SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for knot-resolver-doc-5.0.1-2.fc32.noarch.rpm :

* Thu Apr 02 2020 Tomas Krizek - 5.0.1-2- add patch to fix strict aliasing (!971) until next release
* Wed Feb 05 2020 Tomas Krizek - 5.0.1-1- update to upstream version 5.0.1- ensure kres-cache-gc.service is restarted on upgrade
* Wed Jan 29 2020 Fedora Release Engineering - 5.0.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 27 2020 Tomas Krizek - 5.0.0-1- update to new upstream version 5.0.0- removed systemd socket files (no longer supported)- add upgrade scriptlets for 5.x- remove lua-sec, lua-socket, lua-filesystem dependencies- create tmpfiles dirs with macro
* Wed Dec 04 2019 Tomas Krizek - 4.3.0-1- update to new upstream version 4.3.0- make config directory read-only for knot-resolver, relocate root.keys to /var/lib- http module now depends on the exact same binary version of knot-resolver
* Tue Nov 12 2019 Tomas Krizek - 4.2.2-2- rebuild for libknot10 (Knot DNS 2.9.1)
* Mon Oct 07 2019 Tomas Krizek - 4.2.2-1- update to new upstream version 4.2.2
* Thu Sep 26 2019 Tomas Krizek - 4.2.1-1- update to new upstream version 4.2.1
* Wed Aug 21 2019 Tomas Krizek - 4.2.0-1- update to new upstream version 4.2.0- added lua-psl dependency for policy.slice() functionality
* Thu Jul 25 2019 Fedora Release Engineering - 4.1.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jul 10 2019 Tomas Krizek - 4.1.0-1- update to new upstream version 4.1.0- add kres-cache-gc.service
* Wed May 29 2019 Tomas Krizek - 4.0.0.-1- rebase to new upstream release 4.0.0- bump Knot DNS libraries to 2.8 (ABI compat)- use new upstream build system - meson- add knot-resolver-module-http package along with new lua dependecies
* Fri Feb 01 2019 Fedora Release Engineering - 3.2.1-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 10 2019 Tomas Krizek - 3.2.1-1Knot Resolver 3.2.1 (2019-01-10)================================Bugfixes--------- trust_anchors: respect validity time range during TA bootstrap (!748)- fix TLS rehandshake handling (!739)- make TLS_FORWARD compatible with GnuTLS 3.3 (!741)- special thanks to Grigorii Demidov for his long-term work on Knot Resolver!Improvements------------- improve handling of timeouted outgoing TCP connections (!734)- trust_anchors: check syntax of public keys in DNSKEY RRs (!748)- validator: clarify message about bogus non-authoritative data (!735)- dnssec validation failures contain more verbose reasoning (!735)- new function trust_anchors.summary() describes state of DNSSEC TAs (!737), and logs new state of trust anchors after start up and automatic changes- trust anchors: refuse revoked DNSKEY even if specified explicitly, and downgrade missing the SEP bit to a warning
* Mon Dec 17 2018 Tomas Krizek - 3.2.0-1Knot Resolver 3.2.0 (2018-12-17)================================New features------------- module edns_keepalive to implement server side of RFC 7828 (#408)- module nsid to implement server side of RFC 5001 (#289)- module bogus_log provides .frequent() table (!629, credit Ulrich Wisser)- module stats collects flags from answer messages (!629, credit Ulrich Wisser)- module view supports multiple rules with identical address/TSIG specification and keeps trying rules until a \"non-chain\" action is executed (!678)- module experimental_dot_auth implements an DNS-over-TLS to auth protocol (!711, credit Manu Bretelle)- net.bpf bindings allow advanced users to use eBPF socket filtersBugfixes--------- http module: only run prometheus in parent process if using --forks=N, as the submodule collects metrics from all sub-processes as well.- TLS fixes for corner cases (!700, !714, !716, !721, !728)- fix build with -DNOVERBOSELOG (#424)- policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710)- avoid SERVFAILs due to certain kind of NS dependency cycles, again (#374) this time seen as \'circular dependency\' in verbose logs- policy and view modules do not overwrite result finished requests (!678)Improvements------------- Dockerfile: rework, basing on Debian instead of Alpine- policy.{FORWARD,TLS_FORWARD,STUB}: give advantage to IPv6 when choosing whom to ask, just as for iteration- use pseudo-randomness from gnutls instead of internal ISAAC (#233)- tune the way we deal with non-responsive servers (!716, !723)- documentation clarifies interaction between policy and view modules (!678, !730)Module API changes------------------- new layer is added: answer_finalize- kr_request keeps ::qsource.packet beyond the begin layer- kr_request::qsource.tcp renamed to ::qsource.flags.tcp- kr_request::has_tls renamed to ::qsource.flags.tls- kr_zonecut_add(), kr_zonecut_del() and kr_nsrep_sort() changed parameters slightly
* Fri Nov 02 2018 Tomas Krizek - 3.1.0-1Knot Resolver 3.1.0 (2018-11-02)================================Incompatible changes--------------------- hints.use_nodata(true) by default; that\'s what most users want- libknot >= 2.7.2 is requiredImprovements------------- cache: handle out-of-space SIGBUS slightly better (#197)- daemon: improve TCP timeout handling (!686)Bugfixes--------- cache.clear(\'name\'): fix some edge cases in API (#401)- fix error handling from TLS writes (!669)- avoid SERVFAILs due to certain kind of NS dependency cycles (#374)
* Mon Aug 20 2018 Tomas Krizek - 3.0.0-1Knot Resolver 3.0.0 (2018-08-20)================================Incompatible changes--------------------- cache: fail lua operations if cache isn\'t open yet (!639) By default cache is opened
*after
* reading the configuration, and older versions were silently ignoring cache operations. Valid configuration must open cache using `cache.open()` or `cache.size =` before executing cache operations like `cache.clear()`.- libknot >= 2.7.1 is required, which brings also larger API changes- in case you wrote custom Lua modules, please consult https://knot-resolver.readthedocs.io/en/latest/lib.html#incompatible-changes-since-3-0-0- in case you wrote custom C modules, please see compile against Knot DNS 2.7 and adjust your module according to messages from C compiler- DNS cookie module (RFC 7873) is not available in this release, it will be later reworked to reflect development in IEFT dnsop working group- version module was permanently removed because it was not really used by users; if you want to receive notifications abou new releases please subscribe to https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-announceBugfixes--------- fix multi-process race condition in trust anchor maintenance (!643)- ta_sentinel: also consider static trust anchors not managed via RFC 5011Improvements------------- reorder_RR() implementation is brought back- bring in performace improvements provided by libknot 2.7- cache.clear() has a new, more powerful API- cache documentation was improved- old name \"Knot DNS Resolver\" is replaced by unambiguous \"Knot Resolver\" to prevent confusion with \"Knot DNS\" authoritative server
* Thu Aug 02 2018 Tomas Krizek - 2.4.1-1Knot Resolver 2.4.1 (2018-08-02)================================Security--------- fix CVE-2018-10920: Improper input validation bug in DNS resolver component (security!7, security!9)Bugfixes--------- cache: fix TTL overflow in packet due to min_ttl (#388, security!8)- TLS session resumption: avoid bad scheduling of rotation (#385)- HTTP module: fix a regression in 2.4.0 which broke custom certs (!632)- cache: NSEC3 negative cache even without NS record (#384) This fixes lower hit rate in NSEC3 zones (since 2.4.0).- minor TCP and TLS fixes (!623, !624, !626)
* Fri Jul 13 2018 Fedora Release Engineering - 2.4.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 03 2018 Tomas Krizek - 2.4.0-1Knot Resolver 2.4.0 (2018-07-03)================================Incompatible changes--------------------- minimal libknot version is now 2.6.7 to pull in latest fixes (#366)Security--------- fix a rare case of zones incorrectly dowgraded to insecure status (!576)New features------------- TLS session resumption (RFC 5077), both server and client (!585, #105) (disabled when compiling with gnutls < 3.5)- TLS_FORWARD policy uses system CA certificate store by default (!568)- aggressive caching for NSEC3 zones (!600)- optional protection from DNS Rebinding attack (module rebinding, !608)- module bogus_log to log DNSSEC bogus queries without verbose logging (!613)Bugfixes--------- prefill: fix ability to read certificate bundle (!578)- avoid turning off qname minimization in some cases, e.g. co.uk. (#339)- fix validation of explicit wildcard queries (#274)- dns64 module: more properties from the RFC implemented (incl. bug #375)Improvements------------- systemd: multiple enabled kresd instances can now be started using kresd.target- ta_sentinel: switch to version 14 of the RFC draft (!596)- support for glibc systems with a non-Linux kernel (!588)- support per-request variables for Lua modules (!533)- support custom HTTP endpoints for Lua modules (!527)
* Mon Apr 23 2018 Tomas Krizek - 2.3.0-1Knot Resolver 2.3.0 (2018-04-23)================================Security--------- fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4)- increase resilience against slow lorris attack (security!5)Bugfixes--------- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538)- validation: fix SERVFAIL for DS . query (!544)- lib/resolve: don\'t send unecessary queries to parent zone (!513)- iterate: fix validation for zones where parent and child share NS (!543)- TLS: improve error handling and documentation (!536, !555, !559)Improvements------------- prefill: new module to periodically import root zone into cache (replacement for RFC 7706, !511)- network_listen_fd: always create end point for supervisor supplied file descriptor- use CPPFLAGS build environment variable if set (!547)
  
ICM