| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changes are more than 100 lines, but it fixes these security problem.
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3409
|
|
Pkgsrc changes:
- Removed patch-ac for t/11-inet6.t, this got integrated by the software
maintainer.
Changes since version 0.58:
===========================
*** 0.59 September 18, 2006
Fix rt.cpan.org 20836, 20857, 20994, and 21402
These tickets all revolved around proper reverse mapping of IPv6
addresses.
Note that directly calling Question->new() withouth arguments will
cause the qclass,qtype to be IN, A instead of ANY, ANY.
Net::DNS::Resolver's search() method would always gracefully
interpret a qname in the form of an IPv4 address. It would go out
and do a PTR query in the reverse address tree. This behavior has
also been applied to IPv6 addresses in their many shapes and
forms.
This change did two things, 1) root zone not implicitly added to
search list when looking up short name, 2) default domain appended
to short name if DEFNAMES and not DNSRCH.
Fix rt.cpan.org 18113
Minor error due to unapplied part of patch fixed.
Feature: Experimental NSEC3 hooks.
Added hook for future support of (experimental) NSEC3 suppport
(NSEC3 having an experimental type code).
|
|
|
|
Pkgsrc changes:
- Added patch-ac to change the number of skipped online tests (still
incorrect).
Changes since version 0.57:
===========================
Feature: hooks for DLV support in Net::DNS::SEC
added hooks for DLV support which is/will be available in
Net::DNS::SEC as of subversion version 592 (Tests are done agains
the subversion number, not against the perl release version)
Net::DNS::SEC version 0.15 will have DLV support.
Partly Fixed rt.cpan.org 18940
djhale noticed a number of error conditions under which de
udp_connection in Nameserver dies. We now print a warning instead
of dying.
Fix rt.cpan.org 18958
Fixed typebyname croak for SIGZERO. Acknowledgements to djhale.
Optimize rt.cpan.org 11931
Hanno Stock optimized the method to get the list of available
interfaces in Win32. I have only done very rudimentary tests on
my Windows XP system.
Fix dependency on "CC" rt.cpan.org 19352
The Makefile.PL depended on availabliltity of "cc" and would bail
out on systems where gcc is exclusivly available. Thanks to Rob
Windsor for noticing and patching.
Fix compressed dnames in NAPTR/SRV
Clayton O'Neill noted that the the domain names in in the NAPTR
and SRV RRs rdata were subject to name compression which is not
conform the specs. Also see RFC 2782 and 2915.
Fix rt.cpan.org 18897
Zero-length rdata in TXT fixed (Acknowledgements to Roy Arends)
Fix rt.cpan.org 18785
SPF would not work unless the TXT RR was not loaded first. No
wonder, SPF fully inherits TXT and loading of TXT.pm is therefore a
prerequisit.
Fix rt.cpan.org 18713
Net::DNS::Resolver now deals gracefully with persistent sockets
that got disconnected. It will first try to connect again to the
socket and if that fails it will try to connect to the next
available nameserver. tcp_timeout() is the parameter that
determines how long to wait during a reconnect.
Fix rt.cpan.org 18268
Added reference to RFC in croak message for label length > 63 in
dn_comp().
Fix rt.cpan.org 18113
The inet6 tests contained another bug when online-tests were disabled.
Klaus Heinz discovered and provided a patch.
|
|
Pkgsrc changes:
none
Relevant changes since version 0.55:
=====================================
Fix rt.cpan.org 17783
The inet6 tests do not skip enough tests when ipv6 is not available.
I did not catch this in my setup since IPv6 is available on all my
machines.
Feature Implemented SPF (typecode 99).
Feature added rrsort() function.
See Net::DNS and Net::DNS::RR documentation for details.
Fix rt.cpan.org 14653 and 14049
TCP fallback after V6 socket failure
|
|
Pkgsrc changes:
- Removed hacks.mk. Net::DNS should work on Mac OS 10.4 withouth this
workaround.
- The package has two options now: "inet6" and "online-tests".
- p5-Net-DNS requires an additional package, p5-Net-IP.
Relevant changes since version 0.49:
====================================
- many bug fixes (see Changes and rt.cpan.org)
Feature Net::DNS::Nameserver loop_once()
Uncommented the documentation of the loop_once() function and introduced
get_open_tcp() that reports if there are any open TCP sockets (useful
when using loop_once().
loop_once() itself was introduced in version 0.53_02
Feature async nameserver behaviour.
Fix IPv6 on AIX
Binding to the local interface did not work when local address was
specified as "0" instead of "::". The problem was identified,
reported and fixed by Achim Adam.
Feature
Net::DNS::RR::OPT
added the the size(), do(),set_do() and clear_do() methods.
Feature:
Added "ignqrid" as an attribute to the Resolver.
use as:
ok (my $res=Net::DNS::Resolver->new(nameservers => ['127.0.0.1'],
port => 5354,
recurse => 0,
igntc => 1,
ignqrid => 1,
),
When the attribute is set to a non-zero value replies with the
qr bit clear and replies with non-matching query ids are
happily accepted. This opens the possibility to accept spoofed
answers. YOU CAN BURN YOURSELF WITH THIS FEATURE.
It is set to 0 per default and remains, except for this changes file
an undocumented feature.
Fix: Makefile.PL: Minor tweak to recognize Mac OS X 10.4 not so relevant
since netdnslib is distributed with the code.
Feature: Calling the Net::DNS::Resolver::dnssec method with a non-zero
argument will set the udppacketsize to 2048. The method will
also carp a warning if you pass a non-zero argument when
Net::DNS::SEC is not installed.
Feature: IPv6 transport support
IPv6 transport has been added to the resolver and to the
nameserver code.
To use IPv6 please make sure that you have IO::Socket::INET6 version
2.01 or later installed.
If IPv6 transport is available Net::DNS::Resolver::Recurse will make
use of it (picking randomly between IPv4 and IPv6 transport) use
the force_v4() method to only force IPv4.
Feature: Binary characters in labels
RFC 1035 3.1:
Domain names in messages are expressed in terms of a sequence of
labels. Each label is represented as a one octet length field
followed by that number of octets. Since every domain name ends
with the null label of the root, a domain name is terminated by a
length byte of zero. The high order two bits of every length octet
must be zero, and the remaining six bits of the length field limit
the label to 63 octets or less.
Unfortunatelly dname attributes are stored strings throughout
Net::DNS. (With hindsight dnames should have had their own class
in which one could have preserved the wire format.).
To be able to represent all octets that are allowed in domain
names I took the approach to use the "presentation format" for
the attributes. This presentation format is defined in RFC 1035
5.1.
I added code to parse presentation format domain names that has
escpaped data such as \ddd and \X (where X is not a number) to
wireformat and vice verse. In the conversion from wire format to
presentation format the characters that have special meaning in a
zone file are escaped (so that they can be cut-n-pasted without
pain).
These are " (0x22), $ (0x24), (0x28), ) (0x29), . (0x2e) , ;
(0x3b), @ (ox40) and \ (0x5c). The number between brackets
representing the ascii code in hex.
Note that wherever a name occurs as a string in Net::DNS it is
now in presentation format.
For those that dealth with 'hostnames' (subset of all possible
domain names) this will be a completely transparent change.
Details:
I added netdnslib wich contains Net::DNS's own dn_expand. Its
implemented in C and the source is a hodgepodge of Berkeley based
code and sniplets from ISC's bind9 distribution. The behavior, in
terms of which chars are escaped, is similare to bind9.
There are some functions added to DNS.pm that do conversion from
presentation and wire format and back. They should only be used
internally (although they live in EXPORT_OK.)
For esotheric test cases see t/11-escapedchars.t.
|
|
of Perl files to deal with the perl-5.8.7 update that moved all
pkgsrc-installed Perl files into the "vendor" directories.
|
|
These paths are now relative to PERL5_PACKLIST_DIR, which currently
defaults to ${PERL5_SITEARCH}. There is no change to the binary
packages.
|
|
--
Changes from 0.48
=================
Fix: Only remove leading zeros in the regular expressions for typesbyval
and classbyval methods. (patch by Ronald v.d. Pol)
Fix: Properly return an empty array in the authority, additional and answer
methods (patch by Ronald v.d. Pol)
Fix: rt.cpan.org #11930
Incorrect searchlist duplication removal in Net::DNS::Resolver::Win32
Patch courtesy Risto Kankkunen.
Problem: rt.cpan.org #11931
Win32.pm used the DNSRegisteredAdapters registry key to determine which
local forwarders to send queries to. This is arguably the wrong key as it
is used to identify the server which to send dynamic updates to.
A real fix for determining the set of nameservers to query has not been
implemented. For details see
https://rt.cpan.org/Ticket/Display.html?id=11931
Fix: Bug report by Bernhard Schmidt (concerning a bug on the IPv6 branch).
The bug caused dname compression to fail and to create
compression pointers causing loops.
Fix: rt.cpan.org #8882
No redundant lookups on SERVFAIL response
and #6149
Does not search multiple DNS servers
Net::DNS::Resolver will now use the other nameservers in the
list if the RCODE of the answer is not NO ERROR (0) or NAME
ERROR (3). When send() exhausted the last nameserver from the it
will return the answer that was received from the last
nameserver that responded with an RCODE.
The error string will be set to "RCODE: <rcode from last packet>"
Fix: rt.cpan.org #8803
TXT records don't work with semicolons
Since we are expecting presentation format at input a comment
will need to be escaped ( \; ).
It could be argued that this is a to strict interpretation of
1035 section 5.1.
While working on this I discovered there are more problems with
TXT RRs. e.g.; '0100' (a character string content represented in
hex) is a perfectly legal and should be represented as "\000" in
presentation format. Net::DNS does pass character strings with
"non-ASCII" chars from the wire to the char_str_lst array but
the print functions do not properly escape them when printing.
Some tests with TXT RRs added to 07-misc.t
Properly dealing with zone file presentation format and binary
data is still to be done.
Fix: rt.cpan.org Ticket #8483
eval tests for DNS::RR::SIG fail when using a die handler
(Thanks Sebastiaan Hoogeveen)
Patch applied.
Fix: rt.cpan.org: Ticket #8608
Net::DNS::Packet->data makes incorrect assumptions
Implemented the "pop" method for the question.
Since having a qcount that is not 1 is somewhat rare (it appears
in TCP AXFR streams) the ability to pop the answer from a question
has not been documented in the "pod"
Also fixed the incorrect assumption.
(Thanks Bruce Campbell.)
Fix: Ticket #11106
Incorrect instructions in README
Corrected in the README and in Makefile.PL
Olaf Kolkman took over maintenance responsibility from Chris
Reinardt. This involved importing the code into another subversion
repository. I made sure the numbers jumped, but I did not have access
to the "original" subversion repository so I lost some of the history.
|
|
|
|
Net::DNS is now stored in a subversion repository, replacing cvs.
As such the submodule version numbers have taken another big jump.
Luckily those numbers don't matter as long as they work.
Fixed a bug with Unknown RR types that broke zone signing [Olaf].
Added callback support to Net::DNS::Resolver::Recuse. The
demo/trace_dns.pl script demonstrates this.
Added a note regarding answers with an empty answer section to the
Net::DNS::Resolver::search() and Net::DNS::Resolver::query()
documentation.
The copyright notice for Net::DNS::RR::SSHFP was incorrect. That file
is Copyright (c) 2004 RIPE NCC, Olaf Kolkman.
|
|
|
|
|
|
module directory has changed (eg. "darwin-2level" vs.
"darwin-thread-multi-2level").
binary packages of perl modules need to be distinguishable between
being built against threaded perl and unthreaded perl, so bump the
PKGREVISION of all perl module packages and introduce
BUILDLINK_RECOMMENDED for perl as perl>=5.8.5nb5 so the correct
dependencies are registered and the binary packages are distinct.
addresses PR pkg/28619 from H. Todd Fujinaka.
|
|
Revision history for Net::DNS
=============================
*** 0.47 April 1, 2004
safe_push() is back in Net::DNS::Packet, due to the excellent debate
skills of Luis E Monoz. However, the name safe_push() is deprecated,
use the new name unique_push() instead.
