CVS commit: pkgsrc/net/knot

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/knot
From: "Ryo ONODERA" <ryoon%netbsd.org@localhost>
Date: Thu, 24 Oct 2024 13:43:09 +0000

Module Name:    pkgsrc
Committed By:   ryoon
Date:           Thu Oct 24 13:43:09 UTC 2024

Modified Files:
        pkgsrc/net/knot: Makefile PLIST distinfo

Log Message:
net/knot: Update to 3.4.1

Changelog:
Version 3.4.1

Features:

      + knotd: ACL configuration allows protocol specification (see
        'acl.protocol')
      + knotc: support for benevolent zone updates (see zone-begin with
        '+benevolent')
      + knotd: implemented TLS session resumption
      + kjournalprint: added print merged changesets mode (see '-M')
      + libknot: added NXNAME meta type (Thanks to Jan V?el??k)

Improvements:

      + knotd: DNSKEY synchronization event logs removed/added CDS and (C)
        DNSKEYs
      + knotd: control command log message contains filters and flags in the
        debug mode
      + knotc: zone status prints running, pending, and frozen duration
      + knotd,knotc: unification of control flags and filters
      + keymgr: key listing reports configured keys that are inaccessible
      + libs: upgraded embedded libngtcp2 to 1.8.0
      + doc: various fixes and updates

Bugfixes:

      + knotd: missing support for IPv6 link local address configuration
      + knotd: zone reload occasionally causes a core dump #939 (Thanks to
        solidcc2)
      + knotd: race condition in DDNS over QUIC processing
      + knotd: imperfect signal handling on some auxiliary threads
      + knotd: EDNS EXPIRE not updated when zone signing results in up-to-date
      + knotd: failed to reload autogenerated QUIC/TLS key after process
        ownership change
      + knotc: zone backup filter +keysonly doesn't disable other defaults
      + kxdpgun: failed to receive more data over QUIC until 1-RTT handshake is
        done
      + knsupdate: memory leak if rdata parsing fails
      + doc: failed to install manual pages from a tarball
      + Dockerfile: TCP port 853 not exposed for DoT

Version 3.4.0

Features:

      + knotd: full DNS over TLS (DoT, RFC 7858) implementation (see 'DNS over
        TLS')
      + knotd: bidirectional XFR over TLS (XoT) support with opportunistic,
        strict, and mutual authentication profiles
      + knotd: support for DDNS over QUIC and TLS
      + knotd: DNSSEC validation requires the remaining RRSIG validity is
        longer than 'rrsig-refresh'
      + knotd: new event for automatic DNSSEC revalidation
      + knotd: if enabled DNSSEC signing, EDNS expire is adjusted to the
        earliest RRSIG expiration
      + knotd: added support for libdbus as an alternative to systemd dbus (see
        '--enable-dbus=libdbus' configure parameter)
      + knotd: new XDP-related configuration options (see 'xdp.ring-size',
        'xdp.busypoll-budget', and 'xdp.busypoll-timeout')
      + knotc: new command for explicit triggering DNSSEC validation (see
        'zone-validate' command)
      + keymgr: SKR verification requires end of DNSKEY RRSIG validity covers
        next DNSKEY snapshot
      + kdig: +nocrypto applies also to CERT, DS, SSHFP, DHCID, TLSA, ZONEMD,
        and TSIG
      + knsupdate: added support for DDNS over QUIC and TLS (see '-Q' and '-S'
        parameters)
      + kxdpgun: support for reading a binary input file (see '-B' parameter)
      + kxdpgun: support for output in JSON (see '-j' parameter)
      + kxdpgun: support for periodical output (see '-S' parameter)
      + mod-rrl: module offers limiting of non-UDP protocols based on consumed
        time (see 'mod-rrl.time-rate-limit' and 'mod-rrl.time-instant-limit')
      + utils: -VV option for listing compile time configuration summary

Improvements:

      + knotd: up to eight DDNS queries can be queued per zone when frozen
      + knotd: the number of created/validated RRSIGs is logged
      + knotd: overhaul of atomic operations usage
      + knotd: unified DNAME semantic errors with the CNAME ones (see 'Handling
        CNAME and DNAME-related updates')
      + knotd: better DDNS pre-check to prevent dropping a bulk of updates
      + knotd: extended SOA presence semantic checks
      + knotd: disallowed concurrent control zone and config transactions to
        avoid deadlock
      + knotd: disallowed opening zone transaction when blocking command is
        running to avoid deadlock
      + knotd: new XDP statistic counters
      + knotd: remote zone serial is logged upon received incoming transfer
      + knotd: zone backup stores and zone restore checks the CPU architecture
        compatibility
      + knotd: time configuration options support 'w', 'M', and 'y' units
      + knotd: some control commands can be processed asynchronously
      + knotc: zone backup overwrites already existing backupdir in the force
        mode
      + kdig: EDNS is enabled by default
      + kdig: the default EDNS payload size was lowered to 1232
      + mod-rrl: completely reimplemented UDP rate limiting using an efficient
        query-counting mechanism on several address prefix lengths
      + mod-rrl: module no longer requires explicit configuration
      + libknot: various XDP improvements and new configuration parameters
      + docker: increased -D_FORTIFY_SOURCE to 3

Bugfixes:

      + knotd: deadlock during zone-ksk-submitted processing of a frozen zone
      + kxdpgun: race condition in SIGUSR1 signal processing
      + doc: parallel build is unreliable #928

Compatibility:

      + configure: increase minimal GnuTLS version to 3.6.10
      + configure: removed deprecated libidn 1 support
      + configure: removed liburcu search fallback
      + configure: required GCC or LLVM Clang compiler with C11 support
      + knotd: removed already ignored obsolete configuration options
      + keymgr: removed legacy parameter '--brief'
      + kjournalprint: removed legacy parameter '--no-color'
      + kjournalprint: removed legacy database specification without '--dir'
      + kcatalogprint: removed legacy database specification without '--dir'
      + packaging: CentOS 7, Debian 10, and Ubuntu 18.04 no longer supported
      + doc: removed info pages

Version 3.3.9

Improvements:

      + libknot: added EDE code 30
      + libknot: improved performance of knot_rrset_to_wire_extra()
      + libs: upgraded embedded libngtcp2 to 1.7.0
      + doc: various fixes and updates

Bugfixes:

      + keymgr: pregenerate clears future timestamps of old keys and creates
        new keys
      + mod-dnsproxy: defective TSIG processing
      + mod-dnsproxy: TCP not detected in the XDP mode
      + kxdpgun: unsuccessful interface initialization leaks memory
      + packaging: libknot not installed with python3-libknot


To generate a diff of this commit:
cvs rdiff -u -r1.85 -r1.86 pkgsrc/net/knot/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/net/knot/PLIST
cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/knot/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/knot/Makefile
diff -u pkgsrc/net/knot/Makefile:1.85 pkgsrc/net/knot/Makefile:1.86
--- pkgsrc/net/knot/Makefile:1.85       Mon Jul 29 20:38:15 2024
+++ pkgsrc/net/knot/Makefile    Thu Oct 24 13:43:09 2024
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.85 2024/07/29 20:38:15 ryoon Exp $
+# $NetBSD: Makefile,v 1.86 2024/10/24 13:43:09 ryoon Exp $
 
-DISTNAME=      knot-3.3.8
+DISTNAME=      knot-3.4.1
 CATEGORIES=    net
 MASTER_SITES=  https://secure.nic.cz/files/knot-dns/
 EXTRACT_SUFX=  .tar.xz
@@ -10,8 +10,7 @@ HOMEPAGE=     https://www.knot-dns.cz/
 COMMENT=       Knot (auth) DNS server
 LICENSE=       gnu-gpl-v3
 
-# error: 'for' loop initial declarations are only allowed in C99 mode
-FORCE_C_STD=   c99
+FORCE_C_STD=   c11
 
 BUILD_DEFS+=   VARBASE
 
@@ -58,6 +57,8 @@ CONF_FILES=   ${EGDIR}/knot.sample.conf \
 CONF_FILES+=   ${EGDIR}/example.com.zone \
                        ${PKG_SYSCONFDIR}/example.com.zone
 
+CHECK_WRKREF_SKIP+=    bin/* lib/* sbin/*
+
 INSTALLATION_DIRS=     ${EGDIR}
 OWN_DIRS+=             ${VARBASE}/knot
 

Index: pkgsrc/net/knot/PLIST
diff -u pkgsrc/net/knot/PLIST:1.19 pkgsrc/net/knot/PLIST:1.20
--- pkgsrc/net/knot/PLIST:1.19  Sun Jan  8 20:40:20 2023
+++ pkgsrc/net/knot/PLIST       Thu Oct 24 13:43:09 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.19 2023/01/08 20:40:20 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.20 2024/10/24 13:43:09 ryoon Exp $
 bin/kdig
 bin/khost
 bin/knsec3hash
@@ -44,6 +44,8 @@ include/libknot/packet/rrset-wire.h
 include/libknot/packet/wire.h
 include/libknot/probe/data.h
 include/libknot/probe/probe.h
+include/libknot/quic/tls.h
+include/libknot/quic/tls_common.h
 include/libknot/rdata.h
 include/libknot/rdataset.h
 include/libknot/rrset-dump.h

Index: pkgsrc/net/knot/distinfo
diff -u pkgsrc/net/knot/distinfo:1.48 pkgsrc/net/knot/distinfo:1.49
--- pkgsrc/net/knot/distinfo:1.48       Mon Jul 29 20:38:15 2024
+++ pkgsrc/net/knot/distinfo    Thu Oct 24 13:43:09 2024
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.48 2024/07/29 20:38:15 ryoon Exp $
+$NetBSD: distinfo,v 1.49 2024/10/24 13:43:09 ryoon Exp $
 
-BLAKE2s (knot-3.3.8.tar.xz) = a55c5f74f2a5dff3d652d4b4b837757e68fd935c9cac84e94e39fc4cf0d4981c
-SHA512 (knot-3.3.8.tar.xz) = 4cb7ae728e722902a6808e48747621eceb0a92a7a0afc1a12ecfecca5b1ece5e4a367a98fa6ec68b008697002b881effd314bb4333f225d50f3891d8184f5630
-Size (knot-3.3.8.tar.xz) = 1608360 bytes
+BLAKE2s (knot-3.4.1.tar.xz) = 401ae9980d0f90cb92a8556e7cc218e8dd4dffe04149faa5248f5a4f3f45bf10
+SHA512 (knot-3.4.1.tar.xz) = 1019ce2504b490c7540290b12255d9ae499d6b8e947f1f7cc01019f11dfc5c8355fabbc955b5d8e46f34a4a25d1762eaf3792a5adb1140a98dda6502fbd94a4b
+Size (knot-3.4.1.tar.xz) = 1632620 bytes
 SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index