Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15:Update
knot
knot.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File knot.changes of Package knot
------------------------------------------------------------------- Mon Jan 8 12:38:53 UTC 2018 - i@marguerite.su - add knot-openssl-1.1+.patch * fix build with openssl 1.1+ ------------------------------------------------------------------- Mon Jun 5 08:57:24 UTC 2017 - pgajdos@suse.com - refreshed 0002-make-configure.ac-compatible-with-old-tools.patch to fix build ------------------------------------------------------------------- Mon Feb 13 11:55:40 UTC 2017 - mrueckert@suse.de - update to 1.6.8 - Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171) ------------------------------------------------------------------- Tue May 10 22:57:40 UTC 2016 - mrueckert@suse.de - fix the sphinx buildrequires so we can build on sle12 ------------------------------------------------------------------- Thu Feb 11 00:16:19 UTC 2016 - mrueckert@suse.de - update to 1.6.7 - Improvements: - IXFR: Log change of the zone serial number after the transfer. - RRL: Document operational impact of various settings. - RRL: Add support for zero slip (dropping of all limited responses). ------------------------------------------------------------------- Tue Nov 24 22:24:55 UTC 2015 - mrueckert@suse.de - update to 1.6.6 - Fix daemon startup systemd notification - Out-of-bound read in packet parser for malformed NAPTR records (LibFuzzer) - Add rosedb module - enable rosedb - refresh patches to apply cleanly again 0001-loosen-openssl-dependency.patch 0002-make-configure.ac-compatible-with-old-tools.patch ------------------------------------------------------------------- Thu Sep 3 16:48:32 UTC 2015 - mrueckert@suse.de - skip silent rule in configure.ac to fix the SLE 11 build ------------------------------------------------------------------- Thu Sep 3 16:37:24 UTC 2015 - mrueckert@suse.de - update to 1.6.5 - Bugfixes: - Do not reload expired zones on 'knotc reload' and server startup - Fix rare race-condition in event scheduling causing delayed event execution - Fix skipping of non-authoritative nodes in NSEC proofs - Fix TC flag setting in RRL slipped answers - Disable domain name compression for root label for better compatibility - Log via journald only when running under systemd - Improve lookup of libsystemd build dependencies - Fix compilation warnings in endian conversion functions on OpenBSD - Features: - Update persistent timers only on shutdown for better performance - Add 'request-edns-option' config option to add custom EDNS0 option into server initiated queries - Allow specification of time units in 'max-conn-idle', 'max-conn-handshake', 'max-conn-reply', and 'notify-timeout' config options - changes in 1.6.4 - Bugfixes: - Fix lost NOTIFY message if received during zone transfer - Fix compilation error with LibreSSL - Disable fast zone parser when compiled in Clang (workaround for Clang bug) - kdig: Record correct dnstap SocketProtocol when retrying over TCP - kdig: Hide TSIG section with +noall - Do not set AA flag for AXFR/IXFR queries - Features: - Zone parser: Split long TXT/SPF strings into multiple strings - kdig: Add generic dump style option (+generic) - Try all master servers in multi-master environment - Improvements: - Zone dump: Do not write class for SOA record (unified with other RR types) - Zone dump: Do not write master server address into the zone file - refresh patches to apply cleanly again - sync spec file with knot2 spec file - use bcond_with for the systemd conditional - replace all occurences of %{name} with %{pkg_name} - removed duplicated libexecdir - also pass disable static and includedir ------------------------------------------------------------------- Wed Apr 29 07:03:38 UTC 2015 - mrueckert@suse.de - local state dir should be just /var ------------------------------------------------------------------- Thu Apr 9 02:51:53 UTC 2015 - mrueckert@suse.de - enable dnstap support for factory and newer: - new BR: protobuf-c and libfstrm-devel - prepared lto support but not enabled yet, still need to find out which distros support it ------------------------------------------------------------------- Thu Apr 9 02:17:01 UTC 2015 - mrueckert@suse.de - update to 1.6.3 - Performance drop for NSEC-signed zones - Proper handling of TCP short-writes - Out-of-bound read in zone parser for long domain names in origin (AFL fuzzer) - Out-of-bound read in packet parser for TSIG RR without RDATA (AFL fuzzer) - Out-of-bound read in packet parser for malformed NAPTR RR (AFL fuzzer) - CDS and CDNSKEY support in zone parser - Add defaults for TCP config options into documentation - Detailed error message if zone reload fails - refreshed patches to apply cleanly again: 0002-make-configure.ac-compatible-with-old-tools.patch ------------------------------------------------------------------- Tue Mar 10 17:20:55 UTC 2015 - mrueckert@suse.de - update to 1.6.2 - Limiting number of parallel TCP clients (max-tcp-clients config option) - Ignore refresh and transfer events on non-slave zones - Compilation with Dnstap support on FreeBSD - Possible file descriptor leak when terminating inactive TCP clients - refreshed patches to apply cleanly again: 0002-make-configure.ac-compatible-with-old-tools.patch - moved autoreconf -fi to %build so it wont be tried in quilt setup or similar tools - move up the %if case for systemd in for the preun scriptlet to avoid warning about empty scripts on non systemd distributions. - used xz tarball: new buildrequires xz ------------------------------------------------------------------- Thu Jan 8 10:07:50 UTC 2015 - tchvatal@suse.com - Add deps on the docu packages to regen documentation - Enable systemd integration fully - Add dep on libidn - Cleanup with spec-cleaner ------------------------------------------------------------------- Wed Dec 31 10:49:27 UTC 2014 - ondrej@sury.org - Only require lmdb-devel on (Open)SUSE 13.2 and higher ------------------------------------------------------------------- Wed Dec 31 10:29:48 UTC 2014 - ondrej@sury.org - Updated to 1.6.1 Bugfixes: - Journal file would sometimes outgrow its set limit - Fixed incompatibility with OpenSSL 0.9.8 - Proper handling when machine hostname cannot be retreived Features: - Support for DNSSEC Single Type Signing Scheme - Compile with lmdb-devel to add support for persistent timers ------------------------------------------------------------------- Tue Nov 18 15:49:27 UTC 2014 - pgajdos@suse.com - Updated to 1.6.0 Bugfixes: - Fix zone expiration when AXFR/IXFR is being refused by master - Fix forced zone refresh on slave (knotc refresh -f) - Persistent timers database opening after privileges has been dropped - DNSSEC: RFC compliant processing of letter case in RDATA domain names - EDNS: Return minimal error response for queries with unsupported version - EDNS: Fix interpretation of Extended RCODE Improvements: - Maximal size of persistent timers database increased from 10 MB to 100 MB - Added logging of persistent timers database errors Features: - Persistent timers for slave zones (expire, refresh, and flush) ------------------------------------------------------------------- Mon Sep 15 19:44:38 UTC 2014 - ondrej@sury.org - Updated to 1.5.3 Bugfixes: - Some specific incoming IXFRs were causing server to crash - Rare sychronization error during reload caused read-after-free - Response synthetization module did not work properly with DNSSEC-enabled zones - When Knot sent AXFR when IXFR was requested, message ID and opcode were wrong - Knot failed to send large messages to remote control (present since 1.5.1) - Some RR parsing corner cases were not handled properly - AXFR-style IXFR was refused and had to be retransfered - Hash character (#) was not properly escaped when storing text zone file - DNSSEC: DNAMEs in RDATA were not lowercased before signing - EDNS: OPT RR were not put into responsing for some errors - TSIG: DDNS responses were not signed with TSIG - DDNS: Prerequisite checks failed for some inputs - knsupdate: Zone origin was not used for deletions Features: - Basic support for logging using systemd journal - DDNS: Ability to process updates in bulk Improvements: - Unified logging messages structure - DNSSEC: More strict controls for signing keys - Refreshed patches on top of 1.5.3 release: * 0001-loosen-openssl-dependency.patch * 0002-make-configure.ac-compatible-with-old-tools.patch ------------------------------------------------------------------- Fri Jul 11 09:06:45 UTC 2014 - ondrej@sury.org - Squash 0002-remove-AM_SILENT_RULES.patch and 0003-no-dist-xz.patch into 0002-make-configure.ac-compatible-with-old-tools.patch that removes configure.ac options incompatible with SLES_11_SP[23]. - added patches: * 0002-make-configure.ac-compatible-with-old-tools.patch - removed patches: * 0002-remove-AM_SILENT_RULES.patch * 0003-no-dist-xz.patch ------------------------------------------------------------------- Thu Jul 10 08:18:29 UTC 2014 - ondrej@sury.org - Updated to 1.5.0 Features: * DDNS forwarding reimplemented * edns-client-subnet support in kdig * Optional asynchronous startup (config "asynchronous-start") * Pluggable query processing modules * Synthetic IPv4/IPv6 reverse/forward records (optional module) * dnstap support in both utilities & server (optional module) * NOTIFY message support and new TSIG section in kdig * Multi-master support Improvements: * Transfer sizes logged in bytes if needed * Logging outgoing NOTIFY messages * Logging unauthorized incoming NOTIFYs * Preempt task queue for faster reload * Lazy zone file write after zone transfer (governed by "zonefile-sync") * Query processing and core functionality overhaul * Performance and reduced memory footprint * Faster zone events scheduling * RFC compliant queries/responses in some corner cases * Log messages * New documentation (Sphinx) Bugfixes: * Zone flush planning after bootstrap * Incorrect incoming AXFR message sizes * DDNS signing changes were freed too