knot (2.7.6-2progress5u1) engywuck; urgency=medium * Initial reupload to engywuck. * Updating maintainer field. * Updating uploaders field. * Updating bugs field. * Updating vcs fields. * Moving kzonecheck from knot to knot-dnsutils (Closes: #925035). * Adding update-alternatives to use kdig for /usr/bin/dig. * Adding update-alternatives to use knsupdate for /usr/bin/nsupdate. * Adding update-alternatives to use khost for /usr/bin/host (Closes: #932087). -- Daniel Baumann Mon, 06 May 2024 02:54:39 +0200 knot (2.7.6-2) unstable; urgency=medium * add libsofthsm2 when testing for libdnssec/test_keystore_pkcs11 * Check fine-grained timestamps on zonefiles. * Correct documentation about key formats * Standards-Version: bump to 4.3.0 (no changes needed) -- Daniel Kahn Gillmor Fri, 22 Feb 2019 16:51:08 -0500 knot (2.7.6-1) unstable; urgency=medium * new upstream release -- Ondřej Surý Fri, 08 Feb 2019 12:53:57 +0000 knot (2.7.4-1) unstable; urgency=medium * new upstream release * drop patch applied upstream * d/upstream/signing-key.asc: minimize OpenPGP certificate -- Daniel Kahn Gillmor Wed, 14 Nov 2018 01:16:27 -0500 knot (2.7.3-3) unstable; urgency=medium * update build-deps and autopkgtest deps -- Daniel Kahn Gillmor Thu, 08 Nov 2018 08:39:43 +0700 knot (2.7.3-2) unstable; urgency=medium * postinst: use runuser instead of su for safety and simplicity * fix get_kaspdb and test it against shipped config (Closes: #912210) * added Build-Depends-Package: libknot-dev to symbols files * cleaner diffs: put dh args on separate lines * added authoritative nameserver autopkgtest * Avoid including git version in debian packages * fix broken python * fix up get_user * autopkgtest: test upgrade/conversion tooling -- Daniel Kahn Gillmor Wed, 07 Nov 2018 22:55:37 +0700 knot (2.7.3-1) unstable; urgency=medium * new upstream release -- Daniel Kahn Gillmor Mon, 15 Oct 2018 17:21:51 -0400 knot (2.7.2-2) unstable; urgency=medium * d/rules: try moving DEB_HOST_ARCH check for -latomic * mips and powerpc both appear to build fine without -latomic -- Daniel Kahn Gillmor Wed, 29 Aug 2018 16:07:02 -0400 knot (2.7.2-1) unstable; urgency=medium * new upstream release * try to fix up architecture selection -- Daniel Kahn Gillmor Wed, 29 Aug 2018 10:34:56 -0400 knot (2.7.1-3) unstable; urgency=medium [ Daniel Salzman ] * remove obsolete dependency libjansson-dev * remove obsolete --with-bash-completions -- Daniel Kahn Gillmor Mon, 27 Aug 2018 19:18:20 -0400 knot (2.7.1-2) unstable; urgency=medium * Standards-Version: bump to 4.2.1 (no changes needed) * add -latomic to riscv64 arch as well -- Daniel Kahn Gillmor Mon, 27 Aug 2018 19:06:08 -0400 knot (2.7.1-1) unstable; urgency=medium * new upstream release * SONAME bumps: move to libknot8, libdnssec6, and libzscanner2 * adopted pykeymgr from upstream, renaming to /usr/lib/knot/kasp_json2lmdb * ship manpages with dh_installman * kjournalprint is now a shipped as a system administration utility * avoid more autogened files on package import * drop THANKS, no longer shipped upstream * update symbols files * Standards-Version: bump to 4.2.0 (no changes needed) * clean up kdns-utils description * added libcap-ng to build-deps * move to libidn2 * d/copyright: correct license of TAP sources * added build-dep on libmaxminddb-dev for GeoIP module * Only conditionally add -latomic based on the platform * record notes about dynamic modules instead of static modules -- Daniel Kahn Gillmor Fri, 24 Aug 2018 18:02:44 -0400 knot (2.6.8-2) unstable; urgency=medium * d/knot.NEWS: fix spelling (thanks, Lintian!) * refresh patches * Standards-Version: bump to 4.1.5 (no changes needed) -- Daniel Kahn Gillmor Tue, 10 Jul 2018 16:14:48 -0400 knot (2.6.8-1) unstable; urgency=medium * New upstream version 2.6.8 -- Daniel Salzman Tue, 10 Jul 2018 16:23:19 +0200 knot (2.6.7-2) unstable; urgency=medium * use knot@packages.debian.org as Maintainer (Closes: #899825) -- Daniel Kahn Gillmor Thu, 24 May 2018 16:00:33 -0400 knot (2.6.7-1) unstable; urgency=medium * New upstream version 2.6.7 -- Daniel Salzman Thu, 17 May 2018 13:18:22 +0200 knot (2.6.6-2) unstable; urgency=medium [ Daniel Salzman ] * Remove already included patches * Add new symbol to libknot7.symbols * Update changelog for 2.6.6-1 release [ Daniel Kahn Gillmor ] * standards-version: bump to 4.1.4 (no changes needed) * clean up libknot7.symbols * prepare debian release -- Daniel Kahn Gillmor Mon, 23 Apr 2018 02:07:36 -0400 knot (2.6.5-3) unstable; urgency=medium * accept suggestions from the Multiarch hinter * d/tests/control: rely on ca-certificates to validate the DNS-over-TLS cert -- Daniel Kahn Gillmor Sun, 25 Feb 2018 15:49:46 -0800 knot (2.6.5-2) unstable; urgency=medium * re-ship /usr/lib/$(DEB_HOST_MULTIARCH)/knot" (Closes: #891319) -- Daniel Kahn Gillmor Sun, 25 Feb 2018 10:17:49 -0800 knot (2.6.5-1) unstable; urgency=medium * new upstream release [ Daniel Salzman ] * Update uploaders and dependencies in the control file * Downgrade 'Recommends' to 'Suggests' for systemd * Update upstream signing key [ Daniel Kahn Gillmor ] * wrap-and-sort -ast * add myself to uploaders * move to debhelper 11 * Standards-Version: 4.1.3 (no changes needed) * build-depend on python3-sphinx instead of python-sphinx * d/gbp.conf: clean up, use DEP-14 * dh11: apply --fail-missing only to dh_missing * remove doc/modules symlink on clean * Use python3 instead of python2 for helper functions * use python3 for pykeymgr * move knot from python 2 to python 3 * Move python3-lmdb to Recommends * d/TODO: note future debian packaging work * knot-doc: use system jquery and underscore javascript * include upstream VCS in git history * d/control: add Rules-Requires-Root: no * d/changelog: strip trailing whitespace * ship upstream ChangeLog * d/copyright: drop hat-trie, removed upstream * d/*.NEWS: stop using asterisks * stop declaring unnecessary dirs * stop shipping /usr/lib/$(DEB_HOST_MULTIARCH)/knot * add doc-base entry for knot-doc * d/gbp.conf: improve cleanup during import-orig * fix spelling errors in manpages * info: fix direntry and category * add really simple autopkgtest -- Daniel Kahn Gillmor Thu, 22 Feb 2018 23:38:33 -0800 knot (2.6.4-1) unstable; urgency=medium * Update Vcs-* links to salsa.d.o * New upstream version 2.6.4 -- Ondřej Surý Thu, 04 Jan 2018 15:02:46 +0000 knot (2.6.3-1) unstable; urgency=medium * New upstream version 2.6.3 -- Ondřej Surý Fri, 24 Nov 2017 15:33:43 +0000 knot (2.6.1-2) unstable; urgency=medium * Add Breaks/Replaces for libdnssec5/libknot7 to remedy botched 2.6.0-1 upload (Closes: #881638) -- Ondřej Surý Mon, 13 Nov 2017 19:58:35 +0000 knot (2.6.1-1) unstable; urgency=medium * New upstream version 2.6.1 * Remove upstream patch for disabling TCP Fastopen -- Ondřej Surý Sun, 12 Nov 2017 03:11:26 +0000 knot (2.6.0-3) unstable; urgency=medium * kdig: disable TCP Fastopen by default as it breaks TLS connection (Closes: #879079) -- Ondřej Surý Thu, 19 Oct 2017 08:22:18 +0000 knot (2.6.0-2) unstable; urgency=medium [ John Bond ] * fix get_kasp and get_user to support unquoted ipv6 addresses -- Ondřej Surý Thu, 05 Oct 2017 13:08:26 +0000 knot (2.6.0-1) unstable; urgency=medium * New upstream version 2.6.0 * Enable strict symbols checking * Bump libknot 6->7 and libdnssec 4->5 SONAMEs and update symbols files -- Ondřej Surý Fri, 29 Sep 2017 19:46:41 +0200 knot (2.5.4-2) unstable; urgency=medium * Drop conflicting links to dig, nsupdate and host (Closes: #741645) * Build-Depend on latexmk (Closes: #872203) -- Ondřej Surý Mon, 18 Sep 2017 07:11:39 +0200 knot (2.5.4-1) unstable; urgency=medium * New upstream version 2.5.4 -- Ondřej Surý Fri, 01 Sep 2017 09:03:02 +0200 knot (2.5.3-3) unstable; urgency=medium * Simple rebuild to make knot-doc arch:all again. -- Ondřej Surý Wed, 26 Jul 2017 14:41:26 +0200 knot (2.5.3-2) unstable; urgency=medium * Disable dh-exec usage as #831786 breaks dh_install --fail-missing (Closes: #869199) -- Ondřej Surý Mon, 24 Jul 2017 10:26:09 +0200 knot (2.5.3-1) unstable; urgency=medium * New upstream version 2.5.3 -- Ondřej Surý Sat, 15 Jul 2017 07:26:12 +0200 knot (2.5.2-1) unstable; urgency=medium * New upstream version 2.5.2 * Remove all patches merged upstream -- Ondřej Surý Fri, 23 Jun 2017 11:46:34 +0200 knot (2.5.1-4) unstable; urgency=medium * Create the modules M-A directory to workaround the bug that fails to start knot when modules directory is missing -- Ondřej Surý Thu, 15 Jun 2017 11:32:09 +0200 knot (2.5.1-3) unstable; urgency=medium * Enable dnstap module and set default moduledir to multiarch path -- Ondřej Surý Thu, 15 Jun 2017 08:32:34 +0200 knot (2.5.1-2) unstable; urgency=medium * Explicitly exclude example.com.zone to support older debhelpers * Add patch to fix duplicate section merging in the config -- Ondřej Surý Fri, 09 Jun 2017 13:47:17 +0200 knot (2.5.1-1) unstable; urgency=medium * New upstream version 2.5.1 * Remove upstream patches released as Knot DNS 2.5.1 -- Ondřej Surý Wed, 07 Jun 2017 16:04:16 +0200 knot (2.5.0-2) unstable; urgency=medium * Add upstream patches to fix old DNSSEC installations * Skip already converted kasp-db directories * Install pykeymgr from upstream tarball -- Ondřej Surý Wed, 07 Jun 2017 14:20:38 +0200 knot (2.5.0-1) unstable; urgency=medium * New upstream version 2.5.0 * Update maintscript to use dh-exec and remove obsolete cruft * Bump the package names for libknot and libdnssec to match new SOVERSIONs * Simplify d/rules overrides * Remove not-installed files from d/*.install * Install local copy of pykeymgr (not included in the source distribution) * Add python-lmdb for pykeymgr migration utility -- Ondřej Surý Wed, 07 Jun 2017 11:03:22 +0200 knot (2.4.3-1) unstable; urgency=medium * New upstream version 2.4.3 -- Ondřej Surý Tue, 11 Apr 2017 21:17:47 +0200 knot (2.4.2-1) unstable; urgency=medium * New upstream version 2.4.2 -- Ondřej Surý Thu, 23 Mar 2017 11:47:52 +0100 knot (2.4.1-2) unstable; urgency=medium * Enable dnstap module -- Ondřej Surý Mon, 27 Feb 2017 11:35:15 +0100 knot (2.4.1-1) unstable; urgency=medium * New upstream version 2.4.1 -- Ondřej Surý Fri, 10 Feb 2017 13:54:24 +0100 knot (2.4.0-3) unstable; urgency=medium * Fix timeout call syntax in dh_auto_test invocation -- Ondřej Surý Wed, 25 Jan 2017 15:10:04 +0100 knot (2.4.0-2) unstable; urgency=medium * Add -latomic to LDFLAGS to fix FTBFS on platforms that need it -- Ondřej Surý Mon, 23 Jan 2017 11:41:59 +0100 knot (2.4.0-1) unstable; urgency=medium * Fix gbp.conf to be readable by git config --file debian/gbp.conf on Jessie * New upstream version 2.4.0 * Bump libknot SONAME 4->5 * Update symbols files for 2.4.0 release -- Ondřej Surý Fri, 20 Jan 2017 12:15:30 +0100 knot (2.3.3-1) unstable; urgency=medium [ Daniel Kahn Gillmor ] * Use secure URLs where possible * Clean up debian/copyright. * Drop duplicate Source: lines (clears lintian binary-control-field-duplicates-source) * Avoid using asterisk in NEWS (clears lintian debian-news-entry-uses-asterisk) * Knot needs a dependency on lsb-base (clears lintian init.d-script-needs-depends-on-lsb-base) * Filter auto-reconfed files out during future gbp import-orig operations * debian/control: clean up Description: lines * Added Documentation= to knot.service [ Ondřej Surý ] * Imported Upstream version 2.3.3 * Add kjournalprint to knot package -- Ondřej Surý Thu, 08 Dec 2016 14:49:31 +0100 knot (2.3.2-1) unstable; urgency=medium * Imported Upstream version 2.3.2 * Add new symbols to libknot4.symbols -- Ondřej Surý Fri, 04 Nov 2016 11:31:33 +0100 knot (2.3.1-1) unstable; urgency=medium * Imported Upstream version 2.3.1 * Bump libknot3 to libknot4 * kzonecheck was moved to /usr/bin -- Ondřej Surý Mon, 10 Oct 2016 12:01:41 +0200 knot (2.3.0-4) unstable; urgency=medium * Don't fail if there's no knot user defined * Don't list explicit -c or -C path and let daemon figure it out -- Ondřej Surý Thu, 15 Sep 2016 12:44:57 +0200 knot (2.3.0-3) unstable; urgency=medium * Ignore the test results if they don't finish within 5 minutes * Correctly break/replace libzscanner0 that contained libzscanner.so.1 -- Ondřej Surý Thu, 11 Aug 2016 08:49:25 +0200 knot (2.3.0-2) unstable; urgency=medium * Move examples to knot-doc package (fix arch-only FTBFS) -- Ondřej Surý Wed, 10 Aug 2016 10:17:17 +0200 knot (2.3.0-1) unstable; urgency=medium * Imported Upstream version 2.3.0 + Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171) (Closes: #830809) * Restructure d/rules so dh_install --fail-missing works again * Upstream bumped SOVERSION to libknot3, libdnssec2 and libzscanner1 -- Ondřej Surý Wed, 10 Aug 2016 09:16:35 +0200 knot (2.2.1-2) unstable; urgency=high * Add texlive-generic-extra to B-D for missing iftex.sty (Closes: #829428) -- Ondřej Surý Mon, 11 Jul 2016 11:47:34 +0200 knot (2.2.1-1) unstable; urgency=medium * Imported Upstream version 2.2.1 -- Ondřej Surý Tue, 24 May 2016 17:48:16 +0200 knot (2.2.0-3) unstable; urgency=medium * knotc checkconf is not knotc conf-check (Closes: #823574) -- Ondřej Surý Fri, 20 May 2016 14:22:11 +0200 knot (2.2.0-2) unstable; urgency=medium * Do dbgsym migration of debug symbols -- Ondřej Surý Wed, 27 Apr 2016 17:43:59 +0200 knot (2.2.0-1) unstable; urgency=medium * confdb should be in /var/lib/knot/ by default * Imported Upstream version 2.2.0 * Add libedit-dev to Build-Depends -- Ondřej Surý Wed, 27 Apr 2016 10:10:10 +0200 knot (2.1.1-2) unstable; urgency=medium * Add python to Depends and run wrap-and-sort -a * Parse correct /etc/default/knot instead of /etc/default/knotd -- Ondřej Surý Fri, 15 Apr 2016 17:18:02 +0200 knot (2.1.1-1) unstable; urgency=medium * Imported Upstream version 2.1.1 -- Ondřej Surý Wed, 10 Feb 2016 20:01:44 +0100 knot (2.1.0-3) unstable; urgency=medium * Add small python helper programs to get values from knot.conf -- Ondřej Surý Mon, 25 Jan 2016 12:44:00 +0100 knot (2.1.0-2) unstable; urgency=medium * Revert "Run keymgr init on every upgrade (just to be sure it happens)" * Add support for relative directories in kasp-db -- Ondřej Surý Thu, 14 Jan 2016 11:46:35 +0100 knot (2.1.0-1) unstable; urgency=medium * Set knot user home directory to /var/lib/knot * Imported Upstream version 2.1.0 * Run keymgr init on every upgrade (just to be sure it happens) -- Ondřej Surý Thu, 14 Jan 2016 10:55:26 +0100 knot (2.1.0~rc1-55-gf227348-1) unstable; urgency=medium * Add libgnutls28-dev and libjansson-dev as dependencies to libknot-dev to satisfy pkg-config requirements * Imported Upstream version 2.1.0~rc1-55-gf227348 * Automatically upgrade all KASP databases found in the configuration and restart the server afterwards when upgrading from 2.0.x to 2.1.x -- Ondřej Surý Wed, 13 Jan 2016 14:03:17 +0100 knot (2.1.0~rc1-52-gd80ce77-1) unstable; urgency=medium * Imported Upstream version 2.1.0~rc1-52-gd80ce77 -- Ondřej Surý Tue, 12 Jan 2016 16:56:12 +0100 knot (2.0.2-1) unstable; urgency=medium * Imported Upstream version 2.0.2 * Delete d/p/series as we carry no patches -- Ondřej Surý Tue, 24 Nov 2015 19:59:56 +0100 knot (2.0.1-4) unstable; urgency=medium * Split knot-libs into individual library packages * Add knot.default file and use it from systemd and init.d scripts -- Ondřej Surý Mon, 05 Oct 2015 20:34:02 +0200 knot (2.0.1-3) unstable; urgency=medium * The upstart conffile ends with .conf, fix the stale conffile removal -- Ondřej Surý Mon, 21 Sep 2015 13:54:42 +0200 knot (2.0.1-2) unstable; urgency=medium * Compile the production version with NDEBUG * Remove stale upstart init script via dpkg-maintscript-helper rm_config -- Ondřej Surý Mon, 14 Sep 2015 13:41:29 +0200 knot (2.0.1-1) unstable; urgency=medium * Imported Upstream version 2.0.1 * Fix the do_tmpfiles() in sysvrc script (Courtesy of Daniel Baumann) (Closes: #796921) * Disable -pedantic as it causes errors to be thrown in the tests -- Ondřej Surý Thu, 03 Sep 2015 10:56:16 +0200 knot (2.0.0-1+0) unstable; urgency=medium * Bump the version to workaround ~exp* higher than ~bpo* -- Ondřej Surý Mon, 17 Aug 2015 15:05:37 +0200 knot (2.0.0-1) unstable; urgency=medium * New upstream version 2.0.0 + Bugfixes: - Fix lost NOTIFY message if received during zone transfer - Disable fast zone parser when compiled in Clang (workaround for Clang bug) - kdig: Record correct dnstap SocketProtocol when retrying over TCP - kdig: Hide TSIG section with +noall - Do not set AA flag for AXFR/IXFR queries + Features: - DNSSEC: separate library, switch to GnuTLS, new utilities - DNSSEC: basic KASP support (generate initial keys, ZSK rollover) - Configuration: New text format in YAML, binary store in LMDB - Zone parser: Split long TXT/SPF strings into multiple strings - kdig: Add generic dump style option (+generic) - Try all master servers in multi-master environment - Improved remotes and ACLs (multiple addresses, multiple keys) - Basic support for zone file patterns (%s to substitute zone name) - Disable zone file synchronization by setting 'zonefile_sync' to '-1' - knsupdate: Add input prompt in interactive mode and 'quit' command - knsupdate: Allow TSIG algorithm specification in interactive prompt + Improvements: - Zone dump: Do not write class for SOA record (unified with other RR types) - Zone dump: Do not write master server address into the zone file - Documentation: Manual pages are included in HTML and PDF * Install knot1to2 configuration file conversion tool * Automatically convert knot.conf with some safety-checks * Add note about the conversion to debian/knot.NEWS * Make the build libsystem-{daemon,journal}-dev friendly to allow Ubuntu and backported builds -- Ondřej Surý Mon, 17 Aug 2015 11:56:43 +0200 knot (2.0.0-1~exp2) experimental; urgency=medium * Update prepare-environment to match the new config file syntax -- Ondřej Surý Thu, 30 Jul 2015 09:26:52 +0200 knot (2.0.0-1~exp1) experimental; urgency=medium * New upstream version 2.0.0 + Bugfixes: - Fix lost NOTIFY message if received during zone transfer - Disable fast zone parser when compiled in Clang (workaround for Clang bug) - kdig: Record correct dnstap SocketProtocol when retrying over TCP - kdig: Hide TSIG section with +noall - Do not set AA flag for AXFR/IXFR queries + Features: - DNSSEC: separate library, switch to GnuTLS, new utilities - DNSSEC: basic KASP support (generate initial keys, ZSK rollover) - Configuration: New text format in YAML, binary store in LMDB - Zone parser: Split long TXT/SPF strings into multiple strings - kdig: Add generic dump style option (+generic) - Try all master servers in multi-master environment - Improved remotes and ACLs (multiple addresses, multiple keys) - Basic support for zone file patterns (%s to substitute zone name) - Disable zone file synchronization by setting 'zonefile_sync' to '-1' - knsupdate: Add input prompt in interactive mode and 'quit' command - knsupdate: Allow TSIG algorithm specification in interactive prompt + Improvements: - Zone dump: Do not write class for SOA record (unified with other RR types) - Zone dump: Do not write master server address into the zone file - Documentation: Manual pages are included in HTML and PDF * Install knot1to2 configuration file conversion tool * Automatically convert knot.conf with some safety-checks * Add note about the conversion to debian/knot.NEWS * Make the build libsystem-{daemon,journal}-dev friendly to allow Ubuntu and backported builds -- Ondřej Surý Mon, 29 Jun 2015 10:40:45 +0200 knot (1.6.1-1) unstable; urgency=medium * New upstream version 1.6.1 -- Ondřej Surý Tue, 30 Dec 2014 09:50:54 +0100 knot (1.6.0-1) unstable; urgency=medium * New upstream version 1.6.0 * Switch to network-online.target to mitigate some network not-yet-ready races * Recommend systemd due journald enabled logging (Closes: #766596) -- Ondřej Surý Fri, 24 Oct 2014 12:41:32 +0200 knot (1.6.0~rc2-1) unstable; urgency=medium * New upstream version 1.6.0~rc2 * Update patches for 1.6.0~rc2 release -- Ondřej Surý Fri, 17 Oct 2014 17:32:30 +0200 knot (1.6.0~rc1-1) unstable; urgency=medium * New upstream version 1.6.0~rc1 * Knot needs lmdb for persistent timers -- Ondřej Surý Mon, 13 Oct 2014 23:06:56 +0200 knot (1.5.3-1) unstable; urgency=medium * Move knot-libs to Section: net (Closes: #760795) * New upstream version 1.5.3 -- Ondřej Surý Mon, 15 Sep 2014 17:00:08 +0200 knot (1.5.2-1) unstable; urgency=high * Update Vcs-Urls to point to anonscm.debian.org * New upstream version 1.5.2 + [CVE-2014-0486]: Fixed remote crash with crafted DNS message * Update patches for 1.5.2 release -- Ondřej Surý Mon, 08 Sep 2014 11:11:56 +0200 knot (1.5.1-3) unstable; urgency=high * More arch/indep build rules splitting to fix binary-arch-only builds * Add lintian override to override warning about internal libraries in knot-libs -- Ondřej Surý Tue, 26 Aug 2014 09:43:05 +0200 knot (1.5.1-2) unstable; urgency=medium * Enable full hardening via debhelper >= 9 * Enable IDN in knot-dnsutils and knot-host packages * Enable systemd libraries only on linux-any * Split arch and indep builds to build the documentation just once * Drop ragel from build depends to allow arm64 builds -- Ondřej Surý Mon, 25 Aug 2014 15:54:34 +0200 knot (1.5.1-1) unstable; urgency=medium * New upstream version 1.5.1 * Enable systemd notification mechanism * Enable systemd journal enhanced logging -- Ondřej Surý Wed, 20 Aug 2014 10:45:18 +0200 knot (1.5.0-1) unstable; urgency=medium * New upstream version 1.5.0 + Features: - Pluggable query processing modules - Synthetic IPv4/IPv6 reverse/forward records (optional module) - dnstap support in both utilities & server (optional module) - NOTIFY message support and new TSIG section in kdig - Multi-master support - edns-client-subnet support in kdig - Optional asynchronous startup (config "asynchronous-start") - DDNS forwarding reimplemented + Improvements: - Query processing and core functionality overhaul - Performance and reduced memory footprint - Faster zone events scheduling - RFC compliant queries/responses in some corner cases - Log messages - New documentation (Sphinx) - Transfer sizes logged in bytes if needed - Logging outgoing NOTIFY messages - Logging unauthorized incoming NOTIFYs - Preempt task queue for faster reload - Lazy zone file write after zone transfer (governed by "zonefile-sync") + Bugfixes: - Close zone transfer after SERVFAIL response - Incremental to full zone transfer fallback, wrong log message - Zone events corner cases, reload replanning - Zone flush planning after bootstrap - Incorrect incoming AXFR message sizes - DDNS signing changes were freed too soon, posibility of stale data - knotc remote control key handling * Debian packaging: + d/control: New documentation is using sphinx + d/control: New knot-libs package containing internal shared libraries -- Ondřej Surý Wed, 09 Jul 2014 13:08:26 +0200 knot (1.4.6+hotfix-1) unstable; urgency=medium * New upstream version 1.4.6+hotfix -- Ondřej Surý Thu, 22 May 2014 15:39:07 +0200 knot (1.4.6-1) unstable; urgency=medium * New upstream version 1.4.6 * Update patches for 1.4.6 release -- Ondřej Surý Thu, 22 May 2014 13:15:14 +0200 knot (1.4.5-2) unstable; urgency=high * Re-upload to fix botched amd64 upload in 1.4.5-1 -- Ondřej Surý Tue, 22 Apr 2014 14:58:30 +0200 knot (1.4.5-1) unstable; urgency=high * New upstream version 1.4.5 + Fix possible weakness in TSIG signature checking * Refresh patches for 1.4.5 release * Use dh-autoreconf to regenerate autotools files -- Ondřej Surý Mon, 14 Apr 2014 15:11:12 +0200 knot (1.4.4-1) unstable; urgency=medium * New upstream version 1.4.4 + Server is logging remote control commands + 'knotc reload' doesn't refresh unchanged zones + 'knotc -f refresh' forces zone retransfer + Fixed missing notifications after DDNS/automatic resign + Zone is rebootstrapped if the zone file is unreadable + Progressive bootstrap retry backoff + Zone file parser now allows asterisk as part of the label + Fix journal maximum entry size + Sign DNSKEYs in non-apex nodes as regular RR sets + Various spelling and typo fixes (Courtesy of Robert Edmonds) -- Ondřej Surý Thu, 27 Mar 2014 15:49:54 +0100 knot (1.4.3-2) unstable; urgency=medium * Add support for autotools-dev and dh-systemd * Enable parallel builds in dh invocation -- Ondřej Surý Tue, 18 Feb 2014 13:44:13 +0100 knot (1.4.3-1) unstable; urgency=low * New upstream version 1.4.3 -- Ondřej Surý Tue, 18 Feb 2014 13:03:42 +0100 knot (1.4.2-1) unstable; urgency=low * New upstream version 1.4.2 * Update OpenSSL << 1.0.0 compatibility patch -- Ondřej Surý Mon, 27 Jan 2014 16:14:33 +0100 knot (1.4.1-2) unstable; urgency=low * Add patch to remove the requirement for OpenSSL 1.0.0 to build on Debian squeeze, be warned though that the OpenSSL before 1.0.0 might manifest some threading errors and crashes, so you really should upgrade your system to Debian wheezy. -- Ondřej Surý Thu, 23 Jan 2014 16:53:03 +0100 knot (1.4.1-1) unstable; urgency=low * New upstream version 1.4.1 + Empty APL record support + 'zonestatus' when using immediate zone syncing + Immediate zone syncing after reload + Race condition writing time values to zone file + Require OpenSSL >= 1.0.0 * Don't use dh-autoreconf, upstream uses recent enough autotools * Bump standards version to 3.9.5 * Run the tests on every arch without the condition, but don't fail anywhere -- Ondřej Surý Mon, 13 Jan 2014 18:00:18 +0100 knot (1.4.0-1) unstable; urgency=low * New major upstream version 1.4.0 + Experimental automatic DNSSEC signing + Fastest ragel parser enabled by default + Reduced memory usage + Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and automatic DNSSEC signing + IDN support in Knot utilities (kdig, knsupdate, ...) + DNSSEC: support for GOST algorithm + Support for DNSSEC key pre-publication * Remove PATH_MAX patch, it's already included in upstream * Run the tests on all archs, but don't fail the build if the tests fail on broken archs * Update watch file to match (alpha|beta|rc)\d* versions -- Ondřej Surý Mon, 06 Jan 2014 11:00:07 +0100 knot (1.4.0~rc2-1) experimental; urgency=low * New upstream version 1.4.0~rc2 -- Ondřej Surý Fri, 13 Dec 2013 17:53:26 +0100 knot (1.4.0~rc1-1) experimental; urgency=low * Disable tests on GNU Hurd * New upstream version 1.4.0~rc1 -- Ondřej Surý Mon, 25 Nov 2013 16:19:27 +0100 knot (1.4.0~beta-1) experimental; urgency=low * New upstream version 1.4.0~beta * Update patches for 1.4.0~beta release * Disable fastparser since the ragel is broken in one test * Add knsec3hash to knot package -- Ondřej Surý Tue, 29 Oct 2013 12:25:49 +0100 knot (1.3.4-1) unstable; urgency=low * Disable tests on GNU Hurd * New upstream version 1.3.4 -- Ondřej Surý Fri, 13 Dec 2013 17:23:52 +0100 knot (1.3.3-1) unstable; urgency=low * New upstream version 1.3.3 -- Ondřej Surý Mon, 28 Oct 2013 11:40:13 +0100 knot (1.3.2-3) unstable; urgency=low * Add ufw applications.d rule for Knot DNS * Disable recvmmsg on GNU Hurd (since recvmmsg is not implemented on GNU Hurd and will always fail) * Enable fastparser (requires Ragel) -- Ondřej Surý Fri, 11 Oct 2013 17:23:35 +0200 knot (1.3.2-2) unstable; urgency=low * Define #PATH_MAX to make GNU Hurd happy * Don't enable LTO, it doesn't play well with debugging symbols -- Ondřej Surý Sun, 06 Oct 2013 01:57:13 +0200 knot (1.3.2-1) unstable; urgency=low * New upstream version 1.3.2 * Enable link-time-optimizations by default -- Ondřej Surý Mon, 30 Sep 2013 15:04:01 +0200 knot (1.3.1-1) unstable; urgency=low * New upstream version 1.3.1 * Add new debian/watch file (Courtesy of Debian QA) * Bump standards to 3.9.4 * Stop using /lib/init/vars.sh, we don't use $VERBOSE anymore anyway * Drop syslog.target as it is not needed anymore * Remove SSE detection patch as it was merged upstream -- Ondřej Surý Tue, 27 Aug 2013 14:27:44 +0200 knot (1.3.0-2) unstable; urgency=low * Disable SSE detection in the packaged version of Knot DNS -- Ondřej Surý Fri, 16 Aug 2013 13:04:39 +0200 knot (1.3.0-1) unstable; urgency=low * New upstream version 1.3.0 * Remove upstream patch from 1.3.0~rc5-2 as it is included in this release. -- Ondřej Surý Mon, 05 Aug 2013 17:01:23 +0200 knot (1.3.0~rc5-2) unstable; urgency=low * Pull some pre 1.3.0 patches (mainly to test before release): + Initialize secondary groups for user .. + Reworked CH TXT records support (RFC 4892). + Fixed inactive xfers may be disconnected depending on the previous result. + Add server starting information to log. -- Ondřej Surý Mon, 05 Aug 2013 10:39:48 +0200 knot (1.3.0~rc5-1) unstable; urgency=low * New upstream version 1.3.0~rc5 * Remove last upstream patch, all our changes have been merged. Yay\! -- Ondřej Surý Mon, 29 Jul 2013 17:15:56 +0200 knot (1.3.0~rc4-2) unstable; urgency=low * Disable tests on big endian architectures (but the code still needs to be fixed) -- Ondřej Surý Tue, 23 Jul 2013 14:07:39 +0200 knot (1.3.0~rc4-1) unstable; urgency=low * New upstream version 1.3.0~rc4 * Add upstream patch to honour CONFIG_DIR * Remove now obsolete patch to run as knot:knot * The knot/ is now added by upstream to @sysconfdir@ -- Ondřej Surý Mon, 15 Jul 2013 15:15:05 +0200 knot (1.3.0~rc3-2) unstable; urgency=low * Add proper support for upstart and systemd along with sysvinit * Add /usr/lib/knot/prepare-environment script which will parse knot configuration file and properly create rundir and set correct permissions to configured values in /etc/knot/knot.conf * Remove /etc/default/knot since the values are now parsed directly from the configuration file * Add /var/lib/knot to knot.dirs, so it gets created on package install * Drop checking for $VERBOSE variable and properly log start/stop from sysvinit script -- Ondřej Surý Tue, 02 Jul 2013 13:08:33 +0200 knot (1.3.0~rc3-1) unstable; urgency=low * New upstream version 1.3.0~rc3 * Packaging changes: + Use --fail-missing to check for all new files + Remove obsolete patches and update installed conffile with latest options + Don't install knot-zcompile as it is no more + Install minimal example configuration file as /etc/knot/knot.conf + Add --disable-silent-rules to configure invocation + Add patch to fix missing $(DESTDIR) in src/Makefile.am + Set --with-rundir and --with-storage to correct locations + Run under knot:knot by default (create and delete knot user) + Add knot-dnsutils and knot-host packages + Add patch to move knot-{host,dnsutils} manpages to correct location + Add samples/knot.{full,keys}.conf and example zone to examples. * Add knot-doc package with generated documentation (PDF and HTML) -- Ondřej Surý Fri, 28 Jun 2013 12:59:55 +0200 knot (1.2.0-2) unstable; urgency=low * /etc/init.d/knot now sources /etc/default/knot instead of /etc/init.d/knotd (Closes: #707683) * Pull upstream fix for pidfile creation before dropping priviledges (Closes: #707685) * Enable SSE2 support again (we will simply not support anything older than Pentium M) -- Ondřej Surý Wed, 26 Jun 2013 14:41:04 +0200 knot (1.2.0-1) unstable; urgency=low * Imported Upstream version 1.2.0 + Final release. + Some small memory leaks fixes. -- Ondřej Surý Wed, 03 Apr 2013 09:16:25 +0200 knot (1.2.0~rc4-1) unstable; urgency=low * Imported Upstream version 1.2.0~rc4 + knotc 'zonestatus' command + Changing logfile ownership before dropping privileges + knotc respects 'control' section from configuration + RRL: resolved bucket collisions + RRL: updated bucket mapping to conform RRL technical memo -- Ondřej Surý Fri, 22 Mar 2013 15:35:50 +0100 knot (1.2.0~rc3-1) unstable; urgency=low * Imported Upstream version 1.2.0~rc3 + New functionality: Response Rate Limiting as a response to reflection DNS DDoS attacks in the wild + Add missing RRSIG in ANY queries -- Ondřej Surý Fri, 01 Mar 2013 13:24:28 +0100 knot (1.2~rc2-1) unstable; urgency=low * Imported Upstream version 1.2~rc2 * Fix git location * Update patches for 1.2 release -- Ondřej Surý Mon, 18 Feb 2013 12:40:01 +0100 knot (1.1.3-1) unstable; urgency=low * Imported Upstream version 1.1.3 -- Ondřej Surý Thu, 20 Dec 2012 10:50:41 +0100 knot (1.1.3~rc1-1) unstable; urgency=low * Imported Upstream version 1.1.3~rc1 + Fixed answering DS queries (RRSIGs not together with DS, AA bit missing). + Fixed setting ARCOUNT in some error responses with EDNS enabled. + Fixed crash when compiling zone zone with NSEC3PARAM but no NSEC3 and semantic checks enabled. -- Ondřej Surý Fri, 07 Dec 2012 11:19:35 +0100 knot (1.1.2-1) unstable; urgency=low * Imported Upstream version 1.1.2 -- Ondřej Surý Wed, 21 Nov 2012 14:45:34 +0100 knot (1.1.2~rc1-1) unstable; urgency=low * Imported Upstream version 1.1.2~rc1 * Update patches for new release -- Ondřej Surý Wed, 14 Nov 2012 14:04:17 +0100 knot (1.1.1-1) unstable; urgency=low * Imported Upstream version 1.1.1 * Update and remove obsolete patches for new release -- Ondřej Surý Wed, 31 Oct 2012 10:42:09 +0100 knot (1.1.0-5) unstable; urgency=low * Disable SSE2 instruction set, might solve some strange crashes. -- Ondřej Surý Wed, 10 Oct 2012 13:09:54 +0200 knot (1.1.0-4) unstable; urgency=low * Disable extra hardening via dpkg-buildflags, which is not needed by debhelper 9, but breaks builds on squeeze * Install man5 and knot.info documentation -- Ondřej Surý Mon, 03 Sep 2012 16:43:26 +0200 knot (1.1.0-3) unstable; urgency=low * Bump dependency on debhelper >= 9 * Bump standards version to 3.9.3 * Fix installation of manpages to correct directories -- Ondřej Surý Mon, 03 Sep 2012 16:02:11 +0200 knot (1.1.0-2) unstable; urgency=low * Disable AM_MAINTAINER_MODE and re-run autoreconf -fi * Enable hardening build by default * Update pidfile patch to 1.1.0 * Cope with default MultiArch in dh_compat==9 and don't install unittests* binaries -- Ondřej Surý Mon, 03 Sep 2012 15:32:53 +0200 knot (1.1.0-1) unstable; urgency=low * Imported Upstream version 1.1.0 - User manual now available. - Optionally disable ANY queries for authoritative answers. - Dropping identical records in zone and incoming transfers. - Support for '/' in zone names. - Generating journal from reloaded zone (EXPERIMENTAL). - Outgoing-only interfaces in configuration file. - Following DNAME if the synthetized name is in the same zone. - IXFR-in optimized. - Many zones loading optimized. - Signing SOA with TSIG queries when checking zone version with master. * Enable maintainer mode to generate version.texi as a workaround. -- Ondřej Surý Fri, 31 Aug 2012 16:27:07 +0200 knot (1.0.6-1) unstable; urgency=low * Imported Upstream version 1.0.6 - Add NSEC/NSEC3 for all wildcard CNAMEs in the response. - Fixed potential problems with RCU synchronization. -- Ondřej Surý Wed, 13 Jun 2012 15:31:52 +0200 knot (1.0.5-1) unstable; urgency=low * Imported Upstream version 1.0.5 - Fixed bug with creating journal files which didn't get merged by accident -- Ondřej Surý Thu, 17 May 2012 12:25:27 +0200 knot (1.0.4-1) unstable; urgency=low * Imported Upstream version 1.0.4 - Speed-up loading of many zones due parallelization - Support for TLSA resource record (Type 52) - New commands knotc checkzone and knotc refresh (forced update) - Fixed responses to CNAME queries if the canonical name was also an alias - Fixed crash when NS or MX points to an alias - Fixed crash when bootstraping/compiling a lot of zones - Significant speed-up and memory usage reduction of IXFR-in -- Ondřej Surý Wed, 16 May 2012 09:33:26 +0200 knot (1.0.3-1) unstable; urgency=low * Imported Upstream version 1.0.3 - Fixed bug in non-EDNS0 queries over TCP - Zone compilation time regression fixed -- Ondřej Surý Wed, 18 Apr 2012 09:06:57 +0200 knot (1.0.2-1) unstable; urgency=low * Imported Upstream version 1.0.2 - Bugfix release -- Ondřej Surý Fri, 13 Apr 2012 16:09:11 +0200 knot (1.0.1-1) unstable; urgency=low * Imported Upstream version 1.0.1 - Implemented jitter to REFRESH/RETRY timers - Fixed problem with creating IXFR journal for bootstrapped zone - Fixed race condition in processing NOTIFY/SOA queries - Fixed improper assignment of TSIG algorithm type -- Ondřej Surý Fri, 09 Mar 2012 20:18:37 +0100 knot (1.0.0-1) unstable; urgency=low * Imported Upstream version 1.0.0 * Update pidfile patch -- Ondřej Surý Wed, 29 Feb 2012 18:46:13 +0100 knot (1.0~rc1-1) unstable; urgency=low * Imported Upstream version 1.0~rc1 * Move knotd.pid to /var/run where it belongs -- Ondřej Surý Wed, 15 Feb 2012 21:12:56 +0100 knot (0.9.1-3) unstable; urgency=low * Install files into knot package (broken build after added debug package) -- Ondřej Surý Mon, 23 Jan 2012 15:01:42 +0100 knot (0.9.1-2) unstable; urgency=low * Build knot-dbg package with debug symbols -- Ondřej Surý Mon, 23 Jan 2012 13:27:20 +0100 knot (0.9.1-1) unstable; urgency=low * Imported Upstream version 0.9.1 + RRSet rotation functionality added + New pseudo-random number generator (new BSD licensed) + Fixed build on BSD + Fixes in parsing and dumping of some RR types * Add correct git-buildpackage configuration * Update copyright for new PRNG -- Ondřej Surý Sat, 21 Jan 2012 15:47:30 +0100 knot (0.9-1) unstable; urgency=low * Imported Upstream version 0.9 + Add TSIG support + Several smaller bugfixes * Add correct git-buildpackage configuration * Imported Upstream version 0.9.1 * Update copyright for new PRNG -- Ondřej Surý Sat, 21 Jan 2012 15:46:54 +0100 knot (0.8.1-1) unstable; urgency=low * Imported Upstream version 0.8.1 + Correctly handle SPF resource records + Fix wrong text dumping of unknown records. -- Ondřej Surý Thu, 01 Dec 2011 16:27:44 +0100 knot (0.8-1) unstable; urgency=low * Initial release (Closes: #647461) * Add some dependencies in the init.d script * Add flex and bison to b-d * Add versioned dependency on liburcu * Daemonize on the start * Update copyright file to include all licenses -- Ondřej Surý Wed, 16 Nov 2011 07:14:55 +0100