking code was moved to net.c |
518 | 581 | * rdata.c: added asserts to the rdf set/get functions |
519 | | - * const keyword was added to pointer arguments that |
| 582 | + * const keyword was added to pointer arguments that |
520 | 583 | aren't changed |
521 | 584 |
|
522 | 585 | API: |
523 | 586 | Changed: |
524 | 587 | * renamed ldns/dns.h to ldns/ldns.h |
525 | 588 | * ldns_rr_new_frm_str() is extented with an extra variable which |
526 | 589 | in common use may be NULL. This trickles through to: |
527 | | - o ldns_rr_new_frm_fp |
| 590 | + o ldns_rr_new_frm_fp |
528 | 591 | o ldns_rr_new_frm_fp_l |
529 | 592 | Which also get an extra variable |
530 | 593 | Also the function has been changed to return a status message. |
531 | 594 | The compiled RR is returned in the first argument. |
532 | 595 | * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are |
533 | | - changed to return a status msg. |
| 596 | + changed to return a status msg. |
534 | 597 | * ldns_key_new_frm_fp is changed to return ldns_status and |
535 | 598 | the actual key list in the first argument |
536 | 599 | * ldns_rdata_new_frm_fp[_l]() are changed to return a status. |
537 | 600 | the rdf is return in the first argument |
538 | | - * ldns_resolver_new_frm_fp: same treatment: return status and |
| 601 | + * ldns_resolver_new_frm_fp: same treatment: return status and |
539 | 602 | the new resolver in the first argument |
540 | 603 | * ldns_pkt_query_new_frm_str(): same: return status and the |
541 | 604 | packet in the first arg |
|
552 | 615 | * ldns_pkt_empty(): check is a packet is empty |
553 | 616 | * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list |
554 | 617 | * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list |
555 | | - * ldns_rr_list_compare(): compare 2 ldns_rr_lists |
| 618 | + * ldns_rr_list_compare(): compare 2 ldns_rr_lists |
556 | 619 | * ldns_pkt_push_rr_list: rr_list equiv for rr |
557 | 620 | * ldns_pkt_safe_push_rr_list: rr_list equiv for rr |
558 | 621 | Removed: |
|
594 | 657 | * Usual fixes in documentation and code |
595 | 658 |
|
596 | 659 | 13 Jun 2005: 0.65: ldns-team |
597 | | - * Repository is online at: |
| 660 | + * Repository is online at: |
598 | 661 | http://www.nlnetlabs.nl/ldns/svn/ |
599 | | - * Apply reference copying throuhgout ldns, except in 2 |
| 662 | + * Apply reference copying throuhgout ldns, except in 2 |
600 | 663 | places in the ldns_resolver structure (._domain and |
601 | 664 | ._nameservers) |
602 | 665 | * Usual array of bugfixes |
|
608 | 671 | (you're not supposed to include that in a libary) |
609 | 672 | * Further tweaking |
610 | 673 | - DNSSEC signing/verification works |
611 | | - - Assorted bug fixes and tweaks (memory management) |
| 674 | + - Assorted bug fixes and tweaks (memory management) |
612 | 675 |
|
613 | 676 | May 2005: 0.50: ldns-team |
614 | 677 | * First usable release |
|
0 commit comments