xref: /freebsd/contrib/ldns/Changelog (revision 5afab0e5e56fe90a378fb57249600e7924e1cab2)
1*5afab0e5SDag-Erling Smørgrav1.8.3	2022-08-15
2*5afab0e5SDag-Erling Smørgrav	* bugfix #183: Assertion failure with OPT record without rdata.
3*5afab0e5SDag-Erling Smørgrav	  This caused packet creation with only a DO bit (for DNSSEC OK)
4*5afab0e5SDag-Erling Smørgrav	  to crash. Thanks Anand Buddhdev and others for reporting this
5*5afab0e5SDag-Erling Smørgrav	  so quickly.
6*5afab0e5SDag-Erling Smørgrav	* Fix for syntax error in pyldns
7*5afab0e5SDag-Erling Smørgrav
8*5afab0e5SDag-Erling Smørgrav1.8.2	2022-08-12
9*5afab0e5SDag-Erling Smørgrav	* bugfix #147: Allow for tabs in whitespace before quoted rdata
10*5afab0e5SDag-Erling Smørgrav	  fields. Thanks Felipe Gasper
11*5afab0e5SDag-Erling Smørgrav	* bugfix #149: Add some missing [out] annotations to doxygen
12*5afab0e5SDag-Erling Smørgrav	  parameters. Thanks aldot.
13*5afab0e5SDag-Erling Smørgrav	* Fix build error on Solaris 10 with inet_ntop redeclaration error.
14*5afab0e5SDag-Erling Smørgrav	* Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan
15*5afab0e5SDag-Erling Smørgrav	* Enable compile of SVCB and HTTPS support by default.
16*5afab0e5SDag-Erling Smørgrav	* bugfix #179: Free line memory even if zone file parsing fails
17*5afab0e5SDag-Erling Smørgrav	  Thanks Claudius Zingerli
18*5afab0e5SDag-Erling Smørgrav	* bugfix #166: Grow buffer when writing chars and fixed size
19*5afab0e5SDag-Erling Smørgrav	  strings when converting to presentation format, preventing
20*5afab0e5SDag-Erling Smørgrav	  potential assersion errors.
21*5afab0e5SDag-Erling Smørgrav	* bugfix #46: Print network errors when secure tracing.
22*5afab0e5SDag-Erling Smørgrav	  Thanks reedjc
23*5afab0e5SDag-Erling Smørgrav	* EDNS0 Option handling and conversion into presentation format.
24*5afab0e5SDag-Erling Smørgrav	* bugfix #145: ldns-verify-zone should not call occluded records
25*5afab0e5SDag-Erling Smørgrav	  glue. Thanks Habbie
26*5afab0e5SDag-Erling Smørgrav
27*5afab0e5SDag-Erling Smørgrav1.8.1	2021-12-03
28*5afab0e5SDag-Erling Smørgrav	* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
29*5afab0e5SDag-Erling Smørgrav	  needs to larger. Thanks Leah Neukirchen & Felipe Gasper
30*5afab0e5SDag-Erling Smørgrav	* Undo PR#123 fix ldns.pc installation when building out-of-source
31*5afab0e5SDag-Erling Smørgrav	  Thanks Axel Xu
32*5afab0e5SDag-Erling Smørgrav
33*5afab0e5SDag-Erling Smørgrav1.8.0	2021-11-26
34*5afab0e5SDag-Erling Smørgrav	* bugfix #38: Print "line" before line number when printing
35*5afab0e5SDag-Erling Smørgrav	  zone parse errors. Thanks Petr Špaček.
36*5afab0e5SDag-Erling Smørgrav	* bugfix: Revert unused variables in ldns-config removal patch.
37*5afab0e5SDag-Erling Smørgrav	* bugfix #50: heap Out-of-bound Read vulnerability in
38*5afab0e5SDag-Erling Smørgrav	  rr_frm_str_internal reported by pokerfacett.
39*5afab0e5SDag-Erling Smørgrav	* bugfix #51: Heap Out-of-bound Read vulnerability in
40*5afab0e5SDag-Erling Smørgrav	  ldns_nsec3_salt_data reported by pokerfacett.
41*5afab0e5SDag-Erling Smørgrav	* Fix memory leak in examples/ldns-testns handle_tcp routine.
42*5afab0e5SDag-Erling Smørgrav	* Detect fixed time memory compare for openssl 0.9.8.
43*5afab0e5SDag-Erling Smørgrav	* Fix compile warning by variable initialisation for older gcc.
44*5afab0e5SDag-Erling Smørgrav	* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
45*5afab0e5SDag-Erling Smørgrav	  available on tvOS.
46*5afab0e5SDag-Erling Smørgrav	* Fix for #93: fix packaging/libldns.pc Makefile rule.
47*5afab0e5SDag-Erling Smørgrav	* ZONEMD support in ldns-signzone and ldns-verify-zone
48*5afab0e5SDag-Erling Smørgrav	* ldns-testns can answer several queries over one tcp connection,
49*5afab0e5SDag-Erling Smørgrav	  if they arrive within 100msec of each other.
50*5afab0e5SDag-Erling Smørgrav	* Fix so that ldns-testns does not leak sockets if the read fails.
51*5afab0e5SDag-Erling Smørgrav	* SVCB and HTTPS draft rrtypes.
52*5afab0e5SDag-Erling Smørgrav	  Enable with --enable-rrtype-svcb-https.
53*5afab0e5SDag-Erling Smørgrav	* bugfix #117: Assertion failure with DNSSEC validating of
54*5afab0e5SDag-Erling Smørgrav	  non existence of RR types at the root.  Thanks ZjYwMj
55*5afab0e5SDag-Erling Smørgrav	* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
56*5afab0e5SDag-Erling Smørgrav	  record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
57*5afab0e5SDag-Erling Smørgrav	* bugfix #119: Let example tools read longer RR's than
58*5afab0e5SDag-Erling Smørgrav	  LDNS_MAX_LINELEN
59*5afab0e5SDag-Erling Smørgrav	* Add SVCPARAMS to python ldns_rdf_type2str function.
60*5afab0e5SDag-Erling Smørgrav	* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
61*5afab0e5SDag-Erling Smørgrav	* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
62*5afab0e5SDag-Erling Smørgrav	  the $INCLUDE not implemented error.
63*5afab0e5SDag-Erling Smørgrav	* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
64*5afab0e5SDag-Erling Smørgrav	  number for an empty line after a comment.
65*5afab0e5SDag-Erling Smørgrav	* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
66*5afab0e5SDag-Erling Smørgrav	* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
67*5afab0e5SDag-Erling Smørgrav	  compression optional when converting packets to wire format.
68*5afab0e5SDag-Erling Smørgrav	  Thanks Eli Lindsey
69*5afab0e5SDag-Erling Smørgrav	* Option to ldns-keygen to create symlinks with known names
70*5afab0e5SDag-Erling Smørgrav	  (i.e. without the key id) to the created files.
71*5afab0e5SDag-Erling Smørgrav	  Thanks Andreas Schulze
72*5afab0e5SDag-Erling Smørgrav	* Fix #121: Correct handling of centimetres by LOC parser.
73*5afab0e5SDag-Erling Smørgrav	  Thanks Felipe Gasper
74*5afab0e5SDag-Erling Smørgrav	* PR #126: Link with libldns.la in Makefile.in.
75*5afab0e5SDag-Erling Smørgrav	  Thanks orbea
76*5afab0e5SDag-Erling Smørgrav	* PR #127: Added option -Q to drill to give short answer.
77*5afab0e5SDag-Erling Smørgrav	  Thanks niknah
78*5afab0e5SDag-Erling Smørgrav	* PR #133: Update m4 files for python modules.
79*5afab0e5SDag-Erling Smørgrav	  Thanks Petr Menšík
80*5afab0e5SDag-Erling Smørgrav	* Bufix CAA value fields may be empty: Thanks Robert Mortimer
81*5afab0e5SDag-Erling Smørgrav	* PR #108: Fix for ldns-compare-zones net detecting when first zone
82*5afab0e5SDag-Erling Smørgrav	  has a RRset that shrinks from two to one RRs, or grows from one
83*5afab0e5SDag-Erling Smørgrav	  to two RRs. Thanks Emilio Caballero
84*5afab0e5SDag-Erling Smørgrav	* Fix #131: Drill sig chasing breaks with gcc-11 and
85*5afab0e5SDag-Erling Smørgrav	  strict-aliasing. Thanks Stanislav Levin
86*5afab0e5SDag-Erling Smørgrav	* Fix #130: Unless $TLL is defined, ttl defaults to the last
87*5afab0e5SDag-Erling Smørgrav	  explicitly stated value. Thanks Benno
88*5afab0e5SDag-Erling Smørgrav	* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
89*5afab0e5SDag-Erling Smørgrav	* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
90*5afab0e5SDag-Erling Smørgrav	  Thanks Daniel J. Luke
91*5afab0e5SDag-Erling Smørgrav	* Let ldns-signzone warn for high NSEC3 iteration counts.
92*5afab0e5SDag-Erling Smørgrav	  Thanks Andreas Schulze
93*5afab0e5SDag-Erling Smørgrav
94*5afab0e5SDag-Erling Smørgrav1.7.1	2019-07-26
95*5afab0e5SDag-Erling Smørgrav	* bugfix: Manage verification paths for OpenSSL >= 1.1.0
96*5afab0e5SDag-Erling Smørgrav	  Thanks Marco Davids
97*5afab0e5SDag-Erling Smørgrav	* bugfix #4106: find the SDK on MacOS X <= 10.6
98*5afab0e5SDag-Erling Smørgrav	  Thanks Bill Cole
99*5afab0e5SDag-Erling Smørgrav	* bugfix #4155: ldns-config contains never used variables
100*5afab0e5SDag-Erling Smørgrav	  Thanks Petr Menšík
101*5afab0e5SDag-Erling Smørgrav	* bugfix #4221: drill -x crashes with malformed IPv4 address
102*5afab0e5SDag-Erling Smørgrav	  Thanks Oleksandr Tymoshenko
103*5afab0e5SDag-Erling Smørgrav	* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
104*5afab0e5SDag-Erling Smørgrav	  Thanks Tony Finch
105*5afab0e5SDag-Erling Smørgrav	* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
106*5afab0e5SDag-Erling Smørgrav	  Thanks Bill Parker
107*5afab0e5SDag-Erling Smørgrav	* bugfix #1260: Anticipate strchr returning NULL on unfound char
108*5afab0e5SDag-Erling Smørgrav	  Thanks Stephan Zeisberg
109*5afab0e5SDag-Erling Smørgrav	* bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232)
110*5afab0e5SDag-Erling Smørgrav	  Thanks Stephan Zeisberg
111*5afab0e5SDag-Erling Smørgrav	* bugfix #1256: Check parse limit before t increment (CVE-2017-1000231)
112*5afab0e5SDag-Erling Smørgrav	  Thanks Stephan Zeisberg
113*5afab0e5SDag-Erling Smørgrav	* bugfix #1245: Only one signature per RRset needs to be valid with
114*5afab0e5SDag-Erling Smørgrav	  ldns-verify-zone.  Thanks Emil Natan.
115*5afab0e5SDag-Erling Smørgrav	* ldns-notify can use all supported hash algorithms with -y.
116*5afab0e5SDag-Erling Smørgrav	* bugfix #1209: make install ldns.pc file
117*5afab0e5SDag-Erling Smørgrav	  Thanks Oleksandr Natalenko
118*5afab0e5SDag-Erling Smørgrav	* bugfix #1218: Only chase DS if signer is parent of owner.
119*5afab0e5SDag-Erling Smørgrav	  Thanks Emil Natan
120*5afab0e5SDag-Erling Smørgrav	* bugfix #617: Retry WKS service and protocol names lower case.
121*5afab0e5SDag-Erling Smørgrav	  Thanks Siali Yan
122*5afab0e5SDag-Erling Smørgrav	* Spelling errors in binaries and man pages
123*5afab0e5SDag-Erling Smørgrav	  Thanks Andreas Schulze
124*5afab0e5SDag-Erling Smørgrav	* removed duplicate condition in ldns_udp_send_query.
125*5afab0e5SDag-Erling Smørgrav	* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
126*5afab0e5SDag-Erling Smørgrav	  and fix memory leak with more EDNS sections
127*5afab0e5SDag-Erling Smørgrav	  Thanks Jan Vcelak
128*5afab0e5SDag-Erling Smørgrav	* bugfix #1399: ldns_pkt2wire() Python binding is broken.
129*5afab0e5SDag-Erling Smørgrav	  Thanks James Raftery
130*5afab0e5SDag-Erling Smørgrav	* ED25519 and ED448 support. Default is to autodetect support in
131*5afab0e5SDag-Erling Smørgrav	  OpenSSL.  Disable with --disable-ed25519 and --disable-ed448.
132*5afab0e5SDag-Erling Smørgrav	* ldns-notify: can have IPv6 address as argument.
133*5afab0e5SDag-Erling Smørgrav	* Fix time sensitive TSIG compare vulnerability.
134*5afab0e5SDag-Erling Smørgrav	* Fix that ldns-testns ignores sigpipe.
135*5afab0e5SDag-Erling Smørgrav	* Fix that ldns-notify sets the query RR as question RR, this
136*5afab0e5SDag-Erling Smørgrav	  removes the wrong TTL and 0 rdata from the packet printout.
137*5afab0e5SDag-Erling Smørgrav	* Allow -T flag to be used together with drill -x
138*5afab0e5SDag-Erling Smørgrav	* Python bindings compile with swig 4.0
139*5afab0e5SDag-Erling Smørgrav	  Thanks Jitka Plesníková
140*5afab0e5SDag-Erling Smørgrav	* bugfix #4248: drill -DT fails for CNAME domain
141*5afab0e5SDag-Erling Smørgrav	  Thanks Thom Wiggers
142*5afab0e5SDag-Erling Smørgrav	* bugfix #4214: Various fixes and leaks found by coverity.
143*5afab0e5SDag-Erling Smørgrav	  Thanks Petr Menšík
144*5afab0e5SDag-Erling Smørgrav	* Feature #3394: An -I option to ldns-notify to specify a source
145*5afab0e5SDag-Erling Smørgrav	  IP address to send to notify from.  Thanks Geert Hendrickx
146*5afab0e5SDag-Erling Smørgrav	* Bugfix #279: New API functions ldns_udp_connect2,
147*5afab0e5SDag-Erling Smørgrav	  ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
148*5afab0e5SDag-Erling Smørgrav	  that return -1 on failure and allow socket number 0
149*5afab0e5SDag-Erling Smørgrav	  to be returned too.  Thanks Joerg Sonnenberger
150*5afab0e5SDag-Erling Smørgrav	* Bugfix #1447: More verbose reporting of chasing problems with
151*5afab0e5SDag-Erling Smørgrav	  ldns-verify-zone.  Thanks Stephane Guedon
152*5afab0e5SDag-Erling Smørgrav	* OpenSSL engine support with ldns-signzone.
153*5afab0e5SDag-Erling Smørgrav	  See also https://penzin.net/ldns-signzone/
154*5afab0e5SDag-Erling Smørgrav	  Many thanks Vadim Penzin.
155*5afab0e5SDag-Erling Smørgrav	* Various improvements found with shellcheck.
156*5afab0e5SDag-Erling Smørgrav	  Thanks Jeffrey Walton
157*5afab0e5SDag-Erling Smørgrav	* PR #36 Update manpage of ldns-notify to mention algorithm
158*5afab0e5SDag-Erling Smørgrav	  support with TSIG.  Thanks Anand Buddhdev
159*5afab0e5SDag-Erling Smørgrav	* Compile warnings with signed char input to to_lower()
160*5afab0e5SDag-Erling Smørgrav	  and is_digit() with NetBSD.  Thanks Håvard Eidnes
161*5afab0e5SDag-Erling Smørgrav	* Missing Makefile.PL in DNS-LDNS perl module contribution.
162*5afab0e5SDag-Erling Smørgrav	  Thanks Jaap Akkerhuis
163*5afab0e5SDag-Erling Smørgrav
164986ba33cSDag-Erling Smørgrav1.7.0	2016-12-20
165986ba33cSDag-Erling Smørgrav	* Fix lookup of relative names in ldns_resolver_search.
166986ba33cSDag-Erling Smørgrav	* bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt
167986ba33cSDag-Erling Smørgrav	* Follow CNAME's when tracing with drill (TODO dnssec trace)
168986ba33cSDag-Erling Smørgrav	* Fix #551 change Regent to Copyright holder in BSD license in
169986ba33cSDag-Erling Smørgrav	  some of the headings of the file, to match the opensource.org
170986ba33cSDag-Erling Smørgrav	  BSD license.
171986ba33cSDag-Erling Smørgrav	* -e option makes ldns-compare-zones exit with status code 2 on difference
172986ba33cSDag-Erling Smørgrav	* Filter out specified RR types with ldns-read-zone -e and -E options
173986ba33cSDag-Erling Smørgrav	* bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch.
174986ba33cSDag-Erling Smørgrav	* bugfix #562: ldns-keygen match DSA key maximum size with library.
175986ba33cSDag-Erling Smørgrav	  And check keysizes with all algorithms. Thanks Peter Koch.
176986ba33cSDag-Erling Smørgrav	* ldns-verify-zone accepts only one single zonefile as argument.
177986ba33cSDag-Erling Smørgrav	* bugfix #573: ldns-keygen write private keys with mode 0600.
178986ba33cSDag-Erling Smørgrav	  Thanks Leon Weber
179986ba33cSDag-Erling Smørgrav	* Fix configure to make ldns compile with LibreSSL 2.0
180986ba33cSDag-Erling Smørgrav	* drill now also accepts dig style -y option
181986ba33cSDag-Erling Smørgrav	  (-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
182986ba33cSDag-Erling Smørgrav	* OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
183986ba33cSDag-Erling Smørgrav	* bugfix #608: Correct comment about escaped characters
184986ba33cSDag-Erling Smørgrav	* CDS and CDNSKEY rr type from RFC 7344.
185986ba33cSDag-Erling Smørgrav	  --enable-rrtype-cds configure option removed
186986ba33cSDag-Erling Smørgrav	* fix: Memory leak in ldns_pkt_rr_list_by_name()
187986ba33cSDag-Erling Smørgrav	  Thanks Johannes Naab
188986ba33cSDag-Erling Smørgrav	* fix: Memory leak in ldns_dname2buffer_wire_compress()
189986ba33cSDag-Erling Smørgrav	  Thanks Max Liebkies
190986ba33cSDag-Erling Smørgrav	* bugfix #613: Allow tab as whitespace too in last rdata field of types
191986ba33cSDag-Erling Smørgrav	  of variable length.  Thanks Xiali Yan
192986ba33cSDag-Erling Smørgrav	* bugfix: strip trailing whitespace from $ORIGIN lines in zone files
193986ba33cSDag-Erling Smørgrav	* Let ldns-keygen output .ds files only for KSK keys
194986ba33cSDag-Erling Smørgrav	* Parse RFC7218 TLSA mnemonics, but do not output them
195986ba33cSDag-Erling Smørgrav	* Let ldns-dane use SPKI as the default selector i.s.o. Cert
196986ba33cSDag-Erling Smørgrav	* bugfix: Fit left over NSEC3s once more before adding empty non
197986ba33cSDag-Erling Smørgrav	  terminals.  Thanks Stuart Browne
198986ba33cSDag-Erling Smørgrav	* bugfix #605: Determine default trust anchor location at compile time
199986ba33cSDag-Erling Smørgrav	  Thanks Peter Koch
200986ba33cSDag-Erling Smørgrav	* bugfix #697: Double free with ldns-dane create
201986ba33cSDag-Erling Smørgrav	  Thanks Carsten Strotmann
202986ba33cSDag-Erling Smørgrav	* bugfix #623: Do not redefine bool type and boolean values
203986ba33cSDag-Erling Smørgrav	  Thanks Jakob Petsovits
204986ba33cSDag-Erling Smørgrav	* bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
205986ba33cSDag-Erling Smørgrav	  Thanks Shussain
206986ba33cSDag-Erling Smørgrav	* bugfix #575: ldns_pkt_clone() does not copy timestamp field
207986ba33cSDag-Erling Smørgrav	  Thanks Calle Dybedahl
208986ba33cSDag-Erling Smørgrav	* bugfix #584: ldns-update fixes.  Send update to port 53, bring manpage
209986ba33cSDag-Erling Smørgrav	  in sync with the usage text, and don't alter the ldns_resolver passed
210986ba33cSDag-Erling Smørgrav	  to ldns_update_soa_zone_mname().  Created a ldns_resolver_clone()
211986ba33cSDag-Erling Smørgrav	  function in the process.  Thanks Nicholas Riley.
212986ba33cSDag-Erling Smørgrav	* bugfix #633: ldns_pkt_clone() parameter isn't const.
213986ba33cSDag-Erling Smørgrav	  Thanks Jakop Petsovits
214986ba33cSDag-Erling Smørgrav	* bugfix: ldns-dane manpage correction
215986ba33cSDag-Erling Smørgrav	  Thanks Erwin Lansing
216986ba33cSDag-Erling Smørgrav	* Spelling fixes.  Thanks Andreas Schulze
217986ba33cSDag-Erling Smørgrav	* Hyphen used as minus in manpages.  Thanks Andreas Schulze.
218986ba33cSDag-Erling Smørgrav	* RFC7553 RR Type URI is supported by default.
219986ba33cSDag-Erling Smørgrav	* Fix ECDSA signature generation, do not omit leading zeroes.
220986ba33cSDag-Erling Smørgrav	* bugfix: Get rid of superfluous newline in ldns-keyfetcher
221986ba33cSDag-Erling Smørgrav	  Thanks Jan-Piet Mens
222986ba33cSDag-Erling Smørgrav	* bugfix: -U option to ldns-signzone to sign with every algorithm
223986ba33cSDag-Erling Smørgrav	  Thanks Guido Kroon
224986ba33cSDag-Erling Smørgrav	* const function parameters whenever possible.
225986ba33cSDag-Erling Smørgrav	  Thanks Ray Bellis
226986ba33cSDag-Erling Smørgrav	* bugfix #725: allow RR-types on the type bitmap window border
227986ba33cSDag-Erling Smørgrav	  Thanks Pieter Lexis
228986ba33cSDag-Erling Smørgrav	* bugfix #726: 2 typos in drill manpage.
229986ba33cSDag-Erling Smørgrav	  Thanks Hugo Lombard
230986ba33cSDag-Erling Smørgrav	* Add type CSYNC support, RFC 7477.
231986ba33cSDag-Erling Smørgrav	* Prepare for ED25519, ED448 support: todo convert* routines in
232986ba33cSDag-Erling Smørgrav	  dnssec.h, once openssl has support for signing with these algorithms.
233986ba33cSDag-Erling Smørgrav	  The dns algorithm number is not yet allocated. These features are
234986ba33cSDag-Erling Smørgrav	  not fully implemented yet, openssl (1.1) does not support the
235986ba33cSDag-Erling Smørgrav	  algorithms enough to generate keys and sign and verify with them.
236986ba33cSDag-Erling Smørgrav	* Fix _answerfrom comment in ldns_struct_pkt.
237986ba33cSDag-Erling Smørgrav	* Fix drill axfr ipv4/ipv6 queries.
238986ba33cSDag-Erling Smørgrav	* Fix comment referring to mk_query in packet.h to pkt_query_new.
239986ba33cSDag-Erling Smørgrav	* Fix description of QR flag in packet.h.
240986ba33cSDag-Erling Smørgrav	* Fix for openssl 1.1.0 API changes.
241986ba33cSDag-Erling Smørgrav	* Remove commented out macro.  Thanks Thiago Farina
242986ba33cSDag-Erling Smørgrav	* bugfix #641: Include install-sh in .gitignore
243986ba33cSDag-Erling Smørgrav	* bugfix #825: Module import breaks with newer SWIG versions.
244986ba33cSDag-Erling Smørgrav	  Thanks Christoph Egger
245986ba33cSDag-Erling Smørgrav	* bugfix #796 - #792: Fix miscellaneous compiler warning issues.
246986ba33cSDag-Erling Smørgrav	  Thanks Ngie Cooper
247986ba33cSDag-Erling Smørgrav	* bugfix #769: Add support for :: in an IPv6 address
248986ba33cSDag-Erling Smørgrav	  Thanks Hajimu UMEMOTO
249986ba33cSDag-Erling Smørgrav	* bugfix #760: Detect superfluous text in presentation format
250986ba33cSDag-Erling Smørgrav	  Thanks Xiali Yan
251986ba33cSDag-Erling Smørgrav	* bugfix #708: warnings and errors with xcode 6.1/7.0
252986ba33cSDag-Erling Smørgrav	* bugfix #754: Memory leak in ldns_str2rdf_ipseckey
253986ba33cSDag-Erling Smørgrav	  Thanks Xiali Yan
254986ba33cSDag-Erling Smørgrav	* bugfix #661: Fail NSEC3 signing when NSEC domainname length
255986ba33cSDag-Erling Smørgrav	  would overflow.  Thanks Jan-Piet Mens.
