Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

knot-1.6.8-lp150.2.1 RPM for ppc64le

From OpenSuSE Ports Leap 15.0 for ppc64le

Name: knot Distribution: openSUSE Leap 15.0
Version: 1.6.8 Vendor: openSUSE
Release: lp150.2.1 Build date: Wed Apr 25 21:07:24 2018
Group: Productivity/Networking/DNS/Servers Build host: obs-power8-01
Size: 1946005 Source RPM: knot-1.6.8-lp150.2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.knot-dns.cz
Summary: An authoritative DNS daemon
Knot DNS is a high-performance authoritative DNS server implementation.

Provides

Requires

License

GPL-3.0+

Changelog

* Mon Jan 08 2018 i@marguerite.su
  - add knot-openssl-1.1+.patch
    * fix build with openssl 1.1+
* Mon Jun 05 2017 pgajdos@suse.com
  - refreshed 0002-make-configure.ac-compatible-with-old-tools.patch
    to fix build
* Mon Feb 13 2017 mrueckert@suse.de
  - update to 1.6.8
    - Zone size limit restriction for DDNS, AXFR, and IXFR
      (CVE-2016-6171)
* Tue May 10 2016 mrueckert@suse.de
  - fix the sphinx buildrequires so we can build on sle12
* Thu Feb 11 2016 mrueckert@suse.de
  - update to 1.6.7
    - Improvements:
    - IXFR: Log change of the zone serial number after the
      transfer.
    - RRL: Document operational impact of various settings.
    - RRL: Add support for zero slip (dropping of all limited
      responses).
* Tue Nov 24 2015 mrueckert@suse.de
  - update to 1.6.6
    - Fix daemon startup systemd notification
    - Out-of-bound read in packet parser for malformed NAPTR records
      (LibFuzzer)
    - Add rosedb module
  - enable rosedb
  - refresh patches to apply cleanly again
    0001-loosen-openssl-dependency.patch
    0002-make-configure.ac-compatible-with-old-tools.patch
* Thu Sep 03 2015 mrueckert@suse.de
  - skip silent rule in configure.ac to fix the SLE 11 build
* Thu Sep 03 2015 mrueckert@suse.de
  - update to 1.6.5
    - Bugfixes:
    - Do not reload expired zones on 'knotc reload' and server
      startup
    - Fix rare race-condition in event scheduling causing delayed
      event execution
    - Fix skipping of non-authoritative nodes in NSEC proofs
    - Fix TC flag setting in RRL slipped answers
    - Disable domain name compression for root label for better
      compatibility
    - Log via journald only when running under systemd
    - Improve lookup of libsystemd build dependencies
    - Fix compilation warnings in endian conversion functions on
      OpenBSD
    - Features:
    - Update persistent timers only on shutdown for better
      performance
    - Add 'request-edns-option' config option to add custom EDNS0
      option into server initiated queries
    - Allow specification of time units in 'max-conn-idle',
      'max-conn-handshake', 'max-conn-reply', and 'notify-timeout'
      config options
  - changes in 1.6.4
    - Bugfixes:
    - Fix lost NOTIFY message if received during zone transfer
    - Fix compilation error with LibreSSL
    - Disable fast zone parser when compiled in Clang (workaround
      for Clang bug)
    - kdig: Record correct dnstap SocketProtocol when retrying
      over TCP
    - kdig: Hide TSIG section with +noall
    - Do not set AA flag for AXFR/IXFR queries
    - Features:
    - Zone parser: Split long TXT/SPF strings into multiple
      strings
    - kdig: Add generic dump style option (+generic)
    - Try all master servers in multi-master environment
    - Improvements:
    - Zone dump: Do not write class for SOA record (unified with
      other RR types)
    - Zone dump: Do not write master server address into the zone
      file
  - refresh patches to apply cleanly again
  - sync spec file with knot2 spec file
    - use bcond_with for the systemd conditional
    - replace all occurences of %{name} with %{pkg_name}
    - removed duplicated libexecdir
    - also pass disable static and includedir
* Wed Apr 29 2015 mrueckert@suse.de
  - local state dir should be just /var
* Thu Apr 09 2015 mrueckert@suse.de
  - enable dnstap support for factory and newer:
    - new BR: protobuf-c and libfstrm-devel
  - prepared lto support but not enabled yet, still need to find out
    which distros support it
* Thu Apr 09 2015 mrueckert@suse.de
  - update to 1.6.3
    - Performance drop for NSEC-signed zones
    - Proper handling of TCP short-writes
    - Out-of-bound read in zone parser for long domain names in
      origin (AFL fuzzer)
    - Out-of-bound read in packet parser for TSIG RR without RDATA
      (AFL fuzzer)
    - Out-of-bound read in packet parser for malformed NAPTR RR (AFL
      fuzzer)
    - CDS and CDNSKEY support in zone parser
    - Add defaults for TCP config options into documentation
    - Detailed error message if zone reload fails
