| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libdnssec9 | Distribution: SUSE Linux Enterprise 15 SP5 |
| Version: 3.2.5 | Vendor: openSUSE |
| Release: bp155.1.1 | Build date: Sat Feb 4 12:51:23 2023 |
| Group: System/Libraries | Build host: obs-arm-6 |
| Size: 132608 | Source RPM: knot-3.2.5-bp155.1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.knot-dns.cz/ | |
| Summary: DNSSEC support functions for Knot DNS | |
Knot DNS is a DNS server. It implements only the authoritative domain name service. It uses a multi-threaded and mostly lock-free implementation and can operate non-stop during zone addition or removal. This package contains a library for DNSSEC support functions.
GPL-3.0-or-later
* Thu Feb 02 2023 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.2.5, see:
https://www.knot-dns.cz/2023-02-02-version-325.html
* Mon Dec 12 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.2.4, see:
https://www.knot-dns.cz/2022-12-12-version-324.html
* Sun Nov 20 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.2.3, see:
https://www.knot-dns.cz/2022-11-20-version-323.html
* Tue Nov 01 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.2.2, see:
https://www.knot-dns.cz/2022-11-01-version-322.html
* Thu Sep 22 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.2.1, see:
https://www.knot-dns.cz/2022-09-09-version-321.html
* Tue Aug 30 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- add keyring to spec file as source to suppress factory-auto error
* Tue Aug 23 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- use upstream service file that requires less privileges
- add keyring to actually verify the signature
* Tue Aug 23 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.2.0, see:
https://www.knot-dns.cz/2022-08-22-version-320.html
* Thu Apr 28 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.8, see:
https://www.knot-dns.cz/2022-04-28-version-318.html
* Wed Mar 30 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.7, see:
https://www.knot-dns.cz/2022-03-30-version-317.html
* Tue Feb 08 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.6, see:
https://www.knot-dns.cz/2022-02-08-version-316.html
* Mon Dec 20 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- drop conditions for openSUSE 13 and older
- knot.conf is owned by knot as is it's parent directory
* Mon Dec 20 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.5, see:
https://www.knot-dns.cz/2021-12-20-version-315.html
* Thu Nov 04 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.4, see:
https://www.knot-dns.cz/2021-11-04-version-314.html
* Tue Oct 19 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.3, see:
https://www.knot-dns.cz/2021-10-18-version-313.html
* Fri Sep 17 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- migrate to user creation via sysuser-tools
- run spec-cleaner on spec file
- update to version 3.1.2, see:
https://www.knot-dns.cz/2021-09-08-version-312.html
* Thu Aug 12 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.1, see:
https://www.knot-dns.cz/2021-08-10-version-311.html
* Wed Aug 04 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.1.0, see:
https://www.knot-dns.cz/2021-08-02-version-310.html
* Thu Jul 01 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.0.7, see:
https://www.knot-dns.cz/2021-06-16-version-307.html
* Fri May 14 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- make sure we have getent and groupadd/useradd in pre
* added dependency on shadow and glibc
* might be related to bnc#1186023
* Wed May 12 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.0.6, see:
https://www.knot-dns.cz/2021-05-12-version-306.html
* Tue May 11 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- Make /etc/knot directory owned by knot - fix reload action
* Sat Mar 27 2021 Jan Engelhardt <jengelh@inai.de>
- Update descriptions, remove unsubstantiated claims.
* Thu Mar 25 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- update to version 3.0.5, see:
https://www.knot-dns.cz/2021-03-25-version-305.html
- Update description based on homepage
* Mon Feb 01 2021 Jan Engelhardt <jengelh@inai.de>
- Trim marketing wording from description.
- Drop old rpm constructs.
