Changelog for
perl-DNS-LDNS-1.8.3-2.0.2.1.sr20240702.x86_64.rpm :
* Wed Jul 10 2024 Martin Jambor
- Added ldns-swig-4.2.patch and ldns-swig-32bit.patch in order to avoid C99 viloations which are compile time errors by default with GCC 14. [boo#1225794]
* Fri Sep 02 2022 Michael Ströder - use HTTPS URLs for URL and Source
* Mon Aug 15 2022 Michael Ströder - new version 1.8.3 + 1.8.3 2022-08-15
* bugfix #183: Assertion failure with OPT record without rdata. This caused packet creation with only a DO bit (for DNSSEC OK) to crash.
* Fix for syntax error in pyldns + 1.8.2 2022-08-12
* bugfix #147: Allow for tabs in whitespace before quoted rdata fields.
* bugfix #149: Add some missing [out] annotations to doxygen parameters.
* Fix build error on Solaris 10 with inet_ntop redeclaration error.
* Fix -U flag with ldns-signzone.
* Enable compile of SVCB and HTTPS support by default.
* bugfix #179: Free line memory even if zone file parsing fails
* bugfix #166: Grow buffer when writing chars and fixed size strings when converting to presentation format, preventing potential assersion errors.
* bugfix #46: Print network errors when secure tracing.
* EDNS0 Option handling and conversion into presentation format.
* bugfix #145: ldns-verify-zone should not call occluded records glue.
* Fri Dec 03 2021 Michael Ströder - new version 1.8.1 + 1.8.1 2021-12-03
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname needs to larger.
* Undo PR#123 fix ldns.pc installation when building out-of-source + 1.8.0 2021-11-26
* bugfix #38: Print \"line\" before line number when printing zone parse errors. Thanks Petr Špaček.
* bugfix: Revert unused variables in ldns-config removal patch.
* bugfix #50: heap Out-of-bound Read vulnerability in rr_frm_str_internal reported by pokerfacett. (bsc#1195057, CVE-2020-19860)
* bugfix #51: Heap Out-of-bound Read vulnerability in ldns_nsec3_salt_data reported by pokerfacett. (bsc#1195058, CVE-2020-19861)
* Fix memory leak in examples/ldns-testns handle_tcp routine.
* Detect fixed time memory compare for openssl 0.9.8.
* Fix compile warning by variable initialisation for older gcc.
* Fix #92: ldns-testns.c:429:15: error: \'fork\' is unavailable: not available on tvOS.
* Fix for #93: fix packaging/libldns.pc Makefile rule.
* ZONEMD support in ldns-signzone and ldns-verify-zone
* ldns-testns can answer several queries over one tcp connection, if they arrive within 100msec of each other.
* Fix so that ldns-testns does not leak sockets if the read fails.
* SVCB and HTTPS draft rrtypes. Enable with --enable-rrtype-svcb-https.
* bugfix #117: Assertion failure with DNSSEC validating of non existence of RR types at the root. Thanks ZjYwMj
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
* bugfix #119: Let example tools read longer RR\'s than LDNS_MAX_LINELEN
* Add SVCPARAMS to python ldns_rdf_type2str function.
* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return the $INCLUDE not implemented error.
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line number for an empty line after a comment.
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname compression optional when converting packets to wire format. Thanks Eli Lindsey
* Option to ldns-keygen to create symlinks with known names (i.e. without the key id) to the created files. Thanks Andreas Schulze
* Fix #121: Correct handling of centimetres by LOC parser. Thanks Felipe Gasper
* PR #126: Link with libldns.la in Makefile.in. Thanks orbea
* PR #127: Addes option -Q to drill to give short answer. Thanks niknah
* PR #133: Update m4 files for python modules. Thanks Petr Menšík
* Bufix CAA value fields may be empty: Thanks Robert Mortimer
* PR #108: Fix for ldns-compare-zones net detecting when first zone has a RRset that shrinks from two to one RRs, or grows from one to two RRs. Thanks Emilio Caballero
* Fix #131: Drill sig chasing breaks with gcc-11 and strict-aliasing. Thanks Stanislav Levin
* Fix #130: Unless $TLL is defined, ttl defaults to the last explicitly stated value. Thanks Benno
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 Thanks Daniel J. Luke
* Let ldns-signzone warn for high NSEC3 iteration counts. Thanks Andreas Schulze
* Tue Aug 06 2019 Ludwig Nussel - new version 1.7.1 https://open.nlnetlabs.nl/pipermail/ldns-users/2019-July/000946.html
* Support for DNSSEC algorithms ED25519 and ED448 when compiled with OpenSSL 1.1.1
* An -I option to ldns-notify to specify a source IP address to send to notify from.
