stable

knot-2.4.1-1.fc25 and knot-resolver-1.2.3-1.fc25

FEDORA-2017-038e821698 created by pspacek 7 years ago for Fedora 25

Knot Resolver 1.2.3 (2017-02-23)

Bugfixes

  • Disable storing GLUE records into the cache even in the (non-default) QUERY_PERMISSIVE mode
  • iterate: skip answer RRs that don't match the query
  • layer/iterate: some additional processing for referrals
  • lib/resolve: zonecut fetching error was fixed

Knot Resolver 1.2.2 (2017-02-10)

Bugfixes:

  • Fix -k argument processing to avoid out-of-bounds memory accesses
  • lib/resolve: fix zonecut fetching for explicit DS queries
  • hints: more NULL checks
  • Fix TA bootstrapping for multiple TAs in the IANA XML file

Testing:

  • Update tests to run tests with and without QNAME minimization

Knot Resolver 1.2.1 (2017-02-01)

Security:

  • Under certain conditions, a cached negative answer from a CD query would be reused to construct response for non-CD queries, resulting in Insecure status instead of Bogus. Only 1.2.0 release was affected.

Documentation

  • Update the typo in the documentation: The query trace policy is named policy.QTRACE (and not policy.TRACE)

Bugfixes:

  • lua: make the map command check its arguments

Knot DNS 2.4.1 (2017-02-10)

Bugfixes:

  • Transfer of a huge rrset goes into an infinite loop
  • Huge response over TCP contains useless TC bit instead of SERVFAIL
  • Failed to build utilities with disabled daemon
  • Memory leaks during keys removal
  • Rough TSIG packet reservation causes early truncation
  • Minor out-of-bounds string termination write in rrset dump
  • Server crash during stop if failed to open timers DB
  • Poor minimum UDP-max-size configuration check
  • Failed to receive one-record-per-message IXFR-style AXFR
  • Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Improvements:

  • Speed-up of rdata addition into a huge rrset
  • Introduce check of minumum timeout for next refresh
  • Dnsproxy module can forward all queries without local resolving

Latest upstream release. Includes bugfixes for DNSSEC key management.


Latest upstream versions with bunch of impotant bugfixes.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-038e821698

This update has been submitted for testing by pspacek.

7 years ago

This update has obsoleted knot-2.4.0-1.fc25, and has inherited its bugs and notes.

7 years ago

This update has obsoleted knot-resolver-1.2.0-2.fc25, and has inherited its bugs and notes.

7 years ago

This update has been pushed to testing.

7 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for stable by pspacek.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago

Automated Test Results