  - refreshed patches to apply cleanly again:
    0002-make-configure.ac-compatible-with-old-tools.patch
* Tue Mar 10 2015 mrueckert@suse.de
  - update to 1.6.2
    - Limiting number of parallel TCP clients (max-tcp-clients config
      option)
    - Ignore refresh and transfer events on non-slave zones
    - Compilation with Dnstap support on FreeBSD
    - Possible file descriptor leak when terminating inactive TCP
      clients
  - refreshed patches to apply cleanly again:
    0002-make-configure.ac-compatible-with-old-tools.patch
  - moved autoreconf -fi to %build so it wont be tried in quilt setup
    or similar tools
  - move up the %if case for systemd in for the preun scriptlet to
    avoid warning about empty scripts on non systemd distributions.
  - used xz tarball: new buildrequires xz
* Thu Jan 08 2015 tchvatal@suse.com
  - Add deps on the docu packages to regen documentation
  - Enable systemd integration fully
  - Add dep on libidn
  - Cleanup with spec-cleaner
* Wed Dec 31 2014 ondrej@sury.org
  - Only require lmdb-devel on (Open)SUSE 13.2 and higher
* Wed Dec 31 2014 ondrej@sury.org
  - Updated to 1.6.1
    Bugfixes:
    - Journal file would sometimes outgrow its set limit
    - Fixed incompatibility with OpenSSL 0.9.8
    - Proper handling when machine hostname cannot be retreived
    Features:
    - Support for DNSSEC Single Type Signing Scheme
  - Compile with lmdb-devel to add support for persistent timers
* Tue Nov 18 2014 pgajdos@suse.com
  - Updated to 1.6.0
    Bugfixes:
    - Fix zone expiration when AXFR/IXFR is being refused by master
    - Fix forced zone refresh on slave (knotc refresh -f)
    - Persistent timers database opening after privileges has been dropped
    - DNSSEC: RFC compliant processing of letter case in RDATA domain names
    - EDNS: Return minimal error response for queries with unsupported version
    - EDNS: Fix interpretation of Extended RCODE
    Improvements:
    - Maximal size of persistent timers database increased from 10 MB to 100 MB
    - Added logging of persistent timers database errors
    Features:
    - Persistent timers for slave zones (expire, refresh, and flush)
* Mon Sep 15 2014 ondrej@sury.org
  - Updated to 1.5.3
    Bugfixes:
    - Some specific incoming IXFRs were causing server to crash
    - Rare sychronization error during reload caused read-after-free
    - Response synthetization module did not work properly with DNSSEC-enabled zones
    - When Knot sent AXFR when IXFR was requested, message ID and opcode were wrong
    - Knot failed to send large messages to remote control (present since 1.5.1)
    - Some RR parsing corner cases were not handled properly
    - AXFR-style IXFR was refused and had to be retransfered
    - Hash character (#) was not properly escaped when storing text zone file
    - DNSSEC: DNAMEs in RDATA were not lowercased before signing
    - EDNS: OPT RR were not put into responsing for some errors
    - TSIG: DDNS responses were not signed with TSIG
    - DDNS: Prerequisite checks failed for some inputs
    - knsupdate: Zone origin was not used for deletions
    Features:
    - Basic support for logging using systemd journal
    - DDNS: Ability to process updates in bulk
    Improvements:
    - Unified logging messages structure
    - DNSSEC: More strict controls for signing keys
  - Refreshed patches on top of 1.5.3 release:
    * 0001-loosen-openssl-dependency.patch
    * 0002-make-configure.ac-compatible-with-old-tools.patch
* Fri Jul 11 2014 ondrej@sury.org
  - Squash 0002-remove-AM_SILENT_RULES.patch and 0003-no-dist-xz.patch
    into 0002-make-configure.ac-compatible-with-old-tools.patch that
    removes configure.ac options incompatible with SLES_11_SP[23].
  - added patches:
    * 0002-make-configure.ac-compatible-with-old-tools.patch
  - removed patches:
    * 0002-remove-AM_SILENT_RULES.patch
    * 0003-no-dist-xz.patch
* Thu Jul 10 2014 ondrej@sury.org
  - Updated to 1.5.0
    Features:
    * DDNS forwarding reimplemented
    * edns-client-subnet support in kdig
    * Optional asynchronous startup (config "asynchronous-start")
    * Pluggable query processing modules
    * Synthetic IPv4/IPv6 reverse/forward records (optional module)
    * dnstap support in both utilities & server (optional module)
    * NOTIFY message support and new TSIG section in kdig
    * Multi-master support
    Improvements:
    * Transfer sizes logged in bytes if needed
    * Logging outgoing NOTIFY messages
    * Logging unauthorized incoming NOTIFYs
    * Preempt task queue for faster reload
    * Lazy zone file write after zone transfer (governed by "zonefile-sync")
    * Query processing and core functionality overhaul
    * Performance and reduced memory footprint
    * Faster zone events scheduling
    * RFC compliant queries/responses in some corner cases
    * Log messages
    * New documentation (Sphinx)
    Bugfixes:
    * Zone flush planning after bootstrap
    * Incorrect incoming AXFR message sizes
    * DDNS signing changes were freed too soon, posibility of stale data
    * knotc remote control key handling
    * Close zone transfer after SERVFAIL response
    * Incremental to full zone transfer fallback, wrong log message
    * Zone events corner cases, reload replanning
* Tue Jun 24 2014 pgajdos@suse.com
  - updated to 1.4.7:
    * Fixed DDNS corner cases
    * Fixed zone EXPIRE timer
    * Fixed semantic checks false positives
    * Fixed sending malformed IXFR with automatic DNSSEC
    * Fixed NAPTR record serialization
* Mon May 12 2014 ondrej@sury.org
  - Fixed the missing 1.4.5 tarball
* Tue Apr 15 2014 ondrej@sury.org
  - updated to 1.4.5
    Bugfixes:
    * Fix possible weakness in TSIG signature checking
* Fri Mar 28 2014 pgajdos@suse.com
  - updated to 1.4.4
    Features:
    * Server is logging remote control commands
    * 'knotc reload' doesn't refresh unchanged zones
    * 'knotc -f refresh' forces zone retransfer
    Bugfixes:
    * Missing notifications after DDNS/automatic resign
    * Zone is rebootstrapped if the zone file is unreadable
    * Progressive bootstrap retry backoff
    * Zone file parser allows asterisk as part of the label
    * Journal maximum entry size fixes
    * Sign DNSKEYs in non-apex nodes as regular RR sets
* Tue Feb 18 2014 ondrej@sury.org
  - Enable recvmmsg support in the build to increase performance
  - Update upstream config directory to /etc/knot (instead of /etc/knot/knot)
  - Replace tar.xz with tar.gz to allow backporting to older releases
  - Disable silent rules to have more verbose builds
  - Add support to compile with OpenSSL << 1.0.0
  - added patches:
    * 0001-loosen-openssl-dependency.patch
* Tue Feb 18 2014 ondrej@sury.org
  - update to 1.4.3:
    * Failure when expanding wildcard leading to apex and having DNSKEY records
    * Failure for query to wildcard without wildcard expansion
    * Bad cleanup when loading a faulty entry from a journal
    * Zone file $ORIGIN and configuration comparison is case-insensitive
    * Config "include" statement supports directory and includes all files within
* Mon Jan 27 2014 ondrej@sury.org
  - update to 1.4.2:
    * AXFR/IXFR compatibility issues with tinydns/axfrdns
    * Journal file is created only when needed
    * Zone-related log messages are logged into correct category
    * DNSSEC: Refresh signatures earlier (3 days before their expiration
      with the default signature lifetime)
    * Fixed RCU synchronization causing deadlock on 'knotc signzone'
    * RRSIG not fitting in the additional records doesn't cause truncation
* Tue Jan 14 2014 ondrej@sury.org
  - update to 1.4.1:
    * Empty APL record support
    * 'zonestatus' when using immediate zone syncing
    * Immediate zone syncing after reload
    * Race condition writing time values to zone file
    * Hard require OpenSSL >= 1.0.0
  - removed patches:
    * 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
    * 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
* Wed Jan 08 2014 ondrej@sury.org
  - Add support to compile with OpenSSL << 1.0.0
  - added patches:
    * 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
    * 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
* Wed Jan 08 2014 ondrej@sury.org
  - update to 1.4.0:
    * Experimental automatic DNSSEC signing
    * Fastest ragel parser enabled by default
    * Reduced memory usage
    * Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and
      automatic DNSSEC signing
    * IDN support in Knot utilities (kdig, knsupdate, ...)
    * DNSSEC: support for GOST algorithm
    * Support for DNSSEC key pre-publication
* Mon Dec 16 2013 ondrej@sury.org
  - update to 1.3.4:
    * Bugfixes:
      Crash in particular additionals processing
      Race condition in event cancelation
      Journal corruption after failed transactions
* Tue Nov 26 2013 pgajdos@suse.com
  - update to 1.3.3:
    * New features:
      Reduced memory usage
      Improved performance
      Experimental automatic DNSSEC signing
      Refactored zone loading
      Improved journal locking
    * Bugfixes:
      Fixed some race conditions
      Various fixes in client utilities
* Mon Sep 09 2013 pgajdos@suse.com
  - update to 1.3.1
    * Faster zone parser
    * Full support for EUI and ILNP resource records
    * Lower memory footprint for large zones
    * No compilation of zones
    * Improved scheduling of zone transfers