soon, posibility of stale data * knotc remote control key handling * Close zone transfer after SERVFAIL response * Incremental to full zone transfer fallback, wrong log message * Zone events corner cases, reload replanning ------------------------------------------------------------------- Tue Jun 24 12:56:27 UTC 2014 - pgajdos@suse.com - updated to 1.4.7: * Fixed DDNS corner cases * Fixed zone EXPIRE timer * Fixed semantic checks false positives * Fixed sending malformed IXFR with automatic DNSSEC * Fixed NAPTR record serialization ------------------------------------------------------------------- Mon May 12 12:38:02 UTC 2014 - ondrej@sury.org - Fixed the missing 1.4.5 tarball ------------------------------------------------------------------- Tue Apr 15 07:08:27 UTC 2014 - ondrej@sury.org - updated to 1.4.5 Bugfixes: * Fix possible weakness in TSIG signature checking ------------------------------------------------------------------- Fri Mar 28 10:56:24 UTC 2014 - pgajdos@suse.com - updated to 1.4.4 Features: * Server is logging remote control commands * 'knotc reload' doesn't refresh unchanged zones * 'knotc -f refresh' forces zone retransfer Bugfixes: * Missing notifications after DDNS/automatic resign * Zone is rebootstrapped if the zone file is unreadable * Progressive bootstrap retry backoff * Zone file parser allows asterisk as part of the label * Journal maximum entry size fixes * Sign DNSKEYs in non-apex nodes as regular RR sets ------------------------------------------------------------------- Tue Feb 18 14:56:36 UTC 2014 - ondrej@sury.org - Enable recvmmsg support in the build to increase performance - Update upstream config directory to /etc/knot (instead of /etc/knot/knot) - Replace tar.xz with tar.gz to allow backporting to older releases - Disable silent rules to have more verbose builds - Add support to compile with OpenSSL << 1.0.0 - added patches: * 0001-loosen-openssl-dependency.patch ------------------------------------------------------------------- Tue Feb 18 12:07:36 UTC 2014 - ondrej@sury.org - update to 1.4.3: * Failure when expanding wildcard leading to apex and having DNSKEY records * Failure for query to wildcard without wildcard expansion * Bad cleanup when loading a faulty entry from a journal * Zone file $ORIGIN and configuration comparison is case-insensitive * Config "include" statement supports directory and includes all files within ------------------------------------------------------------------- Mon Jan 27 15:17:49 UTC 2014 - ondrej@sury.org - update to 1.4.2: * AXFR/IXFR compatibility issues with tinydns/axfrdns * Journal file is created only when needed * Zone-related log messages are logged into correct category * DNSSEC: Refresh signatures earlier (3 days before their expiration with the default signature lifetime) * Fixed RCU synchronization causing deadlock on 'knotc signzone' * RRSIG not fitting in the additional records doesn't cause truncation ------------------------------------------------------------------- Tue Jan 14 15:14:06 UTC 2014 - ondrej@sury.org - update to 1.4.1: * Empty APL record support * 'zonestatus' when using immediate zone syncing * Immediate zone syncing after reload * Race condition writing time values to zone file * Hard require OpenSSL >= 1.0.0 - removed patches: * 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch * 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch ------------------------------------------------------------------- Wed Jan 8 08:58:19 UTC 2014 - ondrej@sury.org - Add support to compile with OpenSSL << 1.0.0 - added patches: * 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch * 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch ------------------------------------------------------------------- Wed Jan 8 08:40:45 UTC 2014 - ondrej@sury.org - update to 1.4.0: * Experimental automatic DNSSEC signing * Fastest ragel parser enabled by default * Reduced memory usage * Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and automatic DNSSEC signing * IDN support in Knot utilities (kdig, knsupdate, ...) * DNSSEC: support for GOST algorithm * Support for DNSSEC key pre-publication ------------------------------------------------------------------- Mon Dec 16 09:46:03 UTC 2013 - ondrej@sury.org - update to 1.3.4: * Bugfixes: Crash in particular additionals processing Race condition in event cancelation Journal corruption after failed transactions ------------------------------------------------------------------- Tue Nov 26 13:36:54 UTC 2013 - pgajdos@suse.com - update to 1.3.3: * New features: Reduced memory usage Improved performance Experimental automatic DNSSEC signing Refactored zone loading Improved journal locking * Bugfixes: Fixed some race conditions Various fixes in client utilities ------------------------------------------------------------------- Mon Sep 9 15:16:04 UTC 2013 - pgajdos@suse.com - update to 1.3.1 * Faster zone parser * Full support for EUI and ILNP resource records * Lower memory footprint for large zones * No compilation of zones * Improved scheduling of zone transfers * Logging of serials and timing information for zone transfers * see NEWS or https://www.knot-dns.cz/ for details ------------------------------------------------------------------- Wed Apr 3 15:37:52 UTC 2013 - ondrej@sury.org - Update to 1.2.0 final Bugfixes: * Memory leaks ------------------------------------------------------------------- Fri Mar 22 15:32:38 UTC 2013 - ondrej@sury.org - Update to 1.2.0-rc4 New features: * knotc 'zonestatus' command Bugfixes: * Changing logfile ownership before dropping privileges * knotc respects 'control' section from configuration * RRL: resolved bucket collisions * RRL: updated bucket mapping to conform RRL technical memo ------------------------------------------------------------------- Tue Mar 12 08:37:55 UTC 2013 - ondrej@sury.org - Update to 1.2.0-rc3 New features: * Dynamic updates, including forwarding (limited on signed zones) * Updated remote control utility * Configurable TCP timeouts * LOC RR support * Response rate limiting (see documentation) Bugfixes: * Fixed processing of some non-standard dnames. * Correct checking of label length bounds in some cases. * More compliant rcodes in case of DDNS/TSIG failures. * Correct processing of malformed DDNS prereq section. * Fixed OpenBSD build * Responses to ANY should contain RRSIGs ------------------------------------------------------------------- Sat Nov 24 09:12:42 UTC 2012 - aj@suse.de - Documentation only needs makeinfo, thus require it instead of texinfo where it's available as separate package. ------------------------------------------------------------------- Thu Nov 22 17:22:37 UTC 2012 - ondrej@sury.org - update to 1.1.2: Bugfixes: * Fixed crash on reload when config contained duplicate zones. * Fixed scheduling of transfers. * Fixed debug message. - merge some changes from fedora spec file - remove unittest files, they don't belong in binary packages - depend on texinfo package to build the documentation ------------------------------------------------------------------- Tue Nov 20 12:37:14 UTC 2012 - pgajdos@suse.com - update to 1.1.1: New features: * Optionally disable ANY queries for authoritative answers. * Dropping identical records in zone and incoming transfers. * Support for '/' in zone names. * Generating journal from reloaded zone (EXPERIMENTAL). * Outgoing-only interfaces in configuration file. * Following DNAME if the synthetized name is in the same zone. * Signing SOA with TSIG queries when checking zone version with master. * Improved compression of packets. Out-of-zone dnames present in RDATA were not compressed. * Slave zones are now automatically refreshed after startup. * Proper response to IXFR/UDP query (returns SOA in Authority section). Bugfixes: * Crash when zone contained RRSIG signing a CNAME, but did not contain the CNAME. * Malformed packets parsing. * Failed IXFR caused memory leaks. * Failed IXFR might have resulted in inconsistent zone structures. * Fixed answering to +dnssec queries when NSEC3 chain is corrupted. * Fixed answering when transitioning from NSEC3 to NSEC. * Fixed answering when zone contains multiple NSEC3 chains. * Handling RRSets with different TTLs - TTL from the first RR is used. * Synchronization of zone reload and zone transfers. * Fixed build on NetBSD 5 and FreeBSD. * Fixed binding to both IPv4 and IPv6 at the same time on special interfaces. * Fixed access rights of created files. * Semantic checks corrupted RDATA domain names which are covered by wildcard in the same zone. * Fixed ixfr-from-differences journal generation in case of IPSECKEY and APL records. * Fixed possible leak on server shutdown with a pending transfer. * Syncing journal to zone was not updating the compiled zone database. * Crash after IXFR in certain cases when adding RRSIG in an IXFR. * Fixed behaviour when incoming IXFR removes a zone cut. Previously occluded names now become properly visible. Previously lead to a crash when the server was asked for the previously occluded name. * Fixed handling of zero-length strings in text zone dump. Caused the compilation to fail. * Fixed TSIG algorithm name comparison - the names should be in canonical form. * Fixed handling unknown RR types with type less than 251. Other improvements: * IXFR-in optimized. * Many zones loading optimized. * More detailed log messages (mostly transfer-related). * Copying Question section to error responses. * Using zone name from config file as default origin in zone file. * Additional records are now added to response also from wildcard-covered names. * Improved user manual. * Better checks of corrupted zone database. ------------------------------------------------------------------- Tue Aug 28 10:02:40 UTC 2012 - pgajdos@suse.com - fix build for older distributions (dont user %{make_install} macro) ------------------------------------------------------------------- Mon Jul 2 08:58:06 UTC 2012 - pgajdos@suse.com - initial version 1.0.6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor