[ldns-users] First candidate for ldns-1.7.1 release

Willem Toorop willem at nlnetlabs.nl
Fri Jul 19 02:08:52 UTC 2019

Dear all,

We have a new candidate for the upcoming 1.7.1 release of ldns.
Besides many bugfixes, this release also has a few new features:

* Support for DNSSEC algorithms ED25519 and ED448
  when compiled with OpenSSL 1.1.1

* An -I option to ldns-notify to specify a source IP address
  to send to notify from.

* Complete OpenSSL engine support with ldns-signzone
  contributed by Vadim Penzin

Please review this release candidate carefully and let us know if
anything is wrong.  If all is well, the actual release will follow
Friday the 26th of July 2019.

link: https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1-rc1.tar.gz
sha1: bf3a50dcdd2e80958d6a0d8961e4835a2476515a
asc : https://nlnetlabs.nl/downloads/ldns/ldns-1.7.1-rc1.tar.gz.asc

* bugfix: Manage verification paths for OpenSSL >= 1.1.0
  Thanks Marco Davids
* bugfix #4106: find the SDK on MacOS X <= 10.6
  Thanks Bill Cole
* bugfix #4155: ldns-config contains never used variables
  Thanks Petr Menšík
* bugfix #4221: drill -x crashes with malformed IPv4 address
  Thanks Oleksandr Tymoshenko
* bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK
  Thanks Tony Finch
* bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences
  Thanks Bill Parker
* bugfix #1260: Anticipate strchr returning NULL on unfound char
  Thanks Stephan Zeisberg
* bugfix #1257: Free after reallocing to 0 size
  Thanks Stephan Zeisberg
* bugfix #1256: Check parse limit before t increment
  Thanks Stephan Zeisberg
* bugfix #1245: Only one signature per RRset needs to be valid with
  ldns-verify-zone.  Thanks Emil Natan.
* ldns-notify can use all supported hash algorithms with -y.
* bugfix #1209: make install ldns.pc file
  Thanks Oleksandr Natalenko
* bugfix #1218: Only chase DS if signer is parent of owner.
  Thanks Emil Natan
* bugfix #617: Retry WKS service and protocol names lower case.
  Thanks Siali Yan
* Spelling errors in binaries and man pages
  Thanks Andreas Schulze
* removed duplicate condition in ldns_udp_send_query.
* ldns_wire2pkt: fix null pointer dereference if pkt allocation fails
  and fix memory leak with more EDNS sections
  Thanks Jan Vcelak
* bugfix #1399: ldns_pkt2wire() Python binding is broken.
  Thanks James Raftery
* ED25519 and ED448 support. Default is to autodetect support in
  OpenSSL.  Disable with --disable-ed25519 and --disable-ed448.
* ldns-notify: can have IPv6 address as argument.
* Fix time sensitive TSIG compare vulnerability.
* Fix that ldns-testns ignores sigpipe.
* Fix that ldns-notify sets the query RR as question RR, this
  removes the wrong TTL and 0 rdata from the packet printout.
* Allow -T flag to be used together with drill -x
* Python bindings compile with swig 4.0
  Thanks Jitka Plesníková
* bugfix #4248: drill -DT fails for CNAME domain
  Thanks Thom Wiggers
* bugfix #4214: Various fixes and leaks found by coverity.
  Thanks Petr Menšík
* Feature #3394: An -I option to ldns-notify to specify a source
  IP address to send to notify from.  Thanks Geert Hendrickx
* Bugfix #279: New API functions ldns_udp_connect2,
  ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2,
  that return -1 on failure and allow socket number 0
  to be returned too.  Thanks Joerg Sonnenberger
* Bugfix #1447: More verbose reporting of chasing problems with
  ldns-verify-zone.  Thanks Stephane Guedon
* OpenSSL engine support with ldns-signzone.
  See also https://penzin.net/ldns-signzone/
  Many thanks Vadim Penzin.
* Various improvements found with shellcheck.
  Thanks Jeffrey Walton

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20190718/80dba480/attachment.bin>

More information about the ldns-users mailing list