SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libdnssec5-2.6.6-98.1.x86_64.rpm :

* Mon May 14 2018 pgajdosAATTsuse.com- require pkgconfig(libsystemd) instead of systemd-devel for build (see sr#606510)
* Wed May 02 2018 kbabiochAATTsuse.com- Update to 2.6.6 - Features: - New EDNS option counters in the statistics module - New \'+orphan\' filter for the \'zone-purge\' operation - Improvements: - Reduced memory consuption of disabled statistics metrics - Some spelling fixes (Thanks to Daniel Kahn Gillmor) - Server no longer fails to start if MODULE_DIR doesn\'t exist - Configuration include doesn\'t fail if empty wildcard match - Added a configuration check for a problematical option combination - Bugfixes: - NSEC3 chain not re-created when SOA minimum TTL changed - Failed to start server if no template is configured - Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing - Inaccurate outgoing zone transfer size in the log message - Invalid dname compression if empty question section - Missing EDNS in EMALF responses
* Mon Apr 02 2018 mrueckertAATTsuse.de- update to 2.6.5 - Features: - New \'zone-notify\' command in knotc - Kdig uses \'AATTserver\' as a hostname for TLS authenticaion if \'+tls-ca\' is set - Improvements: - Better heap memory trimming for zone operations - Added proper polling for TLS operations in kdig - Configuration export uses stdout as a default output - Simplified detection of atomic operations - Added \'--disable-modules\' configure option - Small documentation updates - Bugfixes: - Zone retransfer doesn\'t work well if more masters configured - Kdig can leak or double free memory in corner cases - Inconsistent error outputs from dynamic configuration operations
* Thu Jan 11 2018 iAATTmarguerite.su- update to 2.6.4 see /usr/share/doc/packages/knot2/NEWS
* Sun Aug 06 2017 mrueckertAATTsuse.de- fix tmpfiles scriptlet
* Sun Aug 06 2017 mrueckertAATTsuse.de- package /var/lib/knot- run tmpfiles scriptlet during install
* Sun Aug 06 2017 mrueckertAATTsuse.de- update to 2.5.3 see /usr/share/doc/packages/knot2/NEWS- use libidn2 on TW and 42.3- following modules stay static: - dnsproxy - onlinesign- moved modules to shared building: - dnstap - noudp - rosedb - rrl - stats - synthrecord - whoami
* Mon Feb 13 2017 mrueckertAATTsuse.de- update to 2.4.1 see /usr/share/doc/packages/knot2/NEWS
* Tue May 24 2016 mrueckertAATTsuse.de- update to 2.2.1 - Bugfixes: - Fix separate logging of server and zone events - Fix concurrent zone file flushing with many zones - Fix possible server crash with empty hostname on OpenWRT - Fix control timeout parsing in knotc - Fix \"Environment maxreaders limit reached\" error in knotc - Don\'t apply journal changes on modified zone file - Remove broken LTO option from configure script - Enable multiple zone names completion in interactive knotc - Set the TC flag in a response if a glue doesn\'t fit the response - Disallow server reload when there is an active configuration transaction - Improvements: - Distinguish unavailable zones from zones with zero serial in log messages - Log warning and error messages to standard error output in all utilities - Document tested PKCS #11 devices - Extended Python configuration interface
* Tue May 10 2016 mrueckertAATTsuse.de- update to 2.2.0 - Bugfixes: - Fix build dependencies on FreeBSD - Fix query/response message type setting in dnstap module - Fix remote address retrieval from dnstap capture in kdig - Fix global modules execution for queries hitting existing zones - Fix execution of semantic checks after an IXFR transfer - Fix PKCS#11 support detection at build time - Fix kdig failure when the first AXFR message contains just the SOA record - Exclude non-authoritative types from NSEC/NSEC3 bitmap at a delegation - Mark PKCS#11 generated keys as sensitive (required by Luna SA) - Fix error when removing the only zone from the server - Don\'t abort knotc transaction when some check fails - Features: - URI and CAA resource record types support - RRL client address based white list - knotc interactive mode - Improvements: - Consistent IXFR error messages - Various fixes for better compatibility with PKCS#11 devices - Various keymgr user interface improvements - Better zone event scheduler performance with many zones - New server control interface - kdig uses local resolver if resolv.conf is empty- new BR libedit-devel for the interactive mode
