Subject: CVS commit: pkgsrc/net/knot
From: Ryo ONODERA
Date: 2024-03-24 16:07:31
Message id: 20240324150731.DDFA8FA2C@cvs.NetBSD.org
Log Message:
knot: Update to 3.3.5

Changelog:
Version 3.3.5

Features:

      + knotd: new module mod-authsignal for automatic authenticated DNSSEC
        bootstrapping records synthesis (Thanks to Peter Thomassen)
      + kzonecheck: new optional ZONEMD verification (see option '-z')

Improvements:

      + knotd: new DNSSEC key rollover log informs about next planned key
        action
      + knotd, kzonecheck: added limit on non-matching keys with a duplicate
        keytag
      + knot-exporter: added counter-type variant for each metric (Thanks to
        Marcel Koch)
      + libs: upgraded embedded libngtcp2 to 1.3.0
      + doc: various fixes and updates

Bugfixes:

      + knotd, kzonecheck: failed to validate RRSIG if there are more keys with
        the same keytag
      + knotd, kzonecheck: failed to validate zone with more CSK keys
      + libknot: insufficient check for malformed TCP header options over XDP
      + libzscanner: incorrect alpn processing #923

Version 3.3.4

Features:

      + knotd: new configuration item for clearing configuration sections (see
        'clear')
      + knotc: configuration import can preserve database contents (see
        '+nopurge' flag)
      + kxdpgun: new parameter for setting UDP payload size in EDNS (see
        '--edns-size') #915

Improvements:

      + knotd: extended configuration check for 'zonefile-load' and
        'journal-content'
      + knotd: lowered check limit for additional NSEC3 iterations to 0
      + knotd: lowered severity level of an informational backup log
      + knotd: better log message when flushing the journal
      + knotd: zone restore checks if requested contents are in the provided
        backup
      + knotc: '+quic' is default for zone backup, '+noquic' is default for
        zone restore
      + kdig: better processing of timeouts and reduced sent datagrams over
        QUIC
      + kdig: no retries are attempted over QUIC
      + keymgr: improved compatibility with bind9-generated keys
      + libs: some improvements in XDP buffer allocation
      + libs: upgraded embedded libngtcp2 to 1.2.0
      + doc: various fixes and updates

Bugfixes:

      + knotd: failed to build on macOS #909
      + knotd: 'nsec3-salt-lifetime: -1' doesn't work if 'ixfr-from-axfr' is
        enabled
      + knotd: unnecessarily updated RRSIGs if 'ixfr-from-axfr' and signing are
        enabled
      + knotc: zone check complains about missing zone file #913
      + kdig: failed to try another target address over QUIC
      + libknot: infinite loop in knot_rrset_to_wire_extra() #916
Files:
RevisionActionfile
1.82modifypkgsrc/net/knot/Makefile
1.47modifypkgsrc/net/knot/distinfo