Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package knot for openSUSE:Factory checked in at 2021-03-28 11:55:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/knot (Old) and /work/SRC/openSUSE:Factory/.knot.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "knot" Sun Mar 28 11:55:12 2021 rev:3 rq:881417 version:3.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/knot/knot.changes 2021-02-16 09:19:29.747208985 +0100 +++ /work/SRC/openSUSE:Factory/.knot.new.2401/knot.changes 2021-03-28 11:57:17.108272982 +0200 @@ -1,0 +2,7 @@ +Thu Mar 25 12:56:29 UTC 2021 - Michal Hrusecky <[email protected]> + +- update to version 3.0.5, see: + https://www.knot-dns.cz/2021-03-25-version-305.html +- Update description based on homepage + +------------------------------------------------------------------- Old: ---- knot-3.0.4.tar.xz knot-3.0.4.tar.xz.asc New: ---- knot-3.0.5.tar.xz knot-3.0.5.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ knot.spec ++++++ --- /var/tmp/diff_new_pack.owCCxA/_old 2021-03-28 11:57:17.672273481 +0200 +++ /var/tmp/diff_new_pack.owCCxA/_new 2021-03-28 11:57:17.672273481 +0200 @@ -1,7 +1,7 @@ # # spec file for package knot # -# Copyright (c) 2021 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,9 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %if 0%{?suse_version} > 1320 %bcond_without dnstap %bcond_without lto @@ -44,13 +45,13 @@ %define libzscanner libzscanner3 Name: knot -Version: 3.0.4 -Release: 1 +Version: 3.0.5 +Release: 0 %define pkg_name knot Summary: An authoritative DNS daemon -License: GPL-3.0+ +License: GPL-3.0-or-later Group: Productivity/Networking/DNS/Servers -Url: http://www.knot-dns.cz/ +URL: http://www.knot-dns.cz/ Source0: https://secure.nic.cz/files/knot-dns/%{pkg_name}-%{version}.tar.xz Source1: knot.service Source2: knot-tmp.conf @@ -72,16 +73,16 @@ BuildRequires: libcap-ng-devel BuildRequires: xz Requires(pre): pwdutils -BuildRoot: %{_tmppath}/%{pkg_name}-%{version}-build +BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: lmdb-devel >= 0.9.15 %if %{with docs} BuildRequires: makeinfo BuildRequires: python3-Sphinx %endif %if %{with dnstap} -BuildRequires: protobuf-c >= 1.0.0 -BuildRequires: libprotobuf-c-devel >= 1.0.0 BuildRequires: libfstrm-devel +BuildRequires: libprotobuf-c-devel >= 1.0.0 +BuildRequires: protobuf-c >= 1.0.0 %endif %if %{with systemd} %define has_systemd 1 @@ -91,15 +92,22 @@ Obsoletes: knot2 < %{version} %description -Knot DNS is an implementation of an authoritative DNS server. +Knot DNS is a high-performance open-source DNS server. It implements only the +authoritative domain name service. It benefits from its multi-threaded and +mostly lock-free implementation which allows it to scale well on SMP systems +and operate non-stop even when adding or removing zones. %package devel Group: Development/Libraries/C and C++ Requires: knot = %{version} # Summary: Development files for the knot libraries + %description devel -Knot DNS is an implementation of an authoritative DNS server. +Knot DNS is a high-performance open-source DNS server. It implements only the +authoritative domain name service. It benefits from its multi-threaded and +mostly lock-free implementation which allows it to scale well on SMP systems +and operate non-stop even when adding or removing zones. Development files for knot. @@ -107,8 +115,12 @@ Group: System/Libraries # Summary: Shared library from knot: libdnssec + %description -n %{libdnssec} -Knot DNS is an implementation of an authoritative DNS server. +Knot DNS is a high-performance open-source DNS server. It implements only the +authoritative domain name service. It benefits from its multi-threaded and +mostly lock-free implementation which allows it to scale well on SMP systems +and operate non-stop even when adding or removing zones. This package holds the shared library libdnssec from knot. @@ -116,8 +128,12 @@ Group: System/Libraries # Summary: Shared library from knot: libknot + %description -n %{libknot} -Knot DNS is an implementation of an authoritative DNS server. +Knot DNS is a high-performance open-source DNS server. It implements only the +authoritative domain name service. It benefits from its multi-threaded and +mostly lock-free implementation which allows it to scale well on SMP systems +and operate non-stop even when adding or removing zones. This package holds the shared library libknot from knot. @@ -125,8 +141,12 @@ Group: System/Libraries # Summary: Shared library from knot 2: libzscanner + %description -n %{libzscanner} -Knot DNS is an implementation of an authoritative DNS server. +Knot DNS is a high-performance open-source DNS server. It implements only the +authoritative domain name service. It benefits from its multi-threaded and +mostly lock-free implementation which allows it to scale well on SMP systems +and operate non-stop even when adding or removing zones. This package holds the shared library libzscanner from knot. ++++++ knot-3.0.4.tar.xz -> knot-3.0.5.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/NEWS new/knot-3.0.5/NEWS --- old/knot-3.0.4/NEWS 2021-01-20 16:57:23.000000000 +0100 +++ new/knot-3.0.5/NEWS 2021-03-25 10:47:21.000000000 +0100 @@ -1,3 +1,27 @@ +Knot DNS 3.0.5 (2021-03-25) +=========================== + +Improvements: +------------- + - kdig: added support for TCP Fast Open on FreeBSD + - keymgr: the SEP flag can be changed on already generated keys + - Some documentation improvements + +Bugfixes: +--------- + - knotd: journal contents can be considered malformed after changeset merge + - knotd: broken detection of TCP Fast Open availability + - knotd: zone restore can stuck in an infinite loop if zone configuration changed + - knotd: failed zone backup makes control socket unavailable + - knotd: zone not stored to journal after reload if difference-no-serial is enabled + - knotd: old key is being used after an algorithm rollover with a shared policy #721 + - keymgr: keytag not recomputed upon key flag change + - kdig: TCP not used if +fastopen is set + - mod-dnstap: the local address is empty + - kzonecheck: missing letter lower-casing of the origin parameter + - XDP mode wrongly detected on NetBSD + - Failed to build knotd_stdio fuzzing utility + Knot DNS 3.0.4 (2021-01-20) =========================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/configure new/knot-3.0.5/configure --- old/knot-3.0.4/configure 2021-01-20 16:58:28.000000000 +0100 +++ new/knot-3.0.5/configure 2021-03-25 10:47:48.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for knot 3.0.4. +# Generated by GNU Autoconf 2.69 for knot 3.0.5. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='knot' PACKAGE_TARNAME='knot' -PACKAGE_VERSION='3.0.4' -PACKAGE_STRING='knot 3.0.4' +PACKAGE_VERSION='3.0.5' +PACKAGE_STRING='knot 3.0.5' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1550,7 +1550,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures knot 3.0.4 to adapt to many kinds of systems. +\`configure' configures knot 3.0.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1621,7 +1621,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of knot 3.0.4:";; + short | recursive ) echo "Configuration of knot 3.0.5:";; esac cat <<\_ACEOF @@ -1849,7 +1849,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -knot configure 3.0.4 +knot configure 3.0.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2264,7 +2264,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by knot $as_me 3.0.4, which was +It was created by knot $as_me 3.0.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3130,7 +3130,7 @@ # Define the identity of the package. PACKAGE='knot' - VERSION='3.0.4' + VERSION='3.0.5' cat >>confdefs.h <<_ACEOF @@ -4894,7 +4894,7 @@ KNOT_VERSION_MINOR=0 -KNOT_VERSION_PATCH=4 +KNOT_VERSION_PATCH=5 # Store ./configure parameters and CFLAGS @@ -5472,7 +5472,7 @@ presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac -if test "$endianity" == "little-endian"; then : +if test "$endianity" = "little-endian"; then : $as_echo "#define ENDIANITY_LITTLE 1" >>confdefs.h @@ -14023,7 +14023,7 @@ -XDP_VISIBLE_HEADERS=$(test "$enable_xdp" == "no"; echo "$?") +XDP_VISIBLE_HEADERS=$(test "$enable_xdp" = "no"; echo "$?") if test "$enable_xdp" != "no"; then : @@ -19029,7 +19029,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by knot $as_me 3.0.4, which was +This file was extended by knot $as_me 3.0.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19095,7 +19095,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -knot config.status 3.0.4 +knot config.status 3.0.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/configure.ac new/knot-3.0.5/configure.ac --- old/knot-3.0.4/configure.ac 2021-01-20 16:57:23.000000000 +0100 +++ new/knot-3.0.5/configure.ac 2021-03-25 10:47:21.000000000 +0100 @@ -2,7 +2,7 @@ m4_define([knot_VERSION_MAJOR], 3)dnl m4_define([knot_VERSION_MINOR], 0)dnl -m4_define([knot_VERSION_PATCH], 4)dnl Leave empty if the master branch! +m4_define([knot_VERSION_PATCH], 5)dnl Leave empty if the master branch! m4_include([m4/knot-version.m4]) AC_INIT([knot], knot_PKG_VERSION, [[email protected]]) @@ -51,7 +51,7 @@ # Get processor byte ordering AC_C_BIGENDIAN([endianity=big-endian], [endianity=little-endian]) -AS_IF([test "$endianity" == "little-endian"],[ +AS_IF([test "$endianity" = "little-endian"],[ AC_DEFINE([ENDIANITY_LITTLE], [1], [System is little-endian.])]) # Check if an archiver is available @@ -238,7 +238,7 @@ AC_SUBST([embedded_libbpf_LIBS]) AC_SUBST([libbpf_CFLAGS]) AC_SUBST([libbpf_LIBS]) -AC_SUBST([XDP_VISIBLE_HEADERS], [$(test "$enable_xdp" == "no"; echo "$?")]) +AC_SUBST([XDP_VISIBLE_HEADERS], [$(test "$enable_xdp" = "no"; echo "$?")]) AS_IF([test "$enable_xdp" != "no"],[ AC_DEFINE([ENABLE_XDP], [1], [Use eXpress Data Path.])]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/distro/deb/changelog new/knot-3.0.5/distro/deb/changelog --- old/knot-3.0.4/distro/deb/changelog 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/distro/deb/changelog 2021-03-25 08:18:12.000000000 +0100 @@ -1,4 +1,4 @@ -knot (__VERSION__-1) unstable; urgency=medium +knot (__VERSION__-cznic.1) unstable; urgency=medium * move changelog to OBS * see NEWS or https://knot-dns.cz diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/distro/rpm/knot.spec new/knot-3.0.5/distro/rpm/knot.spec --- old/knot-3.0.4/distro/rpm/knot.spec 2021-01-20 12:45:13.000000000 +0100 +++ new/knot-3.0.5/distro/rpm/knot.spec 2021-03-25 10:47:21.000000000 +0100 @@ -8,7 +8,7 @@ Summary: High-performance authoritative DNS server Name: knot Version: %{VERSION} -Release: 1%{?dist} +Release: cznic.1%{?dist} License: GPL-3.0-or-later URL: https://www.knot-dns.cz Source0: %{name}_%{version}.orig.tar.xz diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/doc/Makefile.in new/knot-3.0.5/doc/Makefile.in --- old/knot-3.0.4/doc/Makefile.in 2021-01-20 16:58:35.000000000 +0100 +++ new/knot-3.0.5/doc/Makefile.in 2021-03-25 10:47:52.000000000 +0100 @@ -709,22 +709,22 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DOCS_FALSE@html-local: -@HAVE_SPHINXBUILD_FALSE@html-local: -@HAVE_DOCS_FALSE@install-info-local: -@HAVE_MAKEINFO_FALSE@install-info-local: -@HAVE_SPHINXBUILD_FALSE@install-info-local: -@HAVE_DOCS_FALSE@install-pdf-local: -@HAVE_PDFLATEX_FALSE@install-pdf-local: -@HAVE_SPHINXBUILD_FALSE@install-pdf-local: +@HAVE_DOCS_FALSE@install-html-local: +@HAVE_SPHINXBUILD_FALSE@install-html-local: @HAVE_DOCS_FALSE@info-local: @HAVE_MAKEINFO_FALSE@info-local: @HAVE_SPHINXBUILD_FALSE@info-local: @HAVE_DOCS_FALSE@pdf-local: @HAVE_PDFLATEX_FALSE@pdf-local: @HAVE_SPHINXBUILD_FALSE@pdf-local: -@HAVE_DOCS_FALSE@install-html-local: -@HAVE_SPHINXBUILD_FALSE@install-html-local: +@HAVE_DOCS_FALSE@install-pdf-local: +@HAVE_PDFLATEX_FALSE@install-pdf-local: +@HAVE_SPHINXBUILD_FALSE@install-pdf-local: +@HAVE_DOCS_FALSE@install-info-local: +@HAVE_MAKEINFO_FALSE@install-info-local: +@HAVE_SPHINXBUILD_FALSE@install-info-local: +@HAVE_DOCS_FALSE@html-local: +@HAVE_SPHINXBUILD_FALSE@html-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/doc/configuration.rst new/knot-3.0.5/doc/configuration.rst --- old/knot-3.0.4/doc/configuration.rst 2021-01-20 16:57:23.000000000 +0100 +++ new/knot-3.0.5/doc/configuration.rst 2021-03-25 10:47:21.000000000 +0100 @@ -470,42 +470,35 @@ dnssec-policy: manual To generate signing keys, use the :doc:`keymgr<man_keymgr>` utility. -Let's use the Single-Type Signing scheme with two algorithms. Run: +For example, we can use Single-Type Signing: .. code-block:: console - $ keymgr myzone.test. generate algorithm=ECDSAP256SHA256 - $ keymgr myzone.test. generate algorithm=ED25519 + $ keymgr myzone.test. generate algorithm=ECDSAP256SHA256 ksk=yes zsk=yes And reload the server. The zone will be signed. To perform a manual rollover of a key, the timing parameters of the key need -to be set. Let's roll the RSA key. Generate a new RSA key, but do not activate +to be set. Let's roll the key. Generate a new key, but do not activate it yet: .. code-block:: console - $ keymgr myzone.test. generate algorithm=RSASHA256 size=1024 active=+1d + $ keymgr myzone.test. generate algorithm=ECDSAP256SHA256 ksk=yes zsk=yes active=+1d -Take the key ID (or key tag) of the old RSA key and disable it the same time +Take the key ID (or key tag) of the old key and disable it the same time the new key gets activated: .. code-block:: console - $ keymgr myzone.test. set <old_key_id> retire=+1d remove=+1d + $ keymgr myzone.test. set <old_key_id> retire=+2d remove=+3d Reload the server again. The new key will be published (i.e. the DNSKEY record will be added into the zone). Remember to update the DS record in the -parent zone to include a reference to the new RSA key. This must happen within one +parent zone to include a reference to the new key. This must happen within one day (in this case) including a delay required to propagate the new DS to caches. -Note that as the ``+1d`` time specification is computed from the current time, -the key replacement will not happen at once. First, a new key will be -activated. A few moments later, the old key will be deactivated and removed. -You can use exact time specification to make these two actions happen in one -go. - .. WARNING:: If you ever decide to switch from manual key management to automatic key management, note that the automatic key management uses diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/doc/man/keymgr.8in new/knot-3.0.5/doc/man/keymgr.8in --- old/knot-3.0.4/doc/man/keymgr.8in 2021-01-20 17:01:06.000000000 +0100 +++ new/knot-3.0.5/doc/man/keymgr.8in 2021-03-25 10:48:38.000000000 +0100 @@ -190,7 +190,7 @@ be set concurrently with the \fBksk\fP flag. .TP \fBsep\fP -Overrides the standard setting of the Secure Entry Point flag for the generated key. +Overrides the standard setting of the Secure Entry Point flag. .UNINDENT .sp The following arguments are timestamps of key lifetime (see DNSSEC Key states): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/doc/man/knot.conf.5in new/knot-3.0.5/doc/man/knot.conf.5in --- old/knot-3.0.4/doc/man/knot.conf.5in 2021-01-20 17:01:06.000000000 +0100 +++ new/knot-3.0.5/doc/man/knot.conf.5in 2021-03-25 10:48:38.000000000 +0100 @@ -1362,7 +1362,7 @@ .IP \(bu 2 \fBdelete\-dnssec\fP ??? Publish special CDS and CDNSKEY records indicating turning off DNSSEC. .IP \(bu 2 -\fBrollover\fP ??? Publish CDS and CDNSKEY records only in the submission phase of KSK rollover. +\fBrollover\fP ??? Publish CDS and CDNSKEY records for ready and not yet active KSK (submission phase of KSK rollover). .IP \(bu 2 \fBalways\fP ??? Always publish one CDS and one CDNSKEY records for the current KSK. .IP \(bu 2 @@ -1732,11 +1732,13 @@ \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 -In case of \fBunixtime\fP, if the resulting serial is lower or equal than current zone -(this happens e.g. in case of migrating from other policy or frequent updates) -the serial is incremented instead. -.sp -Use dateserial only if you expect less than 100 updates per day per zone. +If the resulting serial for \fBunixtime\fP or \fBdateserial\fP is lower or equal +than the current serial (this happens e.g. when migrating from other policy or +frequent updates), the serial is incremented instead. +.sp +To avoid user confusion, use \fBdateserial\fP only if you expect at most +100 updates per day per zone and \fBunixtime\fP only if you expect at most +one update per second per zone. .UNINDENT .UNINDENT .sp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/doc/man_keymgr.rst new/knot-3.0.5/doc/man_keymgr.rst --- old/knot-3.0.4/doc/man_keymgr.rst 2021-01-20 16:57:23.000000000 +0100 +++ new/knot-3.0.5/doc/man_keymgr.rst 2021-03-25 08:18:12.000000000 +0100 @@ -163,7 +163,7 @@ be set concurrently with the **ksk** flag. **sep** - Overrides the standard setting of the Secure Entry Point flag for the generated key. + Overrides the standard setting of the Secure Entry Point flag. The following arguments are timestamps of key lifetime (see :ref:`DNSSEC Key states`): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/doc/operation.rst new/knot-3.0.5/doc/operation.rst --- old/knot-3.0.4/doc/operation.rst 2021-01-20 16:57:23.000000000 +0100 +++ new/knot-3.0.5/doc/operation.rst 2021-03-25 10:47:21.000000000 +0100 @@ -992,8 +992,9 @@ Limitations ----------- -Neither configuration file, nor :ref:`Configuration database` is backed up -by those commands. +Neither configuration file nor :ref:`Configuration database` is backed up +by zone backup. The configuration has to be synchronized before zone restore +is performed! If the private keys are stored in a HSM (anything using a PKCS#11 interface), they are not backed up. This includes internal metadata of the PKCS#11 provider diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/doc/reference.rst new/knot-3.0.5/doc/reference.rst --- old/knot-3.0.4/doc/reference.rst 2021-01-20 16:57:23.000000000 +0100 +++ new/knot-3.0.5/doc/reference.rst 2021-03-25 10:47:21.000000000 +0100 @@ -1505,7 +1505,7 @@ - ``none`` ??? Never publish any CDS or CDNSKEY records in the zone. - ``delete-dnssec`` ??? Publish special CDS and CDNSKEY records indicating turning off DNSSEC. -- ``rollover`` ??? Publish CDS and CDNSKEY records only in the submission phase of KSK rollover. +- ``rollover`` ??? Publish CDS and CDNSKEY records for ready and not yet active KSK (submission phase of KSK rollover). - ``always`` ??? Always publish one CDS and one CDNSKEY records for the current KSK. - ``double-ds`` ??? Always publish up to two CDS and two CDNSKEY records for ready and/or active KSKs. @@ -1895,11 +1895,13 @@ 8 digits match the current iso-date. .. NOTE:: - In case of ``unixtime``, if the resulting serial is lower or equal than current zone - (this happens e.g. in case of migrating from other policy or frequent updates) - the serial is incremented instead. - - Use dateserial only if you expect less than 100 updates per day per zone. + If the resulting serial for ``unixtime`` or ``dateserial`` is lower or equal + than the current serial (this happens e.g. when migrating from other policy or + frequent updates), the serial is incremented instead. + + To avoid user confusion, use ``dateserial`` only if you expect at most + 100 updates per day per zone and ``unixtime`` only if you expect at most + one update per second per zone. *Default:* increment diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/samples/Makefile.in new/knot-3.0.5/samples/Makefile.in --- old/knot-3.0.4/samples/Makefile.in 2021-01-20 16:58:36.000000000 +0100 +++ new/knot-3.0.5/samples/Makefile.in 2021-03-25 10:47:53.000000000 +0100 @@ -441,8 +441,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DAEMON_FALSE@install-data-local: @HAVE_DAEMON_FALSE@uninstall-local: +@HAVE_DAEMON_FALSE@install-data-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/ctl/commands.c new/knot-3.0.5/src/knot/ctl/commands.c --- old/knot-3.0.4/src/knot/ctl/commands.c 2021-01-20 16:57:24.000000000 +0100 +++ new/knot-3.0.5/src/knot/ctl/commands.c 2021-03-25 10:47:21.000000000 +0100 @@ -418,6 +418,9 @@ if (args->data[KNOT_CTL_IDX_ZONE] == NULL) { ctx->backup_global = true; ret = global_backup(ctx, &args->server->catalog, NULL); + if (ret != KNOT_EOK) { + zone_backup_deinit(ctx); + } } return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/dnssec/kasp/kasp_db.c new/knot-3.0.5/src/knot/dnssec/kasp/kasp_db.c --- old/knot-3.0.4/src/knot/dnssec/kasp/kasp_db.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/knot/dnssec/kasp/kasp_db.c 2021-03-25 10:47:21.000000000 +0100 @@ -182,6 +182,23 @@ return (EMPTY_LIST(*dst) ? KNOT_ENOENT : KNOT_EOK); } +int kasp_db_get_key_algorithm(knot_lmdb_db_t *db, const knot_dname_t *zone_name, + const char *key_id) +{ + knot_lmdb_txn_t txn = { 0 }; + MDB_val search = make_key_str(KASPDBKEY_PARAMS, zone_name, key_id); + knot_lmdb_begin(db, &txn, false); + int ret = txn.ret == KNOT_EOK ? KNOT_ENOENT : txn.ret; + if (knot_lmdb_find(&txn, &search, KNOT_LMDB_EXACT)) { + key_params_t p = { 0 }; + ret = params_deserialize(&txn.cur_val, &p) ? p.algorithm : KNOT_EMALF; + free(p.public_key.data); + } + knot_lmdb_abort(&txn); + free(search.mv_data); + return ret; +} + static bool keyid_inuse(knot_lmdb_txn_t *txn, const char *key_id, key_params_t **params) { uint8_t pf = KASPDBKEY_PARAMS; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/dnssec/kasp/kasp_db.h new/knot-3.0.5/src/knot/dnssec/kasp/kasp_db.h --- old/knot-3.0.4/src/knot/dnssec/kasp/kasp_db.h 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/knot/dnssec/kasp/kasp_db.h 2021-03-25 08:18:12.000000000 +0100 @@ -44,6 +44,19 @@ int kasp_db_list_keys(knot_lmdb_db_t *db, const knot_dname_t *zone_name, list_t *dst); /*! + * \brief Obtain the algorithm of a key. + * + * \param db KASP db. + * \param zone_name name of the zone + * \param key_id ID of the key in question + * + * \retval KNOT_E* if error + * \return >0 The algorithm of the key. + */ +int kasp_db_get_key_algorithm(knot_lmdb_db_t *db, const knot_dname_t *zone_name, + const char *key_id); + +/*! * \brief Remove a key from zone. Delete the key if no zone has it anymore. * * \param db KASP db diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/dnssec/key-events.c new/knot-3.0.5/src/knot/dnssec/key-events.c --- old/knot-3.0.4/src/knot/dnssec/key-events.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/knot/dnssec/key-events.c 2021-03-25 08:18:12.000000000 +0100 @@ -128,7 +128,8 @@ } // if we already have the policy-last key, we have to generate new one - if (ret == KNOT_ENOENT || key_id_present(ctx, borrow_key, true)) { + if (ret == KNOT_ENOENT || key_id_present(ctx, borrow_key, true) || + kasp_db_get_key_algorithm(ctx->kasp_db, borrow_zone, borrow_key) != (int)ctx->policy->algorithm) { knot_kasp_key_t *key = NULL; ret = kdnssec_generate_key(ctx, flags, &key); if (ret != KNOT_EOK) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/events/handlers/backup.c new/knot-3.0.5/src/knot/events/handlers/backup.c --- old/knot-3.0.4/src/knot/events/handlers/backup.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/knot/events/handlers/backup.c 2021-03-25 08:18:12.000000000 +0100 @@ -26,16 +26,16 @@ { assert(zone); - char *back_dir = strdup(zone->backup_ctx->backup_dir); - if (back_dir == NULL) { - return KNOT_ENOMEM; - } - zone_backup_ctx_t *ctx = zone->backup_ctx; if (ctx == NULL) { - free(back_dir); return KNOT_EINVAL; } + + char *back_dir = strdup(ctx->backup_dir); + if (back_dir == NULL) { + return KNOT_ENOMEM; + } + bool restore = ctx->restore_mode; if (restore) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/events/handlers/load.c new/knot-3.0.5/src/knot/events/handlers/load.c --- old/knot-3.0.4/src/knot/events/handlers/load.c 2021-01-20 16:57:24.000000000 +0100 +++ new/knot-3.0.5/src/knot/events/handlers/load.c 2021-03-25 10:47:21.000000000 +0100 @@ -143,12 +143,15 @@ } // If configured contents=all, but not present, store zonefile. - if (load_from == JOURNAL_CONTENT_ALL && - !zone_in_journal_exists && zf_conts != NULL) { - ret = zone_in_journal_store(conf, zone, zf_conts); + if (load_from == JOURNAL_CONTENT_ALL && !zone_in_journal_exists && + (zf_conts != NULL || old_contents_exist)) { + zone_contents_t *store_c = old_contents_exist ? zone->contents : zf_conts; + ret = zone_in_journal_store(conf, zone, store_c); if (ret != KNOT_EOK) { log_zone_warning(zone->name, "failed to write zone-in-journal (%s)", knot_strerror(ret)); + } else { + zone_in_journal_exists = true; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/journal/journal_read.c new/knot-3.0.5/src/knot/journal/journal_read.c --- old/knot-3.0.4/src/knot/journal/journal_read.c 2021-01-20 16:57:24.000000000 +0100 +++ new/knot-3.0.5/src/knot/journal/journal_read.c 2021-03-25 10:27:48.000000000 +0100 @@ -105,6 +105,11 @@ if (!knot_lmdb_is_prefix_of(&ctx->key_prefix, &ctx->txn.cur_key)) { return false; } + if (ctx->next != journal_next_serial(&ctx->txn.cur_val)) { + // consistency check, see also MR !1270 + ctx->txn.ret = KNOT_EMALF; + return false; + } update_ctx_wire(ctx); } return true; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/journal/journal_write.c new/knot-3.0.5/src/knot/journal/journal_write.c --- old/knot-3.0.4/src/knot/journal/journal_write.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/knot/journal/journal_write.c 2021-03-25 08:18:12.000000000 +0100 @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -68,6 +68,20 @@ journal_write_serialize(txn, ser, &fake_ch, zone_contents_serial(z)); } +static bool delete_one(knot_lmdb_txn_t *txn, bool del_zij, uint32_t del_serial, + const knot_dname_t *zone, uint64_t *freed, uint32_t *next_serial) +{ + *freed = 0; + MDB_val prefix = journal_changeset_id_to_key(del_zij, del_serial, zone); + knot_lmdb_foreach(txn, &prefix) { + *freed += txn->cur_val.mv_size; + *next_serial = journal_next_serial(&txn->cur_val); + knot_lmdb_del_cur(txn); + } + free(prefix.mv_data); + return (*freed > 0); +} + static int merge_cb(bool remove, const knot_rrset_t *rr, void *ctx) { changeset_t *ch = ctx; @@ -90,25 +104,18 @@ *original_serial_to = changeset_to(&merge); } txn->ret = journal_read_rrsets(read, merge_cb, &merge); + + // deleting seems redundant since the merge changeset will be overwritten + // but it would cause EMALF or invalid data if the new merged has less chunks than before + uint32_t del_next_serial; + uint64_t del_freed; + delete_one(txn, merge_zij, merge_serial, j.zone, &del_freed, &del_next_serial); + assert(del_freed > 0 && del_next_serial == *original_serial_to); + journal_write_changeset(txn, &merge); - //knot_rrset_clear(&rr, NULL); journal_read_clear_changeset(&merge); } -static bool delete_one(knot_lmdb_txn_t *txn, bool del_zij, uint32_t del_serial, - const knot_dname_t *zone, uint64_t *freed, uint32_t *next_serial) -{ - *freed = 0; - MDB_val prefix = journal_changeset_id_to_key(del_zij, del_serial, zone); - knot_lmdb_foreach(txn, &prefix) { - *freed += txn->cur_val.mv_size; - *next_serial = journal_next_serial(&txn->cur_val); - knot_lmdb_del_cur(txn); - } - free(prefix.mv_data); - return (*freed > 0); -} - static void delete_merged(knot_lmdb_txn_t *txn, const knot_dname_t *zone, journal_metadata_t *md, uint64_t *freed) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/modules/dnstap/dnstap.c new/knot-3.0.5/src/knot/modules/dnstap/dnstap.c --- old/knot-3.0.4/src/knot/modules/dnstap/dnstap.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/knot/modules/dnstap/dnstap.c 2021-03-25 08:18:12.000000000 +0100 @@ -1,4 +1,4 @@ -/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,6 +15,7 @@ */ #include <netinet/in.h> +#include <sys/socket.h> #include "contrib/dnstap/dnstap.h" #include "contrib/dnstap/dnstap.pb-c.h" @@ -88,12 +89,18 @@ protocol = IPPROTO_UDP; } + /* Try to get the destination address. */ + struct sockaddr_storage dst_addr; + socklen_t dst_addr_len = sizeof(dst_addr); + (void)getsockname(qdata->params->socket, (struct sockaddr *)&dst_addr, + &dst_addr_len); + /* Create a dnstap message. */ Dnstap__Message msg; int ret = dt_message_fill(&msg, msgtype, (const struct sockaddr *)qdata->params->remote, - NULL, /* todo: fill me! */ - protocol, pkt->wire, pkt->size, &tv); + (struct sockaddr *)&dst_addr, protocol, pkt->wire, + pkt->size, &tv); if (ret != KNOT_EOK) { return state; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/server/server.c new/knot-3.0.5/src/knot/server/server.c --- old/knot-3.0.4/src/knot/server/server.c 2021-01-20 16:57:24.000000000 +0100 +++ new/knot-3.0.5/src/knot/server/server.c 2021-03-25 10:47:21.000000000 +0100 @@ -17,6 +17,8 @@ #define __APPLE_USE_RFC_3542 #include <assert.h> +#include <sys/types.h> // OpenBSD +#include <netinet/tcp.h> // TCP_FASTOPEN #include <sys/resource.h> #include "libknot/libknot.h" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/zone/backup.c new/knot-3.0.5/src/knot/zone/backup.c --- old/knot-3.0.4/src/knot/zone/backup.c 2021-01-20 16:57:24.000000000 +0100 +++ new/knot-3.0.5/src/knot/zone/backup.c 2021-03-25 10:47:21.000000000 +0100 @@ -84,15 +84,6 @@ pthread_mutex_init(&ctx->readers_mutex, NULL); - if (!restore_mode) { - int ret = mkdir(backup_dir, 0750); - if (ret == -1 && errno != EEXIST) { - pthread_mutex_destroy(&ctx->readers_mutex); - free(ctx); - return knot_map_errno(); - } - } - char db_dir[backup_dir_len + 16]; (void)snprintf(db_dir, sizeof(db_dir), "%s/keys", backup_dir); knot_lmdb_init(&ctx->bck_kasp_db, db_dir, kasp_db_size, 0, "keys_db"); @@ -324,6 +315,7 @@ } if (ctx->restore_mode) { ret = zone_timers_read(&ctx->bck_timer_db, zone->name, &zone->timers); + zone_timers_sanitize(conf, zone); } else { ret = zone_timers_write(&ctx->bck_timer_db, zone->name, &zone->timers); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/zone/zone.c new/knot-3.0.5/src/knot/zone/zone.c --- old/knot-3.0.4/src/knot/zone/zone.c 2021-01-20 12:45:15.000000000 +0100 +++ new/knot-3.0.5/src/knot/zone/zone.c 2021-03-25 10:47:21.000000000 +0100 @@ -409,6 +409,42 @@ timers->last_refresh + timers->soa_expire <= time(NULL); } +static void time_set_default(time_t *time, time_t value) +{ + assert(time); + + if (*time == 0) { + *time = value; + } +} + +void zone_timers_sanitize(conf_t *conf, zone_t *zone) +{ + assert(conf); + assert(zone); + + time_t now = time(NULL); + + // replace SOA expire if we have better knowledge + if (!zone_contents_is_empty(zone->contents)) { + const knot_rdataset_t *soa = zone_soa(zone); + zone->timers.soa_expire = knot_soa_expire(soa->rdata); + } + + // assume now if we don't know when we flushed + time_set_default(&zone->timers.last_flush, now); + + if (zone_is_slave(conf, zone)) { + // assume now if we don't know + time_set_default(&zone->timers.last_refresh, now); + time_set_default(&zone->timers.next_refresh, now); + } else { + // invalidate if we don't have a master + zone->timers.last_refresh = 0; + zone->timers.next_refresh = 0; + } +} + /*! * \brief Get preferred zone master while checking its existence. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/zone/zone.h new/knot-3.0.5/src/knot/zone/zone.h --- old/knot-3.0.4/src/knot/zone/zone.h 2021-01-20 12:45:15.000000000 +0100 +++ new/knot-3.0.5/src/knot/zone/zone.h 2021-03-25 10:47:21.000000000 +0100 @@ -178,6 +178,11 @@ /*! \brief Check if zone is expired according to timers. */ bool zone_expired(const zone_t *zone); +/*! + * \brief Set default timers for new zones or invalidate if not valid. + */ +void zone_timers_sanitize(conf_t *conf, zone_t *zone); + typedef int (*zone_master_cb)(conf_t *conf, zone_t *zone, const conf_remote_t *remote, void *data); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/knot/zone/zonedb-load.c new/knot-3.0.5/src/knot/zone/zonedb-load.c --- old/knot-3.0.4/src/knot/zone/zonedb-load.c 2021-01-20 16:57:24.000000000 +0100 +++ new/knot-3.0.5/src/knot/zone/zonedb-load.c 2021-03-25 10:47:21.000000000 +0100 @@ -76,48 +76,6 @@ return zone; } -/*! - * \brief Set timer if unset (value is 0). - */ -static void time_set_default(time_t *time, time_t value) -{ - assert(time); - - if (*time == 0) { - *time = value; - } -} - -/*! - * \brief Set default timers for new zones or invalidate if not valid. - */ -static void timers_sanitize(conf_t *conf, zone_t *zone) -{ - assert(conf); - assert(zone); - - time_t now = time(NULL); - - // replace SOA expire if we have better knowledge - if (!zone_contents_is_empty(zone->contents)) { - const knot_rdataset_t *soa = zone_soa(zone); - zone->timers.soa_expire = knot_soa_expire(soa->rdata); - } - - // assume now if we don't know when we flushed - time_set_default(&zone->timers.last_flush, now); - - if (zone_is_slave(conf, zone)) { - // assume now if we don't know - time_set_default(&zone->timers.last_refresh, now); - time_set_default(&zone->timers.next_refresh, now); - } else { - // invalidate if we don't have a master - zone->timers.last_refresh = 0; - zone->timers.next_refresh = 0; - } -} - static zone_t *create_zone_reload(conf_t *conf, const knot_dname_t *name, server_t *server, zone_t *old_zone) { @@ -130,7 +88,7 @@ zone_set_flag(zone, zone_get_flag(old_zone, ZONE_IS_CATALOG | ZONE_IS_CAT_MEMBER, false)); zone->timers = old_zone->timers; - timers_sanitize(conf, zone); + zone_timers_sanitize(conf, zone); bool conf_updated = (old_zone->change_type & CONF_IO_TRELOAD); @@ -165,7 +123,7 @@ return NULL; } - timers_sanitize(conf, zone); + zone_timers_sanitize(conf, zone); if (zone_expired(zone)) { // expired => force bootstrap, no load attempt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/libdnssec/version.h new/knot-3.0.5/src/libdnssec/version.h --- old/knot-3.0.4/src/libdnssec/version.h 2021-01-20 16:59:49.000000000 +0100 +++ new/knot-3.0.5/src/libdnssec/version.h 2021-03-25 10:48:21.000000000 +0100 @@ -18,7 +18,7 @@ #define DNSSEC_VERSION_MAJOR 3 #define DNSSEC_VERSION_MINOR 0 -#define DNSSEC_VERSION_PATCH 0x04 +#define DNSSEC_VERSION_PATCH 0x05 #define DNSSEC_VERSION_HEX ((DNSSEC_VERSION_MAJOR << 16) | \ (DNSSEC_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/libknot/version.h new/knot-3.0.5/src/libknot/version.h --- old/knot-3.0.4/src/libknot/version.h 2021-01-20 16:59:49.000000000 +0100 +++ new/knot-3.0.5/src/libknot/version.h 2021-03-25 10:48:21.000000000 +0100 @@ -18,7 +18,7 @@ #define KNOT_VERSION_MAJOR 3 #define KNOT_VERSION_MINOR 0 -#define KNOT_VERSION_PATCH 0x04 +#define KNOT_VERSION_PATCH 0x05 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \ (KNOT_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/libzscanner/version.h new/knot-3.0.5/src/libzscanner/version.h --- old/knot-3.0.4/src/libzscanner/version.h 2021-01-20 16:59:49.000000000 +0100 +++ new/knot-3.0.5/src/libzscanner/version.h 2021-03-25 10:48:21.000000000 +0100 @@ -18,7 +18,7 @@ #define ZSCANNER_VERSION_MAJOR 3 #define ZSCANNER_VERSION_MINOR 0 -#define ZSCANNER_VERSION_PATCH 0x04 +#define ZSCANNER_VERSION_PATCH 0x05 #define ZSCANNER_VERSION_HEX ((ZSCANNER_VERSION_MAJOR << 16) | \ (ZSCANNER_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/utils/common/https.c new/knot-3.0.5/src/utils/common/https.c --- old/knot-3.0.4/src/utils/common/https.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/utils/common/https.c 2021-03-25 10:47:21.000000000 +0100 @@ -1,4 +1,4 @@ -/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -564,7 +564,7 @@ if (!ctx || !ctx->authority || !ctx->path) { return; } - printf(";; HTTPS session (HTTP/2-%s)-(%s%s)-(status: %lu)\n", + printf(";; HTTP session (HTTP/2-%s)-(%s%s)-(status: %lu)\n", ctx->params.method == POST ? "POST" : "GET", ctx->authority, ctx->path, ctx->status); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/utils/common/netio.c new/knot-3.0.5/src/utils/common/netio.c --- old/knot-3.0.4/src/utils/common/netio.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/utils/common/netio.c 2021-03-25 10:47:21.000000000 +0100 @@ -1,4 +1,4 @@ -/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,6 +20,8 @@ #include <poll.h> #include <stdlib.h> #include <netinet/in.h> +#include <sys/types.h> // OpenBSD +#include <netinet/tcp.h> // TCP_FASTOPEN #include <sys/socket.h> #ifdef HAVE_SYS_UIO_H @@ -240,7 +242,10 @@ */ static int fastopen_connect(int sockfd, const struct addrinfo *srv) { -#if __APPLE__ +#if defined( __FreeBSD__) + const int enable = 1; + return setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN, &enable, sizeof(enable)); +#elif defined(__APPLE__) // connection is performed lazily when first data are sent struct sa_endpoints ep = {0}; ep.sae_dstaddr = srv->ai_addr; @@ -248,7 +253,7 @@ int flags = CONNECT_DATA_IDEMPOTENT|CONNECT_RESUME_ON_READ_WRITE; return connectx(sockfd, &ep, SAE_ASSOCID_ANY, flags, NULL, 0, NULL, NULL); -#elif defined(MSG_FASTOPEN) // Linux with RFC 7413 +#elif defined(__linux__) // connect() will be called implicitly with sendto(), sendmsg() return 0; #else @@ -262,9 +267,9 @@ */ static int fastopen_send(int sockfd, const struct msghdr *msg, int timeout) { -#if __APPLE__ +#if defined(__FreeBSD__) || defined(__APPLE__) return sendmsg(sockfd, msg, 0); -#elif defined(MSG_FASTOPEN) +#elif defined(__linux__) int ret = sendmsg(sockfd, msg, MSG_FASTOPEN); if (ret == -1 && errno == EINPROGRESS) { struct pollfd pfd = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/utils/kdig/kdig_params.c new/knot-3.0.5/src/utils/kdig/kdig_params.c --- old/knot-3.0.4/src/utils/kdig/kdig_params.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/utils/kdig/kdig_params.c 2021-03-25 10:47:21.000000000 +0100 @@ -616,7 +616,7 @@ q->fastopen = true; - return KNOT_EOK; + return opt_tcp(arg, query); } static int opt_nofastopen(const char *arg, void *query) @@ -625,7 +625,7 @@ q->fastopen = false; - return opt_ignore(arg, query); + return KNOT_EOK; } static int opt_tls(const char *arg, void *query) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/utils/keymgr/functions.c new/knot-3.0.5/src/utils/keymgr/functions.c --- old/knot-3.0.4/src/utils/keymgr/functions.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/utils/keymgr/functions.c 2021-03-25 08:18:12.000000000 +0100 @@ -145,7 +145,7 @@ bitmap_set(flags, DNSKEY_GENERATE_KSK, str2bool(argv[i] + 4)); } else if (strncasecmp(argv[i], "zsk=", 4) == 0) { bitmap_set(flags, DNSKEY_GENERATE_ZSK, str2bool(argv[i] + 4)); - } else if (!just_timing && strncasecmp(argv[i], "sep=", 4) == 0) { + } else if (strncasecmp(argv[i], "sep=", 4) == 0) { bitmap_set(flags, DNSKEY_GENERATE_SEP_SPEC, true); bitmap_set(flags, DNSKEY_GENERATE_SEP_ON, str2bool(argv[i] + 4)); } else if (!just_timing && strncasecmp(argv[i], "size=", 5) == 0) { @@ -816,8 +816,14 @@ return ret; } key->timing = temp; - key->is_ksk = (flags & DNSKEY_GENERATE_KSK); - key->is_zsk = (flags & DNSKEY_GENERATE_ZSK); + if (key->is_ksk != (bool)(flags & DNSKEY_GENERATE_KSK) || + key->is_zsk != (bool)(flags & DNSKEY_GENERATE_ZSK) || + flags & DNSKEY_GENERATE_SEP_SPEC) { + normalize_generate_flags(&flags); + key->is_ksk = (flags & DNSKEY_GENERATE_KSK); + key->is_zsk = (flags & DNSKEY_GENERATE_ZSK); + return dnssec_key_set_flags(key->key, dnskey_flags(flags & DNSKEY_GENERATE_SEP_ON)); + } return KNOT_EOK; } return KNOT_EINVAL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/src/utils/kzonecheck/main.c new/knot-3.0.5/src/utils/kzonecheck/main.c --- old/knot-3.0.4/src/utils/kzonecheck/main.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/src/utils/kzonecheck/main.c 2021-03-25 08:18:12.000000000 +0100 @@ -145,6 +145,7 @@ } knot_dname_t *dname = knot_dname_from_str_alloc(zonename); + knot_dname_to_lower(dname); free(zonename); int ret = zone_check(filename, dname, stdout, optional, (time_t)check_time); knot_dname_free(dname, NULL); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/tests/knot/test_journal.c new/knot-3.0.5/tests/knot/test_journal.c --- old/knot-3.0.4/tests/knot/test_journal.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/tests/knot/test_journal.c 2021-03-25 10:47:21.000000000 +0100 @@ -481,6 +481,13 @@ return out; } +static knot_dname_t *tm_owner_int(int x, const knot_dname_t *apex) +{ + char buf[12] = { 0 }; + (void)snprintf(buf, sizeof(buf), "i%d", x); + return tm_owner(buf, apex); +} + static knot_rrset_t * tm_rrs(const knot_dname_t * apex, int x) { static knot_rrset_t * rrsA = NULL; @@ -506,6 +513,27 @@ assert(0); return NULL; } +#define TM_RRS_INT_MAX 1000 + +static knot_rrset_t *tm_rrs_int(const knot_dname_t *apex, int x) +{ + assert(x < TM_RRS_INT_MAX); + static knot_rrset_t *stat_rrs[TM_RRS_INT_MAX] = { 0 }; + + if (apex == NULL) { + for (int i = 0; i < TM_RRS_INT_MAX; i++) { + knot_rrset_free(stat_rrs[i], NULL); + stat_rrs[i] = NULL; + } + return NULL; + } + + if (stat_rrs[x] == NULL) { + stat_rrs[x] = tm_rrset(tm_owner_int(x, apex), rdA); + } + return stat_rrs[x]; +} + int tm_rrcnt(const changeset_t * ch, int flg) { changeset_iter_t it; @@ -524,6 +552,10 @@ { static changeset_t * chsI = NULL, * chsX = NULL, * chsY = NULL; static uint32_t serial = 0; + if (x < 0) { + serial = 0; + return NULL; + } if (apex == NULL) { changeset_free(chsI); @@ -563,6 +595,43 @@ return ret; } +static void tm2_add_all(zone_contents_t *toadd) +{ + assert(toadd != NULL); + for (int i = 1; i < TM_RRS_INT_MAX; i++) { + zone_node_t *unused = NULL; + int ret = zone_contents_add_rr(toadd, tm_rrs_int(toadd->apex->owner, i), &unused); + assert(ret == KNOT_EOK); + } +} + +static zone_contents_t *tm2_zone(const knot_dname_t *apex) +{ + zone_contents_t *z = zone_contents_new(apex, false); + if (z != NULL) { + knot_rrset_t soa; + zone_node_t *unused = NULL; + init_soa(&soa, 1, apex); + int ret = zone_contents_add_rr(z, &soa, &unused); + knot_rrset_clear(&soa, NULL); + assert(ret == KNOT_EOK); + tm2_add_all(z); + } + return z; +} + +static changeset_t *tm2_chs_unzone(const knot_dname_t *apex) +{ + changeset_t *ch = changeset_new(apex); + if (ch != NULL) { + changeset_set_soa_serials(ch, 1, 2, apex); + tm2_add_all(ch->remove); + int ret = changeset_add_addition(ch, tm_rrs_int(apex, 0), 0); + assert(ret == KNOT_EOK); + } + return ch; +} + static int merged_present(void) { bool exists, has_merged; @@ -613,6 +682,33 @@ changesets_free(&l); journal_read_end(read); + // insert large zone-in-journal taking more than one chunk + zone_contents_t *bigz = tm2_zone(apex); + ret = journal_insert_zone(jj, bigz); + zone_contents_deep_free(bigz); + is_int(KNOT_EOK, ret, "journal: insert large zone-in-journal"); + + // insert changeset that will cancel it mostly out + changeset_t *bigz_cancelout = tm2_chs_unzone(apex); + ret = journal_insert(jj, bigz_cancelout, NULL); + changeset_free(bigz_cancelout); + is_int(KNOT_EOK, ret, "journal: insert cancel-out changeset"); + + // now fill up with dumy changesets to enforce merge + tm_chs(apex, -1); + while (changeset_to(tm_chs(apex, 0)) != 2) { } + for (i = 0; i < 400; i++) { + ret = journal_insert(jj, tm_chs(apex, i), NULL); + assert(ret == KNOT_EOK); + } + + // finally: the test case. Reading the journal now must be no EMALF and + // the zone-in-journal must be little + ret = load_j_list(&jj, true, 0, &read, &l); + is_int(KNOT_EOK, ret, "journal: read chunks-shrinked zone-in-journal"); + is_int(4, trie_weight(((changeset_t *)HEAD(l))->add->nodes->trie), "journal: small merged zone-in-journal"); + changesets_free(&l); + journal_read_end(read); ret = journal_scrape_with_md(jj, false); assert(ret == KNOT_EOK); @@ -624,6 +720,7 @@ tm_rrs(NULL, 0); tm_chs(NULL, 0); + tm_rrs_int(NULL, 0); unset_conf(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.0.4/tests-fuzz/knotd_wrap/server.c new/knot-3.0.5/tests-fuzz/knotd_wrap/server.c --- old/knot-3.0.4/tests-fuzz/knotd_wrap/server.c 2021-01-18 11:46:06.000000000 +0100 +++ new/knot-3.0.5/tests-fuzz/knotd_wrap/server.c 2021-03-25 08:18:12.000000000 +0100 @@ -1,4 +1,4 @@ -/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <[email protected]> +/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,8 +20,10 @@ extern void udp_master_init_stdio(server_t *server); -void server_reconfigure(conf_t *conf, server_t *server) +int server_reconfigure(conf_t *conf, server_t *server) { orig_server_reconfigure(conf, server); udp_master_init_stdio(server); + + return KNOT_EOK; }
