Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libdnssec9-3.2.5-bp155.1.1 RPM for armv7hl

From OpenSuSE Ports Leap 15.5 for armv7hl

Name: libdnssec9 Distribution: SUSE Linux Enterprise 15 SP5
Version: 3.2.5 Vendor: openSUSE
Release: bp155.1.1 Build date: Sat Feb 4 12:51:23 2023
Group: System/Libraries Build host: obs-arm-6
Size: 132608 Source RPM: knot-3.2.5-bp155.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.knot-dns.cz/
Summary: DNSSEC support functions for Knot DNS
Knot DNS is a DNS server. It implements only the authoritative domain
name service. It uses a multi-threaded and mostly lock-free
implementation and can operate non-stop during zone addition or
removal.

This package contains a library for DNSSEC support functions.

Provides

Requires

License

GPL-3.0-or-later

Changelog

* Thu Feb 02 2023 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.2.5, see:
    https://www.knot-dns.cz/2023-02-02-version-325.html
* Mon Dec 12 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.2.4, see:
    https://www.knot-dns.cz/2022-12-12-version-324.html
* Sun Nov 20 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.2.3, see:
    https://www.knot-dns.cz/2022-11-20-version-323.html
* Tue Nov 01 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.2.2, see:
    https://www.knot-dns.cz/2022-11-01-version-322.html
* Thu Sep 22 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.2.1, see:
    https://www.knot-dns.cz/2022-09-09-version-321.html
* Tue Aug 30 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - add keyring to spec file as source to suppress factory-auto error
* Tue Aug 23 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - use upstream service file that requires less privileges
  - add keyring to actually verify the signature
* Tue Aug 23 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.2.0, see:
    https://www.knot-dns.cz/2022-08-22-version-320.html
* Thu Apr 28 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.8, see:
    https://www.knot-dns.cz/2022-04-28-version-318.html
* Wed Mar 30 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.7, see:
    https://www.knot-dns.cz/2022-03-30-version-317.html
* Tue Feb 08 2022 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.6, see:
    https://www.knot-dns.cz/2022-02-08-version-316.html
* Mon Dec 20 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - drop conditions for openSUSE 13 and older
  - knot.conf is owned by knot as is it's parent directory
* Mon Dec 20 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.5, see:
    https://www.knot-dns.cz/2021-12-20-version-315.html
* Thu Nov 04 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.4, see:
    https://www.knot-dns.cz/2021-11-04-version-314.html
* Tue Oct 19 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.3, see:
    https://www.knot-dns.cz/2021-10-18-version-313.html
* Fri Sep 17 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - migrate to user creation via sysuser-tools
  - run spec-cleaner on spec file
  - update to version 3.1.2, see:
    https://www.knot-dns.cz/2021-09-08-version-312.html
* Thu Aug 12 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.1, see:
    https://www.knot-dns.cz/2021-08-10-version-311.html
* Wed Aug 04 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.1.0, see:
    https://www.knot-dns.cz/2021-08-02-version-310.html
* Thu Jul 01 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.0.7, see:
    https://www.knot-dns.cz/2021-06-16-version-307.html
* Fri May 14 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - make sure we have getent and groupadd/useradd in pre
    * added dependency on shadow and glibc
    * might be related to bnc#1186023
* Wed May 12 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.0.6, see:
    https://www.knot-dns.cz/2021-05-12-version-306.html
* Tue May 11 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - Make /etc/knot directory owned by knot - fix reload action
* Sat Mar 27 2021 Jan Engelhardt <jengelh@inai.de>
  - Update descriptions, remove unsubstantiated claims.
* Thu Mar 25 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - update to version 3.0.5, see:
    https://www.knot-dns.cz/2021-03-25-version-305.html
  - Update description based on homepage
* Mon Feb 01 2021 Jan Engelhardt <jengelh@inai.de>
  - Trim marketing wording from description.
  - Drop old rpm constructs.
* Mon Jan 25 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - version update to 3.0.4, see:
    https://www.knot-dns.cz/2021-01-20-version-304.html
* Mon Jan 04 2021 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - add incompatibility warning about 1.6.X version when updateing
  - rename back to knot
* Mon Dec 28 2020 pgajdos@suse.com
  - version update to 3.0.3
* Mon Nov 30 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - version update to 2.9.7, see:
    https://www.knot-dns.cz/2020-08-31-version-296.html
    https://www.knot-dns.cz/2020-10-09-version-297.html
  - obsolete only pre-2.0 version
* Tue Jul 21 2020 Marcus Rueckert <mrueckert@suse.de>
  - remove rosedb conditional as lmdb is required in general now
* Tue Jul 21 2020 Marcus Rueckert <mrueckert@suse.de>
  - replace conflicts with Provides/Obsoletes
* Wed Jun 24 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - fix dependency: python-Sphinx -> python3-Sphinx
* Wed Jun 24 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - use upstream example config file with correct syntax
* Wed Jun 24 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - version update to 2.9.5
    - Bugfixes
    - Old ZSK can be withdrawn too early during a ZSK rollover if maximum zone
      TTL is computed automatically
    - Server responds SERVFAIL to ANY queries on empty non-terminal nodes
    - Improvements
    - Also module onlinesign returns minimized responses to ANY queries
    - Linking against libcap-ng can be disabled via a configure option
* Tue May 19 2020 Michal Hrusecky <michal.hrusecky@opensuse.org>
  - version update to 2.9.4
    see NEWS
* Fri Dec 20 2019 pgajdos@suse.com
  - version update to 2.9.2
    see NEWS
* Wed Jan 23 2019 Marcus Rueckert <mrueckert@suse.de>
  - update to 2.7.6
    - Improvements
    - Zone status also shows when the zone load is scheduled
    - Server workers status also shows background workers
      utilization
    - Default control timeout for knotc was increased to 10 seconds
    - Pkg-config files contain auxiliary variable with library
      filename
    - Bugfixes
    - Configuration commit or server reload can drop some pending
      zone events
    - Nonempty zone journal is created even though it's disabled
      [#635]
    - Zone is completely re-signed during empty dynamic update
      processing
    - Server can crash when storing a big zone difference to the
      journal
    - Failed to link on FreeBSD 12 with Clang
* Mon Jan 07 2019 Marcus Rueckert <mrueckert@suse.de>
  - update to 2.7.5
    - Features:
    - Keymgr supports NSEC3 salt handling
    - Improvements:
    - Zone history in journal is dropped apon AXFR-like zone update
    - Libdnssec is no longer linked against libm #628
    - Libdnssec is explicitly linked against libpthread if PKCS #11
      enabled #629
    - Better support for libknot packaging in Python
    - Manually generated KSK is 'ready' by default
    - Kdig supports '+timeout' as an alias for '+time'
    - Kdig supports '+nocomments' option
    - Kdig no longer prints empty lines between retries
    - Kdig returns failure if operations not successfully resolved
      [#632]
    - Fixed repeating of the 'KSK submission, waiting for
      confirmation' log
    - Various improvements in documentation, Dockerfile, and tests
    - Bugfixes:
    - Knotc fails to unset huge configuration section
    - Kjournalprint sometimes fails to display zone journal content
    - Improper timing of ZSK removal during ZSK rollover
    - Missing UTC time zone indication in the 'iso' keymgr list
      output
    - A race condition in the online signing module
* Mon Dec 31 2018 Petr Gajdos <pgajdos@suse.com>
  - update to 2.7.4
    Features:
    - --------
    - Added SNI configuration for TLS in kdig (Thanks to Alexander Schultz)
    Improvements:
    - ------------
    - Added warning log when DNSSEC events not successfully scheduled
    - New semantic check on timer values in keymgr
    - DS query no longer asks other addresses if got a negative answer
    - Reintroduced 'rollover' configuration option for CDS/CDNSKEY publication
    - Extended logging for zone loading
    - Various documentation improvements
    Bugfixes:
    - --------
    - Failed to import module configuration #613
    - Improper Cflags value in libknot.pc if built with embedded LMDB #615