Fixed a bug in Net::DNS::Nameserver which caused the class to build
packets incorrectly in some cases. [Ask Bjorn Hansen]
Error message cleanups in Net::DNS::typesbyname()
and Net::DNS::typesbyval() [Ask Bjorn Hansen]
Net::DNS::RR::new_from_hash() now works with unknown RR types [Olaf].
|
|
Changes since 0.45
==================
*** 0.46 February 21, 2004
IPv6 reverse lookups can now be done with Net::DNS::Resolver::search(),
as well as with query().
Hostnames can now be used in the 'nameservers' arguement to
Net::DNS::Resolver->new()
Removed Net::DNS::Select from the package. IO::Select appears to work
on windows just fine.
Fixed a bug that caused MXes with a preference of 0 to function
incorrectly, reported by Dick Franks.
Net::DNS had a few problems running under taint mode, especially under
cygwin. These issues have been fixed. More issues with taint mode may
lay undiscovered.
Applied Matthew Darwin's patch added support for IPv6 reverse lookups to
Net::DNS::Resolver::query.
|
|
setting it.
|
|
setting BUILDLINK_DEPENDS.perl.
|
|
Patch to enable online tests no longer necessary.
Changes since 0.42:
Revision history for Net::DNS
=============================
*** 0.45 January 8, 2004
No changes from 0.44_02.
** 0.44_02 January 3, 2004
The XS detection code was broken. We actually use the XS bits now.
Major cleanups/optimizations of the various RR subclasses. This release
of Net::DNS is over twice as fast at parsing dns packets as 0.44.
** NOTICE **
$rr->rdatastr no longer returns '; no data' if the RR record has no
data. This happens in $rr->string now.
Net::DNS::Packet::safe_push() no longer exists. The method is now only
avalible from Net::DNS::Update objects.
** 0.44_01 January 3, 2004
Net::DNS::RR objects were not playing nice with Storable, this caused
the axfr demo script to fail. Thanks to Joe Dial for the report.
** NOTICE **
This may cause RR objects that are already serialize to not deserialize
correctly.
Reply handlers in Net::DNS::Nameserver are now passed the query object.
Fixed a nasty bug in Nameserver.pm related to the qr bit. As Olaf
explained:
Replies are sent if the query has its "qr" bit set. The "qr" bit is an
indication that the packet is sent as a response to a query. Since
there are more implementations that suffer from this bug one can cause
all kinds of nasty ping-pong loops by spoofing the initial packet or
have an infinite query loop by spoofing a query from the localhost:53
address.
Various Win32/Cygwin cleanups from Sidney Markowitz.
*** 0.44 December 12, 2003
The Wrath of CPAN Release.
CPAN.pm doesn't understand the nature of revision numbers. 1.10 is
newer than 1.9; but CPAN.pm treats them as floats. This is bad.
All the internal version numbers in Net::DNS have been bumped to
2.100 in order to fix this.
No actual code changes in this release.
*** 0.43 December 11, 2003
Added warning of deprecation of Net::DNS::Packet::safe_push. This will
move into Net::DNS::Update, as Net::DNS::Update is now a proper subclass
of Net::DNS::Packet.
** 0.42_02 December 11, 2003
Fixed a long standing bug with zone transfers in the "many-answers" format.
CPAN #1903.
Added the '--online-tests' flag to Makefile.PL. This activates the online
tests without asking the user interactively. "--no-online-tests" turns
the tests off.
Cleaned up Makefile.PL a little. The "--pm" flag is now deprecated, use
"--no-xs" instead.
Added support for unknown RR types (rfc3597). Note for developers: the
typesbyname, typesbyval, classesbyname and classesbyval hashes should
not be used directly, use the same named wrapper functions
instead. [Olaf Kolkman]
Added two hashes for administrative use; they store which types are
qtypes and metatypes (rfc2929). [Olaf Kolkman]
** 0.42_01 November 30, 2003
Major work to get Net::DNS functioning properly on Cygwin by Sidney
Markowitz.
Fixed a bug in Net::DNS::Nameserver's error handling. CPAN #4195
|
|
|
|
Changes since 0.40:
*** 0.42 October 26, 2003
Fixed compilation problems on panther (Mac OS 10.3).
Fixed a bug in Net::DNS::Resolver::Recurse which allowed an endless
loop to arise in certain situations. (cpan #3969, patch
by Rob Brown)
Applied Mike Mitchell's patch implementing a presistant UDP socket.
See the Net::DNS::Resolver documentation for details.
*** 0.41 October 3, 2003
Added some documentation about modifying the behavior of Net::DNS::Resolver.
** 0.40_01 September 26, 2003
Fixed some uninitialized value warnings when running under windows.
Fixed a bug in the test suite that caused 00-version.t to fail with
certain versions of ExtUtils::MakeMaker. Thanks to David James, Jos
Boumans and others for reporting it.
Reply handlers in Net::DNS::Nameserver are now passed the peerhost.
(Assen Totin <assen@online.bg>)
Reply handlers in Net::DNS::Nameserver can now tweak the header bits
that the nameserver returns. [Olaf]
The AD header bit is now documented, and twiddleable. [Olaf]
The change log has been trimmed, entries for versions older than 0.21
have been removed.
** NOTICE **
Net::DNS::Resolver::axfr_old() has been removed from the package.
An exception will be thrown if you attempt to use this method. Use
axfr() or axfr_start() instead.
|
|
|
|
|
|
Net-DNS-SEC updates, seems that IETF has been busy redefining DNSSEC.
When parsing resolver configuration files, IPv6 addresses are now skipped,
as Net::DNS does not yet have IPv6 support.
Broke Net::DNS::Resolver into seperate classes. Many of the globals in
Net::DNS::Resolver no longer exist. They were never documented
so you never used them.... right?
Options to Net::DNS::Resolver->new() are now supported, including
using your own configuration file.
Moved next_id() from Resolver.pm to Header.pm (which is where it is
used).
Tie::DNSHash removed from the package, see Tie::DNS from CPAN for a more
complete implementation of a DNS hash.
Applied David Carmean's patch for handling more than one string in a
TXT RR's RDATA section.
Applied patch from Dan Sully (daniel@electricrain.com) allowing multiple
questions to be part of a DNS packet.
|
|
|
|
are unnecessary so remove them.
|
|
Fixed the regular expression in RR.pm to comply with the RFCs,
turns our we were _too_ paranoid.
Various cleanups for perl 5.004.
Applied SIG patch.
Added Net::DNS::Resolver::Recurse module.
Applied initialization bug in OPT.pm patch.
Applied patch for udp timeouts.
Fixed a typo in FAQ.pod that was making aropos and whatis
grumpy.
Applied patch for TKEY support.
Added Net::DNS::Packet->safe_push() to allow for automatically
checking for duplicate RRs being pushed into a packet.
Added more tests.
|
|
addresses PR pkg/19416
|
|
- Uses buildlink2 and module.mk now.
- Removed patch-ab (bug fixed is fixed in this version).
|
|
- simple nameserver
- support for TSIG and DNAME resource records
- dynamic updates
- should be compatible with perl 5.005_3
|
|
${PREFIX} -- everything else is pickup up from ${BUILDLINK_DIR}.
|
|
The automatic truncation in gensolpkg doesn't work for packages which
have the same package name for the first 5-6 chars.
e.g. amanda-server and amanda-client would be named amanda and amanda.
Now, we add a SVR4_PKGNAME and use amacl for amanda-client and amase for
amanda-server.
All svr4 packages also have a vendor tag, so we have to reserve some chars
for this tag, which is normaly 3 or 4 chars. Thats why we can only use 6
or 5 chars for SVR4_PKGNAME. I used 5 for all the packages, to give the
vendor tag enough room.
All p5-* packages and a few other packages have now a SVR4_PKGNAME.
|
|
|
|
ones to do, and each compiled and installed/de-installed apparently
correctly.
As a side effect of the dynamic PLIST, we no longer need to have separate
-static and -shared PLISTs. It's now easier than ever to make a perl5
package for NetBSD :)
|
|
programmer to perform any type of DNS query from a Perl script.
For details and examples, please read the Net::DNS manual page.
As of version 0.02, Net::DNS is written entirely in Perl. Version
0.01 was written mostly in C and used the system's resolver. The
Perl version runs quite a bit slower, but considering that the
network can be a serious bottleneck when making DNS queries, the
speed difference may not really matter in most cases. However,
future versions may contain some C to increase speed or for those
who wish to link against libresolv or libbind.
|
