pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/knot knot: Update to 3.2.4
details: https://anonhg.NetBSD.org/pkgsrc/rev/5068b168b936
branches: trunk
changeset: 391372:5068b168b936
user: ryoon <ryoon%pkgsrc.org@localhost>
date: Sun Jan 08 20:40:20 2023 +0000
description:
knot: Update to 3.2.4
Changelog:
Version 3.2.4
Improvements:
+ knotd: significant speed-up of catalog zone update processing
+ knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
+ knotd: reworked zone re-bootstrap scheduling to be less progressive
+ mod-synthrecord: module can work with CIDR-style reverse zones #826
+ python: new libknot wrappers for some dname transformation functions
+ doc: a few fixes and improvements
Bugfixes:
+ knotd: incomplete zone is received when IXFR falls back to AXFR due to
connection timeout if primary puts initial SOA only to the first
message
+ knotd: first zone re-bootstrap is planned after 24 hours
+ knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog
zone
+ knotd: catalog zone can expire upon EDNS EXPIRE processing
+ knotd: DNSSEC signing doesn't fail if no offline KSK records available
Version 3.2.3
Improvements:
+ knotd: new per-zone DS push configuration option (see 'zone.ds-push')
+ libs: upgraded embedded libngtcp2 to 0.11.0
Bugfixes:
+ knsupdate: program crashes when sending an update
+ knotd: server drops more responses over UDP under higher load
+ knotd: missing EDNS padding in responses over QUIC
+ knotd: some memory issues when handling unusual QUIC traffic
+ kxdpgun: broken IPv4 source subnet processing
+ kdig: incorrect handling of unsent data over QUIC
Version 3.2.2
Features:
+ knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
+ knotd: added configurable delay upon D-Bus initialization (see
'server.dbus-init-delay')
+ kdig: support for JSON (RFC 8427) output format (see '+json')
+ kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)
Improvements:
+ mod-geoip: module respects the server configuration of answer rotation
+ libs: upgraded embedded libngtcp2 to 0.10.0
+ tests: improved robustness of some unit tests
+ doc: added description of zone bootstrap re-planning
Bugfixes:
+ knotd: catalog confusion when a member is added and immediately deleted
#818
+ knotd: defective handling of short messages with PROXYv2 header #816
+ knotd: inconsistent processing of malformed messages with PROXYv2
header #817
+ kxdpgun: incorrect XDP mode is logged
+ packaging: outdated dependency check in RPM packages
Version 3.2.1
Improvements:
+ libknot: added compatibility with libbpf 1.0 and libxdp
+ libknot: removed some trailing white space characters from textual RR
format
+ libs: upgraded embedded libngtcp2 to 0.8.1
Bugfixes:
+ knotd: some non-DNS packets not passed to OS if XDP mode enabled
+ knotd: inappropriate log about QUIC port change if QUIC not enabled
+ knotd/kxdpgun: various memory leaks related to QUIC and TCP
+ kxdpgun: can crash at high rates in emulated XDP mode
+ tests: broken XDP-TCP test on 32-bit platforms
+ kdig: failed to build with enabled QUIC on OpenBSD
+ systemd: failed to start server due to TemporaryFileSystem setting
+ packaging: missing knot-dnssecutils package on CentOS 7
Version 3.2.0
Features:
+ knotd: finalized TCP over XDP implementation
+ knotd: initial implementation of DNS over QUIC in the XDP mode (see
'xdp.quic')
+ knotd: new incremental DNSKEY management for multi-signer deployment
(see 'policy.dnskey-management')
+ knotd: support for remote grouping in configuration (see 'groups'
section)
+ knotd: implemented EDNS Expire option (RFC 7314)
+ knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set
to -1
+ knotd: support for PROXY v2 protocol over UDP (Thanks to Robert
Edmonds) #762
+ knotd: support for key labels with PKCS #11 keystore (see
'keystore.key-label')
+ knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
+ keymgr: new JSON output format (see '-j' parameter) for listing keys or
zones (Thanks to JP Mens)
+ kxdpgun: support for DNS over QUIC with some testing modes (see '-U'
parameter)
+ kdig: new DNS over QUIC support (see '+quic')
Improvements:
+ knotd: reduced memory consumption when processing IXFR, DNSSEC,
catalog, or DDNS
+ knotd: RRSIG refresh values don't have to match in the mode Offline KSK
+ knotd: better decision whether AXFR fallback is needed upon a refresh
error
+ knotd: NSEC3 resalt event was merged with the DNSSEC event
+ knotd: server logs when the connection to remote was taken from the
pool
+ knotd: server logs zone expiration time when the zone is loaded
+ knotd: DS check verifies removal of old DS during algorithm rollover
+ knotd: DNSSEC-related records can be updated via DDNS
+ knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
+ knotd: outgoing NOTIFY is replanned if failed
+ knotd: configuration checks if zone MIN interval values are lower or
equal to MAX ones
+ knotd: DNSSEC-related zone semantic checks use DNSSEC validation
+ knotd: new configuration value 'query' for setting ACL action
+ knotd: new check on near end of imported Offline KSK records
+ knotd/knotc: implemented zone catalog purge, including orphaned member
zones
+ knotc: interactive mode supports catalog zone completion, value
completion, and more
+ knotc: new default brief and colorized output from zone status
+ knotc: unified empty values in zone status output
+ keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
+ kjournalprint: path to journal DB is automatically taken from the
configuration, which can be specified using '-c', '-C' (or '-D')
+ kcatalogprint: path to catalog DB is automatically taken from the
configuration, which can be specified using '-c', '-C' (or '-D')
+ kzonesign: added automatic configuration file detection and '-C'
parameter for configuration DB specificaion
+ kzonesign: all CPU threads are used for DNSSEC validation
+ libknot: dname pointer cannot point to another dname pointer when
encoding RRsets #765
+ libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to
Robert Edmonds) #780
+ libknot: reduced memory consumption of the XDP mode
+ libknot: XDP filter supports up to 256 NIC queues
+ kxdpgun: new options for specifying source and remote MAC addresses
+ utils: extended logging of LMDB-related errors
+ utils: improved error outputs
+ kdig: query has AD bit set by default
+ doc: various improvements
Bugfixes:
+ knotd: zone changeset is stored to journal even if disabled
+ knotd: journal not applied to zone file if zone file changed during
reload
+ knotd: possible out-of-order processing or postponed zone events to far
future
+ knotd: incorrect TTL is used if updated RRSet is empty over control
interface
+ knotd/libs: serial arithmetics not used for RRSIG expiration processing
+ knsupdate: incorrect RRTYPE in the question section
Compatibility:
+ knotd: default value for 'zone.journal-max-depth' was lowered to 20
+ knotd: default value for 'policy.nsec3-iterations' was lowered to 0
+ knotd: default value for 'policy.rrsig-refresh' is propagation delay +
zone maximum TTL
+ knotd: server fails to load configuration if 'policy.rrsig-refresh' is
too low
+ knotd: configuration option 'server.listen-xdp' has no effect
+ knotd: new configuration check on deprecated DNSSEC algorithm
+ knotc: new '-e' parameter for full zone status output
+ keymgr: new '-e' parameter for full key list output
+ keymgr: brief key listing mode is enabled by default
+ keymgr: renamed parameter '-d' to '-D'
+ knsupdate: default TTL is set to 3600
+ knsupdate: default zone is empty
+ kjournalprint: renamed parameter '-c' to '-H'
+ python/libknot: removed compatibility with Python 2
Packaging:
+ systemd: removed knot.tmpfile
+ systemd: added some hardening options
+ distro: Debian 9 and Ubuntu 16.04 no longer supported
+ distro: packages for CentOS 7 are built in a separate COPR repository
+ kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils
Version 3.1.9
Improvements:
+ knotd: new configuration checks on unsupported catalog settings
+ knotd: semantic check issues have notice log level in the soft mode
+ keymgr: command generate-ksr automatically sets 'from' parameter to
last offline KSK records' timestamp if it's not specified
+ keymgr: command show-offline starts from the first offline KSK record
set if 'from' parameter isn't specified
+ kcatalogprint: new parameters for filtering catalog or member zone
+ mod-probe: default rate limit was increased to 100000
+ libknot: default control timeout was increased to 30 seconds
+ python/libknot: various exceptions are raised from class KnotCtl
+ doc: some improvements
Bugfixes:
+ knotd: incomplete outgoing IXFR is responded if journal history is
inconsistent
+ knotd: manually triggered zone flush is suppressed if disabled zone
synchronization
+ knotd: failed to configure XDP listen interface without port
specification
+ knotd: de-cataloged member zone's file isn't deleted #805
+ knotd: member zone leaks memory when reloading catalog during dynamic
configuration change
+ knotd: server can crash when reloading modules with DNSSEC signing
(Thanks to iqinlongfei)
+ knotd: server crashes during shutdown if PKCS #11 keystore is used
+ keymgr: command del-all-old isn't applied to all keys in the removed
state
+ kxdpgun: user specified network interface isn't used
+ libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)
diffstat:
net/knot/Makefile | 5 ++---
net/knot/PLIST | 5 ++++-
net/knot/distinfo | 9 +++++----
net/knot/patches/patch-configure | 24 ++++++++++++++++++++++++
4 files changed, 35 insertions(+), 8 deletions(-)
diffs (86 lines):
diff -r 3066d6d71a4f -r 5068b168b936 net/knot/Makefile
--- a/net/knot/Makefile Sun Jan 08 20:14:08 2023 +0000
+++ b/net/knot/Makefile Sun Jan 08 20:40:20 2023 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.70 2022/10/26 10:31:48 wiz Exp $
+# $NetBSD: Makefile,v 1.71 2023/01/08 20:40:20 ryoon Exp $
-DISTNAME= knot-3.1.8
-PKGREVISION= 2
+DISTNAME= knot-3.2.4
CATEGORIES= net
MASTER_SITES= https://secure.nic.cz/files/knot-dns/
EXTRACT_SUFX= .tar.xz
diff -r 3066d6d71a4f -r 5068b168b936 net/knot/PLIST
--- a/net/knot/PLIST Sun Jan 08 20:14:08 2023 +0000
+++ b/net/knot/PLIST Sun Jan 08 20:40:20 2023 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.18 2021/08/07 16:36:18 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.19 2023/01/08 20:40:20 ryoon Exp $
bin/kdig
bin/khost
bin/knsec3hash
@@ -58,6 +58,7 @@
include/libknot/rrtype/rdname.h
include/libknot/rrtype/rrsig.h
include/libknot/rrtype/soa.h
+include/libknot/rrtype/svcb.h
include/libknot/rrtype/tsig.h
include/libknot/rrtype/zonemd.h
include/libknot/tsig-op.h
@@ -65,6 +66,7 @@
include/libknot/version.h
include/libknot/wire.h
include/libknot/xdp.h
+include/libknot/xdp/tcp_iobuf.h
include/libknot/yparser/yparser.h
include/libknot/yparser/ypformat.h
include/libknot/yparser/ypschema.h
@@ -98,3 +100,4 @@
sbin/knotd
share/examples/knot/example.com.zone
share/examples/knot/knot.sample.conf
+@pkgdir etc/knot
diff -r 3066d6d71a4f -r 5068b168b936 net/knot/distinfo
--- a/net/knot/distinfo Sun Jan 08 20:14:08 2023 +0000
+++ b/net/knot/distinfo Sun Jan 08 20:40:20 2023 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.41 2022/06/16 16:31:04 ryoon Exp $
+$NetBSD: distinfo,v 1.42 2023/01/08 20:40:20 ryoon Exp $
-BLAKE2s (knot-3.1.8.tar.xz) = d9f7c1a9adee6b0b6ad67c845869ba458945d55c2a2bc611a6c2d09f51259afe
-SHA512 (knot-3.1.8.tar.xz) = af72cbcc5b511dad148e7ce990819df00bdf99c110b44b3b521eddd8690a6ebd4c76c24e63d843956971d5f158bbfa851804616630d34f3a0ec06888c78ecf2c
-Size (knot-3.1.8.tar.xz) = 1439912 bytes
+BLAKE2s (knot-3.2.4.tar.xz) = 65acecae40099c8a9fef98eb9b0a4b969686dc0966535d777064d8fff14d9bec
+SHA512 (knot-3.2.4.tar.xz) = 5a32ef5bd837324d99fdef4d3b378ed1b1df61ee9bad95ba51edce6f2da3c1c8c2b0b31b578e4cb7f9079a9b4db1363a8d984f29beb29fed4e91315ef9e0b77b
+Size (knot-3.2.4.tar.xz) = 1674532 bytes
+SHA1 (patch-configure) = cf0e2a973380dc7123835e249eea7d3bac46c7e9
SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b
diff -r 3066d6d71a4f -r 5068b168b936 net/knot/patches/patch-configure
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/net/knot/patches/patch-configure Sun Jan 08 20:40:20 2023 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-configure,v 1.3 2023/01/08 20:40:20 ryoon Exp $
+
+* Improve POSIX shell portability.
+
+--- configure.orig 2022-11-20 07:16:12.000000000 +0000
++++ configure
+@@ -14729,7 +14729,7 @@ fi
+
+
+
+-if test "$enable_xdp" == "yes"; then :
++if test "$enable_xdp" = "yes"; then :
+
+
+ pkg_failed=no
+@@ -14802,7 +14802,7 @@ else
+ $as_echo "yes" >&6; }
+ enable_xdp=libxdp
+ fi
+- if test "$enable_xdp" == "libxdp"; then :
++ if test "$enable_xdp" = "libxdp"; then :
+
+
+ $as_echo "#define USE_LIBXDP 1" >>confdefs.h
Home |
Main Index |
Thread Index |
Old Index