{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Knot Resolver 2.1.0 (2018-02-16)\n================================\n\nIncompatible changes\n--------------------\n- stats: remove tracking of expiring records (predict uses another way)\n- systemd: re-use a single kresd.socket and kresd-tls.socket\n- ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01\n  (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic)\n- libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS\n\nBugfixes\n--------\n- detect_time_jump module: don't clear cache on suspend-resume (#284)\n- stats module: fix stats.list() returning nothing, regressed in 2.0.0\n- policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306)\n- cache: fix broken refresh of insecure records that were about to expire\n- fix the hints module on some systems, e.g. Fedora (came back on 2.0.0)\n- build with older gnutls (conditionally disable features)\n- fix the predict module to work with insecure records & cleanup code\n\n\nKnot Resolver 2.0.0 (2018-01-31)\n================================\n\nIncompatible changes\n--------------------\n- systemd: change unit files to allow running multiple instances,\n  deployments with single instance now must use `kresd@1.service`\n  instead of `kresd.service`; see kresd.systemd(7) for details\n- systemd: the directory for cache is now /var/cache/knot-resolver\n- unify default directory and user to `knot-resolver`\n- directory with trust anchor file specified by -k option must be writeable\n- policy module is now loaded by default to enforce RFC 6761;\n  see documentation for policy.PASS if you use locally-served DNS zones\n- drop support for alternative cache backends memcached, redis,\n  and for Lua bindings for some specific cache operations\n- REORDER_RR option is not implemented (temporarily)\n\nNew features\n------------\n- aggressive caching of validated records (RFC 8198) for NSEC zones;\n  thanks to ICANN for sponsoring this work.\n- forwarding over TLS, authenticated by SPKI pin or certificate.\n  policy.TLS_FORWARD pipelines queries out-of-order over shared TLS connection\n  Beware: Some resolvers do not support out-of-order query processing.\n  TLS forwarding to such resolvers will lead to slower resolution or failures.\n- trust anchors: you may specify a read-only file via -K or --keyfile-ro\n- trust anchors: at build-time you may set KEYFILE_DEFAULT (read-only)\n- ta_sentinel module implements draft ietf-dnsop-kskroll-sentinel-00,\n  enabled by default\n- serve_stale module is prototype, subject to change\n- extended API for Lua modules\n\nBugfixes\n--------\n- fix build on osx - regressed in 1.5.3 (different linker option name)\n\n\n----\n\nKnot Resolver 1.5.3 (2018-01-23)\n================================\n\nBugfixes\n--------\n- fix the hints module on some systems, e.g. Fedora.\n  Symptom: `undefined symbol: engine_hint_root_file`\n\n\nKnot Resolver 1.5.2 (2018-01-22)\n================================\n\nSecurity\n--------\n- fix CVE-2018-1000002: insufficient DNSSEC validation, allowing\n  attackers to deny existence of some data by forging packets.\n  Some combinations pointed out in RFC 6840 sections 4.1 and 4.3\n  were not taken into account.\n\nBugfixes\n--------\n- memcached: fix fallout from module rename in 1.5.1\n\n\nKnot Resolver 1.5.1 (2017-12-12)\n================================\n\nIncompatible changes\n--------------------\n- script supervisor.py was removed, please migrate to a real process manager\n- module ketcd was renamed to etcd for consistency\n- module kmemcached was renamed to memcached for consistency\n\nBugfixes\n--------\n- fix SIGPIPE crashes (#271)\n- tests: work around out-of-space for platforms with larger memory pages\n- lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0 (and 1.99.1-alpha),\n  potentially causing problems in dns64 and workarounds modules\n- predict module: various fixes (!399)\n\nImprovements\n------------\n- add priming module to implement RFC 8109, enabled by default (#220)\n- add modules helping with system time problems, enabled by default;\n  for details see documentation of detect_time_skew and detect_time_jump\n", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2018-02-19 11:15:36", "date_modified": null, "date_approved": null, "date_testing": "2018-02-19 18:21:57", "date_stable": "2018-02-27 16:51:55", "alias": "FEDORA-2018-844a1e9778", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2018-02-27 16:51:55", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2018-844a1e9778", "title": "knot-resolver-2.1.0-1.fc26", "version_hash": "2a7a17f7f18f8062bd49175c4a75bc20224ca94c", "release": {"name": "F26", "long_name": "Fedora 26", "version": "26", "id_prefix": "FEDORA", "branch": "f26", "dist_tag": "f26", "stable_tag": "f26-updates", "testing_tag": "f26-updates-testing", "candidate_tag": "f26-updates-candidate", "pending_signing_tag": "f26-signing-pending", "pending_testing_tag": "f26-updates-testing-pending", "pending_stable_tag": "f26-updates-pending", "override_tag": "f26-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "tkrizek", "email": "tomas.krizek@nic.cz", "id": 3180, "avatar": "https://seccdn.libravatar.org/avatar/96bfa277510476de258a6b00c99d51b6d474738eff0596b9165a711256afdbf4?s=24&d=retro", "openid": "tkrizek.id.fedoraproject.org", "groups": [{"name": "packager"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by tkrizek. ", "timestamp": "2018-02-19 11:15:36", "update_id": 107685, "user_id": 91, "id": 733160, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [knot-resolver-1.5.3-1.fc26](https://bodhi.fedoraproject.org/updates/FEDORA-2018-f73abc5680), and has inherited its bugs and notes.", "timestamp": "2018-02-19 11:15:39", "update_id": 107685, "user_id": 91, "id": 733162, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-02-19 18:23:14", "update_id": 107685, "user_id": 91, "id": 733298, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2018-02-27 00:00:38", "update_id": 107685, "user_id": 91, "id": 736438, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for batched by tkrizek. ", "timestamp": "2018-02-27 08:44:14", "update_id": 107685, "user_id": 91, "id": 736725, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by tkrizek. ", "timestamp": "2018-02-27 08:44:29", "update_id": 107685, "user_id": 91, "id": 736726, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2018-02-27 16:57:13", "update_id": 107685, "user_id": 91, "id": 736943, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "knot-resolver-2.1.0-1.fc26", "signed": true, "release_id": 16, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1537462, "title": "CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation", "security": true, "parent": true, "feedback": []}, {"bug_id": 1537466, "title": "CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2018-844a1e9778", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}