Message ID | 20230101140715.3041415-2-adolf.belka@ipfire.org |
---|---|
State | Accepted |
Commit | 3816b8b5bcbbcb258e12b51e50f8ecf70c930f63 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NlLRM4p2Lz3xl0 for <patchwork@web04.haj.ipfire.org>; Sun, 1 Jan 2023 14:07:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NlLRH6kzqz11n; Sun, 1 Jan 2023 14:07:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NlLRH2trfz2ylF; Sun, 1 Jan 2023 14:07:23 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NlLRF4sqvz2xm5 for <development@lists.ipfire.org>; Sun, 1 Jan 2023 14:07:21 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4NlLRF3SStzm6; Sun, 1 Jan 2023 14:07:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1672582041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PKp+0BkDOhlfGY/JMfkhPu6UnJWbeIe/GKB9miQvaPg=; b=P2HJ2Pqdbj2Tra+7Vd2vbs9Tom2PIjfhkjTOd2bH6YE9h9J9Krr8HOUVHlGBeULOkPw8Ol zlw6pZ1c2+s8qkAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1672582041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PKp+0BkDOhlfGY/JMfkhPu6UnJWbeIe/GKB9miQvaPg=; b=Y26yf6aqGbeg3R+xalDfX8ITS6qFOlN1mPwCunW9zTghk7tdqxT1i9y+fdsrhrCVyCAhO5 C3E6PTWSj1TyqcVjZnfAmF/RJD34qKaoPAV95AbhZnI7ulOwV2vki4Iqld/OksVglxf6eA LRTaXl8BBxfKxj3ZTKvszpI/1xkiXHXS8hHOgHcT58ZxfHHnxHvK/+gszkvsyGz1chk2Ci dtklba9V4DaPAVIEIeZoZU/bQOrowBRtT4JTtqQH1Q96UddYqbGFUnqtBrz8E3H90crbyh k6sHsMzwW4CDa/zS5WS7RvdiBeSSqc8YzlaWVDyHaFUfn0xOet3yx+gJha8fJg== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] knot: Update to version 3.2.4 Date: Sun, 1 Jan 2023 15:07:13 +0100 Message-Id: <20230101140715.3041415-2-adolf.belka@ipfire.org> In-Reply-To: <20230101140715.3041415-1-adolf.belka@ipfire.org> References: <20230101140715.3041415-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
knot: Update to version 3.2.4
|
|
Commit Message
Adolf Belka
Jan. 1, 2023, 2:07 p.m. UTC
- Update from version 3.1.7 to 3.2.4
- Update of rootfile
- find-dependencies run and only thing showing as depending on the libs are knot itself.
- Changelog
Knot DNS 3.2.4 (2022-12-12)
Improvements:
- knotd: significant speed-up of catalog zone update processing
- knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
- knotd: reworked zone re-bootstrap scheduling to be less progressive
- mod-synthrecord: module can work with CIDR-style reverse zones #826
- python: new libknot wrappers for some dname transformation functions
- doc: a few fixes and improvements
Bugfixes:
- knotd: incomplete zone is received when IXFR falls back to AXFR due to
connection timeout if primary puts initial SOA only to the first message
- knotd: first zone re-bootstrap is planned after 24 hours
- knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone
- knotd: catalog zone can expire upon EDNS EXPIRE processing
- knotd: DNSSEC signing doesn't fail if no offline KSK records available
Knot DNS 3.2.3 (2022-11-20)
Improvements:
- knotd: new per-zone DS push configuration option (see 'zone.ds-push')
- libs: upgraded embedded libngtcp2 to 0.11.0
Bugfixes:
- knsupdate: program crashes when sending an update
- knotd: server drops more responses over UDP under higher load
- knotd: missing EDNS padding in responses over QUIC
- knotd: some memory issues when handling unusual QUIC traffic
- kxdpgun: broken IPv4 source subnet processing
- kdig: incorrect handling of unsent data over QUIC
Knot DNS 3.2.2 (2022-11-01)
Features:
- knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
- knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay')
- kdig: support for JSON (RFC 8427) output format (see '+json')
- kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)
Improvements:
- mod-geoip: module respects the server configuration of answer rotation
- libs: upgraded embedded libngtcp2 to 0.10.0
- tests: improved robustness of some unit tests
- doc: added description of zone bootstrap re-planning
Bugfixes:
- knotd: catalog confusion when a member is added and immediately deleted #818
- knotd: defective handling of short messages with PROXYv2 header #816
- knotd: inconsistent processing of malformed messages with PROXYv2 header #817
- kxdpgun: incorrect XDP mode is logged
- packaging: outdated dependency check in RPM packages
Knot DNS 3.2.1 (2022-09-09)
Improvements:
- libknot: added compatibility with libbpf 1.0 and libxdp
- libknot: removed some trailing white space characters from textual RR format
- libs: upgraded embedded libngtcp2 to 0.8.1
Bugfixes:
- knotd: some non-DNS packets not passed to OS if XDP mode enabled
- knotd: inappropriate log about QUIC port change if QUIC not enabled
- knotd/kxdpgun: various memory leaks related to QUIC and TCP
- kxdpgun: can crash at high rates in emulated XDP mode
- tests: broken XDP-TCP test on 32-bit platforms
- kdig: failed to build with enabled QUIC on OpenBSD
- systemd: failed to start server due to TemporaryFileSystem setting
- packaging: missing knot-dnssecutils package on CentOS 7
Knot DNS 3.2.0 (2022-08-22)
Features:
- knotd: finalized TCP over XDP implementation
- knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic')
- knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management')
- knotd: support for remote grouping in configuration (see 'groups' section)
- knotd: implemented EDNS Expire option (RFC 7314)
- knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1
- knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762
- knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label')
- knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
- keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens)
- kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter)
- kdig: new DNS over QUIC support (see '+quic')
Improvements:
- knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS
- knotd: RRSIG refresh values don't have to match in the mode Offline KSK
- knotd: better decision whether AXFR fallback is needed upon a refresh error
- knotd: NSEC3 resalt event was merged with the DNSSEC event
- knotd: server logs when the connection to remote was taken from the pool
- knotd: server logs zone expiration time when the zone is loaded
- knotd: DS check verifies removal of old DS during algorithm rollover
- knotd: DNSSEC-related records can be updated via DDNS
- knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
- knotd: outgoing NOTIFY is replanned if failed
- knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones
- knotd: DNSSEC-related zone semantic checks use DNSSEC validation
- knotd: new configuration value 'query' for setting ACL action
- knotd: new check on near end of imported Offline KSK records
- knotd/knotc: implemented zone catalog purge, including orphaned member zones
- knotc: interactive mode supports catalog zone completion, value completion, and more
- knotc: new default brief and colorized output from zone status
- knotc: unified empty values in zone status output
- keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
- kjournalprint: path to journal DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kcatalogprint: path to catalog DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kzonesign: added automatic configuration file detection and '-C' parameter
for configuration DB specificaion
- kzonesign: all CPU threads are used for DNSSEC validation
- libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765
- libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780
- libknot: reduced memory consumption of the XDP mode
- libknot: XDP filter supports up to 256 NIC queues
- kxdpgun: new options for specifying source and remote MAC addresses
- utils: extended logging of LMDB-related errors
- utils: improved error outputs
- kdig: query has AD bit set by default
- doc: various improvements
Bugfixes:
- knotd: zone changeset is stored to journal even if disabled
- knotd: journal not applied to zone file if zone file changed during reload
- knotd: possible out-of-order processing or postponed zone events to far future
- knotd: incorrect TTL is used if updated RRSet is empty over control interface
- knotd/libs: serial arithmetics not used for RRSIG expiration processing
- knsupdate: incorrect RRTYPE in the question section
Compatibility:
- knotd: default value for 'zone.journal-max-depth' was lowered to 20
- knotd: default value for 'policy.nsec3-iterations' was lowered to 0
- knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL
- knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low
- knotd: configuration option 'server.listen-xdp' has no effect
- knotd: new configuration check on deprecated DNSSEC algorithm
- knotc: new '-e' parameter for full zone status output
- keymgr: new '-e' parameter for full key list output
- keymgr: brief key listing mode is enabled by default
- keymgr: renamed parameter '-d' to '-D'
- knsupdate: default TTL is set to 3600
- knsupdate: default zone is empty
- kjournalprint: renamed parameter '-c' to '-H'
- python/libknot: removed compatibility with Python 2
Packaging:
- systemd: removed knot.tmpfile
- systemd: added some hardening options
- distro: Debian 9 and Ubuntu 16.04 no longer supported
- distro: packages for CentOS 7 are built in a separate COPR repository
- kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils
Knot DNS 3.1.9 (2022-08-10)
Improvements:
- knotd: new configuration checks on unsupported catalog settings
- knotd: semantic check issues have notice log level in the soft mode
- keymgr: command generate-ksr automatically sets 'from' parameter to last
offline KSK records' timestamp if it's not specified
- keymgr: command show-offline starts from the first offline KSK record set
if 'from' parameter isn't specified
- kcatalogprint: new parameters for filtering catalog or member zone
- mod-probe: default rate limit was increased to 100000
- libknot: default control timeout was increased to 30 seconds
- python/libknot: various exceptions are raised from class KnotCtl
- doc: some improvements
Bugfixes:
- knotd: incomplete outgoing IXFR is responded if journal history is inconsistent
- knotd: manually triggered zone flush is suppressed if disabled zone synchronization
- knotd: failed to configure XDP listen interface without port specification
- knotd: de-cataloged member zone's file isn't deleted #805
- knotd: member zone leaks memory when reloading catalog during dynamic configuration change
- knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei)
- knotd: server crashes during shutdown if PKCS #11 keystore is used
- keymgr: command del-all-old isn't applied to all keys in the removed state
- kxdpgun: user specified network interface isn't used
- libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)
Knot DNS 3.1.8 (2022-04-28)
Features:
- knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl')
- knotd: new soft zone semantic check mode for allowing defective zone loading
- knotc: added zone transfer freeze state to the zone status output
Improvements:
- knotd: added configuration check for serial policy of generated catalogs
Bugfixes:
- knotd/libknot: the server can crash when validating a malformed TSIG record
- knotd: outgoing zone transfer freeze not preserved during server reload
- knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790
- knotd: zone refresh not started if planned during server reload
- knotd: generated catalogs can be queried over UDP
- knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/knot | 8 ++++----
lfs/knot | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > - Update from version 3.1.7 to 3.2.4 > - Update of rootfile > - find-dependencies run and only thing showing as depending on the libs are knot itself. > - Changelog > Knot DNS 3.2.4 (2022-12-12) > Improvements: > - knotd: significant speed-up of catalog zone update processing > - knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh > - knotd: reworked zone re-bootstrap scheduling to be less progressive > - mod-synthrecord: module can work with CIDR-style reverse zones #826 > - python: new libknot wrappers for some dname transformation functions > - doc: a few fixes and improvements > Bugfixes: > - knotd: incomplete zone is received when IXFR falls back to AXFR due to > connection timeout if primary puts initial SOA only to the first message > - knotd: first zone re-bootstrap is planned after 24 hours > - knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone > - knotd: catalog zone can expire upon EDNS EXPIRE processing > - knotd: DNSSEC signing doesn't fail if no offline KSK records available > Knot DNS 3.2.3 (2022-11-20) > Improvements: > - knotd: new per-zone DS push configuration option (see 'zone.ds-push') > - libs: upgraded embedded libngtcp2 to 0.11.0 > Bugfixes: > - knsupdate: program crashes when sending an update > - knotd: server drops more responses over UDP under higher load > - knotd: missing EDNS padding in responses over QUIC > - knotd: some memory issues when handling unusual QUIC traffic > - kxdpgun: broken IPv4 source subnet processing > - kdig: incorrect handling of unsent data over QUIC > Knot DNS 3.2.2 (2022-11-01) > Features: > - knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode > - knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay') > - kdig: support for JSON (RFC 8427) output format (see '+json') > - kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk) > Improvements: > - mod-geoip: module respects the server configuration of answer rotation > - libs: upgraded embedded libngtcp2 to 0.10.0 > - tests: improved robustness of some unit tests > - doc: added description of zone bootstrap re-planning > Bugfixes: > - knotd: catalog confusion when a member is added and immediately deleted #818 > - knotd: defective handling of short messages with PROXYv2 header #816 > - knotd: inconsistent processing of malformed messages with PROXYv2 header #817 > - kxdpgun: incorrect XDP mode is logged > - packaging: outdated dependency check in RPM packages > Knot DNS 3.2.1 (2022-09-09) > Improvements: > - libknot: added compatibility with libbpf 1.0 and libxdp > - libknot: removed some trailing white space characters from textual RR format > - libs: upgraded embedded libngtcp2 to 0.8.1 > Bugfixes: > - knotd: some non-DNS packets not passed to OS if XDP mode enabled > - knotd: inappropriate log about QUIC port change if QUIC not enabled > - knotd/kxdpgun: various memory leaks related to QUIC and TCP > - kxdpgun: can crash at high rates in emulated XDP mode > - tests: broken XDP-TCP test on 32-bit platforms > - kdig: failed to build with enabled QUIC on OpenBSD > - systemd: failed to start server due to TemporaryFileSystem setting > - packaging: missing knot-dnssecutils package on CentOS 7 > Knot DNS 3.2.0 (2022-08-22) > Features: > - knotd: finalized TCP over XDP implementation > - knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic') > - knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management') > - knotd: support for remote grouping in configuration (see 'groups' section) > - knotd: implemented EDNS Expire option (RFC 7314) > - knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1 > - knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762 > - knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label') > - knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https > - keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens) > - kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter) > - kdig: new DNS over QUIC support (see '+quic') > Improvements: > - knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS > - knotd: RRSIG refresh values don't have to match in the mode Offline KSK > - knotd: better decision whether AXFR fallback is needed upon a refresh error > - knotd: NSEC3 resalt event was merged with the DNSSEC event > - knotd: server logs when the connection to remote was taken from the pool > - knotd: server logs zone expiration time when the zone is loaded > - knotd: DS check verifies removal of old DS during algorithm rollover > - knotd: DNSSEC-related records can be updated via DDNS > - knotd: new 'xdp.udp' configuration option for disabling UDP over XDP > - knotd: outgoing NOTIFY is replanned if failed > - knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones > - knotd: DNSSEC-related zone semantic checks use DNSSEC validation > - knotd: new configuration value 'query' for setting ACL action > - knotd: new check on near end of imported Offline KSK records > - knotd/knotc: implemented zone catalog purge, including orphaned member zones > - knotc: interactive mode supports catalog zone completion, value completion, and more > - knotc: new default brief and colorized output from zone status > - knotc: unified empty values in zone status output > - keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode > - kjournalprint: path to journal DB is automatically taken from the configuration, > which can be specified using '-c', '-C' (or '-D') > - kcatalogprint: path to catalog DB is automatically taken from the configuration, > which can be specified using '-c', '-C' (or '-D') > - kzonesign: added automatic configuration file detection and '-C' parameter > for configuration DB specificaion > - kzonesign: all CPU threads are used for DNSSEC validation > - libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765 > - libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780 > - libknot: reduced memory consumption of the XDP mode > - libknot: XDP filter supports up to 256 NIC queues > - kxdpgun: new options for specifying source and remote MAC addresses > - utils: extended logging of LMDB-related errors > - utils: improved error outputs > - kdig: query has AD bit set by default > - doc: various improvements > Bugfixes: > - knotd: zone changeset is stored to journal even if disabled > - knotd: journal not applied to zone file if zone file changed during reload > - knotd: possible out-of-order processing or postponed zone events to far future > - knotd: incorrect TTL is used if updated RRSet is empty over control interface > - knotd/libs: serial arithmetics not used for RRSIG expiration processing > - knsupdate: incorrect RRTYPE in the question section > Compatibility: > - knotd: default value for 'zone.journal-max-depth' was lowered to 20 > - knotd: default value for 'policy.nsec3-iterations' was lowered to 0 > - knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL > - knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low > - knotd: configuration option 'server.listen-xdp' has no effect > - knotd: new configuration check on deprecated DNSSEC algorithm > - knotc: new '-e' parameter for full zone status output > - keymgr: new '-e' parameter for full key list output > - keymgr: brief key listing mode is enabled by default > - keymgr: renamed parameter '-d' to '-D' > - knsupdate: default TTL is set to 3600 > - knsupdate: default zone is empty > - kjournalprint: renamed parameter '-c' to '-H' > - python/libknot: removed compatibility with Python 2 > Packaging: > - systemd: removed knot.tmpfile > - systemd: added some hardening options > - distro: Debian 9 and