Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package knot for openSUSE:Factory checked in at 2022-04-06 21:51:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/knot (Old) and /work/SRC/openSUSE:Factory/.knot.new.1900 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "knot" Wed Apr 6 21:51:57 2022 rev:10 rq:967254 version:3.1.7 Changes: -------- --- /work/SRC/openSUSE:Factory/knot/knot.changes 2022-02-15 23:58:17.788380874 +0100 +++ /work/SRC/openSUSE:Factory/.knot.new.1900/knot.changes 2022-04-06 21:52:31.514859299 +0200 @@ -1,0 +2,6 @@ +Wed Mar 30 08:25:50 UTC 2022 - Michal Hrusecky <[email protected]> + +- update to version 3.1.7, see: + https://www.knot-dns.cz/2022-03-30-version-317.html + +------------------------------------------------------------------- Old: ---- knot-3.1.6.tar.xz knot-3.1.6.tar.xz.asc New: ---- knot-3.1.7.tar.xz knot-3.1.7.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ knot.spec ++++++ --- /var/tmp/diff_new_pack.mDbtLg/_old 2022-04-06 21:52:32.166851859 +0200 +++ /var/tmp/diff_new_pack.mDbtLg/_new 2022-04-06 21:52:32.174851767 +0200 @@ -35,7 +35,7 @@ %{?systemd_requires} %endif Name: knot -Version: 3.1.6 +Version: 3.1.7 Release: 0 Summary: An authoritative DNS daemon License: GPL-3.0-or-later ++++++ knot-3.1.6.tar.xz -> knot-3.1.7.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/NEWS new/knot-3.1.7/NEWS --- old/knot-3.1.6/NEWS 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/NEWS 2022-03-30 07:58:54.000000000 +0200 @@ -1,3 +1,31 @@ +Knot DNS 3.1.7 (2022-03-30) +=========================== + +Features: +--------- + - knotd: new configuration items for restricting minimum and maximum zone expire + and retry intervals (see 'zone.expire-min-interval', 'zone.expire-max-interval', + 'zone.retry-min-interval', 'zone.retry-max-interval') #785 + - knotc: added catalog information to zone status + +Improvements: +------------- + - knotd: better warning message if SOA serial comparison failed when loading from zone file + - knotc: zone status shows all zone events when frozen + - keymgr: better error message is returned when importing SKR with insufficient permissions + - kdig: transfer status is also printed if failed + +Bugfixes: +--------- + - knotd: incomplete implementation of the Offline KSK mode in the IXFR and DDNS processing + - knotd: catalog zone accepts duplicate members via UPDATE #786 + - knotd: server crashes if catalog database contains orphaned member zones + - knotd: old journal is scraped when restoring just the zone file + - knotd: some planned zone events can be lost during server reload + - knotd: frozen zone gets thawed during server reload + - knsupdate: missing section names in the show output + - knsupdate: inappropriate log message if called from a script + Knot DNS 3.1.6 (2022-02-08) =========================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/configure new/knot-3.1.7/configure --- old/knot-3.1.6/configure 2022-02-08 11:51:16.000000000 +0100 +++ new/knot-3.1.7/configure 2022-03-30 07:59:03.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for knot 3.1.6. +# Generated by GNU Autoconf 2.69 for knot 3.1.7. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='knot' PACKAGE_TARNAME='knot' -PACKAGE_VERSION='3.1.6' -PACKAGE_STRING='knot 3.1.6' +PACKAGE_VERSION='3.1.7' +PACKAGE_STRING='knot 3.1.7' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1562,7 +1562,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures knot 3.1.6 to adapt to many kinds of systems. +\`configure' configures knot 3.1.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1633,7 +1633,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of knot 3.1.6:";; + short | recursive ) echo "Configuration of knot 3.1.7:";; esac cat <<\_ACEOF @@ -1872,7 +1872,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -knot configure 3.1.6 +knot configure 3.1.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2287,7 +2287,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by knot $as_me 3.1.6, which was +It was created by knot $as_me 3.1.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3148,7 +3148,7 @@ # Define the identity of the package. PACKAGE='knot' - VERSION='3.1.6' + VERSION='3.1.7' cat >>confdefs.h <<_ACEOF @@ -4912,7 +4912,7 @@ KNOT_VERSION_MINOR=1 -KNOT_VERSION_PATCH=6 +KNOT_VERSION_PATCH=7 # Store ./configure parameters and CFLAGS @@ -19467,7 +19467,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by knot $as_me 3.1.6, which was +This file was extended by knot $as_me 3.1.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19533,7 +19533,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -knot config.status 3.1.6 +knot config.status 3.1.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/configure.ac new/knot-3.1.7/configure.ac --- old/knot-3.1.6/configure.ac 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/configure.ac 2022-03-30 07:58:54.000000000 +0200 @@ -2,7 +2,7 @@ m4_define([knot_VERSION_MAJOR], 3)dnl m4_define([knot_VERSION_MINOR], 1)dnl -m4_define([knot_VERSION_PATCH], 6)dnl Leave empty if the master branch! +m4_define([knot_VERSION_PATCH], 7)dnl Leave empty if the master branch! m4_include([m4/knot-version.m4]) AC_INIT([knot], [knot_PKG_VERSION], [[email protected]]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/pkg/deb/copyright new/knot-3.1.7/distro/pkg/deb/copyright --- old/knot-3.1.6/distro/pkg/deb/copyright 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/distro/pkg/deb/copyright 2022-03-30 07:58:54.000000000 +0200 @@ -4,11 +4,11 @@ Source: https://secure.nic.cz/files/knot-dns/ Files: * -Copyright: 2011-2021 CZ.NIC, z.s.p.o. <[email protected]> +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <[email protected]> License: GPL-3+ Files: m4/* -Copyright: 2011-2021 CZ.NIC, z.s.p.o. <[email protected]> +Copyright: 2011-2022 CZ.NIC, z.s.p.o. <[email protected]> 1996-2001, 2003-2015 Free Software Foundation, Inc. License: GPL-3+ @@ -18,7 +18,7 @@ Files: debian/* distro/pkg/deb/* Copyright: 2011 Ond??ej Sur?? <[email protected]> - 2011-2021 CZ.NIC, z.s.p.o. <[email protected]> + 2011-2022 CZ.NIC, z.s.p.o. <[email protected]> License: GPL-3+ Files: tests/tap/* @@ -32,7 +32,7 @@ Files: src/contrib/dnstap/* Copyright: 2014, Farsight Security, Inc. <[email protected]> - 2011-2021 CZ.NIC, z.s.p.o. <[email protected]> + 2011-2022 CZ.NIC, z.s.p.o. <[email protected]> License: GPL-3+ Files: src/contrib/libbpf/* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/tests/ansible-roles/knot_dns/vars/Rocky.yaml new/knot-3.1.7/distro/tests/ansible-roles/knot_dns/vars/Rocky.yaml --- old/knot-3.1.6/distro/tests/ansible-roles/knot_dns/vars/Rocky.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/knot-3.1.7/distro/tests/ansible-roles/knot_dns/vars/Rocky.yaml 2022-03-30 07:58:54.000000000 +0200 @@ -0,0 +1,5 @@ +--- +show_package_version: rpm -qi knot | grep '^Version' +packages: + - knot + - knot-utils diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml new/knot-3.1.7/distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml --- old/knot-3.1.6/distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/knot-3.1.7/distro/tests/ansible-roles/obs_repos/tasks/Rocky.yaml 2022-03-30 07:58:54.000000000 +0200 @@ -0,0 +1,12 @@ +--- +- name: Install EPEL + yum: + name: epel-release + state: present + +- name: Download repo file(s) + get_url: + url: "{{ obs_repofile_url }}" + dest: /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo + mode: 0644 + with_items: "{{ repos }}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml new/knot-3.1.7/distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml --- old/knot-3.1.6/distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/knot-3.1.7/distro/tests/ansible-roles/obs_repos/vars/Rocky.yaml 2022-03-30 07:58:54.000000000 +0200 @@ -0,0 +1,2 @@ +--- +obs_repo_version: "CentOS_{{ ansible_distribution_major_version }}_EPEL" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/tests/centos8/Vagrantfile new/knot-3.1.7/distro/tests/centos8/Vagrantfile --- old/knot-3.1.6/distro/tests/centos8/Vagrantfile 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/distro/tests/centos8/Vagrantfile 1970-01-01 01:00:00.000000000 +0100 @@ -1,30 +0,0 @@ -# SPDX-License-Identifier: GPL-3.0-or-later -# -*- mode: ruby -*- -# vi: set ft=ruby : -# - -Vagrant.configure(2) do |config| - - config.vm.box = "centos/8" - config.vm.synced_folder ".", "/vagrant", disabled: true - - config.vm.define "centos8_knot-dns" do |machine| - machine.vm.provision "ansible" do |ansible| - ansible.playbook = "../knot-dns-pkgtest.yaml" - ansible.extra_vars = { - ansible_python_interpreter: "/usr/libexec/platform-python" - } - end - end - - config.vm.provider :libvirt do |libvirt| - libvirt.cpus = 1 - libvirt.memory = 1024 - end - - config.vm.provider :virtualbox do |vbox| - vbox.cpus = 1 - vbox.memory = 1024 - end - -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/tests/centos8/ansible.cfg new/knot-3.1.7/distro/tests/centos8/ansible.cfg --- old/knot-3.1.6/distro/tests/centos8/ansible.cfg 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/distro/tests/centos8/ansible.cfg 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +0,0 @@ -[defaults] - -# additional paths to search for roles in, colon separated -roles_path = ../ansible-roles -interpreter_python = auto -stdout_callback=debug diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/tests/rocky8/Vagrantfile new/knot-3.1.7/distro/tests/rocky8/Vagrantfile --- old/knot-3.1.6/distro/tests/rocky8/Vagrantfile 1970-01-01 01:00:00.000000000 +0100 +++ new/knot-3.1.7/distro/tests/rocky8/Vagrantfile 2022-03-30 07:58:54.000000000 +0200 @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +# -*- mode: ruby -*- +# vi: set ft=ruby : +# + +Vagrant.configure(2) do |config| + + config.vm.box = "generic/rocky8" + config.vm.synced_folder ".", "/vagrant", disabled: true + + config.vm.define "rocky8_knot-dns" do |machine| + machine.vm.provision "ansible" do |ansible| + ansible.playbook = "../knot-dns-pkgtest.yaml" + ansible.extra_vars = { + ansible_python_interpreter: "/usr/libexec/platform-python" + } + end + end + + config.vm.provider :libvirt do |libvirt| + libvirt.cpus = 1 + libvirt.memory = 1024 + end + + config.vm.provider :virtualbox do |vbox| + vbox.cpus = 1 + vbox.memory = 1024 + end + +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/distro/tests/rocky8/ansible.cfg new/knot-3.1.7/distro/tests/rocky8/ansible.cfg --- old/knot-3.1.6/distro/tests/rocky8/ansible.cfg 1970-01-01 01:00:00.000000000 +0100 +++ new/knot-3.1.7/distro/tests/rocky8/ansible.cfg 2022-03-30 07:58:54.000000000 +0200 @@ -0,0 +1,6 @@ +[defaults] + +# additional paths to search for roles in, colon separated +roles_path = ../ansible-roles +interpreter_python = auto +stdout_callback=debug diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/doc/Makefile.in new/knot-3.1.7/doc/Makefile.in --- old/knot-3.1.6/doc/Makefile.in 2022-02-08 11:51:17.000000000 +0100 +++ new/knot-3.1.7/doc/Makefile.in 2022-03-30 07:59:04.000000000 +0200 @@ -712,14 +712,14 @@ @HAVE_DOCS_FALSE@info-local: @HAVE_MAKEINFO_FALSE@info-local: @HAVE_SPHINXBUILD_FALSE@info-local: -@HAVE_DOCS_FALSE@install-html-local: -@HAVE_SPHINXBUILD_FALSE@install-html-local: -@HAVE_DOCS_FALSE@install-pdf-local: -@HAVE_PDFLATEX_FALSE@install-pdf-local: -@HAVE_SPHINXBUILD_FALSE@install-pdf-local: @HAVE_DOCS_FALSE@pdf-local: @HAVE_PDFLATEX_FALSE@pdf-local: @HAVE_SPHINXBUILD_FALSE@pdf-local: +@HAVE_DOCS_FALSE@install-pdf-local: +@HAVE_PDFLATEX_FALSE@install-pdf-local: +@HAVE_SPHINXBUILD_FALSE@install-pdf-local: +@HAVE_DOCS_FALSE@install-html-local: +@HAVE_SPHINXBUILD_FALSE@install-html-local: @HAVE_DOCS_FALSE@html-local: @HAVE_SPHINXBUILD_FALSE@html-local: @HAVE_DOCS_FALSE@install-info-local: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/doc/man/knot.conf.5in new/knot-3.1.7/doc/man/knot.conf.5in --- old/knot-3.1.6/doc/man/knot.conf.5in 2022-02-08 11:51:34.000000000 +0100 +++ new/knot-3.1.7/doc/man/knot.conf.5in 2022-03-30 07:59:21.000000000 +0200 @@ -1751,6 +1751,10 @@ serial\-policy: increment | unixtime | dateserial refresh\-min\-interval: TIME refresh\-max\-interval: TIME + retry\-min\-interval: TIME + retry\-max\-interval: TIME + expire\-min\-interval: TIME + expire\-max\-interval: TIME catalog\-role: none | interpret | generate | member catalog\-template: template_id ... catalog\-zone: DNAME @@ -2084,12 +2088,32 @@ \fIDefault:\fP increment .SS refresh\-min\-interval .sp -Forced minimum zone refresh interval to avoid flooding primary server. +Forced minimum zone refresh interval (in seconds) to avoid flooding primary server. .sp -\fIDefault:\fP 2 +\fIDefault:\fP 2 (minimum allowed) .SS refresh\-max\-interval .sp -Forced maximum zone refresh interval. +Forced maximum zone refresh interval (in seconds). +.sp +\fIDefault:\fP not set +.SS retry\-min\-interval +.sp +Forced minimum zone retry interval (in seconds) to avoid flooding primary server. +.sp +\fIDefault:\fP 1 (minimum allowed) +.SS retry\-max\-interval +.sp +Forced maximum zone retry interval (in seconds). +.sp +\fIDefault:\fP not set +.SS expire\-min\-interval +.sp +Forced minimum zone expire interval (in seconds) to avoid flooding primary server. +.sp +\fIDefault:\fP 3 (minimum allowed) +.SS expire\-max\-interval +.sp +Forced maximum zone expire interval (in seconds). .sp \fIDefault:\fP not set .SS catalog\-role diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/doc/man/knotc.8in new/knot-3.1.7/doc/man/knotc.8in --- old/knot-3.1.6/doc/man/knotc.8in 2022-02-08 11:51:34.000000000 +0100 +++ new/knot-3.1.7/doc/man/knotc.8in 2022-03-30 07:59:21.000000000 +0200 @@ -104,7 +104,7 @@ .TP \fBzone\-status\fP [\fIzone\fP\&...] [\fIfilter\fP] Show the zone status. Filters are \fB+role\fP, \fB+serial\fP, \fB+transaction\fP, -\fB+events\fP, and \fB+freeze\fP\&. +\fB+events\fP, \fB+freeze\fP, and \fB+catalog\fP\&. .TP \fBzone\-reload\fP [\fIzone\fP\&...] Trigger a zone reload from a disk without checking its modification time. For diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/doc/man/knsupdate.1in new/knot-3.1.7/doc/man/knsupdate.1in --- old/knot-3.1.6/doc/man/knsupdate.1in 2022-02-08 11:51:34.000000000 +0100 +++ new/knot-3.1.7/doc/man/knsupdate.1in 2022-03-30 07:59:21.000000000 +0200 @@ -185,16 +185,16 @@ .nf .ft C $ knsupdate -> server 192.168.1.1 -> zone example.com. -> origin example.com. -> ttl 3600 -> add test1.example.com. 7200 A 192.168.2.2 -> add test2 TXT "hello" -> show -> send -> answer -> exit +knsupdate> server 192.168.1.1 +knsupdate> zone example.com. +knsupdate> origin example.com. +knsupdate> ttl 3600 +knsupdate> add test1.example.com. 7200 A 192.168.2.2 +knsupdate> add test2 TXT "hello" +knsupdate> show +knsupdate> send +knsupdate> answer +knsupdate> exit .ft P .fi .UNINDENT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/doc/man_knotc.rst new/knot-3.1.7/doc/man_knotc.rst --- old/knot-3.1.6/doc/man_knotc.rst 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/doc/man_knotc.rst 2022-03-30 07:58:54.000000000 +0200 @@ -81,7 +81,7 @@ **zone-status** [*zone*...] [*filter*] Show the zone status. Filters are **+role**, **+serial**, **+transaction**, - **+events**, and **+freeze**. + **+events**, **+freeze**, and **+catalog**. **zone-reload** [*zone*...] Trigger a zone reload from a disk without checking its modification time. For diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/doc/man_knsupdate.rst new/knot-3.1.7/doc/man_knsupdate.rst --- old/knot-3.1.6/doc/man_knsupdate.rst 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/doc/man_knsupdate.rst 2022-03-30 07:58:54.000000000 +0200 @@ -164,16 +164,16 @@ contains two new records:: $ knsupdate - > server 192.168.1.1 - > zone example.com. - > origin example.com. - > ttl 3600 - > add test1.example.com. 7200 A 192.168.2.2 - > add test2 TXT "hello" - > show - > send - > answer - > exit + knsupdate> server 192.168.1.1 + knsupdate> zone example.com. + knsupdate> origin example.com. + knsupdate> ttl 3600 + knsupdate> add test1.example.com. 7200 A 192.168.2.2 + knsupdate> add test2 TXT "hello" + knsupdate> show + knsupdate> send + knsupdate> answer + knsupdate> exit See Also -------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/doc/reference.rst new/knot-3.1.7/doc/reference.rst --- old/knot-3.1.6/doc/reference.rst 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/doc/reference.rst 2022-03-30 07:58:54.000000000 +0200 @@ -1894,6 +1894,10 @@ serial-policy: increment | unixtime | dateserial refresh-min-interval: TIME refresh-max-interval: TIME + retry-min-interval: TIME + retry-max-interval: TIME + expire-min-interval: TIME + expire-max-interval: TIME catalog-role: none | interpret | generate | member catalog-template: template_id ... catalog-zone: DNAME @@ -2243,16 +2247,52 @@ refresh-min-interval -------------------- -Forced minimum zone refresh interval to avoid flooding primary server. +Forced minimum zone refresh interval (in seconds) to avoid flooding primary server. -*Default:* 2 +*Default:* 2 (minimum allowed) .. _zone_refresh-max-interval: refresh-max-interval -------------------- -Forced maximum zone refresh interval. +Forced maximum zone refresh interval (in seconds). + +*Default:* not set + +.. _zone_retry-min-interval: + +retry-min-interval +------------------ + +Forced minimum zone retry interval (in seconds) to avoid flooding primary server. + +*Default:* 1 (minimum allowed) + +.. _zone_retry-max-interval: + +retry-max-interval +------------------ + +Forced maximum zone retry interval (in seconds). + +*Default:* not set + +.. _zone_expire-min-interval: + +expire-min-interval +------------------- + +Forced minimum zone expire interval (in seconds) to avoid flooding primary server. + +*Default:* 3 (minimum allowed) + +.. _zone_expire-max-interval: + +expire-max-interval +------------------- + +Forced maximum zone expire interval (in seconds). *Default:* not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/samples/Makefile.in new/knot-3.1.7/samples/Makefile.in --- old/knot-3.1.6/samples/Makefile.in 2022-02-08 11:51:17.000000000 +0100 +++ new/knot-3.1.7/samples/Makefile.in 2022-03-30 07:59:04.000000000 +0200 @@ -441,8 +441,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DAEMON_FALSE@uninstall-local: @HAVE_DAEMON_FALSE@install-data-local: +@HAVE_DAEMON_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/catalog/catalog_db.h new/knot-3.1.7/src/knot/catalog/catalog_db.h --- old/knot-3.1.6/src/knot/catalog/catalog_db.h 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/catalog/catalog_db.h 2022-03-30 07:58:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,6 +23,7 @@ #define CATALOG_ZONE_VERSION "2" // must be just one char long #define CATALOG_ZONES_LABEL "\x05""zones" #define CATALOG_GROUP_LABEL "\x05""group" +#define CATALOG_GROUP_MAXLEN 255 typedef struct catalog { knot_lmdb_db_t db; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/catalog/catalog_update.c new/knot-3.1.7/src/knot/catalog/catalog_update.c --- old/knot-3.1.6/src/knot/catalog/catalog_update.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/catalog/catalog_update.c 2022-03-30 07:58:54.000000000 +0200 @@ -140,7 +140,8 @@ { if ((rem && val->type != CAT_UPD_ADD) || (!rem && val->type != CAT_UPD_REM)) { - return KNOT_EEXIST; + log_zone_error(val->member, "duplicate addition/removal of the member node, ignoring"); + return KNOT_EOK; } knot_dname_t *owner_cpy = knot_dname_copy(owner, NULL); if (owner_cpy == NULL) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/catalog/interpret.c new/knot-3.1.7/src/knot/catalog/interpret.c --- old/knot-3.1.6/src/knot/catalog/interpret.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/catalog/interpret.c 2022-03-30 07:58:54.000000000 +0200 @@ -168,6 +168,7 @@ } newgr = (const char *)txt->rdata->data + 1; grlen = txt->rdata->data[0]; + assert(grlen <= CATALOG_GROUP_MAXLEN); } return catalog_update_add(ctx->u, member, owner, ctx->complete_conts->apex->owner, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/conf/conf.c new/knot-3.1.7/src/knot/conf/conf.c --- old/knot-3.1.6/src/knot/conf/conf.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/conf/conf.c 2022-03-30 07:58:54.000000000 +0200 @@ -227,25 +227,26 @@ if (ret == KNOT_EOK) { conf_db_get(conf, txn, C_ZONE, C_CATALOG_TPL, catalog, knot_dname_size(catalog), &val); - if (val.code != KNOT_EOK) { + if (val.code == KNOT_EOK) { + conf_val(&val); + while (val.code == KNOT_EOK) { + if (strmemcmp(group, val.data, val.len) == 0) { + break; + } + conf_val_next(&val); + } + conf_val(&val); // Use first value if no match. + free(tofree); + + conf_db_get(conf, txn, C_TPL, key1_name, val.data, + val.len, &val); + goto got_template; + } else { CONF_LOG_ZONE(LOG_ERR, catalog, - "catalog zone has no catalog template (%s)", + "orphaned catalog database record (%s)", knot_strerror(val.code)); free(tofree); - return val; } - conf_val(&val); - while (val.code == KNOT_EOK) { - if (strmemcmp(group, val.data, val.len) == 0) { - break; - } - conf_val_next(&val); - } - conf_val(&val); // Use first value if no match. - free(tofree); - - conf_db_get(conf, txn, C_TPL, key1_name, val.data, val.len, &val); - goto got_template; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/conf/schema.c new/knot-3.1.7/src/knot/conf/schema.c --- old/knot-3.1.6/src/knot/conf/schema.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/conf/schema.c 2022-03-30 07:58:54.000000000 +0200 @@ -425,6 +425,10 @@ { C_ZONEMD_VERIFY, YP_TBOOL, YP_VNONE, FLAGS }, \ { C_REFRESH_MIN_INTERVAL,YP_TINT, YP_VINT = { 2, UINT32_MAX, 2, YP_STIME } }, \ { C_REFRESH_MAX_INTERVAL,YP_TINT, YP_VINT = { 2, UINT32_MAX, UINT32_MAX, YP_STIME } }, \ + { C_RETRY_MIN_INTERVAL, YP_TINT, YP_VINT = { 1, UINT32_MAX, 1, YP_STIME } }, \ + { C_RETRY_MAX_INTERVAL, YP_TINT, YP_VINT = { 1, UINT32_MAX, UINT32_MAX, YP_STIME } }, \ + { C_EXPIRE_MIN_INTERVAL, YP_TINT, YP_VINT = { 3, UINT32_MAX, 3, YP_STIME } }, \ + { C_EXPIRE_MAX_INTERVAL, YP_TINT, YP_VINT = { 3, UINT32_MAX, UINT32_MAX, YP_STIME } }, \ { C_CATALOG_ROLE, YP_TOPT, YP_VOPT = { catalog_roles, CATALOG_ROLE_NONE }, FLAGS }, \ { C_CATALOG_TPL, YP_TREF, YP_VREF = { C_TPL }, YP_FMULTI | FLAGS, { check_ref } }, \ { C_CATALOG_ZONE, YP_TDNAME,YP_VNONE, FLAGS | CONF_IO_FRLD_ZONES }, \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/conf/schema.h new/knot-3.1.7/src/knot/conf/schema.h --- old/knot-3.1.6/src/knot/conf/schema.h 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/conf/schema.h 2022-03-30 07:58:54.000000000 +0200 @@ -54,6 +54,8 @@ #define C_DOMAIN "\x06""domain" #define C_DS_PUSH "\x07""ds-push" #define C_ECS "\x12""edns-client-subnet" +#define C_EXPIRE_MAX_INTERVAL "\x13""expire-max-interval" +#define C_EXPIRE_MIN_INTERVAL "\x13""expire-min-interval" #define C_FILE "\x04""file" #define C_GLOBAL_MODULE "\x0D""global-module" #define C_ID "\x02""id" @@ -96,6 +98,8 @@ #define C_REFRESH_MAX_INTERVAL "\x14""refresh-max-interval" #define C_REFRESH_MIN_INTERVAL "\x14""refresh-min-interval" #define C_REPRO_SIGNING "\x14""reproducible-signing" +#define C_RETRY_MAX_INTERVAL "\x12""retry-max-interval" +#define C_RETRY_MIN_INTERVAL "\x12""retry-min-interval" #define C_RMT "\x06""remote" #define C_RMT_POOL_LIMIT "\x11""remote-pool-limit" #define C_RMT_POOL_TIMEOUT "\x13""remote-pool-timeout" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/conf/tools.c new/knot-3.1.7/src/knot/conf/tools.c --- old/knot-3.1.6/src/knot/conf/tools.