From willem at nlnetlabs.nl Fri Jul 19 02:08:52 2019 From: willem at nlnetlabs.nl (Willem Toorop) Date: Thu, 18 Jul 2019 22:08:52 -0400 Subject: [ldns-users] First candidate for ldns-1.7.1 release Message-ID: Dear all, We have a new candidate for the upcoming 1.7.1 release of ldns. Besides many bugfixes, this release also has a few new features: * Support for DNSSEC algorithms ED25519 and ED448 when compiled with OpenSSL 1.1.1 * An -I option to ldns-notify to specify a source IP address to send to notify from. * Complete OpenSSL engine support with ldns-signzone contributed by Vadim Penzin Please review this release candidate carefully and let us know if anything is wrong. If all is well, the actual release will follow Friday the 26th of July 2019. link: https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1-rc1.tar.gz sha1: bf3a50dcdd2e80958d6a0d8961e4835a2476515a asc : https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1-rc1.tar.gz.asc Changelog ========= * bugfix: Manage verification paths for OpenSSL >= 1.1.0 Thanks Marco Davids * bugfix #4106: find the SDK on MacOS X <= 10.6 Thanks Bill Cole * bugfix #4155: ldns-config contains never used variables Thanks Petr Men??k * bugfix #4221: drill -x crashes with malformed IPv4 address Thanks Oleksandr Tymoshenko * bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK Thanks Tony Finch * bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences Thanks Bill Parker * bugfix #1260: Anticipate strchr returning NULL on unfound char Thanks Stephan Zeisberg * bugfix #1257: Free after reallocing to 0 size Thanks Stephan Zeisberg * bugfix #1256: Check parse limit before t increment Thanks Stephan Zeisberg * bugfix #1245: Only one signature per RRset needs to be valid with ldns-verify-zone. Thanks Emil Natan. * ldns-notify can use all supported hash algorithms with -y. * bugfix #1209: make install ldns.pc file Thanks Oleksandr Natalenko * bugfix #1218: Only chase DS if signer is parent of owner. Thanks Emil Natan * bugfix #617: Retry WKS service and protocol names lower case. Thanks Siali Yan * Spelling errors in binaries and man pages Thanks Andreas Schulze * removed duplicate condition in ldns_udp_send_query. * ldns_wire2pkt: fix null pointer dereference if pkt allocation fails and fix memory leak with more EDNS sections Thanks Jan Vcelak * bugfix #1399: ldns_pkt2wire() Python binding is broken. Thanks James Raftery * ED25519 and ED448 support. Default is to autodetect support in OpenSSL. Disable with --disable-ed25519 and --disable-ed448. * ldns-notify: can have IPv6 address as argument. * Fix time sensitive TSIG compare vulnerability. * Fix that ldns-testns ignores sigpipe. * Fix that ldns-notify sets the query RR as question RR, this removes the wrong TTL and 0 rdata from the packet printout. * Allow -T flag to be used together with drill -x * Python bindings compile with swig 4.0 Thanks Jitka Plesn?kov? * bugfix #4248: drill -DT fails for CNAME domain Thanks Thom Wiggers * bugfix #4214: Various fixes and leaks found by coverity. Thanks Petr Men??k * Feature #3394: An -I option to ldns-notify to specify a source IP address to send to notify from. Thanks Geert Hendrickx * Bugfix #279: New API functions ldns_udp_connect2, ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2, that return -1 on failure and allow socket number 0 to be returned too. Thanks Joerg Sonnenberger * Bugfix #1447: More verbose reporting of chasing problems with ldns-verify-zone. Thanks Stephane Guedon * OpenSSL engine support with ldns-signzone. See also https://penzin.net/ldns-signzone/ Many thanks Vadim Penzin. * Various improvements found with shellcheck. Thanks Jeffrey Walton -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From anandb at ripe.net Fri Jul 19 09:15:20 2019 From: anandb at ripe.net (Anand Buddhdev) Date: Fri, 19 Jul 2019 11:15:20 +0200 Subject: [ldns-users] First candidate for ldns-1.7.1 release In-Reply-To: References: Message-ID: <74413457-9c33-3b67-73fc-4a4eb05df0d2@ripe.net> Hi Willem, I've opened https://github.com/NLnetLabs/ldns/issues/36 It would be handy if you could fix this before releasing 1.7.1. Thanks in advance! Regards, Anand On 19/07/2019 04:08, Willem Toorop wrote: > Dear all, > > We have a new candidate for the upcoming 1.7.1 release of ldns. > Besides many bugfixes, this release also has a few new features: [snip] From noloader at gmail.com Fri Jul 19 20:39:03 2019 From: noloader at gmail.com (Jeffrey