- Update from version 1.5.11 to 1.6.3 - Update of rootfile - Changelog is not available in source tarball. Only source for changes is the git repository https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/log/
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/keyutils | 14 +++++++++++++- lfs/keyutils | 8 ++++---- 2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/config/rootfiles/common/keyutils b/config/rootfiles/common/keyutils index 10058de1c..d4a166e4e 100644 --- a/config/rootfiles/common/keyutils +++ b/config/rootfiles/common/keyutils @@ -1,9 +1,11 @@ bin/keyctl +etc/keyutils etc/request-key.conf etc/request-key.d #lib/libkeyutils.so lib/libkeyutils.so.1 -lib/libkeyutils.so.1.7 +lib/libkeyutils.so.1.10 +#lib/pkgconfig/libkeyutils.pc sbin/key.dns_resolver sbin/request-key #usr/include/keyutils.h @@ -13,6 +15,7 @@ sbin/request-key #usr/share/man/man3/find_key_by_type_and_name.3 #usr/share/man/man3/keyctl.3 #usr/share/man/man3/keyctl_assume_authority.3 +#usr/share/man/man3/keyctl_capabilities.3 #usr/share/man/man3/keyctl_chown.3 #usr/share/man/man3/keyctl_clear.3 #usr/share/man/man3/keyctl_describe.3 @@ -29,7 +32,13 @@ sbin/request-key #usr/share/man/man3/keyctl_invalidate.3 #usr/share/man/man3/keyctl_join_session_keyring.3 #usr/share/man/man3/keyctl_link.3 +#usr/share/man/man3/keyctl_move.3 #usr/share/man/man3/keyctl_negate.3 +#usr/share/man/man3/keyctl_pkey_decrypt.3 +#usr/share/man/man3/keyctl_pkey_encrypt.3 +#usr/share/man/man3/keyctl_pkey_query.3 +#usr/share/man/man3/keyctl_pkey_sign.3 +#usr/share/man/man3/keyctl_pkey_verify.3 #usr/share/man/man3/keyctl_read.3 #usr/share/man/man3/keyctl_read_alloc.3 #usr/share/man/man3/keyctl_reject.3 @@ -42,9 +51,12 @@ sbin/request-key #usr/share/man/man3/keyctl_setperm.3 #usr/share/man/man3/keyctl_unlink.3 #usr/share/man/man3/keyctl_update.3 +#usr/share/man/man3/keyctl_watch_key.3 #usr/share/man/man3/recursive_key_scan.3 #usr/share/man/man3/recursive_session_key_scan.3 +#usr/share/man/man5/key.dns_resolver.conf.5 #usr/share/man/man5/request-key.conf.5 +#usr/share/man/man7/asymmetric-key.7 #usr/share/man/man7/keyutils.7 #usr/share/man/man8/key.dns_resolver.8 #usr/share/man/man8/request-key.8 diff --git a/lfs/keyutils b/lfs/keyutils index cbc4956ee..293ae510d 100644 --- a/lfs/keyutils +++ b/lfs/keyutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,10 +24,10 @@
include Config
-VER = 1.5.11 +VER = 1.6.3
THISAPP = keyutils-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1a601b7036bcfe69b6272ae2b4fad44cbb22877aa94722fa26460f8addf105ff8898e851ad7c4f28bc755f7fe293c74bc70cffbe877978e462bc21c428c9a11d +$(DL_FILE)_BLAKE2 = b5620b1b6109415fec1268963c2c65d774f3ef7a69eb1ce8d5d8e78b4b807e4fdfda861662a1b5556975ef867add8f985362a31b6608ac2dc198c8d0395d516b
install : $(TARGET)
- Update from version 3.1.7 to 3.2.4 - Update of rootfile - find-dependencies run and only thing showing as depending on the libs are knot itself. - Changelog Knot DNS 3.2.4 (2022-12-12) Improvements: - knotd: significant speed-up of catalog zone update processing - knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh - knotd: reworked zone re-bootstrap scheduling to be less progressive - mod-synthrecord: module can work with CIDR-style reverse zones #826 - python: new libknot wrappers for some dname transformation functions - doc: a few fixes and improvements Bugfixes: - knotd: incomplete zone is received when IXFR falls back to AXFR due to connection timeout if primary puts initial SOA only to the first message - knotd: first zone re-bootstrap is planned after 24 hours - knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone - knotd: catalog zone can expire upon EDNS EXPIRE processing - knotd: DNSSEC signing doesn't fail if no offline KSK records available Knot DNS 3.2.3 (2022-11-20) Improvements: - knotd: new per-zone DS push configuration option (see 'zone.ds-push') - libs: upgraded embedded libngtcp2 to 0.11.0 Bugfixes: - knsupdate: program crashes when sending an update - knotd: server drops more responses over UDP under higher load - knotd: missing EDNS padding in responses over QUIC - knotd: some memory issues when handling unusual QUIC traffic - kxdpgun: broken IPv4 source subnet processing - kdig: incorrect handling of unsent data over QUIC Knot DNS 3.2.2 (2022-11-01) Features: - knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode - knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay') - kdig: support for JSON (RFC 8427) output format (see '+json') - kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk) Improvements: - mod-geoip: module respects the server configuration of answer rotation - libs: upgraded embedded libngtcp2 to 0.10.0 - tests: improved robustness of some unit tests - doc: added description of zone bootstrap re-planning Bugfixes: - knotd: catalog confusion when a member is added and immediately deleted #818 - knotd: defective handling of short messages with PROXYv2 header #816 - knotd: inconsistent processing of malformed messages with PROXYv2 header #817 - kxdpgun: incorrect XDP mode is logged - packaging: outdated dependency check in RPM packages Knot DNS 3.2.1 (2022-09-09) Improvements: - libknot: added compatibility with libbpf 1.0 and libxdp - libknot: removed some trailing white space characters from textual RR format - libs: upgraded embedded libngtcp2 to 0.8.1 Bugfixes: - knotd: some non-DNS packets not passed to OS if XDP mode enabled - knotd: inappropriate log about QUIC port change if QUIC not enabled - knotd/kxdpgun: various memory leaks related to QUIC and TCP - kxdpgun: can crash at high rates in emulated XDP mode - tests: broken XDP-TCP test on 32-bit platforms - kdig: failed to build with enabled QUIC on OpenBSD - systemd: failed to start server due to TemporaryFileSystem setting - packaging: missing knot-dnssecutils package on CentOS 7 Knot DNS 3.2.0 (2022-08-22) Features: - knotd: finalized TCP over XDP implementation - knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic') - knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management') - knotd: support for remote grouping in configuration (see 'groups' section) - knotd: implemented EDNS Expire option (RFC 7314) - knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1 - knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762 - knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label') - knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https - keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens) - kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter) - kdig: new DNS over QUIC support (see '+quic') Improvements: - knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS - knotd: RRSIG refresh values don't have to match in the mode Offline KSK - knotd: better decision whether AXFR fallback is needed upon a refresh error - knotd: NSEC3 resalt event was merged with the DNSSEC event - knotd: server logs when the connection to remote was taken from the pool - knotd: server logs zone expiration time when the zone is loaded - knotd: DS check verifies removal of old DS during algorithm rollover - knotd: DNSSEC-related records can be updated via DDNS - knotd: new 'xdp.udp' configuration option for disabling UDP over XDP - knotd: outgoing NOTIFY is replanned if failed - knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones - knotd: DNSSEC-related zone semantic checks use DNSSEC validation - knotd: new configuration value 'query' for setting ACL action - knotd: new check on near end of imported Offline KSK records - knotd/knotc: implemented zone catalog purge, including orphaned member zones - knotc: interactive mode supports catalog zone completion, value completion, and more - knotc: new default brief and colorized output from zone status - knotc: unified empty values in zone status output - keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode - kjournalprint: path to journal DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D') - kcatalogprint: path to catalog DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D') - kzonesign: added automatic configuration file detection and '-C' parameter for configuration DB specificaion - kzonesign: all CPU threads are used for DNSSEC validation - libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765 - libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780 - libknot: reduced memory consumption of the XDP mode - libknot: XDP filter supports up to 256 NIC queues - kxdpgun: new options for specifying source and remote MAC addresses - utils: extended logging of LMDB-related errors - utils: improved error outputs - kdig: query has AD bit set by default - doc: various improvements Bugfixes: - knotd: zone changeset is stored to journal even if disabled - knotd: journal not applied to zone file if zone file changed during reload - knotd: possible out-of-order processing or postponed zone events to far future - knotd: incorrect TTL is used if updated RRSet is empty over control interface - knotd/libs: serial arithmetics not used for RRSIG expiration processing - knsupdate: incorrect RRTYPE in the question section Compatibility: - knotd: default value for 'zone.journal-max-depth' was lowered to 20 - knotd: default value for 'policy.nsec3-iterations' was lowered to 0 - knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL - knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low - knotd: configuration option 'server.listen-xdp' has no effect - knotd: new configuration check on deprecated DNSSEC algorithm - knotc: new '-e' parameter for full zone status output - keymgr: new '-e' parameter for full key list output - keymgr: brief key listing mode is enabled by default - keymgr: renamed parameter '-d' to '-D' - knsupdate: default TTL is set to 3600 - knsupdate: default zone is empty - kjournalprint: renamed parameter '-c' to '-H' - python/libknot: removed compatibility with Python 2 Packaging: - systemd: removed knot.tmpfile - systemd: added some hardening options - distro: Debian 9 and Ubuntu 16.04 no longer supported - distro: packages for CentOS 7 are built in a separate COPR repository - kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils Knot DNS 3.1.9 (2022-08-10) Improvements: - knotd: new configuration checks on unsupported catalog settings - knotd: semantic check issues have notice log level in the soft mode - keymgr: command generate-ksr automatically sets 'from' parameter to last offline KSK records' timestamp if it's not specified - keymgr: command show-offline starts from the first offline KSK record set if 'from' parameter isn't specified - kcatalogprint: new parameters for filtering catalog or member zone - mod-probe: default rate limit was increased to 100000 - libknot: default control timeout was increased to 30 seconds - python/libknot: various exceptions are raised from class KnotCtl - doc: some improvements Bugfixes: - knotd: incomplete outgoing IXFR is responded if journal history is inconsistent - knotd: manually triggered zone flush is suppressed if disabled zone synchronization - knotd: failed to configure XDP listen interface without port specification - knotd: de-cataloged member zone's file isn't deleted #805 - knotd: member zone leaks memory when reloading catalog during dynamic configuration change - knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei) - knotd: server crashes during shutdown if PKCS #11 keystore is used - keymgr: command del-all-old isn't applied to all keys in the removed state - kxdpgun: user specified network interface isn't used - libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins) Knot DNS 3.1.8 (2022-04-28) Features: - knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl') - knotd: new soft zone semantic check mode for allowing defective zone loading - knotc: added zone transfer freeze state to the zone status output Improvements: - knotd: added configuration check for serial policy of generated catalogs Bugfixes: - knotd/libknot: the server can crash when validating a malformed TSIG record - knotd: outgoing zone transfer freeze not preserved during server reload - knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790 - knotd: zone refresh not started if planned during server reload - knotd: generated catalogs can be queried over UDP - knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/knot | 8 ++++---- lfs/knot | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot index 79e86141d..6660b27d1 100644 --- a/config/rootfiles/common/knot +++ b/config/rootfiles/common/knot @@ -4,12 +4,12 @@ usr/bin/kdig #usr/lib/libdnssec.la #usr/lib/libdnssec.lai #usr/lib/libdnssec.so -usr/lib/libdnssec.so.8 -usr/lib/libdnssec.so.8.0.0 +usr/lib/libdnssec.so.9 +usr/lib/libdnssec.so.9.0.0 #usr/lib/libknot.la #usr/lib/libknot.lai #usr/lib/libknot.so -usr/lib/libknot.so.12 -usr/lib/libknot.so.12.0.0 +usr/lib/libknot.so.13 +usr/lib/libknot.so.13.0.0 #usr/lib/libknotus.a #usr/lib/libknotus.la diff --git a/lfs/knot b/lfs/knot index 0c0c033c0..feb3c8931 100644 --- a/lfs/knot +++ b/lfs/knot @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.1.7 +VER = 3.2.4
THISAPP = knot-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = d0e5c999c1b4bca89b86ad956dd91643f795fcba94757e34c44e3e6b925030c332da9cb0bfd72d6ae0f32b3016a8c50d821cfcc513268682dd6b5715714d9047 +$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 3.1.7 to 3.2.4
- Update of rootfile
- find-dependencies run and only thing showing as depending on the libs are knot itself.
- Changelog Knot DNS 3.2.4 (2022-12-12) Improvements:
Bugfixes:
- knotd: significant speed-up of catalog zone update processing
- knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
- knotd: reworked zone re-bootstrap scheduling to be less progressive
- mod-synthrecord: module can work with CIDR-style reverse zones #826
- python: new libknot wrappers for some dname transformation functions
- doc: a few fixes and improvements
Knot DNS 3.2.3 (2022-11-20) Improvements:
- knotd: incomplete zone is received when IXFR falls back to AXFR due to connection timeout if primary puts initial SOA only to the first message
- knotd: first zone re-bootstrap is planned after 24 hours
- knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone
- knotd: catalog zone can expire upon EDNS EXPIRE processing
- knotd: DNSSEC signing doesn't fail if no offline KSK records available
Bugfixes:
- knotd: new per-zone DS push configuration option (see 'zone.ds-push')
- libs: upgraded embedded libngtcp2 to 0.11.0
Knot DNS 3.2.2 (2022-11-01) Features:
- knsupdate: program crashes when sending an update
- knotd: server drops more responses over UDP under higher load
- knotd: missing EDNS padding in responses over QUIC
- knotd: some memory issues when handling unusual QUIC traffic
- kxdpgun: broken IPv4 source subnet processing
- kdig: incorrect handling of unsent data over QUIC
Improvements:
- knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
- knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay')
- kdig: support for JSON (RFC 8427) output format (see '+json')
- kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)
Bugfixes:
- mod-geoip: module respects the server configuration of answer rotation
- libs: upgraded embedded libngtcp2 to 0.10.0
- tests: improved robustness of some unit tests
- doc: added description of zone bootstrap re-planning
Knot DNS 3.2.1 (2022-09-09) Improvements:
- knotd: catalog confusion when a member is added and immediately deleted #818
- knotd: defective handling of short messages with PROXYv2 header #816
- knotd: inconsistent processing of malformed messages with PROXYv2 header #817
- kxdpgun: incorrect XDP mode is logged
- packaging: outdated dependency check in RPM packages
Bugfixes:
- libknot: added compatibility with libbpf 1.0 and libxdp
- libknot: removed some trailing white space characters from textual RR format
- libs: upgraded embedded libngtcp2 to 0.8.1
Knot DNS 3.2.0 (2022-08-22) Features:
- knotd: some non-DNS packets not passed to OS if XDP mode enabled
- knotd: inappropriate log about QUIC port change if QUIC not enabled
- knotd/kxdpgun: various memory leaks related to QUIC and TCP
- kxdpgun: can crash at high rates in emulated XDP mode
- tests: broken XDP-TCP test on 32-bit platforms
- kdig: failed to build with enabled QUIC on OpenBSD
- systemd: failed to start server due to TemporaryFileSystem setting
- packaging: missing knot-dnssecutils package on CentOS 7
Improvements:
- knotd: finalized TCP over XDP implementation
- knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic')
- knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management')
- knotd: support for remote grouping in configuration (see 'groups' section)
- knotd: implemented EDNS Expire option (RFC 7314)
- knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1
- knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762
- knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label')
- knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
- keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens)
- kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter)
- kdig: new DNS over QUIC support (see '+quic')
Bugfixes:
- knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS
- knotd: RRSIG refresh values don't have to match in the mode Offline KSK
- knotd: better decision whether AXFR fallback is needed upon a refresh error
- knotd: NSEC3 resalt event was merged with the DNSSEC event
- knotd: server logs when the connection to remote was taken from the pool
- knotd: server logs zone expiration time when the zone is loaded
- knotd: DS check verifies removal of old DS during algorithm rollover
- knotd: DNSSEC-related records can be updated via DDNS
- knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
- knotd: outgoing NOTIFY is replanned if failed
- knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones
- knotd: DNSSEC-related zone semantic checks use DNSSEC validation
- knotd: new configuration value 'query' for setting ACL action
- knotd: new check on near end of imported Offline KSK records
- knotd/knotc: implemented zone catalog purge, including orphaned member zones
- knotc: interactive mode supports catalog zone completion, value completion, and more
- knotc: new default brief and colorized output from zone status
- knotc: unified empty values in zone status output
- keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
- kjournalprint: path to journal DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D')
- kcatalogprint: path to catalog DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D')
- kzonesign: added automatic configuration file detection and '-C' parameter for configuration DB specificaion
- kzonesign: all CPU threads are used for DNSSEC validation
- libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765
- libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780
- libknot: reduced memory consumption of the XDP mode
- libknot: XDP filter supports up to 256 NIC queues
- kxdpgun: new options for specifying source and remote MAC addresses
- utils: extended logging of LMDB-related errors
- utils: improved error outputs
- kdig: query has AD bit set by default
- doc: various improvements
Compatibility:
- knotd: zone changeset is stored to journal even if disabled
- knotd: journal not applied to zone file if zone file changed during reload
- knotd: possible out-of-order processing or postponed zone events to far future
- knotd: incorrect TTL is used if updated RRSet is empty over control interface
- knotd/libs: serial arithmetics not used for RRSIG expiration processing
- knsupdate: incorrect RRTYPE in the question section
Packaging:
- knotd: default value for 'zone.journal-max-depth' was lowered to 20
- knotd: default value for 'policy.nsec3-iterations' was lowered to 0
- knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL
- knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low
- knotd: configuration option 'server.listen-xdp' has no effect
- knotd: new configuration check on deprecated DNSSEC algorithm
- knotc: new '-e' parameter for full zone status output
- keymgr: new '-e' parameter for full key list output
- keymgr: brief key listing mode is enabled by default
- keymgr: renamed parameter '-d' to '-D'
- knsupdate: default TTL is set to 3600
- knsupdate: default zone is empty
- kjournalprint: renamed parameter '-c' to '-H'
- python/libknot: removed compatibility with Python 2
Knot DNS 3.1.9 (2022-08-10) Improvements:
- systemd: removed knot.tmpfile
- systemd: added some hardening options
- distro: Debian 9 and Ubuntu 16.04 no longer supported
- distro: packages for CentOS 7 are built in a separate COPR repository
- kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils
Bugfixes:
- knotd: new configuration checks on unsupported catalog settings
- knotd: semantic check issues have notice log level in the soft mode
- keymgr: command generate-ksr automatically sets 'from' parameter to last offline KSK records' timestamp if it's not specified
- keymgr: command show-offline starts from the first offline KSK record set if 'from' parameter isn't specified
- kcatalogprint: new parameters for filtering catalog or member zone
- mod-probe: default rate limit was increased to 100000
- libknot: default control timeout was increased to 30 seconds
- python/libknot: various exceptions are raised from class KnotCtl
- doc: some improvements
Knot DNS 3.1.8 (2022-04-28) Features:
- knotd: incomplete outgoing IXFR is responded if journal history is inconsistent
- knotd: manually triggered zone flush is suppressed if disabled zone synchronization
- knotd: failed to configure XDP listen interface without port specification
- knotd: de-cataloged member zone's file isn't deleted #805
- knotd: member zone leaks memory when reloading catalog during dynamic configuration change
- knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei)
- knotd: server crashes during shutdown if PKCS #11 keystore is used
- keymgr: command del-all-old isn't applied to all keys in the removed state
- kxdpgun: user specified network interface isn't used
- libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)
Improvements:
- knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl')
- knotd: new soft zone semantic check mode for allowing defective zone loading
- knotc: added zone transfer freeze state to the zone status output
Bugfixes:
- knotd: added configuration check for serial policy of generated catalogs
- knotd/libknot: the server can crash when validating a malformed TSIG record
- knotd: outgoing zone transfer freeze not preserved during server reload
- knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790
- knotd: zone refresh not started if planned during server reload
- knotd: generated catalogs can be queried over UDP
- knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/knot | 8 ++++---- lfs/knot | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/config/rootfiles/common/knot b/config/rootfiles/common/knot index 79e86141d..6660b27d1 100644 --- a/config/rootfiles/common/knot +++ b/config/rootfiles/common/knot @@ -4,12 +4,12 @@ usr/bin/kdig #usr/lib/libdnssec.la #usr/lib/libdnssec.lai #usr/lib/libdnssec.so -usr/lib/libdnssec.so.8 -usr/lib/libdnssec.so.8.0.0 +usr/lib/libdnssec.so.9 +usr/lib/libdnssec.so.9.0.0 #usr/lib/libknot.la #usr/lib/libknot.lai #usr/lib/libknot.so -usr/lib/libknot.so.12 -usr/lib/libknot.so.12.0.0 +usr/lib/libknot.so.13 +usr/lib/libknot.so.13.0.0 #usr/lib/libknotus.a #usr/lib/libknotus.la diff --git a/lfs/knot b/lfs/knot index 0c0c033c0..feb3c8931 100644 --- a/lfs/knot +++ b/lfs/knot @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.1.7 +VER = 3.2.4
THISAPP = knot-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = d0e5c999c1b4bca89b86ad956dd91643f795fcba94757e34c44e3e6b925030c332da9cb0bfd72d6ae0f32b3016a8c50d821cfcc513268682dd6b5715714d9047 +$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1
install : $(TARGET)
- Update from version 2.13.1 to 2.14 - Update of rootfile - Changelog 2.14 Featured release lcms2 now implements ICC specification 4.4 New multi-threaded plug-in several fixes to keep fuzzers happy Remove check on DLL when CMS_NO_REGISTER_KEYWORD is used Added more validation against broken profiles Add more help to several tools
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/lcms2 | 2 +- lfs/lcms2 | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/lcms2 b/config/rootfiles/common/lcms2 index 17300a91a..696e95cd7 100644 --- a/config/rootfiles/common/lcms2 +++ b/config/rootfiles/common/lcms2 @@ -8,7 +8,7 @@ #usr/lib/liblcms2.la #usr/lib/liblcms2.so usr/lib/liblcms2.so.2 -usr/lib/liblcms2.so.2.0.13 +usr/lib/liblcms2.so.2.0.14 #usr/lib/pkgconfig/lcms2.pc #usr/share/man/man1/jpgicc.1 #usr/share/man/man1/linkicc.1 diff --git a/lfs/lcms2 b/lfs/lcms2 index bf317cdb2..c769f1b08 100644 --- a/lfs/lcms2 +++ b/lfs/lcms2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.13.1 +VER = 2.14
THISAPP = lcms2-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ff4815fc4bcea94dc942f8072741c592f1bbde9c8e997f4e21e36cd271062a341ecc9b1f3c56e3e36ec19091fec049ee9faf75df04c2bc1e11174dc4cfe8da9e +$(DL_FILE)_BLAKE2 = 777b0bf65829121a3d32bca1ab936ac022f9af739bccdd02d5f86688c3386b974f526a012bdec4d36649566eea0aa659db317dd383eede6488236d601156a0f9
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 2.13.1 to 2.14
- Update of rootfile
- Changelog 2.14 Featured release lcms2 now implements ICC specification 4.4 New multi-threaded plug-in several fixes to keep fuzzers happy Remove check on DLL when CMS_NO_REGISTER_KEYWORD is used Added more validation against broken profiles Add more help to several tools
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/lcms2 | 2 +- lfs/lcms2 | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/lcms2 b/config/rootfiles/common/lcms2 index 17300a91a..696e95cd7 100644 --- a/config/rootfiles/common/lcms2 +++ b/config/rootfiles/common/lcms2 @@ -8,7 +8,7 @@ #usr/lib/liblcms2.la #usr/lib/liblcms2.so usr/lib/liblcms2.so.2 -usr/lib/liblcms2.so.2.0.13 +usr/lib/liblcms2.so.2.0.14 #usr/lib/pkgconfig/lcms2.pc #usr/share/man/man1/jpgicc.1 #usr/share/man/man1/linkicc.1 diff --git a/lfs/lcms2 b/lfs/lcms2 index bf317cdb2..c769f1b08 100644 --- a/lfs/lcms2 +++ b/lfs/lcms2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.13.1 +VER = 2.14
THISAPP = lcms2-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = ff4815fc4bcea94dc942f8072741c592f1bbde9c8e997f4e21e36cd271062a341ecc9b1f3c56e3e36ec19091fec049ee9faf75df04c2bc1e11174dc4cfe8da9e +$(DL_FILE)_BLAKE2 = 777b0bf65829121a3d32bca1ab936ac022f9af739bccdd02d5f86688c3386b974f526a012bdec4d36649566eea0aa659db317dd383eede6488236d601156a0f9
install : $(TARGET)
- Update from version 590 to 608 - Update of rootfile not required - Changelog Major changes between "less" versions 590 and 608 * Add the --header option (github #43). * Add the --no-number-headers option (github #178). * Add the --status-line option. * Add the --redraw-on-quit option (github #36). * Add the --search-options option (github #213). * Add the --exit-follow-on-close option (github #244). * Add 'H' color type to set color of header lines. * Add #version conditional to lesskey. * Add += syntax to variable section in lesskey files. * Allow option name in -- command to end with '=' in addition to '\n'. * Add $HOME/.config to possible locations of lesskey file (github #153). * Add $XDG_STATE_HOME and $HOME/.local/state to possible locations of history file (github #223). * Don't read or write history file in secure mode (github #201). * Fix display of multibyte and double-width chars in prompt. * Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08 (github #188). * Add more \k codes to lesskey format. * Fix bug when empty file is modified while viewing it. * Fix bug when parsing a malformed lesskey file (githb #234). * Fix bug scrolling history when --incsearch is set (github #214). * Fix buffer overflow when invoking lessecho with more than 63 -m/-n options (github #198). * Fix buffer overflow in bin_file (github #271). * Fix bug restoring color at end of highlighted text. * Fix bug in parsing lesskey file. * Defer moving cursor to lower left in some more cases. * Suppress TAB filename expansion in some cases where it doesn't make sense. * Fix termlib detection when compiler doesn't accept calls to undeclared functions. * Fix bug in input of non-ASCII characters on Windows (github #247) * Escape filenames when invoking LESSCLOSE. * Fix bug using multibyte UTF-8 char in search string with --incsearch (github #273).
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/less | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/less b/lfs/less index f99718c6b..0ba8938f2 100644 --- a/lfs/less +++ b/lfs/less @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 590 +VER = 608
THISAPP = less-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0f640f1b6b4d4925c4904ee77460e8becd2dae168fe5c1483bf6a9cfabe9eb0abdc4d4811507ba88a2b4cff6c238158bd8b4463b63d3d7863b44ce8538d32adb +$(DL_FILE)_BLAKE2 = 988940745fef1222c43b0bf4edec7cc7206ded0ac5d89d3faf4dab706a249913581c2fe7aa6063cf3d717176ed07b69299d3e791ba8a60358483fe9d1bf7f7c6
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 590 to 608
- Update of rootfile not required
- Changelog Major changes between "less" versions 590 and 608
- Add the --header option (github #43).
- Add the --no-number-headers option (github #178).
- Add the --status-line option.
- Add the --redraw-on-quit option (github #36).
- Add the --search-options option (github #213).
- Add the --exit-follow-on-close option (github #244).
- Add 'H' color type to set color of header lines.
- Add #version conditional to lesskey.
- Add += syntax to variable section in lesskey files.
- Allow option name in -- command to end with '=' in addition to '\n'.
- Add $HOME/.config to possible locations of lesskey file (github #153).
- Add $XDG_STATE_HOME and $HOME/.local/state to possible locations of history file (github #223).
- Don't read or write history file in secure mode (github #201).
- Fix display of multibyte and double-width chars in prompt.
- Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08 (github #188).
- Add more \k codes to lesskey format.
- Fix bug when empty file is modified while viewing it.
- Fix bug when parsing a malformed lesskey file (githb #234).
- Fix bug scrolling history when --incsearch is set (github #214).
- Fix buffer overflow when invoking lessecho with more than 63 -m/-n options (github #198).
- Fix buffer overflow in bin_file (github #271).
- Fix bug restoring color at end of highlighted text.
- Fix bug in parsing lesskey file.
- Defer moving cursor to lower left in some more cases.
- Suppress TAB filename expansion in some cases where it doesn't make sense.
- Fix termlib detection when compiler doesn't accept calls to undeclared functions.
- Fix bug in input of non-ASCII characters on Windows (github #247)
- Escape filenames when invoking LESSCLOSE.
- Fix bug using multibyte UTF-8 char in search string with --incsearch (github #273).
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
lfs/less | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/less b/lfs/less index f99718c6b..0ba8938f2 100644 --- a/lfs/less +++ b/lfs/less @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 590 +VER = 608
THISAPP = less-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0f640f1b6b4d4925c4904ee77460e8becd2dae168fe5c1483bf6a9cfabe9eb0abdc4d4811507ba88a2b4cff6c238158bd8b4463b63d3d7863b44ce8538d32adb +$(DL_FILE)_BLAKE2 = 988940745fef1222c43b0bf4edec7cc7206ded0ac5d89d3faf4dab706a249913581c2fe7aa6063cf3d717176ed07b69299d3e791ba8a60358483fe9d1bf7f7c6
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 1.5.11 to 1.6.3
- Update of rootfile
- Changelog is not available in source tarball. Only source for changes is the git repository https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/log/
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/keyutils | 14 +++++++++++++- lfs/keyutils | 8 ++++---- 2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/config/rootfiles/common/keyutils b/config/rootfiles/common/keyutils index 10058de1c..d4a166e4e 100644 --- a/config/rootfiles/common/keyutils +++ b/config/rootfiles/common/keyutils @@ -1,9 +1,11 @@ bin/keyctl +etc/keyutils etc/request-key.conf etc/request-key.d #lib/libkeyutils.so lib/libkeyutils.so.1 -lib/libkeyutils.so.1.7 +lib/libkeyutils.so.1.10 +#lib/pkgconfig/libkeyutils.pc sbin/key.dns_resolver sbin/request-key #usr/include/keyutils.h @@ -13,6 +15,7 @@ sbin/request-key #usr/share/man/man3/find_key_by_type_and_name.3 #usr/share/man/man3/keyctl.3 #usr/share/man/man3/keyctl_assume_authority.3 +#usr/share/man/man3/keyctl_capabilities.3 #usr/share/man/man3/keyctl_chown.3 #usr/share/man/man3/keyctl_clear.3 #usr/share/man/man3/keyctl_describe.3 @@ -29,7 +32,13 @@ sbin/request-key #usr/share/man/man3/keyctl_invalidate.3 #usr/share/man/man3/keyctl_join_session_keyring.3 #usr/share/man/man3/keyctl_link.3 +#usr/share/man/man3/keyctl_move.3 #usr/share/man/man3/keyctl_negate.3 +#usr/share/man/man3/keyctl_pkey_decrypt.3 +#usr/share/man/man3/keyctl_pkey_encrypt.3 +#usr/share/man/man3/keyctl_pkey_query.3 +#usr/share/man/man3/keyctl_pkey_sign.3 +#usr/share/man/man3/keyctl_pkey_verify.3 #usr/share/man/man3/keyctl_read.3 #usr/share/man/man3/keyctl_read_alloc.3 #usr/share/man/man3/keyctl_reject.3 @@ -42,9 +51,12 @@ sbin/request-key #usr/share/man/man3/keyctl_setperm.3 #usr/share/man/man3/keyctl_unlink.3 #usr/share/man/man3/keyctl_update.3 +#usr/share/man/man3/keyctl_watch_key.3 #usr/share/man/man3/recursive_key_scan.3 #usr/share/man/man3/recursive_session_key_scan.3 +#usr/share/man/man5/key.dns_resolver.conf.5 #usr/share/man/man5/request-key.conf.5 +#usr/share/man/man7/asymmetric-key.7 #usr/share/man/man7/keyutils.7 #usr/share/man/man8/key.dns_resolver.8 #usr/share/man/man8/request-key.8 diff --git a/lfs/keyutils b/lfs/keyutils index cbc4956ee..293ae510d 100644 --- a/lfs/keyutils +++ b/lfs/keyutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,10 +24,10 @@
include Config
-VER = 1.5.11 +VER = 1.6.3
THISAPP = keyutils-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1a601b7036bcfe69b6272ae2b4fad44cbb22877aa94722fa26460f8addf105ff8898e851ad7c4f28bc755f7fe293c74bc70cffbe877978e462bc21c428c9a11d +$(DL_FILE)_BLAKE2 = b5620b1b6109415fec1268963c2c65d774f3ef7a69eb1ce8d5d8e78b4b807e4fdfda861662a1b5556975ef867add8f985362a31b6608ac2dc198c8d0395d516b
install : $(TARGET)
-
Adolf Belka -
Peter Müller