* Mon Jan 25 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- version update to 3.0.4, see:
https://www.knot-dns.cz/2021-01-20-version-304.html
* Mon Jan 04 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
- add incompatibility warning about 1.6.X version when updateing
- rename back to knot
* Mon Dec 28 2020 pgajdos@suse.com
- version update to 3.0.3
* Mon Nov 30 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
- version update to 2.9.7, see:
https://www.knot-dns.cz/2020-08-31-version-296.html
https://www.knot-dns.cz/2020-10-09-version-297.html
- obsolete only pre-2.0 version
* Tue Jul 21 2020 Marcus Rueckert <mrueckert@suse.de>
- remove rosedb conditional as lmdb is required in general now
* Tue Jul 21 2020 Marcus Rueckert <mrueckert@suse.de>
- replace conflicts with Provides/Obsoletes
* Wed Jun 24 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
- fix dependency: python-Sphinx -> python3-Sphinx
* Wed Jun 24 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
- use upstream example config file with correct syntax
* Wed Jun 24 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
- version update to 2.9.5
- Bugfixes
- Old ZSK can be withdrawn too early during a ZSK rollover if maximum zone
TTL is computed automatically
- Server responds SERVFAIL to ANY queries on empty non-terminal nodes
- Improvements
- Also module onlinesign returns minimized responses to ANY queries
- Linking against libcap-ng can be disabled via a configure option
* Tue May 19 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
- version update to 2.9.4
see NEWS
* Fri Dec 20 2019 pgajdos@suse.com
- version update to 2.9.2
see NEWS
* Wed Jan 23 2019 Marcus Rueckert <mrueckert@suse.de>
- update to 2.7.6
- Improvements
- Zone status also shows when the zone load is scheduled
- Server workers status also shows background workers
utilization
- Default control timeout for knotc was increased to 10 seconds
- Pkg-config files contain auxiliary variable with library
filename
- Bugfixes
- Configuration commit or server reload can drop some pending
zone events
- Nonempty zone journal is created even though it's disabled
[#635]
- Zone is completely re-signed during empty dynamic update
processing
- Server can crash when storing a big zone difference to the
journal
- Failed to link on FreeBSD 12 with Clang
* Mon Jan 07 2019 Marcus Rueckert <mrueckert@suse.de>
- update to 2.7.5
- Features:
- Keymgr supports NSEC3 salt handling
- Improvements:
- Zone history in journal is dropped apon AXFR-like zone update
- Libdnssec is no longer linked against libm #628
- Libdnssec is explicitly linked against libpthread if PKCS #11
enabled #629
- Better support for libknot packaging in Python
- Manually generated KSK is 'ready' by default
- Kdig supports '+timeout' as an alias for '+time'
- Kdig supports '+nocomments' option
- Kdig no longer prints empty lines between retries
- Kdig returns failure if operations not successfully resolved
[#632]
- Fixed repeating of the 'KSK submission, waiting for
confirmation' log
- Various improvements in documentation, Dockerfile, and tests
- Bugfixes:
- Knotc fails to unset huge configuration section
- Kjournalprint sometimes fails to display zone journal content
- Improper timing of ZSK removal during ZSK rollover
- Missing UTC time zone indication in the 'iso' keymgr list
output
- A race condition in the online signing module
* Mon Dec 31 2018 Petr Gajdos <pgajdos@suse.com>
- update to 2.7.4
Features:
- --------
- Added SNI configuration for TLS in kdig (Thanks to Alexander Schultz)
Improvements:
- ------------
- Added warning log when DNSSEC events not successfully scheduled
- New semantic check on timer values in keymgr
- DS query no longer asks other addresses if got a negative answer
- Reintroduced 'rollover' configuration option for CDS/CDNSKEY publication
- Extended logging for zone loading
- Various documentation improvements
Bugfixes:
- --------
- Failed to import module configuration #613
- Improper Cflags value in libknot.pc if built with embedded LMDB #615
- IXFR doesn't fall back to AXFR if malformed reply
- DNSSEC events not correctly scheduled for empty zone updates
- During algorithm rollover old keys get removed before DS TTL expires #617
- Maximum zone's RRSIG TTL not considered during algorithm rollover #620
* Sun Nov 04 2018 Marcus Rueckert <mrueckert@suse.de>
- seems we no longer need jansson
