Navigation:
Browse pkgsrc
(this page)| 2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429) |
Log message: *: recursive bump for icu 76 shlib major version bump |
| 2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426) |
Log message: *: revbump for icu downgrade |
| 2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427) |
Log message: *: recursive bump for icu 76.1 shlib bump |
2024-10-31 14:33:47 by Ryo ONODERA | Files touched by this commit (2) |  |
Log message:
net/knot: Update to 3.4.2
CHangelog:
3.4.2:
Improvements:
+ knotd: new warning log upon every incremental update if previous zone
signing failed
+ mod-cookies: support for two secret values specification
+ keymgr: key pregenerate works even when a KSK exists
+ libs: upgraded embedded libngtcp2 to 1.8.1
Bugfixes:
+ knotd: server can crash when processing just a terminal label as QNAME
+ knotd: failed to compile if no atomic operations available
+ kjournalprint: failed to merge zone-in-journal if followed by a
non-first changeset
+ knot-exporter: faulty escape sequence in time value parsing
+ knot-exporter: failed to parse zone-status output
+ kxdpgun: periodic statistics doesn't work correctly for longer time
periods
|
| 2024-10-24 15:43:09 by Ryo ONODERA | Files touched by this commit (3) | |
Log message:
net/knot: Update to 3.4.1
Changelog:
Version 3.4.1
Features:
+ knotd: ACL configuration allows protocol specification (see
'acl.protocol')
+ knotc: support for benevolent zone updates (see zone-begin with
'+benevolent')
+ knotd: implemented TLS session resumption
+ kjournalprint: added print merged changesets mode (see '-M')
+ libknot: added NXNAME meta type (Thanks to Jan V?el??k)
Improvements:
+ knotd: DNSKEY synchronization event logs removed/added CDS and (C)
DNSKEYs
+ knotd: control command log message contains filters and flags in the
debug mode
+ knotc: zone status prints running, pending, and frozen duration
+ knotd,knotc: unification of control flags and filters
+ keymgr: key listing reports configured keys that are inaccessible
+ libs: upgraded embedded libngtcp2 to 1.8.0
+ doc: various fixes and updates
Bugfixes:
+ knotd: missing support for IPv6 link local address configuration
+ knotd: zone reload occasionally causes a core dump #939 (Thanks to
solidcc2)
+ knotd: race condition in DDNS over QUIC processing
+ knotd: imperfect signal handling on some auxiliary threads
+ knotd: EDNS EXPIRE not updated when zone signing results in up-to-date
+ knotd: failed to reload autogenerated QUIC/TLS key after process
ownership change
+ knotc: zone backup filter +keysonly doesn't disable other defaults
+ kxdpgun: failed to receive more data over QUIC until 1-RTT handshake is
done
+ knsupdate: memory leak if rdata parsing fails
+ doc: failed to install manual pages from a tarball
+ Dockerfile: TCP port 853 not exposed for DoT
Version 3.4.0
Features:
+ knotd: full DNS over TLS (DoT, RFC 7858) implementation (see 'DNS over
TLS')
+ knotd: bidirectional XFR over TLS (XoT) support with opportunistic,
strict, and mutual authentication profiles
+ knotd: support for DDNS over QUIC and TLS
+ knotd: DNSSEC validation requires the remaining RRSIG validity is
longer than 'rrsig-refresh'
+ knotd: new event for automatic DNSSEC revalidation
+ knotd: if enabled DNSSEC signing, EDNS expire is adjusted to the
earliest RRSIG expiration
+ knotd: added support for libdbus as an alternative to systemd dbus (see
'--enable-dbus=libdbus' configure parameter)
+ knotd: new XDP-related configuration options (see 'xdp.ring-size',
'xdp.busypoll-budget', and 'xdp.busypoll-timeout')
+ knotc: new command for explicit triggering DNSSEC validation (see
'zone-validate' command)
+ keymgr: SKR verification requires end of DNSKEY RRSIG validity covers
next DNSKEY snapshot
+ kdig: +nocrypto applies also to CERT, DS, SSHFP, DHCID, TLSA, ZONEMD,
and TSIG
+ knsupdate: added support for DDNS over QUIC and TLS (see '-Q' and '-S'
parameters)
+ kxdpgun: support for reading a binary input file (see '-B' parameter)
+ kxdpgun: support for output in JSON (see '-j' parameter)
+ kxdpgun: support for periodical output (see '-S' parameter)
+ mod-rrl: module offers limiting of non-UDP protocols based on consumed
time (see 'mod-rrl.time-rate-limit' and 'mod-rrl.time-instant-limit')
+ utils: -VV option for listing compile time configuration summary
Improvements:
+ knotd: up to eight DDNS queries can be queued per zone when frozen
+ knotd: the number of created/validated RRSIGs is logged
+ knotd: overhaul of atomic operations usage
+ knotd: unified DNAME semantic errors with the CNAME ones (see 'Handling
CNAME and DNAME-related updates')
+ knotd: better DDNS pre-check to prevent dropping a bulk of updates
+ knotd: extended SOA presence semantic checks
+ knotd: disallowed concurrent control zone and config transactions to
avoid deadlock
+ knotd: disallowed opening zone transaction when blocking command is
running to avoid deadlock
+ knotd: new XDP statistic counters
+ knotd: remote zone serial is logged upon received incoming transfer
+ knotd: zone backup stores and zone restore checks the CPU architecture
compatibility
+ knotd: time configuration options support 'w', 'M', and 'y' units
+ knotd: some control commands can be processed asynchronously
+ knotc: zone backup overwrites already existing backupdir in the force
mode
+ kdig: EDNS is enabled by default
+ kdig: the default EDNS payload size was lowered to 1232
+ mod-rrl: completely reimplemented UDP rate limiting using an efficient
query-counting mechanism on several address prefix lengths
+ mod-rrl: module no longer requires explicit configuration
+ libknot: various XDP improvements and new configuration parameters
+ docker: increased -D_FORTIFY_SOURCE to 3
Bugfixes:
+ knotd: deadlock during zone-ksk-submitted processing of a frozen zone
+ kxdpgun: race condition in SIGUSR1 signal processing
+ doc: parallel build is unreliable #928
Compatibility:
+ configure: increase minimal GnuTLS version to 3.6.10
+ configure: removed deprecated libidn 1 support
+ configure: removed liburcu search fallback
+ configure: required GCC or LLVM Clang compiler with C11 support
+ knotd: removed already ignored obsolete configuration options
+ keymgr: removed legacy parameter '--brief'
+ kjournalprint: removed legacy parameter '--no-color'
+ kjournalprint: removed legacy database specification without '--dir'
+ kcatalogprint: removed legacy database specification without '--dir'
+ packaging: CentOS 7, Debian 10, and Ubuntu 18.04 no longer supported
+ doc: removed info pages
Version 3.3.9
Improvements:
+ libknot: added EDE code 30
+ libknot: improved performance of knot_rrset_to_wire_extra()
+ libs: upgraded embedded libngtcp2 to 1.7.0
+ doc: various fixes and updates
Bugfixes:
+ keymgr: pregenerate clears future timestamps of old keys and creates
new keys
+ mod-dnsproxy: defective TSIG processing
+ mod-dnsproxy: TCP not detected in the XDP mode
+ kxdpgun: unsuccessful interface initialization leaks memory
+ packaging: libknot not installed with python3-libknot
|
| 2024-07-29 22:38:15 by Ryo ONODERA | Files touched by this commit (2) | |
Log message:
net/knot: Update to 3.3.8
Version 3.3.8
Monday, July 22, 2024
Features:
+ libzscanner,libknot: added support for 'dohpath' and 'ohttp' SVCB
parameters
+ libzscanner,libknot: added support for WALLET rrtype
+ keymgr: new commands for keystore testing (see 'keystore-test' and
'keystore-bench')
+ knotd: new configuration option for setting default TTL (see
'zone.default-ttl')
Improvements:
+ libknot: added error codes to better describe some failures
Bugfixes:
+ knotd: DNSSEC signing doesn't remove NSEC records for non-authoritative
nodes
+ knotd: DNSSEC signing not scheduled on secondary if nothing to be
reloaded
+ libknot: TCP over XDP doesn't ignore SYN+ACK packets on the server side
Version 3.3.7
Tuesday, June 25, 2024
Improvements:
+ libs: upgraded embedded libngtcp2 to 1.6.0
Bugfixes:
+ knotd: insufficient metadata check can cause journal corruption
+ knotd: missing zone timers initialization upon purge
+ knotd: missing RCU lock in zone flush and refresh
+ knotd: defective assert in zone refresh
Version 3.3.6
Wednesday, June 12, 2024
Features:
+ knotd: configurable control socket backlog size (see 'control.backlog')
+ knotd: optional configuration of congruency of generated keytags (see
'policy.keytag-modulo')
+ knotc: support for exporting configuration schema in JSON (see
'conf-export') #912
+ mod-dnstap: configuration of sink allows TCP address specification
Improvements:
+ knotd: last-signed serial is stored to KASP even if not a secondary
zone
+ knotd: allowed catalog role member in a catalog template configuration
+ knotd: some references in a zone configuration can be set empty to
override a template
+ knotd: allowed zone backup during a zone transaction
+ knotd: add remote TSIG key name to outgoing event logs
+ knotc: zone backup with '+keysonly' silently uses all defaults as 'off'
+ kxdpgun: host name can be used for target specification
+ libs: upgraded embedded libngtcp2 to 1.5.0
+ doc: various fixes and updates
Bugfixes:
+ knotd: reset TCP connection not removed from a connection pool
+ knotd: server wrongly tries to remove removed ZONEMD
+ knotd: failed to parse empty list from a textual configuration
+ knotd: blocking zone signing in combination with an open transaction
causes a deadlock
+ knotd: missing RCU lock when sending NOTIFY
+ kdig: QNAME letter case isn't preserved if IDN is enabled
