Received: by mail.netbsd.org (Postfix, from userid 605) id A039E84D67; Sun, 8 Jan 2023 20:40:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C845B84D60 for ; Sun, 8 Jan 2023 20:40:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id ubzV7boTYpNi for ; Sun, 8 Jan 2023 20:40:21 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 1856384D5B for ; Sun, 8 Jan 2023 20:40:21 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 0BDC1FA90; Sun, 8 Jan 2023 20:40:21 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_167321042111090" MIME-Version: 1.0 Date: Sun, 8 Jan 2023 20:40:21 +0000 From: "Ryo ONODERA" Subject: CVS commit: pkgsrc/net/knot To: pkgsrc-changes@NetBSD.org Reply-To: ryoon@netbsd.org X-Mailer: log_accum Message-Id: <20230108204021.0BDC1FA90@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_167321042111090 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: ryoon Date: Sun Jan 8 20:40:20 UTC 2023 Modified Files: pkgsrc/net/knot: Makefile PLIST distinfo Added Files: pkgsrc/net/knot/patches: patch-configure Log Message: knot: Update to 3.2.4 Changelog: Version 3.2.4 Improvements: + knotd: significant speed-up of catalog zone update processing + knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh + knotd: reworked zone re-bootstrap scheduling to be less progressive + mod-synthrecord: module can work with CIDR-style reverse zones #826 + python: new libknot wrappers for some dname transformation functions + doc: a few fixes and improvements Bugfixes: + knotd: incomplete zone is received when IXFR falls back to AXFR due to connection timeout if primary puts initial SOA only to the first message + knotd: first zone re-bootstrap is planned after 24 hours + knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone + knotd: catalog zone can expire upon EDNS EXPIRE processing + knotd: DNSSEC signing doesn't fail if no offline KSK records available Version 3.2.3 Improvements: + knotd: new per-zone DS push configuration option (see 'zone.ds-push') + libs: upgraded embedded libngtcp2 to 0.11.0 Bugfixes: + knsupdate: program crashes when sending an update + knotd: server drops more responses over UDP under higher load + knotd: missing EDNS padding in responses over QUIC + knotd: some memory issues when handling unusual QUIC traffic + kxdpgun: broken IPv4 source subnet processing + kdig: incorrect handling of unsent data over QUIC Version 3.2.2 Features: + knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode + knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay') + kdig: support for JSON (RFC 8427) output format (see '+json') + kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk) Improvements: + mod-geoip: module respects the server configuration of answer rotation + libs: upgraded embedded libngtcp2 to 0.10.0 + tests: improved robustness of some unit tests + doc: added description of zone bootstrap re-planning Bugfixes: + knotd: catalog confusion when a member is added and immediately deleted #818 + knotd: defective handling of short messages with PROXYv2 header #816 + knotd: inconsistent processing of malformed messages with PROXYv2 header #817 + kxdpgun: incorrect XDP mode is logged + packaging: outdated dependency check in RPM packages Version 3.2.1 Improvements: + libknot: added compatibility with libbpf 1.0 and libxdp + libknot: removed some trailing white space characters from textual RR format + libs: upgraded embedded libngtcp2 to 0.8.1 Bugfixes: + knotd: some non-DNS packets not passed to OS if XDP mode enabled + knotd: inappropriate log about QUIC port change if QUIC not enabled + knotd/kxdpgun: various memory leaks related to QUIC and TCP + kxdpgun: can crash at high rates in emulated XDP mode + tests: broken XDP-TCP test on 32-bit platforms + kdig: failed to build with enabled QUIC on OpenBSD + systemd: failed to start server due to TemporaryFileSystem setting + packaging: missing knot-dnssecutils package on CentOS 7 Version 3.2.0 Features: + knotd: finalized TCP over XDP implementation + knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic') + knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management') + knotd: support for remote grouping in configuration (see 'groups' section) + knotd: implemented EDNS Expire option (RFC 7314) + knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1 + knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762 + knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label') + knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https + keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens) + kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter) + kdig: new DNS over QUIC support (see '+quic') Improvements: + knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS + knotd: RRSIG refresh values don't have to match in the mode Offline KSK + knotd: better decision whether AXFR fallback is needed upon a refresh error + knotd: NSEC3 resalt event was merged with the DNSSEC event + knotd: server logs when the connection to remote was taken from the pool + knotd: server logs zone expiration time when the zone is loaded + knotd: DS check verifies removal of old DS during algorithm rollover + knotd: DNSSEC-related records can be updated via DDNS + knotd: new 'xdp.udp' configuration option for disabling UDP over XDP + knotd: outgoing NOTIFY is replanned if failed + knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones + knotd: DNSSEC-related zone semantic checks use DNSSEC validation + knotd: new configuration value 'query' for setting ACL action + knotd: new check on near end of imported Offline KSK records + knotd/knotc: implemented zone catalog purge, including orphaned member zones + knotc: interactive mode supports catalog zone completion, value completion, and more + knotc: new default brief and colorized output from zone status + knotc: unified empty values in zone status output + keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode + kjournalprint: path to journal DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D') + kcatalogprint: path to catalog DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D') + kzonesign: added automatic configuration file detection and '-C' parameter for configuration DB specificaion + kzonesign: all CPU threads are used for DNSSEC validation + libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765 + libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780 + libknot: reduced memory consumption of the XDP mode + libknot: XDP filter supports up to 256 NIC queues + kxdpgun: new options for specifying source and remote MAC addresses + utils: extended logging of LMDB-related errors + utils: improved error outputs + kdig: query has AD bit set by default + doc: various improvements Bugfixes: + knotd: zone changeset is stored to journal even if disabled + knotd: journal not applied to zone file if zone file changed during reload + knotd: possible out-of-order processing or postponed zone events to far future + knotd: incorrect TTL is used if updated RRSet is empty over control interface + knotd/libs: serial arithmetics not used for RRSIG expiration processing + knsupdate: incorrect RRTYPE in the question section Compatibility: + knotd: default value for 'zone.journal-max-depth' was lowered to 20 + knotd: default value for 'policy.nsec3-iterations' was lowered to 0 + knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL + knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low + knotd: configuration option 'server.listen-xdp' has no effect + knotd: new configuration check on deprecated DNSSEC algorithm + knotc: new '-e' parameter for full zone status output + keymgr: new '-e' parameter for full key list output + keymgr: brief key listing mode is enabled by default + keymgr: renamed parameter '-d' to '-D' + knsupdate: default TTL is set to 3600 + knsupdate: default zone is empty + kjournalprint: renamed parameter '-c' to '-H' + python/libknot: removed compatibility with Python 2 Packaging: + systemd: removed knot.tmpfile + systemd: added some hardening options + distro: Debian 9 and Ubuntu 16.04 no longer supported + distro: packages for CentOS 7 are built in a separate COPR repository + kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils Version 3.1.9 Improvements: + knotd: new configuration checks on unsupported catalog settings + knotd: semantic check issues have notice log level in the soft mode + keymgr: command generate-ksr automatically sets 'from' parameter to last offline KSK records' timestamp if it's not specified + keymgr: command show-offline starts from the first offline KSK record set if 'from' parameter isn't specified + kcatalogprint: new parameters for filtering catalog or member zone + mod-probe: default rate limit was increased to 100000 + libknot: default control timeout was increased to 30 seconds + python/libknot: various exceptions are raised from class KnotCtl + doc: some improvements Bugfixes: + knotd: incomplete outgoing IXFR is responded if journal history is inconsistent + knotd: manually triggered zone flush is suppressed if disabled zone synchronization + knotd: failed to configure XDP listen interface without port specification + knotd: de-cataloged member zone's file isn't deleted #805 + knotd: member zone leaks memory when reloading catalog during dynamic configuration change + knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei) + knotd: server crashes during shutdown if PKCS #11 keystore is used + keymgr: command del-all-old isn't applied to all keys in the removed state + kxdpgun: user specified network interface isn't used + libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins) To generate a diff of this commit: cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/knot/Makefile cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/knot/PLIST cvs rdiff -u -r1.41 -r1.42 pkgsrc/net/knot/distinfo cvs rdiff -u -r0 -r1.3 pkgsrc/net/knot/patches/patch-configure Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_167321042111090 Content-Disposition: inline Content-Length: 3431 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/knot/Makefile diff -u pkgsrc/net/knot/Makefile:1.70 pkgsrc/net/knot/Makefile:1.71 --- pkgsrc/net/knot/Makefile:1.70 Wed Oct 26 10:31:48 2022 +++ pkgsrc/net/knot/Makefile Sun Jan 8 20:40:20 2023 @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.70 2022/10/26 10:31:48 wiz Exp $ +# $NetBSD: Makefile,v 1.71 2023/01/08 20:40:20 ryoon Exp $ -DISTNAME= knot-3.1.8 -PKGREVISION= 2 +DISTNAME= knot-3.2.4 CATEGORIES= net MASTER_SITES= https://secure.nic.cz/files/knot-dns/ EXTRACT_SUFX= .tar.xz Index: pkgsrc/net/knot/PLIST diff -u pkgsrc/net/knot/PLIST:1.18 pkgsrc/net/knot/PLIST:1.19 --- pkgsrc/net/knot/PLIST:1.18 Sat Aug 7 16:36:18 2021 +++ pkgsrc/net/knot/PLIST Sun Jan 8 20:40:20 2023 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.18 2021/08/07 16:36:18 ryoon Exp $ +@comment $NetBSD: PLIST,v 1.19 2023/01/08 20:40:20 ryoon Exp $ bin/kdig bin/khost bin/knsec3hash @@ -58,6 +58,7 @@ include/libknot/rrtype/opt.h include/libknot/rrtype/rdname.h include/libknot/rrtype/rrsig.h include/libknot/rrtype/soa.h +include/libknot/rrtype/svcb.h include/libknot/rrtype/tsig.h include/libknot/rrtype/zonemd.h include/libknot/tsig-op.h @@ -65,6 +66,7 @@ include/libknot/tsig.h include/libknot/version.h include/libknot/wire.h include/libknot/xdp.h +include/libknot/xdp/tcp_iobuf.h include/libknot/yparser/yparser.h include/libknot/yparser/ypformat.h include/libknot/yparser/ypschema.h @@ -98,3 +100,4 @@ sbin/knotc sbin/knotd share/examples/knot/example.com.zone share/examples/knot/knot.sample.conf +@pkgdir etc/knot Index: pkgsrc/net/knot/distinfo diff -u pkgsrc/net/knot/distinfo:1.41 pkgsrc/net/knot/distinfo:1.42 --- pkgsrc/net/knot/distinfo:1.41 Thu Jun 16 16:31:04 2022 +++ pkgsrc/net/knot/distinfo Sun Jan 8 20:40:20 2023 @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.41 2022/06/16 16:31:04 ryoon Exp $ +$NetBSD: distinfo,v 1.42 2023/01/08 20:40:20 ryoon Exp $ -BLAKE2s (knot-3.1.8.tar.xz) = d9f7c1a9adee6b0b6ad67c845869ba458945d55c2a2bc611a6c2d09f51259afe -SHA512 (knot-3.1.8.tar.xz) = af72cbcc5b511dad148e7ce990819df00bdf99c110b44b3b521eddd8690a6ebd4c76c24e63d843956971d5f158bbfa851804616630d34f3a0ec06888c78ecf2c -Size (knot-3.1.8.tar.xz) = 1439912 bytes +BLAKE2s (knot-3.2.4.tar.xz) = 65acecae40099c8a9fef98eb9b0a4b969686dc0966535d777064d8fff14d9bec +SHA512 (knot-3.2.4.tar.xz) = 5a32ef5bd837324d99fdef4d3b378ed1b1df61ee9bad95ba51edce6f2da3c1c8c2b0b31b578e4cb7f9079a9b4db1363a8d984f29beb29fed4e91315ef9e0b77b +Size (knot-3.2.4.tar.xz) = 1674532 bytes +SHA1 (patch-configure) = cf0e2a973380dc7123835e249eea7d3bac46c7e9 SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b Added files: Index: pkgsrc/net/knot/patches/patch-configure diff -u /dev/null pkgsrc/net/knot/patches/patch-configure:1.3 --- /dev/null Sun Jan 8 20:40:20 2023 +++ pkgsrc/net/knot/patches/patch-configure Sun Jan 8 20:40:20 2023 @@ -0,0 +1,24 @@ +$NetBSD: patch-configure,v 1.3 2023/01/08 20:40:20 ryoon Exp $ + +* Improve POSIX shell portability. + +--- configure.orig 2022-11-20 07:16:12.000000000 +0000 ++++ configure +@@ -14729,7 +14729,7 @@ fi + + + +-if test "$enable_xdp" == "yes"; then : ++if test "$enable_xdp" = "yes"; then : + + + pkg_failed=no +@@ -14802,7 +14802,7 @@ else + $as_echo "yes" >&6; } + enable_xdp=libxdp + fi +- if test "$enable_xdp" == "libxdp"; then : ++ if test "$enable_xdp" = "libxdp"; then : + + + $as_echo "#define USE_LIBXDP 1" >>confdefs.h --_----------=_167321042111090--