The NetBSD Project

CVS log for pkgsrc/net/ldns/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / ldns

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.28: download - view: text, markup, annotated - select for diffs
Sun Sep 18 20:01:42 2022 UTC (2 years, 2 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, HEAD
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +4 -4 lines
Update net/ldns to version 1.8.3.

Pkgsrc changes:
 * Only checksum changes.

Upstream changes:
1.8.3   2022-08-15
        * bugfix #183: Assertion failure with OPT record without rdata.
          This caused packet creation with only a DO bit (for DNSSEC OK)
          to crash. Thanks Anand Buddhdev and others for reporting this
          so quickly.
        * Fix for syntax error in pyldns

1.8.2   2022-08-12
        * bugfix #147: Allow for tabs in whitespace before quoted rdata
          fields. Thanks Felipe Gasper
        * bugfix #149: Add some missing [out] annotations to doxygen
          parameters. Thanks aldot.
        * Fix build error on Solaris 10 with inet_ntop redeclaration error.
        * Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan
        * Enable compile of SVCB and HTTPS support by default.
        * bugfix #179: Free line memory even if zone file parsing fails
          Thanks Claudius Zingerli
        * bugfix #166: Grow buffer when writing chars and fixed size
          strings when converting to presentation format, preventing
          potential assersion errors.
        * bugfix #46: Print network errors when secure tracing.
          Thanks reedjc
        * EDNS0 Option handling and conversion into presentation format.
        * bugfix #145: ldns-verify-zone should not call occluded records
          glue. Thanks Habbie

1.8.1   2021-12-03
        * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
          needs to larger. Thanks Leah Neukirchen & Felipe Gasper
        * Undo PR#123 fix ldns.pc installation when building out-of-source
          Thanks Axel Xu

Revision 1.27: download - view: text, markup, annotated - select for diffs
Fri Nov 26 23:52:34 2021 UTC (3 years ago) by he
Branches: MAIN
CVS tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +4 -4 lines
Update to ldns version 1.8.0.

Pkgsrc changes:
 * Always depend on OpenSSL >= 1.1.0, use "dane-verify"

Upstream changes:

* ZONEMD support in ldns-signzone and ldns-verify-zone

* Draft implementation of the SVCB and HTTPS RR types.
  Use --enable-rrtype-svcb-https with configure to compile with these
  supported.

Changelog
=========
* bugfix #38: Print "line" before line number when printing
  zone parse errors. Thanks Petr Spacek.
* bugfix: Revert unused variables in ldns-config removal patch.
* bugfix #50: heap Out-of-bound Read vulnerability in
  rr_frm_str_internal reported by pokerfacett.
* bugfix #51: Heap Out-of-bound Read vulnerability in
  ldns_nsec3_salt_data reported by pokerfacett.
* Fix memory leak in examples/ldns-testns handle_tcp routine.
* Detect fixed time memory compare for openssl 0.9.8.
* Fix compile warning by variable initialisation for older gcc.
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
  available on tvOS.
* Fix for #93: fix packaging/libldns.pc Makefile rule.
* ZONEMD support in ldns-signzone and ldns-verify-zone
* ldns-testns can answer several queries over one tcp connection,
  if they arrive within 100msec of each other.
* Fix so that ldns-testns does not leak sockets if the read fails.
* SVCB and HTTPS draft rrtypes.
  Enable with --enable-rrtype-svcb-https.
* bugfix #117: Assertion failure with DNSSEC validating of
  non existence of RR types at the root.  Thanks ZjYwMj
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
  record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
* bugfix #119: Let example tools read longer RR's than
  LDNS_MAX_LINELEN
* Add SVCPARAMS to python ldns_rdf_type2str function.
* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
  the $INCLUDE not implemented error.
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
  number for an empty line after a comment.
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
  compression optional when converting packets to wire format.
  Thanks Eli Lindsey
* Option to ldns-keygen to create symlinks with known names
  (i.e. without the key id) to the created files.
  Thanks Andreas Schulze
* Fix #121: Correct handling of centimetres by LOC parser.
  Thanks Felipe Gasper
* PR #126: Link with libldns.la in Makefile.in.
  Thanks orbea
* PR #127: Addes option -Q to drill to give short answer.
  Thanks niknah
* PR #133: Update m4 files for python modules.
  Thanks Petr Men#ík
* Bufix CAA value fields may be empty: Thanks Robert Mortimer
* PR #108: Fix for ldns-compare-zones net detecting when first zone
  has a RRset that shrinks from two to one RRs, or grows from one
  to two RRs. Thanks Emilio Caballero
* Fix #131: Drill sig chasing breaks with gcc-11 and
  strict-aliasing. Thanks Stanislav Levin
* Fix #130: Unless $TLL is defined, ttl defaults to the last
  explicitly stated value. Thanks Benno
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
  Thanks Daniel J. Luke
* Let ldns-signzone warn for high NSEC3 iteration counts.
  Thanks Andreas Schulze

Revision 1.26: download - view: text, markup, annotated - select for diffs
Tue Oct 26 11:05:52 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -2 lines

net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch

Revision 1.25: download - view: text, markup, annotated - select for diffs
Thu Oct 7 14:41:42 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +1 -2 lines
net: Remove SHA1 hashes for distfiles

Revision 1.24: download - view: text, markup, annotated - select for diffs
Fri Jul 26 22:53:58 2019 UTC (5 years, 4 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +5 -7 lines
Update to ldns version 1.7.1.

Pkgsrc changes:
 * Adapt to patches adopted upstream.

Upstream changes:
* bugfix: Manage verification paths for OpenSSL >= 1.1.0
  Thanks Marco Davids
* bugfix #4106: find the SDK on MacOS X <= 10.6
  Thanks Bill Cole
* bugfix #4155: ldns-config contains never used variables
  Thanks Petr Men#ík
* bugfix #4221: drill -x crashes with malformed IPv4 address
  Thanks Oleksandr Tymoshenko
* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
  Thanks Tony Finch
* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
  Thanks Bill Parker
* bugfix #1260: Anticipate strchr returning NULL on unfound char
  Thanks Stephan Zeisberg
* bugfix #1257: Free after reallocing to 0 size
  Thanks Stephan Zeisberg
* bugfix #1256: Check parse limit before t increment
  Thanks Stephan Zeisberg
* bugfix #1245: Only one signature per RRset needs to be valid with
  ldns-verify-zone.  Thanks Emil Natan.
* ldns-notify can use all supported hash algorithms with -y.
* bugfix #1209: make install ldns.pc file
  Thanks Oleksandr Natalenko
* bugfix #1218: Only chase DS if signer is parent of owner.
  Thanks Emil Natan
* bugfix #617: Retry WKS service and protocol names lower case.
  Thanks Siali Yan
* Spelling errors in binaries and man pages
  Thanks Andreas Schulze
* removed duplicate condition in ldns_udp_send_query.
* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
  and fix memory leak with more EDNS sections
  Thanks Jan Vcelak
* bugfix #1399: ldns_pkt2wire() Python binding is broken.
  Thanks James Raftery
* ED25519 and ED448 support. Default is to autodetect support in
  OpenSSL.  Disable with --disable-ed25519 and --disable-ed448.
* ldns-notify: can have IPv6 address as argument.
* Fix time sensitive TSIG compare vulnerability.
* Fix that ldns-testns ignores sigpipe.
* Fix that ldns-notify sets the query RR as question RR, this
  removes the wrong TTL and 0 rdata from the packet printout.
* Allow -T flag to be used together with drill -x
* Python bindings compile with swig 4.0
  Thanks Jitka Plesníková
* bugfix #4248: drill -DT fails for CNAME domain
  Thanks Thom Wiggers
* bugfix #4214: Various fixes and leaks found by coverity.
  Thanks Petr Men#ík
* Feature #3394: An -I option to ldns-notify to specify a source
  IP address to send to notify from.  Thanks Geert Hendrickx
* Bugfix #279: New API functions ldns_udp_connect2,
  ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
  that return -1 on failure and allow socket number 0
  to be returned too.  Thanks Joerg Sonnenberger
* Bugfix #1447: More verbose reporting of chasing problems with
  ldns-verify-zone.  Thanks Stephane Guedon
* OpenSSL engine support with ldns-signzone.
  See also https://penzin.net/ldns-signzone/
  Many thanks Vadim Penzin.
* Various improvements found with shellcheck.
  Thanks Jeffrey Walton
* PR #36 Update manpage of ldns-notify to mention algorithm
  support with TSIG.  Thanks Anand Buddhdev
* Compile warnings with signed char input to to_lower()
  and is_digit() with NetBSD.  Thanks Hĺvard Eidnes
* Missing Makefile.PL in DNS-LDNS perl module contribution.
  Thanks Jaap Akkerhuis

Revision 1.23: download - view: text, markup, annotated - select for diffs
Mon Jul 8 08:25:59 2019 UTC (5 years, 4 months ago) by roy
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +5 -7 lines
Update to version 1.7.0 so we build with a more recent OpenSSL