256986ba33cSDag-Erling Smørgrav	* bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
257986ba33cSDag-Erling Smørgrav	  Thanks Harald Jenny
258986ba33cSDag-Erling Smørgrav	* bugfix #680: ldns fails to reject invalidly formatted
259986ba33cSDag-Erling Smørgrav	  RFC 7553 URI RRs.  Thanks Robert Edmonds
260986ba33cSDag-Erling Smørgrav	* bugfix #678: Use poll i.s.o. select to support > 1024 fds
261986ba33cSDag-Erling Smørgrav	  Thanks William King
262986ba33cSDag-Erling Smørgrav	* Use OpenSSL DANE functions for verification (unless explicitly
263986ba33cSDag-Erling Smørgrav	  disabled with --disable-dane-ta-usage).
264*5afab0e5SDag-Erling Smørgrav	* Bump .so version
265986ba33cSDag-Erling Smørgrav	* Include OPENPGPKEY RR type by default
266986ba33cSDag-Erling Smørgrav	* rdata processing for SMIMEA RR type
267986ba33cSDag-Erling Smørgrav	* Fix crash in displaying TLSA RR's.
268986ba33cSDag-Erling Smørgrav	  Thanks Andreas Schulze
269986ba33cSDag-Erling Smørgrav	* Update ldns-key2ds man page to mention GOST and SHA384 hash
270986ba33cSDag-Erling Smørgrav	  functions.  Thanks Harald Jenny
271986ba33cSDag-Erling Smørgrav	* Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser
272986ba33cSDag-Erling Smørgrav	* Clarify data ownership with consts for tsig parameters.
273986ba33cSDag-Erling Smørgrav	  Thanks Michael Weiser
274986ba33cSDag-Erling Smørgrav	* bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
275986ba33cSDag-Erling Smørgrav	* bugfix #1160: Provide sha256 for release tarballs
276986ba33cSDag-Erling Smørgrav	* --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0
277986ba33cSDag-Erling Smørgrav	  even when the GOST engine is not available.
278986ba33cSDag-Erling Smørgrav
27917d15b25SDag-Erling Smørgrav1.6.17	2014-01-10
28017d15b25SDag-Erling Smørgrav	* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
28117d15b25SDag-Erling Smørgrav	  zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
28217d15b25SDag-Erling Smørgrav	* Add --disable-dane option to configure and check availability of the
28317d15b25SDag-Erling Smørgrav	  for dane needed X509_check_ca function in openssl.
28417d15b25SDag-Erling Smørgrav	* bugfix #490: Get rid of type-punned pointer warnings.
28517d15b25SDag-Erling Smørgrav	  Thanks Adam Tkac.
28617d15b25SDag-Erling Smørgrav	* Make sure executables are linked against libcrypto with the
28717d15b25SDag-Erling Smørgrav	  LIBSSL_LDFLAGS. Thanks Leo Baltus.
28817d15b25SDag-Erling Smørgrav	* Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
28917d15b25SDag-Erling Smørgrav	* README now shows preferred way to configure for examples and drill.
29017d15b25SDag-Erling Smørgrav	* Bind to source address for resolvers. drill binds to source with -I.
29117d15b25SDag-Erling Smørgrav	  Thanks Bryan Duff.
29217d15b25SDag-Erling Smørgrav	* -T option for ldns-dane that has specific exit status for PKIX
29317d15b25SDag-Erling Smørgrav	  validated connections without (secure) TLSA records.
29417d15b25SDag-Erling Smørgrav	* Fix b{32,64}_{ntop,pton} detection and handling.
29517d15b25SDag-Erling Smørgrav	* New RR type TKEY, but without operational practice.
29617d15b25SDag-Erling Smørgrav	* New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
29717d15b25SDag-Erling Smørgrav	* New output format flag (and accompanying functions) to print certain
29817d15b25SDag-Erling Smørgrav	  RR's as unknown type
29917d15b25SDag-Erling Smørgrav	* -u and -U parameter for ldns-read-zone to mark/unmark a RR type
30017d15b25SDag-Erling Smørgrav	  for printing as unknown type
30117d15b25SDag-Erling Smørgrav	* bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
30217d15b25SDag-Erling Smørgrav	* bugfix #497: Properly test for EOF when reading key files with drill.
30317d15b25SDag-Erling Smørgrav	* New functions: ldns_pkt_ixfr_request_new and
30417d15b25SDag-Erling Smørgrav	  ldns_pkt_ixfr_request_new_frm_str.
30517d15b25SDag-Erling Smørgrav	* Use SNI with ldns-dane
30617d15b25SDag-Erling Smørgrav	* bugfix #507: ldnsx Fix use of non-existent variables and not
30717d15b25SDag-Erling Smørgrav	  properly referring to instance variable.  Patch from shussain.
30817d15b25SDag-Erling Smørgrav	* bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
30917d15b25SDag-Erling Smørgrav	  dictionary.  Patch from shussain.
31017d15b25SDag-Erling Smørgrav	* bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
31117d15b25SDag-Erling Smørgrav	  file pointer.
31217d15b25SDag-Erling Smørgrav	* Fix memory leak in contrib/python: ldns_pkt.new_query.
31317d15b25SDag-Erling Smørgrav	* Fix buffer overflow in fget_token and bget_token.
31417d15b25SDag-Erling Smørgrav	* ldns-verify-zone NSEC3 checking from quadratic to linear performance.
31517d15b25SDag-Erling Smørgrav	  Thanks NIC MX (nicmexico.mx)
31617d15b25SDag-Erling Smørgrav	* ldns-dane setup new ssl session for each new connect to prevent hangs
31717d15b25SDag-Erling Smørgrav	* bugfix #521: drill trace continue on empty non-terminals with NSEC3
31817d15b25SDag-Erling Smørgrav	* bugfix #525: Fix documentation of ldns_resolver_set_retry
31917d15b25SDag-Erling Smørgrav	* Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
32017d15b25SDag-Erling Smørgrav	* Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
32117d15b25SDag-Erling Smørgrav	* Configure option to build perl bindings: --with-p5-dns-ldns
32217d15b25SDag-Erling Smørgrav	  (DNS::LDNS is a contribution from Erik Ostlyngen)
32317d15b25SDag-Erling Smørgrav	* bugfix #527: Move -lssl before -lcrypto when linking
32417d15b25SDag-Erling Smørgrav	* Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
32517d15b25SDag-Erling Smørgrav	* Compare names case insensitive with ldns_pkt_rr_list_by_name and
32617d15b25SDag-Erling Smørgrav	  ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
32717d15b25SDag-Erling Smørgrav	* A separate --enable for each draft RR type: --enable-rrtype-ninfo,
32817d15b25SDag-Erling Smørgrav	  --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
32917d15b25SDag-Erling Smørgrav	  --enable-rrtype-ta
33017d15b25SDag-Erling Smørgrav	* bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
33117d15b25SDag-Erling Smørgrav	* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
33217d15b25SDag-Erling Smørgrav	* Adjust ldns_sha1() so that the input data is not modified (Thanks
33317d15b25SDag-Erling Smørgrav	  Marc Buijsman)
334*5afab0e5SDag-Erling Smørgrav	* Messages to stderr are now off by default and can be re-enabled with
33517d15b25SDag-Erling Smørgrav	  the --enable-stderr-msgs configure option.
33617d15b25SDag-Erling Smørgrav
3372787e39aSDag-Erling Smørgrav1.6.16	2012-11-13
3382787e39aSDag-Erling Smørgrav	* Fix Makefile to build pyldns with BSD make
3392787e39aSDag-Erling Smørgrav	* Fix typo in exporting b32_* symbols to make pyldns load again
3402787e39aSDag-Erling Smørgrav	* Allow leaving the RR owner name empty in ldns-testns datafiles.
3412787e39aSDag-Erling Smørgrav	* Fix fail to create NSEC3 bitmap for empty non-terminal (bug
3422787e39aSDag-Erling Smørgrav	  introduced in 1.6.14).
3432787e39aSDag-Erling Smørgrav
3442787e39aSDag-Erling Smørgrav1.6.15	2012-10-25
3452787e39aSDag-Erling Smørgrav	* Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns
3462787e39aSDag-Erling Smørgrav	  binary compatible with earlier releases again.
3472787e39aSDag-Erling Smørgrav
3482787e39aSDag-Erling Smørgrav1.6.14	2012-10-23
3492787e39aSDag-Erling Smørgrav	* DANE support (RFC6698), including ldns-dane example tool.
3502787e39aSDag-Erling Smørgrav	* Configurable default CA certificate repository for ldns-dane with
3512787e39aSDag-Erling Smørgrav	  --with-ca-file=CAFILE and --with-ca-path=CAPATH
3522787e39aSDag-Erling Smørgrav	* Configurable default trust anchor with --with-trust-anchor=FILE
3532787e39aSDag-Erling Smørgrav	  for drill, ldns-verify-zone and ldns-dane
3542787e39aSDag-Erling Smørgrav	* bugfix #474: Define socklen_t when undefined (like in Win32)
3552787e39aSDag-Erling Smørgrav	* bugfix #473: Dead code removal and resource leak fix in drill
3562787e39aSDag-Erling Smørgrav	* bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too.
3572787e39aSDag-Erling Smørgrav	* Various bugfixes from code reviews from CZ.NIC and Paul Wouters
3582787e39aSDag-Erling Smørgrav	* ldns-notify TSIG option argument checking
3592787e39aSDag-Erling Smørgrav	* Let ldns_resolver_nameservers_randomize keep nameservers and rtt's
3602787e39aSDag-Erling Smørgrav	  in sync.
3612787e39aSDag-Erling Smørgrav	* Let ldns_pkt_push_rr now return false on (memory) errors.
3622787e39aSDag-Erling Smørgrav	* Make buffer_export comply to documentation and fix buffer2str
363*5afab0e5SDag-Erling Smørgrav	* Various improvements and fixes of pyldns from Karel Slany
3642787e39aSDag-Erling Smørgrav	  now documented in their own Changelog.
3652787e39aSDag-Erling Smørgrav	* bugfix: Make ldns_resolver_pop_nameserver clear the array when
3662787e39aSDag-Erling Smørgrav	  there was only one.
3672787e39aSDag-Erling Smørgrav	* bugfix #459: Remove ldns_symbols and export symbols based on regex
3682787e39aSDag-Erling Smørgrav	* bugfix #458: Track all newly created signatures when signing.
3692787e39aSDag-Erling Smørgrav	* bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
3702787e39aSDag-Erling Smørgrav	* bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
3712787e39aSDag-Erling Smørgrav	* pyldns memory handling fixes and the python3/ldns-signzone.py
3722787e39aSDag-Erling Smørgrav	  examples script contribution from Karel Slany.
3732787e39aSDag-Erling Smørgrav	* bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed
3742787e39aSDag-Erling Smørgrav	  to be bigger (or equal) P in ldns_key_dsa2bin.
3752787e39aSDag-Erling Smørgrav	* bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new.
3762787e39aSDag-Erling Smørgrav	* bugfix #448: Copy nameserver value (in stead of reference) of the
3772787e39aSDag-Erling Smørgrav	  answering nameserver to the answer packet in ldns_send_buffer, so
3782787e39aSDag-Erling Smørgrav	  the original value may be deep freed with the ldns_resolver struct.
3792787e39aSDag-Erling Smørgrav	* New -0 option for ldns-read-zone to replace inception, expiration
3802787e39aSDag-Erling Smørgrav	  and signature rdata fields with (null). Thanks Paul Wouters.
3812787e39aSDag-Erling Smørgrav	* New -p option for ldns-read-zone to prepend-pad SOA serial to take
3822787e39aSDag-Erling Smørgrav	  up ten characters.
3832787e39aSDag-Erling Smørgrav	* Return error if printing RR fails due to unknown/null RDATA.
3842787e39aSDag-Erling Smørgrav
3857b5038d7SDag-Erling Smørgrav1.6.13	2012-05-21
3867b5038d7SDag-Erling Smørgrav	* New -S option for ldns-verify-zone to chase signatures online.
3877b5038d7SDag-Erling Smørgrav	* New -k option for ldns-verify-zone to validate using a trusted key.
3887b5038d7SDag-Erling Smørgrav	* New inception and expiration margin options (-i and -e) to
3897b5038d7SDag-Erling Smørgrav	  ldns-verify-zone.
3907b5038d7SDag-Erling Smørgrav	* New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l
3917b5038d7SDag-Erling Smørgrav	  functions.
3927b5038d7SDag-Erling Smørgrav	* New ldns_duration* functions (copied from OpenDNSSEC source)
3937b5038d7SDag-Erling Smørgrav	* fix ldns-verify-zone to allow NSEC3 signatures to come before
3947b5038d7SDag-Erling Smørgrav	  the NSEC3 RR in all cases. Thanks Wolfgang Nagele.
3957b5038d7SDag-Erling Smørgrav	* Zero the correct flag (opt-out) when creating NSEC3PARAMS.
3967b5038d7SDag-Erling Smørgrav	  Thanks Peter van Dijk.
3977b5038d7SDag-Erling Smørgrav	* Canonicalize RRSIG's Signer's name too when validating, because
3987b5038d7SDag-Erling Smørgrav	  bind and unbound do that too. Thanks Peter van Dijk.
