Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1582118245208880"
MIME-Version: 1.0
Date: Wed, 19 Feb 2020 13:17:25 +0000
From: "Ryo ONODERA" <ryoon@netbsd.org>
Subject: CVS commit: pkgsrc/net/knot
To: pkgsrc-changes@NetBSD.org
Reply-To: ryoon@netbsd.org
Message-Id: <20200219131725.1D9F7FBF4@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1582118245208880
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Module Name:	pkgsrc
Committed By:	ryoon
Date:		Wed Feb 19 13:17:24 UTC 2020

Modified Files:
	pkgsrc/net/knot: Makefile distinfo

Log Message:
knot: Update to 2.9.2

Changelog:
Knot DNS 2.9.2 (2019-12-12)
===========================

Improvements:
-------------
 - Tiny ds-check log message rewording
 - Some unnecessary code cleanup

Bugfixes:
---------
 - ds-push doesn't replace the DS RRset on the parent #661
 - Server gets stuck in a never-ending logging loop when changing SOA TTL
 - Server can crash when the journal database size limit is reached
 - Server can create a bogus changeset with equal serials from and to
 - Unreasonable re-signing of the NSEC3PARAM record when reloading the zone
   and 'zonefile-load: difference-no-serial' is configured
 - SOA RRSIG not updated if the only changed record is SOA
 - Failed to remove NSEC3 records through the control interface #666
 - Failed to stop the server if a zone transaction is active

Knot DNS 2.9.1 (2019-11-11)
===========================

Features:
---------
 - New option for OCSP stapling '+[no]tls-ocsp-stapling[=H]' in kdig (Thanks to Alexander Schultz)

Improvements:
-------------
 - Kdig always randomizes source TCP port on recent Linux #575
 - Server no longer warns about disabled zone file synchronization during shutdown
 - Zone loading stops if failed to load zone from the journal
 - Speed-up of insertion to big RRSets
 - Various code and documentation improvements

Bugfixes:
---------
 - Failed to apply journal changes after upgrade #659
 - Failed to finish zone loading if journal changeset serials from and to are equal
 - Incorrect handling of 0 value for 'tcp-io-timeout' and 'tcp-remote-io-timeout' configuration
 - Server can crash if zone transaction is open during zone update
 - NSEC3 chain not fully updated if NSEC3 salt changes during zone update
 - Server can crash when flushing zone to a specified directory
 - Server can respond incorrect NSEC3 records after NSEC3 salt change
 - Delegation glue records not updated after specific zone change

Knot DNS 2.9.0 (2019-10-10)
===========================

Features:
---------
 - Full support for different master/slave serial arithmetics when on-slave signing
 - Module geoip newly supports wildcard records #650
 - New DNSSEC policy configuration option 'rrsig-pre-refresh' for reducing
   frequency of the zone signing event
 - New server configuration option 'tcp-reuseport' for setting SO_REUSEPORT(_LB)
   mode on TCP sockets
 - New server configuration option 'tcp-io-timeout' [ms] for restricting inbound
   IO operations over TCP #474

Improvements:
-------------
 - Significant speed-up of zone contents modifications
 - Avoided double zone signing during CSK rollovers
 - Self-created RRSIGs are not cryptographically verified if not necessary
 - Zone journal can store two changesets if zone file difference computing
   and DNSSEC signing are enabled. The first one containing the difference of
   zone history needed by slave servers, the second one containing the difference
   between zone file and zone needed for server restart
 - Universal and more robust memory clearing
 - More precise socket timeout handling
 - New notice log message for configuration changes requiring server restart
 - Module RRL logs both trigger source address and affected subnet
 - Various code (especially zone and TCP processing) and documentation improvements

Bugfixes:
---------
 - RRSIGs are wrongly checked for inconsistent RRSet TTLs during zone update
 - DS check/push warnings after disabled DNSSEC signing
 - NSEC3 records not accessible through control interface
 - Module geoip doesn't accept underscore character in dname specification #655

Compatibility:
--------------
 - Removed runtime reconfiguration of network workers and interfaces since
   it was imperfect and also couldn't work after dropped process privileges
 - Removed inaccurate and misleading knotc command 'zone-memstats' because
   memory consumption varies during zone modifications or transfers
 - Removed useless 'zone.request-edns-option' configuration option
 - Reimplemented DNS Cookies to be interoperable (based on draft-ietf-dnsop-server-cookies
   and work by Witold Kręcicki)
 - Default limit on TCP clients is auto-configured to one half of the file
   descriptor limit for the server process
 - Number of open files limit is set to 1048576 in upstream packages
 - Default number of TCP workers is equal to the number of online CPUs or at least 10
 - Default EDNS buffer size is 1232 for both IPv4 and IPv6
 - Removed 'tcp-handshake-timeout' server configuration option
 - Some configuration options were renamed and possibly moved. Old names will
   be supported at least until next major release:
    - 'server.tcp-reply-timeout' [s] to 'server.tcp-remote-io-timeout' [ms]
    - 'server.max-tcp-clients'       to 'server.tcp-max-clients'
    - 'server.max-udp-payload'       to 'server.udp-max-payload'
    - 'server.max-ipv4-udp-payload'  to 'server.udp-max-payload-ipv4'
    - 'server.max-ipv6-udp-payload'  to 'server.udp-max-payload-ipv6'
    - 'template.journal-db'          to 'database.journal-db'
    - 'template.journal-db-mode'     to 'database.journal-db-mode'
    - 'template.max-journal-db-size' to 'database.journal-db-max-size'
    - 'template.kasp-db'             to 'database.kasp-db'
    - 'template.max-kasp-db-size'    to 'database.kasp-db-max-size'
    - 'template.timer-db'            to 'database.timer-db'
    - 'template.max-timer-db-size'   to 'database.timer-db-max-size'
    - 'zone.max-journal-usage'       to 'zone.journal-max-usage'
    - 'zone.max-journal-depth'       to 'zone.journal-max-depth'
    - 'zone.max-zone-size'           to 'zone.zone-max-size'
    - 'zone.max-refresh-interval'    to 'zone.refresh-max-interval'
    - 'zone.min-refresh-interval'    to 'zone.refresh-min-interval'