Upstream changes:
1.7.0	2016-12-20
	* Fix lookup of relative names in ldns_resolver_search.
	* bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt
	* Follow CNAME's when tracing with drill (TODO dnssec trace)
	* Fix #551 change Regent to Copyright holder in BSD license in
	  some of the headings of the file, to match the opensource.org
	  BSD license.
	* -e option makes ldns-compare-zones exit with status code 2 on difference
	* Filter out specified RR types with ldns-read-zone -e and -E options
	* bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
	* bugfix #562: ldns-keygen match DSA key maximum size with library.
	  And check keysizes with all algorithms. Thanks Peter Koch.
	* ldns-verify-zone accepts only one single zonefile as argument.
	* bugfix #573: ldns-keygen write private keys with mode 0600.
	  Thanks Leon Weber
	* Fix configure to make ldns compile with LibreSSL 2.0
	* drill now also accepts dig style -y option
	  (-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
	* OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
	* bugfix #608: Correct comment about escaped characters
	* CDS and CDNSKEY rr type from RFC 7344.
	  --enable-rrtype-cds configure option removed
	* fix: Memory leak in ldns_pkt_rr_list_by_name()
	  Thanks Johannes Naab
	* fix: Memory leak in ldns_dname2buffer_wire_compress()
	  Thanks Max Liebkies
	* bugfix #613: Allow tab as whitespace too in last rdata field of types
	  of variable length.  Thanks Xiali Yan
	* bugfix: strip trailing whitespace from $ORIGIN lines in zone files
	* Let ldns-keygen output .ds files only for KSK keys
	* Parse RFC7218 TLSA mnemonics, but do not output them
	* Let ldns-dane use SPKI as the default selector i.s.o. Cert
	* bugfix: Fit left over NSEC3s once more before adding empty non
	  terminals.  Thanks Stuart Browne
	* bugfix #605: Determine default trust anchor location at compile time
	  Thanks Peter Koch
	* bugfix #697: Double free with ldns-dane create
	  Thanks Carsten Strotmann
	* bugfix #623: Do not redefine bool type and boolean values
	  Thanks Jakob Petsovits
	* bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
	  Thanks Shussain
	* bugfix #575: ldns_pkt_clone() does not copy timestamp field
	  Thanks Calle Dybedahl
	* bugfix #584: ldns-update fixes.  Send update to port 53, bring manpage
	  in sync with the usage text, and don't alter the ldns_resolver passed
	  to ldns_update_soa_zone_mname().  Created a ldns_resolver_clone()
	  function in the process.  Thanks Nicholas Riley.
	* bugfix #633: ldns_pkt_clone() parameter isn't const.
	  Thanks Jakop Petsovits
	* bugfix: ldns-dane manpage correction
	  Thanks Erwin Lansing
	* Spelling fixes.  Thanks Andreas Schulze
	* Hyphen used as minus in manpages.  Thanks Andreas Schulze.
	* RFC7553 RR Type URI is supported by default.
	* Fix ECDSA signature generation, do not omit leading zeroes.
	* bugfix: Get rid of superfluous newline in ldns-keyfetcher
	  Thanks Jan-Piet Mens
	* bugfix: -U option to ldns-signzone to sign with every algorithm
	  Thanks Guido Kroon
	* const function parameters whenever possible.
	  Thanks Ray Bellis
	* bugfix #725: allow RR-types on the type bitmap window border
	  Thanks Pieter Lexis
	* bugfix #726: 2 typos in drill manpage.
	  Thanks Hugo Lombard
	* Add type CSYNC support, RFC 7477.
	* Prepare for ED25519, ED448 support: todo convert* routines in
	  dnssec.h, once openssl has support for signing with these algorithms.
	  The dns algorithm number is not yet allocated. These features are
	  not fully implemented yet, openssl (1.1) does not support the
	  algorithms enough to generate keys and sign and verify with them.
	* Fix _answerfrom comment in ldns_struct_pkt.
	* Fix drill axfr ipv4/ipv6 queries.
	* Fix comment referring to mk_query in packet.h to pkt_query_new.
	* Fix description of QR flag in packet.h.
	* Fix for openssl 1.1.0 API changes.
	* Remove commented out macro.  Thanks Thiago Farina
	* bugfix #641: Include install-sh in .gitignore
	* bugfix #825: Module import breaks with newer SWIG versions.
	  Thanks Christoph Egger
	* bugfix #796 - #792: Fix miscellaneous compiler warning issues.
	  Thanks Ngie Cooper
	* bugfix #769: Add support for :: in an IPv6 address
	  Thanks Hajimu UMEMOTO
	* bugfix #760: Detect superfluous text in presentation format
	  Thanks Xiali Yan
	* bugfix #708: warnings and errors with xcode 6.1/7.0
	* bugfix #754: Memory leak in ldns_str2rdf_ipseckey
	  Thanks Xiali Yan
	* bugfix #661: Fail NSEC3 signing when NSEC domainname length
	  would overflow.  Thanks Jan-Piet Mens.
	* bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
	  Thanks Harald Jenny
	* bugfix #680: ldns fails to reject invalidly formatted
	  RFC 7553 URI RRs.  Thanks Robert Edmonds
	* bugfix #678: Use poll i.s.o. select to support > 1024 fds
	  Thanks William King
	* Use OpenSSL DANE functions for verification (unless explicitly
	  disabled with --disable-dane-ta-usage).
	* Bumb .so version
	* Include OPENPGPKEY RR type by default
	* rdata processing for SMIMEA RR type
	* Fix crash in displaying TLSA RR's.
	  Thanks Andreas Schulze
	* Update ldns-key2ds man page to mention GOST and SHA384 hash
	  functions.  Thanks Harald Jenny
	* Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser
	* Clarify data ownership with consts for tsig parameters.
	  Thanks Michael Weiser
	* bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
	* bugfix #1160: Provide sha256 for release tarballs
	* --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0
	  even when the GOST engine is not available.

Revision 1.22: download - view: text, markup, annotated - select for diffs
Tue Feb 13 15:08:11 2018 UTC (6 years, 9 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +3 -2 lines
Apply fix for CVE-2017-1000232 from
https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02
Also correct previous CVE, it's CVE-2017-100231...
Bump PKGREVISION.

Revision 1.21: download - view: text, markup, annotated - select for diffs
Tue Feb 13 14:59:14 2018 UTC (6 years, 9 months ago) by he
Branches: MAIN
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +2 -1 lines
Apply fix for CVE-2017-10002, via
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790
Bump PKGREVISION.

Revision 1.20: download - view: text, markup, annotated - select for diffs
Wed Nov 4 00:35:08 2015 UTC (9 years, 1 month ago) by agc
Branches: MAIN
CVS tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +2 -1 lines
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.19: download - view: text, markup, annotated - select for diffs
Thu Jun 18 13:04:29 2015 UTC (9 years, 5 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +3 -2 lines
Fix for perl-5.22.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Fri Nov 21 09:19:32 2014 UTC (10 years ago) by he
Branches: MAIN
CVS tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +5 -4 lines
Update to version 1.6.17.

Pkgsrc changes:
 * adapt PLIST (1 new file installed)
 * fix name of patch file

Upstream changes:
1.6.17	2014-01-10
 * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
   zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
 * Add --disable-dane option to configure and check availability of the
   for dane needed X509_check_ca function in openssl.
 * bugfix #490: Get rid of type-punned pointer warnings.
   Thanks Adam Tkac.
 * Make sure executables are linked against libcrypto with the
   LIBSSL_LDFLAGS. Thanks Leo Baltus.
 * Miscellaneous prototype fixes. Thanks Dag-Erling Smřrgrav.
 * README now shows preferred way to configure for examples and drill.
 * Bind to source address for resolvers. drill binds to source with -I.
   Thanks Bryan Duff.
 * -T option for ldns-dane that has specific exit status for PKIX
   validated connections without (secure) TLSA records.
 * Fix b{32,64}_{ntop,pton} detection and handling.
 * New RR type TKEY, but without operational practice.
 * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
 * New output format flag (and accompanying functions) to print certain
   RR's as unknown type
 * -u and -U parameter for ldns-read-zone to mark/unmark a RR type
   for printing as unknown type
 * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
 * bugfix #497: Properly test for EOF when reading key files with drill.
 * New functions: ldns_pkt_ixfr_request_new and
   ldns_pkt_ixfr_request_new_frm_str.
 * Use SNI with ldns-dane
 * bugfix #507: ldnsx Fix use of non-existent variables and not
   properly referring to instance variable.  Patch from shussain.
 * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
   dictionary.  Patch from shussain.
 * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
   file pointer.
 * Fix memory leak in contrib/python: ldns_pkt.new_query.
 * Fix buffer overflow in fget_token and bget_token.
 * ldns-verify-zone NSEC3 checking from quadratic to linear performance.
   Thanks NIC MX (nicmexico.mx)
 * ldns-dane setup new ssl session for each new connect to prevent hangs
 * bugfix #521: drill trace continue on empty non-terminals with NSEC3
 * bugfix #525: Fix documentation of ldns_resolver_set_retry
 * Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
 * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
 * Configure option to build perl bindings: --with-p5-dns-ldns
   (DNS::LDNS is a contribution from Erik Ostlyngen)
 * bugfix #527: Move -lssl before -lcrypto when linking
 * Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
 * Compare names case insensitive with ldns_pkt_rr_list_by_name and
   ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
 * A separate --enable for each draft RR type: --enable-rrtype-ninfo,
   --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
   --enable-rrtype-ta
 * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
 * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
 * Adjust ldns_sha1() so that the input data is not modified (Thanks
   Marc Buijsman)
 * Messages to stderr are now off by default and can be reenabled with
   the --enable-stderr-msgs configure option.

Revision 1.17: download - view: text, markup, annotated - select for diffs
Tue Nov 13 16:22:31 2012 UTC (12 years ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +4 -4 lines
1.6.16
        * Fix Makefile to build pyldns with BSD make
        * Fix typo in exporting b32_* symbols to make pyldns load again
        * Allow leaving the RR owner name empty in ldns-testns datafiles.
        * Fix fail to create NSEC3 bitmap for empty non-terminal (bug
          introduced in 1.6.14).

Revision 1.16: download - view: text, markup, annotated - select for diffs
Thu Oct 25 19:24:59 2012 UTC (12 years, 1 month ago) by pettai
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +4 -4 lines
1.6.15
        * Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns
          binary compatible with earlier releases again.

1.6.14
        * DANE support (RFC6698), including ldns-dane example tool.
        * Configurable default CA certificate repository for ldns-dane with
          --with-ca-file=CAFILE and --with-ca-path=CAPATH
        * Configurable default trust anchor with --with-trust-anchor=FILE
          for drill, ldns-verify-zone and ldns-dane
        * bugfix #474: Define socklen_t when undefined (like in Win32)
        * bugfix #473: Dead code removal and resource leak fix in drill
        * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too.
        * Various bugfixes from code reviews from CZ.NIC and Paul Wouters
        * ldns-notify TSIG option argument checking
        * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's
          in sync.
        * Let ldns_pkt_push_rr now return false on (memory) errors.
        * Make buffer_export comply to documentation and fix buffer2str
        * Various improvements and fixes of pyldns from Katel Slany
          now documented in their own Changelog.
        * bugfix: Make ldns_resolver_pop_nameserver clear the array when
          there was only one.
        * bugfix #459: Remove ldns_symbols and export symbols based on regex
        * bugfix #458: Track all newly created signatures when signing.
        * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
        * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
        * pyldns memory handling fixes and the python3/ldns-signzone.py
          examples script contribution from Karel Slany.
        * bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed
          to be bigger (or equal) P in ldns_key_dsa2bin.
        * bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new.
        * bugfix #448: Copy nameserver value (in stead of reference) of the
          answering nameserver to the answer packet in ldns_send_buffer, so
          the original value may be deep freed with the ldns_resolver struct.
        * New -0 option for ldns-read-zone to replace inception, expiration
          and signature rdata fields with (null). Thanks Paul Wouters.
        * New -p option for ldns-read-zone to prepend-pad SOA serial to take
          up ten characters.
        * Return error if printing RR fails due to unknown/null RDATA.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Wed May 23 09:53:12 2012 UTC (12 years, 6 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +4 -4 lines
1.6.13
        * New -S option for ldns-verify-zone to chase signatures online.
        * New -k option for ldns-verify-zone to validate using a trusted key.
        * New inception and expiration margin options (-i and -e) to
          ldns-verify-zone.
        * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l
          functions.
        * New ldns_duration* functions (copied from OpenDNSSEC source)
        * fix ldns-verify-zone to allow NSEC3 signatures to come before
          the NSEC3 RR in all cases.
        * Zero the correct flag (opt-out) when creating NSEC3PARAMS.
        * Canonicalize RRSIG's Signer's name too when validating, because
          bind and unbound do that too.
        * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
        * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
        * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
        * bugfix #427: Explicitely link ssl with the programs that use it.
        * Fix reading \DDD: Error on values that are outside range (>255).
        * bugfix #429: fix doxyparse.pl fails on NetBSD because specified
          path to perl.
        * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
        * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Mon Jan 23 16:09:51 2012 UTC (12 years, 10 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +1 -2 lines
remove old patch checksum

