Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package knot for openSUSE:Factory checked in at 2021-07-08 22:49:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/knot (Old) and /work/SRC/openSUSE:Factory/.knot.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "knot" Thu Jul 8 22:49:20 2021 rev:6 rq:904741 version:3.0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/knot/knot.changes 2021-05-23 00:06:05.690636166 +0200 +++ /work/SRC/openSUSE:Factory/.knot.new.2625/knot.changes 2021-07-08 22:49:40.975883851 +0200 @@ -1,0 +2,6 @@ +Thu Jul 1 09:22:32 UTC 2021 - Michal Hrusecky <[email protected]> + +- update to version 3.0.7, see: + https://www.knot-dns.cz/2021-06-16-version-307.html + +------------------------------------------------------------------- Old: ---- knot-3.0.6.tar.xz knot-3.0.6.tar.xz.asc New: ---- knot-3.0.7.tar.xz knot-3.0.7.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ knot.spec ++++++ --- /var/tmp/diff_new_pack.4ponXS/_old 2021-07-08 22:49:41.507879746 +0200 +++ /var/tmp/diff_new_pack.4ponXS/_new 2021-07-08 22:49:41.511879716 +0200 @@ -45,7 +45,7 @@ %define libzscanner libzscanner3 Name: knot -Version: 3.0.6 +Version: 3.0.7 Release: 0 %define pkg_name knot Summary: An authoritative DNS daemon ++++++ knot-3.0.6.tar.xz -> knot-3.0.7.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/NEWS new/knot-3.0.7/NEWS --- old/knot-3.0.6/NEWS 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/NEWS 2021-06-16 07:01:57.000000000 +0200 @@ -1,3 +1,31 @@ +Knot DNS 3.0.7 (2021-06-16) +=========================== + +Features: +--------- + - knotd: new configuration policy option for CDS digest algorithm setting #738 + - keymgr: new command for primary SOA serial manipulation in on-secondary signing mode + +Improvements: +------------- + - knotd: improved algorithm rollover to shorten the last step of old RRSIG publication + +Bugfixes: +--------- + - knotd: zone is flushed upon server start, despite DNSSEC signing is up-to-date + - knotd: wildcard nonexistence is proved on empty-non-terminal query + - knotd: redundant wildcard proof for non-authoritative data in a reply + - knotd: missing wildcard proofs in a wildcard-cname loop reply + - knotd: incorrectly synthesized CNAME owner from a wildcard record #715 + - knotd: zone-in-journal changeset ignores journal-max-usage limit #736 + - knotd: incorrect processing of zone-in-journal changeset with SOA serial 0 + - knotd: broken initialization of processing workers if SO_REUSEPORT(_LB) not available + - kjournalprint: reported journal usage is incorrect #736 + - keymgr: cannot parse algorithm name ed448 #739 + - keymgr: default key size not set properly + - kdig: failed to process huge DoH responses + - libknot/probe: some corner-case bugs + Knot DNS 3.0.6 (2021-05-12) =========================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/configure new/knot-3.0.7/configure --- old/knot-3.0.6/configure 2021-05-12 10:32:28.000000000 +0200 +++ new/knot-3.0.7/configure 2021-06-16 07:02:06.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for knot 3.0.6. +# Generated by GNU Autoconf 2.69 for knot 3.0.7. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='knot' PACKAGE_TARNAME='knot' -PACKAGE_VERSION='3.0.6' -PACKAGE_STRING='knot 3.0.6' +PACKAGE_VERSION='3.0.7' +PACKAGE_STRING='knot 3.0.7' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1555,7 +1555,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures knot 3.0.6 to adapt to many kinds of systems. +\`configure' configures knot 3.0.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1626,7 +1626,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of knot 3.0.6:";; + short | recursive ) echo "Configuration of knot 3.0.7:";; esac cat <<\_ACEOF @@ -1856,7 +1856,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -knot configure 3.0.6 +knot configure 3.0.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2271,7 +2271,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by knot $as_me 3.0.6, which was +It was created by knot $as_me 3.0.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3137,7 +3137,7 @@ # Define the identity of the package. PACKAGE='knot' - VERSION='3.0.6' + VERSION='3.0.7' cat >>confdefs.h <<_ACEOF @@ -4901,7 +4901,7 @@ KNOT_VERSION_MINOR=0 -KNOT_VERSION_PATCH=6 +KNOT_VERSION_PATCH=7 # Store ./configure parameters and CFLAGS @@ -19040,7 +19040,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by knot $as_me 3.0.6, which was +This file was extended by knot $as_me 3.0.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19106,7 +19106,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -knot config.status 3.0.6 +knot config.status 3.0.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/configure.ac new/knot-3.0.7/configure.ac --- old/knot-3.0.6/configure.ac 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/configure.ac 2021-06-16 07:01:57.000000000 +0200 @@ -2,7 +2,7 @@ m4_define([knot_VERSION_MAJOR], 3)dnl m4_define([knot_VERSION_MINOR], 0)dnl -m4_define([knot_VERSION_PATCH], 6)dnl Leave empty if the master branch! +m4_define([knot_VERSION_PATCH], 7)dnl Leave empty if the master branch! m4_include([m4/knot-version.m4]) AC_INIT([knot], knot_PKG_VERSION, [[email protected]]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/distro/rpm/01-test_net-disable-udp-send-on-unconnected.patch new/knot-3.0.7/distro/rpm/01-test_net-disable-udp-send-on-unconnected.patch --- old/knot-3.0.6/distro/rpm/01-test_net-disable-udp-send-on-unconnected.patch 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/distro/rpm/01-test_net-disable-udp-send-on-unconnected.patch 2021-06-16 07:01:57.000000000 +0200 @@ -1,4 +1,3 @@ -commit 44b5e271a8564370efec3b9e95365aa039e0db61 Author: Tomas Krizek <[email protected]> Date: 2019-02-28 14:26:56 +0100 @@ -11,16 +10,16 @@ Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1675235 diff --git a/tests/contrib/test_net.c b/tests/contrib/test_net.c -index 99a9e3ee3..c8e5e0a25 100644 +index 0a22abbbc..6ec4bda31 100644 --- a/tests/contrib/test_net.c +++ b/tests/contrib/test_net.c @@ -310,10 +310,6 @@ static void test_unconnected(void) r = net_dgram_recv(sock, buffer, buffer_len, TIMEOUT_SHORT); - ok(r == KNOT_ETIMEOUT, "UDP, receive timeout on unconnected socket"); + is_int(KNOT_ETIMEOUT, r, "UDP, receive timeout on unconnected socket"); - struct sockaddr_storage server_addr = addr_from_socket(server); - r = net_dgram_send(sock, buffer, buffer_len, &server_addr); -- ok(r == buffer_len, "UDP, send on defined address"); +- is_int(buffer_len, r, "UDP, send on defined address"); - close(sock); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/doc/Makefile.in new/knot-3.0.7/doc/Makefile.in --- old/knot-3.0.6/doc/Makefile.in 2021-05-12 10:32:30.000000000 +0200 +++ new/knot-3.0.7/doc/Makefile.in 2021-06-16 07:02:08.000000000 +0200 @@ -708,22 +708,22 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DOCS_FALSE@install-info-local: -@HAVE_MAKEINFO_FALSE@install-info-local: -@HAVE_SPHINXBUILD_FALSE@install-info-local: -@HAVE_DOCS_FALSE@info-local: -@HAVE_MAKEINFO_FALSE@info-local: -@HAVE_SPHINXBUILD_FALSE@info-local: -@HAVE_DOCS_FALSE@html-local: -@HAVE_SPHINXBUILD_FALSE@html-local: @HAVE_DOCS_FALSE@install-pdf-local: @HAVE_PDFLATEX_FALSE@install-pdf-local: @HAVE_SPHINXBUILD_FALSE@install-pdf-local: @HAVE_DOCS_FALSE@pdf-local: @HAVE_PDFLATEX_FALSE@pdf-local: @HAVE_SPHINXBUILD_FALSE@pdf-local: +@HAVE_DOCS_FALSE@install-info-local: +@HAVE_MAKEINFO_FALSE@install-info-local: +@HAVE_SPHINXBUILD_FALSE@install-info-local: +@HAVE_DOCS_FALSE@html-local: +@HAVE_SPHINXBUILD_FALSE@html-local: @HAVE_DOCS_FALSE@install-html-local: @HAVE_SPHINXBUILD_FALSE@install-html-local: +@HAVE_DOCS_FALSE@info-local: +@HAVE_MAKEINFO_FALSE@info-local: +@HAVE_SPHINXBUILD_FALSE@info-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/doc/man/keymgr.8in new/knot-3.0.7/doc/man/keymgr.8in --- old/knot-3.0.6/doc/man/keymgr.8in 2021-05-12 10:32:58.000000000 +0200 +++ new/knot-3.0.7/doc/man/keymgr.8in 2021-06-16 07:02:23.000000000 +0200 @@ -123,6 +123,10 @@ (\fBzone\-purge +expire +zonefile +journal\fP) if the server is running, or remove corresponding zone file and journal contents if the server is stopped. .TP +\fBmaster\-serial\fP [\fInew_serial\fP] +Print SOA serial of the remote master stored in KASP database when using on\-secondary DNSSEC signing. +If \fInew_serial\fP is specified, the serial is overwritten (not recommended). +.TP \fBset\fP \fIkey_spec\fP [\fIarguments\fP\&...] Changes a timing argument (or ksk/zsk) of an existing key to a new value. \fIKey_spec\fP is either the key tag or a prefix of the key ID, with an optional \fI[id=|keytag=]\fP prefix; \fIarguments\fP diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/doc/man/knot.conf.5in new/knot-3.0.7/doc/man/knot.conf.5in --- old/knot-3.0.6/doc/man/knot.conf.5in 2021-05-12 10:32:58.000000000 +0200 +++ new/knot-3.0.7/doc/man/knot.conf.5in 2021-06-16 07:02:23.000000000 +0200 @@ -1069,6 +1069,7 @@ ksk\-submission: submission_id ds\-push: remote_id cds\-cdnskey\-publish: none | delete\-dnssec | rollover | always | double\-ds + cds\-digest\-type: sha256 | sha384 offline\-ksk: BOOL .ft P .fi @@ -1379,6 +1380,11 @@ .UNINDENT .sp \fIDefault:\fP rollover +.SS cds\-digest\-type +.sp +Specify digest type for published CDS records. +.sp +\fIDefault:\fP sha256 .SS offline\-ksk .sp Specifies if Offline KSK feature is enabled. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/doc/man_keymgr.rst new/knot-3.0.7/doc/man_keymgr.rst --- old/knot-3.0.6/doc/man_keymgr.rst 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/doc/man_keymgr.rst 2021-06-16 07:01:57.000000000 +0200 @@ -96,6 +96,10 @@ (**zone-purge +expire +zonefile +journal**) if the server is running, or remove corresponding zone file and journal contents if the server is stopped. +**master-serial** [*new_serial*] + Print SOA serial of the remote master stored in KASP database when using on-secondary DNSSEC signing. + If *new_serial* is specified, the serial is overwritten (not recommended). + **set** *key_spec* [*arguments*...] Changes a timing argument (or ksk/zsk) of an existing key to a new value. *Key_spec* is either the key tag or a prefix of the key ID, with an optional *[id=|keytag=]* prefix; *arguments* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/doc/reference.rst new/knot-3.0.7/doc/reference.rst --- old/knot-3.0.6/doc/reference.rst 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/doc/reference.rst 2021-06-16 07:01:57.000000000 +0200 @@ -1176,6 +1176,7 @@ ksk-submission: submission_id ds-push: remote_id cds-cdnskey-publish: none | delete-dnssec | rollover | always | double-ds + cds-digest-type: sha256 | sha384 offline-ksk: BOOL .. _policy_id: @@ -1516,6 +1517,15 @@ *Default:* rollover +.. _policy_cds-digest-type: + +cds-digest-type +--------------- + +Specify digest type for published CDS records. + +*Default:* sha256 + .. _policy_offline-ksk: offline-ksk diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/conf/schema.c new/knot-3.0.7/src/knot/conf/schema.c --- old/knot-3.0.6/src/knot/conf/schema.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/conf/schema.c 2021-06-16 07:01:57.000000000 +0200 @@ -81,6 +81,12 @@ { 0, NULL } }; +static const knot_lookup_t cds_digesttype[] = { + { DNSSEC_KEY_DIGEST_SHA256, "sha256" }, + { DNSSEC_KEY_DIGEST_SHA384, "sha384" }, + { 0, NULL } +}; + const knot_lookup_t acl_actions[] = { { ACL_ACTION_NOTIFY, "notify" }, { ACL_ACTION_TRANSFER, "transfer" }, @@ -344,6 +350,7 @@ { C_DS_PUSH, YP_TREF, YP_VREF = { C_RMT }, YP_FMULTI | CONF_IO_FRLD_ZONES, { check_ref } }, { C_CDS_CDNSKEY, YP_TOPT, YP_VOPT = { cds_cdnskey, CDS_CDNSKEY_ROLLOVER } }, + { C_CDS_DIGESTTYPE, YP_TOPT, YP_VOPT = { cds_digesttype, DNSSEC_KEY_DIGEST_SHA256 } }, { C_OFFLINE_KSK, YP_TBOOL, YP_VNONE, CONF_IO_FRLD_ZONES }, { C_COMMENT, YP_TSTR, YP_VNONE }, { NULL } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/conf/schema.h new/knot-3.0.7/src/knot/conf/schema.h --- old/knot-3.0.6/src/knot/conf/schema.h 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/conf/schema.h 2021-06-16 07:01:57.000000000 +0200 @@ -37,6 +37,7 @@ #define C_CATALOG_ROLE "\x0C""catalog-role" #define C_CATALOG_TPL "\x10""catalog-template" #define C_CDS_CDNSKEY "\x13""cds-cdnskey-publish" +#define C_CDS_DIGESTTYPE "\x0F""cds-digest-type" #define C_CHK_INTERVAL "\x0E""check-interval" #define C_COMMENT "\x07""comment" #define C_CONFIG "\x06""config" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/context.c new/knot-3.0.7/src/knot/dnssec/context.c --- old/knot-3.0.6/src/knot/dnssec/context.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/context.c 2021-06-16 07:01:57.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -102,6 +102,9 @@ val = conf_id_get(conf(), C_POLICY, C_CDS_CDNSKEY, id); policy->cds_cdnskey_publish = conf_opt(&val); + val = conf_id_get(conf(), C_POLICY, C_CDS_DIGESTTYPE, id); + policy->cds_dt = conf_opt(&val); + conf_val_t ksk_sbm = conf_id_get(conf(), C_POLICY, C_KSK_SBM, id); if (ksk_sbm.code == KNOT_EOK) { val = conf_id_get(conf(), C_SBM, C_CHK_INTERVAL, &ksk_sbm); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/ds_query.c new/knot-3.0.7/src/knot/dnssec/ds_query.c --- old/knot-3.0.6/src/knot/dnssec/ds_query.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/ds_query.c 2021-06-16 07:01:57.000000000 +0200 @@ -37,7 +37,7 @@ dnssec_binary_t cds_rdata = { 0 }; - int ret = zone_key_calculate_ds(key, &cds_rdata); + int ret = zone_key_calculate_ds(key, knot_ds_digest_type(ds), &cds_rdata); if (ret != KNOT_EOK) { return false; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/kasp/policy.h new/knot-3.0.7/src/knot/dnssec/kasp/policy.h --- old/knot-3.0.6/src/knot/dnssec/kasp/policy.h 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/kasp/policy.h 2021-06-16 07:01:57.