Walton) Date: Fri, 19 Jul 2019 16:39:03 -0400 Subject: [ldns-users] First candidate for ldns-1.7.1 release In-Reply-To: References: Message-ID: On Thu, Jul 18, 2019 at 10:09 PM Willem Toorop wrote: > > We have a new candidate for the upcoming 1.7.1 release of ldns. > Besides many bugfixes, this release also has a few new features: > > * Support for DNSSEC algorithms ED25519 and ED448 > when compiled with OpenSSL 1.1.1 > > * An -I option to ldns-notify to specify a source IP address > to send to notify from. > > * Complete OpenSSL engine support with ldns-signzone > contributed by Vadim Penzin > > Please review this release candidate carefully and let us know if > anything is wrong. If all is well, the actual release will follow > Friday the 26th of July 2019. Working from Master on Fedora 30 with GCC 8.2: ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. -I/usr/local/include -DNDEBUG -DHAVE_CONFIG_H -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g2 -O2 -march=native -fPIC -pthread -I/usr/local/include -c ./error.c -o error.lo ./duration.c: In function ?ldns_duration2string?: ./duration.c:287:15: warning: ?strncat? specified bound 1 equals source length [-Wstringop-overflow=] 287 | str = strncat(str, "T", 1); | ^~~~~~~~~~~~~~~~~~~~ ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. -I/usr/local/include -DNDEBUG -DHAVE_CONFIG_H -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g2 -O2 -march=native -fPIC -pthread -I/usr/local/include -c ./sha1.c -o sha1.lo ./rr.c:215:4: warning: ?strncpy? specified bound depends on the length of the source argument [-Wstringop-overflow=] 215 | strncpy(type, ttl, strlen(ttl) + 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./rr.c:215:23: note: length computed here 215 | strncpy(type, ttl, strlen(ttl) + 1); | ^~~~~~~~~~~ ./rr.c:234:4: warning: ?strncpy? specified bound depends on the length of the source argument [-Wstringop-overflow=] 234 | strncpy(type, clas, strlen(clas) + 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./rr.c:234:24: note: length computed here 234 | strncpy(type, clas, strlen(clas) + 1); | ^~~~~~~~~~~~ ./rr.c:445:5: warning: ?strncpy? output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation] 445 | strncpy(hex_data_str + cur_hex_data_size, rd, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 446 | rd_strlen); | ~~~~~~~~~~ ./rr.c:436:18: note: length computed here 436 | rd_strlen = strlen(rd); | ^~~~~~~~~~ From willem at nlnetlabs.nl Wed Jul 24 13:19:25 2019 From: willem at nlnetlabs.nl (Willem Toorop) Date: Wed, 24 Jul 2019 09:19:25 -0400 Subject: [ldns-users] First candidate for ldns-1.7.1 release In-Reply-To: References: Message-ID: <2efbb09b-ef65-e3f0-b0ef-69afa24d27dc@nlnetlabs.nl> On 19-07-19 16:39, Jeffrey Walton wrote: > On Thu, Jul 18, 2019 at 10:09 PM Willem Toorop wrote: >> >> We have a new candidate for the upcoming 1.7.1 release of ldns. >> Besides many bugfixes, this release also has a few new features: >> >> * Support for DNSSEC algorithms ED25519 and ED448 >> when compiled with OpenSSL 1.1.1 >> >> * An -I option to ldns-notify to specify a source IP address >> to send to notify from. >> >> * Complete OpenSSL engine support with ldns-signzone >> contributed by Vadim Penzin >> >> Please review this release candidate carefully and let us know if >> anything is wrong. If all is well, the actual release will follow >> Friday the 26th of July 2019. > > Working from Master on Fedora 30 with GCC 8.2: Thanks Jeffrey, but you should not compile from master. The release candidate is on develop. -- Willem > > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. > -I/usr/local/include -DNDEBUG -DHAVE_CONFIG_H > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g2 -O2 > -march=native -fPIC -pthread -I/usr/local/include -c ./error.c -o > error.lo > ./duration.c: In function ?ldns_duration2string?: > ./duration.c:287:15: warning: ?strncat? specified bound 1 equals > source length [-Wstringop-overflow=] > 287 | str = strncat(str, "T", 1); > | ^~~~~~~~~~~~~~~~~~~~ > > > ./libtool --tag=CC --quiet --mode=compile gcc -I. -I. > -I/usr/local/include -DNDEBUG -DHAVE_CONFIG_H > -DLDNS_TRUST_ANCHOR_FILE="\"/usr/local/etc/unbound/root.key\"" > -Wunused-function -Wstrict-prototypes -Wwrite-strings -W -Wall -g2 -O2 > -march=native -fPIC -pthread -I/usr/local/include -c ./sha1.c -o > sha1.lo > ./rr.c:215:4: warning: ?strncpy? specified bound depends on the length > of the source argument [-Wstringop-overflow=] > 215 | strncpy(type, ttl, strlen(ttl) + 1); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./rr.c:215:23: note: length computed here > 215 | strncpy(type, ttl, strlen(ttl) + 1); > | ^~~~~~~~~~~ > ./rr.c:234:4: warning: ?strncpy? specified bound depends on the length > of the source argument [-Wstringop-overflow=] > 234 | strncpy(type, clas, strlen(clas) + 1); > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ./rr.c:234:24: note: length computed here > 234 | strncpy(type, clas, strlen(clas) + 1); > | ^~~~~~~~~~~~ > ./rr.c:445:5: warning: ?strncpy? output truncated before terminating > nul copying as many bytes from a string as its length > [-Wstringop-truncation] > 445 | strncpy(hex_data_str + cur_hex_data_size, rd, > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > 446 | rd_strlen); > | ~~~~~~~~~~ > ./rr.c:436:18: note: length computed here > 436 | rd_strlen = strlen(rd); > | ^~~~~~~~~~ > From willem at nlnetlabs.nl Wed Jul 24 14:36:02 2019 From: willem at nlnetlabs.nl (Willem Toorop) Date: Wed, 24 Jul 2019 10:36:02 -0400 Subject: [ldns-users] Second candidate for the ldns-1.7.1 release Message-ID: <85790b52-e559-d2fb-1684-8c78d1037f3c@nlnetlabs.nl> Dear all, We have a second candidate for the upcoming 1.7.1 release of ldns. This candidate has the review feedback on the first candidate addressed. This feedback was about compiler warnings on certain systems, a documentation omission, and a missing Makefile.PL in the contrib/DNS-LDNS perl module contribution. Because the feedback did not affect core ldns functionality, I consider it safe to have the actual release still coming Friday. Please have another good look at this release candidate and let us know if anything is wrong. If all is well, the actual release will follow Friday the 26th of July 2019. link: https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1-rc2.tar.gz sha1: 3667944623cc5636d4edbc459a2bbda347873cd0 asc : https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1-rc2.tar.gz.asc Changelog ========= * bugfix: Manage verification paths for OpenSSL >= 1.1.0 Thanks Marco Davids * bugfix #4106: find the SDK on MacOS X <= 10.6 Thanks Bill Cole * bugfix #4155: ldns-config contains never used variables Thanks Petr Men??k * bugfix #4221: drill -x crashes with malformed IPv4 address Thanks Oleksandr Tymoshenko * bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK Thanks Tony Finch * bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences Thanks Bill Parker * bugfix #1260: Anticipate strchr returning NULL on unfound char Thanks Stephan Zeisberg * bugfix #1257: Free after reallocing to 0 size Thanks Stephan Zeisberg * bugfix #1256: Check parse limit before t increment Thanks Stephan Zeisberg * bugfix #1245: Only one signature per RRset needs to be valid with ldns-verify-zone. Thanks Emil Natan. * ldns-notify can use all supported hash algorithms with -y. * bugfix #1209: make install ldns.pc file Thanks Oleksandr Natalenko * bugfix #1218: Only chase DS if signer is parent of owner. Thanks Emil Natan * bugfix #617: Retry WKS service and protocol names lower case. Thanks Siali Yan * Spelling errors in binaries and man pages Thanks Andreas Schulze * removed duplicate condition in ldns_udp_send_query. * ldns_wire2pkt: fix null pointer dereference if pkt allocation fails and fix memory leak with more EDNS sections Thanks Jan Vcelak * bugfix #1399: ldns_pkt2wire() Python binding is broken. Thanks James Raftery * ED25519 and ED448 support. Default is to autodetect support in OpenSSL. Disable with --disable-ed25519 and --disable-ed448. * ldns-notify: can have IPv6 address as argument. * Fix time sensitive TSIG compare vulnerability. * Fix that ldns-testns ignores sigpipe. * Fix that ldns-notify sets the query RR as question RR, this removes the wrong TTL and 0 rdata from the packet printout. * Allow -T flag to be used together with drill -x * Python bindings compile with swig 4.0 Thanks Jitka Plesn?kov? * bugfix #4248: drill -DT fails for CNAME domain Thanks Thom Wiggers * bugfix #4214: Various fixes and leaks found by coverity. Thanks Petr Men??k * Feature #3394: An -I option to ldns-notify to specify a source IP address to send to notify from. Thanks Geert Hendrickx * Bugfix #279: New API functions ldns_udp_connect2, ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2, that return -1 on failure and allow socket number 0 to be returned too. Thanks Joerg Sonnenberger * Bugfix #1447: More verbose reporting of chasing problems with ldns-verify-zone. Thanks Stephane Guedon * OpenSSL engine support with ldns-signzone. See also https://penzin.net/ldns-signzone/ Many thanks Vadim Penzin. * Various improvements found with shellcheck. Thanks Jeffrey Walton * PR #36 Update manpage of ldns-notify to mention algorithm support with TSIG. Thanks Anand Buddhdev * Compile warnings with signed char input to to_lower() and is_digit() with NetDNS. Thanks H?vard Eidnes * Missing Makefile.PL in DNS-LDNS perl module contribution. Thanks Jaap Akkerhuis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From willem at nlnetlabs.nl Fri Jul 26 15:55:01 2019 From: willem at nlnetlabs.nl (Willem Toorop) Date: Fri, 26 Jul 2019 11:55:01 -0400 Subject: [ldns-users] ldns 1.7.1 released Message-ID: Dear all, I am pleased to announce that version 1.7.1 of ldns is now available. Besides many bugfixes, this release also has a few new features: * Support for DNSSEC algorithms ED25519 and ED448 when compiled with OpenSSL 1.1.1 * An -I option to ldns-notify to specify a source IP address to send to notify from. * Complete OpenSSL engine support with ldns-signzone contributed by Vadim Penzin link: https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1.tar.gz sha1: d075a08972c0f573101fb4a6250471daaa53cb3e asc : https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1.tar.gz.asc Changelog ========= * bugfix: Manage verification paths for OpenSSL >= 1.1.0 Thanks Marco Davids * bugfix #4106: find the SDK on MacOS X <= 10.6 Thanks Bill Cole * bugfix #4155: ldns-config contains never used variables Thanks Petr Men??k * bugfix #4221: drill -x crashes with malformed IPv4 address Thanks Oleksandr Tymoshenko * bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK Thanks Tony Finch * bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences Thanks Bill Parker * bugfix #1260: Anticipate strchr returning NULL on unfound char Thanks Stephan Zeisberg * bugfix #1257: Free after reallocing to 0 size Thanks Stephan Zeisberg * bugfix #1256: Check parse limit before t increment Thanks Stephan Zeisberg * bugfix #1245: Only one signature per RRset needs to be valid with ldns-verify-zone. Thanks Emil Natan. * ldns-notify can use all supported hash algorithms with -y. * bugfix #1209: make install ldns.pc file Thanks Oleksandr Natalenko * bugfix #1218: Only chase DS if signer is parent of owner. Thanks Emil Natan * bugfix #617: Retry WKS service and protocol names lower case. Thanks Siali Yan * Spelling errors in binaries and man pages Thanks Andreas Schulze * removed duplicate condition in ldns_udp_send_query. * ldns_wire2pkt: fix null pointer dereference if pkt allocation fails and fix memory leak with more EDNS sections Thanks Jan Vcelak * bugfix #1399: ldns_pkt2wire() Python binding is broken. Thanks James Raftery * ED25519 and ED448 support. Default is to autodetect support in OpenSSL. Disable with --disable-ed25519 and --disable-ed448. * ldns-notify: can have IPv6 address as argument. * Fix time sensitive TSIG compare vulnerability. * Fix that ldns-testns ignores sigpipe. * Fix that ldns-notify sets the query RR as question RR, this removes the wrong TTL and 0 rdata from the packet printout. * Allow -T flag to be used together with drill -x * Python bindings compile with swig 4.0 Thanks Jitka Plesn?kov? * bugfix #4248: drill -DT fails for CNAME domain Thanks Thom Wiggers * bugfix #4214: Various fixes and leaks found by coverity. Thanks Petr Men??k * Feature #3394: An -I option to ldns-notify to specify a source IP address to send to notify from. Thanks Geert Hendrickx * Bugfix #279: New API functions ldns_udp_connect2, ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2, that return -1 on failure and allow socket number 0 to be returned too. Thanks Joerg Sonnenberger * Bugfix #1447: More verbose reporting of chasing problems with ldns-verify-zone. Thanks Stephane Guedon * OpenSSL engine support with ldns-signzone. See also https://penzin.net/ldns-signzone/ Many thanks Vadim Penzin. * Various improvements found with shellcheck. Thanks Jeffrey Walton * PR #36 Update manpage of ldns-notify to mention algorithm support with TSIG. Thanks Anand Buddhdev * Compile warnings with signed char input to to_lower() and is_digit() with NetBSD. Thanks H?vard Eidnes * Missing Makefile.PL in DNS-LDNS perl module contribution. Thanks Jaap Akkerhuis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: