Updated the Changelog and some minor code review issues.

diff --git a/Changelog b/Changelog
index 1b687fa5f025e2373c9f6acb1d7d7292425be90f..3747e8c9539601e49aa132fdfb34071cc8410e24 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,11 +1,45 @@
 1.6.11
-       * bugfix #407: Canonicalize TSIG dnames
        * bugfix #394: Fix socket leak on errors
-       * bugfix #392: Apex only and percentage checks for ldns-verify-zone
+       * bugfix #392: Apex only and percentage checks for ldns-verify-zone 
+         (thanks Miek Gieben)
        * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone
        * Fix python site package path to /usr/lib64.
        * Fix python api to support python2 and python3 (thanks Karel Slany).
-       * bugfix #391: Prevent assertion error in ldns_rdf_size
+       * bugfix #401: Correction of date/time functions algorithm and 
+         prevention of an infinite loop therein
+       * bugfix #402: Correct the minimum and maximum number of rdata fields
+         in TSIG. (thanks David Keeler)
+       * bugfix #403: Fix heap overflow (thanks David Keeler)
+       * bugfix #404: Make parsing APL strings more robust
+         (thanks David Keeler)
+       * bugfix #391: Complete library assessment to prevent assertion errors
+                 through ldns_rdf_size usage.
+       * Slightly more specific error messaging on wrong number of rdata
+         fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and
+         LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes.
+       * bugfix #406: More rigorous openssl result code handling to prevent
+         future crashes within openssl.
+       * Fix ldns_fetch_valid_domain_keys to search deeper than just one level
+          for a DNSKEY that signed a DS RR. (this function was used in the
+         check_dnssec_trace nagios module)
+       * bugfix #407: Canonicalize TSIG dnames and algorithm fields
+       * A new output specifier to accommodate configuration of what to show
+         in comment texts when converting host and/or wire-format data to
+         string. All conversion to string and printing functions have a new
+         version that have such a format specifier as an extra argument.
+         The default is changed so that only DNSKEY RR's are annotated with 
+         an comment show the Key Tag of the DNSKEY.
+       * Fixed the ldns resolver to not mark a nameserver unreachable when
+         edns0 is tried unsuccessfully with size 4096 (no return packet came),
+         but to still try TCP. A big UDP packet might have been corrupted by 
+         fragments dropping firewalls.
+       * Update of libdns.vim (thanks Miek Gieben)
+       * Added the ldnsx Python module to our contrib section, which adds even
+         more pythonisticism to the usage of ldns with  Python. (Many thanks 
+         to Christpher Olah and Paul Wouters)
+         The ldnsx module is automatically installed when --with-pyldns is
+         used with configuring, but may explicitly be excluded with the
+         --without-pyldnsx option to configure.
 
 1.6.10 2011-05-31
        * New example tool added: ldns-gen-zone.

diff --git a/ax_python_devel.m4 b/ax_python_devel.m4
index a62b860de3acbdedcf2139fabf5ae229bb22261f..c71735e6bb34560c87ec45cff971d61b46684825 100644 (file)
--- a/ax_python_devel.m4
+++ b/ax_python_devel.m4
@@ -254,7 +254,7 @@ EOD`
        AC_MSG_CHECKING([for Python site-packages path])
        if test -z "$PYTHON_SITE_PKG"; then
                PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \
-                       print (distutils.sysconfig.get_python_lib(0,0));"`
+                       print (distutils.sysconfig.get_python_lib(1,0));"`
        fi
        AC_MSG_RESULT([$PYTHON_SITE_PKG])
        AC_SUBST([PYTHON_SITE_PKG])

diff --git a/examples/ldns-verify-zone.1 b/examples/ldns-verify-zone.1
index 98d53008b0b0b2c2e0077fb7cfc1ccb426df843e..175ee2dd646d95f8bf6b5dcac16bce549534c7fa 100644 (file)
--- a/examples/ldns-verify-zone.1
+++ b/examples/ldns-verify-zone.1
@@ -15,6 +15,13 @@ Each name is checked for an NSEC(3), if appropriate.
 
 .SH OPTIONS
 .TP
+\fB-a\fR
+Apex only, check only the zone apex
+
+.TP
+\fB-p\fR \fI[0-100]\fR
+Only check this percentage of the zone. Defaults to 100.
+
 .TP
 \fB-h\fR
 Show usage and exit

diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c
index 50973e63ddbe25f63e30429bec71433eb4c44893..eb19ea18af1d82b3ef67ead06b7dac72b0093121 100644 (file)
--- a/examples/ldns-verify-zone.c
+++ b/examples/ldns-verify-zone.c
@@ -662,8 +662,8 @@ main(int argc, char **argv)
                                        "error on opted-out delegations\n");
                        printf("\nOPTIONS:\n");
                        printf("\t-a apex only, check only the zone apex\n");
-                       printf("\t-p [0-100] only perform this many checks, "
-                                       "defaults to 100\n");
+                       printf("\t-p [0-100] only checks this percentage of "
+                                       "the zone. Defaults to 100\n");
                        printf("\t-h show this text\n");
                        printf("\t-v shows the version and exits\n");
                        printf("\t-V [0-5]\tset verbosity level (default 3)\n");