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/conf/tools.c 2022-03-30 07:58:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,6 +31,7 @@ #endif #include "libdnssec/key.h" +#include "knot/catalog/catalog_db.h" #include "knot/conf/tools.h" #include "knot/conf/conf.h" #include "knot/conf/module.h" @@ -725,7 +726,7 @@ knotd_conf_check_args_t *args) { assert(args->data_len > 0); - if (args->data_len - 1 > 255) { + if (args->data_len - 1 > CATALOG_GROUP_MAXLEN) { args->err_str = "group name longer than 255 characters"; return KNOT_EINVAL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/ctl/commands.c new/knot-3.1.7/src/knot/ctl/commands.c --- old/knot-3.1.6/src/knot/ctl/commands.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/ctl/commands.c 2022-03-30 07:58:54.000000000 +0200 @@ -39,6 +39,7 @@ #include "contrib/files.h" #include "contrib/string.h" #include "contrib/strtonum.h" +#include "contrib/openbsd/strlcat.h" #include "contrib/ucw/lists.h" #include "libzscanner/scanner.h" @@ -305,6 +306,59 @@ } } + if (MATCH_OR_FILTER(args, CTL_FILTER_STATUS_CATALOG)) { + char buf[1 + KNOT_DNAME_TXT_MAXLEN + 1 + CATALOG_GROUP_MAXLEN + 1] = ""; + data[KNOT_CTL_IDX_TYPE] = "catalog"; + data[KNOT_CTL_IDX_DATA] = buf; + + if (zone->flags & ZONE_IS_CAT_MEMBER) { + const knot_dname_t *catz; + const char *group; + void *to_free; + ret = catalog_get_catz(zone->catalog, zone->name, + &catz, &group, &to_free); + if (ret == KNOT_EOK) { + if (knot_dname_to_str(buf, catz, sizeof(buf)) == NULL) { + buf[0] = '\0'; + } + if (group[0] != '\0') { + size_t idx = strlcat(buf, "#", sizeof(buf)); + (void)strlcat(buf + idx, group, sizeof(buf) - idx); + } + free(to_free); + } + } else { + conf_val_t val = conf_zone_get(conf(), C_CATALOG_ROLE, zone->name); + switch (conf_opt(&val)) { + case CATALOG_ROLE_INTERPRET: + data[KNOT_CTL_IDX_DATA] = "interpret"; + break; + case CATALOG_ROLE_GENERATE: + data[KNOT_CTL_IDX_DATA] = "generate"; + break; + case CATALOG_ROLE_MEMBER: + buf[0] = '@'; + val = conf_zone_get(conf(), C_CATALOG_ZONE, zone->name); + if (knot_dname_to_str(buf + 1, conf_dname(&val), sizeof(buf) - 1) == NULL) { + buf[1] = '\0'; + } + val = conf_zone_get(conf(), C_CATALOG_GROUP, zone->name); + if (val.code == KNOT_EOK) { + size_t idx = strlcat(buf, "#", sizeof(buf)); + (void)strlcat(buf + idx, conf_str(&val), sizeof(buf) - idx); + } + break; + default: + data[KNOT_CTL_IDX_DATA] = "none"; + } + } + + ret = knot_ctl_send(args->ctl, type, &data); + if (ret != KNOT_EOK) { + return ret; + } + } + if (MATCH_OR_FILTER(args, CTL_FILTER_STATUS_EVENTS)) { for (zone_event_type_t i = 0; i < ZONE_EVENT_COUNT; i++) { // Events not worth showing or used elsewhere. @@ -312,11 +366,6 @@ continue; } - // Skip events affected by freeze. - if (ufrozen && ufreeze_applies(i)) { - continue; - } - data[KNOT_CTL_IDX_TYPE] = zone_events_get_name(i); time_t ev_time = zone_events_get_time(zone, i); if (zone->events.running && zone->events.type == i) { @@ -324,7 +373,8 @@ } else if (ev_time <= 0) { ret = snprintf(buff, sizeof(buff), "not scheduled"); } else if (ev_time <= time(NULL)) { - ret = snprintf(buff, sizeof(buff), "pending"); + bool frozen = ufrozen && ufreeze_applies(i); + ret = snprintf(buff, sizeof(buff), frozen ? "frozen" : "pending"); } else { ret = knot_time_print(TIME_PRINT_HUMAN_MIXED, ev_time, buff, sizeof(buff)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/ctl/commands.h new/knot-3.1.7/src/knot/ctl/commands.h --- old/knot-3.1.6/src/knot/ctl/commands.h 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/knot/ctl/commands.h 2022-03-30 07:58:54.000000000 +0200 @@ -30,6 +30,7 @@ #define CTL_FILTER_STATUS_SERIAL 's' #define CTL_FILTER_STATUS_TRANSACTION 't' #define CTL_FILTER_STATUS_FREEZE 'f' +#define CTL_FILTER_STATUS_CATALOG 'c' #define CTL_FILTER_STATUS_EVENTS 'e' #define CTL_FILTER_PURGE_EXPIRE 'e' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/dnssec/zone-events.c new/knot-3.1.7/src/knot/dnssec/zone-events.c --- old/knot-3.1.6/src/knot/dnssec/zone-events.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/dnssec/zone-events.c 2022-03-30 07:58:54.000000000 +0200 @@ -292,6 +292,7 @@ const knot_dname_t *zone_name = update->new_cont->apex->owner; kdnssec_ctx_t ctx = { 0 }; zone_keyset_t keyset = { 0 }; + knot_time_t expire_at = 0; unsigned zonemd_alg; result = sign_init(update, conf, 0, 0, 0, update->zone->kaspdb, &ctx, &zonemd_alg, reschedule); @@ -308,13 +309,21 @@ goto done; } + if (ctx.policy->offline_ksk) { + result = knot_zone_sign_update_dnskeys(update, &keyset, &ctx, &expire_at); + if (result != KNOT_EOK) { + log_zone_error(zone_name, "DNSSEC, failed to update DNSKEY records (%s)", + knot_strerror(result)); + goto done; + } + } + result = zone_adjust_contents(update->new_cont, adjust_cb_flags, NULL, false, false, 1, update->a_ctx->node_ptrs); if (result != KNOT_EOK) { goto done; } - knot_time_t expire_at = 0; result = knot_zone_sign_update(update, &keyset, &ctx, &expire_at); if (result != KNOT_EOK) { log_zone_error(zone_name, "DNSSEC, failed to sign changeset (%s)", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/events/handlers/load.c new/knot-3.1.7/src/knot/events/handlers/load.c --- old/knot-3.1.6/src/knot/events/handlers/load.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/events/handlers/load.c 2022-03-30 07:58:54.000000000 +0200 @@ -247,7 +247,11 @@ log_zone_warning(zone->name, "zone file changed without SOA serial update"); break; case KNOT_ERANGE: - log_zone_warning(zone->name, "zone file changed, but SOA serial decreased"); + if (serial_compare(zone->zonefile.serial, zone_contents_serial(zone->contents)) == SERIAL_INCOMPARABLE) { + log_zone_warning(zone->name, "zone file changed with incomparable SOA serial"); + } else { + log_zone_warning(zone->name, "zone file changed with decreased SOA serial"); + } break; } goto cleanup; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/events/handlers/refresh.c new/knot-3.1.7/src/knot/events/handlers/refresh.c --- old/knot-3.1.6/src/knot/events/handlers/refresh.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/events/handlers/refresh.c 2022-03-30 07:58:54.000000000 +0200 @@ -1234,16 +1234,18 @@ return ret; } -static int64_t min_refresh_interval(conf_t *conf, const knot_dname_t *zone) +static void limit_next(conf_t *conf, const knot_dname_t *zone, const yp_name_t *low, + const yp_name_t *upp, time_t now, time_t *timer) { - conf_val_t val = conf_zone_get(conf, C_REFRESH_MIN_INTERVAL, zone); - return conf_int(&val); -} - -static int64_t max_refresh_interval(conf_t *conf, const knot_dname_t *zone) -{ - conf_val_t val = conf_zone_get(conf, C_REFRESH_MAX_INTERVAL, zone); - return conf_int(&val); + conf_val_t val1 = conf_zone_get(conf, low, zone); + conf_val_t val2 = conf_zone_get(conf, upp, zone); + time_t tlow = now + conf_int(&val1); + time_t tupp = now + conf_int(&val2); + if (*timer < tlow) { + *timer = tlow; + } else if (*timer > tupp) { + *timer = tupp; + } } int event_refresh(conf_t *conf, zone_t *zone) @@ -1276,6 +1278,16 @@ zone->timers.last_refresh = now; zone->timers.next_refresh = now + knot_soa_refresh(soa->rdata); zone->timers.last_refresh_ok = true; + + limit_next(conf, zone->name, C_REFRESH_MIN_INTERVAL, + C_REFRESH_MAX_INTERVAL, now, + &zone->timers.next_refresh); + + time_t expire = zone->timers.last_refresh + zone->timers.soa_expire; + limit_next(conf, zone->name, C_EXPIRE_MIN_INTERVAL, + C_EXPIRE_MAX_INTERVAL, now, + &expire); + zone->timers.soa_expire = expire - zone->timers.last_refresh; } else { time_t next = 0; if (soa) { @@ -1285,16 +1297,10 @@ } zone->timers.next_refresh = now + next; zone->timers.last_refresh_ok = false; - } - /* Check for allowed refresh interval limits. */ - int64_t min_refresh = min_refresh_interval(conf, zone->name); - if(zone->timers.next_refresh < now + min_refresh) { - zone->timers.next_refresh = now + min_refresh; - } - int64_t max_refresh = max_refresh_interval(conf, zone->name); - if(zone->timers.next_refresh > now + max_refresh) { - zone->timers.next_refresh = now + max_refresh; + limit_next(conf, zone->name, C_RETRY_MIN_INTERVAL, + C_RETRY_MAX_INTERVAL, now, + &zone->timers.next_refresh); } /* Reschedule events. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/events/replan.c new/knot-3.1.7/src/knot/events/replan.c --- old/knot-3.1.6/src/knot/events/replan.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/events/replan.c 2022-03-30 07:58:54.000000000 +0200 @@ -29,9 +29,6 @@ */ static void replan_ddns(zone_t *zone, zone_t *old_zone) { - assert(zone); - assert(old_zone); - if (old_zone->ddns_queue_size == 0) { return; } @@ -48,16 +45,29 @@ } /*! - * \brief Replan NOTIFY event if it was queued for the old zone. + * \brief Replan events that are already planned for the old zone. */ -static void replan_notify(zone_t *zone, const zone_t *old_zone) +static void replan_from_zone(zone_t *zone, zone_t *old_zone) { assert(zone); assert(old_zone); - time_t notify = zone_events_get_time(old_zone, ZONE_EVENT_NOTIFY); - if (notify > 0) { - zone_events_schedule_at(zone, ZONE_EVENT_NOTIFY, notify); + replan_ddns(zone, old_zone); + + const zone_event_type_t types[] = { + ZONE_EVENT_FLUSH, + ZONE_EVENT_BACKUP, + ZONE_EVENT_NOTIFY, + ZONE_EVENT_UFREEZE, + ZONE_EVENT_UTHAW, + ZONE_EVENT_INVALID + }; + + for (const zone_event_type_t *type = types; *type != ZONE_EVENT_INVALID; type++) { + time_t when = zone_events_get_time(old_zone, *type); + if (when > 0) { + zone_events_schedule_at(zone, *type, when); + } } } @@ -168,8 +178,7 @@ void replan_load_current(conf_t *conf, zone_t *zone, zone_t *old_zone) { - replan_ddns(zone, old_zone); - replan_notify(zone, old_zone); + replan_from_zone(zone, old_zone); if (zone->contents != NULL || zone_expired(zone)) { replan_from_timers(conf, zone); @@ -181,8 +190,7 @@ void replan_load_updated(zone_t *zone, zone_t *old_zone) { - replan_ddns(zone, old_zone); - replan_notify(zone, old_zone); + replan_from_zone(zone, old_zone); // other events will cascade from load zone_events_schedule_now(zone, ZONE_EVENT_LOAD); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/modules/onlinesign/onlinesign.c new/knot-3.1.7/src/knot/modules/onlinesign/onlinesign.c --- old/knot-3.1.6/src/knot/modules/onlinesign/onlinesign.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/modules/onlinesign/onlinesign.c 2022-03-30 07:58:54.000000000 +0200 @@ -698,6 +698,13 @@ return KNOT_ERROR; } + if (mod->dnssec->policy->offline_ksk) { + knotd_mod_log(mod, LOG_ERR, "incompatible with offline KSK mode", + knot_strerror(ret)); + online_sign_ctx_free(ctx); + return KNOT_ENOTSUP; + } + conf = knotd_conf_mod(mod, MOD_NSEC_BITMAP); ret = load_nsec_bitmap(ctx, &conf); knotd_conf_free(&conf); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/modules/onlinesign/onlinesign.rst new/knot-3.1.7/src/knot/modules/onlinesign/onlinesign.rst --- old/knot-3.1.6/src/knot/modules/onlinesign/onlinesign.rst 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/knot/modules/onlinesign/onlinesign.rst 2022-03-30 07:58:54.000000000 +0200 @@ -59,6 +59,8 @@ be predicted. This dissimilarity should not affect response validation, even with validators performing aggressive negative caching (:rfc:`8198`). +* The module isn't compatible with the Offline KSK mode yet. + .. rubric:: Recommendations: * Configure the module with an explicit signing policy which has the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/updates/zone-update.c new/knot-3.1.7/src/knot/updates/zone-update.c --- old/knot-3.1.6/src/knot/updates/zone-update.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/updates/zone-update.c 2022-03-30 07:58:54.000000000 +0200 @@ -725,8 +725,6 @@ return (val.code == KNOT_ENOENT || val.code == KNOT_YP_EINVAL_ID) ? KNOT_EOK : val.code; } - zone_set_flag(update->zone, ZONE_IS_CATALOG); - int ret = catalog_zone_verify(update->new_cont); if (ret != KNOT_EOK) { return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/zone/backup.c new/knot-3.1.7/src/knot/zone/backup.c --- old/knot-3.1.6/src/knot/zone/backup.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/zone/backup.c 2022-03-30 07:58:54.000000000 +0200 @@ -411,7 +411,7 @@ BACKUP_SWAP(ctx, j_from, j_to); ret = journal_copy_with_md(j_from, j_to, zone->name); - } else if (ctx->restore_mode) { + } else if (ctx->restore_mode && ctx->backup_zonefile) { ret = journal_scrape_with_md(zone_journal(zone), true); } if (ret != KNOT_EOK) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/zone/serial.h new/knot-3.1.7/src/knot/zone/serial.h --- old/knot-3.1.6/src/knot/zone/serial.h 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/knot/zone/serial.h 2022-03-30 07:58:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,6 +19,8 @@ #include <stdbool.h> #include <stdint.h> +#define SERIAL_MAX_INCREMENT 2147483647 + /*! * \brief result of serial comparison. LOWER means that the first serial is lower that the second. * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/knot/zone/zonedb-load.c new/knot-3.1.7/src/knot/zone/zonedb-load.c --- old/knot-3.1.6/src/knot/zone/zonedb-load.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/knot/zone/zonedb-load.c 2022-03-30 07:58:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -106,6 +106,7 @@ conf_updated = true; } + zone->events.ufrozen = old_zone->events.ufrozen; if ((zone_file_updated(conf, old_zone, name) || conf_updated) && !zone_expired(zone)) { replan_load_updated(zone, old_zone); } else { @@ -172,6 +173,7 @@ if (ret != KNOT_EOK) { log_error("failed to open catalog database (%s)", knot_strerror(ret)); } + zone_set_flag(zone, ZONE_IS_CATALOG); } if (zone_expired(zone)) { @@ -337,11 +339,17 @@ } reuse_cold_zone_ctx_t; static int reuse_cold_zone_cb(const knot_dname_t *member, _unused_ const knot_dname_t *owner, - _unused_ const knot_dname_t *catz, _unused_ const char *group, + const knot_dname_t *catz, _unused_ const char *group, void *ctx) { reuse_cold_zone_ctx_t *rcz = ctx; + zone_t *catz_z = knot_zonedb_find(rcz->zonedb, catz); + if (catz_z == NULL || !(catz_z->flags & ZONE_IS_CATALOG)) { + log_zone_warning(member, "orphaned catalog member zone, ignoring"); + return KNOT_EOK; + } + zone_t *zone = reuse_cold_zone(member, rcz->server, rcz->conf); if (zone == NULL) { return KNOT_ENOMEM; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libdnssec/version.h new/knot-3.1.7/src/libdnssec/version.h --- old/knot-3.1.6/src/libdnssec/version.h 2022-02-08 11:51:26.000000000 +0100 +++ new/knot-3.1.7/src/libdnssec/version.h 2022-03-30 07:59:13.000000000 +0200 @@ -18,7 +18,7 @@ #define DNSSEC_VERSION_MAJOR 3 #define DNSSEC_VERSION_MINOR 1 -#define DNSSEC_VERSION_PATCH 0x06 +#define DNSSEC_VERSION_PATCH 0x07 #define DNSSEC_VERSION_HEX ((DNSSEC_VERSION_MAJOR << 16) | \ (DNSSEC_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libknot/version.h new/knot-3.1.7/src/libknot/version.h --- old/knot-3.1.6/src/libknot/version.h 2022-02-08 11:51:26.000000000 +0100 +++ new/knot-3.1.7/src/libknot/version.h 2022-03-30 07:59:13.000000000 +0200 @@ -18,7 +18,7 @@ #define KNOT_VERSION_MAJOR 3 #define KNOT_VERSION_MINOR 1 -#define KNOT_VERSION_PATCH 0x06 +#define KNOT_VERSION_PATCH 0x07 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \ (KNOT_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libzscanner/error.c new/knot-3.1.7/src/libzscanner/error.c --- old/knot-3.1.6/src/libzscanner/error.c 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/libzscanner/error.c 2022-03-30 07:58:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -165,6 +165,8 @@ "missing mandatory parameter" ), ERR_ITEM( ZS_EMPTY_LIST_ITEM, "empty comma-separated list item" ), + ERR_ITEM( ZS_FILE_ACCESS, + "permission denied" ), ERR_ITEM( 0, NULL ) // Terminator }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libzscanner/error.h new/knot-3.1.7/src/libzscanner/error.h --- old/knot-3.1.6/src/libzscanner/error.h 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/libzscanner/error.h 2022-03-30 07:58:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -95,6 +95,7 @@ ZS_DUPLICATE_SVCB_MANDATORY, ZS_MISSING_SVCB_MANDATORY, ZS_EMPTY_LIST_ITEM, + ZS_FILE_ACCESS, }; /*! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libzscanner/scanner.c.g2 new/knot-3.1.7/src/libzscanner/scanner.c.g2 --- old/knot-3.1.6/src/libzscanner/scanner.c.g2 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/libzscanner/scanner.c.g2 2022-03-30 07:58:54.000000000 +0200 @@ -1,5 +1,5 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,6 +16,7 @@ */ #include <arpa/inet.h> +#include <errno.h> #include <fcntl.h> #include <stdbool.h> #include <stdint.h> @@ -286,7 +287,7 @@ // Try to open the file. s->file.descriptor = open(file_name, O_RDONLY); if (s->file.descriptor == -1) { - ERR(ZS_FILE_OPEN); + ERR(errno == EACCES ? ZS_FILE_ACCESS : ZS_FILE_OPEN); return -1; } @@ -313,7 +314,7 @@ ERR(ZS_FILE_INVALID); input_deinit(s, false); return -1; - } else if (file_stat.st_size > 0) { // Mmap non-emtpy file. + } else if (file_stat.st_size > 0) { // Mmap non-empty file. start = mmap(0, file_stat.st_size, PROT_READ, MAP_SHARED, s->file.descriptor, 0); if (start == MAP_FAILED) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libzscanner/scanner.c.t0 new/knot-3.1.7/src/libzscanner/scanner.c.t0 --- old/knot-3.1.6/src/libzscanner/scanner.c.t0 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/libzscanner/scanner.c.t0 2022-03-30 07:58:54.000000000 +0200 @@ -1,5 +1,5 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,6 +16,7 @@ */ #include <arpa/inet.h> +#include <errno.h> #include <fcntl.h> #include <stdbool.h> #include <stdint.h> @@ -6541,7 +6542,7 @@ // Try to open the file. s->file.descriptor = open(file_name, O_RDONLY); if (s->file.descriptor == -1) { - ERR(ZS_FILE_OPEN); + ERR(errno == EACCES ? ZS_FILE_ACCESS : ZS_FILE_OPEN); return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libzscanner/scanner.rl new/knot-3.1.7/src/libzscanner/scanner.rl --- old/knot-3.1.6/src/libzscanner/scanner.rl 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/libzscanner/scanner.rl 2022-03-30 07:58:54.000000000 +0200 @@ -1,4 +1,4 @@ -/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,6 +15,7 @@ */ #include <arpa/inet.h> +#include <errno.h> #include <fcntl.h> #include <stdbool.h> #include <stdint.h> @@ -287,7 +288,7 @@ // Try to open the file. s->file.descriptor = open(file_name, O_RDONLY); if (s->file.descriptor == -1) { - ERR(ZS_FILE_OPEN); + ERR(errno == EACCES ? ZS_FILE_ACCESS : ZS_FILE_OPEN); return -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/libzscanner/version.h new/knot-3.1.7/src/libzscanner/version.h --- old/knot-3.1.6/src/libzscanner/version.h 2022-02-08 11:51:26.000000000 +0100 +++ new/knot-3.1.7/src/libzscanner/version.h 2022-03-30 07:59:13.000000000 +0200 @@ -18,7 +18,7 @@ #define ZSCANNER_VERSION_MAJOR 3 #define ZSCANNER_VERSION_MINOR 1 -#define ZSCANNER_VERSION_PATCH 0x06 +#define ZSCANNER_VERSION_PATCH 0x07 #define ZSCANNER_VERSION_HEX ((ZSCANNER_VERSION_MAJOR << 16) | \ (ZSCANNER_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/utils/kdig/kdig_exec.c new/knot-3.1.7/src/utils/kdig/kdig_exec.c --- old/knot-3.1.6/src/utils/kdig/kdig_exec.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/utils/kdig/kdig_exec.c 2022-03-30 07:58:54.000000000 +0200 @@ -941,7 +941,7 @@ { struct timespec t_start, t_query, t_query_full, t_end, t_end_full; time_t timestamp; - knot_pkt_t *reply; + knot_pkt_t *reply = NULL; uint8_t in[MAX_PACKET_SIZE]; int in_len; int ret; @@ -1005,8 +1005,7 @@ // Receive a reply message. in_len = net_receive(net, in, sizeof(in)); if (in_len <= 0) { - net_close(net); - return -1; + goto fail; } // Get stop message time. @@ -1024,8 +1023,7 @@ reply = knot_pkt_new(in, in_len, NULL); if (reply == NULL) { ERR("internal error (%s)\n", knot_strerror(KNOT_ENOMEM)); - net_close(net); - return -1; + goto fail; } // Parse reply to the packet structure. @@ -1034,17 +1032,13 @@ WARN("malformed reply packet (%s)\n", knot_strerror(ret)); } else if (ret != KNOT_EOK) { ERR("malformed reply packet from %s\n", net->remote_str); - knot_pkt_free(reply); - net_close(net); - return -1; + goto fail; } // Compare reply header id. if (check_reply_id(reply, query) == false) { ERR("reply ID mismatch from %s\n", net->remote_str); - knot_pkt_free(reply); - net_close(net); - return -1; + goto fail; } // Print leading transfer information. @@ -1056,9 +1050,7 @@ if (knot_pkt_ext_rcode(reply) != KNOT_RCODE_NOERROR) { ERR("server replied with error '%s'\n", knot_pkt_ext_rcode_name(reply)); - knot_pkt_free(reply); - net_close(net); - return -1; + goto fail; } // The first message has a special treatment. @@ -1076,9 +1068,7 @@ ERR("reply verification for %s (%s)\n", net->remote_str, knot_strerror(ret)); - knot_pkt_free(reply); - net_close(net); - return -1; + goto fail; } } @@ -1088,9 +1078,7 @@ if (serial < 0) { ERR("first answer record from %s isn't SOA\n", net->remote_str); - knot_pkt_free(reply); - net_close(net); - return -1; + goto fail; } // Check for question sections equality. @@ -1114,18 +1102,28 @@ } knot_pkt_free(reply); + reply = NULL; } - // Get stop reply time. + // Print full transfer information. t_end = time_now(); - - // Print trailing transfer information. print_footer_xfr(total_len, msg_count, rr_count, net, time_diff_ms(&t_query, &t_end), timestamp, style); net_close_keepopen(net, query_ctx); return 0; + +fail: + // Print partial transfer information. + t_end = time_now(); + print_footer_xfr(total_len, msg_count, rr_count, net, + time_diff_ms(&t_query, &t_end), timestamp, style); + + knot_pkt_free(reply); + net_close(net); + + return -1; } static int process_xfr(const query_t *query, net_t *net) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/utils/keymgr/offline_ksk.c new/knot-3.1.7/src/utils/keymgr/offline_ksk.c --- old/knot-3.1.6/src/utils/keymgr/offline_ksk.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/utils/keymgr/offline_ksk.c 2022-03-30 07:58:54.000000000 +0200 @@ -459,7 +459,7 @@ ret = zs_set_input_file(&sc, infile); if (ret < 0) { zs_deinit(&sc); - return KNOT_EFILE; + return (sc.error.code == ZS_FILE_ACCESS) ? KNOT_EACCES : KNOT_EFILE; } ksr_sign_ctx_t pctx = { 0 }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/utils/knotc/commands.c new/knot-3.1.7/src/utils/knotc/commands.c --- old/knot-3.1.6/src/utils/knotc/commands.c 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/utils/knotc/commands.c 2022-03-30 07:58:54.000000000 +0200 @@ -672,6 +672,7 @@ { "+serial", CTL_FILTER_STATUS_SERIAL }, { "+transaction", CTL_FILTER_STATUS_TRANSACTION }, { "+freeze", CTL_FILTER_STATUS_FREEZE }, + { "+catalog", CTL_FILTER_STATUS_CATALOG }, { "+events", CTL_FILTER_STATUS_EVENTS }, }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/utils/knsupdate/knsupdate_exec.c new/knot-3.1.7/src/utils/knsupdate/knsupdate_exec.c --- old/knot-3.1.6/src/utils/knsupdate/knsupdate_exec.c 2022-02-08 08:39:18.000000000 +0100 +++ new/knot-3.1.7/src/utils/knsupdate/knsupdate_exec.c 2022-03-30 07:58:54.000000000 +0200 @@ -547,7 +547,7 @@ /* If no file specified, enter the interactive mode. */ if (EMPTY_LIST(params->qfiles)) { - ret = interactive_loop(params); + return process_lines(params, stdin); } /* Read from each specified file. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.1.6/src/utils/knsupdate/knsupdate_params.c new/knot-3.1.7/src/utils/knsupdate/knsupdate_params.c --- old/knot-3.1.6/src/utils/knsupdate/knsupdate_params.c 2022-02-08 11:51:08.000000000 +0100 +++ new/knot-3.1.7/src/utils/knsupdate/knsupdate_params.c 2022-03-30 07:58:54.000000000 +0200 @@ -49,6 +49,7 @@ }, .show_query = false, .show_header = true, + .show_section = true, .show_edns = false, .show_question = true, .show_answer = true,
