pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/knot knot: Update to 3.1.4



details:   https://anonhg.NetBSD.org/pkgsrc/rev/40a4427c65f6
branches:  trunk
changeset: 771351:40a4427c65f6
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Fri Dec 17 15:15:58 2021 +0000

description:
knot: Update to 3.1.4

Changelog:
Version 3.1.4

Features:

      + mod-dnstap: added 'responses-with-queries' configuration option (Thanks
        to Robert Edmonds)

Improvements:

      + knotd: DNSSEC keys are logged in sorted order by timestamp
      + mod-cookies: added statistics counter for dropped queries due to the
        slip limit
      + mod-dnstap: restored the original query QNAME case #773 (Thanks to
        Robert Edmonds)
      + configure: improved compatibility of some scripts on macOS and BSDs
      + doc: updates on DNSSEC signing

Bugfixes:

      + knotd: server can crash when receiving queries with NSID EDNS flag #774
        (Thanks to Romain Labolle)
      + knotd: server crashes on reload when no interfaces configured #770
      + knotd: ZONEMD without DNSSEC not handled correctly
      + knotd: generated catalog zone not updated on config reload #772
      + knotd: zone catalog not verified before its interpretation
      + knotd: ds-push fails to update the parent zone if a CNAME exists for a
        non-terminal node


Version 3.1.3

Monday, October 18, 2021

Improvements:

      + knotd: added simple error logging to orphaned zone purge
      + knotd: allow manual public-only keys for unused algorithm
      + kdig: send ALPN when using DoT or XoT #769
      + doc: various fixes and improvements #767

Bugfixes:

      + knotd: catalog backup doesn't preserve version of the catalog
        implementation
      + knotd: NOTIFY is scheduled even when DNSSEC signing is up-to-date
      + knotd: server can crash when zone difference is inconsistent upon cold
        start
      + knotd: zone not bootstrapped when zone file load failed due to an error
      + knotd: broken AXFR with knot as slave and dnsmasq as master (Thanks to
        Daniel Gr?ber)
      + knotd: journal not able to free up space when zone-in-journal present
        and zonefile written
      + mod-stats: missing protocol counters for TCP over XDP
      + kzonesign: input zone name not lower-cased


Version 3.1.2

Features:

      + knotd: new policy configuration for postponing complete deletion of
        previous keys
      + keymgr: new optional pretty mode (-b) of listing keys
      + kdig: added support for TCP keepopen #503

Improvements:

      + knotd: configuration item values can contain UTF-8 characters
      + knotd: added configuration check for database storage writability
      + knotd: better error reporting if zone is empty
      + knotd: smaller journal database chunks in order to mitigate LMDB
        fragmentation
      + knotd/kxdpgun: CAP_SYS_RESOURCE capability no longer needed for XDP on
        Linux >= 5.11

Bugfixes:

      + knotd: incomplete NSEC3 proof in response to opt-outed empty
        non-terminal
      + knotd: wrong SOA serial handling when enabling signing on already
        existing secondary zone
      + knotd: defective ZONEMD verification error reporting when loading zone
        #759
      + knotd: server can crash when reloading catalog zone #761
      + knotd: DNSSEC validation doesn't work when only NSEC3 chain changes
      +
        knotd: DNSSEC validation doesn't check if empty non-terminal over
            non-opt-outed
            delegation isn't opt-outed too

      + knotd: ZONEMD generation doesn't cause flushing zone to disk #758
      + knotd: incorrect evaluation of ACL deny rule in combination with TSIG
      + knotd: failed DS-check is replaned even if no key is ready
      + kdig: abort when query times out #763
      + libzscanner: missing output overflow check in the SVCB parsing

Compatibility:

      + keymgr: parameter -d is marked deprecated in favor of new parameter -D
      + kjournalprint: parameter -n is marked deprecated in favor of new
        parameter -x


Version 3.1.1

Improvements:

      + keymgr: import-bind sets publish and active timers to now if missing
        timers #747
      + mod-rrl: added QNAME, which triggered an action, to log messages #757
      + systemd: added environment variable for setting maximum configuration
        DB size

Bugfixes:

      + knotd: adding RRSIGs to a signed zone can lead to redundant RRSIGs for
        some NSEC(3)s
      + knotd: code not compiled correctly for ARM on Fedora >= 33
      + knotd: server can crash when opening catalog DB on startup
      + knotd: incorrect catalog update counts in logs
      + knotd: journal discontinuity and zone-in-journal result in incorrectly
        calculated journal occupation
      + kdig: +noall does not filter out AUTHORITY comment #749
      + tests: journal unit test not passing if memory page size is different
        from 4096

Reverts:

      + libzscanner: reverted "omitted TTL value is correctly set to the last
        explicitly stated value (RFC 1035)" #751

diffstat:

 net/knot/Makefile |  5 ++---
 net/knot/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r efd930cf461d -r 40a4427c65f6 net/knot/Makefile
--- a/net/knot/Makefile Fri Dec 17 15:14:44 2021 +0000
+++ b/net/knot/Makefile Fri Dec 17 15:15:58 2021 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.66 2021/12/08 16:06:00 adam Exp $
+# $NetBSD: Makefile,v 1.67 2021/12/17 15:15:58 ryoon Exp $
 
-DISTNAME=      knot-3.1.0
-PKGREVISION=   2
+DISTNAME=      knot-3.1.4
 CATEGORIES=    net
 MASTER_SITES=  https://secure.nic.cz/files/knot-dns/
 EXTRACT_SUFX=  .tar.xz
diff -r efd930cf461d -r 40a4427c65f6 net/knot/distinfo
--- a/net/knot/distinfo Fri Dec 17 15:14:44 2021 +0000
+++ b/net/knot/distinfo Fri Dec 17 15:15:58 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.39 2021/10/26 11:05:51 nia Exp $
+$NetBSD: distinfo,v 1.40 2021/12/17 15:15:58 ryoon Exp $
 
-BLAKE2s (knot-3.1.0.tar.xz) = 4d8d102c723690d2dfde0dd75a4d0b17ca3c665e322b11891e9e51ee10b31c1e
-SHA512 (knot-3.1.0.tar.xz) = 7a76ca1547f6aded1045b8a124ec4e35c61199b822b7692b656ef9bfadb68bdfde097a1ece973725ea14690743da2e2c08717055516b150696e3ac341fa5c728
-Size (knot-3.1.0.tar.xz) = 1401992 bytes
+BLAKE2s (knot-3.1.4.tar.xz) = bd81e6be3ee2a6f43f739d5529a5f35d18cf91b8ba2cfc602a8db77def442686
+SHA512 (knot-3.1.4.tar.xz) = 307667a12b989fee443832d4642fc927231f38f0331439c8c7196c489d196245eca368d96a36fe49639b773f652f7cb80bf0c16bc1ad107e11b47b70e1f04060
+Size (knot-3.1.4.tar.xz) = 1408656 bytes
 SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b



Home | Main Index | Thread Index | Old Index