Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libldns2-1.7.0-4.3.1 RPM for s390x

From OpenSuSE Leap 15.3 for s390x

Name: libldns2 Distribution: SUSE Linux Enterprise 15
Version: 1.7.0 Vendor: SUSE LLC <>
Release: 4.3.1 Build date: Mon Mar 23 16:45:11 2020
Group: System/Libraries Build host: s390lp4
Size: 442136 Source RPM: ldns-1.7.0-4.3.1.src.rpm
Summary: A library for developing the Domain Name System
ldns is a C library that can be used for domain name system (DNS)
development. It supports RFCs like the DNSSEC documents, and allows
developers to create software conforming to RFCs, as well as
experimental software for current Internet Drafts.






* Mon Mar 23 2020
  - bsc_1068709.patch: Fixes a double-free vulnerability
    (bsc#1068709, CVE-2017-1000232)
  - bsc_1068711.patch: Fixes a buffer overflow during token parsing
    (bsc#1068711, CVE-2017-1000231)
* Mon Jan 08 2018
  - Switch directly to python3 in order for us to proceed with py2
    obsoletion for future releases
    * Upstream sadly can build only against one of the two
* Thu Nov 16 2017
  - disable DANE verification when building with openssl < 1.1 to fix
    build on distributions that have openssl 1.0.x
* Sun Aug 27 2017
  - Update descriptions.
* Fri Aug 18 2017
  - Update to version 1.7.0
    * Ldns built with openssl-1.1.0 [bsc#1042653]
    * Fix #551 change Regent to Copyright holder in BSD license in some of
      the headings of the file, to match the BSD license.
    * -e option makes ldns-compare-zones exit with status code 2 on difference
    * Filter out specified RR types with ldns-read-zone -e and -E options
    * bugfix #563: Correct DNSKEY from DSA private key.
    * bugfix #562: ldns-keygen match DSA key maximum size with library.
      And check keysizes with all algorithms.
    * ldns-verify-zone accepts only one single zonefile as argument.
    * bugfix #573: ldns-keygen write private keys with mode 0600.
    * Fix configure to make ldns compile with LibreSSL 2.0
    * drill now also accepts dig style -y option
      (-y <[algo:]name:key> i.s.o. -y <name:key[:algo]>)
    * OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey
    * bugfix #608: Correct comment about escaped characters
    * CDS and CDNSKEY rr type from RFC 7344. --enable-rrtype-cds configure
      option removed
    * fix: Memory leak in ldns_pkt_rr_list_by_name()
    * fix: Memory leak in ldns_dname2buffer_wire_compress()
    * bugfix #613: Allow tab as whitespace too in last rdata field of types
      of variable length.
    * bugfix: strip trailing whitespace from $ORIGIN lines in zone files
    * Let ldns-keygen output .ds files only for KSK keys
    * Parse RFC7218 TLSA mnemonics, but do not output them
    * Let ldns-dane use SPKI as the default selector i.s.o. Cert
    * bugfix: Fit left over NSEC3s once more before adding empty non terminals
    * bugfix #605: Determine default trust anchor location at compile time
    * bugfix #697: Double free with ldns-dane create
    * bugfix #623: Do not redefine bool type and boolean values
    * bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx
    * bugfix #575: ldns_pkt_clone() does not copy timestamp field
    * bugfix #584: ldns-update fixes.  Send update to port 53, bring manpage
      in sync with the usage text, and don't alter the ldns_resolver passed
      to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone()
      function in the process.
    * bugfix #633: ldns_pkt_clone() parameter isn't const.
    * bugfix: ldns-dane manpage correction
    * RFC7553 RR Type URI is supported by default.
    * Fix ECDSA signature generation, do not omit leading zeroes.
    * bugfix: Get rid of superfluous newline in ldns-keyfetcher
    * bugfix: -U option to ldns-signzone to sign with every algorithm
    * const function parameters whenever possible.
    * bugfix #725: allow RR-types on the type bitmap window border
    * Add type CSYNC support, RFC 7477.
    * Prepare for ED25519, ED448 support: todo convert* routines in dnssec.h,
      once openssl has support for signing with these algorithms. The dns
      algorithm number is not yet allocated. These features are not fully
      implemented yet, openssl (1.1) does not support the algorithms enough
      to generate keys and sign and verify with them.
    * Fix drill axfr ipv4/ipv6 queries.
    * Fix for openssl 1.1.0 API changes.
    * bugfix #825: Module import breaks with newer SWIG versions.
    * bugfix #769: Add support for :: in an IPv6 address
    * bugfix #708: warnings and errors with xcode 6.1/7.0
    * bugfix #754: Memory leak in ldns_str2rdf_ipseckey
    * bugfix #661: Fail NSEC3 signing when NSEC domainname length would
    * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys.
    * bugfix #680: ldns fails to reject invalidly formatted RFC 7553 URI RRs.
    * bugfix #678: Use poll i.s.o. select to support > 1024 fds
    * Use OpenSSL DANE functions for verification (unless explicitly disabled
      with --disable-dane-ta-usage).
    * Bumb .so version
    * Include OPENPGPKEY RR type by default
    * rdata processing for SMIMEA RR type
    * Fix crash in displaying TLSA RR's.
    * Update ldns-key2ds man page to mention GOST and SHA384 hash functions.
    * Add sha384 and sha512 tsig algorithm.
    * Clarify data ownership with consts for tsig parameters.
    * bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0
    * bugfix #1160: Provide sha256 for release tarballs
    * --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0 even
      when the GOST engine is not available.
  - Dropped patch ldns-perl-5.22.patch
* Tue May 10 2016
  - disable python because the bindings dont match the old python
    version either
* Tue May 10 2016
  - disable perl on sle11 as it needs at least 5.14.2
* Tue May 10 2016
  - fix building on SLE11 by disabling gost
* Tue Sep 01 2015
  - Add ldns-perl-5.22.patch: Fix build with perl 5.22.
* Thu May 22 2014
  - update to 1.6.17
    * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
      zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
    * Add --disable-dane option to configure and check availability of the
      for dane needed X509_check_ca function in openssl.
    * bugfix #490: Get rid of type-punned pointer warnings.
      Thanks Adam Tkac.
    * Make sure executables are linked against libcrypto with the
      LIBSSL_LDFLAGS. Thanks Leo Baltus.
    * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
    * README now shows preferred way to configure for examples and drill.
    * Bind to source address for resolvers. drill binds to source with -I.
      Thanks Bryan Duff.
    * -T option for ldns-dane that has specific exit status for PKIX
      validated connections without (secure) TLSA records.
    * Fix b{32,64}_{ntop,pton} detection and handling.
    * New RR type TKEY, but without operational practice.
    * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
    * New output format flag (and accompanying functions) to print certain
      RR's as unknown type
    * -u and -U parameter for ldns-read-zone to mark/unmark a RR type
      for printing as unknown type
    * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
    * bugfix #497: Properly test for EOF when reading key files with drill.
    * New functions: ldns_pkt_ixfr_request_new and
    * Use SNI with ldns-dane
    * bugfix #507: ldnsx Fix use of non-existent variables and not
      properly referring to instance variable.  Patch from shussain.
    * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type
      dictionary.  Patch from shussain.
    * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL
      file pointer.
    * Fix memory leak in contrib/python: ldns_pkt.new_query.
    * Fix buffer overflow in fget_token and bget_token.
    * ldns-verify-zone NSEC3 checking from quadratic to linear performance.
      Thanks NIC MX (
    * ldns-dane setup new ssl session for each new connect to prevent hangs
    * bugfix #521: drill trace continue on empty non-terminals with NSEC3
    * bugfix #525: Fix documentation of ldns_resolver_set_retry
    * Remove unused LDNS_RDF_TYPE_TSIG and associated functions.
    * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek.
    * Configure option to build perl bindings: --with-p5-dns-ldns
      (DNS::LDNS is a contribution from Erik Ostlyngen)
    * bugfix #527: Move -lssl before -lcrypto when linking
    * Optimize TSIG digest function name comparison (Thanks Marc Buijsman)
    * Compare names case insensitive with ldns_pkt_rr_list_by_name and
      ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab)
    * A separate --enable for each draft RR type: --enable-rrtype-ninfo,
    - -enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and
    - -enable-rrtype-ta
    * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen)
    * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza)
    * Adjust ldns_sha1() so that the input data is not modified (Thanks
      Marc Buijsman)
    * Messages to stderr are now off by default and can be reenabled with
      the --enable-stderr-msgs configure option.
  - enable rrtype-ninfo, rrtype-rkey, rrtype-cds, rrtype-uri, rrtype-ta
  - build pyldnsx bindings
  - build perl bindings
  - pass the path to our CA store



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Jun 9 16:08:31 2022