Revision 1.13: download - view: text, markup, annotated - select for diffs
Wed Jan 18 22:31:26 2012 UTC (12 years, 10 months ago) by pettai
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +4 -4 lines
1.6.12
        * bugfix #413: Fix manpage source for srcdir != builddir
        * Canonicalize the signers name rdata field in RRSIGs when signing
        * Ignore minor version of Private-key-format (so v1.3 may be used)
        * Allow a check_time to be given in stead of always checking against
          the current time. With ldns-verify-zone the check_time can be set
          with the -t option.
        * Added functions for updating and manipulating SOA serial numbers.
          ldns-read-zone has an option -S for updating and manipulating the
          serial numbers.
        * The library Makefile is now GNU and BSD make compatible.
        * bugfix #419: NSEC3 validation of a name covered by a wildcard with
          no data.
        * Two new options (--with-drill and --with-examples) to the main
          configure script (in the root of the source tree) to build drill
          and examples too.
        * Fix days_since_epoch to year_yday calculation on 32bits systems.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Mon Jan 2 07:35:22 2012 UTC (12 years, 11 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -1 lines
Fixes the bug in ldns_year_and_yday_from_days_since_epoch on 32-bit OSes
http://open.nlnetlabs.nl/pipermail/ldns-users/2011-December/000452.html
(patch taken from trunk)

(ok'ed by wiz@)

Revision 1.10.2.1: download - view: text, markup, annotated - select for diffs
Sun Oct 23 16:08:46 2011 UTC (13 years, 1 month ago) by tron
Branches: pkgsrc-2011Q3
Diff to: previous 1.10: preferred, colored; next MAIN 1.11: preferred, colored
Changes since revision 1.10: +4 -4 lines
Pullup ticket #3577 - requested by he
net/ldns: security update

Revisions pulled up:
- net/ldns/Makefile                                             1.19
- net/ldns/PLIST                                                1.4
- net/ldns/distinfo                                             1.11

---
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Sat Oct 22 19:44:54 UTC 2011

   Modified Files:
   	pkgsrc/net/ldns: Makefile PLIST distinfo

   Log Message:
   Update to version 1.6.11.

   Pkgsrc changes:
    o Sync PLIST, additional man page installed.

   Upstream changes:
   1.6.11	2011-09-29
   	* bugfix #394: Fix socket leak on errors
   	* bugfix #392: Apex only and percentage checks for ldns-verify-zone
   	  (thanks Miek Gieben)
   	* bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
   	* Fix python site package path from sitelib to sitearch for pyldns.
   	* Fix python api to support python2 and python3 (thanks Karel Slany).
   	* bugfix #401: Correction of date/time functions algorithm and
   	  prevention of an infinite loop therein
   	* bugfix #402: Correct the minimum and maximum number of rdata fields
   	  in TSIG. (thanks David Keeler)
   	* bugfix #403: Fix heap overflow (thanks David Keeler)
   	* bugfix #404: Make parsing APL strings more robust
   	  (thanks David Keeler)
   	* bugfix #391: Complete library assessment to prevent assertion errors
          	  through ldns_rdf_size usage.
   	* Slightly more specific error messaging on wrong number of rdata
   	  fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
   	  LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
   	* bugfix #406: More rigorous openssl result code handling to prevent
   	  future crashes within openssl.
   	* Fix ldns_fetch_valid_domain_keys to search deeper than just one level
             for a DNSKEY that signed a DS RR. (this function was used in the
   	  check_dnssec_trace nagios module)
   	* bugfix #407: Canonicalize TSIG dnames and algorithm fields
   	* A new output specifier to accommodate configuration of what to show
   	  in comment texts when converting host and/or wire-format data to
   	  string. All conversion to string and printing functions have a new
   	  version that have such a format specifier as an extra argument.
   	  The default is changed so that only DNSKEY RR's are annotated with
   	  an comment show the Key Tag of the DNSKEY.
   	* Fixed the ldns resolver to not mark a nameserver unreachable when
   	  edns0 is tried unsuccessfully with size 4096 (no return packet came),
   	  but to still try TCP. A big UDP packet might have been corrupted by
   	  fragments dropping firewalls.
   	* Update of libdns.vim (thanks Miek Gieben)
   	* Added the ldnsx Python module to our contrib section, which adds even
   	  more pythonisticism to the usage of ldns with  Python. (Many thanks
   	  to Christpher Olah and Paul Wouters)
   	  The ldnsx module is automatically installed when --with-pyldns is
   	  used with configuring, but may explicitly be excluded with the
   	  --without-pyldnsx option to configure.
   	* bugfix #410: Fix clearing out temporary data on stack in sha2.c
   	* bugfix #411: Don't let empty non-terminal NSEC3s cause
   	  assertion failure.

Revision 1.11: download - view: text, markup, annotated - select for diffs
Sat Oct 22 19:44:54 2011 UTC (13 years, 1 month ago) by he
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +4 -4 lines
Update to version 1.6.11.

Pkgsrc changes:
 o Sync PLIST, additional man page installed.

