pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/knot knot: Update to 3.1.0



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e78ab4a48b59
branches:  trunk
changeset: 456763:e78ab4a48b59
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Sat Aug 07 16:36:18 2021 +0000

description:
knot: Update to 3.1.0

Changelog:
Version 3.1.0

Monday, August 2, 2021

Features:

      + knotd: automatic zone catalog generation based on actual configuration
      + knotd: zone catalog supports configuration groups
      + knotd: support for ZONEMD validation and generation
      + knotd: basic support for TCP over XDP processing
      + knotd: configuration option for enabling IP route check in the XDP mode
      + knotd: support for epoll (Linux) and kqueue (*BSD, macOS) socket
        polling
      + knotd: extended EDNS error (EDE) is added to the response if
        appropriate
      + knotd: DNSSEC operation with extra ready public-only KSK is newly
        allowed
      + knotd: new zone backup/restore filters for more variable component
        specification
      + knotd: adaptive systemd service start timeout and new zone loading
        status #733
      + knotd: configuration option for enabling TCP Fast Open on outbound
        communication
      + knotd: when the server starts, zone NOTIFY is send only if not sent
        already
      + knotc: zone reload with the force flag triggers reload of the zone and
        its modules
      + libs: support for parsing and dumping SVCB and HTTPS resource records
      + kdig: support for TCP Fast Open along with DoT/DoH #549
      + kxdpgun: basic support for DNS over TCP processing
      + kxdpgun: current traffic statistics can be printed using a USR1 signal
      + python: new libknot/probe API wrapper

Improvements:

      + knotd: PID file is created even in the foreground mode
      + knotd: more robust and enhanced zone data backup and restore operations
      + knotd: maximum length of an XFR message is limited to 16 KiB for better
        compression
      + knotd: maximum CNAME/DNAME chain depth per reply was decreased from 20
        to 5
      + knotd: improved performance of processing domain names with many short
        labels
      + knotd: adaptive limit on the number of LMDB readers to avoid problems
        with many workers
      + knotd: TTL of generated NSEC(3) records is set to min(SOA TTL, SOA
        minimum)
      + knotd: TTL of generated NSEC3PARAM is equal to TTL of NSEC3 records
      + knotd: maximum TCP segment size is restricted to 1220 octets on Linux #
        468
      + knotc: various improvements in error reporting
      + knotc: default control timeout is infinity in the blocking mode
      + dnssec: dnskey generator tries to return a key with a unique keytag
      + kxdpgun: RLIMIT_MEMLOCK is increased only if not high enough
      + kxdpgun: RTNETLINK is used for getting network information instead of
        the ip command

Bugfixes:

      + knotd: DNAME not applied more than once to resolve the query #714
      + knotd: root zone not correctly purged from the journal
      + kzonecheck: incorrect check for opt-outed empty non-terminal nodes
      + libzscanner: wrong error line number
      + libzscanner: broken multiline rdata processing if an error occurs
      + mod-geoip: NXDOMAIN is responded instead of NODATA #745
      + make: build fails with undefined references if building using slibtool
        #722

Packaging:

      + knotd: systemd service reload uses 'kill -HUP' instead of 'knotc
        reload'
      + kxdpgun: new library dependency libmnl
      + mod-dnstap: new package separate from the knot package
      + mod-geoip: new package separate from the knot package

Compatibility:

      + configure: option '--enable-xdp=yes' means use an external libbpf if
            available
            or use the embedded one

      + libzsanner: omitted TTL value is correctly set to the last explicitly
        stated value (RFC 1035)
      + knotc: zone restore from an old backup (3.0.x) requires forced
        operation
      + knotd: configuration option 'server.listen-xdp' is replaced with
        'xdp.listen'
      + knotd: zone file loading with automatic SOA serial incrementation newly
            requires having full zone in the journal

      + knotd: obsolete configuration options 'zone.disable-any',
            'server.tcp-handshake-timeout'
            are silently ignored

      + knotd: obsolete configuration options 'zone.max-zone-size',
            'zone.max-journal-depth',
            'zone.max-journal-usage', 'zone.max-refresh-interval',
            'zone.min-refresh-interval' 'server.max-ipv4-udp-payload',
            'server.max-ipv6-udp-payload', 'server.max-udp-payload',
            'server.tcp-reply-timeout', 'server.max-tcp-clients' are ignored

      + knotd: obsolete default template options 'template.journal-db',
            'template.kasp-db', 'template.timer-db',
            'template.max-journal-db-size', 'template.journal-db-mode',
            'template.max-timer-db-size', 'template.max-kasp-db-size' are
            ignored

Version 3.0.8

Friday, July 16, 2021

Features:

      + knotc: new command for loading DNSSEC keys without dropping all RRSIGs
        when re-signing
      + knotd: new policy configuration option for disabling some DNSSEC safety
        features #741
      + mod-geoip: new dnssec and policy configuration options

Bugfixes:

      + knotd: early KSK removal during a KSK rollover if automatic KSK
            submission check
            is enabled and DNSKEY TTL is lower than the corresponding DS TTL

      + knotd: failed to generate a new DNSKEY if previously generated shared
        key not available
      + knotd: periodical error logging when a PKCS #11 keystore failed to
        initialize #742
      + knotd: zone commit doesn't check for missing SOA record

Version 3.0.7

Wednesday, June 16, 2021

Features:

      + knotd: new configuration policy option for CDS digest algorithm setting
        #738
      + keymgr: new command for primary SOA serial manipulation in on-secondary
        signing mode

Improvements:

      + knotd: improved algorithm rollover to shorten the last step of old
        RRSIG publication

Bugfixes:

      + knotd: zone is flushed upon server start, despite DNSSEC signing is
        up-to-date
      + knotd: wildcard nonexistence is proved on empty-non-terminal query
      + knotd: redundant wildcard proof for non-authoritative data in a reply
      + knotd: missing wildcard proofs in a wildcard-cname loop reply
      + knotd: incorrectly synthesized CNAME owner from a wildcard record #715
      + knotd: zone-in-journal changeset ignores journal-max-usage limit #736
      + knotd: incorrect processing of zone-in-journal changeset with SOA
        serial 0
      + knotd: broken initialization of processing workers if SO_REUSEPORT(_LB)
        not available
      + kjournalprint: reported journal usage is incorrect #736
      + keymgr: cannot parse algorithm name ed448 #739
      + keymgr: default key size not set properly
      + kdig: failed to process huge DoH responses
      + libknot/probe: some corner-case bugs

Version 3.0.6

Wednesday, May 12, 2021

Features:

      + mod-probe: new module for simple traffic logging (Python API not yet
        included)

Improvements:

      + keymgr: new mode for listing zones with at least one key stored
      + keymgr: the pregenerate command accepts optional timestamp-from
        parameter
      + kzonecheck: accept '-' as substitution for standard input #727
      + knotd: print an error when unable to change owner of a logging file
      + knotd: new warning log if no interface is configured
      + knotd: new signing policy check for NSEC3 iterations higher than 20
      + knotd: don't allow backup to/restore from the DB storage directory
      + Various code (mostly zone backup/restore), tests, and documentation
        improvements

Bugfixes:

      + knotd: secondary fails to load zone file if HTTPS or SVCB record is
        present #725
      + knotd: (KSK roll-over) new KSK is not signing DNSKEY long enough before
        DS submission
      + knotd: (KSK roll-over) old KSK uselessly published after roll-over
        finished
      + knotd: malformed address in TCP-related logs when listening on a UNIX
        socket
      + knotd: server responds FORMERR instead of BADTIME if TSIG signed time
        is zero #730
      + modules: incorrect local and remote addresses in the XDP mode
      + modules: failed to read configuration from a section without
        identifiers
      + mod-synthrecord: queries on synthesized empty-non-terminals not
        answered with NODATA
      + keymgr: confusing error if del-all-old command fails

diffstat:

 net/knot/Makefile                |   5 ++---
 net/knot/PLIST                   |   9 +++++++--
 net/knot/distinfo                |  11 +++++------
 net/knot/patches/patch-configure |  22 ----------------------
 4 files changed, 14 insertions(+), 33 deletions(-)

diffs (108 lines):

diff -r a9d8a7e42e71 -r e78ab4a48b59 net/knot/Makefile
--- a/net/knot/Makefile Sat Aug 07 16:25:55 2021 +0000
+++ b/net/knot/Makefile Sat Aug 07 16:36:18 2021 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.63 2021/05/14 13:08:10 nia Exp $
+# $NetBSD: Makefile,v 1.64 2021/08/07 16:36:18 ryoon Exp $
 
-DISTNAME=      knot-3.0.4
-PKGREVISION=   1
+DISTNAME=      knot-3.1.0
 CATEGORIES=    net
 MASTER_SITES=  https://secure.nic.cz/files/knot-dns/
 EXTRACT_SUFX=  .tar.xz
diff -r a9d8a7e42e71 -r e78ab4a48b59 net/knot/PLIST
--- a/net/knot/PLIST    Sat Aug 07 16:25:55 2021 +0000
+++ b/net/knot/PLIST    Sat Aug 07 16:36:18 2021 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.17 2020/10/01 03:37:02 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.18 2021/08/07 16:36:18 ryoon Exp $
 bin/kdig
 bin/khost
 bin/knsec3hash
@@ -8,6 +8,7 @@
 include/knot/module.h
 include/libdnssec/binary.h
 include/libdnssec/crypto.h
+include/libdnssec/digest.h
 include/libdnssec/dnssec.h
 include/libdnssec/error.h
 include/libdnssec/key.h
@@ -30,6 +31,7 @@
 include/libknot/db/db_trie.h
 include/libknot/descriptor.h
 include/libknot/dname.h
+include/libknot/dynarray.h
 include/libknot/endian.h
 include/libknot/errcode.h
 include/libknot/error.h
@@ -40,6 +42,8 @@
 include/libknot/packet/pkt.h
 include/libknot/packet/rrset-wire.h
 include/libknot/packet/wire.h
+include/libknot/probe/data.h
+include/libknot/probe/probe.h
 include/libknot/rdata.h
 include/libknot/rdataset.h
 include/libknot/rrset-dump.h
@@ -55,10 +59,12 @@
 include/libknot/rrtype/rrsig.h
 include/libknot/rrtype/soa.h
 include/libknot/rrtype/tsig.h
+include/libknot/rrtype/zonemd.h
 include/libknot/tsig-op.h
 include/libknot/tsig.h
 include/libknot/version.h
 include/libknot/wire.h
+include/libknot/xdp.h
 include/libknot/yparser/yparser.h
 include/libknot/yparser/ypformat.h
 include/libknot/yparser/ypschema.h
@@ -92,4 +98,3 @@
 sbin/knotd
 share/examples/knot/example.com.zone
 share/examples/knot/knot.sample.conf
-@pkgdir etc/knot
diff -r a9d8a7e42e71 -r e78ab4a48b59 net/knot/distinfo
--- a/net/knot/distinfo Sat Aug 07 16:25:55 2021 +0000
+++ b/net/knot/distinfo Sat Aug 07 16:36:18 2021 +0000
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.36 2021/02/27 18:55:31 ryoon Exp $
+$NetBSD: distinfo,v 1.37 2021/08/07 16:36:18 ryoon Exp $
 
-SHA1 (knot-3.0.4.tar.xz) = 7bbdad40263a07de9b80e658d0170358b826ce69
-RMD160 (knot-3.0.4.tar.xz) = d695706a05b7cd93537d0c2e42e68b3561a110b1
-SHA512 (knot-3.0.4.tar.xz) = d674faaafcbe882539d28e53f1cd6cdda61ca8065f66dc0b9127f249f34b59a9d3d1ac206799c2974a2d38264842a2387db35f814bd05f3eaeac0b35b90b21ac
-Size (knot-3.0.4.tar.xz) = 1347928 bytes
-SHA1 (patch-configure) = c8d556d66c37093031ecabfe889e3fd6a80bc772
+SHA1 (knot-3.1.0.tar.xz) = ba54eb09b258aa0a3466fffa026c562f31c12f85
+RMD160 (knot-3.1.0.tar.xz) = 0ebc31564098c670b19dd4e4fabb350052bd0b05
+SHA512 (knot-3.1.0.tar.xz) = 7a76ca1547f6aded1045b8a124ec4e35c61199b822b7692b656ef9bfadb68bdfde097a1ece973725ea14690743da2e2c08717055516b150696e3ac341fa5c728
+Size (knot-3.1.0.tar.xz) = 1401992 bytes
 SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b
diff -r a9d8a7e42e71 -r e78ab4a48b59 net/knot/patches/patch-configure
--- a/net/knot/patches/patch-configure  Sat Aug 07 16:25:55 2021 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-configure,v 1.1 2020/10/01 03:37:02 ryoon Exp $
-
---- configure.orig     2020-09-09 05:51:07.000000000 +0000
-+++ configure
-@@ -5472,7 +5472,7 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUI
-  presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
-  esac
- 
--if test "$endianity" == "little-endian"; then :
-+if test "$endianity" = "little-endian"; then :
- 
- 
- $as_echo "#define ENDIANITY_LITTLE 1" >>confdefs.h
-@@ -14016,7 +14016,7 @@ fi
- 
- 
- 
--XDP_VISIBLE_HEADERS=$(test "$enable_xdp" == "no"; echo "$?")
-+XDP_VISIBLE_HEADERS=$(test "$enable_xdp" = "no"; echo "$?")
- 
- 
- if test "$enable_xdp" != "no"; then :



Home | Main Index | Thread Index | Old Index