Created attachment 230046 [details]
patch to upgrade

Features
========

* ZONEMD support in ldns-signzone and ldns-verify-zone

* Draft implementation of the SVCB and HTTPS RR types.
  Use --enable-rrtype-svcb-https with configure to compile with these
  supported.

Changelog
=========

1.8.1   2021-12-03
* bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname
  needs to larger. Thanks Leah Neukirchen & Felipe Gasper
* Undo PR#123 fix ldns.pc installation when building out-of-source
  Thanks Alex Xu

1.8.0   2021-11-26
* bugfix #38: Print "line" before line number when printing
  zone parse errors. Thanks Petr Špaček.
* bugfix: Revert unused variables in ldns-config removal patch.
* bugfix #50: heap Out-of-bound Read vulnerability in
  rr_frm_str_internal reported by pokerfacett.
* bugfix #51: Heap Out-of-bound Read vulnerability in
  ldns_nsec3_salt_data reported by pokerfacett.
* Fix memory leak in examples/ldns-testns handle_tcp routine.
* Detect fixed time memory compare for openssl 0.9.8.
* Fix compile warning by variable initialisation for older gcc.
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
  available on tvOS.
* Fix for #93: fix packaging/libldns.pc Makefile rule.
* ZONEMD support in ldns-signzone and ldns-verify-zone
* ldns-testns can answer several queries over one tcp connection,
  if they arrive within 100msec of each other.
* Fix so that ldns-testns does not leak sockets if the read fails.
* Detect fixed time memory compare for openssl 0.9.8.
* Fix compile warning by variable initialisation for older gcc.
* Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not
  available on tvOS.
* Fix for #93: fix packaging/libldns.pc Makefile rule.
* ZONEMD support in ldns-signzone and ldns-verify-zone
* ldns-testns can answer several queries over one tcp connection,
  if they arrive within 100msec of each other.
* Fix so that ldns-testns does not leak sockets if the read fails.
* SVCB and HTTPS draft rrtypes.
  Enable with --enable-rrtype-svcb-https.
* bugfix #117: Assertion failure with DNSSEC validating of
  non existence of RR types at the root.  Thanks ZjYwMj
* Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA
  record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl
* bugfix #119: Let example tools read longer RR's than
  LDNS_MAX_LINELEN
* Add SVCPARAMS to python ldns_rdf_type2str function.
* PR #134 Miscellaneous spelling fixes. Thanks jsoref!
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return
  the $INCLUDE not implemented error.
* Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line
  number for an empty line after a comment.
* Fix #135: Fix compile with OpenSSL-3.0.0-beta2.
* PR #107: Added ldns_pkt2buffer_wire_compress() to make dname
  compression optional when converting packets to wire format.
  Thanks Eli Lindsey
* Option to ldns-keygen to create symlinks with known names
  (i.e. without the key id) to the created files.
  Thanks Andreas Schulze
* Fix #121: Correct handling of centimetres by LOC parser.
  Thanks Felipe Gasper
* PR #126: Link with libldns.la in Makefile.in.
  Thanks orbea
* PR #127: Addes option -Q to drill to give short answer.
  Thanks niknah
* PR #133: Update m4 files for python modules.
  Thanks Petr Menšík
* Bufix CAA value fields may be empty: Thanks Robert Mortimer
* PR #108: Fix for ldns-compare-zones net detecting when first zone
  has a RRset that shrinks from two to one RRs, or grows from one
  to two RRs. Thanks Emilio Caballero
* Fix #131: Drill sig chasing breaks with gcc-11 and
  strict-aliasing. Thanks Stanislav Levin
* Fix #130: Unless $TLL is defined, ttl defaults to the last
  explicitly stated value. Thanks Benno
* Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc
* Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0
  Thanks Daniel J. Luke
* Let ldns-signzone warn for high NSEC3 iteration counts.
  Thanks Andreas Schulze