+ kdig: failed to parse empty QNAME (do not fill question section)
+ kxdpgun: floating point exception on SIGUSR1 #927
+ libknot: incorrect handling of regular QUIC tokens in incoming initials
+ python: failed to set an empty configuration value
|
| 2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1929) | |
Log message: revbump after icu and protobuf updates |
| 2024-05-16 08:15:47 by Thomas Klausner | Files touched by this commit (692) |
Log message: *: recursive bump for gnutls p11-kit option (existing installations need the bl3.mk included, but it's now only optionally included) |
| 2024-03-24 16:07:31 by Ryo ONODERA | Files touched by this commit (2) | |
Log message:
knot: Update to 3.3.5
Changelog:
Version 3.3.5
Features:
+ knotd: new module mod-authsignal for automatic authenticated DNSSEC
bootstrapping records synthesis (Thanks to Peter Thomassen)
+ kzonecheck: new optional ZONEMD verification (see option '-z')
Improvements:
+ knotd: new DNSSEC key rollover log informs about next planned key
action
+ knotd, kzonecheck: added limit on non-matching keys with a duplicate
keytag
+ knot-exporter: added counter-type variant for each metric (Thanks to
Marcel Koch)
+ libs: upgraded embedded libngtcp2 to 1.3.0
+ doc: various fixes and updates
Bugfixes:
+ knotd, kzonecheck: failed to validate RRSIG if there are more keys with
the same keytag
+ knotd, kzonecheck: failed to validate zone with more CSK keys
+ libknot: insufficient check for malformed TCP header options over XDP
+ libzscanner: incorrect alpn processing #923
Version 3.3.4
Features:
+ knotd: new configuration item for clearing configuration sections (see
'clear')
+ knotc: configuration import can preserve database contents (see
'+nopurge' flag)
+ kxdpgun: new parameter for setting UDP payload size in EDNS (see
'--edns-size') #915
Improvements:
+ knotd: extended configuration check for 'zonefile-load' and
'journal-content'
+ knotd: lowered check limit for additional NSEC3 iterations to 0
+ knotd: lowered severity level of an informational backup log
+ knotd: better log message when flushing the journal
+ knotd: zone restore checks if requested contents are in the provided
backup
+ knotc: '+quic' is default for zone backup, '+noquic' is default for
zone restore
+ kdig: better processing of timeouts and reduced sent datagrams over
QUIC
+ kdig: no retries are attempted over QUIC
+ keymgr: improved compatibility with bind9-generated keys
+ libs: some improvements in XDP buffer allocation
+ libs: upgraded embedded libngtcp2 to 1.2.0
+ doc: various fixes and updates
Bugfixes:
+ knotd: failed to build on macOS #909
+ knotd: 'nsec3-salt-lifetime: -1' doesn't work if 'ixfr-from-axfr' is
enabled
+ knotd: unnecessarily updated RRSIGs if 'ixfr-from-axfr' and signing are
enabled
+ knotc: zone check complains about missing zone file #913
+ kdig: failed to try another target address over QUIC
+ libknot: infinite loop in knot_rrset_to_wire_extra() #916
|
| 2023-12-17 14:22:05 by Ryo ONODERA | Files touched by this commit (2) | |
Log message:
knot: Update to 3.3.3
Changelog:
Version 3.3.3
Wednesday, December 13, 2023
Features:
+ knotd: new 'pattern' mode of ACL update owner matching (see
'acl.update-owner-match')
+ knotc: new '+keysonly' filter for zone backup/restore
Improvements:
+ knotd: zone purging waits for finished zone expiration for better
reliability
+ knotd: remote configuration considers more 'via' with the same address
family
+ knotd: refresh doesn't fall back from IXFR to AXFR upon a network error
+ knotd: increased default for 'policy.rrsig-refresh' by (0.1 *
'rrsig-lifetime')
+ knotd: new control flag 'u' for unix time output format from zone
status
+ knotd: extended check for inconsistent acl settings
+ knotd/libknot: simplified TCP/QUIC sweep logging
+ mod-dnsproxy: all configured remote addresses are used for fallback
operation
+ mod-dnsproxy: module responds locally if forwarding fails instead of
SERVFAIL
+ libs: upgraded embedded libngtcp2 to 1.1.0
+ doc: various fixes and extensions
Bugfixes:
+ knotd: zone backup fails due to improper backup context
deinitialization #891
+ knotd: failed to sign the zone if maximum zone's TTL is too high
+ knotd: malformed TCP header if used with QUIC in the generic XDP mode
+ knotd: server can crash when processing new TCP connections over XDP
+ knotd: incorrect initialization of TCP limits
+ knotd: orphaned PEM file not deleted when key generation fails
+ knotd/libknot: connection timeouts over QUIC due to incomplete
retransfer handling #894
+ kdig: crashed when querying DNS over TLS if TLS handshake times out #
896
+ kzonecheck: failed to check DS with SHA-1 or GOST if not supported by
local policy
+ libdnssec: failed to compile with GnuTLS if PKCS #11 support is
disabled
|
New packages: