From 46ab618a08f10a56e790b75481ba0fd51184f609 Mon Sep 17 00:00:00 2001 From: Petr Špaček Date: Apr 06 2017 05:31:44 +0000 Subject: new upstream release 1.2.5 --- diff --git a/.gitignore b/.gitignore index ad76052..0671791 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /knot-resolver-1.2.0.tar.xz.asc /knot-resolver-1.2.3.tar.xz.asc /knot-resolver-1.2.4.tar.xz.asc +/knot-resolver-1.2.5.tar.xz.asc diff --git a/knot-resolver.spec b/knot-resolver.spec index 4a1f0fa..7979858 100644 --- a/knot-resolver.spec +++ b/knot-resolver.spec @@ -3,7 +3,7 @@ # comment out this define using #%% if it is not a pre-release version # %% define PRERELEASE rc3 Name: knot-resolver -Version: 1.2.4 +Version: 1.2.5 Release: %{?PRERELEASE}%{?PRERELEASE:.}1%{?dist} Summary: Caching full DNS Resolver @@ -150,6 +150,7 @@ exit 0 %{_unitdir}/kresd*.socket %{_tmpfilesdir}/kresd.conf %{_sbindir}/kresd +%{_sbindir}/kresc %{_libdir}/libkres.so.* %{_libdir}/kdns_modules %{_mandir}/man8/kresd.* @@ -160,6 +161,26 @@ exit 0 %{_libdir}/libkres.so %changelog +* Thu Apr 06 2017 Petr Spacek - 1.2.5-1 +- new upstream relase + + security: layer/validate: clear AD if closest encloser proof has opt-outed NSEC3 (#169) + + security: layer/validate: check if NSEC3 records in wildcard expansion proof has an opt-out + + security: dnssec/nsec: missed wildcard no-data answers validation has been implemented + + fix: trust anchors: Improve trust anchors storage format (#167) + + fix: trust anchors: support non-root TAs, one domain per file + + fix: policy.DENY: set AA flag and clear AD flag + + fix: lib/resolve: avoid unnecessary DS queries + + fix: lib/nsrep: don't treat servers with NOIP4 + NOIP6 flags as timeouted + + fix: layer/iterate: During packet classification (answer vs. referral) don't analyze + AUTHORITY section in authoritative answer if ANSWER section contains records + that have been requested + + enhancement: modules/dnstap: a DNSTAP support module (Contributed by Vicky Shrestha) + + enhancement: modules/workarounds: a module adding workarounds for known DNS protocol violators + + enhancement: layer/iterate: fix logging of glue addresses + + enhancement: kr_bitcmp: allow bits=0 and consequently 0.0.0.0/0 matches in view and renumber modules. + + enhancement: modules/padding: Improve default padding of responses (Contributed by Daniel Kahn Gillmor) + + enhancement: New kresc client utility (experimental; don't rely on the API yet) + * Thu Mar 09 2017 Petr Spacek - 1.2.4-1 - new upstream release + security: Knot Resolver 1.2.0 and higher could return AD flag for insecure diff --git a/sources b/sources index da2bf84..651ae09 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (knot-resolver-1.2.4.tar.xz) = 1afd363c64d4adf167544f1a94d1dcc509bd922d24ef99fac7d4222783492d507da0c65657d59aada961f7edb6d6b3986a2cfc876f548c6900092eebd49e56e0 -SHA512 (knot-resolver-1.2.4.tar.xz.asc) = 11dee4be02bfafdc53baac13542a0fa8f55bc4b76d518beaaf147a2f16c825d32f0c4872c596c4a94bfcb3473a6a1afba90cbab4387325c89d546a8734012470 +SHA512 (knot-resolver-1.2.5.tar.xz) = 1e3f2eafeade1bac9b3cf45e9f992e30e9a5bbb2124465ea02d3eebf28bb8645d095db4fc58c707c841de13a2326601fca9682a631b60d9a5e2869b677a39da9 +SHA512 (knot-resolver-1.2.5.tar.xz.asc) = 52dbb7b5ae2040f6560a861043f44b312af5e07102c39ed13dcd677c692b6b6c88eac6eab174a702b3d00c1f4369ec17de8f85f87d2b9ab6a131c47363f16730