    - IXFR doesn't fall back to AXFR if malformed reply
    - DNSSEC events not correctly scheduled for empty zone updates
    - During algorithm rollover old keys get removed before DS TTL expires #617
    - Maximum zone's RRSIG TTL not considered during algorithm rollover #620
* Sun Nov 04 2018 Marcus Rueckert <mrueckert@suse.de>
  - seems we no longer need jansson
* Sun Nov 04 2018 Marcus Rueckert <mrueckert@suse.de>
  - limit geoip support to opensuse
* Sat Nov 03 2018 Marcus Rueckert <mrueckert@suse.de>
  - update to 2.7.3
    - Features:
    - New queryacl module for query access control
    - Configurable answer rrset rotation #612
    - Configurable NSEC bitmap in online signing
    - Improvements:
    - Better error logging for KASP DB operations #601
    - Some documentation improvements
    - Bugfixes:
    - Keymgr "list" output doesn't show key size for ECDSA algorithms #602
    - Failed to link statically with embedded LMDB
    - Configuration commit causes zone reload for all zones
    - The statistics module overlooks TSIG record in a request
    - Improper processing of an AXFR-style-IXFR response consisting of one-record messages
    - Race condition in online signing during key rollover #600
    - Server can crash if geoip module is enabled in the geo mode
  - changes from 2.7.2
    - Improvements:
    - Keymgr list command displays also key size
    - Kjournalprint displays total occupied size in the debug mode
    - Server doesn't stop if failed to load a shared module from the module directory
    - Libraries libcap-ng, pthread, and dl are linked selectively if needed
    - Bugfixes:
    - Sometimes incorrect result from dnssec_nsec_bitmap_contains (libdnssec)
    - Server can crash when loading zone file difference and zone-in-journal is set
    - Incorrect treatment of specific queries in the module RRL
    - Failed to link module Cookies as a shared library
  - changes from 2.7.1
    - Improvements:
    - Added zone wire size information to zone loading log message
    - Added debug log message for each unsuccessful remote address operation
    - Various improvements for packaging
    - Bugfixes:
    - Incompatible handling of RRSIG TTL value when creating a DNS message
    - Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs
    - Default configure prefix is ignored
  - changes from 2.7.0
    - Features:
    - New DNS Cookies module and related '+cookie' kdig option
    - New module for response tailoring according to client's subnet or geographic location
    - General EDNS Client Subnet support in the server
    - OSS-Fuzz integration (Thanks to Jonathan Foote)
    - New '+ednsopt' kdig option (Thanks to Jan Včelák)
    - Online Signing support for automatic key rollover
    - Non-normal file (e.g. pipe) loading support in zscanner #542
    - Automatic SOA serial incrementation if non-empty zone difference
    - New zone file load option for ignoring zone file's SOA serial
    - New build-time option for alternative malloc specification
    - Structured logging for DNSSEC key submission event
    - Empty QNAME support in kdig
    - Improvements:
    - Various library and server optimizations
    - Reduced memory consumption of outgoing IXFR processing
    - Linux capabilities use overhaul #546 (Thanks to Robert Edmonds)
    - Online Signing properly signs delegations and CNAME records
    - CDS/CDNSKEY rrset is signed with KSK instead of ZSK
    - DNSSEC-related records are ignored when loading zone difference with signing enabled
    - Minimum allowed RSA key length was increased to 1024
    - Bugfixes:
    - Possible uninitialized address buffer use in zscanner
    - Possible index overflow during multiline record parsing in zscanner
    - kdig +tls sometimes consumes 100 % CPU #561
    - Single-Type Signing doesn't work with single ZSK key #566
    - Zone not flushed after re-signing during zone load #594
    - Server crashes when committing empty zone transaction
    - Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
    - Compatibility:
    - Removed obsolete RRL configuration
    - Removed obsolete module names 'mod-online-sign' and 'mod-synth-record'
    - Removed obsolete 'ixfr-from-differences' configuration option
    - Removed old journal migration
    - Removed module rosedb
  - changes from 2.6.9
    - Improvements:
    - Added zone wire size to zone loading log message
    - Added debug log message for each unsuccessful remote address operation
    - Bugfixes:
    - Zone not flushed after re-signing during zone load #594
    - Server crashes when committing empty zone transaction
    - Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
  - packaging changes:
    - enabled geoip module: new BR: pkgconfig(libmaxminddb)
    - enabled cookies module
    - enabled queryacl module
* Sat Jul 14 2018 mrueckert@suse.de
  - update to 2.6.8
    - Features:
    - New 'import-pkcs11' command in keymgr
    - Improvements:
    - Unixtime serial policy mimics Bind – increment if lower #593
    - Bugfixes:
    - Creeping memory consuption upon server reload #584
    - Kdig incorrectly detects QNAME if 'notify' is a prefix
    - Server crashes when zone sign fails #587
    - CSK->KZSK rollover retires CSK early #588
    - Server crashes when zone expires during outgoing
      multi-message transfer
    - Kjournalprint doesn't convert zone name argument to
      lower-case
    - Cannot switch to a previously used ksk-shared dnssec policy
      [#589]
  - update to 2.6.7
    - Features:
    - Added 'dateserial' (YYYYMMDDnn) serial policy configuration
      (Thanks to Wolfgang Jung)
    - Improvements:
    - Trailing data indication from the packet parser (libknot)
    - Better configuration check for a problematical option
      combination
    - Bugfixes:
    - Incomplete configuration option item name check
    - Possible buffer overflow in 'knot_dname_to_str' (libknot)
    - Module dnsproxy doesn't preserve letter case of QNAME
    - Module dnsproxy duplicates OPT and TSIG in the non-fallback
      mode
* Wed May 02 2018 kbabioch@suse.com
  - Update to 2.6.6
    - Features:
    - New EDNS option counters in the statistics module
    - New '+orphan' filter for the 'zone-purge' operation
    - Improvements:
    - Reduced memory consuption of disabled statistics metrics
    - Some spelling fixes (Thanks to Daniel Kahn Gillmor)
    - Server no longer fails to start if MODULE_DIR doesn't exist
    - Configuration include doesn't fail if empty wildcard match
    - Added a configuration check for a problematical option combination
    - Bugfixes:
    - NSEC3 chain not re-created when SOA minimum TTL changed
    - Failed to start server if no template is configured
    - Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
    - Inaccurate outgoing zone transfer size in the log message
    - Invalid dname compression if empty question section
    - Missing EDNS in EMALF responses
* Mon Apr 02 2018 mrueckert@suse.de
  - update to 2.6.5
    - Features:
    - New 'zone-notify' command in knotc
    - Kdig uses '@server' as a hostname for TLS authenticaion if
      '+tls-ca' is set
    - Improvements:
    - Better heap memory trimming for zone operations
    - Added proper polling for TLS operations in kdig
    - Configuration export uses stdout as a default output
    - Simplified detection of atomic operations
    - Added '--disable-modules' configure option
    - Small documentation updates
    - Bugfixes:
    - Zone retransfer doesn't work well if more masters configured
    - Kdig can leak or double free memory in corner cases
    - Inconsistent error outputs from dynamic configuration
      operations
* Thu Jan 11 2018 i@marguerite.su
  - update to 2.6.4
    see /usr/share/doc/packages/knot2/NEWS
* Sun Aug 06 2017 mrueckert@suse.de
  - fix tmpfiles scriptlet
* Sun Aug 06 2017 mrueckert@suse.de
  - package /var/lib/knot
  - run tmpfiles scriptlet during install
* Sun Aug 06 2017 mrueckert@suse.de
  - update to 2.5.3
    see /usr/share/doc/packages/knot2/NEWS
  - use libidn2 on TW and 42.3
  - following modules stay static:
    - dnsproxy
    - onlinesign
  - moved modules to shared building:
    - dnstap
    - noudp
    - rosedb
    - rrl
    - stats
    - synthrecord
    - whoami
* Mon Feb 13 2017 mrueckert@suse.de
  - update to 2.4.1
    see /usr/share/doc/packages/knot2/NEWS
* Tue May 24 2016 mrueckert@suse.de
  - update to 2.2.1
    - Bugfixes:
    - Fix separate logging of server and zone events
    - Fix concurrent zone file flushing with many zones
    - Fix possible server crash with empty hostname on OpenWRT
    - Fix control timeout parsing in knotc
    - Fix "Environment maxreaders limit reached" error in knotc
    - Don't apply journal changes on modified zone file
    - Remove broken LTO option from configure script
    - Enable multiple zone names completion in interactive knotc
    - Set the TC flag in a response if a glue doesn't fit the
      response
    - Disallow server reload when there is an active configuration
      transaction
    - Improvements:
    - Distinguish unavailable zones from zones with zero serial in
      log messages
    - Log warning and error messages to standard error output in
      all utilities
    - Document tested PKCS #11 devices
    - Extended Python configuration interface
* Tue May 10 2016 mrueckert@suse.de
  - update to 2.2.0
    - Bugfixes:
    - Fix build dependencies on FreeBSD
    - Fix query/response message type setting in dnstap module
    - Fix remote address retrieval from dnstap capture in kdig
    - Fix global modules execution for queries hitting existing
      zones
    - Fix execution of semantic checks after an IXFR transfer
    - Fix PKCS#11 support detection at build time
    - Fix kdig failure when the first AXFR message contains just
      the SOA record
    - Exclude non-authoritative types from NSEC/NSEC3 bitmap at a
      delegation
    - Mark PKCS#11 generated keys as sensitive (required by Luna
      SA)
    - Fix error when removing the only zone from the server
    - Don't abort knotc transaction when some check fails
    - Features:
    - URI and CAA resource record types support
    - RRL client address based white list
    - knotc interactive mode
    - Improvements:
    - Consistent IXFR error messages
    - Various fixes for better compatibility with PKCS#11 devices
    - Various keymgr user interface improvements
    - Better zone event scheduler performance with many zones
    - New server control interface
    - kdig uses local resolver if resolv.conf is empty
  - new BR libedit-devel for the interactive mode
* Thu Feb 11 2016 mrueckert@suse.de
  - update to 2.1.1
    - Bugfixes:
    - DNSSEC: Allow import of duplicate private key into the KASP
    - DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer
    - Fix server crash when an incomming transfer is in progress
      and reload is issued
    - Fix socket polling when configured with many interfaces and
      threads
    - Fix compilation against Nettle 3.2
    - Improvements:
    - Select correct source address for UDP messages recieved on
      ANY address
    - Extend documentation of knotc commands
  - drop knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 mrueckert@suse.de
  - enable libcap-ng
* Wed Jan 27 2016 mrueckert@suse.de
  - fix configure check for pkcs11 support:
    adds knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 mrueckert@suse.de
  - fix soversions
* Wed Jan 27 2016 mrueckert@suse.de
  - update to 2.1.0
    - Features:
    - Per-thread UDP socket binding using SO_REUSEPORT on Linux
    - Support for dynamic configuration database
    - DNSSEC: Support for cryptographic tokens via PKCS #11
      interface
    - DNSSEC: Experimental support for online signing
    - Improvements:
    - Support for zone file name patterns
    - Configurable location of zone timer database
    - Non-blocking network operations and better timeout handling
    - Caching of Critical configuration values for better
      performance
    - Logging of ACL failures
    - RRL: Add rate-limit-slip zero support to drop all responses
    - RRL: Document behavior for different rate-limit-slip options
    - kdig: Warning instead of error on TSIG validation failure
    - Cleanup of support libraries interfaces (libknot,
      libzscanner, libdnssec)
    - Remove possibly insecure server control over a network socket
    - Remove implementation limit for the number of network
      interfaces
    - Bugfixes:
    - synth-record module: Fix application of default configuration
      options
    - TSIG: Allow compressed TSIG name when forwarding DDNS updates
    - Schedule zone bootstrap after slave zone fails to load from
      disk
  - avoid activating the intree copy of lmdb
* Tue Nov 24 2015 mrueckert@suse.de
  - update to 2.0.2
    - Out-of-bound read in packet parser for malformed NAPTR records
      (LibFuzzer)
* Wed Oct 14 2015 mrueckert@suse.de
  - split out shared libraries, knot-resolver uses some of them and
    atm we are forced to install the whole knot2 package.
* Thu Sep 03 2015 mrueckert@suse.de
  - lmdb seems no longer optional
* Thu Sep 03 2015 mrueckert@suse.de
  - create a new branch for knot 2.x starting with 2.0.1
    - Bugfixes:
    - Do not reload expired zones on 'knotc reload' and server
      startup
    - Fix rare race-condition in event scheduling causing delayed
      event execution
    - Fix skipping of non-authoritative nodes in NSEC proofs
    - Fix TC flag setting in RRL slipped answers
    - Disable domain name compression for root label
    - Log via journald only when running under systemd
    - Fix CNAME following when quering for NSEC RR type
    - Fix refreshing of DNSSEC signatures for zone keys
    - Fix binding an unavailable IPv6 address on Linux
      (IP_FREEBIND)
    - Fix infinite loop in knotc zonestatus and memstats
    - Fix memory leak in configuration on server shutdown
    - Fix broken dnsproxy module
    - Fix DNSSEC KASP timestamps parsing in strict POSIX
      environment
    - fix multi value parsing on big-endian
    - Adapt to Nettle 3 API break causing base64 decoding failures
      on big-endian
    - Features:
    - Add 'keymgr zone key ds' to show key's DS record
    - Add 'keymgr tsig generate' to generate TSIG keys
    - Add query module scoping to process either all queries or
      zone queries only
    - Add support for file name globbing in config file includes
    - Add 'request-edns-option' config option to add custom EDNS0
      option into server initiated queries
    - Improvements:
    - Send minimal responses (remove NS from Authority section for
      NOERROR)
    - Update persistent timers only on shutdown for better
      performance
    - Allow change of RR TTL over DDNS
    - Documentation fixes, updates, and improvements in formatting
    - Install yparser and zscanner header files
    - Improve lookup of libsystemd build dependencies
    - Fix compilation warnings in endian conversion functions on
      OpenBSD
  - changes in knot 2.0.0
    - Bugfixes:
    - Fix lost NOTIFY message if received during zone transfer
    - Disable fast zone parser when compiled in Clang (workaround
      for Clang bug)
    - kdig: Record correct dnstap SocketProtocol when retrying
      over TCP
    - kdig: Hide TSIG section with +noall
    - Do not set AA flag for AXFR/IXFR queries
    - Features:
    - DNSSEC: separate library, switch to GnuTLS, new utilities
    - DNSSEC: basic KASP support (generate initial keys, ZSK
      rollover)
    - Configuration: New text format in YAML, binary store in LMDB
    - Zone parser: Split long TXT/SPF strings into multiple
      strings
    - kdig: Add generic dump style option (+generic)
    - Try all master servers in multi-master environment
    - Improved remotes and ACLs (multiple addresses, multiple
      keys)
    - Basic support for zone file patterns (%s to substitute zone
      name)
    - Disable zone file synchronization by setting 'zonefile_sync'
      to '-1'
    - knsupdate: Add input prompt in interactive mode and 'quit'
      command
    - knsupdate: Allow TSIG algorithm specification in interactive
      prompt
    - Improvements:
    - Zone dump: Do not write class for SOA record (unified with
      other RR types)
    - Zone dump: Do not write master server address into the zone
      file
    - Documentation: Manual pages are included in HTML and PDF
  - drop patches which are included upstream:
    0001-loosen-openssl-dependency.patch