* Sun Nov 04 2018 Marcus Rueckert <mrueckert@suse.de>
- limit geoip support to opensuse
* Sat Nov 03 2018 Marcus Rueckert <mrueckert@suse.de>
- update to 2.7.3
- Features:
- New queryacl module for query access control
- Configurable answer rrset rotation #612
- Configurable NSEC bitmap in online signing
- Improvements:
- Better error logging for KASP DB operations #601
- Some documentation improvements
- Bugfixes:
- Keymgr "list" output doesn't show key size for ECDSA algorithms #602
- Failed to link statically with embedded LMDB
- Configuration commit causes zone reload for all zones
- The statistics module overlooks TSIG record in a request
- Improper processing of an AXFR-style-IXFR response consisting of one-record messages
- Race condition in online signing during key rollover #600
- Server can crash if geoip module is enabled in the geo mode
- changes from 2.7.2
- Improvements:
- Keymgr list command displays also key size
- Kjournalprint displays total occupied size in the debug mode
- Server doesn't stop if failed to load a shared module from the module directory
- Libraries libcap-ng, pthread, and dl are linked selectively if needed
- Bugfixes:
- Sometimes incorrect result from dnssec_nsec_bitmap_contains (libdnssec)
- Server can crash when loading zone file difference and zone-in-journal is set
- Incorrect treatment of specific queries in the module RRL
- Failed to link module Cookies as a shared library
- changes from 2.7.1
- Improvements:
- Added zone wire size information to zone loading log message
- Added debug log message for each unsuccessful remote address operation
- Various improvements for packaging
- Bugfixes:
- Incompatible handling of RRSIG TTL value when creating a DNS message
- Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs
- Default configure prefix is ignored
- changes from 2.7.0
- Features:
- New DNS Cookies module and related '+cookie' kdig option
- New module for response tailoring according to client's subnet or geographic location
- General EDNS Client Subnet support in the server
- OSS-Fuzz integration (Thanks to Jonathan Foote)
- New '+ednsopt' kdig option (Thanks to Jan Včelák)
- Online Signing support for automatic key rollover
- Non-normal file (e.g. pipe) loading support in zscanner #542
- Automatic SOA serial incrementation if non-empty zone difference
- New zone file load option for ignoring zone file's SOA serial
- New build-time option for alternative malloc specification
- Structured logging for DNSSEC key submission event
- Empty QNAME support in kdig
- Improvements:
- Various library and server optimizations
- Reduced memory consumption of outgoing IXFR processing
- Linux capabilities use overhaul #546 (Thanks to Robert Edmonds)
- Online Signing properly signs delegations and CNAME records
- CDS/CDNSKEY rrset is signed with KSK instead of ZSK
- DNSSEC-related records are ignored when loading zone difference with signing enabled
- Minimum allowed RSA key length was increased to 1024
- Bugfixes:
- Possible uninitialized address buffer use in zscanner
- Possible index overflow during multiline record parsing in zscanner
- kdig +tls sometimes consumes 100 % CPU #561
- Single-Type Signing doesn't work with single ZSK key #566
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
- Compatibility:
- Removed obsolete RRL configuration
- Removed obsolete module names 'mod-online-sign' and 'mod-synth-record'
- Removed obsolete 'ixfr-from-differences' configuration option
- Removed old journal migration
- Removed module rosedb
- changes from 2.6.9
- Improvements:
- Added zone wire size to zone loading log message
- Added debug log message for each unsuccessful remote address operation
- Bugfixes:
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
- packaging changes:
- enabled geoip module: new BR: pkgconfig(libmaxminddb)
- enabled cookies module
- enabled queryacl module
* Sat Jul 14 2018 mrueckert@suse.de
- update to 2.6.8
- Features:
- New 'import-pkcs11' command in keymgr
- Improvements:
- Unixtime serial policy mimics Bind – increment if lower #593
- Bugfixes:
- Creeping memory consuption upon server reload #584
- Kdig incorrectly detects QNAME if 'notify' is a prefix
- Server crashes when zone sign fails #587
- CSK->KZSK rollover retires CSK early #588
- Server crashes when zone expires during outgoing
multi-message transfer
- Kjournalprint doesn't convert zone name argument to
lower-case
- Cannot switch to a previously used ksk-shared dnssec policy
[#589]
- update to 2.6.7
- Features:
- Added 'dateserial' (YYYYMMDDnn) serial policy configuration
(Thanks to Wolfgang Jung)
- Improvements:
- Trailing data indication from the packet parser (libknot)
- Better configuration check for a problematical option
combination
- Bugfixes:
- Incomplete configuration option item name check
- Possible buffer overflow in 'knot_dname_to_str' (libknot)
- Module dnsproxy doesn't preserve letter case of QNAME
- Module dnsproxy duplicates OPT and TSIG in the non-fallback
mode
* Wed May 02 2018 kbabioch@suse.com
- Update to 2.6.6
- Features:
- New EDNS option counters in the statistics module
- New '+orphan' filter for the 'zone-purge' operation
- Improvements:
- Reduced memory consuption of disabled statistics metrics
- Some spelling fixes (Thanks to Daniel Kahn Gillmor)
- Server no longer fails to start if MODULE_DIR doesn't exist
- Configuration include doesn't fail if empty wildcard match
- Added a configuration check for a problematical option combination
- Bugfixes:
- NSEC3 chain not re-created when SOA minimum TTL changed
- Failed to start server if no template is configured
- Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
- Inaccurate outgoing zone transfer size in the log message
- Invalid dname compression if empty question section
- Missing EDNS in EMALF responses
* Mon Apr 02 2018 mrueckert@suse.de
- update to 2.6.5
- Features:
- New 'zone-notify' command in knotc
- Kdig uses '@server' as a hostname for TLS authenticaion if
'+tls-ca' is set
- Improvements:
- Better heap memory trimming for zone operations
- Added proper polling for TLS operations in kdig
- Configuration export uses stdout as a default output
- Simplified detection of atomic operations
- Added '--disable-modules' configure option
- Small documentation updates
- Bugfixes:
- Zone retransfer doesn't work well if more masters configured
- Kdig can leak or double free memory in corner cases
- Inconsistent error outputs from dynamic configuration
operations
* Thu Jan 11 2018 i@marguerite.su
- update to 2.6.4
see /usr/share/doc/packages/knot2/NEWS
* Sun Aug 06 2017 mrueckert@suse.de
- fix tmpfiles scriptlet
* Sun Aug 06 2017 mrueckert@suse.de
- package /var/lib/knot
- run tmpfiles scriptlet during install
* Sun Aug 06 2017 mrueckert@suse.de
- update to 2.5.3
see /usr/share/doc/packages/knot2/NEWS
- use libidn2 on TW and 42.3
- following modules stay static:
- dnsproxy
- onlinesign
- moved modules to shared building:
- dnstap
- noudp
- rosedb
- rrl
- stats
- synthrecord
- whoami
* Mon Feb 13 2017 mrueckert@suse.de
- update to 2.4.1
see /usr/share/doc/packages/knot2/NEWS
* Tue May 24 2016 mrueckert@suse.de
- update to 2.2.1
- Bugfixes:
- Fix separate logging of server and zone events
- Fix concurrent zone file flushing with many zones
- Fix possible server crash with empty hostname on OpenWRT
- Fix control timeout parsing in knotc
- Fix "Environment maxreaders limit reached" error in knotc
- Don't apply journal changes on modified zone file
- Remove broken LTO option from configure script
- Enable multiple zone names completion in interactive knotc
- Set the TC flag in a response if a glue doesn't fit the
response
- Disallow server reload when there is an active configuration
transaction
- Improvements:
- Distinguish unavailable zones from zones with zero serial in
log messages
- Log warning and error messages to standard error output in
all utilities
- Document tested PKCS #11 devices
- Extended Python configuration interface
* Tue May 10 2016 mrueckert@suse.de
- update to 2.2.0
- Bugfixes:
- Fix build dependencies on FreeBSD
- Fix query/response message type setting in dnstap module
- Fix remote address retrieval from dnstap capture in kdig
- Fix global modules execution for queries hitting existing
zones
- Fix execution of semantic checks after an IXFR transfer
- Fix PKCS#11 support detection at build time
- Fix kdig failure when the first AXFR message contains just
the SOA record
- Exclude non-authoritative types from NSEC/NSEC3 bitmap at a
delegation
- Mark PKCS#11 generated keys as sensitive (required by Luna
SA)
- Fix error when removing the only zone from the server
- Don't abort knotc transaction when some check fails
- Features:
- URI and CAA resource record types support
- RRL client address based white list
- knotc interactive mode
- Improvements:
- Consistent IXFR error messages
- Various fixes for better compatibility with PKCS#11 devices
- Various keymgr user interface improvements
- Better zone event scheduler performance with many zones
- New server control interface
- kdig uses local resolver if resolv.conf is empty
- new BR libedit-devel for the interactive mode
* Thu Feb 11 2016 mrueckert@suse.de
- update to 2.1.1
- Bugfixes:
- DNSSEC: Allow import of duplicate private key into the KASP
- DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer
- Fix server crash when an incomming transfer is in progress
and reload is issued
- Fix socket polling when configured with many interfaces and
threads
- Fix compilation against Nettle 3.2
- Improvements:
- Select correct source address for UDP messages recieved on
ANY address
- Extend documentation of knotc commands
- drop knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 mrueckert@suse.de
- enable libcap-ng
* Wed Jan 27 2016 mrueckert@suse.de
- fix configure check for pkcs11 support:
adds knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 mrueckert@suse.de
- fix soversions
* Wed Jan 27 2016 mrueckert@suse.de
- update to 2.1.0
- Features:
- Per-thread UDP socket binding using SO_REUSEPORT on Linux
- Support for dynamic configuration database
- DNSSEC: Support for cryptographic tokens via PKCS #11
interface
- DNSSEC: Experimental support for online signing
- Improvements:
- Support for zone file name patterns
- Configurable location of zone timer database
- Non-blocking network operations and better timeout handling
- Caching of Critical configuration values for better
performance
- Logging of ACL failures
- RRL: Add rate-limit-slip zero support to drop all responses
- RRL: Document behavior for different rate-limit-slip options
- kdig: Warning instead of error on TSIG validation failure
- Cleanup of support libraries interfaces (libknot,
libzscanner, libdnssec)
- Remove possibly insecure server control over a network socket
- Remove implementation limit for the number of network
interfaces
- Bugfixes:
- synth-record module: Fix application of default configuration
options
- TSIG: Allow compressed TSIG name when forwarding DDNS updates
- Schedule zone bootstrap after slave zone fails to load from
disk
- avoid activating the intree copy of lmdb
* Tue Nov 24 2015 mrueckert@suse.de
- update to 2.0.2
- Out-of-bound read in packet parser for malformed NAPTR records
(LibFuzzer)
* Wed Oct 14 2015 mrueckert@suse.de
- split out shared libraries, knot-resolver uses some of them and
atm we are forced to install the whole knot2 package.
* Thu Sep 03 2015 mrueckert@suse.de
- lmdb seems no longer optional
* Thu Sep 03 2015 mrueckert@suse.de
- create a new branch for knot 2.x starting with 2.0.1
- Bugfixes:
- Do not reload expired zones on 'knotc reload' and server
startup
- Fix rare race-condition in event scheduling causing delayed
event execution
- Fix skipping of non-authoritative nodes in NSEC proofs
- Fix TC flag setting in RRL slipped answers
- Disable domain name compression for root label
- Log via journald only when running under systemd
- Fix CNAME following when quering for NSEC RR type
- Fix refreshing of DNSSEC signatures for zone keys
- Fix binding an unavailable IPv6 address on Linux
(IP_FREEBIND)
- Fix infinite loop in knotc zonestatus and memstats
- Fix memory leak in configuration on server shutdown
- Fix broken dnsproxy module
- Fix DNSSEC KASP timestamps parsing in strict POSIX
environment
- fix multi value parsing on big-endian
- Adapt to Nettle 3 API break causing base64 decoding failures
on big-endian
- Features:
- Add 'keymgr zone key ds' to show key's DS record
- Add 'keymgr tsig generate' to generate TSIG keys
- Add query module scoping to process either all queries or
zone queries only
- Add support for file name globbing in config file includes
- Add 'request-edns-option' config option to add custom EDNS0
option into server initiated queries
- Improvements:
- Send minimal responses (remove NS from Authority section for
NOERROR)
- Update persistent timers only on shutdown for better
performance
- Allow change of RR TTL over DDNS
- Documentation fixes, updates, and improvements in formatting
- Install yparser and zscanner header files
- Improve lookup of libsystemd build dependencies
- Fix compilation warnings in endian conversion functions on
OpenBSD
- changes in knot 2.0.0
- Bugfixes:
- Fix lost NOTIFY message if received during zone transfer
- Disable fast zone parser when compiled in Clang (workaround
for Clang bug)
- kdig: Record correct dnstap SocketProtocol when retrying
over TCP
- kdig: Hide TSIG section with +noall
- Do not set AA flag for AXFR/IXFR queries
- Features:
- DNSSEC: separate library, switch to GnuTLS, new utilities
- DNSSEC: basic KASP support (generate initial keys, ZSK
rollover)
- Configuration: New text format in YAML, binary store in LMDB
- Zone parser: Split long TXT/SPF strings into multiple
strings
- kdig: Add generic dump style option (+generic)
- Try all master servers in multi-master environment
- Improved remotes and ACLs (multiple addresses, multiple
keys)
- Basic support for zone file patterns (%s to substitute zone
name)
- Disable zone file synchronization by setting 'zonefile_sync'
to '-1'
- knsupdate: Add input prompt in interactive mode and 'quit'
command
- knsupdate: Allow TSIG algorithm specification in interactive
prompt
- Improvements:
- Zone dump: Do not write class for SOA record (unified with
other RR types)
- Zone dump: Do not write master server address into the zone
file
- Documentation: Manual pages are included in HTML and PDF
- drop patches which are included upstream:
0001-loosen-openssl-dependency.patch
0002-make-configure.ac-compatible-with-old-tools.patch
- also drop all buildrequires just needed for autoreconf
- new buildrequires:
pkgconfig(gnutls) >= 3
pkgconfig(nettle)
pkgconfig(jansson)
- create devel subpackage
- enable rosedb and bash completion
* Wed Apr 29 2015 mrueckert@suse.de
- local state dir should be just /var
* Thu Apr 09 2015 mrueckert@suse.de
- enable dnstap support for factory and newer:
- new BR: protobuf-c and libfstrm-devel
- prepared lto support but not enabled yet, still need to find out
which distros support it
* Thu Apr 09 2015 mrueckert@suse.de
- update to 1.6.3
- Performance drop for NSEC-signed zones
- Proper handling of TCP short-writes
- Out-of-bound read in zone parser for long domain names in
origin (AFL fuzzer)
- Out-of-bound read in packet parser for TSIG RR without RDATA
(AFL fuzzer)
- Out-of-bound read in packet parser for malformed NAPTR RR (AFL
fuzzer)
- CDS and CDNSKEY support in zone parser
- Add defaults for TCP config options into documentation
- Detailed error message if zone reload fails
- refreshed patches to apply cleanly again:
0002-make-configure.ac-compatible-with-old-tools.patch
* Tue Mar 10 2015 mrueckert@suse.de
- update to 1.6.2
- Limiting number of parallel TCP clients (max-tcp-clients config
option)
- Ignore refresh and transfer events on non-slave zones
- Compilation with Dnstap support on FreeBSD
- Possible file descriptor leak when terminating inactive TCP
clients
- refreshed patches to apply cleanly again:
0002-make-configure.ac-compatible-with-old-tools.patch
- moved autoreconf -fi to %build so it wont be tried in quilt setup
or similar tools
- move up the %if case for systemd in for the preun scriptlet to
avoid warning about empty scripts on non systemd distributions.
- used xz tarball: new buildrequires xz
* Thu Jan 08 2015 tchvatal@suse.com
- Add deps on the docu packages to regen documentation
- Enable systemd integration fully
- Add dep on libidn
- Cleanup with spec-cleaner
* Wed Dec 31 2014 ondrej@sury.org
- Only require lmdb-devel on (Open)SUSE 13.2 and higher
* Wed Dec 31 2014 ondrej@sury.org
- Updated to 1.6.1
Bugfixes:
- Journal file would sometimes outgrow its set limit
- Fixed incompatibility with OpenSSL 0.9.8
- Proper handling when machine hostname cannot be retreived
Features:
- Support for DNSSEC Single Type Signing Scheme
- Compile with lmdb-devel to add support for persistent timers
* Tue Nov 18 2014 pgajdos@suse.com
- Updated to 1.6.0
Bugfixes:
- Fix zone expiration when AXFR/IXFR is being refused by master
- Fix forced zone refresh on slave (knotc refresh -f)
- Persistent timers database opening after privileges has been dropped
- DNSSEC: RFC compliant processing of letter case in RDATA domain names
- EDNS: Return minimal error response for queries with unsupported version
- EDNS: Fix interpretation of Extended RCODE
Improvements:
- Maximal size of persistent timers database increased from 10 MB to 100 MB
- Added logging of persistent timers database errors
Features:
- Persistent timers for slave zones (expire, refresh, and flush)
/usr/lib/libdnssec.so.9 /usr/lib/libdnssec.so.9.0.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Aug 9 15:28:45 2025