- Update from version 3.3.8 to 3.4.2 - Update of rootfile - Changelog 3.4.2 Improvements: - knotd: new warning log upon every incremental update if previous zone signing failed - mod-cookies: support for two secret values specification - keymgr: key pregenerate works even when a KSK exists - libs: upgraded embedded libngtcp2 to 1.8.1 Bugfixes: - knotd: server can crash when processing just a terminal label as QNAME - knotd: failed to compile if no atomic operations available - kjournalprint: failed to merge zone-in-journal if followed by a non-first changeset - knot-exporter: faulty escape sequence in time value parsing - knot-exporter: failed to parse zone-status output - kxdpgun: periodic statistics doesn't work correctly for longer time periods 3.4.1 Features: - knotd: ACL configuration allows protocol specification (see 'acl.protocol') - knotc: support for benevolent zone updates (see zone-begin with '+benevolent') - knotd: implemented TLS session resumption - knotd: pending TLS connections leak memory when the server shuts down - kjournalprint: added print merged changesets mode (see '-M') - libknot: added NXNAME meta type (Thanks to Jan Včelák) Improvements: - knotd: DNSKEY synchronization event logs removed/added *DNSKEYs - knotd: control command log message contains filters and flags in the debug mode - knotc: zone status prints running, pending, and frozen duration - knotd,knotc: unification of control flags and filters - keymgr: key listing reports configured keys that are inaccessible - libs: upgraded embedded libngtcp2 to 1.8.0 - doc: various fixes and updates Bugfixes: - knotd: missing support for IPv6 link local address configuration - knotd: zone reload occasionally causes a core dump #939 (Thanks to lidcc2) - knotd: race condition in DDNS over QUIC processing - knotd: imperfect signal handling on some auxiliary threads - knotd: EDNS EXPIRE not updated when zone signing results in up-to-date - knotd: failed to reload autogenerated QUIC/TLS key after process ownership change - knotc: zone backup filter +keysonly doesn't disable other defaults - kxdpgun: failed to receive more data over QUIC until 1-RTT handshake is done - knsupdate: memory leak if rdata parsing fails - doc: failed to install manual pages from a tarball - Dockerfile: TCP port 853 not exposed for DoT 3.4.0 Features: - knotd: full DNS over TLS (DoT, RFC 7858) implementation (see 'DNS over TLS') - knotd: bidirectional XFR over TLS (XoT) support with opportunistic, strict, and mutual authentication profiles - knotd: support for DDNS over QUIC and TLS - knotd: DNSSEC validation requires the remaining RRSIG validity is longer than 'rrsig-refresh' - knotd: new event for automatic DNSSEC revalidation - knotd: if enabled DNSSEC signing, EDNS expire is adjusted to the earliest RRSIG expiration - knotd: added support for libdbus as an alternative to systemd dbus (see '--enable-dbus=libdbus' configure parameter) - knotd: new XDP-related configuration options (see 'xdp.ring-size', 'xdp.busypoll-budget', and 'xdp.busypoll-timeout') - knotc: new command for explicit triggering DNSSEC validation (see 'zone-validate' command) - keymgr: SKR verification requires end of DNSKEY RRSIG validity covers next DNSKEY snapshot - kdig: +nocrypto applies also to CERT, DS, SSHFP, DHCID, TLSA, ZONEMD, and TSIG - knsupdate: added support for DDNS over QUIC and TLS (see '-Q' and '-S' parameters) - kxdpgun: support for reading a binary input file (see '-B' parameter) - kxdpgun: support for output in JSON (see '-j' parameter) - kxdpgun: support for periodical output (see '-S' parameter) - mod-rrl: module offers limiting of non-UDP protocols based on consumed time (see 'mod-rrl.time-rate-limit' and 'mod-rrl.time-instant-limit') - utils: -VV option for listing compile time configuration summary Improvements: - knotd: up to eight DDNS queries can be queued per zone when frozen - knotd: the number of created/validated RRSIGs is logged - knotd: overhaul of atomic operations usage - knotd: unified DNAME semantic errors with the CNAME ones (see 'Handling CNAME and DNAME-related updates') - knotd: better DDNS pre-check to prevent dropping a bulk of updates - knotd: extended SOA presence semantic checks - knotd: disallowed concurrent control zone and config transactions to avoid deadlock - knotd: disallowed opening zone transaction when blocking command is running to avoid deadlock - knotd: new XDP statistic counters - knotd: remote zone serial is logged upon received incoming transfer - knotd: zone backup stores and zone restore checks the CPU architecture compatibility - knotd: time configuration options support 'w', 'M', and 'y' units - knotd: some control commands can be processed asynchronously - knotc: zone backup overwrites already existing backupdir in the force mode - kdig: EDNS is enabled by default - kdig: the default EDNS payload size was lowered to 1232 - mod-rrl: completely reimplemented UDP rate limiting using an efficient query-counting mechanism on several address prefix lengths - mod-rrl: module no longer requires explicit configuration - libknot: various XDP improvements and new configuration parameters - docker: increased -D_FORTIFY_SOURCE to 3 Bugfixes: - knotd: deadlock during zone-ksk-submitted processing of a frozen zone - kxdpgun: race condition in SIGUSR1 signal processing - doc: parallel build is unreliable #928 Compatibility: - configure: increase minimal GnuTLS version to 3.6.10 - configure: removed deprecated libidn 1 support - configure: removed liburcu search fallback - configure: required GCC or LLVM Clang compiler with C11 support - knotd: removed already ignored obsolete configuration options - keymgr: removed legacy parameter '--brief' - kjournalprint: removed legacy parameter '--no-color' - kjournalprint: removed legacy database specification without '--dir' - kcatalogprint: removed legacy database specification without '--dir' - packaging: CentOS 7, Debian 10, and Ubuntu 18.04 no longer supported - doc: removed info pages 3.3.9 Improvements: - libknot: added EDE code 30 - libknot: improved performance of knot_rrset_to_wire_extra() - libs: upgraded embedded libngtcp2 to 1.7.0 - doc: various fixes and updates Bugfixes: - keymgr: pregenerate clears future timestamps of old keys and creates new keys - mod-dnsproxy: defective TSIG processing - mod-dnsproxy: TCP not detected in the XDP mode - kxdpgun: unsuccessful interface initialization leaks memory - packaging: libknot not installed with python3-libknot
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/knot | 4 ++-- lfs/knot | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot index 0fc076c10..5d0ab19d3 100644 --- a/config/rootfiles/common/knot +++ b/config/rootfiles/common/knot @@ -9,7 +9,7 @@ usr/lib/libdnssec.so.9.0.0 #usr/lib/libknot.la #usr/lib/libknot.lai #usr/lib/libknot.so -usr/lib/libknot.so.14 -usr/lib/libknot.so.14.0.0 +usr/lib/libknot.so.15 +usr/lib/libknot.so.15.0.0 #usr/lib/libknotus.a #usr/lib/libknotus.la diff --git a/lfs/knot b/lfs/knot index a016f3f91..6645c7be5 100644 --- a/lfs/knot +++ b/lfs/knot @@ -24,7 +24,7 @@
include Config
-VER = 3.3.8 +VER = 3.4.2
THISAPP = knot-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = a51e756f34d8641b2bc8ce32cb37c68c19ce1b5e13e981647e165634644ee005bb0a31b869148d50b3cd0a040f6952857df726e8ff67c5a46204270fa02396c5 +$(DL_FILE)_BLAKE2 = 0b633b27b22665db243bc4222f05028a17ee7ec6ba5960ff1cfe503d27bf3d26218f771cb15b70bbf8782898bcc7748bd5c27d55747607a1d93f784cdadddad7
install : $(TARGET)