Knot DNS 2.8.4 (2019-09-24)
===========================

Features:
---------
 - Automatic uploading of DS records to parent zone using DDNS,
   see 'policy.ds-push' configuration option

Improvements:
-------------
 - Incoming IXFR no longer falls back to AXFR if connection error #642
 - More accurate semantic checks for missing glue records
 - Various code and documentation improvements

Bugfixes:
---------
 - Failed to read/export configuration if 'acl.update-type' is set #651
 - Failed to generate initial zero-length salt
 - Missing error log for invalid rrtype input to dynamic configuration #652
 - Missing error log when AXFR processing fails to store zone data
 - Redundant notice log about unavailable persistent configuration DB
 - Zone not flushed after retransfer if SOA serial not changed
 - Zone contents not properly fixed during zone transfers
 - No changeset created for updated rrset's TTL if changed by RR addition


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/knot/Makefile
cvs rdiff -u -r1.28 -r1.29 pkgsrc/net/knot/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1582118245208880
Content-Disposition: inline
Content-Length: 1865
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/knot/Makefile
diff -u pkgsrc/net/knot/Makefile:1.48 pkgsrc/net/knot/Makefile:1.49
--- pkgsrc/net/knot/Makefile:1.48	Sun Nov  3 11:45:38 2019
+++ pkgsrc/net/knot/Makefile	Wed Feb 19 13:17:24 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.48 2019/11/03 11:45:38 rillig Exp $
+# $NetBSD: Makefile,v 1.49 2020/02/19 13:17:24 ryoon Exp $
 
-DISTNAME=	knot-2.8.3
+DISTNAME=	knot-2.9.2
 CATEGORIES=	net
 MASTER_SITES=	https://secure.nic.cz/files/knot-dns/
 EXTRACT_SUFX=	.tar.xz
@@ -23,6 +23,9 @@ CONFIGURE_ARGS+=	--with-libidn=${BUILDLI
 
 CONFIGURE_ARGS.NetBSD+=	--enable-recvmmsg=no
 
+# -O? stops cc1 on NetBSD/amd64 9.99.47.
+BUILDLINK_TRANSFORM+=	rm:-O2
+
 .include "../../mk/bsd.prefs.mk"
 
 .if ${MACHINE_ARCH} == "i386" 

Index: pkgsrc/net/knot/distinfo
diff -u pkgsrc/net/knot/distinfo:1.28 pkgsrc/net/knot/distinfo:1.29
--- pkgsrc/net/knot/distinfo:1.28	Wed Aug 21 14:19:00 2019
+++ pkgsrc/net/knot/distinfo	Wed Feb 19 13:17:24 2020
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.28 2019/08/21 14:19:00 ryoon Exp $
+$NetBSD: distinfo,v 1.29 2020/02/19 13:17:24 ryoon Exp $
 
-SHA1 (knot-2.8.3.tar.xz) = 1af4446d9a27d5202dfb5ad20408c3fae9798015
-RMD160 (knot-2.8.3.tar.xz) = ced1cffefdf808a2807b0ba6147a62ffdab4dbe0
-SHA512 (knot-2.8.3.tar.xz) = a5743181807b944c9b6dfce845f009c576125c114fbac7b87592129b724628466740fb77e41cabd8aaf9f046374a9337a1c97ea74b33afae1af6e39e21f8e662
-Size (knot-2.8.3.tar.xz) = 1206172 bytes
+SHA1 (knot-2.9.2.tar.xz) = 08b19da156d09f23f65c0906c35568cc8190b256
+RMD160 (knot-2.9.2.tar.xz) = e98deadac8116b4276caca2c8213aff20007eda3
+SHA512 (knot-2.9.2.tar.xz) = 7e09cd6e587342b0a213f7a108704fff7535d02dd47d662e60b96ae5d75d9745d659131622253f964deb1607f28d172d1d46dc3b5f61e2f6c70e5002e746da68
+Size (knot-2.9.2.tar.xz) = 1181860 bytes
 SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b


--_----------=_1582118245208880--