* Thu Feb 11 2016 mrueckertAATTsuse.de- update to 2.1.1 - Bugfixes: - DNSSEC: Allow import of duplicate private key into the KASP - DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer - Fix server crash when an incomming transfer is in progress and reload is issued - Fix socket polling when configured with many interfaces and threads - Fix compilation against Nettle 3.2 - Improvements: - Select correct source address for UDP messages recieved on ANY address - Extend documentation of knotc commands- drop knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 mrueckertAATTsuse.de- enable libcap-ng
* Wed Jan 27 2016 mrueckertAATTsuse.de- fix configure check for pkcs11 support: adds knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 mrueckertAATTsuse.de- fix soversions
* Wed Jan 27 2016 mrueckertAATTsuse.de- update to 2.1.0 - Features: - Per-thread UDP socket binding using SO_REUSEPORT on Linux - Support for dynamic configuration database - DNSSEC: Support for cryptographic tokens via PKCS #11 interface - DNSSEC: Experimental support for online signing - Improvements: - Support for zone file name patterns - Configurable location of zone timer database - Non-blocking network operations and better timeout handling - Caching of Critical configuration values for better performance - Logging of ACL failures - RRL: Add rate-limit-slip zero support to drop all responses - RRL: Document behavior for different rate-limit-slip options - kdig: Warning instead of error on TSIG validation failure - Cleanup of support libraries interfaces (libknot, libzscanner, libdnssec) - Remove possibly insecure server control over a network socket - Remove implementation limit for the number of network interfaces - Bugfixes: - synth-record module: Fix application of default configuration options - TSIG: Allow compressed TSIG name when forwarding DDNS updates - Schedule zone bootstrap after slave zone fails to load from disk- avoid activating the intree copy of lmdb
* Tue Nov 24 2015 mrueckertAATTsuse.de- update to 2.0.2 - Out-of-bound read in packet parser for malformed NAPTR records (LibFuzzer)
* Wed Oct 14 2015 mrueckertAATTsuse.de- split out shared libraries, knot-resolver uses some of them and atm we are forced to install the whole knot2 package.
* Thu Sep 03 2015 mrueckertAATTsuse.de- lmdb seems no longer optional
* Thu Sep 03 2015 mrueckertAATTsuse.de- create a new branch for knot 2.x starting with 2.0.1 - Bugfixes: - Do not reload expired zones on \'knotc reload\' and server startup - Fix rare race-condition in event scheduling causing delayed event execution - Fix skipping of non-authoritative nodes in NSEC proofs - Fix TC flag setting in RRL slipped answers - Disable domain name compression for root label - Log via journald only when running under systemd - Fix CNAME following when quering for NSEC RR type - Fix refreshing of DNSSEC signatures for zone keys - Fix binding an unavailable IPv6 address on Linux (IP_FREEBIND) - Fix infinite loop in knotc zonestatus and memstats - Fix memory leak in configuration on server shutdown - Fix broken dnsproxy module - Fix DNSSEC KASP timestamps parsing in strict POSIX environment - fix multi value parsing on big-endian - Adapt to Nettle 3 API break causing base64 decoding failures on big-endian - Features: - Add \'keymgr zone key ds\' to show key\'s DS record - Add \'keymgr tsig generate\' to generate TSIG keys - Add query module scoping to process either all queries or zone queries only - Add support for file name globbing in config file includes - Add \'request-edns-option\' config option to add custom EDNS0 option into server initiated queries - Improvements: - Send minimal responses (remove NS from Authority section for NOERROR) - Update persistent timers only on shutdown for better performance - Allow change of RR TTL over DDNS - Documentation fixes, updates, and improvements in formatting - Install yparser and zscanner header files - Improve lookup of libsystemd build dependencies - Fix compilation warnings in endian conversion functions on OpenBSD- changes in knot 2.0.0 - Bugfixes: - Fix lost NOTIFY message if received during zone transfer - Disable fast zone parser when compiled in Clang (workaround for Clang bug) - kdig: Record correct dnstap SocketProtocol when retrying over TCP - kdig: Hide TSIG section with +noall - Do not set AA flag for AXFR/IXFR queries - Features: - DNSSEC: separate library, switch to GnuTLS, new utilities - DNSSEC: basic KASP support (generate initial keys, ZSK rollover) - Configuration: New text format in YAML, binary store in LMDB - Zone parser: Split long TXT/SPF strings into multiple strings - kdig: Add generic dump style option (+generic) - Try all master servers in multi-master environment - Improved remotes and ACLs (multiple addresses, multiple keys) - Basic support for zone file patterns (%s to substitute zone name) - Disable zone file synchronization by setting \'zonefile_sync\' to \'-1\' - knsupdate: Add input prompt in interactive mode and \'quit\' command - knsupdate: Allow TSIG algorithm specification in interactive prompt - Improvements: - Zone dump: Do not write class for SOA record (unified with other RR types) - Zone dump: Do not write master server address into the zone file - Documentation: Manual pages are included in HTML and PDF- drop patches which are included upstream: 0001-loosen-openssl-dependency.patch 0002-make-configure.ac-compatible-with-old-tools.patch - also drop all buildrequires just needed for autoreconf- new buildrequires: pkgconfig(gnutls) >= 3 pkgconfig(nettle) pkgconfig(jansson)- create devel subpackage- enable rosedb and bash completion
* Wed Apr 29 2015 mrueckertAATTsuse.de- local state dir should be just /var
* Thu Apr 09 2015 mrueckertAATTsuse.de- enable dnstap support for factory and newer: - new BR: protobuf-c and libfstrm-devel- prepared lto support but not enabled yet, still need to find out which distros support it
* Thu Apr 09 2015 mrueckertAATTsuse.de- update to 1.6.3 - Performance drop for NSEC-signed zones - Proper handling of TCP short-writes - Out-of-bound read in zone parser for long domain names in origin (AFL fuzzer) - Out-of-bound read in packet parser for TSIG RR without RDATA (AFL fuzzer) - Out-of-bound read in packet parser for malformed NAPTR RR (AFL fuzzer) - CDS and CDNSKEY support in zone parser - Add defaults for TCP config options into documentation - Detailed error message if zone reload fails- refreshed patches to apply cleanly again: 0002-make-configure.ac-compatible-with-old-tools.patch
* Tue Mar 10 2015 mrueckertAATTsuse.de- update to 1.6.2 - Limiting number of parallel TCP clients (max-tcp-clients config option) - Ignore refresh and transfer events on non-slave zones - Compilation with Dnstap support on FreeBSD - Possible file descriptor leak when terminating inactive TCP clients- refreshed patches to apply cleanly again: 0002-make-configure.ac-compatible-with-old-tools.patch- moved autoreconf -fi to %build so it wont be tried in quilt setup or similar tools- move up the %if case for systemd in for the preun scriptlet to avoid warning about empty scripts on non systemd distributions.- used xz tarball: new buildrequires xz
* Thu Jan 08 2015 tchvatalAATTsuse.com- Add deps on the docu packages to regen documentation- Enable systemd integration fully- Add dep on libidn- Cleanup with spec-cleaner
* Wed Dec 31 2014 ondrejAATTsury.org- Only require lmdb-devel on (Open)SUSE 13.2 and higher
* Wed Dec 31 2014 ondrejAATTsury.org- Updated to 1.6.1 Bugfixes: - Journal file would sometimes outgrow its set limit - Fixed incompatibility with OpenSSL 0.9.8 - Proper handling when machine hostname cannot be retreived Features: - Support for DNSSEC Single Type Signing Scheme- Compile with lmdb-devel to add support for persistent timers
* Tue Nov 18 2014 pgajdosAATTsuse.com- Updated to 1.6.0 Bugfixes: - Fix zone expiration when AXFR/IXFR is being refused by master - Fix forced zone refresh on slave (knotc refresh -f) - Persistent timers database opening after privileges has been dropped - DNSSEC: RFC compliant processing of letter case in RDATA domain names - EDNS: Return minimal error response for queries with unsupported version - EDNS: Fix interpretation of Extended RCODE Improvements: - Maximal size of persistent timers database increased from 10 MB to 100 MB - Added logging of persistent timers database errors Features: - Persistent timers for slave zones (expire, refresh, and flush)
* Mon Sep 15 2014 ondrejAATTsury.org- Updated to 1.5.3 Bugfixes: - Some specific incoming IXFRs were causing server to crash - Rare sychronization error during reload caused read-after-free - Response synthetization module did not work properly with DNSSEC-enabled zones - When Knot sent AXFR when IXFR was requested, message ID and opcode were wrong - Knot failed to send large messages to remote control (present since 1.5.1) - Some RR parsing corner cases were not handled properly - AXFR-style IXFR was refused and had to be retransfered - Hash character (#) was not properly escaped when storing text zone file - DNSSEC: DNAMEs in RDATA were not lowercased before signing - EDNS: OPT RR were not put into responsing for some errors - TSIG: DDNS responses were not signed with TSIG - DDNS: Prerequisite checks failed for some inputs - knsupdate: Zone origin was not used for deletions Features: - Basic support for logging using systemd journal - DDNS: Ability to process updates in bulk Improvements: - Unified logging messages structure - DNSSEC: More strict controls for signing keys- Refreshed patches on top of 1.5.3 release:
* 0001-loosen-openssl-dependency.patch
* 0002-make-configure.ac-compatible-with-old-tools.patch
* Fri Jul 11 2014 ondrejAATTsury.org- Squash 0002-remove-AM_SILENT_RULES.patch and 0003-no-dist-xz.patch into 0002-make-configure.ac-compatible-with-old-tools.patch that removes configure.ac options incompatible with SLES_11_SP[23].- added patches:
* 0002-make-configure.ac-compatible-with-old-tools.patch- removed patches:
* 0002-remove-AM_SILENT_RULES.patch
* 0003-no-dist-xz.patch
* Thu Jul 10 2014 ondrejAATTsury.org- Updated to 1.5.0 Features:
* DDNS forwarding reimplemented
* edns-client-subnet support in kdig
* Optional asynchronous startup (config \"asynchronous-start\")
* Pluggable query processing modules
* Synthetic IPv4/IPv6 reverse/forward records (optional module)
* dnstap support in both utilities & server (optional module)
* NOTIFY message support and new TSIG section in kdig
* Multi-master support Improvements:
* Transfer sizes logged in bytes if needed
* Logging outgoing NOTIFY messages
* Logging unauthorized incoming NOTIFYs
* Preempt task queue for faster reload
* Lazy zone file write after zone transfer (governed by \"zonefile-sync\")
* Query processing and core functionality overhaul
* Performance and reduced memory footprint
* Faster zone events scheduling
* RFC compliant queries/responses in some corner cases
* Log messages
* New documentation (Sphinx) Bugfixes:
* Zone flush planning after bootstrap
* Incorrect incoming AXFR message sizes
* DDNS signing changes were freed too soon, posibility of stale data
* knotc remote control key handling
* Close zone transfer after SERVFAIL response
* Incremental to full zone transfer fallback, wrong log message
* Zone events corner cases, reload replanning
* Tue Jun 24 2014 pgajdosAATTsuse.com- updated to 1.4.7:
* Fixed DDNS corner cases
* Fixed zone EXPIRE timer
* Fixed semantic checks false positives
* Fixed sending malformed IXFR with automatic DNSSEC
* Fixed NAPTR record serialization
* Mon May 12 2014 ondrejAATTsury.org- Fixed the missing 1.4.5 tarball
* Tue Apr 15 2014 ondrejAATTsury.org- updated to 1.4.5 Bugfixes:
* Fix possible weakness in TSIG signature checking
* Fri Mar 28 2014 pgajdosAATTsuse.com- updated to 1.4.4 Features:
* Server is logging remote control commands
* \'knotc reload\' doesn\'t refresh unchanged zones
* \'knotc -f refresh\' forces zone retransfer Bugfixes:
* Missing notifications after DDNS/automatic resign
* Zone is rebootstrapped if the zone file is unreadable
* Progressive bootstrap retry backoff
* Zone file parser allows asterisk as part of the label
* Journal maximum entry size fixes
* Sign DNSKEYs in non-apex nodes as regular RR sets
* Tue Feb 18 2014 ondrejAATTsury.org- Enable recvmmsg support in the build to increase performance- Update upstream config directory to /etc/knot (instead of /etc/knot/knot)- Replace tar.xz with tar.gz to allow backporting to older releases- Disable silent rules to have more verbose builds- Add support to compile with OpenSSL << 1.0.0- added patches:
* 0001-loosen-openssl-dependency.patch
* Tue Feb 18 2014 ondrejAATTsury.org- update to 1.4.3:
* Failure when expanding wildcard leading to apex and having DNSKEY records
* Failure for query to wildcard without wildcard expansion
* Bad cleanup when loading a faulty entry from a journal
* Zone file $ORIGIN and configuration comparison is case-insensitive
* Config \"include\" statement supports directory and includes all files within
* Mon Jan 27 2014 ondrejAATTsury.org- update to 1.4.2:
* AXFR/IXFR compatibility issues with tinydns/axfrdns
* Journal file is created only when needed
* Zone-related log messages are logged into correct category
* DNSSEC: Refresh signatures earlier (3 days before their expiration with the default signature lifetime)
* Fixed RCU synchronization causing deadlock on \'knotc signzone\'
* RRSIG not fitting in the additional records doesn\'t cause truncation
* Tue Jan 14 2014 ondrejAATTsury.org- update to 1.4.1:
* Empty APL record support
* \'zonestatus\' when using immediate zone syncing
* Immediate zone syncing after reload
* Race condition writing time values to zone file
* Hard require OpenSSL >= 1.0.0- removed patches:
* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
* Wed Jan 08 2014 ondrejAATTsury.org- Add support to compile with OpenSSL << 1.0.0- added patches:
* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
* Wed Jan 08 2014 ondrejAATTsury.org- update to 1.4.0:
* Experimental automatic DNSSEC signing
* Fastest ragel parser enabled by default
* Reduced memory usage
* Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and automatic DNSSEC signing
* IDN support in Knot utilities (kdig, knsupdate, ...)
* DNSSEC: support for GOST algorithm
* Support for DNSSEC key pre-publication
* Mon Dec 16 2013 ondrejAATTsury.org- update to 1.3.4:
* Bugfixes: Crash in particular additionals processing Race condition in event cancelation Journal corruption after failed transactions
* Tue Nov 26 2013 pgajdosAATTsuse.com- update to 1.3.3:
* New features: Reduced memory usage Improved performance Experimental automatic DNSSEC signing Refactored zone loading Improved journal locking
* Bugfixes: Fixed some race conditions Various fixes in client utilities
* Mon Sep 09 2013 pgajdosAATTsuse.com- update to 1.3.1
* Faster zone parser
* Full support for EUI and ILNP resource records
* Lower memory footprint for large zones
* No compilation of zones
* Improved scheduling of zone transfers
* Logging of serials and timing information for zone transfers
* see NEWS or https://www.knot-dns.cz/ for details
* Wed Apr 03 2013 ondrejAATTsury.org- Update to 1.2.0 final Bugfixes:
* Memory leaks
* Fri Mar 22 2013 ondrejAATTsury.org- Update to 1.2.0-rc4 New features:
* knotc \'zonestatus\' command Bugfixes:
* Changing logfile ownership before dropping privileges
* knotc respects \'control\' section from configuration
* RRL: resolved bucket collisions
* RRL: updated bucket mapping to conform RRL technical memo
* Tue Mar 12 2013 ondrejAATTsury.org- Update to 1.2.0-rc3 New features:
* Dynamic updates, including forwarding (limited on signed zones)
* Updated remote control utility
* Configurable TCP timeouts
* LOC RR support
* Response rate limiting (see documentation) Bugfixes:
* Fixed processing of some non-standard dnames.
* Correct checking of label length bounds in some cases.
* More compliant rcodes in case of DDNS/TSIG failures.
* Correct processing of malformed DDNS prereq section.
* Fixed OpenBSD build
* Responses to ANY should contain RRSIGs
* Sat Nov 24 2012 ajAATTsuse.de- Documentation only needs makeinfo, thus require it instead of texinfo where it\'s available as separate package.
* Thu Nov 22 2012 ondrejAATTsury.org- update to 1.1.2: Bugfixes:
* Fixed crash on reload when config contained duplicate zones.
* Fixed scheduling of transfers.
* Fixed debug message.- merge some changes from fedora spec file- remove unittest files, they don\'t belong in binary packages- depend on texinfo package to build the documentation
* Tue Nov 20 2012 pgajdosAATTsuse.com- update to 1.1.1: New features:
* Optionally disable ANY queries for authoritative answers.
* Dropping identical records in zone and incoming transfers.
* Support for \'/\' in zone names.
* Generating journal from reloaded zone (EXPERIMENTAL).
* Outgoing-only interfaces in configuration file.
* Following DNAME if the synthetized name is in the same zone.
* Signing SOA with TSIG queries when checking zone version with master.
* Improved compression of packets. Out-of-zone dnames present in RDATA were not compressed.
* Slave zones are now automatically refreshed after startup.
* Proper response to IXFR/UDP query (returns SOA in Authority section). Bugfixes:
* Crash when zone contained RRSIG signing a CNAME, but did not contain the CNAME.
* Malformed packets parsing.
* Failed IXFR caused memory leaks.
* Failed IXFR might have resulted in inconsistent zone structures.
* Fixed answering to +dnssec queries when NSEC3 chain is corrupted.
* Fixed answering when transitioning from NSEC3 to NSEC.
* Fixed answering when zone contains multiple NSEC3 chains.
* Handling RRSets with different TTLs - TTL from the first RR is used.
* Synchronization of zone reload and zone transfers.
* Fixed build on NetBSD 5 and FreeBSD.
* Fixed binding to both IPv4 and IPv6 at the same time on special interfaces.
* Fixed access rights of created files.
* Semantic checks corrupted RDATA domain names which are covered by wildcard in the same zone.
* Fixed ixfr-from-differences journal generation in case of IPSECKEY and APL records.
* Fixed possible leak on server shutdown with a pending transfer.
* Syncing journal to zone was not updating the compiled zone database.
* Crash after IXFR in certain cases when adding RRSIG in an IXFR.
* Fixed behaviour when incoming IXFR removes a zone cut. Previously occluded names now become properly visible. Previously lead to a crash when the server was asked for the previously occluded name.
* Fixed handling of zero-length strings in text zone dump. Caused the compilation to fail.
* Fixed TSIG algorithm name comparison - the names should be in canonical form.
* Fixed handling unknown RR types with type less than 251. Other improvements:
* IXFR-in optimized.
* Many zones loading optimized.
* More detailed log messages (mostly transfer-related).
* Copying Question section to error responses.
* Using zone name from config file as default origin in zone file.
* Additional records are now added to response also from wildcard-covered names.
* Improved user manual.
* Better checks of corrupted zone database.
* Tue Aug 28 2012 pgajdosAATTsuse.com- fix build for older distributions (dont user %{make_install} macro)
* Mon Jul 02 2012 pgajdosAATTsuse.com- initial version 1.0.6
  
ICM