Commit 755933c1 authored by Daniel Salzman's avatar Daniel Salzman

Bump version 2.6.0, update NEWS

parent d65f2419
Pipeline #18953 passed with stages
in 31 minutes and 37 seconds
Knot DNS 2.6.0-dev (2017-xx-xx)
Knot DNS 2.6.0 (2017-09-29)
- On-slave (inline) signing support
- Automatic DNSSEC key algorithm rollover
- Ed25519 algorithm support in DNSSEC (requires GnuTLS 3.6.0)
- New 'journal-content' and 'zonefile-load' configuration options
- keymgr tries to run as user/group set in the configuration
- Public-only DNSSEC key import into KASP DB via keymgr
- NSEC3 resalt and parent DS query events are persistent in timer DB
- New processing state for a response suppression within a query module
- Enabled server side TCP Fast Open if supported
- TCP Fast Open support in kdig
- Better record owner compression if related to the previous rdata dname
- NSEC(3) chain is no longer recomputed whole on every update
- Remove inconsistent and unnecessary quoting in log files
- Avoiding of overlapping key rollovers at a time
- More DNSSSEC-related semantic checks
- Extended timestamp format in keymgr
- Incorrect journal free space computation causing inefficient space handling
- Interface-automatic broken on Linux in the presence of asymmetric routing
Knot DNS 2.5.5 (2017-09-29)
- Constant time memory comparison in the TSIG processing
- Proper use of the ctype functions
- Generated RRSIG records have inception time 90 minutes in the past
- Incorrect online signature for NSEC in the case of a CNAME record
- Incorrect timestamps in dnstap records
- EDNS Subnet Client validation rejects valid payloads
- Module configuration semantic checks are not executed
- Kzonecheck segfaults with unusual inputs
Knot DNS 2.5.4 (2017-08-31)
- New minimum and maximum refresh interval config options (Thanks to Manabu Sonoda)
- New warning when unforced flush with disabled zone file synchronization
- New 'dnskey' keymgr command
- Linking with libatomic on architectures that require it (Thanks to Pierre-Olivier Mercier)
- Removed 'OK' from listing keymgr command outputs
- Extended journal and keymgr documentation and logging
- Incorrect handling of specific corner-cases with zone-in-journal
- The 'share' keymgr command doesn't work
- Server crashes if configured with query-size and reply-size statistics options
- Malformed big integer configuration values on some 32-bit platforms
- Keymgr uses local time when parsing date inputs
- Memory leak in kdig upon IXFR query
Knot DNS 2.5.3 (2017-07-14)
- CSK rollover support for Single-Type Signing Scheme
- Allowed binding to non-local adresses for TCP (Thanks to Julian Brost!)
- New documentation section for manual DNSSEC key algorithm rollover
- Initial KSK also generated in the submission state
- The 'ds' keymgr command with no parameter uses all KSK keys
- New debug mode in kjournalprint
- Updated keymgr documentation
- Sometimes missing RRSIG by KSK in submission state.
- Minor DNSSEC-related issues
Knot DNS 2.5.2 (2017-06-23)
- Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
- CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
......@@ -5,7 +5,7 @@ AC_PREREQ([2.60])
AC_INIT([knot], knot_PKG_VERSION, [])
......@@ -33,8 +33,8 @@ AC_DEFINE_UNQUOTED([CONFIGURE_CFLAGS],["$CFLAGS"],[Passed CFLAGS from environmen
# Updating version info
AC_SUBST([libknot_VERSION_INFO],["-version-info 6:0:0"])
AC_SUBST([libdnssec_VERSION_INFO],["-version-info 4:0:0"])
AC_SUBST([libknot_VERSION_INFO],["-version-info 7:0:0"])
AC_SUBST([libdnssec_VERSION_INFO],["-version-info 5:0:0"])
AC_SUBST([libzscanner_VERSION_INFO],["-version-info 1:0:0"])
# Automatically update release date based on date
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment