Subject: CVS commit: pkgsrc/net/knot
From: Ryo ONODERA
Date: 2021-12-17 16:15:58
Message id: 20211217151558.42522FAEC@cvs.NetBSD.org
Log Message:
knot: Update to 3.1.4

Changelog:
Version 3.1.4

Features:

      + mod-dnstap: added 'responses-with-queries' configuration option (Thanks
        to Robert Edmonds)

Improvements:

      + knotd: DNSSEC keys are logged in sorted order by timestamp
      + mod-cookies: added statistics counter for dropped queries due to the
        slip limit
      + mod-dnstap: restored the original query QNAME case #773 (Thanks to
        Robert Edmonds)
      + configure: improved compatibility of some scripts on macOS and BSDs
      + doc: updates on DNSSEC signing

Bugfixes:

      + knotd: server can crash when receiving queries with NSID EDNS flag #774
        (Thanks to Romain Labolle)
      + knotd: server crashes on reload when no interfaces configured #770
      + knotd: ZONEMD without DNSSEC not handled correctly
      + knotd: generated catalog zone not updated on config reload #772
      + knotd: zone catalog not verified before its interpretation
      + knotd: ds-push fails to update the parent zone if a CNAME exists for a
        non-terminal node

Version 3.1.3

Monday, October 18, 2021

Improvements:

      + knotd: added simple error logging to orphaned zone purge
      + knotd: allow manual public-only keys for unused algorithm
      + kdig: send ALPN when using DoT or XoT #769
      + doc: various fixes and improvements #767

Bugfixes:

      + knotd: catalog backup doesn't preserve version of the catalog
        implementation
      + knotd: NOTIFY is scheduled even when DNSSEC signing is up-to-date
      + knotd: server can crash when zone difference is inconsistent upon cold
        start
      + knotd: zone not bootstrapped when zone file load failed due to an error
      + knotd: broken AXFR with knot as slave and dnsmasq as master (Thanks to
        Daniel Gr?ber)
      + knotd: journal not able to free up space when zone-in-journal present
        and zonefile written
      + mod-stats: missing protocol counters for TCP over XDP
      + kzonesign: input zone name not lower-cased

Version 3.1.2

Features:

      + knotd: new policy configuration for postponing complete deletion of
        previous keys
      + keymgr: new optional pretty mode (-b) of listing keys
      + kdig: added support for TCP keepopen #503

Improvements:

      + knotd: configuration item values can contain UTF-8 characters
      + knotd: added configuration check for database storage writability
      + knotd: better error reporting if zone is empty
      + knotd: smaller journal database chunks in order to mitigate LMDB
        fragmentation
      + knotd/kxdpgun: CAP_SYS_RESOURCE capability no longer needed for XDP on
        Linux >= 5.11

Bugfixes:

      + knotd: incomplete NSEC3 proof in response to opt-outed empty
        non-terminal
      + knotd: wrong SOA serial handling when enabling signing on already
        existing secondary zone
      + knotd: defective ZONEMD verification error reporting when loading zone
        #759
      + knotd: server can crash when reloading catalog zone #761
      + knotd: DNSSEC validation doesn't work when only NSEC3 chain changes
      +
        knotd: DNSSEC validation doesn't check if empty non-terminal over
            non-opt-outed
            delegation isn't opt-outed too

      + knotd: ZONEMD generation doesn't cause flushing zone to disk #758
      + knotd: incorrect evaluation of ACL deny rule in combination with TSIG
      + knotd: failed DS-check is replaned even if no key is ready
      + kdig: abort when query times out #763
      + libzscanner: missing output overflow check in the SVCB parsing

Compatibility:

      + keymgr: parameter -d is marked deprecated in favor of new parameter -D
      + kjournalprint: parameter -n is marked deprecated in favor of new
        parameter -x

Version 3.1.1

Improvements:

      + keymgr: import-bind sets publish and active timers to now if missing
        timers #747
      + mod-rrl: added QNAME, which triggered an action, to log messages #757
      + systemd: added environment variable for setting maximum configuration
        DB size

Bugfixes:

      + knotd: adding RRSIGs to a signed zone can lead to redundant RRSIGs for
        some NSEC(3)s
      + knotd: code not compiled correctly for ARM on Fedora >= 33
      + knotd: server can crash when opening catalog DB on startup
      + knotd: incorrect catalog update counts in logs
      + knotd: journal discontinuity and zone-in-journal result in incorrectly
        calculated journal occupation
      + kdig: +noall does not filter out AUTHORITY comment #749
      + tests: journal unit test not passing if memory page size is different
        from 4096

Reverts:

      + libzscanner: reverted "omitted TTL value is correctly set to the last
        explicitly stated value (RFC 1035)" #751
Files:
RevisionActionfile
1.67modifypkgsrc/net/knot/Makefile
1.40modifypkgsrc/net/knot/distinfo