[ldns-users] ldns 1.6.17 rc1

Willem Toorop willem at nlnetlabs.nl
Fri Jan 3 15:01:37 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear maintainers,

We have a release candidate for ldns 1.6.17

Besides many bug fixes the most prominent new features are:
- - A new option to drill (-I) to query from a specific source address
- - All RR types registered at IANA are now implemented: HIP, NINFO, RKEY,
  CDS, EUI48, EUI64, TKEY, URI, CAA and TA, but RR types which are
  still draft need to be explicitly enabled with configure options:
  --enable-rrtype-ninfo
  --enable-rrtype-rkey
  --enable-rrtype-cds
  --enable-rrtype-uri
  --enable-rrtype-ta
- - Much better performance of ldns-verify-zone with bigger NSEC3 zones
  from NIC MX.
- - Perl5 bindings from Erik Ostlyngen. Enable with --with-p5-dns-ldns

This version will continue using a SONAME version equal to the version
of the package: libldns.so.1.6.17.  This after careful consideration
and internal discussion.  If you feel this is wrong, please speak up.

Please review this release candidate carefully and let us know if
anything is wrong.  If all is well, the actual release will follow
Friday January the 10th 2014.

Best regards,

Willem

link: http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.17rc1.tar.gz
sha1: 49631ed2fb05d4c3379892a1f9c25520f72d38a0


Changelog:
==========
* Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
  zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
* Add --disable-dane option to configure and check availability of the
  for dane needed X509_check_ca function in openssl.
* bugfix #490: Get rid of type-punned pointer warnings.
  Thanks Adam Tkac.
* Make sure executables are linked against libcrypto with the
  LIBSSL_LDFLAGS. Thanks Leo Baltus.
* Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
* README now shows preferred way to configure for examples and drill.
* Bind to source address for resolvers. drill binds to source with -I.
  Thanks Bryan Duff.
* -T option for ldns-dane that has specific exit status for PKIX
  validated connections without (secure) TLSA records.
* Fix b{32,64}_{ntop,pton} detection and handling.
* New RR type TKEY, but without operational practice.
* New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
* New output format flag (and accompanying functions) to print certain
  RR's as unknown type
* -u and -U parameter for ldns-read-zone to mark/unmark a RR type
  for printing as unknown type
* bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
* bugfix #497: Properly test for EOF when reading key files with drill.
* New functions: ldns_pkt_ixfr_request_new and
  ldns_pkt_ixfr_request_new_frm_str.
* Use SNI with ldns-dane
* bugfix #507: ldnsx Fix use of non-existent variables and not
  properly referring to instance variable.  Patch from shussain.
* bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
  dictionary.  Patch from shussain.
* bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
  file pointer.
* Fix memory leak in contrib/python: ldns_pkt.new_query.
* Fix buffer overflow in fget_token and bget_token.
* ldns-verify-zone NSEC3 checking from quadratic to linear performance.
  Thanks NIC MX (nicmexico.mx)
* ldns-dane setup new ssl session for each new connect to prevent hangs
* bugfix #521: drill trace continue on empty non-terminals with NSEC3
* bugfix #525: Fix documentation of ldns_resolver_set_retry
* Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
* Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
* Configure option to build perl bindings: --with-p5-dns-ldns
  (Net::LDNS is a contribution from Erik Ostlyngen)
* bugfix #527: Move -lssl before -lcrypto when linking
* Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
* Compare names case insensitive with ldns_pkt_rr_list_by_name and
  ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
* A separate --enable for each draft RR type: --enable-rrtype-ninfo,
  --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
  --enable-rrtype-ta
* bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
* bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
* Adjust ldns_sha1() so that the input data is not modified (Thanks
  Marc Buijsman)
* Messages to stderr are now off by default and can be reenabled with
  the --enable-stderr-msgs configure option.


pyldns Changelog:
=================
* Added ldns_rdf.data_as_bytearray(). The method returns a bytearray
  object containing rdf data.
* Changed the behaviour of ldns_resolver.trusted_key() in order to
  prevent memory corrupotion and leaks.
* Fixed memory leaks when destroying ldns_resolver.
* Removed ldns_pkt.section_count(), ldns_resolver.set_searchlist_count()
  because it is marked static in the library.
* Added ldns_pkt.new(), ldns_resolver.new().
* Marked as returning new object ldns_pkt.get_section_clone(),
  ldns_resolver.get_addr_by_name(), ldns_resolver.get_name_by_addr(),
  ldns_resolver.search().
* Added push cloning for ldns_pkt.safe_push_rr(),
  ldns_pkt.safe_push_rr_list(), ldns_pkt.set_additional(),
  ldns_pkt.set_answer(), ldns_pkt.set_answerfrom(),
  ldns_pkt.set_authority(), ldns_pkt.set_edns_data(),
  ldns_pkt.set_question(), ldns_pkt.set_tsig(),
  ldns_resolver.set_dnssec_anchors(), ldns_resolver.set_domain().
* Added pull cloning for ldns_pkt.answerfrom(), ldns_pkt.edns_data(),
  ldns_pkt.tsig(), ldns_resolver.axfr_last_pkt(),
  ldns_resolver.dnssec_anchors(), ldns_resolver.domain(),
  ldns_resolver.tsig_algorithm(), ldns_resolver.tsig_keydata(),
  ldns_resolver.tsig_keyname().
* Method ldns_rdf.reverse() now throws an exception when not applied
  on dname rdfs. This is to prevent assertion fails in ldns' C code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSxtDRAAoJEOX4+CEvd6SYhRkP/3E7hi6WoasUS4P1salU6Ech
8zm4I2T3su/3bDEL8yJsdXySqDamLxgXACUr34Dup1z8MWSMQw8A06cbVO+yzd8n
pot9W2rRXrjQjereJwhYDmv+MAyvYjFooFOYJ0B3gVlXqiJCE1m2+078z5TCjTaN
EQiBtHi2CxlWJvNeCyHDeHkNkHzeEHF2UF5fPH3HYE/hT1fDfaot/bh1ZCPOC3Pe
15xDqdB1Mb8cJuKAQDEti1vrNjlYV3N2Hs0CHPt66uN0qtH63WUN8nkjPNvma/k9
zpFYHMWajI7ahE2+R9mSfUXAfBjgutHyEJFZ5l6lQdHp6Ia8zyh/A8f0W3kOMd23
xK+9XwlD7+5RWBelR0z5k5wV4FaGM8dXX2wEXzqVIibVp8Q0f/4Ebop+VavHQ0Y8
Wu/OhSe8RXsTlZuGtOrwm0R0Nh4oi9y/Q8ALzMfK0jQmOJaO9MjcCF4AWcRjyriw
+ZGYwuniZYjrzJ+rWNGX8cJZR8QFvoxMfNhmEVffoMju7yMz3Kukh710oHdB4fqm
K+aKNOMP7h5w4FU6fvUVmmwRrnnmn9Nl0wou+SUBl0EK9gLK11PRDwTsn6b9T2BN
0HdujTEupJFb6YBFB+mdnNlmqDJNkkBcGGdH+BhahUQJDw5skijM48ck1rviDyG4
kI+DqAImtRNieC2VIbp1
=ZjyI
-----END PGP SIGNATURE-----



More information about the ldns-users mailing list