    0002-make-configure.ac-compatible-with-old-tools.patch
    - also drop all buildrequires just needed for autoreconf
  - new buildrequires:
    pkgconfig(gnutls) >= 3
    pkgconfig(nettle)
    pkgconfig(jansson)
  - create devel subpackage
  - enable rosedb and bash completion
* Wed Apr 29 2015 mrueckert@suse.de
  - local state dir should be just /var
* Thu Apr 09 2015 mrueckert@suse.de
  - enable dnstap support for factory and newer:
    - new BR: protobuf-c and libfstrm-devel
  - prepared lto support but not enabled yet, still need to find out
    which distros support it
* Thu Apr 09 2015 mrueckert@suse.de
  - update to 1.6.3
    - Performance drop for NSEC-signed zones
    - Proper handling of TCP short-writes
    - Out-of-bound read in zone parser for long domain names in
      origin (AFL fuzzer)
    - Out-of-bound read in packet parser for TSIG RR without RDATA
      (AFL fuzzer)
    - Out-of-bound read in packet parser for malformed NAPTR RR (AFL
      fuzzer)
    - CDS and CDNSKEY support in zone parser
    - Add defaults for TCP config options into documentation
    - Detailed error message if zone reload fails
  - refreshed patches to apply cleanly again:
    0002-make-configure.ac-compatible-with-old-tools.patch
* Tue Mar 10 2015 mrueckert@suse.de
  - update to 1.6.2
    - Limiting number of parallel TCP clients (max-tcp-clients config
      option)
    - Ignore refresh and transfer events on non-slave zones
    - Compilation with Dnstap support on FreeBSD
    - Possible file descriptor leak when terminating inactive TCP
      clients
  - refreshed patches to apply cleanly again:
    0002-make-configure.ac-compatible-with-old-tools.patch
  - moved autoreconf -fi to %build so it wont be tried in quilt setup
    or similar tools
  - move up the %if case for systemd in for the preun scriptlet to
    avoid warning about empty scripts on non systemd distributions.
  - used xz tarball: new buildrequires xz
* Thu Jan 08 2015 tchvatal@suse.com
  - Add deps on the docu packages to regen documentation
  - Enable systemd integration fully
  - Add dep on libidn
  - Cleanup with spec-cleaner
* Wed Dec 31 2014 ondrej@sury.org
  - Only require lmdb-devel on (Open)SUSE 13.2 and higher
* Wed Dec 31 2014 ondrej@sury.org
  - Updated to 1.6.1
    Bugfixes:
    - Journal file would sometimes outgrow its set limit
    - Fixed incompatibility with OpenSSL 0.9.8
    - Proper handling when machine hostname cannot be retreived
    Features:
    - Support for DNSSEC Single Type Signing Scheme
  - Compile with lmdb-devel to add support for persistent timers
* Tue Nov 18 2014 pgajdos@suse.com
  - Updated to 1.6.0
    Bugfixes:
    - Fix zone expiration when AXFR/IXFR is being refused by master
    - Fix forced zone refresh on slave (knotc refresh -f)
    - Persistent timers database opening after privileges has been dropped
    - DNSSEC: RFC compliant processing of letter case in RDATA domain names
    - EDNS: Return minimal error response for queries with unsupported version
    - EDNS: Fix interpretation of Extended RCODE
    Improvements:
    - Maximal size of persistent timers database increased from 10 MB to 100 MB
    - Added logging of persistent timers database errors
    Features:
    - Persistent timers for slave zones (expire, refresh, and flush)

Files

/usr/lib/libdnssec.so.9
/usr/lib/libdnssec.so.9.0.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:42:22 2024