Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package knot for openSUSE:Factory checked in at 2023-07-03 17:44:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/knot (Old) and /work/SRC/openSUSE:Factory/.knot.new.13546 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "knot" Mon Jul 3 17:44:04 2023 rev:18 rq:1096498 version:3.2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/knot/knot.changes 2023-06-14 16:32:47.171739416 +0200 +++ /work/SRC/openSUSE:Factory/.knot.new.13546/knot.changes 2023-07-03 17:44:18.413256029 +0200 @@ -1,0 +2,6 @@ +Mon Jun 26 07:33:49 UTC 2023 - Michal Hrusecky <[email protected]> + +- update to version 3.2.8, see: + https://www.knot-dns.cz/2023-06-26-version-328.html + +------------------------------------------------------------------- Old: ---- knot-3.2.7.tar.xz knot-3.2.7.tar.xz.asc New: ---- knot-3.2.8.tar.xz knot-3.2.8.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ knot.spec ++++++ --- /var/tmp/diff_new_pack.QfHP4V/_old 2023-07-03 17:44:19.265261044 +0200 +++ /var/tmp/diff_new_pack.QfHP4V/_new 2023-07-03 17:44:19.269261068 +0200 @@ -35,7 +35,7 @@ %{?systemd_requires} %endif Name: knot -Version: 3.2.7 +Version: 3.2.8 Release: 0 Summary: An authoritative DNS daemon License: GPL-3.0-or-later ++++++ knot-3.2.7.tar.xz -> knot-3.2.8.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/NEWS new/knot-3.2.8/NEWS --- old/knot-3.2.7/NEWS 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/NEWS 2023-06-26 07:44:21.000000000 +0200 @@ -1,3 +1,19 @@ +Knot DNS 3.2.8 (2023-26-06) +=========================== + +Improvements: +------------- + - kdig: malformed messages are parsed and printed using a best-effort approach + - python: new dname from wire initialization + +Bugfixes: +--------- + - knotd: missing outgoing NOTIFY upon refresh if one of more primaries is up-to-date + - knotd: journal loop detection can prevent zone from loading + - knotd: cryptic error message when journal is full #842 + - knotd: failed to query catalog zone over UDP + - configure: libngtcp2 check wrongly requires version 0.13.0 instead of 0.13.1 + Knot DNS 3.2.7 (2023-06-06) =========================== @@ -17,7 +33,7 @@ - kxdpgun: print percentages as floats (Thanks to Petr Å paÄek) - kjournalprint: ability to print a changeset loop - kjournalprint: added changset serials information to '-z -d' output - - packaging: RHEL9 requires libxdp like fedora since RHEL 9.1 #844 + - packaging: RHEL9 requires libxdp like fedora since RHEL 9.2 #844 - doc: various improvements Bugfixes: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/configure new/knot-3.2.8/configure --- old/knot-3.2.7/configure 2023-06-06 07:08:29.000000000 +0200 +++ new/knot-3.2.8/configure 2023-06-26 07:44:27.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for knot 3.2.7. +# Generated by GNU Autoconf 2.69 for knot 3.2.8. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='knot' PACKAGE_TARNAME='knot' -PACKAGE_VERSION='3.2.7' -PACKAGE_STRING='knot 3.2.7' +PACKAGE_VERSION='3.2.8' +PACKAGE_STRING='knot 3.2.8' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1578,7 +1578,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures knot 3.2.7 to adapt to many kinds of systems. +\`configure' configures knot 3.2.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1649,7 +1649,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of knot 3.2.7:";; + short | recursive ) echo "Configuration of knot 3.2.8:";; esac cat <<\_ACEOF @@ -1686,7 +1686,7 @@ --enable-maxminddb=auto|yes|no enable MaxMind DB [default=auto] --enable-quic=auto|yes|no - Support DoQ (needs libngtcp2 = 0.13.0, gnutls >= + Support DoQ (needs libngtcp2 = 0.13.1, gnutls >= 3.7.2) [default=auto] --enable-cap-ng=auto|no enable POSIX capabilities [default=auto] --enable-code-coverage enable code coverage testing with gcov @@ -1898,7 +1898,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -knot configure 3.2.7 +knot configure 3.2.8 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2313,7 +2313,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by knot $as_me 3.2.7, which was +It was created by knot $as_me 3.2.8, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3175,7 +3175,7 @@ # Define the identity of the package. PACKAGE='knot' - VERSION='3.2.7' + VERSION='3.2.8' cat >>confdefs.h <<_ACEOF @@ -4957,7 +4957,7 @@ KNOT_VERSION_MINOR=2 -KNOT_VERSION_PATCH=7 +KNOT_VERSION_PATCH=8 # Store ./configure parameters and CFLAGS @@ -17730,19 +17730,19 @@ auto) : pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" >&5 -$as_echo_n "checking for libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" >&5 +$as_echo_n "checking for libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls... " >&6; } if test -n "$libngtcp2_CFLAGS"; then pkg_cv_libngtcp2_CFLAGS="$libngtcp2_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_libngtcp2_CFLAGS=`$PKG_CONFIG --cflags "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>/dev/null` + pkg_cv_libngtcp2_CFLAGS=`$PKG_CONFIG --cflags "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -17754,12 +17754,12 @@ pkg_cv_libngtcp2_LIBS="$libngtcp2_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_libngtcp2_LIBS=`$PKG_CONFIG --libs "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>/dev/null` + pkg_cv_libngtcp2_LIBS=`$PKG_CONFIG --libs "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -17780,9 +17780,9 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - libngtcp2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>&1` + libngtcp2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>&1` else - libngtcp2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>&1` + libngtcp2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$libngtcp2_PKG_ERRORS" >&5 @@ -17802,19 +17802,19 @@ yes) : pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" >&5 -$as_echo_n "checking for libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" >&5 +$as_echo_n "checking for libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls... " >&6; } if test -n "$libngtcp2_CFLAGS"; then pkg_cv_libngtcp2_CFLAGS="$libngtcp2_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_libngtcp2_CFLAGS=`$PKG_CONFIG --cflags "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>/dev/null` + pkg_cv_libngtcp2_CFLAGS=`$PKG_CONFIG --cflags "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -17826,12 +17826,12 @@ pkg_cv_libngtcp2_LIBS="$libngtcp2_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_libngtcp2_LIBS=`$PKG_CONFIG --libs "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>/dev/null` + pkg_cv_libngtcp2_LIBS=`$PKG_CONFIG --libs "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes @@ -17852,9 +17852,9 @@ _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - libngtcp2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>&1` + libngtcp2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>&1` else - libngtcp2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls" 2>&1` + libngtcp2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$libngtcp2_PKG_ERRORS" >&5 @@ -20375,7 +20375,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by knot $as_me 3.2.7, which was +This file was extended by knot $as_me 3.2.8, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20441,7 +20441,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -knot config.status 3.2.7 +knot config.status 3.2.8 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/configure.ac new/knot-3.2.8/configure.ac --- old/knot-3.2.7/configure.ac 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/configure.ac 2023-06-26 07:44:21.000000000 +0200 @@ -2,7 +2,7 @@ m4_define([knot_VERSION_MAJOR], 3)dnl m4_define([knot_VERSION_MINOR], 2)dnl -m4_define([knot_VERSION_PATCH], 7)dnl Leave empty if the master branch! +m4_define([knot_VERSION_PATCH], 8)dnl Leave empty if the master branch! m4_include([m4/knot-version.m4]) AC_INIT([knot], [knot_PKG_VERSION], [[email protected]]) @@ -571,12 +571,12 @@ # QUIC support AC_ARG_ENABLE([quic], - AS_HELP_STRING([--enable-quic=auto|yes|no], [Support DoQ (needs libngtcp2 = 0.13.0, gnutls >= 3.7.2) [default=auto]]), + AS_HELP_STRING([--enable-quic=auto|yes|no], [Support DoQ (needs libngtcp2 = 0.13.1, gnutls >= 3.7.2) [default=auto]]), [], [enable_quic=auto]) AS_CASE([$enable_quic], - [auto], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls], [enable_quic=yes], [enable_quic=no])], - [yes], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 = 0.13.0 libngtcp2_crypto_gnutls], [enable_quic=yes], + [auto], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls], [enable_quic=yes], [enable_quic=no])], + [yes], [PKG_CHECK_MODULES([libngtcp2], [libngtcp2 = 0.13.1 libngtcp2_crypto_gnutls], [enable_quic=yes], AS_IF([test "$gnutls_quic" = "yes"], [enable_quic=embedded embedded_libngtcp2_CFLAGS="-I\$(top_srcdir)/src/contrib/libngtcp2 -I\$(top_srcdir)/src/contrib/libngtcp2/ngtcp2/lib" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/doc/Makefile.in new/knot-3.2.8/doc/Makefile.in --- old/knot-3.2.7/doc/Makefile.in 2023-06-06 07:08:31.000000000 +0200 +++ new/knot-3.2.8/doc/Makefile.in 2023-06-26 07:44:28.000000000 +0200 @@ -716,22 +716,22 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DOCS_FALSE@info-local: -@HAVE_MAKEINFO_FALSE@info-local: -@HAVE_SPHINXBUILD_FALSE@info-local: @HAVE_DOCS_FALSE@install-html-local: @HAVE_SPHINXBUILD_FALSE@install-html-local: -@HAVE_DOCS_FALSE@install-pdf-local: -@HAVE_PDFLATEX_FALSE@install-pdf-local: -@HAVE_SPHINXBUILD_FALSE@install-pdf-local: @HAVE_DOCS_FALSE@pdf-local: @HAVE_PDFLATEX_FALSE@pdf-local: @HAVE_SPHINXBUILD_FALSE@pdf-local: -@HAVE_DOCS_FALSE@html-local: -@HAVE_SPHINXBUILD_FALSE@html-local: +@HAVE_DOCS_FALSE@install-pdf-local: +@HAVE_PDFLATEX_FALSE@install-pdf-local: +@HAVE_SPHINXBUILD_FALSE@install-pdf-local: @HAVE_DOCS_FALSE@install-info-local: @HAVE_MAKEINFO_FALSE@install-info-local: @HAVE_SPHINXBUILD_FALSE@install-info-local: +@HAVE_DOCS_FALSE@html-local: +@HAVE_SPHINXBUILD_FALSE@html-local: +@HAVE_DOCS_FALSE@info-local: +@HAVE_MAKEINFO_FALSE@info-local: +@HAVE_SPHINXBUILD_FALSE@info-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/doc/configuration.rst new/knot-3.2.8/doc/configuration.rst --- old/knot-3.2.7/doc/configuration.rst 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/doc/configuration.rst 2023-06-19 10:39:15.000000000 +0200 @@ -606,10 +606,10 @@ It can be configured using all the standard options (but for example DNSSEC signing is useless as the zone won't be queried by clients), including primary/secondary configuration and ACLs. A catalog zone is indicated by setting the option -:ref:`zone_catalog-role`. The difference is that standard DNS -queries to a catalog zone are answered with REFUSED as though the zone -doesn't exist, unless querying over TCP from an address with transfers enabled -by ACL. The name of the catalog zone is arbitrary. It's possible to configure +:ref:`zone_catalog-role`. Standard DNS queries to a catalog zone are answered +with REFUSED as though the zone doesn't exist unless there is a matching ACL +rule for action transfer configured. +The name of the catalog zone is arbitrary. It's possible to configure multiple catalog zones. .. WARNING:: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/doc/man/knot.conf.5in new/knot-3.2.8/doc/man/knot.conf.5in --- old/knot-3.2.7/doc/man/knot.conf.5in 2023-06-06 07:08:45.000000000 +0200 +++ new/knot-3.2.8/doc/man/knot.conf.5in 2023-06-26 07:44:42.000000000 +0200 @@ -103,6 +103,10 @@ .sp If an item value contains spaces or other special characters, it is necessary to enclose such a value within double quotes \fB"\fP \fB"\fP\&. +.sp +If not specified otherwise, an item representing a file or a directory path may +be defined either as an absolute path (starting with \fB/\fP), or a path relative +to the same directory as the default value of the item. .SH COMMENTS .sp A comment begins with a \fB#\fP character and is ignored during processing. @@ -250,7 +254,8 @@ \fIDefault:\fP FQDN hostname at the moment of the daemon start .SS rundir .sp -A path for storing run\-time data (PID file, unix sockets, etc.). +A path for storing run\-time data (PID file, unix sockets, etc.). A non\-absolute +path is relative to the knotd startup directory. .sp Depending on the usage of this parameter, its change may require restart of the Knot server to take effect. @@ -267,7 +272,7 @@ \fIDefault:\fP \fBroot:root\fP .SS pidfile .sp -A PID file location. +A PID file \fI\%location\fP\&. .sp Change of this parameter requires restart of the Knot server to take effect. .sp @@ -479,6 +484,8 @@ .SS key\-file .sp Path to a server key PEM file which is used for DNS over QUIC communication. +A non\-absolute path of a user specified key file is relative to the +\fB@config_dir@\fP directory. .sp Change of this parameter requires restart of the Knot server to take effect. .sp @@ -486,6 +493,7 @@ .SS cert\-file .sp Path to a server certificate PEM file which is used for DNS over QUIC communication. +A non\-absolute path is relative to the \fB@config_dir@\fP directory. .sp Change of this parameter requires restart of the Knot server to take effect. .sp @@ -790,7 +798,8 @@ .UNINDENT .SS listen .sp -A UNIX socket path where the server listens for control commands. +A UNIX socket \fI\%path\fP where the server listens for +control commands. .sp \fIDefault:\fP \fI\%rundir\fP\fB/knot.sock\fP .SS timeout @@ -858,6 +867,9 @@ With \fBsyslog\fP target, syslog service is used. However, if Knot DNS has been compiled with systemd support and operating system has been booted with systemd, systemd journal is used for logging instead of syslog. +.sp +A \fIfile_name\fP may be specified as an absolute path or a path relative to the +knotd startup directory. .SS server .sp Minimum severity level for messages related to general operation of the server to be @@ -903,7 +915,7 @@ \fIDefault:\fP not set .SS file .sp -A file path of statistics output in the YAML format. +A file \fI\%path\fP of statistics output in the YAML format. .sp \fIDefault:\fP \fI\%rundir\fP\fB/stats.yaml\fP .SS append @@ -937,14 +949,14 @@ .UNINDENT .SS storage .sp -A data directory for storing journal, KASP, and timer databases. +A data directory for storing journal, KASP, and timer databases. A non\-absolute +path is relative to the knotd startup directory. .sp \fIDefault:\fP \fB${localstatedir}/lib/knot\fP (configured with \fB\-\-with\-storage=path\fP) .SS journal\-db .sp -An explicit specification of the persistent journal database directory. -Non\-absolute path (i.e. not starting with \fB/\fP) is relative to -\fI\%storage\fP\&. +An explicit \fI\%specification\fP of the persistent journal database +directory. .sp \fIDefault:\fP \fI\%storage\fP\fB/journal\fP .SS journal\-db\-mode @@ -987,9 +999,7 @@ \fIDefault:\fP \fB20G\fP (20 GiB), or \fB512M\fP (512 MiB) for 32\-bit .SS kasp\-db .sp -An explicit specification of the KASP database directory. -Non\-absolute path (i.e. not starting with \fB/\fP) is relative to -\fI\%storage\fP\&. +An explicit \fI\%specification\fP of the KASP database directory. .sp \fIDefault:\fP \fI\%storage\fP\fB/keys\fP .SS kasp\-db\-max\-size @@ -1006,9 +1016,8 @@ \fIDefault:\fP \fB500M\fP (500 MiB) .SS timer\-db .sp -An explicit specification of the persistent timer database directory. -Non\-absolute path (i.e. not starting with \fB/\fP) is relative to -\fI\%storage\fP\&. +An explicit \fI\%specification\fP of the persistent timer +database directory. .sp \fIDefault:\fP \fI\%storage\fP\fB/timers\fP .SS timer\-db\-max\-size @@ -1025,10 +1034,8 @@ \fIDefault:\fP \fB100M\fP (100 MiB) .SS catalog\-db .sp -An explicit specification of the zone catalog database directory. -Only useful if catalog\-zones are enabled. -Non\-absolute path (i.e. not starting with \fB/\fP) is relative to -\fI\%storage\fP\&. +An explicit \fI\%specification\fP of the zone catalog +database directory. Only useful if catalog\-zones are enabled. .sp \fIDefault:\fP \fI\%storage\fP\fB/catalog\fP .SS catalog\-db\-max\-size @@ -2047,14 +2054,14 @@ \fIDefault:\fP not set or \fBdefault\fP (if the template exists) .SS storage .sp -A data directory for storing zone files. +A data directory for storing zone files. A non\-absolute path is relative to +the knotd startup directory. .sp \fIDefault:\fP \fB${localstatedir}/lib/knot\fP (configured with \fB\-\-with\-storage=path\fP) .SS file .sp -A path to the zone file. Non\-absolute path (i.e. not starting with \fB/\fP) is -relative to \fI\%storage\fP\&. -It is also possible to use the following formatters: +A \fI\%path\fP to the zone file. It is also possible to use +the following formatters: .INDENT 0.0 .IP \(bu 2 \fB%c[\fP\fIN\fP\fB]\fP or \fB%c[\fP\fIN\fP\fB\-\fP\fIM\fP\fB]\fP â Means the \fIN\fPth @@ -2316,8 +2323,6 @@ except for \fI\%signing\-threads\fP option, which specifies the number of threads for parallel validation. .sp -\fIDefault:\fP not set -.sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 @@ -2326,18 +2331,20 @@ This mode is not compatible with \fI\%dnssec\-signing\fP\&. .UNINDENT .UNINDENT +.sp +\fIDefault:\fP not set .SS dnssec\-policy .sp A \fI\%reference\fP to DNSSEC signing policy. .sp -\fIDefault:\fP an imaginary policy with all default values -.sp \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 A configured policy called "default" won\(aqt be used unless explicitly referenced. .UNINDENT .UNINDENT +.sp +\fIDefault:\fP an imaginary policy with all default values .SS ds\-push .sp Per zone configuration of \fI\%ds\-push\fP\&. This option overrides possible diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/doc/reference.rst new/knot-3.2.8/doc/reference.rst --- old/knot-3.2.7/doc/reference.rst 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/doc/reference.rst 2023-06-26 07:44:21.000000000 +0200 @@ -53,6 +53,12 @@ If an item value contains spaces or other special characters, it is necessary to enclose such a value within double quotes ``"`` ``"``. +.. _default_paths: + +If not specified otherwise, an item representing a file or a directory path may +be defined either as an absolute path (starting with ``/``), or a path relative +to the same directory as the default value of the item. + .. _Comments: Comments @@ -213,7 +219,8 @@ rundir ------ -A path for storing run-time data (PID file, unix sockets, etc.). +A path for storing run-time data (PID file, unix sockets, etc.). A non-absolute +path is relative to the :doc:`knotd<man_knotd>` startup directory. Depending on the usage of this parameter, its change may require restart of the Knot server to take effect. @@ -238,7 +245,7 @@ pidfile ------- -A PID file location. +A PID file :ref:`location<default_paths>`. Change of this parameter requires restart of the Knot server to take effect. @@ -515,6 +522,8 @@ -------- Path to a server key PEM file which is used for DNS over QUIC communication. +A non-absolute path of a user specified key file is relative to the +:file:`@config_dir@` directory. Change of this parameter requires restart of the Knot server to take effect. @@ -526,6 +535,7 @@ --------- Path to a server certificate PEM file which is used for DNS over QUIC communication. +A non-absolute path is relative to the :file:`@config_dir@` directory. Change of this parameter requires restart of the Knot server to take effect. @@ -869,7 +879,8 @@ listen ------ -A UNIX socket path where the server listens for control commands. +A UNIX socket :ref:`path<default_paths>` where the server listens for +control commands. *Default:* :ref:`rundir<server_rundir>`\ ``/knot.sock`` @@ -932,6 +943,9 @@ with systemd support and operating system has been booted with systemd, systemd journal is used for logging instead of syslog. +A *file_name* may be specified as an absolute path or a path relative to the +:doc:`knotd<man_knotd>` startup directory. + .. _log_server: server @@ -998,7 +1012,7 @@ file ---- -A file path of statistics output in the YAML format. +A file :ref:`path<default_paths>` of statistics output in the YAML format. *Default:* :ref:`rundir<server_rundir>`\ ``/stats.yaml`` @@ -1038,7 +1052,8 @@ storage ------- -A data directory for storing journal, KASP, and timer databases. +A data directory for storing journal, KASP, and timer databases. A non-absolute +path is relative to the :doc:`knotd<man_knotd>` startup directory. *Default:* ``${localstatedir}/lib/knot`` (configured with ``--with-storage=path``) @@ -1047,9 +1062,8 @@ journal-db ---------- -An explicit specification of the persistent journal database directory. -Non-absolute path (i.e. not starting with ``/``) is relative to -:ref:`storage<database_storage>`. +An explicit :ref:`specification<default_paths>` of the persistent journal database +directory. *Default:* :ref:`storage<database_storage>`\ ``/journal`` @@ -1097,9 +1111,7 @@ kasp-db ------- -An explicit specification of the KASP database directory. -Non-absolute path (i.e. not starting with ``/``) is relative to -:ref:`storage<database_storage>`. +An explicit :ref:`specification<default_paths>` of the KASP database directory. *Default:* :ref:`storage<database_storage>`\ ``/keys`` @@ -1120,9 +1132,8 @@ timer-db -------- -An explicit specification of the persistent timer database directory. -Non-absolute path (i.e. not starting with ``/``) is relative to -:ref:`storage<database_storage>`. +An explicit :ref:`specification<default_paths>` of the persistent timer +database directory. *Default:* :ref:`storage<database_storage>`\ ``/timers`` @@ -1143,10 +1154,8 @@ catalog-db ---------- -An explicit specification of the zone catalog database directory. -Only useful if :ref:`catalog-zones` are enabled. -Non-absolute path (i.e. not starting with ``/``) is relative to -:ref:`storage<database_storage>`. +An explicit :ref:`specification<default_paths>` of the zone catalog +database directory. Only useful if :ref:`catalog-zones` are enabled. *Default:* :ref:`storage<database_storage>`\ ``/catalog`` @@ -2242,7 +2251,8 @@ storage ------- -A data directory for storing zone files. +A data directory for storing zone files. A non-absolute path is relative to +the :doc:`knotd<man_knotd>` startup directory. *Default:* ``${localstatedir}/lib/knot`` (configured with ``--with-storage=path``) @@ -2251,9 +2261,8 @@ file ---- -A path to the zone file. Non-absolute path (i.e. not starting with ``/``) is -relative to :ref:`storage<zone_storage>`. -It is also possible to use the following formatters: +A :ref:`path<default_paths>` to the zone file. It is also possible to use +the following formatters: - ``%c[``\ *N*\ ``]`` or ``%c[``\ *N*\ ``-``\ *M*\ ``]`` â Means the *N*\ th character or a sequence of characters beginning from the *N*\ th and ending @@ -2527,14 +2536,14 @@ except for :ref:`policy_signing-threads` option, which specifies the number of threads for parallel validation. -*Default:* not set - .. NOTE:: Redundant or garbage NSEC3 records are ignored. This mode is not compatible with :ref:`zone_dnssec-signing`. +*Default:* not set + .. _zone_dnssec-policy: dnssec-policy @@ -2542,11 +2551,11 @@ A :ref:`reference<policy_id>` to DNSSEC signing policy. -*Default:* an imaginary policy with all default values - .. NOTE:: A configured policy called "default" won't be used unless explicitly referenced. +*Default:* an imaginary policy with all default values + .. _zone_ds-push: ds-push diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/m4/knot-version.m4 new/knot-3.2.8/m4/knot-version.m4 --- old/knot-3.2.7/m4/knot-version.m4 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/m4/knot-version.m4 2023-06-22 07:40:50.000000000 +0200 @@ -1,23 +1,25 @@ ################################################################################ # Knot DNS versions are as follows # -# <MAJOR>.<MINOR>.dev[.<TIMESTAMP>.<HASH>] Build from the master branch -# <MAJOR>.<MINOR>.<PATCH>[.<TIMESTAMP>.<HASH>] Build from a feature branch +# <MAJOR>.<MINOR>.dev0[+<TIMESTAMP>.<HASH>] Build from the master branch +# <MAJOR>.<MINOR>.<PATCH>[+<TIMESTAMP>.<HASH>] Build from a feature branch # # To force release version format set env variable KNOT_VERSION_FORMAT=release # # If the repository is not available or if HEAD is tagged, # the optional part is missing! # -# Example: 2.7.dev.1521027664.5e69ccc +# Examples: 3.3.dev0+1687250983.9ae4e3fc9 +# 3.2.7+1687164540.b00fbe32f +# 3.2.7 ################################################################################ -m4_define([knot_PATCH], m4_ifblank(knot_VERSION_PATCH, [dev], knot_VERSION_PATCH))dnl +m4_define([knot_PATCH], m4_ifblank(knot_VERSION_PATCH, [dev0], knot_VERSION_PATCH))dnl m4_define([knot_GIT_HASH], m4_esyscmd_s(git rev-parse --short HEAD 2>/dev/null))dnl m4_define([knot_GIT_TAG], m4_esyscmd_s(git describe --exact-match 2>/dev/null))dnl -m4_define([knot_TIMESTAMP], m4_esyscmd_s(date -u +'%s' 2>/dev/null))dnl +m4_define([knot_GIT_TIME], m4_esyscmd_s(git show -s --format=%ct 2>/dev/null))dnl m4_define([knot_GIT_OK], m4_case(m4_esyscmd_s(echo $KNOT_VERSION_FORMAT 2>/dev/null), release, [], knot_GIT_HASH))dnl -m4_define([knot_GIT_INFO], m4_ifblank(knot_GIT_TAG, m4_ifnblank(knot_GIT_OK, .knot_TIMESTAMP.knot_GIT_HASH, []), []))dnl +m4_define([knot_GIT_INFO], m4_ifblank(knot_GIT_TAG, m4_ifnblank(knot_GIT_OK, +knot_GIT_TIME.knot_GIT_HASH, []), []))dnl m4_define([knot_PKG_VERSION], [knot_VERSION_MAJOR.knot_VERSION_MINOR.knot_PATCH]knot_GIT_INFO)dnl diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/python/README.md new/knot-3.2.8/python/README.md --- old/knot-3.2.7/python/README.md 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/python/README.md 2023-06-26 07:44:21.000000000 +0200 @@ -134,14 +134,18 @@ ```python3 import libknot.dname -dname = libknot.dname.KnotDname("e\\120ample.c\om.") -print(dname.size() -print(dname.str()) -print(dname.wire()) +dname1 = libknot.dname.KnotDname("knot-dns.cz") +print("%s: wire: %s size: %u" % (dname1.str(), dname1.wire(), dname1.size())) + +dname2 = libknot.dname.KnotDname("e\\120ample.c\om.") +print("%s: wire: %s size: %u" % (dname2.str(), dname2.wire(), dname2.size())) + +dname3 = libknot.dname.KnotDname(dname_wire=b'\x02cz\x00') +print("%s: wire: %s size: %u" % (dname3.str(), dname3.wire(), dname3.size())) ``` ```bash -13 -example.com. -b'\x07example\x03com\x00' +knot-dns.cz.: wire: b'\x08knot-dns\x02cz\x00' size: 13 +example.com.: wire: b'\x07example\x03com\x00' size: 13 +cz.: wire: b'\x02cz\x00' size: 4 ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/python/libknot/dname.py new/knot-3.2.8/python/libknot/dname.py --- old/knot-3.2.7/python/libknot/dname.py 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/python/libknot/dname.py 2023-06-26 07:44:21.000000000 +0200 @@ -14,13 +14,14 @@ DnameTxtStorage = ctypes.c_char * CAPACITY_TXT SIZE = None + CHECK = None TO_STR = None FROM_STR = None data = None - def __init__(self, dname: str = None) -> None: - """Initializes a dname storage. Optionally initializes from a string.""" + def __init__(self, dname_str: str = None, dname_wire: bytes = None) -> None: + """Initializes a dname storage. Optionally initializes from a string or wire.""" if not KnotDname.SIZE: libknot.Knot() @@ -29,6 +30,10 @@ KnotDname.SIZE.restype = ctypes.c_size_t KnotDname.SIZE.argtypes = [KnotDname.DnameStorage] + KnotDname.CHECK = libknot.Knot.LIBKNOT.knot_dname_wire_check + KnotDname.CHECK.restype = ctypes.c_int + KnotDname.CHECK.argtypes = [ctypes.c_char_p, ctypes.c_char_p, ctypes.c_char_p] + KnotDname.TO_STR = libknot.Knot.LIBKNOT.knot_dname_to_str KnotDname.TO_STR.restype = ctypes.c_char_p KnotDname.TO_STR.argtypes = [KnotDname.DnameTxtStorage, KnotDname.DnameStorage, ctypes.c_size_t] @@ -37,9 +42,19 @@ KnotDname.FROM_STR.restype = ctypes.c_char_p KnotDname.FROM_STR.argtypes = [KnotDname.DnameStorage, ctypes.c_char_p, ctypes.c_size_t] - if dname: + if dname_str: + self.data = KnotDname.DnameStorage() + if not KnotDname.FROM_STR(self.data, dname_str.encode('utf-8'), KnotDname.CAPACITY): + raise ValueError + elif dname_wire: + size = len(dname_wire) + if size > KnotDname.CAPACITY: + raise ValueError self.data = KnotDname.DnameStorage() - if not KnotDname.FROM_STR(self.data, dname.encode('utf-8'), KnotDname.CAPACITY): + ctypes.memmove(self.data, dname_wire, size) + start = ctypes.cast(self.data, ctypes.POINTER(ctypes.c_char * size))[0] + end = ctypes.cast(self.data, ctypes.POINTER(ctypes.c_char * size))[1] + if KnotDname.CHECK(start, end, start) <= 0: raise ValueError def size(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/samples/Makefile.in new/knot-3.2.8/samples/Makefile.in --- old/knot-3.2.7/samples/Makefile.in 2023-06-06 07:08:31.000000000 +0200 +++ new/knot-3.2.8/samples/Makefile.in 2023-06-26 07:44:28.000000000 +0200 @@ -448,8 +448,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DAEMON_FALSE@uninstall-local: @HAVE_DAEMON_FALSE@install-data-local: +@HAVE_DAEMON_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/ctl/commands.c new/knot-3.2.8/src/knot/ctl/commands.c --- old/knot-3.2.7/src/knot/ctl/commands.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/ctl/commands.c 2023-06-22 07:40:50.000000000 +0200 @@ -1361,7 +1361,7 @@ knot_dname_txt_storage_t catz_str; (void)knot_dname_to_str(catz_str, catz, sizeof(catz_str)); - log_zone_info(member, "member of a non-%s zone %s", + log_zone_info(member, "member of a non-%s zone %s, purging", err_str, catz_str); // Single-purpose fake zone_t containing only minimal data. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/events/handlers/refresh.c new/knot-3.2.8/src/knot/events/handlers/refresh.c --- old/knot-3.2.7/src/knot/events/handlers/refresh.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/events/handlers/refresh.c 2023-06-22 07:40:50.000000000 +0200 @@ -353,7 +353,7 @@ if (dnssec_enable) { zone_sign_reschedule_t resch = { 0 }; ret = knot_dnssec_zone_sign(&up, data->conf, ZONE_SIGN_KEEP_SERIAL, KEY_ROLL_ALLOW_ALL, 0, &resch); - event_dnssec_reschedule(data->conf, data->zone, &resch, true); + event_dnssec_reschedule(data->conf, data->zone, &resch, false); } else if (digest_alg != ZONE_DIGEST_NONE) { assert(zone_update_to(&up) != NULL); ret = zone_update_add_digest(&up, digest_alg, false); @@ -1076,7 +1076,7 @@ } else { REFRESH_LOG(LOG_INFO, data, LOG_DIRECTION_NONE, "remote serial %u, remote is outdated", remote_serial); - return KNOT_STATE_FAIL; + return KNOT_STATE_DONE; } } @@ -1265,6 +1265,7 @@ bool force_axfr; bool send_notify; bool ixfr_by_one; + bool more_xfr; } try_refresh_ctx_t; static int try_refresh(conf_t *conf, zone_t *zone, const conf_remote_t *master, @@ -1339,9 +1340,9 @@ knot_requestor_clear(&requestor); if (ret == KNOT_EOK) { - trctx->send_notify = data.updated && !master->block_notify_after_xfr; + trctx->send_notify = trctx->send_notify || (data.updated && !master->block_notify_after_xfr); trctx->force_axfr = false; - trctx->ixfr_by_one = data.updated && data.ixfr_by_one && data.xfr_type == XFR_TYPE_IXFR; + trctx->more_xfr = trctx->more_xfr || (data.updated && data.ixfr_by_one && data.xfr_type == XFR_TYPE_IXFR); } return ret; @@ -1399,7 +1400,7 @@ if (trctx.send_notify) { zone_schedule_notify(zone, 1); } - if (trctx.ixfr_by_one && ret == KNOT_EOK) { + if (trctx.more_xfr && ret == KNOT_EOK) { zone_events_schedule_now(zone, ZONE_EVENT_REFRESH); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/journal/journal_read.c new/knot-3.2.8/src/knot/journal/journal_read.c --- old/knot-3.2.7/src/knot/journal/journal_read.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/journal/journal_read.c 2023-06-19 10:39:15.000000000 +0200 @@ -88,7 +88,10 @@ journal_metadata_t md = { 0 }; journal_load_metadata(&newctx->txn, newctx->zone, &md); - newctx->changesets_total = md.changeset_count + (read_zone ? 1 : 0); + newctx->changesets_total = md.changeset_count; + if (read_zone || ((md.flags & JOURNAL_MERGED_SERIAL_VALID) && serial_from == md.merged_serial)) { + newctx->changesets_total++; + } if (go_next_changeset(newctx, read_zone, j.zone)) { *ctx = newctx; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/journal/journal_write.c new/knot-3.2.8/src/knot/journal/journal_write.c --- old/knot-3.2.7/src/knot/journal/journal_write.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/journal/journal_write.c 2023-06-19 10:39:15.000000000 +0200 @@ -128,7 +128,10 @@ uint32_t del_next_serial; uint64_t del_freed; delete_one(txn, merge_zij, merge_serial, j.zone, &del_freed, &del_next_serial); - assert(del_freed > 0 && del_next_serial == *original_serial_to); + if (txn->ret == KNOT_EOK) { + assert(del_freed > 0); + assert(del_next_serial == *original_serial_to); + } journal_write_changeset(txn, &merge); journal_read_clear_changeset(&merge); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/modules/dnstap/dnstap.rst new/knot-3.2.8/src/knot/modules/dnstap/dnstap.rst --- old/knot-3.2.7/src/knot/modules/dnstap/dnstap.rst 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/modules/dnstap/dnstap.rst 2023-06-26 07:44:21.000000000 +0200 @@ -61,7 +61,8 @@ .... A sink path, which can be either a file or a UNIX socket when prefixed with -``unix:``. +``unix:``. The file may be specified as an absolute path or a path relative +to the :doc:`knotd<man_knotd>` startup directory. *Required* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/modules/geoip/geoip.rst new/knot-3.2.8/src/knot/modules/geoip/geoip.rst --- old/knot-3.2.7/src/knot/modules/geoip/geoip.rst 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/modules/geoip/geoip.rst 2023-06-26 07:44:21.000000000 +0200 @@ -225,7 +225,8 @@ config-file ........... -Full path to the response configuration file as described above. +A path to the response configuration file as described above. A non-absolute +path is relative to the :doc:`knotd<man_knotd>` startup directory. *Required* @@ -287,7 +288,8 @@ geodb-file .......... -Full path to a .mmdb file containing the GeoIP database. +A path to a .mmdb file containing the GeoIP database. A non-absolute +path is relative to the :doc:`knotd<man_knotd>` startup directory. *Required if* :ref:`mod-geoip_mode` *is set to* **geodb** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/modules/probe/probe.rst new/knot-3.2.8/src/knot/modules/probe/probe.rst --- old/knot-3.2.7/src/knot/modules/probe/probe.rst 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/modules/probe/probe.rst 2023-06-26 07:44:21.000000000 +0200 @@ -58,7 +58,8 @@ path .... -A directory path the UNIX sockets are located. +A directory path where the UNIX sockets are located. A non-absolute path is +relative to the :doc:`knotd<man_knotd>` startup directory. .. NOTE:: It's recommended to use a directory with the execute permission restricted diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/nameserver/process_query.c new/knot-3.2.8/src/knot/nameserver/process_query.c --- old/knot-3.2.7/src/knot/nameserver/process_query.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/nameserver/process_query.c 2023-06-22 07:40:50.000000000 +0200 @@ -473,11 +473,10 @@ qdata->extra->contents = qdata->extra->zone->contents; } - /* Allow normal queries to catalog only if not UDP and if allowed by ACL. */ + /* Allow normal queries to catalog only if allowed by ACL. */ if (qdata->extra->zone != NULL && qdata->extra->zone->is_catalog_flag && query_type(query) == KNOTD_QUERY_TYPE_NORMAL) { - if (qdata->params->proto == KNOTD_QUERY_PROTO_UDP || - !process_query_acl_check(conf(), ACL_ACTION_TRANSFER, qdata)) { + if (!process_query_acl_check(conf(), ACL_ACTION_TRANSFER, qdata)) { qdata->extra->zone = NULL; qdata->extra->contents = NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/knot/updates/zone-update.c new/knot-3.2.8/src/knot/updates/zone-update.c --- old/knot-3.2.7/src/knot/updates/zone-update.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/knot/updates/zone-update.c 2023-06-22 07:40:50.000000000 +0200 @@ -987,6 +987,7 @@ ret = commit_journal(conf, update); if (ret != KNOT_EOK) { + log_zone_error(update->zone->name, "journal update failed (%s)", knot_strerror(ret)); discard_adds_tree(update); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/libdnssec/version.h new/knot-3.2.8/src/libdnssec/version.h --- old/knot-3.2.7/src/libdnssec/version.h 2023-06-06 07:08:38.000000000 +0200 +++ new/knot-3.2.8/src/libdnssec/version.h 2023-06-26 07:44:35.000000000 +0200 @@ -18,7 +18,7 @@ #define DNSSEC_VERSION_MAJOR 3 #define DNSSEC_VERSION_MINOR 2 -#define DNSSEC_VERSION_PATCH 0x07 +#define DNSSEC_VERSION_PATCH 0x08 #define DNSSEC_VERSION_HEX ((DNSSEC_VERSION_MAJOR << 16) | \ (DNSSEC_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/libknot/version.h new/knot-3.2.8/src/libknot/version.h --- old/knot-3.2.7/src/libknot/version.h 2023-06-06 07:08:38.000000000 +0200 +++ new/knot-3.2.8/src/libknot/version.h 2023-06-26 07:44:35.000000000 +0200 @@ -18,7 +18,7 @@ #define KNOT_VERSION_MAJOR 3 #define KNOT_VERSION_MINOR 2 -#define KNOT_VERSION_PATCH 0x07 +#define KNOT_VERSION_PATCH 0x08 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \ (KNOT_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/libzscanner/version.h new/knot-3.2.8/src/libzscanner/version.h --- old/knot-3.2.7/src/libzscanner/version.h 2023-06-06 07:08:38.000000000 +0200 +++ new/knot-3.2.8/src/libzscanner/version.h 2023-06-26 07:44:35.000000000 +0200 @@ -18,7 +18,7 @@ #define ZSCANNER_VERSION_MAJOR 3 #define ZSCANNER_VERSION_MINOR 2 -#define ZSCANNER_VERSION_PATCH 0x07 +#define ZSCANNER_VERSION_PATCH 0x08 #define ZSCANNER_VERSION_HEX ((ZSCANNER_VERSION_MAJOR << 16) | \ (ZSCANNER_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/utils/common/exec.c new/knot-3.2.8/src/utils/common/exec.c --- old/knot-3.2.7/src/utils/common/exec.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/utils/common/exec.c 2023-06-19 10:39:15.000000000 +0200 @@ -53,6 +53,10 @@ static void print_header(const knot_pkt_t *packet, const style_t *style) { + if (packet->size < KNOT_WIRE_OFFSET_QDCOUNT) { + return; + } + char flags[64] = ""; char unknown_rcode[64] = ""; char unknown_opcode[64] = ""; @@ -60,6 +64,10 @@ const char *rcode_str = NULL; const char *opcode_str = NULL; + uint16_t qdcount = 0, ancount = 0, nscount = 0, arcount = 0; + + uint16_t id = knot_wire_get_id(packet->wire); + // Get extended RCODE. const char *code_name = knot_pkt_ext_rcode_name(packet); if (code_name[0] != '\0') { @@ -108,14 +116,15 @@ strlcat(flags, " cd", flags_rest); } - uint16_t id = knot_wire_get_id(packet->wire); - uint16_t qdcount = knot_wire_get_qdcount(packet->wire); - uint16_t ancount = knot_wire_get_ancount(packet->wire); - uint16_t nscount = knot_wire_get_nscount(packet->wire); - uint16_t arcount = knot_wire_get_arcount(packet->wire); + if (packet->size >= KNOT_WIRE_HEADER_SIZE) { + qdcount = knot_wire_get_qdcount(packet->wire); + ancount = knot_wire_get_ancount(packet->wire); + nscount = knot_wire_get_nscount(packet->wire); + arcount = knot_wire_get_arcount(packet->wire); - if (knot_pkt_has_tsig(packet)) { - arcount++; + if (knot_pkt_has_tsig(packet)) { + arcount++; + } } // Print formatted info. @@ -867,10 +876,11 @@ const knot_pktsection_t *additional = knot_pkt_section(packet, KNOT_ADDITIONAL); - uint16_t qdcount = knot_wire_get_qdcount(packet->wire); - uint16_t ancount = knot_wire_get_ancount(packet->wire); - uint16_t nscount = knot_wire_get_nscount(packet->wire); - uint16_t arcount = knot_wire_get_arcount(packet->wire); + uint16_t qdcount = packet->parsed >= KNOT_WIRE_OFFSET_ANCOUNT ? + knot_wire_get_qdcount(packet->wire) : 0; + uint16_t ancount = packet->sections[KNOT_ANSWER].count; + uint16_t nscount = packet->sections[KNOT_AUTHORITY].count; + uint16_t arcount = packet->sections[KNOT_ADDITIONAL].count; // Disable additionals printing if there are no other records. // OPT record may be placed anywhere within additionals! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/utils/kdig/kdig_exec.c new/knot-3.2.8/src/utils/kdig/kdig_exec.c --- old/knot-3.2.7/src/utils/kdig/kdig_exec.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/utils/kdig/kdig_exec.c 2023-06-22 07:40:50.000000000 +0200 @@ -625,11 +625,11 @@ const sign_context_t *sign_ctx, const style_t *style) { - struct timespec t_start, t_query, t_query_full, t_end, t_end_full; + struct timespec t_start, t_query, t_end; time_t timestamp; knot_pkt_t *reply = NULL; uint8_t in[MAX_PACKET_SIZE]; - int in_len; + int in_len = 0; int ret; // Get start query time. @@ -653,10 +653,11 @@ // Get stop query time and start reply time. t_query = time_now(); - t_query_full = time_diff(&t_start, &t_query); - t_query_full.tv_sec += timestamp; #if USE_DNSTAP + struct timespec t_query_full = time_diff(&t_start, &t_query); + t_query_full.tv_sec += timestamp; + // Make the dnstap copy of the query. write_dnstap(query_ctx->dt_writer, true, query->wire, query->size, net, &t_query_full); @@ -688,16 +689,15 @@ // Receive a reply message. in_len = net_receive(net, in, sizeof(in)); + t_end = time_now(); if (in_len <= 0) { goto fail; } - // Get stop reply time. - t_end = time_now(); - t_end_full = time_diff(&t_start, &t_end); +#if USE_DNSTAP + struct timespec t_end_full = time_diff(&t_start, &t_end); t_end_full.tv_sec += timestamp; -#if USE_DNSTAP // Make the dnstap copy of the response. write_dnstap(query_ctx->dt_writer, false, in, in_len, net, &t_end_full); @@ -753,7 +753,7 @@ // Print reply packet. if (style->format != FORMAT_JSON) { - print_packet(reply, net, in_len, time_diff_ms(&t_start, &t_end), + print_packet(reply, net, in_len, time_diff_ms(&t_query, &t_end), timestamp, true, style); } else { knot_pkt_t *q = knot_pkt_new(query->wire, query->size, NULL); @@ -815,7 +815,10 @@ return 0; fail: - if (style->format == FORMAT_JSON) { + if (style->format != FORMAT_JSON) { + print_packet(reply, net, in_len, time_diff_ms(&t_query, &t_end), + timestamp, true, style); + } else { knot_pkt_t *q = knot_pkt_new(query->wire, query->size, NULL); (void)knot_pkt_parse(q, KNOT_PF_NOCANON); print_packets_json(q, reply, net, timestamp, style); @@ -958,7 +961,7 @@ const sign_context_t *sign_ctx, const style_t *style) { - struct timespec t_start, t_query, t_query_full, t_end, t_end_full; + struct timespec t_start, t_query, t_end; time_t timestamp; knot_pkt_t *reply = NULL; uint8_t in[MAX_PACKET_SIZE]; @@ -991,10 +994,11 @@ // Get stop query time and start reply time. t_query = time_now(); - t_query_full = time_diff(&t_start, &t_query); - t_query_full.tv_sec += timestamp; #if USE_DNSTAP + struct timespec t_query_full = time_diff(&t_start, &t_query); + t_query_full.tv_sec += timestamp; + // Make the dnstap copy of the query. write_dnstap(query_ctx->dt_writer, true, query->wire, query->size, net, &t_query_full); @@ -1026,16 +1030,15 @@ // Receive a reply message. in_len = net_receive(net, in, sizeof(in)); + t_end = time_now(); if (in_len <= 0) { goto fail; } - // Get stop message time. - t_end = time_now(); - t_end_full = time_diff(&t_start, &t_end); +#if USE_DNSTAP + struct timespec t_end_full = time_diff(&t_start, &t_end); t_end_full.tv_sec += timestamp; -#if USE_DNSTAP // Make the dnstap copy of the response. write_dnstap(query_ctx->dt_writer, false, in, in_len, net, &t_end_full); @@ -1163,6 +1166,7 @@ // Print partial transfer information. t_end = time_now(); if (style->format != FORMAT_JSON) { + print_data_xfr(reply, style); print_footer_xfr(total_len, msg_count, rr_count, net, time_diff_ms(&t_query, &t_end), timestamp, style); } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.7/src/utils/kxdpgun/main.c new/knot-3.2.8/src/utils/kxdpgun/main.c --- old/knot-3.2.7/src/utils/kxdpgun/main.c 2023-06-06 07:08:21.000000000 +0200 +++ new/knot-3.2.8/src/utils/kxdpgun/main.c 2023-06-22 07:40:50.000000000 +0200 @@ -485,8 +485,8 @@ LOCAL_PORT_MIN, LOCAL_PORT_MIN, mode, NULL); pthread_mutex_unlock(&global_stats.mutex); if (ret != KNOT_EOK) { - ERR2("failed to initialize XDP socket#%u (%s)", - ctx->thread_id, knot_strerror(ret)); + ERR2("failed to initialize XDP socket#%u on interface %s (%s)", + ctx->thread_id, ctx->dev, knot_strerror(ret)); knot_tcp_table_free(tcp_table); return NULL; }