3997b5038d7SDag-Erling Smørgrav	* bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label
4007b5038d7SDag-Erling Smørgrav	* bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free
4017b5038d7SDag-Erling Smørgrav	* bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT
402*5afab0e5SDag-Erling Smørgrav	* bugfix #427: Explicitly link ssl with the programs that use it.
4037b5038d7SDag-Erling Smørgrav	* Fix reading \DDD: Error on values that are outside range (>255).
4047b5038d7SDag-Erling Smørgrav	* bugfix #429: fix doxyparse.pl fails on NetBSD because specified
4057b5038d7SDag-Erling Smørgrav	  path to perl.
4067b5038d7SDag-Erling Smørgrav	* New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl.
4077b5038d7SDag-Erling Smørgrav	* fix verifying denial of existence for DS's in NSEC3 Opt-Out zones.
4087b5038d7SDag-Erling Smørgrav	  Thanks John Barnitz
4097b5038d7SDag-Erling Smørgrav
4107b5038d7SDag-Erling Smørgrav1.6.12	2012-01-11
4117b5038d7SDag-Erling Smørgrav	* bugfix #413: Fix manpage source for srcdir != builddir
4127b5038d7SDag-Erling Smørgrav	* Canonicalize the signers name rdata field in RRSIGs when signing
4137b5038d7SDag-Erling Smørgrav	* Ignore minor version of Private-key-format (so v1.3 may be used)
4147b5038d7SDag-Erling Smørgrav	* Allow a check_time to be given in stead of always checking against
4157b5038d7SDag-Erling Smørgrav	  the current time. With ldns-verify-zone the check_time can be set
4167b5038d7SDag-Erling Smørgrav	  with the -t option.
4177b5038d7SDag-Erling Smørgrav	* Added functions for updating and manipulating SOA serial numbers.
4187b5038d7SDag-Erling Smørgrav	  ldns-read-zone has an option -S for updating and manipulating the
4197b5038d7SDag-Erling Smørgrav	  serial numbers.
4207b5038d7SDag-Erling Smørgrav	* The library Makefile is now GNU and BSD make compatible.
4217b5038d7SDag-Erling Smørgrav	* bugfix #419: NSEC3 validation of a name covered by a wildcard with
4227b5038d7SDag-Erling Smørgrav	  no data.
4237b5038d7SDag-Erling Smørgrav	* Two new options (--with-drill and --with-examples) to the main
4247b5038d7SDag-Erling Smørgrav	  configure script (in the root of the source tree) to build drill
4257b5038d7SDag-Erling Smørgrav	  and examples too.
4267b5038d7SDag-Erling Smørgrav	* Fix days_since_epoch to year_yday calculation on 32bits systems.
4277b5038d7SDag-Erling Smørgrav
4287b5038d7SDag-Erling Smørgrav1.6.11	2011-09-29
4297b5038d7SDag-Erling Smørgrav	* bugfix #394: Fix socket leak on errors
4307b5038d7SDag-Erling Smørgrav	* bugfix #392: Apex only and percentage checks for ldns-verify-zone
4317b5038d7SDag-Erling Smørgrav	  (thanks Miek Gieben)
4327b5038d7SDag-Erling Smørgrav	* bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
4337b5038d7SDag-Erling Smørgrav	* Fix python site package path from sitelib to sitearch for pyldns.
4347b5038d7SDag-Erling Smørgrav	* Fix python api to support python2 and python3 (thanks Karel Slany).
4357b5038d7SDag-Erling Smørgrav	* bugfix #401: Correction of date/time functions algorithm and
4367b5038d7SDag-Erling Smørgrav	  prevention of an infinite loop therein
4377b5038d7SDag-Erling Smørgrav	* bugfix #402: Correct the minimum and maximum number of rdata fields
4387b5038d7SDag-Erling Smørgrav	  in TSIG. (thanks David Keeler)
4397b5038d7SDag-Erling Smørgrav	* bugfix #403: Fix heap overflow (thanks David Keeler)
4407b5038d7SDag-Erling Smørgrav	* bugfix #404: Make parsing APL strings more robust
4417b5038d7SDag-Erling Smørgrav	  (thanks David Keeler)
4427b5038d7SDag-Erling Smørgrav	* bugfix #391: Complete library assessment to prevent assertion errors
4437b5038d7SDag-Erling Smørgrav	  through ldns_rdf_size usage.
4447b5038d7SDag-Erling Smørgrav	* Slightly more specific error messaging on wrong number of rdata
4457b5038d7SDag-Erling Smørgrav	  fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
4467b5038d7SDag-Erling Smørgrav	  LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
4477b5038d7SDag-Erling Smørgrav	* bugfix #406: More rigorous openssl result code handling to prevent
4487b5038d7SDag-Erling Smørgrav	  future crashes within openssl.
4497b5038d7SDag-Erling Smørgrav	* Fix ldns_fetch_valid_domain_keys to search deeper than just one level
4507b5038d7SDag-Erling Smørgrav	  for a DNSKEY that signed a DS RR. (this function was used in the
4517b5038d7SDag-Erling Smørgrav	  check_dnssec_trace nagios module)
4527b5038d7SDag-Erling Smørgrav	* bugfix #407: Canonicalize TSIG dnames and algorithm fields
4537b5038d7SDag-Erling Smørgrav	* A new output specifier to accommodate configuration of what to show
4547b5038d7SDag-Erling Smørgrav	  in comment texts when converting host and/or wire-format data to
4557b5038d7SDag-Erling Smørgrav	  string. All conversion to string and printing functions have a new
4567b5038d7SDag-Erling Smørgrav	  version that have such a format specifier as an extra argument.
4577b5038d7SDag-Erling Smørgrav	  The default is changed so that only DNSKEY RR's are annotated with
4587b5038d7SDag-Erling Smørgrav	  an comment show the Key Tag of the DNSKEY.
4597b5038d7SDag-Erling Smørgrav	* Fixed the ldns resolver to not mark a nameserver unreachable when
4607b5038d7SDag-Erling Smørgrav	  edns0 is tried unsuccessfully with size 4096 (no return packet came),
4617b5038d7SDag-Erling Smørgrav	  but to still try TCP. A big UDP packet might have been corrupted by
4627b5038d7SDag-Erling Smørgrav	  fragments dropping firewalls.
4637b5038d7SDag-Erling Smørgrav	* Update of libdns.vim (thanks Miek Gieben)
4647b5038d7SDag-Erling Smørgrav	* Added the ldnsx Python module to our contrib section, which adds even
4657b5038d7SDag-Erling Smørgrav	  more pythonisticism to the usage of ldns with  Python. (Many thanks
466*5afab0e5SDag-Erling Smørgrav	  to Christopher Olah and Paul Wouters)
4677b5038d7SDag-Erling Smørgrav	  The ldnsx module is automatically installed when --with-pyldns is
4687b5038d7SDag-Erling Smørgrav	  used with configuring, but may explicitly be excluded with the
4697b5038d7SDag-Erling Smørgrav	  --without-pyldnsx option to configure.
4707b5038d7SDag-Erling Smørgrav	* bugfix #410: Fix clearing out temporary data on stack in sha2.c
4717b5038d7SDag-Erling Smørgrav	* bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure.
4727b5038d7SDag-Erling Smørgrav
4737b5038d7SDag-Erling Smørgrav1.6.10	2011-05-31
4747b5038d7SDag-Erling Smørgrav	* New example tool added: ldns-gen-zone.
4757b5038d7SDag-Erling Smørgrav	* bugfix #359: Serial-arithmetic for the inception and expiration
4767b5038d7SDag-Erling Smørgrav	  fields of a RRSIG and correctly converting them to broken-out time
4777b5038d7SDag-Erling Smørgrav	  information.
4787b5038d7SDag-Erling Smørgrav	* bugfix #364: Slight performance increase of ldns-verifyzone.
4797b5038d7SDag-Erling Smørgrav	* bugfix #367: Fix to allow glue records with the same name as the
4807b5038d7SDag-Erling Smørgrav	  delegation.
4817b5038d7SDag-Erling Smørgrav	* Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
4827b5038d7SDag-Erling Smørgrav	  glue when the zone is opt-out.
4837b5038d7SDag-Erling Smørgrav	* bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
4847b5038d7SDag-Erling Smørgrav	  ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
4857b5038d7SDag-Erling Smørgrav	* pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
4867b5038d7SDag-Erling Smørgrav	  performance)
4877b5038d7SDag-Erling Smørgrav	* Better handling of reference variables in ldns_rr_new_frm_fp_l from
4887b5038d7SDag-Erling Smørgrav	  pyldns, with a very nice generator function by Bedrich Kosata.
4897b5038d7SDag-Erling Smørgrav	* Decoupling of the rdfs in rrs in the python wrappers to enable
4907b5038d7SDag-Erling Smørgrav	  the python garbage collector by Bedrich Kosata.
4917b5038d7SDag-Erling Smørgrav	* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
4927b5038d7SDag-Erling Smørgrav	  build time and when used.
4937b5038d7SDag-Erling Smørgrav	* bugfix #383: Fix detection of empty nonterminals of multiple labels.
494*5afab0e5SDag-Erling Smørgrav	* Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded
4957b5038d7SDag-Erling Smørgrav	  names (in stead of just the ones that contain glue only) and all
4967b5038d7SDag-Erling Smørgrav	  occluded records on the delegation points (in stead of just the glue).
4977b5038d7SDag-Erling Smørgrav	* Clarify the operation of ldns_dnssec_mark_glue and the usage of
4987b5038d7SDag-Erling Smørgrav	  ldns_dnssec_node_next_nonglue functions in the documentation.
4997b5038d7SDag-Erling Smørgrav	* Added function ldns_dnssec_mark_and_get_glue as an real fast
5007b5038d7SDag-Erling Smørgrav	  alternative for ldns_zone_glue_rr_list.
5017b5038d7SDag-Erling Smørgrav	* Fix parse buffer overflow for max length domain names.
5027b5038d7SDag-Erling Smørgrav	* Fix Makefile for U in environment, since wrong U is more common than
5037b5038d7SDag-Erling Smørgrav	  deansification necessity.
5047b5038d7SDag-Erling Smørgrav
5057b5038d7SDag-Erling Smørgrav1.6.9	2011-03-16
5067b5038d7SDag-Erling Smørgrav	* Fix creating NSEC(3) bitmaps: make array size 65536,
5077b5038d7SDag-Erling Smørgrav	  don't add doubles.
5087b5038d7SDag-Erling Smørgrav	* Fix printout of escaped binary in TXT records.
5097b5038d7SDag-Erling Smørgrav	* Parsing TXT records: don't skip starting whitespace that is quoted.
5107b5038d7SDag-Erling Smørgrav	* bugfix #358: Check if memory was successfully allocated in
5117b5038d7SDag-Erling Smørgrav	  ldns_rdf2str().
5127b5038d7SDag-Erling Smørgrav	* Added more memory allocation checks in host2str.c
5137b5038d7SDag-Erling Smørgrav	* python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata.
5147b5038d7SDag-Erling Smørgrav	* fix to compile python wrapper with swig 2.0.2.
5157b5038d7SDag-Erling Smørgrav	* Don't fallback to SHA-1 when creating NSEC3 hash with another
5167b5038d7SDag-Erling Smørgrav	  algorithm identifier, fail instead (no other algorithm identifiers
5177b5038d7SDag-Erling Smørgrav	  are assigned yet).
5187b5038d7SDag-Erling Smørgrav
5197b5038d7SDag-Erling Smørgrav1.6.8	2011-01-24
5207b5038d7SDag-Erling Smørgrav	* Fix ldns zone, so that $TTL definition match RFC 2308.
5217b5038d7SDag-Erling Smørgrav	* Fix lots of missing checks on allocation failures and parse of
5227b5038d7SDag-Erling Smørgrav	  NSEC with many types and max parse length in hosts_frm_fp routine
5237b5038d7SDag-Erling Smørgrav	  and off by one in read_anchor_file routine (thanks Dan Kaminsky and
5247b5038d7SDag-Erling Smørgrav	  Justin Ferguson).
5257b5038d7SDag-Erling Smørgrav	* bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS
5267b5038d7SDag-Erling Smørgrav	  records.
5277b5038d7SDag-Erling Smørgrav	* Print correct WHEN in query packet (is not always 1-1-1970)
5287b5038d7SDag-Erling Smørgrav	* ldns-test-edns: new example tool that detects EDNS support.
5297b5038d7SDag-Erling Smørgrav	* fix ldns_resolver_send without openssl.
5307b5038d7SDag-Erling Smørgrav	* bugfix #342: patch for support for more CERT key types (RFC4398).
5317b5038d7SDag-Erling Smørgrav	* bugfix #351: fix udp_send hang if UDP checksum error.
5327b5038d7SDag-Erling Smørgrav	* fix set_bit (from NSEC3 sign) patch from Jan Komissar.
5337b5038d7SDag-Erling Smørgrav
5347b5038d7SDag-Erling Smørgrav1.6.7	2010-11-08
5357b5038d7SDag-Erling Smørgrav	* EXPERIMENTAL ecdsa implementation, please do not enable on real
5367b5038d7SDag-Erling Smørgrav	  servers.
5377b5038d7SDag-Erling Smørgrav	* GOST code enabled by default (RFC 5933).
5387b5038d7SDag-Erling Smørgrav	* bugfix #326: ignore whitespace between directives and their values.
5397b5038d7SDag-Erling Smørgrav	* Header comment to advertise ldns_axfr_complete to check for
5407b5038d7SDag-Erling Smørgrav	  successfully completed zone transfers.
5417b5038d7SDag-Erling Smørgrav	* read resolv.conf skips interface labels, e.g. %eth0.
5427b5038d7SDag-Erling Smørgrav	* Fix drill verify NSEC3 denials.
5437b5038d7SDag-Erling Smørgrav	* Use closesocket() on windows.
5447b5038d7SDag-Erling Smørgrav	* Add ldns_get_signing_algorithm_by_name that understand aliases,
5457b5038d7SDag-Erling Smørgrav	  names changed to RFC names and aliases for compatibility added.
5467b5038d7SDag-Erling Smørgrav	* bugfix: don't print final dot if the domain is relative.
5477b5038d7SDag-Erling Smørgrav	* bugfix: resolver search continue when packet rcode != NOERROR.
5487b5038d7SDag-Erling Smørgrav	* bugfix: resolver push all domains in search directive to list.
5497b5038d7SDag-Erling Smørgrav	* bugfix: resolver search by default includes the root domain.
5507b5038d7SDag-Erling Smørgrav	* bugfix: tcp read could fail on single octet recv.
5517b5038d7SDag-Erling Smørgrav	* bugfix: read of RR in unknown syntax with missing fields.
5527b5038d7SDag-Erling Smørgrav	* added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next()
5537b5038d7SDag-Erling Smørgrav	  to sign and verify TSIG RRs on subsequent messages
5547b5038d7SDag-Erling Smørgrav	  (section 4.4, RFC 2845, thanks to Michael Sheldon).
5557b5038d7SDag-Erling Smørgrav	* bugfix: signer sigs nsecs with zsks only.
5567b5038d7SDag-Erling Smørgrav	* bugfix #333: fix ldns_dname_absolute for name ending with backslash.
5577b5038d7SDag-Erling Smørgrav
5587b5038d7SDag-Erling Smørgrav1.6.6	2010-08-09
5597b5038d7SDag-Erling Smørgrav	* Fix ldns_rr_clone to copy question rrs properly.
5607b5038d7SDag-Erling Smørgrav	* Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone.
5617b5038d7SDag-Erling Smørgrav	* Fix ldns_wire2dname size check from reading 1 byte beyond buffer end.
5627b5038d7SDag-Erling Smørgrav	* Fix ldns_wire2dname from reading 1 byte beyond end for pointer.
5637b5038d7SDag-Erling Smørgrav	* Fix crash using GOST for particular platform configurations.
5647b5038d7SDag-Erling Smørgrav	* extern C declarations used in the header file.
5657b5038d7SDag-Erling Smørgrav	* Removed debug fprintf from resolver.c.
5667b5038d7SDag-Erling Smørgrav	* ldns-signzone checks if public key file is for the right zone.
5677b5038d7SDag-Erling Smørgrav	* NETLDNS, .NET port of ldns functionality, by Alex Nicoll, in contrib.
5687b5038d7SDag-Erling Smørgrav	* Fix handling of comments in resolv.conf parse.
5697b5038d7SDag-Erling Smørgrav	* GOST code enabled if SSL recent, RFC 5933.
5707b5038d7SDag-Erling Smørgrav	* bugfix #317: segfault util.c ldns_init_random() fixed.
5717b5038d7SDag-Erling Smørgrav	* Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of
5727b5038d7SDag-Erling Smørgrav	  b64_pton_calculate_size.
5737b5038d7SDag-Erling Smørgrav	* Fix ldns_dname_cat: size calculation and handling of realloc().
5747b5038d7SDag-Erling Smørgrav	* Fix ldns_rr_pop_rdf: fix handling of realloc().
5757b5038d7SDag-Erling Smørgrav	* Fix ldns-signzone for single type key scheme: sign whole zone if there
5767b5038d7SDag-Erling Smørgrav	  are only KSKs.
5777b5038d7SDag-Erling Smørgrav	* Fix ldns_resolver: also close socket if AXFR failed (if you don't,
5787b5038d7SDag-Erling Smørgrav          it would block subsequent transfers (thanks Roland van Rijswijk).
5797b5038d7SDag-Erling Smørgrav        * Fix drill: allow for a secure trace if you use DS records as trust
5807b5038d7SDag-Erling Smørgrav	  anchors (thanks Jan Komissar).
5817b5038d7SDag-Erling Smørgrav
5827b5038d7SDag-Erling Smørgrav1.6.5	2010-06-15
5837b5038d7SDag-Erling Smørgrav	* Catch \X where X is a digit as an error.
5847b5038d7SDag-Erling Smørgrav	* Fix segfault when ip6 ldns resolver only has ip4 servers.
5857b5038d7SDag-Erling Smørgrav	* Fix NSEC record after DNSKEY at zone apex not properly signed.
5867b5038d7SDag-Erling Smørgrav	* Fix syntax error if last label too long and no dot at end of domain.
5877b5038d7SDag-Erling Smørgrav	* Fix parse of \# syntax with space for type LOC.
5887b5038d7SDag-Erling Smørgrav	* Fix ldns_dname_absolute for escape sequences, fixes some parse errs.
5897b5038d7SDag-Erling Smørgrav	* bugfix #297: linking ssl, bug due to patch submitted as #296.
5907b5038d7SDag-Erling Smørgrav	* bugfix #299: added missing declarations to host2str.h
5917b5038d7SDag-Erling Smørgrav	* ldns-compare-zones -s to not exclude SOA record from comparison.
5927b5038d7SDag-Erling Smørgrav	* --disable-rpath fix
5937b5038d7SDag-Erling Smørgrav	* fix ldns_pkt_empty(), reported by Alex Nicoll.
5947b5038d7SDag-Erling Smørgrav	* fix ldns_resolver_new_frm_fp not ignore lines after a comment.
5957b5038d7SDag-Erling Smørgrav	* python code for ldns_rr.new_question_frm_str()
5967b5038d7SDag-Erling Smørgrav	* Fix ldns_dnssec_verify_denial: the signature selection routine.
5977b5038d7SDag-Erling Smørgrav	* Type TALINK parsed (draft-ietf-dnsop-trust-history).
5987b5038d7SDag-Erling Smørgrav	* bugfix #304: fixed dead loop in ldns_tcp_read_wire() and
5997b5038d7SDag-Erling Smørgrav	  ldns_tcp_read_wire_timeout().
6007b5038d7SDag-Erling Smørgrav	* GOST support with correct algorithm numbers.  The plan is to make it
6017b5038d7SDag-Erling Smørgrav	  enabled if openssl support is detected, but it is disabled by
6027b5038d7SDag-Erling Smørgrav	  default in this release because the RFC is not ready.
6037b5038d7SDag-Erling Smørgrav	* Fixed comment in rbtree.h about being first member and data ptr.
6047b5038d7SDag-Erling Smørgrav	* Fixed possibly leak in case of out of memory in ldns_native2rdf...
6057b5038d7SDag-Erling Smørgrav	* ldns_dname_is_wildcard added.
6067b5038d7SDag-Erling Smørgrav	* Fixed: signatures over wildcards had the wrong labelcount.
6077b5038d7SDag-Erling Smørgrav	* Fixed ldns_verify() inconsistent return values.
6087b5038d7SDag-Erling Smørgrav	* Fixed ldns_resolver to copy and free tsig name, data and algorithm.
6097b5038d7SDag-Erling Smørgrav	* Fixed ldns_resolver to push search onto searchlist.
6107b5038d7SDag-Erling Smørgrav	* A ldns resolver now defaults to a non-recursive resolver that handles
6117b5038d7SDag-Erling Smørgrav	  the TC bit.
6127b5038d7SDag-Erling Smørgrav	* ldns_resolver_print() prints more details.
6137b5038d7SDag-Erling Smørgrav	* Fixed ldns_rdf2buffer_str_time(), which did not print timestamps
6147b5038d7SDag-Erling Smørgrav	  on 64bit systems.
6157b5038d7SDag-Erling Smørgrav	* Make ldns_resolver_nameservers_randomize() more random.
6167b5038d7SDag-Erling Smørgrav	* bugfix #310: POSIX specifies NULL second argument of gettimeofday.
6177b5038d7SDag-Erling Smørgrav	* fix compiler warnings from llvm clang compiler.
6187b5038d7SDag-Erling Smørgrav	* bugfix #309: ldns_pkt_clone did not clone the tsig_rr.
6197b5038d7SDag-Erling Smørgrav	* Fix gentoo ebuild for drill, 'no m4 directory'.
6207b5038d7SDag-Erling Smørgrav	* bugfix #313: drill trace on an empty nonterminal continuation.
6217b5038d7SDag-Erling Smørgrav
6227b5038d7SDag-Erling Smørgrav1.6.4	2010-01-20
6237b5038d7SDag-Erling Smørgrav	* Imported pyldns contribution by Zdenek Vasicek and Karel Slany.
6247b5038d7SDag-Erling Smørgrav	  Changed its configure and Makefile to fit into ldns.
6257b5038d7SDag-Erling Smørgrav	  Added its dname_* methods to the rdf_* class (as is the ldns API).
6267b5038d7SDag-Erling Smørgrav	  Changed swig destroy of ldns_buffer class to ldns_buffer_free.
6277b5038d7SDag-Erling Smørgrav	  Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them.
6287b5038d7SDag-Erling Smørgrav	* Bugfix: parse PTR target of .tomhendrikx.nl with error not crash.
6297b5038d7SDag-Erling Smørgrav	* Bugfix: handle escaped characters in TXT rdata.
6307b5038d7SDag-Erling Smørgrav	* bug292: no longer crash on malformed domain names where a label is
6317b5038d7SDag-Erling Smørgrav	  on position 255, which was a buffer overflow by one.
6327b5038d7SDag-Erling Smørgrav	* Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change),
6337b5038d7SDag-Erling Smørgrav	  which fixes resolv.conf reading badly terminated string buffers.
6347b5038d7SDag-Erling Smørgrav	* Fix ldns_pkt_set_random_id to be more random, and a little faster,
6357b5038d7SDag-Erling Smørgrav	  it did not do value 0 statistically correctly.
6367b5038d7SDag-Erling Smørgrav	* Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes,
6377b5038d7SDag-Erling Smørgrav	  for portability.
6387b5038d7SDag-Erling Smørgrav	* bug295: nsec3-hash routine no longer case sensitive.
6397b5038d7SDag-Erling Smørgrav	* bug298: drill failed nsec3 denial of existence proof.
6407b5038d7SDag-Erling Smørgrav
6417b5038d7SDag-Erling Smørgrav1.6.3	2009-12-04
6427b5038d7SDag-Erling Smørgrav	* Bugfix: allow for unknown resource records in zonefile with rdlen=0.
6437b5038d7SDag-Erling Smørgrav	* Bugfix: also mark an RR as question if it comes from the wire
6447b5038d7SDag-Erling Smørgrav	* Bugfix: NSEC3 bitmap contained NSEC
6457b5038d7SDag-Erling Smørgrav	* Bugfix: Inherit class when creating signatures
6467b5038d7SDag-Erling Smørgrav
6477b5038d7SDag-Erling Smørgrav1.6.2	2009-11-12
6487b5038d7SDag-Erling Smørgrav	* Fix Makefile patch from Havard Eidnes, better install.sh usage.
6497b5038d7SDag-Erling Smørgrav	* Fix parse error on SOA serial of 2910532839.
6507b5038d7SDag-Erling Smørgrav	  Fix print of ';' and readback of '\;' in names, also for '\\'.
6517b5038d7SDag-Erling Smørgrav	  Fix parse of '\(' and '\)' in names.  Also for file read. Also '\.'
6527b5038d7SDag-Erling Smørgrav	* Fix signature creation when TTLs are different for RRs in RRset.
6537b5038d7SDag-Erling Smørgrav	* bug273: fix so EDNS rdata is included in pkt to wire conversion.
6547b5038d7SDag-Erling Smørgrav	* bug274: fix use of c++ keyword 'class' for RR class in the code.
6557b5038d7SDag-Erling Smørgrav	* bug275: fix memory leak of packet edns rdata.
6567b5038d7SDag-Erling Smørgrav	* Fix timeout procedure for TCP and AXFR on Solaris.
6577b5038d7SDag-Erling Smørgrav	* Fix occasional NSEC bitmap bogus
6587b5038d7SDag-Erling Smørgrav	* Fix rr comparing (was in reversed order since 1.6.0)
6597b5038d7SDag-Erling Smørgrav	* bug278: fix parsing HINFO rdata (and other cases).
6607b5038d7SDag-Erling Smørgrav	* Fix previous owner name: also pick up if owner name is @.
6617b5038d7SDag-Erling Smørgrav	* RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher.
6627b5038d7SDag-Erling Smørgrav      Reason for this default is the root to be signed with RSASHA256.
6637b5038d7SDag-Erling Smørgrav	* Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines
6647b5038d7SDag-Erling Smørgrav	* Fix: Make ldns_dname_is_subdomain case insensitive.
6657b5038d7SDag-Erling Smørgrav	* Fix ldns-verify-zone so that address records at zone NS set are not considered glue
6667b5038d7SDag-Erling Smørgrav		(Or glue records fall below delegation)
6677b5038d7SDag-Erling Smørgrav    * Fix LOC RR altitude printing.
6687b5038d7SDag-Erling Smørgrav	* Feature: Added period (e.g. '3m6d') support at explicit TTLs.
6697b5038d7SDag-Erling Smørgrav    * Feature: DNSKEY rrset by default signed with minimal signatures
6707b5038d7SDag-Erling Smørgrav		but -A option for ldns-signzone to sign it with all keys.
6717b5038d7SDag-Erling Smørgrav		This makes the DNSKEY responses smaller for signed domains.
6727b5038d7SDag-Erling Smørgrav
6737b5038d7SDag-Erling Smørgrav1.6.1   2009-09-14
6747b5038d7SDag-Erling Smørgrav	* --enable-gost : use the GOST algorithm (experimental).
6757b5038d7SDag-Erling Smørgrav	* Added some missing options to drill manpage
6767b5038d7SDag-Erling Smørgrav	* Some fixes to --without-ssl option
677*5afab0e5SDag-Erling Smørgrav	* Fixed quote parsing within strings
6787b5038d7SDag-Erling Smørgrav	* Bitmask fix in EDNS handling
6797b5038d7SDag-Erling Smørgrav	* Fixed non-fqdn domain name completion for rdata field domain
6807b5038d7SDag-Erling Smørgrav	  names of length 1
6817b5038d7SDag-Erling Smørgrav	* Fixed chain validation with SHA256 DS records
6827b5038d7SDag-Erling Smørgrav
6837b5038d7SDag-Erling Smørgrav1.6.0
6847b5038d7SDag-Erling Smørgrav	Additions:
6857b5038d7SDag-Erling Smørgrav	* Addition of an ldns-config script which gives cflags and libs
6867b5038d7SDag-Erling Smørgrav	  values, for use in configure scripts for applications that use
6877b5038d7SDag-Erling Smørgrav	  use ldns. Can be disabled with ./configure --disable-ldns-config
6887b5038d7SDag-Erling Smørgrav	* Added direct sha1, sha256, and sha512 support in ldns.
6897b5038d7SDag-Erling Smørgrav	  With these functions, all NSEC3 functionality can still be
6907b5038d7SDag-Erling Smørgrav	  used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
6917b5038d7SDag-Erling Smørgrav	  Steve Reid, and Aaron D. Gifford for the code.
6927b5038d7SDag-Erling Smørgrav	* Added reading/writing support for the SPF Resource Record
6937b5038d7SDag-Erling Smørgrav	* Base32 functions are now exported
6947b5038d7SDag-Erling Smørgrav	Bugfixes:
6957b5038d7SDag-Erling Smørgrav	* ldns_is_rrset did not go through the complete rrset, but
6967b5038d7SDag-Erling Smørgrav	  only compared the first two records. Thanks to Olafur
6977b5038d7SDag-Erling Smørgrav	  Gudmundsson for report and patch
6987b5038d7SDag-Erling Smørgrav	* Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
6997b5038d7SDag-Erling Smørgrav	  thanks to Marius Rieder for finding an patching this.
7007b5038d7SDag-Erling Smørgrav	* --without-ssl should now work. Make sure that examples/ and
7017b5038d7SDag-Erling Smørgrav	  drill also get the --without-ssl flag on their configure, if
7027b5038d7SDag-Erling Smørgrav	  this is used.
7037b5038d7SDag-Erling Smørgrav	* Some malloc() return value checks have been added
7047b5038d7SDag-Erling Smørgrav	* NSEC3 creation has been improved wrt to empty nonterminals,
7057b5038d7SDag-Erling Smørgrav	  and opt-out.
7067b5038d7SDag-Erling Smørgrav	* Fixed a bug in the parser when reading large NSEC3 salt
7077b5038d7SDag-Erling Smørgrav	  values.
7087b5038d7SDag-Erling Smørgrav	* Made the allowed length for domain names on wire
7097b5038d7SDag-Erling Smørgrav	  and presentation format the same.
7107b5038d7SDag-Erling Smørgrav	Example tools:
7117b5038d7SDag-Erling Smørgrav	* ldns-key2ds can now also generate DS records for keys without
7127b5038d7SDag-Erling Smørgrav	  the SEP flag
7137b5038d7SDag-Erling Smørgrav	* ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
7147b5038d7SDag-Erling Smørgrav	  the first non-default DNSKEY TTL value it sees)
7157b5038d7SDag-Erling Smørgrav
7167b5038d7SDag-Erling Smørgrav1.5.1
7177b5038d7SDag-Erling Smørgrav	Example tools:
7187b5038d7SDag-Erling Smørgrav	* ldns-signzone was broken in 1.5.0 for multiple keys, this
7197b5038d7SDag-Erling Smørgrav	  has been repaired
7207b5038d7SDag-Erling Smørgrav
7217b5038d7SDag-Erling Smørgrav	Build system:
7227b5038d7SDag-Erling Smørgrav	* Removed a small erroneous output warning in
7237b5038d7SDag-Erling Smørgrav	  examples/configure and drill/configure
7247b5038d7SDag-Erling Smørgrav
7257b5038d7SDag-Erling Smørgrav1.5.0
7267b5038d7SDag-Erling Smørgrav	Bug fixes:
7277b5038d7SDag-Erling Smørgrav	* fixed a possible memory overflow in the RR parser
7287b5038d7SDag-Erling Smørgrav	* build flag fix for Sun Studio
7297b5038d7SDag-Erling Smørgrav	* fixed a building race condition in the copying of header
7307b5038d7SDag-Erling Smørgrav	  files
7317b5038d7SDag-Erling Smørgrav	* EDNS0 extended rcode; the correct assembled code number
7327b5038d7SDag-Erling Smørgrav	  is now printed (still in the EDNS0 field, though)
7337b5038d7SDag-Erling Smørgrav	* ldns_pkt_rr no longer leaks memory (in fact, it no longer
7347b5038d7SDag-Erling Smørgrav	  copies anything all)
7357b5038d7SDag-Erling Smørgrav
7367b5038d7SDag-Erling Smørgrav	API addition:
7377b5038d7SDag-Erling Smørgrav	* ldns_key now has support for 'external' data, in which
7387b5038d7SDag-Erling Smørgrav	  case the OpenSSL EVP structures are not used;
7397b5038d7SDag-Erling Smørgrav	  ldns_key_set_external_key() and ldns_key_external_key()
7407b5038d7SDag-Erling Smørgrav	* added ldns_key_get_file_base_name() which creates a
7417b5038d7SDag-Erling Smørgrav	  'default' filename base string for key storage, of the
7427b5038d7SDag-Erling Smørgrav	  form "K<zone>+<algorithm>+<keytag>"
7437b5038d7SDag-Erling Smørgrav	* the ldns_dnssec_* family of structures now have deep_free()
7447b5038d7SDag-Erling Smørgrav	  functions, which also free the ldns_rr's contained in them
7457b5038d7SDag-Erling Smørgrav	* there is now an ldns_match_wildcard() function, which checks
7467b5038d7SDag-Erling Smørgrav	  whether a domain name matches a wildcard name
7477b5038d7SDag-Erling Smørgrav	* ldns_sign_public has been split up; this resulted in the
7487b5038d7SDag-Erling Smørgrav	  addition of ldns_create_empty_rrsig() and
7497b5038d7SDag-Erling Smørgrav	  ldns_sign_public_buffer()
7507b5038d7SDag-Erling Smørgrav
7517b5038d7SDag-Erling Smørgrav	Examples:
7527b5038d7SDag-Erling Smørgrav	* ldns-signzone can now automatically add DNSKEY records when
7537b5038d7SDag-Erling Smørgrav	  using an OpenSSL engine, as it already did when using key
7547b5038d7SDag-Erling Smørgrav	  files
7557b5038d7SDag-Erling Smørgrav	* added new example tool: ldns-nsec3-hash
7567b5038d7SDag-Erling Smørgrav	* ldns-dpa can now filter on specific query name and types
7577b5038d7SDag-Erling Smørgrav	* ldnsd has fixes for the zone name, a fix for the return
7587b5038d7SDag-Erling Smørgrav	  value of recvfrom(), and an memory initialization fix
7597b5038d7SDag-Erling Smørgrav	  (Thanks to Colm MacCárthaigh for the patch)
7607b5038d7SDag-Erling Smørgrav	* Fixed memory leaks in ldnsd
7617b5038d7SDag-Erling Smørgrav
7627b5038d7SDag-Erling Smørgrav
7637b5038d7SDag-Erling Smørgrav
7647b5038d7SDag-Erling Smørgrav1.4.1
7657b5038d7SDag-Erling Smørgrav	Bug fixes:
7667b5038d7SDag-Erling Smørgrav	* fixed a build issue where ldns lib existence was done too early
7677b5038d7SDag-Erling Smørgrav	* removed unnecessary check for pcap.h
7687b5038d7SDag-Erling Smørgrav	* NSEC3 optout flag now correctly printed in string output
7697b5038d7SDag-Erling Smørgrav	* inttypes.h moved to configured inclusion
7707b5038d7SDag-Erling Smørgrav	* fixed NSEC3 type bitmaps for empty nonterminals and unsigned
7717b5038d7SDag-Erling Smørgrav	  delegations
7727b5038d7SDag-Erling Smørgrav
7737b5038d7SDag-Erling Smørgrav	API addition:
7747b5038d7SDag-Erling Smørgrav	* for that last fix, we added a new function
7757b5038d7SDag-Erling Smørgrav	  ldns_dname_add_from() that can clone parts of a dname
7767b5038d7SDag-Erling Smørgrav
7777b5038d7SDag-Erling Smørgrav1.4.0
7787b5038d7SDag-Erling Smørgrav	Bug fixes:
7797b5038d7SDag-Erling Smørgrav	* sig chase return code fix (patch from Rafael Justo, bug id 189)
7807b5038d7SDag-Erling Smørgrav	* rdata.c memory leaks on error and allocation checks fixed (patch
7817b5038d7SDag-Erling Smørgrav	  from Shane Kerr, bug id 188)
7827b5038d7SDag-Erling Smørgrav	* zone.c memory leaks on error and allocation checks fixed (patch
7837b5038d7SDag-Erling Smørgrav	from Shane Kerr, bug id 189)
784*5afab0e5SDag-Erling Smørgrav	* ldns-zsplit output and error messages fixed (patch from Shane Kerr,
7857b5038d7SDag-Erling Smørgrav	  bug id 190)
7867b5038d7SDag-Erling Smørgrav	* Fixed potential buffer overflow in ldns_str2rdf_dname
7877b5038d7SDag-Erling Smørgrav	* Signing code no longer signs delegation NS rrsets
7887b5038d7SDag-Erling Smørgrav	* Some minor configure/makefile updates
7897b5038d7SDag-Erling Smørgrav	* Fixed a bug in the randomness initialization
7907b5038d7SDag-Erling Smørgrav	* Fixed a bug in the reading of resolv.conf
7917b5038d7SDag-Erling Smørgrav	* Fixed a bug concerning whitespace in zone data (with patch from Ondrej
7927b5038d7SDag-Erling Smørgrav	  Sury, bug 213)
7937b5038d7SDag-Erling Smørgrav	* Fixed a small fallback problem in axfr client code
7947b5038d7SDag-Erling Smørgrav
7957b5038d7SDag-Erling Smørgrav	API CHANGES:
7967b5038d7SDag-Erling Smørgrav	* added 2str convenience functions:
7977b5038d7SDag-Erling Smørgrav		- ldns_rr_type2str
7987b5038d7SDag-Erling Smørgrav		- ldns_rr_class2str
7997b5038d7SDag-Erling Smørgrav		- ldns_rr_type2buffer_str
8007b5038d7SDag-Erling Smørgrav		- ldns_rr_class2buffer_str
8017b5038d7SDag-Erling Smørgrav	* buffer2str() is now called ldns_buffer2str
8027b5038d7SDag-Erling Smørgrav	* base32 and base64 function names are now also prepended with ldns_
8037b5038d7SDag-Erling Smørgrav	* ldns_rr_new_frm_str() now returns an error on missing RDATA fields.