Upstream changes:
1.6.11	2011-09-29
	* bugfix #394: Fix socket leak on errors
	* bugfix #392: Apex only and percentage checks for ldns-verify-zone
	  (thanks Miek Gieben)
	* bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
	* Fix python site package path from sitelib to sitearch for pyldns.
	* Fix python api to support python2 and python3 (thanks Karel Slany).
	* bugfix #401: Correction of date/time functions algorithm and
	  prevention of an infinite loop therein
	* bugfix #402: Correct the minimum and maximum number of rdata fields
	  in TSIG. (thanks David Keeler)
	* bugfix #403: Fix heap overflow (thanks David Keeler)
	* bugfix #404: Make parsing APL strings more robust
	  (thanks David Keeler)
	* bugfix #391: Complete library assessment to prevent assertion errors
       	  through ldns_rdf_size usage.
	* Slightly more specific error messaging on wrong number of rdata
	  fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
	  LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
	* bugfix #406: More rigorous openssl result code handling to prevent
	  future crashes within openssl.
	* Fix ldns_fetch_valid_domain_keys to search deeper than just one level
          for a DNSKEY that signed a DS RR. (this function was used in the
	  check_dnssec_trace nagios module)
	* bugfix #407: Canonicalize TSIG dnames and algorithm fields
	* A new output specifier to accommodate configuration of what to show
	  in comment texts when converting host and/or wire-format data to
	  string. All conversion to string and printing functions have a new
	  version that have such a format specifier as an extra argument.
	  The default is changed so that only DNSKEY RR's are annotated with
	  an comment show the Key Tag of the DNSKEY.
	* Fixed the ldns resolver to not mark a nameserver unreachable when
	  edns0 is tried unsuccessfully with size 4096 (no return packet came),
	  but to still try TCP. A big UDP packet might have been corrupted by
	  fragments dropping firewalls.
	* Update of libdns.vim (thanks Miek Gieben)
	* Added the ldnsx Python module to our contrib section, which adds even
	  more pythonisticism to the usage of ldns with  Python. (Many thanks
	  to Christpher Olah and Paul Wouters)
	  The ldnsx module is automatically installed when --with-pyldns is
	  used with configuring, but may explicitly be excluded with the
	  --without-pyldnsx option to configure.
	* bugfix #410: Fix clearing out temporary data on stack in sha2.c
	* bugfix #411: Don't let empty non-terminal NSEC3s cause
	  assertion failure.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed Jul 27 04:02:30 2011 UTC (13 years, 4 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2011Q3-base
Branch point for: pkgsrc-2011Q3
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +4 -4 lines
1.6.10
	* New example tool added: ldns-gen-zone.
	* bugfix #359: Serial-arithmetic for the inception and expiration
	  fields of a RRSIG and correctly converting them to broken-out time
	  information.
	* bugfix #364: Slight performance increase of ldns-verifyzone.
	* bugfix #367: Fix to allow glue records with the same name as the
	  delegation.
	* Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
	  glue when the zone is opt-out.
	* bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
	  ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
	* pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
	  performance)
	* Better handling of reference variables in ldns_rr_new_frm_fp_l from
	  pyldns, with a very nice generator function by Bedrich Kosata.
	* Decoupling of the rdfs in rrs in the python wrappers to enable
	  the python garbage collector by Bedrich Kosata.
	* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
	  build time and when used.
	* bugfix #383: Fix detection of empty nonterminals of multiple labels.
	* Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
	  names (in stead of just the ones that contain glue only) and all
	  occluded records on the delegation points (in stead of just the glue).
	* Clarify the operation of ldns_dnssec_mark_glue and the usage of
	  ldns_dnssec_node_next_nonglue functions in the documentation.
	* Added function ldns_dnssec_mark_and_get_glue as an real fast
	  alternative for ldns_zone_glue_rr_list.
	* Fix parse buffer overflow for max length domain names.
	* Fix Makefile for U in environment, since wrong U is more common than
	  deansification necessity.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Mon Mar 21 13:10:58 2011 UTC (13 years, 8 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +4 -4 lines
1.6.9
	* Fix creating NSEC(3) bitmaps: make array size 65536,
	  don't add doubles.
	* Fix printout of escaped binary in TXT records.
	* Parsing TXT records: don't skip starting whitespace that is quoted.
	* bugfix #358: Check if memory was successfully allocated in
	  ldns_rdf2str().
	* Added more memory allocation checks in host2str.c
	* python wrapper for ldns_fetch_valid_domain_keys.
	* fix to compile python wrapper with swig 2.0.2.
	* Don't fallback to SHA-1 when creating NSEC3 hash with another
	  algorithm identifier, fail instead (no other algorithm identifiers
	  are assigned yet).

1.6.8
	* Fix ldns zone, so that $TTL definition match RFC 2308.
	* Fix lots of missing checks on allocation failures and parse of
	  NSEC with many types and max parse length in hosts_frm_fp routine
	  and off by one in read_anchor_file routine.
	* bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
	  records.
	* Print correct WHEN in query packet (is not always 1-1-1970)
	* ldns-test-edns: new example tool that detects EDNS support.
	* fix ldns_resolver_send without openssl.
	* bugfix #342: patch for support for more CERT key types (RFC4398).
	* bugfix #351: fix udp_send hang if UDP checksum error.
	* fix set_bit (from NSEC3 sign).

Revision 1.8: download - view: text, markup, annotated - select for diffs
Wed Nov 17 13:14:09 2010 UTC (14 years ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +4 -4 lines
1.6.7
        * EXPERIMENTAL ecdsa implementation, please do not enable on real
          servers.
        * GOST code enabled by default (RFC 5933).
        * bugfix #326: ignore whitespace between directives and their values.
        * Header comment to advertise ldns_axfr_complete to check for
          successfully completed zone transfers.
        * read resolv.conf skips interface labels, e.g. %eth0.
        * Fix drill verify NSEC3 denials.
        * Use closesocket() on windows.
        * Add ldns_get_signing_algorithm_by_name that understand aliases,
          names changed to RFC names and aliases for compatibility added.
        * bugfix: don't print final dot if the domain is relative.
        * bugfix: resolver search continue when packet rcode != NOERROR.
        * bugfix: resolver push all domains in search directive to list.
        * bugfix: resolver search by default includes the root domain.
        * bugfix: tcp read could fail on single octet recv.
        * bugfix: read of RR in unknown syntax with missing fields.
        * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
          to sign and verify TSIG RRs on subsequent messages
          (section 4.4, RFC 2845).
        * bugfix: signer sigs nsecs with zsks only.
        * bugfix #333: fix ldns_dname_absolute for name ending with backslash.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sun Aug 29 21:51:34 2010 UTC (14 years, 3 months ago) by pettai
Branches: MAIN
CVS tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +4 -4 lines
1.6.6
        * Fix ldns_rr_clone to copy question rrs properly.
        * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone.
        * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end.
        * Fix ldns_wire2dname from reading 1 byte beyond end for pointer.
        * Fix crash using GOST for particular platform configurations.
        * extern C declarations used in the header file.
        * Removed debug fprintf from resolver.c.
        * ldns-signzone checks if public key file is for the right zone.
        * NETLDNS, .NET port of ldns functionality, in contrib.
        * Fix handling of comments in resolv.conf parse.
        * GOST code enabled if SSL recent, RFC 5933.
        * bugfix #317: segfault util.c ldns_init_random() fixed.
        * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of
          b64_pton_calculate_size.
        * Fix ldns_dname_cat: size calculation and handling of realloc().
        * Fix ldns_rr_pop_rdf: fix handling of realloc().
        * Fix ldns-signzone for single type key scheme: sign whole zone if there
          are only KSKs.
        * Fix ldns_resolver: also close socket if AXFR failed (if you don't,
          it would block subsequent transfers).
        * Fix drill: allow for a secure trace if you use DS records as trust
          anchors.

1.6.5
        * Catch \X where X is a digit as an error.
        * Fix segfault when ip6 ldns resolver only has ip4 servers.
        * Fix NSEC record after DNSKEY at zone apex not properly signed.
        * Fix syntax error if last label too long and no dot at end of domain.
        * Fix parse of \# syntax with space for type LOC.
        * Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
        * bugfix #297: linking ssl, bug due to patch submitted as #296.
        * bugfix #299: added missing declarations to host2str.h
        * ldns-compare-zones -s to not exclude SOA record from comparison.
        * --disable-rpath fix
        * fix ldns_pkt_empty()
        * fix ldns_resolver_new_frm_fp not ignore lines after a comment.
        * python code for ldns_rr.new_question_frm_str()
        * Fix ldns_dnssec_verify_denial: the signature selection routine.
        * Type TALINK parsed (draft-ietf-dnsop-trust-history).
        * bugfix #304: fixed dead loop in ldns_tcp_read_wire() and
          ldns_tcp_read_wire_timeout().
        * GOST support with correct algorithm numbers.  The plan is to make it
          enabled if openssl support is detected, but it is disabled by
          default in this release because the RFC is not ready.
        * Fixed comment in rbtree.h about being first member and data ptr.
        * Fixed possibly leak in case of out of memory in ldns_native2rdf...
        * ldns_dname_is_wildcard added.
        * Fixed: signatures over wildcards had the wrong labelcount.
        * Fixed ldns_verify() inconsistent return values.
        * Fixed ldns_resolver to copy and free tsig name, data and algorithm.
        * Fixed ldns_resolver to push search onto searchlist.
        * A ldns resolver now defaults to a non-recursive resolver that handles
          the TC bit.
        * ldns_resolver_print() prints more details.
        * Fixed ldns_rdf2buffer_str_time(), which did not print timestamps
          on 64bit systems.
        * Make ldns_resolver_nameservers_randomize() more random.
        * bugfix #310: POSIX specifies NULL second argument of gettimeofday.
        * fix compiler warnings from llvm clang compiler.
        * bugfix #309: ldns_pkt_clone did not clone the tsig_rr.
        * Fix gentoo ebuild for drill, 'no m4 directory'.
        * bugfix #313: drill trace on an empty nonterminal continuation.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Thu Feb 4 17:02:02 2010 UTC (14 years, 10 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +4 -4 lines
ldns-1.6.4 from PR 42675:

        * Bugfix: parse PTR target of .tomhendrikx.nl with error not
          crash.  * Bugfix: handle escaped characters in TXT rdata.
        * bug292: no longer crash on malformed domain names where a
          label is on position 255, which was a buffer overflow by one.
        * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy
          change), which fixes resolv.conf reading badly terminated string
          buffers.
        * Fix ldns_pkt_set_random_id to be more random, and a little
          faster, it did not do value 0 statistically correctly.
        * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to
          zeroes, for portability.
        * bug295: nsec3-hash routine no longer case sensitive.
        * bug298: drill failed nsec3 denial of existence proof.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Sun Dec 6 15:29:36 2009 UTC (15 years ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +4 -5 lines
Update to 1.6.3, provided by Fredrik Pettai in PR 42333:

1.6.3	2009-12-04
	* Bugfix: allow for unknown resource records in zonefile with rdlen=0.
	* Bugfix: also mark an RR as question if it comes from the wire
	* Bugfix: NSEC3 bitmap contained NSEC
	* Bugfix: Inherit class when creating signatures

1.6.2	2009-11-12
	* Fix Makefile patch from Havard Eidnes, better install.sh usage.
	* Fix parse error on SOA serial of 2910532839.
	  Fix print of ';' and readback of '\;' in names, also for '\\'.
	  Fix parse of '\(' and '\)' in names.  Also for file read. Also '\.'
	* Fix signature creation when TTLs are different for RRs in RRset.
	* bug273: fix so EDNS rdata is included in pkt to wire conversion.
	* bug274: fix use of c++ keyword 'class' for RR class in the code.
	* bug275: fix memory leak of packet edns rdata.
	* Fix timeout procedure for TCP and AXFR on Solaris.
	* Fix occasional NSEC bitmap bogus
	* Fix rr comparing (was in reversed order since 1.6.0)
	* bug278: fix parsing HINFO rdata (and other cases).
	* Fix previous owner name: also pick up if owner name is @.
	* RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher.
      Reason for this default is the root to be signed with RSASHA256.
	* Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines
	* Fix: Make ldns_dname_is_subdomain case insensitive.
	* Fix ldns-verify-zone so that address records at zone NS set are not considered glue
		(Or glue records fall below delegation)
    * Fix LOC RR altitude printing.
	* Feature: Added period (e.g. '3m6d') support at explicit TTLs.
    * Feature: DNSKEY rrset by default signed with minimal signatures
		but -A option for ldns-signzone to sign it with all keys.
		This makes the DNSKEY responses smaller for signed domains.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Tue Aug 18 12:48:04 2009 UTC (15 years, 3 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +5 -5 lines
Update from version 1.5.1 to 1.6.1.

Pkgsrc changes:
 o Adjust the patch to Makefile.in to match, and make sure to use
   ./install-sh with the "-c" option, to ensure we can reinstall
   after an install + deinstall.
 o Fix PLIST issues (a few more than in the PR mentioned below).

Should fix PR pkg/41868.

Upstream changes:

1.6.1   2009-09-14
	* --enable-gost : use the GOST algorithm (experimental).
	* Added some missing options to drill manpage
	* Some fixes to --without-ssl option
	* Fixed quote parsing withing strings
	* Bitmask fix in EDNS handling
	* Fixed non-fqdn domain name completion for rdata field domain
	  names of length 1
	* Fixed chain validation with SHA256 DS records

1.6.0
	Additions:
	* Addition of an ldns-config script which gives cflags and libs
	  values, for use in configure scripts for applications that use
	  use ldns. Can be disabled with ./configure --disable-ldns-config
	* Added direct sha1, sha256, and sha512 support in ldns.
	  With these functions, all NSEC3 functionality can still be
	  used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
	  Steve Reid, and Aaron D. Gifford for the code.
	* Added reading/writing support for the SPF Resource Record
	* Base32 functions are now exported
	Bugfixes:
	* ldns_is_rrset did not go through the complete rrset, but
	  only compared the first two records. Thanks to Olafur
	  Gudmundsson for report and patch
	* Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
	  thanks to Marius Rieder for finding an patching this.
	* --without-ssl should now work. Make sure that examples/ and
	  drill also get the --without-ssl flag on their configure, if
	  this is used.
	* Some malloc() return value checks have been added
	* NSEC3 creation has been improved wrt to empty nonterminals,
	  and opt-out.
	* Fixed a bug in the parser when reading large NSEC3 salt
	  values.
	* Made the allowed length for domain names on wire
	  and presentation format the same.
	Example tools:
	* ldns-key2ds can now also generate DS records for keys without
	  the SEP flag
	* ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
	  the first non-default DNSKEY TTL value it sees)

Revision 1.3: download - view: text, markup, annotated - select for diffs
Thu Jun 25 11:34:37 2009 UTC (15 years, 5 months ago) by he
Branches: MAIN
CVS tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +4 -4 lines
Update from version 1.4.0nb1 to 1.5.1.

OK'ed by wiz@

Pkgsrc changes:
 o Explicitly mark dependency on openssl >= 0.9.7, should fix PR#41633

Upstream changes:

1.5.1
	Example tools:
	* ldns-signzone was broken in 1.5.0 for multiple keys, this
          has been repaired

	Build system:
        * Removed a small erroneous output warning in
          examples/configure and drill/configure

1.5.0
	Bug fixes:
	* fixed a possible memory overflow in the RR parser
	* build flag fix for Sun Studio
	* fixed a building race condition in the copying of header
	  files
	* EDNS0 extended rcode; the correct assembled code number
	  is now printed (still in the EDNS0 field, though)
	* ldns_pkt_rr no longer leaks memory (in fact, it no longer
	  copies anything all)

	API addition:
	* ldns_key now has support for 'external' data, in which
	  case the OpenSSL EVP structures are not used;
	  ldns_key_set_external_key() and ldns_key_external_key()
	* added ldns_key_get_file_base_name() which creates a
	  'default' filename base string for key storage, of the
	  form "K<zone>+<algorithm>+<keytag>"
	* the ldns_dnssec_* family of structures now have deep_free()
	  functions, which also free the ldns_rr's contained in them
	* there is now an ldns_match_wildcard() function, which checks
	  whether a domain name matches a wildcard name
	* ldns_sign_public has been split up; this resulted in the
	  addition of ldns_create_empty_rrsig() and
	  ldns_sign_public_buffer()

	Examples:
	* ldns-signzone can now automatically add DNSKEY records when
	  using an OpenSSL engine, as it already did when using key
	  files
	* added new example tool: ldns-nsec3-hash
	* ldns-dpa can now filter on specific query name and types
	* ldnsd has fixes for the zone name, a fix for the return
          value of recvfrom(), and an memory initialization fix
          (Thanks to Colm MacCárthaigh for the patch)
        * Fixed memory leaks in ldnsd

1.4.1
	Bug fixes:
	* fixed a build issue where ldns lib existence was done too early
	* removed unnecessary check for pcap.h
	* NSEC3 optout flag now correctly printed in string output
	* inttypes.h moved to configured inclusion
	* fixed NSEC3 type bitmaps for empty nonterminals and unsigned
	  delegations

	API addition:
	* for that last fix, we added a new function
	  ldns_dname_add_from() that can clone parts of a dname

Revision 1.2: download - view: text, markup, annotated - select for diffs
Wed Dec 17 17:52:33 2008 UTC (15 years, 11 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +4 -4 lines
Update to ldns-1.4.0:
- better TCP fallback, improved TSIG support
- namespace cleanup
- bugfixes

Require the new version and switch to normal runtime dependencies as it
is normally linked dynamically.

Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue Jul 22 08:29:06 2008 UTC (16 years, 4 months ago) by he
Branches: TNF
CVS tags: pkgsrc-base, pkgsrc-2008Q3-base, pkgsrc-2008Q3, cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
Import ldns version 1.3.0 from NLnet Labs.

The goal of ldns is to simplify DNS programming, it supports recent
RFCs like the DNSSEC documents, and allows developers to easily
create software conforming to current RFCs, and experimental software
for current Internet Drafts. A secondary benefit of using ldns is
speed; ldns is written in C it should be a lot faster than Perl.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue Jul 22 08:29:06 2008 UTC (16 years, 4 months ago) by he
Branches: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>