Lines Matching +full:- +full:- +full:fix +full:- +full:missing

1 1.8.3	2022-08-15
6 * Fix for syntax error in pyldns
8 1.8.2 2022-08-12
11 * bugfix #149: Add some missing [out] annotations to doxygen
13 * Fix build error on Solaris 10 with inet_ntop redeclaration error.
14 * Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan
24 * bugfix #145: ldns-verify-zone should not call occluded records
27 1.8.1 2021-12-03
28 * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
30 * Undo PR#123 fix ldns.pc installation when building out-of-source
33 1.8.0 2021-11-26
36 * bugfix: Revert unused variables in ldns-config removal patch.
37 * bugfix #50: heap Out-of-bound Read vulnerability in
39 * bugfix #51: Heap Out-of-bound Read vulnerability in
41 * Fix memory leak in examples/ldns-testns handle_tcp routine.
43 * Fix compile warning by variable initialisation for older gcc.
44 * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
46 * Fix for #93: fix packaging/libldns.pc Makefile rule.
47 * ZONEMD support in ldns-signzone and ldns-verify-zone
48 * ldns-testns can answer several queries over one tcp connection,
50 * Fix so that ldns-testns does not leak sockets if the read fails.
52 Enable with --enable-rrtype-svcb-https.
56 record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
61 * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
63 * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
65 * Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
69 * Option to ldns-keygen to create symlinks with known names
72 * Fix #121: Correct handling of centimetres by LOC parser.
76 * PR #127: Added option -Q to drill to give short answer.
81 * PR #108: Fix for ldns-compare-zones net detecting when first zone
84 * Fix #131: Drill sig chasing breaks with gcc-11 and
85 strict-aliasing. Thanks Stanislav Levin
86 * Fix #130: Unless $TLL is defined, ttl defaults to the last
88 * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
89 * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
91 * Let ldns-signzone warn for high NSEC3 iteration counts.
94 1.7.1 2019-07-26
99 * bugfix #4155: ldns-config contains never used variables
101 * bugfix #4221: drill -x crashes with malformed IPv4 address
109 * bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232)
111 * bugfix #1256: Check parse limit before t increment (CVE-2017-1000231)
114 ldns-verify-zone. Thanks Emil Natan.
115 * ldns-notify can use all supported hash algorithms with -y.
125 * ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
126 and fix memory leak with more EDNS sections
131 OpenSSL. Disable with --disable-ed25519 and --disable-ed448.
132 * ldns-notify: can have IPv6 address as argument.
133 * Fix time sensitive TSIG compare vulnerability.
134 * Fix that ldns-testns ignores sigpipe.
135 * Fix that ldns-notify sets the query RR as question RR, this
137 * Allow -T flag to be used together with drill -x
140 * bugfix #4248: drill -DT fails for CNAME domain
144 * Feature #3394: An -I option to ldns-notify to specify a source
148 that return -1 on failure and allow socket number 0
151 ldns-verify-zone. Thanks Stephane Guedon
152 * OpenSSL engine support with ldns-signzone.
153 See also https://penzin.net/ldns-signzone/
157 * PR #36 Update manpage of ldns-notify to mention algorithm
161 * Missing Makefile.PL in DNS-LDNS perl module contribution.
164 1.7.0 2016-12-20
165 * Fix lookup of relative names in ldns_resolver_search.
168 * Fix #551 change Regent to Copyright holder in BSD license in
171 * -e option makes ldns-compare-zones exit with status code 2 on difference
172 * Filter out specified RR types with ldns-read-zone -e and -E options
174 * bugfix #562: ldns-keygen match DSA key maximum size with library.
176 * ldns-verify-zone accepts only one single zonefile as argument.
177 * bugfix #573: ldns-keygen write private keys with mode 0600.
179 * Fix configure to make ldns compile with LibreSSL 2.0
180 * drill now also accepts dig style -y option
181 (-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
182 * OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
185 --enable-rrtype-cds configure option removed
186 * fix: Memory leak in ldns_pkt_rr_list_by_name()
188 * fix: Memory leak in ldns_dname2buffer_wire_compress()
193 * Let ldns-keygen output .ds files only for KSK keys
195 * Let ldns-dane use SPKI as the default selector i.s.o. Cert
200 * bugfix #697: Double free with ldns-dane create
208 * bugfix #584: ldns-update fixes. Send update to port 53, bring manpage
214 * bugfix: ldns-dane manpage correction
219 * Fix ECDSA signature generation, do not omit leading zeroes.
220 * bugfix: Get rid of superfluous newline in ldns-keyfetcher
221 Thanks Jan-Piet Mens
222 * bugfix: -U option to ldns-signzone to sign with every algorithm
226 * bugfix #725: allow RR-types on the type bitmap window border
236 * Fix _answerfrom comment in ldns_struct_pkt.
237 * Fix drill axfr ipv4/ipv6 queries.
238 * Fix comment referring to mk_query in packet.h to pkt_query_new.
239 * Fix description of QR flag in packet.h.
240 * Fix for openssl 1.1.0 API changes.
242 * bugfix #641: Include install-sh in .gitignore
245 * bugfix #796 - #792: Fix miscellaneous compiler warning issues.
255 would overflow. Thanks Jan-Piet Mens.
256 * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
263 disabled with --disable-dane-ta-usage).
267 * Fix crash in displaying TLSA RR's.
269 * Update ldns-key2ds man page to mention GOST and SHA384 hash
274 * bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
276 * --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0
279 1.6.17 2014-01-10
280 * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
282 * Add --disable-dane option to configure and check availability of the
284 * bugfix #490: Get rid of type-punned pointer warnings.
288 * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
290 * Bind to source address for resolvers. drill binds to source with -I.
292 * -T option for ldns-dane that has specific exit status for PKIX
294 * Fix b{32,64}_{ntop,pton} detection and handling.
299 * -u and -U parameter for ldns-read-zone to mark/unmark a RR type
305 * Use SNI with ldns-dane
306 * bugfix #507: ldnsx Fix use of non-existent variables and not
312 * Fix memory leak in contrib/python: ldns_pkt.new_query.
313 * Fix buffer overflow in fget_token and bget_token.
314 * ldns-verify-zone NSEC3 checking from quadratic to linear performance.
316 * ldns-dane setup new ssl session for each new connect to prevent hangs
317 * bugfix #521: drill trace continue on empty non-terminals with NSEC3
318 * bugfix #525: Fix documentation of ldns_resolver_set_retry
320 * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
321 * Configure option to build perl bindings: --with-p5-dns-ldns
323 * bugfix #527: Move -lssl before -lcrypto when linking
327 * A separate --enable for each draft RR type: --enable-rrtype-ninfo,
328 --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
329 --enable-rrtype-ta
334 * Messages to stderr are now off by default and can be re-enabled with
335 the --enable-stderr-msgs configure option.
337 1.6.16 2012-11-13
338 * Fix Makefile to build pyldns with BSD make
339 * Fix typo in exporting b32_* symbols to make pyldns load again
340 * Allow leaving the RR owner name empty in ldns-testns datafiles.
341 * Fix fail to create NSEC3 bitmap for empty non-terminal (bug
344 1.6.15 2012-10-25
348 1.6.14 2012-10-23
349 * DANE support (RFC6698), including ldns-dane example tool.
350 * Configurable default CA certificate repository for ldns-dane with
351 --with-ca-file=CAFILE and --with-ca-path=CAPATH
352 * Configurable default trust anchor with --with-trust-anchor=FILE
353 for drill, ldns-verify-zone and ldns-dane
355 * bugfix #473: Dead code removal and resource leak fix in drill
358 * ldns-notify TSIG option argument checking
362 * Make buffer_export comply to documentation and fix buffer2str
369 * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
370 * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
371 * pyldns memory handling fixes and the python3/ldns-signzone.py
379 * New -0 option for ldns-read-zone to replace inception, expiration
381 * New -p option for ldns-read-zone to prepend-pad SOA serial to take
385 1.6.13 2012-05-21
386 * New -S option for ldns-verify-zone to chase signatures online.
387 * New -k option for ldns-verify-zone to validate using a trusted key.
388 * New inception and expiration margin options (-i and -e) to
389 ldns-verify-zone.
393 * fix ldns-verify-zone to allow NSEC3 signatures to come before
395 * Zero the correct flag (opt-out) when creating NSEC3PARAMS.
403 * Fix reading \DDD: Error on values that are outside range (>255).
404 * bugfix #429: fix doxyparse.pl fails on NetBSD because specified
406 * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
407 * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.
410 1.6.12 2012-01-11
411 * bugfix #413: Fix manpage source for srcdir != builddir
413 * Ignore minor version of Private-key-format (so v1.3 may be used)
415 the current time. With ldns-verify-zone the check_time can be set
416 with the -t option.
418 ldns-read-zone has an option -S for updating and manipulating the
423 * Two new options (--with-drill and --with-examples) to the main
426 * Fix days_since_epoch to year_yday calculation on 32bits systems.
428 1.6.11 2011-09-29
429 * bugfix #394: Fix socket leak on errors
430 * bugfix #392: Apex only and percentage checks for ldns-verify-zone
432 * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
433 * Fix python site package path from sitelib to sitearch for pyldns.
434 * Fix python api to support python2 and python3 (thanks Karel Slany).
439 * bugfix #403: Fix heap overflow (thanks David Keeler)
449 * Fix ldns_fetch_valid_domain_keys to search deeper than just one level
454 in comment texts when converting host and/or wire-format data to
467 The ldnsx module is automatically installed when --with-pyldns is
469 --without-pyldnsx option to configure.
470 * bugfix #410: Fix clearing out temporary data on stack in sha2.c
471 * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure.
473 1.6.10 2011-05-31
474 * New example tool added: ldns-gen-zone.
475 * bugfix #359: Serial-arithmetic for the inception and expiration
476 fields of a RRSIG and correctly converting them to broken-out time
478 * bugfix #364: Slight performance increase of ldns-verifyzone.
479 * bugfix #367: Fix to allow glue records with the same name as the
481 * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
482 glue when the zone is opt-out.
493 * bugfix #383: Fix detection of empty nonterminals of multiple labels.
501 * Fix parse buffer overflow for max length domain names.
502 * Fix Makefile for U in environment, since wrong U is more common than
505 1.6.9 2011-03-16
506 * Fix creating NSEC(3) bitmaps: make array size 65536,
508 * Fix printout of escaped binary in TXT records.
514 * fix to compile python wrapper with swig 2.0.2.
515 * Don't fallback to SHA-1 when creating NSEC3 hash with another
519 1.6.8 2011-01-24
520 * Fix ldns zone, so that $TTL definition match RFC 2308.
521 * Fix lots of missing checks on allocation failures and parse of
525 * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
527 * Print correct WHEN in query packet (is not always 1-1-1970)
528 * ldns-test-edns: new example tool that detects EDNS support.
529 * fix ldns_resolver_send without openssl.
531 * bugfix #351: fix udp_send hang if UDP checksum error.
532 * fix set_bit (from NSEC3 sign) patch from Jan Komissar.
534 1.6.7 2010-11-08
542 * Fix drill verify NSEC3 denials.
551 * bugfix: read of RR in unknown syntax with missing fields.
556 * bugfix #333: fix ldns_dname_absolute for name ending with backslash.
558 1.6.6 2010-08-09
559 * Fix ldns_rr_clone to copy question rrs properly.
560 * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone.
561 * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end.
562 * Fix ldns_wire2dname from reading 1 byte beyond end for pointer.
563 * Fix crash using GOST for particular platform configurations.
566 * ldns-signzone checks if public key file is for the right zone.
568 * Fix handling of comments in resolv.conf parse.
571 * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of
573 * Fix ldns_dname_cat: size calculation and handling of realloc().
574 * Fix ldns_rr_pop_rdf: fix handling of realloc().
575 * Fix ldns-signzone for single type key scheme: sign whole zone if there
577 * Fix ldns_resolver: also close socket if AXFR failed (if you don't,
579 * Fix drill: allow for a secure trace if you use DS records as trust
582 1.6.5 2010-06-15
584 * Fix segfault when ip6 ldns resolver only has ip4 servers.
585 * Fix NSEC record after DNSKEY at zone apex not properly signed.
586 * Fix syntax error if last label too long and no dot at end of domain.
587 * Fix parse of \# syntax with space for type LOC.
588 * Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
590 * bugfix #299: added missing declarations to host2str.h
591 * ldns-compare-zones -s to not exclude SOA record from comparison.
592 * --disable-rpath fix
593 * fix ldns_pkt_empty(), reported by Alex Nicoll.
594 * fix ldns_resolver_new_frm_fp not ignore lines after a comment.
596 * Fix ldns_dnssec_verify_denial: the signature selection routine.
597 * Type TALINK parsed (draft-ietf-dnsop-trust-history).
610 * A ldns resolver now defaults to a non-recursive resolver that handles
617 * fix compiler warnings from llvm clang compiler.
619 * Fix gentoo ebuild for drill, 'no m4 directory'.
622 1.6.4 2010-01-20
632 * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
634 * Fix ldns_pkt_set_random_id to be more random, and a little faster,
636 * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
638 * bug295: nsec3-hash routine no longer case sensitive.
641 1.6.3 2009-12-04
647 1.6.2 2009-11-12
648 * Fix Makefile patch from Havard Eidnes, better install.sh usage.
649 * Fix parse error on SOA serial of 2910532839.
650 Fix print of ';' and readback of '\;' in names, also for '\\'.
651 Fix parse of '\(' and '\)' in names. Also for file read. Also '\.'
652 * Fix signature creation when TTLs are different for RRs in RRset.
653 * bug273: fix so EDNS rdata is included in pkt to wire conversion.
654 * bug274: fix use of c++ keyword 'class' for RR class in the code.
655 * bug275: fix memory leak of packet edns rdata.
656 * Fix timeout procedure for TCP and AXFR on Solaris.
657 * Fix occasional NSEC bitmap bogus
658 * Fix rr comparing (was in reversed order since 1.6.0)
659 * bug278: fix parsing HINFO rdata (and other cases).
660 * Fix previous owner name: also pick up if owner name is @.
663 * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines
664 * Fix: Make ldns_dname_is_subdomain case insensitive.
665 * Fix ldns-verify-zone so that address records at zone NS set are not considered glue
667 * Fix LOC RR altitude printing.
670 but -A option for ldns-signzone to sign it with all keys.
673 1.6.1 2009-09-14
674 * --enable-gost : use the GOST algorithm (experimental).
675 * Added some missing options to drill manpage
676 * Some fixes to --without-ssl option
678 * Bitmask fix in EDNS handling
679 * Fixed non-fqdn domain name completion for rdata field domain
685 * Addition of an ldns-config script which gives cflags and libs
687 use ldns. Can be disabled with ./configure --disable-ldns-config
700 * --without-ssl should now work. Make sure that examples/ and
701 drill also get the --without-ssl flag on their configure, if
705 and opt-out.
711 * ldns-key2ds can now also generate DS records for keys without
713 * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
714 the first non-default DNSKEY TTL value it sees)
718 * ldns-signzone was broken in 1.5.0 for multiple keys, this
728 * build flag fix for Sun Studio
752 * ldns-signzone can now automatically add DNSKEY records when
755 * added new example tool: ldns-nsec3-hash
756 * ldns-dpa can now filter on specific query name and types
757 * ldnsd has fixes for the zone name, a fix for the return
758 value of recvfrom(), and an memory initialization fix
774 * for that last fix, we added a new function
779 * sig chase return code fix (patch from Rafael Justo, bug id 189)
784 * ldns-zsplit output and error messages fixed (patch from Shane Kerr,
797 - ldns_rr_type2str
798 - ldns_rr_class2str
799 - ldns_rr_type2buffer_str
800 - ldns_rr_class2buffer_str
803 * ldns_rr_new_frm_str() now returns an error on missing RDATA fields.
812 * HMAC-SHA256 TSIG support has been added.
816 * New example: ldns-revoke to revoke DNSKEYs according to RFC5011
817 * ldns-testpkts has been fixed and updated
818 * ldns-signzone now has the option to not add the DNSKEY
819 * ldns-signzone now has an (full zone only) opt-out option for
821 * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys
822 * ldns-walk output has been fixed
823 * ldns-compare-zones has been fixed, and now has an option
824 to show all differences (-a)
825 * ldns-read-zone now has an option to print DNSSEC records only
848 draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not
850 enabled at compilation time with the flag --with-sha2
866 * Added ldns-verify-zone, that can verify the internal DNSSEC records
867 of a signed BIND-style zone file
869 * ldns-keygen now takes an -a argument specifying the algorithm,
870 instead of -R or -D. -a list show a list of supported algorithms
872 * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3
875 * ldns-signzone now has support for HSMs
876 * ldns-signzone uses the new ldns_dnssec_ structures and functions
886 * Added support for HMAC-MD5 keys in generator
887 * Added a new example tool (written by Ondrej Sury): ldns-compare-zones
888 * ldns-keygen now checks key sizes for rfc conformance
889 * ldns-signzone outputs SSL error if present
891 * Fixed Makefile for -j <x>
893 * Fixed another off-by-one error
897 * Fixed ldns-read-zone exit code
899 * Fixed ldns-key2ds -2 argument
909 * ldns-walk now support dnames with maximum label length
914 * added ldns-testpkts fake packet server
915 * added ldns-notify to send NOTIFY packets
916 * ldns-dpa can now accurately calculate the number of matches per
920 - TSIG signing buffer size
921 - resolv.conf reading (comments)
922 - dname comparison off by one error
923 - typo in keyfetchers output file name fixed (a . too much)
924 - fixed zone file parser when comments contain ( or )
925 - fixed LOC RR type
926 - fixed CERT RR type
930 * drill now accepts mangled packets with -f
931 * old -c option (use tcp) changed to -t
932 * -c option to specify alternative resolv.conf file added
937 - wildcard on multiple labels signature verification
938 - error in -f packet writing for malformed packets
939 - made KSK check more resilient
941 7 Jul 2006: 1.1.0: ldns-team
953 * OpenSSL was made optional, configure --without-ssl.
957 * Preliminary sha-256 support was added. Currently is your
963 * -r was killed in favor of -o <header bit mnemonic> which
972 * -x does a reverse lookup for the given IP address
975 * ldns-dpa was added to the examples - this is the Dns Packet
977 * ldnsd - as very, very simple nameserver impl.
978 * ldns-zsplit - split zones for parallel signing
979 * ldns-zcat - cat split zones back together
980 * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
981 non-DNSSEC) anti-spoofing techniques.
982 * ldns-walk - 'Walks' a DNSSEC signed zone
983 * Added an all-static target to the makefile so you can use examples
986 the build dir, configure does not need --with-ldns=../ anymore
1037 18 Oct 2005: 1.0.0: ldns-team
1046 * [tools] Drill was added to ldns - see drill/
1054 28 Jul 2005: 0.70: ldns-team
1061 20 Jun 2005: 0.66: ldns-team
1062 Rel. Focus: drill-pre2 uses some functions which are
1068 13 Jun 2005: 0.65: ldns-team
1078 23 May 2005: 0.60: ldns-team
1082 - DNSSEC signing/verification works
1083 - Assorted bug fixes and tweaks (memory management)
1085 May 2005: 0.50: ldns-team