8047b5038d7SDag-Erling Smørgrav	  Since you cannot read QUESTION section RRs with this anymore,
8057b5038d7SDag-Erling Smørgrav	  there is now a function called ldns_rr_new_question_frm_str()
8067b5038d7SDag-Erling Smørgrav
8077b5038d7SDag-Erling Smørgrav	LIBRARY FEATURES:
8087b5038d7SDag-Erling Smørgrav	* DS RRs string representation now add bubblebabble in a comment
8097b5038d7SDag-Erling Smørgrav	  (patch from Jakob Schlyter)
8107b5038d7SDag-Erling Smørgrav	* DLV RR type added
8117b5038d7SDag-Erling Smørgrav	* TCP fallback system has been improved
8127b5038d7SDag-Erling Smørgrav	* HMAC-SHA256 TSIG support has been added.
813*5afab0e5SDag-Erling Smørgrav	* TTLS are now correctly set in NSEC(3) records when signing zones
8147b5038d7SDag-Erling Smørgrav
8157b5038d7SDag-Erling Smørgrav	EXAMPLE TOOLS:
8167b5038d7SDag-Erling Smørgrav	* New example: ldns-revoke to revoke DNSKEYs according to RFC5011
8177b5038d7SDag-Erling Smørgrav	* ldns-testpkts has been fixed and updated
8187b5038d7SDag-Erling Smørgrav	* ldns-signzone now has the option to not add the DNSKEY
8197b5038d7SDag-Erling Smørgrav	* ldns-signzone now has an (full zone only) opt-out option for
8207b5038d7SDag-Erling Smørgrav	                NSEC3
8217b5038d7SDag-Erling Smørgrav	* ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys
8227b5038d7SDag-Erling Smørgrav	* ldns-walk output has been fixed
8237b5038d7SDag-Erling Smørgrav	* ldns-compare-zones has been fixed, and now has an option
8247b5038d7SDag-Erling Smørgrav	  to show all differences (-a)
8257b5038d7SDag-Erling Smørgrav	* ldns-read-zone now has an option to print DNSSEC records only
8267b5038d7SDag-Erling Smørgrav
8277b5038d7SDag-Erling Smørgrav1.3
8287b5038d7SDag-Erling Smørgrav	Base library:
8297b5038d7SDag-Erling Smørgrav
8307b5038d7SDag-Erling Smørgrav	* Added a new family of functions based around ldns_dnssec_zone,
8317b5038d7SDag-Erling Smørgrav	which is a new structure that keeps a zone sorted through an
8327b5038d7SDag-Erling Smørgrav	rbtree and links signatures and NSEC(3) records directly to their
8337b5038d7SDag-Erling Smørgrav	RRset. These functions all start with ldns_dnssec_
8347b5038d7SDag-Erling Smørgrav
8357b5038d7SDag-Erling Smørgrav	* ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but
8367b5038d7SDag-Erling Smørgrav	have been changed to internally use the new
8377b5038d7SDag-Erling Smørgrav	ldns_dnssec_zone_sign(_nsec3)
8387b5038d7SDag-Erling Smørgrav
8397b5038d7SDag-Erling Smørgrav	* Moved some ldns_buffer functions inline, so a clean rebuild of
8407b5038d7SDag-Erling Smørgrav	applications relying on those is needed (otherwise you'll get
8417b5038d7SDag-Erling Smørgrav	linker errors)
8427b5038d7SDag-Erling Smørgrav	* ldns_dname_label now returns one extra (zero)
8437b5038d7SDag-Erling Smørgrav	byte, so it can be seen as an fqdn.
8447b5038d7SDag-Erling Smørgrav	* NSEC3 type code update for signing algorithms.
8457b5038d7SDag-Erling Smørgrav	* DSA key generation of DNSKEY RRs fixed (one byte too small).
8467b5038d7SDag-Erling Smørgrav
8477b5038d7SDag-Erling Smørgrav	* Added support for RSA/SHA256 and RSA/SHA512, as specified in
8487b5038d7SDag-Erling Smørgrav	draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not
8497b5038d7SDag-Erling Smørgrav	final, and this feature is not enabled by default. It can be
8507b5038d7SDag-Erling Smørgrav	enabled at compilation time with the flag --with-sha2
8517b5038d7SDag-Erling Smørgrav
8527b5038d7SDag-Erling Smørgrav	* Added 2wire_canonical family of functions that lowercase dnames
8537b5038d7SDag-Erling Smørgrav	in rdata fields in resource records of the types in the list in
8547b5038d7SDag-Erling Smørgrav	rfc3597
8557b5038d7SDag-Erling Smørgrav
8567b5038d7SDag-Erling Smørgrav	* Added base32 conversion functions.
8577b5038d7SDag-Erling Smørgrav
8587b5038d7SDag-Erling Smørgrav	* Fixed DSA RRSIG conversion when calling OpenSSL
8597b5038d7SDag-Erling Smørgrav
8607b5038d7SDag-Erling Smørgrav	Drill:
8617b5038d7SDag-Erling Smørgrav
8627b5038d7SDag-Erling Smørgrav	* Chase output is completely different, it shows, in ascii, the
8637b5038d7SDag-Erling Smørgrav	relations in the trust hierarchy.
8647b5038d7SDag-Erling Smørgrav
8657b5038d7SDag-Erling Smørgrav	Examples:
8667b5038d7SDag-Erling Smørgrav	* Added ldns-verify-zone, that can verify the internal DNSSEC records
8677b5038d7SDag-Erling Smørgrav	of a signed BIND-style zone file
8687b5038d7SDag-Erling Smørgrav
8697b5038d7SDag-Erling Smørgrav	* ldns-keygen now takes an -a argument specifying the algorithm,
8707b5038d7SDag-Erling Smørgrav	instead of -R or -D. -a list show a list of supported algorithms
8717b5038d7SDag-Erling Smørgrav
8727b5038d7SDag-Erling Smørgrav	* ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3
8737b5038d7SDag-Erling Smørgrav	for RSA key generation
8747b5038d7SDag-Erling Smørgrav
8757b5038d7SDag-Erling Smørgrav	* ldns-signzone now has support for HSMs
8767b5038d7SDag-Erling Smørgrav	* ldns-signzone uses the new ldns_dnssec_ structures and functions
8777b5038d7SDag-Erling Smørgrav	which improves its speed, and output; RRSIGS are now placed
8787b5038d7SDag-Erling Smørgrav	directly after their RRset, NSEC(3) records directly after the
8797b5038d7SDag-Erling Smørgrav	name they handle
8807b5038d7SDag-Erling Smørgrav
8817b5038d7SDag-Erling Smørgrav	Contrib:
8827b5038d7SDag-Erling Smørgrav	* new contrib/ dir with user contributions
8837b5038d7SDag-Erling Smørgrav	* added compilation script for solaris (thanks to Jakob Schlyter)
8847b5038d7SDag-Erling Smørgrav
8857b5038d7SDag-Erling Smørgrav28 Nov 2007 1.2.2:
8867b5038d7SDag-Erling Smørgrav	* Added support for HMAC-MD5 keys in generator
8877b5038d7SDag-Erling Smørgrav	* Added a new example tool (written by Ondrej Sury): ldns-compare-zones
888*5afab0e5SDag-Erling Smørgrav	* ldns-keygen now checks key sizes for rfc conformance
8897b5038d7SDag-Erling Smørgrav	* ldns-signzone outputs SSL error if present
8907b5038d7SDag-Erling Smørgrav	* Fixed manpages (thanks to Ondrej Sury)
8917b5038d7SDag-Erling Smørgrav	* Fixed Makefile for -j <x>
8927b5038d7SDag-Erling Smørgrav	* Fixed a $ORIGIN error when reading zones
8937b5038d7SDag-Erling Smørgrav	* Fixed another off-by-one error
8947b5038d7SDag-Erling Smørgrav
8957b5038d7SDag-Erling Smørgrav03 Oct 2007 1.2.1:
8967b5038d7SDag-Erling Smørgrav	* Fixed an offset error in rr comparison
8977b5038d7SDag-Erling Smørgrav	* Fixed ldns-read-zone exit code
8987b5038d7SDag-Erling Smørgrav	* Added check for availability of SHA256 hashing algorithm
8997b5038d7SDag-Erling Smørgrav	* Fixed ldns-key2ds -2 argument
9007b5038d7SDag-Erling Smørgrav	* Fixed $ORIGIN bug in .key files
9017b5038d7SDag-Erling Smørgrav	* Output algorithms as an integer instead of their mnemonic
9027b5038d7SDag-Erling Smørgrav	* Fixed a memory leak in dnssec code when SHA256 is not available
9037b5038d7SDag-Erling Smørgrav	* Updated fedora .spec file
9047b5038d7SDag-Erling Smørgrav
9057b5038d7SDag-Erling Smørgrav11 Apr 2007 1.2.0:
9067b5038d7SDag-Erling Smørgrav	* canonicalization of rdata in DNSSEC functions now adheres to the
9077b5038d7SDag-Erling Smørgrav	  rr type list in rfc3597, not rfc4035, which will be updated
9087b5038d7SDag-Erling Smørgrav	  (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html)
9097b5038d7SDag-Erling Smørgrav	* ldns-walk now support dnames with maximum label length
9107b5038d7SDag-Erling Smørgrav	* ldnsd now takes an extra argument containing the address to listen on
9117b5038d7SDag-Erling Smørgrav	* signing no longer signs every rrset with KSK's, but only the DNSKEY rrset
9127b5038d7SDag-Erling Smørgrav	* ported to Solaris 10
9137b5038d7SDag-Erling Smørgrav	* added ldns_send_buffer() function
9147b5038d7SDag-Erling Smørgrav	* added ldns-testpkts fake packet server
9157b5038d7SDag-Erling Smørgrav	* added ldns-notify to send NOTIFY packets
9167b5038d7SDag-Erling Smørgrav	* ldns-dpa can now accurately calculate the number of matches per
9177b5038d7SDag-Erling Smørgrav	  second
9187b5038d7SDag-Erling Smørgrav	* libtool is now used for compilation too (still gcc, but not directly)
9197b5038d7SDag-Erling Smørgrav	* Bugfixes:
9207b5038d7SDag-Erling Smørgrav		- TSIG signing buffer size
9217b5038d7SDag-Erling Smørgrav		- resolv.conf reading (comments)
9227b5038d7SDag-Erling Smørgrav		- dname comparison off by one error
9237b5038d7SDag-Erling Smørgrav		- typo in keyfetchers output file name fixed (a . too much)
9247b5038d7SDag-Erling Smørgrav		- fixed zone file parser when comments contain ( or )
9257b5038d7SDag-Erling Smørgrav		- fixed LOC RR type
9267b5038d7SDag-Erling Smørgrav		- fixed CERT RR type
9277b5038d7SDag-Erling Smørgrav
9287b5038d7SDag-Erling Smørgrav	Drill:
9297b5038d7SDag-Erling Smørgrav	* drill prints error on failed axfr.
9307b5038d7SDag-Erling Smørgrav	* drill now accepts mangled packets with -f
9317b5038d7SDag-Erling Smørgrav	* old -c option (use tcp) changed to -t
9327b5038d7SDag-Erling Smørgrav	* -c option to specify alternative resolv.conf file added
9337b5038d7SDag-Erling Smørgrav	* feedback of signature chase improved
9347b5038d7SDag-Erling Smørgrav	* chaser now stops at root when no trusted keys are found
9357b5038d7SDag-Erling Smørgrav	  instead of looping forever trying to find the DS for .
9367b5038d7SDag-Erling Smørgrav	* Fixed bugs:
9377b5038d7SDag-Erling Smørgrav		- wildcard on multiple labels signature verification
9387b5038d7SDag-Erling Smørgrav		- error in -f packet writing for malformed packets
9397b5038d7SDag-Erling Smørgrav		- made KSK check more resilient
9407b5038d7SDag-Erling Smørgrav
9417b5038d7SDag-Erling Smørgrav7 Jul 2006: 1.1.0: ldns-team
9427b5038d7SDag-Erling Smørgrav	* Added tutorials and an introduction to the documentation
9437b5038d7SDag-Erling Smørgrav	* Added include/ and lib/ dirs so that you can compile against ldns
9447b5038d7SDag-Erling Smørgrav	  without installing ldns on your system
9457b5038d7SDag-Erling Smørgrav	* Makefile updates
9467b5038d7SDag-Erling Smørgrav	* Starting usage of assert throughout the library to catch illegal calls
9477b5038d7SDag-Erling Smørgrav	* Solaris 9 testing was carried out. Ldns now compiles on that
9487b5038d7SDag-Erling Smørgrav	  platform; some gnuism were identified and fixed.
9497b5038d7SDag-Erling Smørgrav	* The ldns_zone structure was stress tested. The current setup
9507b5038d7SDag-Erling Smørgrav	 (ie. just a list of rrs) can scale to zone file in order of
9517b5038d7SDag-Erling Smørgrav	  megabytes. Sorting such zone is still difficult.
9527b5038d7SDag-Erling Smørgrav	* Reading multiline b64 encoded rdata works.
9537b5038d7SDag-Erling Smørgrav	* OpenSSL was made optional, configure --without-ssl.
9547b5038d7SDag-Erling Smørgrav	  Ofcourse all dnssec/tsig related functions are disabled
9557b5038d7SDag-Erling Smørgrav	* Building of examples and drill now happens with the same
9567b5038d7SDag-Erling Smørgrav	  defines as the building of ldns itself.
9577b5038d7SDag-Erling Smørgrav	* Preliminary sha-256 support was added. Currently is your
9587b5038d7SDag-Erling Smørgrav	  OpenSSL supports it, it is supported in the DS creation.
9597b5038d7SDag-Erling Smørgrav	* ldns_resolver_search was implemented
9607b5038d7SDag-Erling Smørgrav	* Fixed a lot of bugs
9617b5038d7SDag-Erling Smørgrav
9627b5038d7SDag-Erling Smørgrav	Drill:
9637b5038d7SDag-Erling Smørgrav	* -r was killed in favor of -o <header bit mnemonic> which
9647b5038d7SDag-Erling Smørgrav	  allows for a header bits setting (and maybe more in the
9657b5038d7SDag-Erling Smørgrav	  future)
966*5afab0e5SDag-Erling Smørgrav	* DNSSEC is never automatically set, even when you query
9677b5038d7SDag-Erling Smørgrav	  for DNSKEY/RRSIG or DS.
9687b5038d7SDag-Erling Smørgrav	* Implement a crude RTT check, it now distinguishes between
9697b5038d7SDag-Erling Smørgrav	  reachable and unreachable.
9707b5038d7SDag-Erling Smørgrav	* A form of secure tracing was added
9717b5038d7SDag-Erling Smørgrav	* Secure Chasing has been improved
9727b5038d7SDag-Erling Smørgrav	* -x does a reverse lookup for the given IP address
9737b5038d7SDag-Erling Smørgrav
9747b5038d7SDag-Erling Smørgrav	Examples:
9757b5038d7SDag-Erling Smørgrav	* ldns-dpa was added to the examples - this is the Dns Packet
9767b5038d7SDag-Erling Smørgrav	  Analyzer tool.
9777b5038d7SDag-Erling Smørgrav	* ldnsd - as very, very simple nameserver impl.
978*5afab0e5SDag-Erling Smørgrav	* ldns-zsplit - split zones for parallel signing
9797b5038d7SDag-Erling Smørgrav	* ldns-zcat - cat split zones back together
9807b5038d7SDag-Erling Smørgrav	* ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong,
9817b5038d7SDag-Erling Smørgrav	  non-DNSSEC) anti-spoofing techniques.
9827b5038d7SDag-Erling Smørgrav	* ldns-walk - 'Walks' a DNSSEC signed zone
9837b5038d7SDag-Erling Smørgrav	* Added an all-static target to the makefile so you can use examples
9847b5038d7SDag-Erling Smørgrav	  without installing the library
9857b5038d7SDag-Erling Smørgrav	* When building in the source tree or in a direct subdirectory of
9867b5038d7SDag-Erling Smørgrav	  the build dir, configure does not need --with-ldns=../ anymore
9877b5038d7SDag-Erling Smørgrav
9887b5038d7SDag-Erling Smørgrav	Code:
9897b5038d7SDag-Erling Smørgrav	* All networking code was moved to net.c
9907b5038d7SDag-Erling Smørgrav	* rdata.c: added asserts to the rdf set/get functions
9917b5038d7SDag-Erling Smørgrav	* const keyword was added to pointer arguments that
9927b5038d7SDag-Erling Smørgrav	  aren't changed
9937b5038d7SDag-Erling Smørgrav
9947b5038d7SDag-Erling Smørgrav	API:
9957b5038d7SDag-Erling Smørgrav	Changed:
9967b5038d7SDag-Erling Smørgrav	* renamed ldns/dns.h to ldns/ldns.h
997*5afab0e5SDag-Erling Smørgrav	* ldns_rr_new_frm_str() is extended with an extra variable which
9987b5038d7SDag-Erling Smørgrav	  in common use may be NULL. This trickles through to:
9997b5038d7SDag-Erling Smørgrav	  o ldns_rr_new_frm_fp
10007b5038d7SDag-Erling Smørgrav	  o ldns_rr_new_frm_fp_l
10017b5038d7SDag-Erling Smørgrav	  Which also get an extra variable
10027b5038d7SDag-Erling Smørgrav	  Also the function has been changed to return a status message.
10037b5038d7SDag-Erling Smørgrav	  The compiled RR is returned in the first argument.
10047b5038d7SDag-Erling Smørgrav	* ldns_zone_new_frm_fp_l()  and ldns_zone_new_frm_fp() are
10057b5038d7SDag-Erling Smørgrav	  changed to return a status msg.
10067b5038d7SDag-Erling Smørgrav	* ldns_key_new_frm_fp is changed to return ldns_status and
10077b5038d7SDag-Erling Smørgrav	  the actual key list in the first argument
10087b5038d7SDag-Erling Smørgrav	* ldns_rdata_new_frm_fp[_l]() are changed to return a status.
10097b5038d7SDag-Erling Smørgrav	  the rdf is return in the first argument
10107b5038d7SDag-Erling Smørgrav	* ldns_resolver_new_frm_fp: same treatment: return status and
10117b5038d7SDag-Erling Smørgrav	  the new resolver in the first argument
10127b5038d7SDag-Erling Smørgrav	* ldns_pkt_query_new_frm_str(): same: return status and the
10137b5038d7SDag-Erling Smørgrav	  packet in the first arg
10147b5038d7SDag-Erling Smørgrav	* tsig.h: internal used functions are now static:
10157b5038d7SDag-Erling Smørgrav	  ldns_digest_name and ldns_tsig_mac_new
10167b5038d7SDag-Erling Smørgrav	* ldns_key_rr2ds has an extra argument to specify the hash to
10177b5038d7SDag-Erling Smørgrav	  use.
10187b5038d7SDag-Erling Smørgrav	* ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode
10197b5038d7SDag-Erling Smørgrav	  is now the rcode type, like ldns_pkt_opcode
10207b5038d7SDag-Erling Smørgrav	New:
10217b5038d7SDag-Erling Smørgrav	* ldns_resolver_searchlist_count: return the searchlist counter
10227b5038d7SDag-Erling Smørgrav	* ldns_zone_sort: Sort a zone
10237b5038d7SDag-Erling Smørgrav	* ldns_bgsend(): background send, returns a socket.
10247b5038d7SDag-Erling Smørgrav	* ldns_pkt_empty(): check is a packet is empty
10257b5038d7SDag-Erling Smørgrav	* ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list
10267b5038d7SDag-Erling Smørgrav	* ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list
10277b5038d7SDag-Erling Smørgrav	* ldns_rr_list_compare(): compare 2 ldns_rr_lists
10287b5038d7SDag-Erling Smørgrav	* ldns_pkt_push_rr_list: rr_list equiv for rr
10297b5038d7SDag-Erling Smørgrav	* ldns_pkt_safe_push_rr_list: rr_list equiv for rr
10307b5038d7SDag-Erling Smørgrav	Removed:
10317b5038d7SDag-Erling Smørgrav	* ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now
10327b5038d7SDag-Erling Smørgrav	* ldns_udp_server_connect(): was faulty and isn't really part of
10337b5038d7SDag-Erling Smørgrav	  the core ldns idea any how.
10347b5038d7SDag-Erling Smørgrav	* ldns_rr_list_insert_rr(): obsoleted, because not used.
10357b5038d7SDag-Erling Smørgrav	* char *_when was removed from the ldns_pkt structure
10367b5038d7SDag-Erling Smørgrav
10377b5038d7SDag-Erling Smørgrav18 Oct 2005: 1.0.0: ldns-team
1038*5afab0e5SDag-Erling Smørgrav	* Committed a patch from Håkan Olsson
10397b5038d7SDag-Erling Smørgrav	* Added UPDATE support (Jakob Schlyter and Håkan Olsson)
10407b5038d7SDag-Erling Smørgrav	* License change: ldns is now BSD licensed
10417b5038d7SDag-Erling Smørgrav	* ldns now depends on SSL
10427b5038d7SDag-Erling Smørgrav	* Networking code cleanup, added (some) server udp/tcp support
10437b5038d7SDag-Erling Smørgrav	* A zone type is introduced. Currently this is a list
10447b5038d7SDag-Erling Smørgrav	  of RRs, so it will not scale well.
10457b5038d7SDag-Erling Smørgrav	* [beta] Zonefile parsing was added
10467b5038d7SDag-Erling Smørgrav	* [tools] Drill was added to ldns - see drill/
10477b5038d7SDag-Erling Smørgrav	* [tools] experimental signer was added
10487b5038d7SDag-Erling Smørgrav	* [building] better check for ssl
10497b5038d7SDag-Erling Smørgrav	* [building] major revision of build system
10507b5038d7SDag-Erling Smørgrav	* [building] added rpm .spec in packaging/ (thanks to Paul Wouters)
10517b5038d7SDag-Erling Smørgrav	* [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter
10527b5038d7SDag-Erling Smørgrav	and Paul Wouters)
10537b5038d7SDag-Erling Smørgrav
10547b5038d7SDag-Erling Smørgrav28 Jul 2005: 0.70: ldns-team
10557b5038d7SDag-Erling Smørgrav	* [func] ldns_pkt_get_section now returns copies from the rrlists
10567b5038d7SDag-Erling Smørgrav	  in the packet. This can be freed by the user program
10577b5038d7SDag-Erling Smørgrav	* [code] added ldns_ prefixes to function from util.h
10587b5038d7SDag-Erling Smørgrav	* [inst] removed documentation from default make install
10597b5038d7SDag-Erling Smørgrav	* Usual fixes in documentation and code
10607b5038d7SDag-Erling Smørgrav
10617b5038d7SDag-Erling Smørgrav20 Jun 2005: 0.66: ldns-team
10627b5038d7SDag-Erling Smørgrav	Rel. Focus: drill-pre2 uses some functions which are
10637b5038d7SDag-Erling Smørgrav	not in 0.65
10647b5038d7SDag-Erling Smørgrav	* dnssec_cd bit function was added
10657b5038d7SDag-Erling Smørgrav	* Zone infrastructure was added
10667b5038d7SDag-Erling Smørgrav	* Usual fixes in documentation and code
10677b5038d7SDag-Erling Smørgrav
10687b5038d7SDag-Erling Smørgrav13 Jun 2005: 0.65: ldns-team
10697b5038d7SDag-Erling Smørgrav	* Repository is online at:
10707b5038d7SDag-Erling Smørgrav	  http://www.nlnetlabs.nl/ldns/svn/
1071*5afab0e5SDag-Erling Smørgrav	* Apply reference copying throughout ldns, except in 2
10727b5038d7SDag-Erling Smørgrav	  places in the ldns_resolver structure (._domain and
10737b5038d7SDag-Erling Smørgrav	 ._nameservers)
10747b5038d7SDag-Erling Smørgrav	* Usual array of bugfixes
10757b5038d7SDag-Erling Smørgrav	* Documentation added
10767b5038d7SDag-Erling Smørgrav	* keygen.c added as an example for DNSSEC programming
10777b5038d7SDag-Erling Smørgrav
10787b5038d7SDag-Erling Smørgrav23 May 2005: 0.60: ldns-team
10797b5038d7SDag-Erling Smørgrav	* Removed config.h from the header installed files
1080*5afab0e5SDag-Erling Smørgrav	  (you're not supposed to include that in a library)
10817b5038d7SDag-Erling Smørgrav	* Further tweaking
10827b5038d7SDag-Erling Smørgrav	  - DNSSEC signing/verification works
10837b5038d7SDag-Erling Smørgrav	  - Assorted bug fixes and tweaks (memory management)
10847b5038d7SDag-Erling Smørgrav
10857b5038d7SDag-Erling SmørgravMay 2005: 0.50: ldns-team
10867b5038d7SDag-Erling Smørgrav	* First usable release
10877b5038d7SDag-Erling Smørgrav	* Basic DNS functionality works
10887b5038d7SDag-Erling Smørgrav	* DNSSEC validation works
1089