[ldns-users] ldns 1.8.1 quickfix release

Willem Toorop willem at nlnetlabs.nl
Fri Dec 3 08:10:11 UTC 2021

Dear all,

Version 1.8.0 of ldns had two bugs preventing it to install correctly:

  * The soname went down compared to ldns-1.7.1

  * ldns.pc was installed from a wrong location, preventing installation
    were the build directory is different from the source directory.

This quick fix release has these resolved. Compared to the 1.7.1 release
of ldns, this release has many bugfixes and a few new features, most

* ZONEMD support in ldns-signzone and ldns-verify-zone

* Draft implementation of the SVCB and HTTPS RR types.
  Use --enable-rrtype-svcb-https with configure to compile with these

link  : https://nlnetlabs.nl/downloads/ldns/ldns-1.8.1.tar.gz
sha256: 958229abce4d3aaa19a75c0d127666564b17216902186e952ca4aef47c6d7fa3
asc   : https://nlnetlabs.nl/downloads/ldns/ldns-1.8.1.tar.gz.asc

1.8.1   2021-12-03
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
  needs to larger. Thanks Leah Neukirchen & Felipe Gasper
* Undo PR#123 fix ldns.pc installation when building out-of-source
  Thanks Alex Xu

1.8.0   2021-11-26
* bugfix #38: Print "line" before line number when printing
  zone parse errors. Thanks Petr Špaček.
* bugfix: Revert unused variables in ldns-config removal patch.
* bugfix #50: heap Out-of-bound Read vulnerability in
  rr_frm_str_internal reported by pokerfacett.
* bugfix #51: Heap Out-of-bound Read vulnerability in
  ldns_nsec3_salt_data reported by pokerfacett.
* Fix memory leak in examples/ldns-testns handle_tcp routine.
* Detect fixed time memory compare for openssl 0.9.8.
* Fix compile warning by variable initialisation for older gcc.
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
  available on tvOS.
* Fix for #93: fix packaging/libldns.pc Makefile rule.
* ZONEMD support in ldns-signzone and ldns-verify-zone
* ldns-testns can answer several queries over one tcp connection,
  if they arrive within 100msec of each other.
* Fix so that ldns-testns does not leak sockets if the read fails.
* SVCB and HTTPS draft rrtypes.
  Enable with --enable-rrtype-svcb-https.
* bugfix #117: Assertion failure with DNSSEC validating of
  non existence of RR types at the root.  Thanks ZjYwMj
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
  record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
* bugfix #119: Let example tools read longer RR's than
* Add SVCPARAMS to python ldns_rdf_type2str function.
* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
  the $INCLUDE not implemented error.
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
  number for an empty line after a comment.
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
  compression optional when converting packets to wire format.
  Thanks Eli Lindsey
* Option to ldns-keygen to create symlinks with known names
  (i.e. without the key id) to the created files.
  Thanks Andreas Schulze
* Fix #121: Correct handling of centimetres by LOC parser.
  Thanks Felipe Gasper
* PR #126: Link with libldns.la in Makefile.in.
  Thanks orbea
* PR #127: Addes option -Q to drill to give short answer.
  Thanks niknah
* PR #133: Update m4 files for python modules.
  Thanks Petr Menšík
* Bufix CAA value fields may be empty: Thanks Robert Mortimer
* PR #108: Fix for ldns-compare-zones net detecting when first zone
  has a RRset that shrinks from two to one RRs, or grows from one
  to two RRs. Thanks Emilio Caballero
* Fix #131: Drill sig chasing breaks with gcc-11 and
  strict-aliasing. Thanks Stanislav Levin
* Fix #130: Unless $TLL is defined, ttl defaults to the last
  explicitly stated value. Thanks Benno
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
  Thanks Daniel J. Luke
* Let ldns-signzone warn for high NSEC3 iteration counts.
  Thanks Andreas Schulze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20211203/e70e482a/attachment.bin>

More information about the ldns-users mailing list