Fedora 20 FEDORA-2015-5812 Critical: Knot DNS Remote Crash

* Wed Apr 8 2015 Jan Vcelak 1.6.3-1 - new upstream release: + fix: performance drop for NSEC-signed zones + fix: proper handling of TCP short-writes + fix: possible out-of-bound reads in zone parser and packet parser + feature: CDS and CDNSKEY support in zone parser + improvement: add defaults for TCP config options into documentation + improvement: detailed error message if zone reload fails * Thu Feb 19 2015 Jan Vcelak 1.6.2-1 - new upstream release: + new config option 'max-tcp-clients' + fix possible resource leak when terminating inactive TCP clients * Tue Jan 20 2015 Jan Vcelak 1.6.1-3 - service file changes: + remove dependency on network.target + remove bounding capabilities (breaks reload) * Sat Dec 13 2014 Jan Vcelak 1.6.1-2 - new upstream release: + DNSSEC: support for Single-Type Signing Scheme + fix: journal file growing over configured limit - service file changes: + run as 'knot' user and group + set security bounding capabilities + change Type to 'notify' * Thu Oct 30 2014 Jan Vcelak 1.6.0-2 - default config: run server as unprivileged user - service file: remove useless startup dependencies - service file: add bounding capabilities * Thu Oct 23 2014 Jan Vcelak 1.6.0-1 - new upstream release: + support for persistent zone timers (expire, refresh, and flush) + DNSSEC: RFC-compliant processing of letter case in RDATA domain names + EDNS: return minimal response for queries with unsupported version + EDNS: fix interpretation of Extended RCODE + transfers: fix forced zone retransfer + timers: properly expire zone when transfer is being refused by master * Mon Sep 15 2014 Jan Vcelak 1.5.3-1 - new upstream release: + fix crash on specific incoming IXFR message + fix rare synchronization error during server reload + fix crash in reverse record synthesis module on DNSSEC signed zones + fix message ID and opcode for AXFR-style IXFR responses + fix sending of large responses to remote control commands * Mon Sep 8 2014 Jan Vcelak 1.5.2-1 - new upstream release: + CVE-2014-0486: remote crash using crafted DNS message + transfers: do not refuse AXFR answers to IXFR queries + fix storing of hash character '#' in zone file * Tue Aug 19 2014 Jan Vcelak 1.5.1-1 - new upstream release: + logging: unified logging messages + logging: support for systemd journal + DDNS: processing updates in bulk + DDNS: fix signing of responses with TSIG + DDNS: fix prerequisites checking in apex node + DNSSEC: fix domain names conversion to canonical format before signing + DNSSEC: semantic checks for signing keys + EDNS: fix inclusion of OPT record into some packets + knsupdate: fix use of zone origin for deletions * Sun Aug 17 2014 Fedora Release Engineering - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 10 2014 Jan Vcelak 1.5.0-1 - update to 1.5.0 + reimplemented DDNS forwarding + transfer sizes logged in bytes + logging of outgoing/incoming NOTIFY messages + zone flush planning after bootstrap + DDNS signing changes freeing + knotc key handling - update to 1.5.0-rc2 + edns-client-subnet support in kdig + optional asynchronous startup (config 'asynchronous-start') + preempt task queue for faster reload + lazy zone file write after zone transfer (config 'zonefile-sync') + close zone transfer after SERVFAIL response + incremental to full zone transfer fallback, wrong log message + zone events corner cases, reload replanning - update to 1.5.0-rc1 + Pluggable query processing modules + Synthetic IPv4/IPv6 reverse/forward records (optional module) + Dnstap support in both utilities & server (optional module) + NOTIFY message support and new TSIG section in kdig + Multi-master support + Query processing and core functionality overhaul + Performance and reduced memory footprint + Faster zone events scheduling + RFC compliant queries/responses in some corner cases + Log messages + New documentation (Sphinx) - enabled dynamic linking - removed info pages * Wed Jun 18 2014 Jan Vcelak 1.4.7-1 - update to 1.4.7 + Fixed DDNS corner cases + Fixed zone EXPIRE timer + Fixed semantic checks false positives + Fixed sending malformed IXFR with automatic DNSSEC + Fixed NAPTR record serialization * Thu May 22 2014 Jan Vcelak 1.4.6-2 - update to 1.4.6 + DNSSEC: fix possible signing loop when doing key rollover + RRL: fixed sending of malformed UDP empty responses * Mon Apr 14 2014 Jan Vcelak 1.4.5-1 - update to 1.4.5 + fix weakness in TSIG digest checking * Thu Mar 27 2014 Jan Vcelak 1.4.4-1 - update to 1.4.4 + server is logging remote control commands + 'knotc reload' doesn't refresh unchanged zones + 'knotc -f refresh' forces zone retransfer + missing notifications after DDNS/automatic resign + zone is rebootstrapped if the zone file is unreadable + progressive bootstrap retry backoff + zone file parser allows asterisk as part of the label + journal maximum entry size fixes + sign DNSKEYs in non-apex nodes as regular RR sets + various spelling and typo fixes * Tue Feb 18 2014 Jan Vcelak 1.4.3-1 - update to 1.4.3 + DNSSEC: fixes in authenticated denial proofs + zone parser: case insensitive comparison of $ORIGIN + journal: fix corruption if zone loading fails + config: add support for includes of directories * Wed Feb 12 2014 Jan Vcelak 1.4.2-3 - rebuild with new userspace-rcu * Mon Jan 27 2014 Jan Vcelak 1.4.2-2 - enable IDN support in domain names * Mon Jan 27 2014 Jan Vcelak 1.4.2-1 - update to 1.4.2 * Mon Jan 13 2014 Jan Vcelak 1.4.1-1 - update to 1.4.1 * Mon Jan 6 2014 Jan Vcelak 1.4.0-1 - update to 1.4.0 * Fri Dec 13 2013 Jan Vcelak 1.4.0-0.2.rc2 - update to 1.4.0-rc2 * Tue Nov 26 2013 Jan Vcelak 1.4.0-0.1.rc1 - update to 1.4.0-rc1