Changelog for knot-debugsource-1.6.8-lp152.5.3.1.x86_64.rpm :

* Thu Jul 23 2020 Alexandros Toptsoglou - CVE-2017-11104: Fixed an improper implementation of TSIG protocol which could have allowed an attacker with a valid key name and algorithm to bypass TSIG authentication (bsc#1047841). Added knot-CVE-2017-11104.patch
* Mon Jan 08 2018 iAATTmarguerite.su- add knot-openssl-1.1+.patch
* fix build with openssl 1.1+
* Mon Jun 05 2017 pgajdosAATTsuse.com- refreshed 0002-make-configure.ac-compatible-with-old-tools.patch to fix build
* Mon Feb 13 2017 mrueckertAATTsuse.de- update to 1.6.8 - Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171)
* Tue May 10 2016 mrueckertAATTsuse.de- fix the sphinx buildrequires so we can build on sle12
* Thu Feb 11 2016 mrueckertAATTsuse.de- update to 1.6.7 - Improvements: - IXFR: Log change of the zone serial number after the transfer. - RRL: Document operational impact of various settings. - RRL: Add support for zero slip (dropping of all limited responses).
* Tue Nov 24 2015 mrueckertAATTsuse.de- update to 1.6.6 - Fix daemon startup systemd notification - Out-of-bound read in packet parser for malformed NAPTR records (LibFuzzer) - Add rosedb module- enable rosedb- refresh patches to apply cleanly again 0001-loosen-openssl-dependency.patch 0002-make-configure.ac-compatible-with-old-tools.patch
* Thu Sep 03 2015 mrueckertAATTsuse.de- skip silent rule in configure.ac to fix the SLE 11 build
* Thu Sep 03 2015 mrueckertAATTsuse.de- update to 1.6.5 - Bugfixes: - Do not reload expired zones on \'knotc reload\' and server startup - Fix rare race-condition in event scheduling causing delayed event execution - Fix skipping of non-authoritative nodes in NSEC proofs - Fix TC flag setting in RRL slipped answers - Disable domain name compression for root label for better compatibility - Log via journald only when running under systemd - Improve lookup of libsystemd build dependencies - Fix compilation warnings in endian conversion functions on OpenBSD - Features: - Update persistent timers only on shutdown for better performance - Add \'request-edns-option\' config option to add custom EDNS0 option into server initiated queries - Allow specification of time units in \'max-conn-idle\', \'max-conn-handshake\', \'max-conn-reply\', and \'notify-timeout\' config options- changes in 1.6.4 - Bugfixes: - Fix lost NOTIFY message if received during zone transfer - Fix compilation error with LibreSSL - Disable fast zone parser when compiled in Clang (workaround for Clang bug) - kdig: Record correct dnstap SocketProtocol when retrying over TCP - kdig: Hide TSIG section with +noall - Do not set AA flag for AXFR/IXFR queries - Features: - Zone parser: Split long TXT/SPF strings into multiple strings - kdig: Add generic dump style option (+generic) - Try all master servers in multi-master environment - Improvements: - Zone dump: Do not write class for SOA record (unified with other RR types) - Zone dump: Do not write master server address into the zone file- refresh patches to apply cleanly again- sync spec file with knot2 spec file - use bcond_with for the systemd conditional - replace all occurences of %{name} with %{pkg_name} - removed duplicated libexecdir - also pass disable static and includedir
* Wed Apr 29 2015 mrueckertAATTsuse.de- local state dir should be just /var
* Thu Apr 09 2015 mrueckertAATTsuse.de- enable dnstap support for factory and newer: - new BR: protobuf-c and libfstrm-devel- prepared lto support but not enabled yet, still need to find out which distros support it
* Thu Apr 09 2015 mrueckertAATTsuse.de- update to 1.6.3 - Performance drop for NSEC-signed zones - Proper handling of TCP short-writes - Out-of-bound read in zone parser for long domain names in origin (AFL fuzzer) - Out-of-bound read in packet parser for TSIG RR without RDATA (AFL fuzzer) - Out-of-bound read in packet parser for malformed NAPTR RR (AFL fuzzer) - CDS and CDNSKEY support in zone parser - Add defaults for TCP config options into documentation - Detailed error message if zone reload fails- refreshed patches to apply cleanly again: 0002-make-configure.ac-compatible-with-old-tools.patch
* Tue Mar 10 2015 mrueckertAATTsuse.de- update to 1.6.2 - Limiting number of parallel TCP clients (max-tcp-clients config option) - Ignore refresh and transfer events on non-slave zones - Compilation with Dnstap support on FreeBSD - Possible file descriptor leak when terminating inactive TCP clients- refreshed patches to apply cleanly again: 0002-make-configure.ac-compatible-with-old-tools.patch- moved autoreconf -fi to %build so it wont be tried in quilt setup or similar tools- move up the %if case for systemd in for the preun scriptlet to avoid warning about empty scripts on non systemd distributions.- used xz tarball: new buildrequires xz
* Thu Jan 08 2015 tchvatalAATTsuse.com- Add deps on the docu packages to regen documentation- Enable systemd integration fully- Add dep on libidn- Cleanup with spec-cleaner
* Wed Dec 31 2014 ondrejAATTsury.org- Only require lmdb-devel on (Open)SUSE 13.2 and higher
* Wed Dec 31 2014 ondrejAATTsury.org- Updated to 1.6.1 Bugfixes: - Journal file would sometimes outgrow its set limit - Fixed incompatibility with OpenSSL 0.9.8 - Proper handling when machine hostname cannot be retreived Features: - Support for DNSSEC Single Type Signing Scheme- Compile with lmdb-devel to add support for persistent timers
* Tue Nov 18 2014 pgajdosAATTsuse.com- Updated to 1.6.0 Bugfixes: - Fix zone expiration when AXFR/IXFR is being refused by master - Fix forced zone refresh on slave (knotc refresh -f) - Persistent timers database opening after privileges has been dropped - DNSSEC: RFC compliant processing of letter case in RDATA domain names - EDNS: Return minimal error response for queries with unsupported version - EDNS: Fix interpretation of Extended RCODE Improvements: - Maximal size of persistent timers database increased from 10 MB to 100 MB - Added logging of persistent timers database errors Features: - Persistent timers for slave zones (expire, refresh, and flush)