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -121,6 +121,7 @@ uint32_t ksk_sbm_timeout; // like knot_time_t uint32_t ksk_sbm_check_interval; // like knot_time_t unsigned cds_cdnskey_publish; + dnssec_key_digest_t cds_dt; // digest type for CDS parent_dynarray_t parents; uint16_t signing_threads; bool offline_ksk; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/key-events.c new/knot-3.0.7/src/knot/dnssec/key-events.c --- old/knot-3.0.6/src/knot/dnssec/key-events.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/key-events.c 2021-06-16 07:01:57.000000000 +0200 @@ -352,7 +352,7 @@ static knot_time_t alg_remove_time(knot_time_t post_active_time, const kdnssec_ctx_t *ctx) { - return MAX(ksk_remove_time(post_active_time, false, ctx), zsk_remove_time(post_active_time, ctx)); + return knot_time_add(post_active_time, ctx->policy->propagation_delay + ctx->policy->saved_key_ttl); } static roll_action_t next_action(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flags) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/zone-events.c new/knot-3.0.7/src/knot/dnssec/zone-events.c --- old/knot-3.0.6/src/knot/dnssec/zone-events.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/zone-events.c 2021-06-16 07:01:57.000000000 +0200 @@ -214,7 +214,10 @@ if (zone_update_no_change(update) && !knot_zone_sign_soa_expired(update->new_cont, &keyset, &ctx)) { log_zone_info(zone_name, "DNSSEC, zone is up-to-date"); + update->zone->zonefile.resigned = false; goto done; + } else { + update->zone->zonefile.resigned = true; } if (!(flags & ZONE_SIGN_KEEP_SERIAL) && zone_update_to(update) == NULL) { @@ -297,7 +300,10 @@ if (zone_update_no_change(update) && !soa_changed && !knot_zone_sign_soa_expired(update->new_cont, &keyset, &ctx)) { log_zone_info(zone_name, "DNSSEC, zone is up-to-date"); + update->zone->zonefile.resigned = false; goto done; + } else { + update->zone->zonefile.resigned = true; } if (!soa_changed) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/zone-keys.c new/knot-3.0.7/src/knot/dnssec/zone-keys.c --- old/knot-3.0.6/src/knot/dnssec/zone-keys.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/zone-keys.c 2021-06-16 07:01:57.000000000 +0200 @@ -528,17 +528,19 @@ /*! * \brief Compute DS record rdata from key + cache it. */ -int zone_key_calculate_ds(zone_key_t *for_key, dnssec_binary_t *out_donotfree) +int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype, + dnssec_binary_t *out_donotfree) { assert(for_key); assert(out_donotfree); int ret = KNOT_EOK; - if (for_key->precomputed_ds.data == NULL) { - dnssec_key_digest_t digesttype = DNSSEC_KEY_DIGEST_SHA256; // TODO ! + if (for_key->precomputed_ds.data == NULL || for_key->precomputed_digesttype != digesttype) { + dnssec_binary_free(&for_key->precomputed_ds); ret = dnssec_key_create_ds(for_key->key, digesttype, &for_key->precomputed_ds); ret = knot_error_from_libdnssec(ret); + for_key->precomputed_digesttype = digesttype; } *out_donotfree = for_key->precomputed_ds; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/zone-keys.h new/knot-3.0.7/src/knot/dnssec/zone-keys.h --- old/knot-3.0.6/src/knot/dnssec/zone-keys.h 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/zone-keys.h 2021-06-16 07:01:57.000000000 +0200 @@ -31,6 +31,7 @@ dnssec_key_t *key; dnssec_binary_t precomputed_ds; + dnssec_key_digest_t precomputed_digesttype; knot_time_t next_event; @@ -153,12 +154,14 @@ * * This function caches the results, so caaling again with the same key returns immediately. * - * \param for_key The key to compute DS for. - * \param out_donotfree Output: the DS record rdata. Do not call dnssec_binry_free() on this ever. + * \param for_key The key to compute DS for. + * \param digesttype DS digest algorithm. + * \param out_donotfree Output: the DS record rdata. Do not call dnssec_binry_free() on this ever. * * \return Error code, KNOT_EOK if successful. */ -int zone_key_calculate_ds(zone_key_t *for_key, dnssec_binary_t *out_donotfree); +int zone_key_calculate_ds(zone_key_t *for_key, dnssec_key_digest_t digesttype, + dnssec_binary_t *out_donotfree); /*! * \brief Initialize local signing context. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/dnssec/zone-sign.c new/knot-3.0.7/src/knot/dnssec/zone-sign.c --- old/knot-3.0.6/src/knot/dnssec/zone-sign.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/dnssec/zone-sign.c 2021-06-16 07:01:57.000000000 +0200 @@ -708,13 +708,13 @@ return knot_rrset_add_rdata(rrset, dnskey_rdata.data, dnskey_rdata.size, NULL); } -static int rrset_add_zone_ds(knot_rrset_t *rrset, zone_key_t *zone_key) +static int rrset_add_zone_ds(knot_rrset_t *rrset, zone_key_t *zone_key, dnssec_key_digest_t dt) { assert(rrset); assert(zone_key); dnssec_binary_t cds_rdata = { 0 }; - zone_key_calculate_ds(zone_key, &cds_rdata); + zone_key_calculate_ds(zone_key, dt, &cds_rdata); return knot_rrset_add_rdata(rrset, cds_rdata.data, cds_rdata.size, NULL); } @@ -814,7 +814,7 @@ dynarray_foreach(keyptr, zone_key_t *, ksk_for_cds, kcdnskeys) { ret = rrset_add_zone_key(&add_r->cdnskey, *ksk_for_cds); if (ret == KNOT_EOK) { - ret = rrset_add_zone_ds(&add_r->cds, *ksk_for_cds); + ret = rrset_add_zone_ds(&add_r->cds, *ksk_for_cds, dnssec_ctx->policy->cds_dt); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/journal/journal_metadata.c new/knot-3.0.7/src/knot/journal/journal_metadata.c --- old/knot-3.0.6/src/knot/journal/journal_metadata.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/journal/journal_metadata.c 2021-06-16 07:01:57.000000000 +0200 @@ -131,22 +131,24 @@ free(key.mv_data); } -void update_last_inserter(knot_lmdb_txn_t *txn, const knot_dname_t *new_inserter) +static int64_t last_occupied_diff(knot_lmdb_txn_t *txn) { - uint64_t occupied_now = knot_lmdb_usage(txn), occupied_last = 0, lis_occupied = 0; + uint64_t occupied_now = knot_lmdb_usage(txn), occupied_last = 0; (void)get_metadata64(txn, NULL, "last_total_occupied", &occupied_last); + return (int64_t)occupied_now - (int64_t)occupied_last; +} + +void update_last_inserter(knot_lmdb_txn_t *txn, const knot_dname_t *new_inserter) +{ + uint64_t occupied_now = knot_lmdb_usage(txn), lis_occupied = 0; + int64_t occupied_diff = last_occupied_diff(txn); knot_dname_t *last_inserter = get_metadata(txn, NULL, "last_inserter_zone") ? knot_dname_copy(txn->cur_val.mv_data, NULL) : NULL; - if (occupied_now == occupied_last || last_inserter == NULL) { + if (occupied_diff == 0 || last_inserter == NULL) { goto update_inserter; } (void)get_metadata64(txn, last_inserter, "occupied", &lis_occupied); - if (lis_occupied + occupied_now > occupied_last) { - lis_occupied += occupied_now; - lis_occupied -= occupied_last; - } else { - lis_occupied = 0; - } + lis_occupied = MAX(0, (int64_t)lis_occupied + occupied_diff); set_metadata(txn, last_inserter, "occupied", &lis_occupied, sizeof(lis_occupied), true); update_inserter: @@ -368,6 +370,11 @@ if (occupied != NULL) { *occupied = 0; get_metadata64(&txn, j.zone, "occupied", occupied); + + if (get_metadata(&txn, NULL, "last_inserter_zone") && + knot_dname_is_equal(j.zone, txn.cur_val.mv_data)) { + *occupied = MAX(0, (int64_t)*occupied + last_occupied_diff(&txn)); + } } if (occupied_total != NULL) { *occupied_total = knot_lmdb_usage(&txn); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/journal/journal_read.c new/knot-3.0.7/src/knot/journal/journal_read.c --- old/knot-3.0.6/src/knot/journal/journal_read.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/journal/journal_read.c 2021-06-16 07:01:57.000000000 +0200 @@ -52,7 +52,7 @@ if (!knot_lmdb_find_prefix(&ctx->txn, &ctx->key_prefix)) { return false; } - if (ctx->next == journal_next_serial(&ctx->txn.cur_val)) { + if (!go_zone && ctx->next == journal_next_serial(&ctx->txn.cur_val)) { ctx->txn.ret = KNOT_ELOOP; return false; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/journal/journal_write.c new/knot-3.0.7/src/knot/journal/journal_write.c --- old/knot-3.0.6/src/knot/journal/journal_write.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/journal/journal_write.c 2021-06-16 07:01:57.000000000 +0200 @@ -198,6 +198,7 @@ if (md->flushed_upto != md->serial_to) { journal_try_flush(j, txn, md); } else { + txn->ret = KNOT_ESPACE; break; } } else { @@ -210,6 +211,12 @@ int journal_insert_zone(zone_journal_t j, const zone_contents_t *z) { + changeset_t fake_ch = { .add = (zone_contents_t *)z }; + size_t ch_size = changeset_serialized_size(&fake_ch); + size_t max_usage = journal_conf_max_usage(j); + if (ch_size >= max_usage) { + return KNOT_ESPACE; + } int ret = knot_lmdb_open(j.db); if (ret != KNOT_EOK) { return ret; @@ -267,7 +274,8 @@ md.flags |= JOURNAL_LAST_FLUSHED_VALID; } - journal_fix_occupation(j, &txn, &md, max_usage - ch_size, journal_conf_max_changesets(j) - 1); + size_t chs_limit = journal_conf_max_changesets(j); + journal_fix_occupation(j, &txn, &md, max_usage - ch_size, chs_limit - 1); // avoid discontinuity if ((md.flags & JOURNAL_SERIAL_TO_VALID) && md.serial_to != changeset_from(ch)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/modules/onlinesign/onlinesign.c new/knot-3.0.7/src/knot/modules/onlinesign/onlinesign.c --- old/knot-3.0.6/src/knot/modules/onlinesign/onlinesign.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/modules/onlinesign/onlinesign.c 2021-06-16 07:01:57.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -451,7 +451,7 @@ pthread_rwlock_rdlock(&ctx->signing_mutex); keyptr_dynarray_t kcdnskeys = knot_zone_sign_get_cdnskeys(mod->dnssec, mod->keyset); dynarray_foreach(keyptr, zone_key_t *, ksk_for_cds, kcdnskeys) { - zone_key_calculate_ds(*ksk_for_cds, &rdata); + zone_key_calculate_ds(*ksk_for_cds, mod->dnssec->policy->cds_dt, &rdata); assert(rdata.size > 0 && rdata.data); (void)knot_rrset_add_rdata(ds, rdata.data, rdata.size, mm); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/nameserver/internet.c new/knot-3.0.7/src/knot/nameserver/internet.c --- old/knot-3.0.6/src/knot/nameserver/internet.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/nameserver/internet.c 2021-06-16 07:01:57.000000000 +0200 @@ -41,8 +41,7 @@ assert(qdata); assert(node); - /* Already in the list. */ - if (wildcard_has_visited(qdata, node)) { + if (node->flags & NODE_FLAGS_NONAUTH) { return KNOT_EOK; } @@ -305,6 +304,10 @@ /* Check if is not in wildcard nodes (loop). */ if (wildcard_has_visited(qdata, cname_node)) { qdata->extra->node = NULL; /* Act as if the name leads to nowhere. */ + + if (wildcard_visit(qdata, cname_node, qdata->extra->previous, qdata->name) != KNOT_EOK) { // in case of loop, re-add this cname_node because it might have different qdata->name + return KNOTD_IN_STATE_ERROR; + } return KNOTD_IN_STATE_HIT; } @@ -373,6 +376,9 @@ int next_state = name_found(pkt, qdata); /* Put to wildcard node list. */ + if (wildcard_has_visited(qdata, wildcard_node)) { + return next_state; + } if (wildcard_visit(qdata, wildcard_node, qdata->extra->previous, qdata->name) != KNOT_EOK) { next_state = KNOTD_IN_STATE_ERROR; } @@ -514,9 +520,8 @@ /* RFC4035 3.1.3 Prove visited wildcards. * Wildcard expansion applies for Name Error, Wildcard Answer and - * No Data proofs if at one point the search expanded a wildcard node. - * \note Do not attempt to prove non-authoritative data. */ - if (ret == KNOT_EOK && state != KNOTD_IN_STATE_DELEG) { + * No Data proofs if at one point the search expanded a wildcard node. */ + if (ret == KNOT_EOK) { ret = nsec_prove_wildcards(pkt, qdata); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/nameserver/nsec_proofs.c new/knot-3.0.7/src/knot/nameserver/nsec_proofs.c --- old/knot-3.0.6/src/knot/nameserver/nsec_proofs.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/nameserver/nsec_proofs.c 2021-06-16 07:01:57.000000000 +0200 @@ -479,13 +479,11 @@ * * Then NSEC matching the QNAME must be added into the response and the bitmap * will indicate that the QTYPE doesn't exist. As NSECs for empty non-terminals - * don't exist, the proof for NODATA match on non-terminal is proved as for - * NXDOMAIN. + * don't exist, the proof for NODATA match on non-terminal is proved like + * non-existence of the queried name. * * \see https://tools.ietf.org/html/rfc4035#section-3.1.3.1 - * \see https://tools.ietf.org/html/rfc4035#section-3.1.3.2 (empty non-terminal) * - * \param zone Source zone. * \param match Node matching QNAME. * \param previous Previous node to QNAME in the zone. * \param qdata Query procssing data. @@ -493,15 +491,13 @@ * * \return KNOT_E* */ -static int put_nsec_nodata(const zone_contents_t *zone, - const zone_node_t *match, - const zone_node_t *closest, +static int put_nsec_nodata(const zone_node_t *match, const zone_node_t *previous, knotd_qdata_t *qdata, knot_pkt_t *resp) { if (empty_nonterminal(match)) { - return put_nsec_nxdomain(zone, previous, closest, qdata, resp); + return put_nsec_from_node(nsec_previous(previous), qdata, resp); } else { return put_nsec_from_node(match, qdata, resp); } @@ -566,7 +562,7 @@ if (knot_is_nsec3_enabled(zone)) { return put_nsec3_nodata(qname, zone, node, closest, qdata, resp); } else { - return put_nsec_nodata(zone, node, closest, previous, qdata, resp); + return put_nsec_nodata(node, previous, qdata, resp); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/nameserver/process_query.c new/knot-3.0.7/src/knot/nameserver/process_query.c --- old/knot-3.0.6/src/knot/nameserver/process_query.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/nameserver/process_query.c 2021-06-16 07:01:57.000000000 +0200 @@ -863,8 +863,8 @@ /* Wildcard expansion applies only for answers. */ bool expand = false; if (pkt->current == KNOT_ANSWER) { - /* Expand if RR is wildcard & we didn't query for wildcard. */ - expand = (knot_dname_is_wildcard(rr->owner) && !knot_dname_is_wildcard(qdata->name)); + /* Expand if RR is wildcard. TRICK: if the asterix node is queried directly, we behave like if wildcard would be expanded. It's the same. */ + expand = knot_dname_is_wildcard(rr->owner); } int ret = KNOT_EOK; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/server/udp-handler.c new/knot-3.0.7/src/knot/server/udp-handler.c --- old/knot-3.0.6/src/knot/server/udp-handler.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/server/udp-handler.c 2021-06-16 07:01:57.000000000 +0200 @@ -451,21 +451,10 @@ }; #endif /* ENABLE_XDP */ -static bool is_xdp_iface(const iface_t *iface) +static bool is_xdp_thread(const server_t *server, int thread_id) { - bool is_xdp1 = (iface->fd_xdp_count > 0); - bool is_xdp2 = (iface->fd_udp_count == 0 && iface->fd_tcp_count == 0); - assert(is_xdp1 == is_xdp2); - return is_xdp1 || is_xdp2; -} - -static bool is_xdp_thread(const iface_t *iface_zero, int thread_id) -{ - if (is_xdp_iface(iface_zero)) { // Only XDP interfaces. - return (thread_id >= iface_zero->xdp_first_thread_id); - } else { - return (thread_id >= iface_zero->fd_udp_count + iface_zero->fd_tcp_count); - } + return server->handlers[IO_XDP].size > 0 && + server->handlers[IO_XDP].handler.thread_id[0] <= thread_id; } static int iface_udp_fd(const iface_t *iface, int thread_id, bool xdp_thread, @@ -499,14 +488,15 @@ } } -static unsigned udp_set_ifaces(const iface_t *ifaces, size_t n_ifaces, struct pollfd *fds, +static unsigned udp_set_ifaces(const server_t *server, size_t n_ifaces, struct pollfd *fds, int thread_id, void **xdp_socket) { if (n_ifaces == 0) { return 0; } - bool xdp_thread = is_xdp_thread(ifaces, thread_id); + const iface_t *ifaces = server->ifaces; + bool xdp_thread = is_xdp_thread(server, thread_id); unsigned count = 0; @@ -548,7 +538,7 @@ /* Choose processing API. */ udp_api_t *api = NULL; - if (is_xdp_thread(handler->server->ifaces, thread_id)) { + if (is_xdp_thread(handler->server, thread_id)) { #ifdef ENABLE_XDP api = &xdp_recvmmsg_api; #else @@ -578,7 +568,7 @@ void *xdp_socket = NULL; size_t nifs = handler->server->n_ifaces; struct pollfd fds[nifs]; - unsigned nfds = udp_set_ifaces(handler->server->ifaces, nifs, fds, + unsigned nfds = udp_set_ifaces(handler->server, nifs, fds, thread_id, &xdp_socket); if (nfds == 0) { goto finish; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/knot/updates/zone-update.c new/knot-3.0.7/src/knot/updates/zone-update.c --- old/knot-3.0.6/src/knot/updates/zone-update.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/knot/updates/zone-update.c 2021-06-16 07:01:57.000000000 +0200 @@ -217,6 +217,9 @@ return ret; } log_zone_info(zone->name, "automatic SOA serial increment"); + log_zone_notice(zone->name, "automatic SOA increment is deprecated and will " + "result in error in newer versions, configure " + "'zonefile-load: difference-no-serial' instead"); } update->init_cont = new_cont; @@ -898,22 +901,14 @@ return ret; } - /* Check if the zone was re-signed upon zone load to ensure proper flush - * even if the SOA serial wasn't incremented by re-signing. */ val = conf_zone_get(conf, C_DNSSEC_SIGNING, update->zone->name); - bool dnssec = conf_bool(&val); - - if (dnssec) { - update->zone->zonefile.resigned = true; - - if (zone_is_slave(conf, update->zone)) { - ret = zone_set_lastsigned_serial(update->zone, - zone_contents_serial(update->new_cont)); - if (ret != KNOT_EOK) { - log_zone_warning(update->zone->name, - "unable to save lastsigned serial, " - "future transfers might be broken"); - } + if (conf_bool(&val) && zone_is_slave(conf, update->zone)) { + ret = zone_set_lastsigned_serial(update->zone, + zone_contents_serial(update->new_cont)); + if (ret != KNOT_EOK) { + log_zone_warning(update->zone->name, + "unable to save lastsigned serial, " + "future transfers might be broken"); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/libdnssec/version.h new/knot-3.0.7/src/libdnssec/version.h --- old/knot-3.0.6/src/libdnssec/version.h 2021-05-12 10:32:45.000000000 +0200 +++ new/knot-3.0.7/src/libdnssec/version.h 2021-06-16 07:02:15.000000000 +0200 @@ -18,7 +18,7 @@ #define DNSSEC_VERSION_MAJOR 3 #define DNSSEC_VERSION_MINOR 0 -#define DNSSEC_VERSION_PATCH 0x06 +#define DNSSEC_VERSION_PATCH 0x07 #define DNSSEC_VERSION_HEX ((DNSSEC_VERSION_MAJOR << 16) | \ (DNSSEC_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/libknot/db/db_lmdb.c new/knot-3.0.7/src/libknot/db/db_lmdb.c --- old/knot-3.0.6/src/libknot/db/db_lmdb.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/libknot/db/db_lmdb.c 2021-06-16 07:01:57.000000000 +0200 @@ -497,9 +497,8 @@ { struct lmdb_env *env = txn->db; MDB_val db_key = { key->len, key->data }; - MDB_val data = { 0, NULL }; - int ret = mdb_del(txn->txn, env->dbi, &db_key, &data); + int ret = mdb_del(txn->txn, env->dbi, &db_key, NULL); if (ret != MDB_SUCCESS) { return lmdb_error_to_knot(ret); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/libknot/probe/data.c new/knot-3.0.7/src/libknot/probe/data.c --- old/knot-3.0.6/src/libknot/probe/data.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/libknot/probe/data.c 2021-06-16 07:01:57.000000000 +0200 @@ -23,6 +23,7 @@ #include "libknot/endian.h" #include "libknot/errcode.h" #include "libknot/probe/probe.h" +#include "contrib/macros.h" _public_ int knot_probe_data_set(knot_probe_data_t *data, knot_probe_proto_t proto, @@ -42,10 +43,14 @@ const struct sockaddr_in *da = (struct sockaddr_in *)local_addr; memcpy(data->remote.addr, &sa->sin_addr, sizeof(sa->sin_addr)); + memset(data->remote.addr + sizeof(sa->sin_addr), 0, + sizeof(data->remote.addr) - sizeof(sa->sin_addr)); data->remote.port = be16toh(sa->sin_port); if (da != NULL) { memcpy(data->local.addr, &da->sin_addr, sizeof(da->sin_addr)); + memset(data->local.addr + sizeof(da->sin_addr), 0, + sizeof(data->local.addr) - sizeof(da->sin_addr)); data->local.port = be16toh(da->sin_port); } else { memset(&data->local, 0, sizeof(data->local)); @@ -95,6 +100,7 @@ } } } + data->query_edns.reserved = 0; } else { memset(&data->query_edns, 0, sizeof(data->query_edns)); } @@ -105,6 +111,8 @@ data->query.qtype = knot_pkt_qtype(query); data->query.qname_len = knot_dname_size(knot_pkt_qname(query)); memcpy(data->query.qname, knot_pkt_qname(query), data->query.qname_len); + memset(data->query.qname + data->query.qname_len, 0, + MIN(8, sizeof(data->query.qname) - data->query.qname_len)); return KNOT_EOK; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/libknot/probe/probe.c new/knot-3.0.7/src/libknot/probe/probe.c --- old/knot-3.0.6/src/libknot/probe/probe.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/libknot/probe/probe.c 2021-06-16 07:01:57.000000000 +0200 @@ -123,13 +123,6 @@ probe->consumer = true; -#if defined(__linux__) - if (fchmod(probe->fd, S_IRWXU | S_IRWXG | S_IRWXO) != 0) { - close(probe->fd); - return knot_map_errno(); - } -#endif - (void)unlink(probe->path.sun_path); ret = bind(probe->fd, (const struct sockaddr *)(&probe->path), @@ -138,6 +131,13 @@ return knot_map_errno(); } +#if defined(__linux__) + if (chmod(probe->path.sun_path, S_IRWXU | S_IRWXG | S_IRWXO) != 0) { + close(probe->fd); + return knot_map_errno(); + } +#endif + return KNOT_EOK; } @@ -158,14 +158,14 @@ return KNOT_EINVAL; } - uint8_t diff = KNOT_DNAME_MAXLEN - data->query.qname_len; - if (send(probe->fd, data, sizeof(*data) - diff, 0) == -1) { + size_t used_len = sizeof(*data) - KNOT_DNAME_MAXLEN + data->query.qname_len; + if (send(probe->fd, data, used_len, 0) == -1) { struct timespec now = time_now(); if (now.tv_sec - probe->last_unconn_time > 2) { probe->last_unconn_time = now.tv_sec; if ((errno == ENOTCONN || errno == ECONNREFUSED) && probe_connect(probe) == 0 && - send(probe->fd, data, sizeof(*data), 0) > 0) { + send(probe->fd, data, used_len, 0) > 0) { return KNOT_EOK; } } @@ -210,7 +210,7 @@ if (ret == -1) { return knot_map_errno(); } else if ((pfd.revents & POLLIN) == 0) { - return KNOT_ENOENT; + return 0; } #ifdef ENABLE_RECVMMSG diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/libknot/version.h new/knot-3.0.7/src/libknot/version.h --- old/knot-3.0.6/src/libknot/version.h 2021-05-12 10:32:45.000000000 +0200 +++ new/knot-3.0.7/src/libknot/version.h 2021-06-16 07:02:15.000000000 +0200 @@ -18,7 +18,7 @@ #define KNOT_VERSION_MAJOR 3 #define KNOT_VERSION_MINOR 0 -#define KNOT_VERSION_PATCH 0x06 +#define KNOT_VERSION_PATCH 0x07 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \ (KNOT_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/libzscanner/version.h new/knot-3.0.7/src/libzscanner/version.h --- old/knot-3.0.6/src/libzscanner/version.h 2021-05-12 10:32:45.000000000 +0200 +++ new/knot-3.0.7/src/libzscanner/version.h 2021-06-16 07:02:15.000000000 +0200 @@ -18,7 +18,7 @@ #define ZSCANNER_VERSION_MAJOR 3 #define ZSCANNER_VERSION_MINOR 0 -#define ZSCANNER_VERSION_PATCH 0x06 +#define ZSCANNER_VERSION_PATCH 0x07 #define ZSCANNER_VERSION_HEX ((ZSCANNER_VERSION_MAJOR << 16) | \ (ZSCANNER_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/utils/common/https.c new/knot-3.0.7/src/utils/common/https.c --- old/knot-3.0.6/src/utils/common/https.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/utils/common/https.c 2021-06-16 07:01:57.000000000 +0200 @@ -21,11 +21,14 @@ #include <string.h> #include "contrib/base64url.h" +#include "contrib/macros.h" #include "contrib/url-parser/url_parser.h" #include "libknot/errcode.h" #include "utils/common/https.h" #include "utils/common/msg.h" +#define is_read(ctx) (ctx->stream == -1) + int https_params_copy(https_params_t *dst, const https_params_t *src) { if (dst == NULL || src == NULL) { @@ -137,8 +140,7 @@ ssize_t ret = 0; while ((ret = gnutls_record_recv(ctx->tls->session, data, length)) <= 0) { - if (!ctx->read) { //Unblock `nghttp2_session_recv(nghttp2_session)` - ctx->read = true; + if (is_read(ctx)) { //Unblock `nghttp2_session_recv(nghttp2_session)` return NGHTTP2_ERR_WOULDBLOCK; } if (ret == 0) { @@ -164,9 +166,20 @@ https_ctx_t *ctx = (https_ctx_t *)user_data; if (ctx->stream == stream_id) { - memcpy(ctx->recv_buf, data, len); - ctx->recv_buflen = len; - ctx->read = false; + int cpy_len = MIN(len, ctx->recv_buflen); + memcpy(ctx->recv_buf, data, cpy_len); + ctx->recv_buf += cpy_len; + ctx->recv_buflen -= cpy_len; + } + return KNOT_EOK; +} + +static int https_on_stream_close_callback(nghttp2_session *session, int32_t stream_id, uint32_t error_code, void *user_data) +{ + assert(user_data); + + https_ctx_t *ctx = (https_ctx_t *)user_data; + if (ctx->stream == stream_id) { ctx->stream = -1; } return KNOT_EOK; @@ -236,6 +249,7 @@ nghttp2_session_callbacks_set_recv_callback(callbacks, https_recv_callback); nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks, https_on_data_chunk_recv_callback); nghttp2_session_callbacks_set_on_header_callback(callbacks, https_on_header_callback); + nghttp2_session_callbacks_set_on_stream_close_callback(callbacks, https_on_stream_close_callback); int ret = nghttp2_session_client_new(&(ctx->session), callbacks, ctx); if (ret != 0) { @@ -252,7 +266,7 @@ ctx->params = *params; ctx->authority = (tls_ctx->params->hostname) ? strdup(tls_ctx->params->hostname) : NULL; ctx->path = strdup((ctx->params.path) ? ctx->params.path : (char *)default_path); - ctx->read = true; + ctx->stream = -1; return KNOT_EOK; } @@ -404,6 +418,23 @@ return KNOT_EOK; } +static int https_send_dns_query_common(https_ctx_t *ctx, nghttp2_nv *hdrs, size_t hdrs_len, nghttp2_data_provider *data_provider) +{ + assert(hdrs != NULL && hdrs_len > 0); + + ctx->stream = nghttp2_submit_request(ctx->session, NULL, hdrs, hdrs_len, + data_provider, NULL); + if (ctx->stream < 0) { + return KNOT_NET_ESEND; + } + int ret = nghttp2_session_send(ctx->session); + if (ret != 0) { + return KNOT_NET_ESEND; + } + + return KNOT_EOK; +} + static int https_send_dns_query_get(https_ctx_t *ctx) { const size_t dns_query_len = strlen(ctx->path) + @@ -428,18 +459,8 @@ MAKE_STATIC_NV("accept", "application/dns-message"), }; - ctx->stream = nghttp2_submit_request(ctx->session, NULL, hdrs, - sizeof(hdrs) / sizeof(*hdrs), - NULL, NULL); - if (ctx->stream < 0) { - return KNOT_NET_ESEND; - } - ret = nghttp2_session_send(ctx->session); - if (ret != 0) { - return KNOT_NET_ESEND; - } - - return KNOT_EOK; + return https_send_dns_query_common(ctx, hdrs, sizeof(hdrs) / sizeof(*hdrs), + NULL); } static ssize_t https_send_data_callback(nghttp2_session *session, int32_t stream_id, @@ -485,18 +506,8 @@ .read_callback = https_send_data_callback }; - ctx->stream = nghttp2_submit_request(ctx->session, NULL, hdrs, - sizeof(hdrs) / sizeof(nghttp2_nv), - &data_provider, NULL); - if (ctx->stream < 0) { - return KNOT_NET_ESEND; - } - int ret = nghttp2_session_send(ctx->session); - if (ret != 0) { - return KNOT_NET_ESEND; - } - - return KNOT_EOK; + return https_send_dns_query_common(ctx, hdrs, sizeof(hdrs) / sizeof(*hdrs), + &data_provider); } int https_send_dns_query(https_ctx_t *ctx, const uint8_t *buf, const size_t buf_len) @@ -532,7 +543,6 @@ pthread_mutex_unlock(&ctx->recv_mx); return KNOT_NET_ERECV; } - ctx->recv_buf = NULL; pthread_mutex_unlock(&ctx->recv_mx); @@ -542,7 +552,8 @@ return KNOT_NET_ERECV; } - return ctx->recv_buflen; + assert(buf_len >= ctx->recv_buflen); + return buf_len - ctx->recv_buflen; } void https_ctx_deinit(https_ctx_t *ctx) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/utils/common/https.h new/knot-3.0.7/src/utils/common/https.h --- old/knot-3.0.6/src/utils/common/https.h 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/utils/common/https.h 2021-06-16 07:01:57.000000000 +0200 @@ -74,7 +74,6 @@ // Recv locks pthread_mutex_t recv_mx; - bool read; int32_t stream; } https_ctx_t; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/utils/keymgr/functions.c new/knot-3.0.7/src/utils/keymgr/functions.c --- old/knot-3.0.6/src/utils/keymgr/functions.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/utils/keymgr/functions.c 2021-06-16 07:01:57.000000000 +0200 @@ -124,6 +124,7 @@ algnames[DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256] = "ecdsap256sha256"; algnames[DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384] = "ecdsap384sha384"; algnames[DNSSEC_KEY_ALGORITHM_ED25519] = "ed25519"; + algnames[DNSSEC_KEY_ALGORITHM_ED448] = "ed448"; // parse args for (int i = 0; i < argc; i++) { @@ -215,12 +216,13 @@ gen_timing.ready = gen_timing.active; } - if (keysize > 0) { - if ((flags & DNSKEY_GENERATE_KSK)) { - ctx->policy->ksk_size = keysize; - } else { - ctx->policy->zsk_size = keysize; - } + if (keysize == 0) { + keysize = dnssec_algorithm_key_size_default(ctx->policy->algorithm); + } + if ((flags & DNSKEY_GENERATE_KSK)) { + ctx->policy->ksk_size = keysize; + } else { + ctx->policy->zsk_size = keysize; } for (size_t i = 0; i < ctx->zone->num_keys; i++) { @@ -623,11 +625,11 @@ return ret; } -int keymgr_serial_print(kdnssec_ctx_t *ctx) +int keymgr_serial_print(kdnssec_ctx_t *ctx, kaspdb_serial_t type) { uint32_t serial = 0; int ret = kasp_db_load_serial(ctx->kasp_db, ctx->zone->dname, - KASPDB_SERIAL_LASTSIGNED, &serial); + type, &serial); switch (ret) { case KNOT_EOK: printf("Current serial: %u\n", serial); @@ -640,10 +642,10 @@ return ret; } -int keymgr_serial_set(kdnssec_ctx_t *ctx, uint32_t new_serial) +int keymgr_serial_set(kdnssec_ctx_t *ctx, kaspdb_serial_t type, uint32_t new_serial) { return kasp_db_store_serial(ctx->kasp_db, ctx->zone->dname, - KASPDB_SERIAL_LASTSIGNED, new_serial); + type, new_serial); } static void print_tsig(dnssec_tsig_algorithm_t mac, const char *name, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/utils/keymgr/functions.h new/knot-3.0.7/src/utils/keymgr/functions.h --- old/knot-3.0.6/src/utils/keymgr/functions.h 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/utils/keymgr/functions.h 2021-06-16 07:01:57.000000000 +0200 @@ -36,9 +36,9 @@ int keymgr_nsec3_salt_set(kdnssec_ctx_t *ctx, const char *new_salt); -int keymgr_serial_print(kdnssec_ctx_t *ctx); +int keymgr_serial_print(kdnssec_ctx_t *ctx, kaspdb_serial_t type); -int keymgr_serial_set(kdnssec_ctx_t *ctx, uint32_t new_serial); +int keymgr_serial_set(kdnssec_ctx_t *ctx, kaspdb_serial_t type, uint32_t new_serial); int keymgr_generate_tsig(const char *tsig_name, const char *alg_name, int bits); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/src/utils/keymgr/main.c new/knot-3.0.7/src/utils/keymgr/main.c --- old/knot-3.0.6/src/utils/keymgr/main.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/src/utils/keymgr/main.c 2021-06-16 07:01:57.000000000 +0200 @@ -64,10 +64,13 @@ " import-pkcs11 Import key stored in PKCS11 storage. Specify its parameters manually.\n" " (syntax: import-pkcs11 <key_id> <attribute_name>=<value>...)\n" " nsec3-salt Print current NSEC3 salt. If a parameter is specified, set new salt.\n" - " (syntax: nsec3salt [<new_salt>])\n" + " (syntax: nsec3-salt [<new_salt>])\n" " local-serial Print SOA serial stored in KASP database when using on-slave signing.\n" " If a parameter is specified, set new serial.\n" - " (syntax: serial <new_serial>)\n" + " (syntax: local-serial <new_serial>)\n" + " master-serial Print SOA serial of the remote master stored in KASP database when using on-slave signing.\n" + " If a parameter is specified, set new master serial.\n" + " (syntax: master-serial <new_serial>)\n" " ds Generate DS record(s) for specified key.\n" " (syntax: ds <key_spec>)\n" " dnskey Generate DNSKEY record for specified key.\n" @@ -171,14 +174,15 @@ ret = keymgr_nsec3_salt_print(&kctx); print_ok_on_succes = false; } - } else if (strcmp(argv[1], "local-serial") == 0) { + } else if (strcmp(argv[1], "local-serial") == 0 || strcmp(argv[1], "master-serial") == 0 ) { + kaspdb_serial_t type = (argv[1][0] == 'm' ? KASPDB_SERIAL_MASTER : KASPDB_SERIAL_LASTSIGNED); if (argc > 2) { uint32_t new_serial = 0; if ((ret = str_to_u32(argv[2], &new_serial)) == KNOT_EOK) { - ret = keymgr_serial_set(&kctx, new_serial); + ret = keymgr_serial_set(&kctx, type, new_serial); } } else { - ret = keymgr_serial_print(&kctx); + ret = keymgr_serial_print(&kctx, type); print_ok_on_succes = false; } } else if (strcmp(argv[1], "set") == 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/tests/contrib/test_net.c new/knot-3.0.7/tests/contrib/test_net.c --- old/knot-3.0.6/tests/contrib/test_net.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/tests/contrib/test_net.c 2021-06-16 07:01:57.000000000 +0200 @@ -53,7 +53,7 @@ struct sockaddr_storage addr = { 0 }; socklen_t len = sizeof(addr); int ret = getsockname(sock, (struct sockaddr *)&addr, &len); - ok(ret == 0, "check getsockname return"); + is_int(0, ret, "check getsockname return"); return addr; } @@ -222,7 +222,7 @@ } else { r = net_dgram_send(client, out, out_len, NULL); } - ok(r == out_len, "%s, %s: client, send message", name, addr_name); + is_int(out_len, r, "%s, %s: client, send message", name, addr_name); r = net_is_connected(client); ok(r, "%s, %s: client, is connected", name, addr_name); @@ -233,8 +233,8 @@ } else { r = net_dgram_recv(client, in, sizeof(in), TIMEOUT); } - ok(r == out_len && memcmp(out, in, out_len) == 0, - "%s, %s: client, receive message", name, addr_name); + is_int(out_len, r, "%s, %s: client, receive message length", name, addr_name); + ok(memcmp(out, in, out_len) == 0, "%s, %s: client, receive message", name, addr_name); close(client); } @@ -254,7 +254,7 @@ if (socktype_is_stream(type)) { r = listen(server, LISTEN_BACKLOG); - ok(r == 0, "%s: server, start listening", name); + is_int(0, r, "%s: server, start listening", name); } server_ctx_t server_ctx = { 0 }; @@ -305,14 +305,14 @@ ok(!net_is_connected(sock), "UDP, is not connected"); r = net_dgram_send(sock, buffer, buffer_len, NULL); - ok(r == KNOT_ECONN, "UDP, send failure on unconnected socket"); + is_int(KNOT_ECONN, r, "UDP, send failure on unconnected socket"); r = net_dgram_recv(sock, buffer, buffer_len, TIMEOUT_SHORT); - ok(r == KNOT_ETIMEOUT, "UDP, receive timeout on unconnected socket"); + is_int(KNOT_ETIMEOUT, r, "UDP, receive timeout on unconnected socket"); struct sockaddr_storage server_addr = addr_from_socket(server); r = net_dgram_send(sock, buffer, buffer_len, &server_addr); - ok(r == buffer_len, "UDP, send on defined address"); + is_int(buffer_len, r, "UDP, send on defined address"); close(sock); @@ -334,10 +334,10 @@ #endif r = net_stream_send(sock, buffer, buffer_len, expected_timeout); - ok(r == expected, "TCP, send %s on unconnected socket", expected_msg); + is_int(expected, r, "TCP, send %s on unconnected socket", expected_msg); r = net_stream_recv(sock, buffer, sizeof(buffer), expected_timeout); - ok(r == expected, "TCP, receive %s on unconnected socket", expected_msg); + is_int(expected, r, "TCP, receive %s on unconnected socket", expected_msg); close(sock); @@ -363,16 +363,16 @@ addr = addr_from_socket(server); r = listen(server, LISTEN_BACKLOG); - ok(r == 0, "server, start listening"); + is_int(0, r, "server, start listening"); client = net_connected_socket(SOCK_STREAM, &addr, NULL); ok(client >= 0, "client, connect"); r = net_stream_send(client, (uint8_t *)"", 1, TIMEOUT); - ok(r == 1, "client, successful write"); + is_int(1, r, "client, successful write"); r = net_stream_recv(client, buffer, sizeof(buffer), TIMEOUT_SHORT); - ok(r == KNOT_ETIMEOUT, "client, timeout on read"); + is_int(KNOT_ETIMEOUT, r, "client, timeout on read"); close(client); @@ -382,10 +382,10 @@ ok(client >= 0, "client, connect"); r = close(server); - ok(r == 0, "server, close socket"); + is_int(0, r, "server, close socket"); r = net_stream_send(client, (uint8_t *)"", 1, TIMEOUT); - ok(r == KNOT_ECONN, "client, refused on write"); + is_int(KNOT_ECONN, r, "client, refused on write"); close(client); } @@ -502,7 +502,7 @@ ok(server >= 0, "%s, server, create socket", t->name); int r = listen(server, LISTEN_BACKLOG); - ok(r == 0, "%s, server, start listening", t->name); + is_int(0, r, "%s, server, start listening", t->name); server_ctx_t server_ctx = { 0 }; r = server_start(&server_ctx, server, SOCK_STREAM, handler_dns, &handler_ctx); @@ -545,7 +545,7 @@ if (socktype_is_stream(type)) { int r = listen(server, LISTEN_BACKLOG); - ok(r == 0, "%s: bound, start listening", name); + is_int(0, r, "%s: bound, start listening", name); } struct sockaddr_storage server_addr = addr_from_socket(server); @@ -569,7 +569,7 @@ ok(server >= 0, "server, create socket"); r = listen(server, LISTEN_BACKLOG); - ok(r == 0, "server, start listening"); + is_int(0, r, "server, start listening"); addr_server = addr_from_socket(server); @@ -583,7 +583,7 @@ // accept connection r = poll_read(server); - ok(r == 1, "server, pending connection"); + is_int(1, r, "server, pending connection"); struct sockaddr_storage addr_accepted = { 0 }; int accepted = net_accept(server, &addr_accepted); @@ -603,7 +603,7 @@ ok(client >= 0, "client, reconnect"); r = poll_read(server); - ok(r == 1, "server, pending connection"); + is_int(1, r, "server, pending connection"); accepted = net_accept(server, NULL); ok(accepted >= 0, "server, accept connection (no remote address)"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.6/tests/knot/test_journal.c new/knot-3.0.7/tests/knot/test_journal.c --- old/knot-3.0.6/tests/knot/test_journal.c 2021-05-12 10:32:13.000000000 +0200 +++ new/knot-3.0.7/tests/knot/test_journal.c 2021-06-16 07:01:57.000000000 +0200 @@ -46,14 +46,15 @@ static void set_conf(int zonefile_sync, size_t journal_usage, const knot_dname_t *apex) { + (void)apex; char conf_str[512]; snprintf(conf_str, sizeof(conf_str), - "zone:\n" - " - domain: %s\n" + "template:\n" + " - id: default\n" " zonefile-sync: %d\n" - " max-journal-usage: %zu\n" - " max-journal-depth: 1000\n", - (const char *)(apex + 1), zonefile_sync, journal_usage); + " journal-max-usage: %zu\n" + " journal-max-depth: 1000\n", + zonefile_sync, journal_usage); int ret = test_conf(conf_str, NULL); (void)ret; assert(ret == KNOT_EOK); @@ -456,6 +457,73 @@ unset_conf(); } +static void test_size_control(const knot_dname_t *zone1, const knot_dname_t *zone2) +{ + set_conf(-1, 100 * 1024, zone1); + + zone_journal_t jj2 = { &jdb, zone2 }; + changeset_t *small_ch2 = changeset_new(zone2); + init_random_changeset(small_ch2, 1, 2, 100, zone2, false); + int ret = journal_insert(jj2, small_ch2, NULL); + is_int(KNOT_EOK, ret, "journal: storing small changeset must be ok"); + + changeset_t *big_zij = changeset_new(zone1); + init_random_changeset(big_zij, 0, 1, 1200, zone1, true); + zone_node_t *n = NULL; + zone_contents_add_rr(big_zij->add, big_zij->soa_to, &n); + ret = journal_insert_zone(jj, big_zij->add); + is_int(KNOT_EOK, ret, "journal: store big zone-in-journal"); + + changeset_t *big_ch2 = changeset_new(zone2); + init_random_changeset(big_ch2, 2, 3, 750, zone2, false); + ret = journal_insert(jj2, big_ch2, NULL); + is_int(KNOT_EOK, ret, "journal: second zone is not affected by storing big zij of other zone"); + + journal_read_t *read = NULL; + list_t l; + init_list(&l); + changeset_t *medium_ch1 = changeset_new(zone1); + init_random_changeset(medium_ch1, 1, 2, 300, zone1, false); + ret = journal_insert(jj, medium_ch1, NULL); + is_int(KNOT_EOK, ret, "journal: storing medium changeset must be ok"); + ret = load_j_list(&jj, true, 0, &read, &l); + is_int(KNOT_EOK, ret, "journal: load zone-in-journal (%s)", knot_strerror(ret)); + is_int(2, list_size(&l), "journal: read two changesets from journal"); + changesets_free(&l); + journal_read_end(read); + + changeset_t *small_ch1 = changeset_new(zone1); + init_random_changeset(small_ch1, 2, 3, 100, zone1, false); + ret = journal_insert(jj, small_ch1, NULL); + is_int(KNOT_EOK, ret, "journal: storing small changeset must be ok"); + ret = load_j_list(&jj, true, 0, &read, &l); + is_int(KNOT_EOK, ret, "journal: load zone-in-journal (%s)", knot_strerror(ret)); + is_int(2, list_size(&l), "journal: previous chs merged into zone-in-journal due to size limits"); + changesets_free(&l); + journal_read_end(read); + + changeset_t *medium_ch1b = changeset_new(zone1); + init_random_changeset(medium_ch1b, 3, 4, 300, zone1, false); + ret = journal_insert(jj, medium_ch1b, NULL); + is_int(KNOT_ESPACE, ret, "journal: not able to free space for changeset by merging"); + + changeset_t *too_big_zij = changeset_new(zone1); + init_random_changeset(too_big_zij, 0, 1, 2200, zone1, true); + zone_contents_add_rr(too_big_zij->add, too_big_zij->soa_to, &n); + ret = journal_insert_zone(jj, too_big_zij->add); + is_int(KNOT_ESPACE, ret, "journal: store too big zone-in-journal"); + + changeset_free(big_ch2); + changeset_free(big_zij); + changeset_free(too_big_zij); + changeset_free(small_ch2); + changeset_free(small_ch1); + changeset_free(medium_ch1); + changeset_free(medium_ch1b); + + unset_conf(); +} + const uint8_t *rdA = (const uint8_t *) "\x01\x02\x03\x04"; const uint8_t *rdB = (const uint8_t *) "\x01\x02\x03\x05"; const uint8_t *rdC = (const uint8_t *) "\x01\x02\x03\x06"; @@ -783,6 +851,7 @@ plan_lazy(); const knot_dname_t *apex = (const uint8_t *)"\4test"; + const knot_dname_t *apex2 = (const uint8_t *)"\4ufoo"; test_dir_name = test_mkdtemp(); @@ -790,6 +859,8 @@ test_store_load(apex); + test_size_control(apex, apex2); + test_merge(apex); test_stress(apex);