Ubuntu 16.04 no longer supported > - distro: packages for CentOS 7 are built in a separate COPR repository > - kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils > Knot DNS 3.1.9 (2022-08-10) > Improvements: > - knotd: new configuration checks on unsupported catalog settings > - knotd: semantic check issues have notice log level in the soft mode > - keymgr: command generate-ksr automatically sets 'from' parameter to last > offline KSK records' timestamp if it's not specified > - keymgr: command show-offline starts from the first offline KSK record set > if 'from' parameter isn't specified > - kcatalogprint: new parameters for filtering catalog or member zone > - mod-probe: default rate limit was increased to 100000 > - libknot: default control timeout was increased to 30 seconds > - python/libknot: various exceptions are raised from class KnotCtl > - doc: some improvements > Bugfixes: > - knotd: incomplete outgoing IXFR is responded if journal history is inconsistent > - knotd: manually triggered zone flush is suppressed if disabled zone synchronization > - knotd: failed to configure XDP listen interface without port specification > - knotd: de-cataloged member zone's file isn't deleted #805 > - knotd: member zone leaks memory when reloading catalog during dynamic configuration change > - knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei) > - knotd: server crashes during shutdown if PKCS #11 keystore is used > - keymgr: command del-all-old isn't applied to all keys in the removed state > - kxdpgun: user specified network interface isn't used > - libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins) > Knot DNS 3.1.8 (2022-04-28) > Features: > - knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl') > - knotd: new soft zone semantic check mode for allowing defective zone loading > - knotc: added zone transfer freeze state to the zone status output > Improvements: > - knotd: added configuration check for serial policy of generated catalogs > Bugfixes: > - knotd/libknot: the server can crash when validating a malformed TSIG record > - knotd: outgoing zone transfer freeze not preserved during server reload > - knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790 > - knotd: zone refresh not started if planned during server reload > - knotd: generated catalogs can be queried over UDP > - knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/rootfiles/common/knot | 8 ++++---- > lfs/knot | 6 +++--- > 2 files changed, 7 insertions(+), 7 deletions(-) > > diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot > index 79e86141d..6660b27d1 100644 > --- a/config/rootfiles/common/knot > +++ b/config/rootfiles/common/knot > @@ -4,12 +4,12 @@ usr/bin/kdig > #usr/lib/libdnssec.la > #usr/lib/libdnssec.lai > #usr/lib/libdnssec.so > -usr/lib/libdnssec.so.8 > -usr/lib/libdnssec.so.8.0.0 > +usr/lib/libdnssec.so.9 > +usr/lib/libdnssec.so.9.0.0 > #usr/lib/libknot.la > #usr/lib/libknot.lai > #usr/lib/libknot.so > -usr/lib/libknot.so.12 > -usr/lib/libknot.so.12.0.0 > +usr/lib/libknot.so.13 > +usr/lib/libknot.so.13.0.0 > #usr/lib/libknotus.a > #usr/lib/libknotus.la > diff --git a/lfs/knot b/lfs/knot > index 0c0c033c0..feb3c8931 100644 > --- a/lfs/knot > +++ b/lfs/knot > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # > +# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 3.1.7 > +VER = 3.2.4 > > THISAPP = knot-$(VER) > DL_FILE = $(THISAPP).tar.xz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = d0e5c999c1b4bca89b86ad956dd91643f795fcba94757e34c44e3e6b925030c332da9cb0bfd72d6ae0f32b3016a8c50d821cfcc513268682dd6b5715714d9047 > +$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1 > > install : $(TARGET) >
diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot index 79e86141d..6660b27d1 100644 --- a/config/rootfiles/common/knot +++ b/config/rootfiles/common/knot @@ -4,12 +4,12 @@ usr/bin/kdig #usr/lib/libdnssec.la #usr/lib/libdnssec.lai #usr/lib/libdnssec.so -usr/lib/libdnssec.so.8 -usr/lib/libdnssec.so.8.0.0 +usr/lib/libdnssec.so.9 +usr/lib/libdnssec.so.9.0.0 #usr/lib/libknot.la #usr/lib/libknot.lai #usr/lib/libknot.so -usr/lib/libknot.so.12 -usr/lib/libknot.so.12.0.0 +usr/lib/libknot.so.13 +usr/lib/libknot.so.13.0.0 #usr/lib/libknotus.a #usr/lib/libknotus.la diff --git a/lfs/knot b/lfs/knot index 0c0c033c0..feb3c8931 100644 --- a/lfs/knot +++ b/lfs/knot @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # +# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.1.7 +VER = 3.2.4 THISAPP = knot-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d0e5c999c1b4bca89b86ad956dd91643f795fcba94757e34c44e3e6b925030c332da9cb0bfd72d6ae0f32b3016a8c50d821cfcc513268682dd6b5715714d9047 +$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1 install : $(TARGET)