SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for knot-1.6.8-97.1.x86_64.rpm :
Mon Jan 8 13:00:00 2018 iAATTmarguerite.su
- add knot-openssl-1.1+.patch

* fix build with openssl 1.1+

Mon Jun 5 14:00:00 2017 pgajdosAATTsuse.com
- refreshed 0002-make-configure.ac-compatible-with-old-tools.patch
to fix build

Mon Feb 13 13:00:00 2017 mrueckertAATTsuse.de
- update to 1.6.8
- Zone size limit restriction for DDNS, AXFR, and IXFR
(CVE-2016-6171)

Tue May 10 14:00:00 2016 mrueckertAATTsuse.de
- fix the sphinx buildrequires so we can build on sle12

Thu Feb 11 13:00:00 2016 mrueckertAATTsuse.de
- update to 1.6.7
- Improvements:
- IXFR: Log change of the zone serial number after the
transfer.
- RRL: Document operational impact of various settings.
- RRL: Add support for zero slip (dropping of all limited
responses).

Tue Nov 24 13:00:00 2015 mrueckertAATTsuse.de
- update to 1.6.6
- Fix daemon startup systemd notification
- Out-of-bound read in packet parser for malformed NAPTR records
(LibFuzzer)
- Add rosedb module
- enable rosedb
- refresh patches to apply cleanly again
0001-loosen-openssl-dependency.patch
0002-make-configure.ac-compatible-with-old-tools.patch

Thu Sep 3 14:00:00 2015 mrueckertAATTsuse.de
- skip silent rule in configure.ac to fix the SLE 11 build

Thu Sep 3 14:00:00 2015 mrueckertAATTsuse.de
- update to 1.6.5
- Bugfixes:
- Do not reload expired zones on \'knotc reload\' and server
startup
- Fix rare race-condition in event scheduling causing delayed
event execution
- Fix skipping of non-authoritative nodes in NSEC proofs
- Fix TC flag setting in RRL slipped answers
- Disable domain name compression for root label for better
compatibility
- Log via journald only when running under systemd
- Improve lookup of libsystemd build dependencies
- Fix compilation warnings in endian conversion functions on
OpenBSD
- Features:
- Update persistent timers only on shutdown for better
performance
- Add \'request-edns-option\' config option to add custom EDNS0
option into server initiated queries
- Allow specification of time units in \'max-conn-idle\',
\'max-conn-handshake\', \'max-conn-reply\', and \'notify-timeout\'
config options
- changes in 1.6.4
- Bugfixes:
- Fix lost NOTIFY message if received during zone transfer
- Fix compilation error with LibreSSL
- Disable fast zone parser when compiled in Clang (workaround
for Clang bug)
- kdig: Record correct dnstap SocketProtocol when retrying
over TCP
- kdig: Hide TSIG section with +noall
- Do not set AA flag for AXFR/IXFR queries
- Features:
- Zone parser: Split long TXT/SPF strings into multiple
strings
- kdig: Add generic dump style option (+generic)
- Try all master servers in multi-master environment
- Improvements:
- Zone dump: Do not write class for SOA record (unified with
other RR types)
- Zone dump: Do not write master server address into the zone
file
- refresh patches to apply cleanly again
- sync spec file with knot2 spec file
- use bcond_with for the systemd conditional
- replace all occurences of %{name} with %{pkg_name}
- removed duplicated libexecdir
- also pass disable static and includedir

Wed Apr 29 14:00:00 2015 mrueckertAATTsuse.de
- local state dir should be just /var

Thu Apr 9 14:00:00 2015 mrueckertAATTsuse.de
- enable dnstap support for factory and newer:
- new BR: protobuf-c and libfstrm-devel
- prepared lto support but not enabled yet, still need to find out
which distros support it

Thu Apr 9 14:00:00 2015 mrueckertAATTsuse.de
- update to 1.6.3
- Performance drop for NSEC-signed zones
- Proper handling of TCP short-writes
- Out-of-bound read in zone parser for long domain names in
origin (AFL fuzzer)
- Out-of-bound read in packet parser for TSIG RR without RDATA
(AFL fuzzer)
- Out-of-bound read in packet parser for malformed NAPTR RR (AFL
fuzzer)
- CDS and CDNSKEY support in zone parser
- Add defaults for TCP config options into documentation
- Detailed error message if zone reload fails
- refreshed patches to apply cleanly again:
0002-make-configure.ac-compatible-with-old-tools.patch

Tue Mar 10 13:00:00 2015 mrueckertAATTsuse.de
- update to 1.6.2
- Limiting number of parallel TCP clients (max-tcp-clients config
option)
- Ignore refresh and transfer events on non-slave zones
- Compilation with Dnstap support on FreeBSD
- Possible file descriptor leak when terminating inactive TCP
clients
- refreshed patches to apply cleanly again:
0002-make-configure.ac-compatible-with-old-tools.patch
- moved autoreconf -fi to %build so it wont be tried in quilt setup
or similar tools
- move up the %if case for systemd in for the preun scriptlet to
avoid warning about empty scripts on non systemd distributions.
- used xz tarball: new buildrequires xz

Thu Jan 8 13:00:00 2015 tchvatalAATTsuse.com
- Add deps on the docu packages to regen documentation
- Enable systemd integration fully
- Add dep on libidn
- Cleanup with spec-cleaner

Wed Dec 31 13:00:00 2014 ondrejAATTsury.org
- Only require lmdb-devel on (Open)SUSE 13.2 and higher

Wed Dec 31 13:00:00 2014 ondrejAATTsury.org
- Updated to 1.6.1
Bugfixes:
- Journal file would sometimes outgrow its set limit
- Fixed incompatibility with OpenSSL 0.9.8
- Proper handling when machine hostname cannot be retreived
Features:
- Support for DNSSEC Single Type Signing Scheme
- Compile with lmdb-devel to add support for persistent timers

Tue Nov 18 13:00:00 2014 pgajdosAATTsuse.com
- Updated to 1.6.0
Bugfixes:
- Fix zone expiration when AXFR/IXFR is being refused by master
- Fix forced zone refresh on slave (knotc refresh -f)
- Persistent timers database opening after privileges has been dropped
- DNSSEC: RFC compliant processing of letter case in RDATA domain names
- EDNS: Return minimal error response for queries with unsupported version
- EDNS: Fix interpretation of Extended RCODE
Improvements:
- Maximal size of persistent timers database increased from 10 MB to 100 MB
- Added logging of persistent timers database errors
Features:
- Persistent timers for slave zones (expire, refresh, and flush)

Mon Sep 15 14:00:00 2014 ondrejAATTsury.org
- Updated to 1.5.3
Bugfixes:
- Some specific incoming IXFRs were causing server to crash
- Rare sychronization error during reload caused read-after-free
- Response synthetization module did not work properly with DNSSEC-enabled zones
- When Knot sent AXFR when IXFR was requested, message ID and opcode were wrong
- Knot failed to send large messages to remote control (present since 1.5.1)
- Some RR parsing corner cases were not handled properly
- AXFR-style IXFR was refused and had to be retransfered
- Hash character (#) was not properly escaped when storing text zone file
- DNSSEC: DNAMEs in RDATA were not lowercased before signing
- EDNS: OPT RR were not put into responsing for some errors
- TSIG: DDNS responses were not signed with TSIG
- DDNS: Prerequisite checks failed for some inputs
- knsupdate: Zone origin was not used for deletions
Features:
- Basic support for logging using systemd journal
- DDNS: Ability to process updates in bulk
Improvements:
- Unified logging messages structure
- DNSSEC: More strict controls for signing keys
- Refreshed patches on top of 1.5.3 release:

* 0001-loosen-openssl-dependency.patch

* 0002-make-configure.ac-compatible-with-old-tools.patch

Fri Jul 11 14:00:00 2014 ondrejAATTsury.org
- Squash 0002-remove-AM_SILENT_RULES.patch and 0003-no-dist-xz.patch
into 0002-make-configure.ac-compatible-with-old-tools.patch that
removes configure.ac options incompatible with SLES_11_SP[23].
- added patches:

* 0002-make-configure.ac-compatible-with-old-tools.patch
- removed patches:

* 0002-remove-AM_SILENT_RULES.patch

* 0003-no-dist-xz.patch

Thu Jul 10 14:00:00 2014 ondrejAATTsury.org
- Updated to 1.5.0
Features:

* DDNS forwarding reimplemented

* edns-client-subnet support in kdig

* Optional asynchronous startup (config \"asynchronous-start\")

* Pluggable query processing modules

* Synthetic IPv4/IPv6 reverse/forward records (optional module)

* dnstap support in both utilities & server (optional module)

* NOTIFY message support and new TSIG section in kdig

* Multi-master support
Improvements:

* Transfer sizes logged in bytes if needed

* Logging outgoing NOTIFY messages

* Logging unauthorized incoming NOTIFYs

* Preempt task queue for faster reload

* Lazy zone file write after zone transfer (governed by \"zonefile-sync\")

* Query processing and core functionality overhaul

* Performance and reduced memory footprint

* Faster zone events scheduling

* RFC compliant queries/responses in some corner cases

* Log messages

* New documentation (Sphinx)
Bugfixes:

* Zone flush planning after bootstrap

* Incorrect incoming AXFR message sizes

* DDNS signing changes were freed too soon, posibility of stale data

* knotc remote control key handling

* Close zone transfer after SERVFAIL response

* Incremental to full zone transfer fallback, wrong log message

* Zone events corner cases, reload replanning

Tue Jun 24 14:00:00 2014 pgajdosAATTsuse.com
- updated to 1.4.7:

* Fixed DDNS corner cases

* Fixed zone EXPIRE timer

* Fixed semantic checks false positives

* Fixed sending malformed IXFR with automatic DNSSEC

* Fixed NAPTR record serialization

Mon May 12 14:00:00 2014 ondrejAATTsury.org
- Fixed the missing 1.4.5 tarball

Tue Apr 15 14:00:00 2014 ondrejAATTsury.org
- updated to 1.4.5
Bugfixes:

* Fix possible weakness in TSIG signature checking

Fri Mar 28 13:00:00 2014 pgajdosAATTsuse.com
- updated to 1.4.4
Features:

* Server is logging remote control commands

* \'knotc reload\' doesn\'t refresh unchanged zones

* \'knotc -f refresh\' forces zone retransfer
Bugfixes:

* Missing notifications after DDNS/automatic resign

* Zone is rebootstrapped if the zone file is unreadable

* Progressive bootstrap retry backoff

* Zone file parser allows asterisk as part of the label

* Journal maximum entry size fixes

* Sign DNSKEYs in non-apex nodes as regular RR sets

Tue Feb 18 13:00:00 2014 ondrejAATTsury.org
- Enable recvmmsg support in the build to increase performance
- Update upstream config directory to /etc/knot (instead of /etc/knot/knot)
- Replace tar.xz with tar.gz to allow backporting to older releases
- Disable silent rules to have more verbose builds
- Add support to compile with OpenSSL << 1.0.0
- added patches:

* 0001-loosen-openssl-dependency.patch

Tue Feb 18 13:00:00 2014 ondrejAATTsury.org
- update to 1.4.3:

* Failure when expanding wildcard leading to apex and having DNSKEY records

* Failure for query to wildcard without wildcard expansion

* Bad cleanup when loading a faulty entry from a journal

* Zone file $ORIGIN and configuration comparison is case-insensitive

* Config \"include\" statement supports directory and includes all files within

Mon Jan 27 13:00:00 2014 ondrejAATTsury.org
- update to 1.4.2:

* AXFR/IXFR compatibility issues with tinydns/axfrdns

* Journal file is created only when needed

* Zone-related log messages are logged into correct category

* DNSSEC: Refresh signatures earlier (3 days before their expiration
with the default signature lifetime)

* Fixed RCU synchronization causing deadlock on \'knotc signzone\'

* RRSIG not fitting in the additional records doesn\'t cause truncation

Tue Jan 14 13:00:00 2014 ondrejAATTsury.org
- update to 1.4.1:

* Empty APL record support

* \'zonestatus\' when using immediate zone syncing

* Immediate zone syncing after reload

* Race condition writing time values to zone file

* Hard require OpenSSL >= 1.0.0
- removed patches:

* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch

* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch

Wed Jan 8 13:00:00 2014 ondrejAATTsury.org
- Add support to compile with OpenSSL << 1.0.0
- added patches:

* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch

* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch

Wed Jan 8 13:00:00 2014 ondrejAATTsury.org
- update to 1.4.0:

* Experimental automatic DNSSEC signing

* Fastest ragel parser enabled by default

* Reduced memory usage

* Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and
automatic DNSSEC signing

* IDN support in Knot utilities (kdig, knsupdate, ...)

* DNSSEC: support for GOST algorithm

* Support for DNSSEC key pre-publication

Mon Dec 16 13:00:00 2013 ondrejAATTsury.org
- update to 1.3.4:

* Bugfixes:
Crash in particular additionals processing
Race condition in event cancelation
Journal corruption after failed transactions

Tue Nov 26 13:00:00 2013 pgajdosAATTsuse.com
- update to 1.3.3:

* New features:
Reduced memory usage
Improved performance
Experimental automatic DNSSEC signing
Refactored zone loading
Improved journal locking

* Bugfixes:
Fixed some race conditions
Various fixes in client utilities

Mon Sep 9 14:00:00 2013 pgajdosAATTsuse.com
- update to 1.3.1

* Faster zone parser

* Full support for EUI and ILNP resource records

* Lower memory footprint for large zones

* No compilation of zones

* Improved scheduling of zone transfers

* Logging of serials and timing information for zone transfers

* see NEWS or https://www.knot-dns.cz/ for details

Wed Apr 3 14:00:00 2013 ondrejAATTsury.org
- Update to 1.2.0 final
Bugfixes:

* Memory leaks

Fri Mar 22 13:00:00 2013 ondrejAATTsury.org
- Update to 1.2.0-rc4
New features:

* knotc \'zonestatus\' command
Bugfixes:

* Changing logfile ownership before dropping privileges

* knotc respects \'control\' section from configuration

* RRL: resolved bucket collisions

* RRL: updated bucket mapping to conform RRL technical memo

Tue Mar 12 13:00:00 2013 ondrejAATTsury.org
- Update to 1.2.0-rc3
New features:

* Dynamic updates, including forwarding (limited on signed zones)

* Updated remote control utility

* Configurable TCP timeouts

* LOC RR support

* Response rate limiting (see documentation)
Bugfixes:

* Fixed processing of some non-standard dnames.

* Correct checking of label length bounds in some cases.

* More compliant rcodes in case of DDNS/TSIG failures.

* Correct processing of malformed DDNS prereq section.

* Fixed OpenBSD build

* Responses to ANY should contain RRSIGs

Sat Nov 24 13:00:00 2012 ajAATTsuse.de
- Documentation only needs makeinfo, thus require it instead of texinfo
where it\'s available as separate package.

Thu Nov 22 13:00:00 2012 ondrejAATTsury.org
- update to 1.1.2:
Bugfixes:

* Fixed crash on reload when config contained duplicate zones.

* Fixed scheduling of transfers.

* Fixed debug message.
- merge some changes from fedora spec file
- remove unittest files, they don\'t belong in binary packages
- depend on texinfo package to build the documentation

Tue Nov 20 13:00:00 2012 pgajdosAATTsuse.com
- update to 1.1.1:
New features:

* Optionally disable ANY queries for authoritative answers.

* Dropping identical records in zone and incoming transfers.

* Support for \'/\' in zone names.

* Generating journal from reloaded zone (EXPERIMENTAL).

* Outgoing-only interfaces in configuration file.

* Following DNAME if the synthetized name is in the same zone.

* Signing SOA with TSIG queries when checking zone version with master.

* Improved compression of packets. Out-of-zone dnames present in RDATA
were not compressed.

* Slave zones are now automatically refreshed after startup.

* Proper response to IXFR/UDP query (returns SOA in Authority section).
Bugfixes:

* Crash when zone contained RRSIG signing a CNAME, but did not
contain the CNAME.

* Malformed packets parsing.

* Failed IXFR caused memory leaks.

* Failed IXFR might have resulted in inconsistent zone structures.

* Fixed answering to +dnssec queries when NSEC3 chain is corrupted.

* Fixed answering when transitioning from NSEC3 to NSEC.

* Fixed answering when zone contains multiple NSEC3 chains.

* Handling RRSets with different TTLs - TTL from the first RR is used.

* Synchronization of zone reload and zone transfers.

* Fixed build on NetBSD 5 and FreeBSD.

* Fixed binding to both IPv4 and IPv6 at the same time on special
interfaces.

* Fixed access rights of created files.

* Semantic checks corrupted RDATA domain names which are covered by
wildcard in the same zone.

* Fixed ixfr-from-differences journal generation in case of IPSECKEY
and APL records.

* Fixed possible leak on server shutdown with a pending transfer.

* Syncing journal to zone was not updating the compiled zone database.

* Crash after IXFR in certain cases when adding RRSIG in an IXFR.

* Fixed behaviour when incoming IXFR removes a zone cut. Previously
occluded names now become properly visible. Previously lead to a
crash when the server was asked for the previously occluded name.

* Fixed handling of zero-length strings in text zone dump. Caused the
compilation to fail.

* Fixed TSIG algorithm name comparison - the names should be in
canonical form.

* Fixed handling unknown RR types with type less than 251.
Other improvements:

* IXFR-in optimized.

* Many zones loading optimized.

* More detailed log messages (mostly transfer-related).

* Copying Question section to error responses.

* Using zone name from config file as default origin in zone file.

* Additional records are now added to response also from
wildcard-covered names.

* Improved user manual.

* Better checks of corrupted zone database.

Tue Aug 28 14:00:00 2012 pgajdosAATTsuse.com
- fix build for older distributions (dont user %{make_install}
macro)

Mon Jul 2 14:00:00 2012 pgajdosAATTsuse.com
- initial version 1.0.6


  
ICM