* Complete OpenSSL engine support with ldns-signzone contributed by Vadim Penzin
* security fixes CVE-2017-1000231 (boo#1068711), CVE-2017-1000232 (boo#1068709)
* includes ldns-swig4.0.patch- add keyring and signature
* Fri Jun 07 2019 Dominique Leuenberger - Add ldns-swig4.0.patch: Fix build wih SWIG 4.0 (boo#1135750).
* Mon Jan 08 2018 tchvatalAATTsuse.com- Switch directly to python3 in order for us to proceed with py2 obsoletion for future releases
* Upstream sadly can build only against one of the two
* Thu Nov 16 2017 vcizekAATTsuse.com- disable DANE verification when building with openssl < 1.1 to fix build on distributions that have openssl 1.0.x
* Sun Aug 27 2017 jengelhAATTinai.de- Update descriptions.
* Fri Aug 18 2017 pmonrealgonzalezAATTsuse.com- Update to version 1.7.0
* Ldns built with openssl-1.1.0 [bsc#1042653]
* Fix #551 change Regent to Copyright holder in BSD license in some of the headings of the file, to match the opensource.org BSD license.
* -e option makes ldns-compare-zones exit with status code 2 on difference
* Filter out specified RR types with ldns-read-zone -e and -E options
* bugfix #563: Correct DNSKEY from DSA private key.
* bugfix #562: ldns-keygen match DSA key maximum size with library. And check keysizes with all algorithms.
* ldns-verify-zone accepts only one single zonefile as argument.
* bugfix #573: ldns-keygen write private keys with mode 0600.
* Fix configure to make ldns compile with LibreSSL 2.0
* drill now also accepts dig style -y option (-y <[algo:]name:key> i.s.o. -y )
* OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
* bugfix #608: Correct comment about escaped characters
* CDS and CDNSKEY rr type from RFC 7344. --enable-rrtype-cds configure option removed
* fix: Memory leak in ldns_pkt_rr_list_by_name()
* fix: Memory leak in ldns_dname2buffer_wire_compress()
* bugfix #613: Allow tab as whitespace too in last rdata field of types of variable length.
* bugfix: strip trailing whitespace from $ORIGIN lines in zone files
* Let ldns-keygen output .ds files only for KSK keys
* Parse RFC7218 TLSA mnemonics, but do not output them
* Let ldns-dane use SPKI as the default selector i.s.o. Cert
* bugfix: Fit left over NSEC3s once more before adding empty non terminals
* bugfix #605: Determine default trust anchor location at compile time
* bugfix #697: Double free with ldns-dane create
* bugfix #623: Do not redefine bool type and boolean values
* bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
* bugfix #575: ldns_pkt_clone() does not copy timestamp field
* bugfix #584: ldns-update fixes. Send update to port 53, bring manpage in sync with the usage text, and don\'t alter the ldns_resolver passed to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone() function in the process.
* bugfix #633: ldns_pkt_clone() parameter isn\'t const.
* bugfix: ldns-dane manpage correction
* RFC7553 RR Type URI is supported by default.
* Fix ECDSA signature generation, do not omit leading zeroes.
* bugfix: Get rid of superfluous newline in ldns-keyfetcher
* bugfix: -U option to ldns-signzone to sign with every algorithm
* const function parameters whenever possible.
* bugfix #725: allow RR-types on the type bitmap window border
* Add type CSYNC support, RFC 7477.
* Prepare for ED25519, ED448 support: todo convert
* routines in dnssec.h, once openssl has support for signing with these algorithms. The dns algorithm number is not yet allocated. These features are not fully implemented yet, openssl (1.1) does not support the algorithms enough to generate keys and sign and verify with them.
* Fix drill axfr ipv4/ipv6 queries.
* Fix for openssl 1.1.0 API changes.
* bugfix #825: Module import breaks with newer SWIG versions.
* bugfix #769: Add support for :: in an IPv6 address
* bugfix #708: warnings and errors with xcode 6.1/7.0
* bugfix #754: Memory leak in ldns_str2rdf_ipseckey
* bugfix #661: Fail NSEC3 signing when NSEC domainname length would overflow.
* bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
* bugfix #680: ldns fails to reject invalidly formatted RFC 7553 URI RRs.
* bugfix #678: Use poll i.s.o. select to support > 1024 fds
* Use OpenSSL DANE functions for verification (unless explicitly disabled with --disable-dane-ta-usage).
* Bumb .so version
* Include OPENPGPKEY RR type by default
* rdata processing for SMIMEA RR type
* Fix crash in displaying TLSA RR\'s.
* Update ldns-key2ds man page to mention GOST and SHA384 hash functions.
* Add sha384 and sha512 tsig algorithm.
* Clarify data ownership with consts for tsig parameters.
* bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
* bugfix #1160: Provide sha256 for release tarballs
* --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0 even when the GOST engine is not available.- Dropped patch ldns-perl-5.22.patch