    * Logging of serials and timing information for zone transfers
    * see NEWS or https://www.knot-dns.cz/ for details
* Wed Apr 03 2013 ondrej@sury.org
  - Update to 1.2.0 final
      Bugfixes:
    * Memory leaks
* Fri Mar 22 2013 ondrej@sury.org
  - Update to 1.2.0-rc4
      New features:
    * knotc 'zonestatus' command
      Bugfixes:
    * Changing logfile ownership before dropping privileges
    * knotc respects 'control' section from configuration
    * RRL: resolved bucket collisions
    * RRL: updated bucket mapping to conform RRL technical memo
* Tue Mar 12 2013 ondrej@sury.org
  - Update to 1.2.0-rc3
      New features:
    * Dynamic updates, including forwarding (limited on signed zones)
    * Updated remote control utility
    * Configurable TCP timeouts
    * LOC RR support
    * Response rate limiting (see documentation)
      Bugfixes:
    * Fixed processing of some non-standard dnames.
    * Correct checking of label length bounds in some cases.
    * More compliant rcodes in case of DDNS/TSIG failures.
    * Correct processing of malformed DDNS prereq section.
    * Fixed OpenBSD build
    * Responses to ANY should contain RRSIGs
* Sat Nov 24 2012 aj@suse.de
  - Documentation only needs makeinfo, thus require it instead of texinfo
    where it's available as separate package.
* Thu Nov 22 2012 ondrej@sury.org
  - update to 1.1.2:
      Bugfixes:
    * Fixed crash on reload when config contained duplicate zones.
    * Fixed scheduling of transfers.
    * Fixed debug message.
  - merge some changes from fedora spec file
  - remove unittest files, they don't belong in binary packages
  - depend on texinfo package to build the documentation
* Tue Nov 20 2012 pgajdos@suse.com
  - update to 1.1.1:
      New features:
    * Optionally disable ANY queries for authoritative answers.
    * Dropping identical records in zone and incoming transfers.
    * Support for '/' in zone names.
    * Generating journal from reloaded zone (EXPERIMENTAL).
    * Outgoing-only interfaces in configuration file.
    * Following DNAME if the synthetized name is in the same zone.
    * Signing SOA with TSIG queries when checking zone version with master.
    * Improved compression of packets. Out-of-zone dnames present in RDATA
      were not compressed.
    * Slave zones are now automatically refreshed after startup.
    * Proper response to IXFR/UDP query (returns SOA in Authority section).
      Bugfixes:
    * Crash when zone contained RRSIG signing a CNAME, but did not
      contain the CNAME.
    * Malformed packets parsing.
    * Failed IXFR caused memory leaks.
    * Failed IXFR might have resulted in inconsistent zone structures.
    * Fixed answering to +dnssec queries when NSEC3 chain is corrupted.
    * Fixed answering when transitioning from NSEC3 to NSEC.
    * Fixed answering when zone contains multiple NSEC3 chains.
    * Handling RRSets with different TTLs - TTL from the first RR is used.
    * Synchronization of zone reload and zone transfers.
    * Fixed build on NetBSD 5 and FreeBSD.
    * Fixed binding to both IPv4 and IPv6 at the same time on special
      interfaces.
    * Fixed access rights of created files.
    * Semantic checks corrupted RDATA domain names which are covered by
      wildcard in the same zone.
    * Fixed ixfr-from-differences journal generation in case of IPSECKEY
      and APL records.
    * Fixed possible leak on server shutdown with a pending transfer.
    * Syncing journal to zone was not updating the compiled zone database.
    * Crash after IXFR in certain cases when adding RRSIG in an IXFR.
    * Fixed behaviour when incoming IXFR removes a zone cut. Previously
      occluded names now become properly visible. Previously lead to a
      crash when the server was asked for the previously occluded name.
    * Fixed handling of zero-length strings in text zone dump. Caused the
      compilation to fail.
    * Fixed TSIG algorithm name comparison - the names should be in
      canonical form.
    * Fixed handling unknown RR types with type less than 251.
      Other improvements:
    * IXFR-in optimized.
    * Many zones loading optimized.
    * More detailed log messages (mostly transfer-related).
    * Copying Question section to error responses.
    * Using zone name from config file as default origin in zone file.
    * Additional records are now added to response also from
      wildcard-covered names.
    * Improved user manual.
    * Better checks of corrupted zone database.
* Tue Aug 28 2012 pgajdos@suse.com
  - fix build for older distributions (dont user %{make_install}
    macro)
* Mon Jul 02 2012 pgajdos@suse.com
  - initial version 1.0.6

Files

/etc/knot
/etc/knot/knot.conf
/usr/bin/kdig
/usr/bin/khost
/usr/bin/knsec3hash
/usr/bin/knsupdate
/usr/bin/rosedb_tool
/usr/lib/systemd/system/knot.service
/usr/lib64/libknot.so.0
/usr/lib64/libknot.so.0.0.1
/usr/lib64/libzscanner.so.0
/usr/lib64/libzscanner.so.0.0.1
/usr/sbin/knotc
/usr/sbin/knotd
/usr/sbin/rcknot
/usr/share/doc/packages/knot
/usr/share/doc/packages/knot/AUTHORS
/usr/share/doc/packages/knot/COPYING
/usr/share/doc/packages/knot/NEWS
/usr/share/doc/packages/knot/README
/usr/share/doc/packages/knot/THANKS
/usr/share/doc/packages/knot/samples
/usr/share/doc/packages/knot/samples/example.com.zone
/usr/share/doc/packages/knot/samples/knot.sample.conf
/usr/share/man/man1/kdig.1.gz
/usr/share/man/man1/khost.1.gz
/usr/share/man/man1/knsec3hash.1.gz
/usr/share/man/man1/knsupdate.1.gz
/usr/share/man/man5/knot.conf.5.gz
/usr/share/man/man8/knotc.8.gz
/usr/share/man/man8/knotd.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 10:26:55 2021