Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package knot for openSUSE:Factory checked in at 2023-08-03 17:30:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/knot (Old) and /work/SRC/openSUSE:Factory/.knot.new.22712 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "knot" Thu Aug 3 17:30:59 2023 rev:19 rq:1102187 version:3.2.9 Changes: -------- --- /work/SRC/openSUSE:Factory/knot/knot.changes 2023-07-03 17:44:18.413256029 +0200 +++ /work/SRC/openSUSE:Factory/.knot.new.22712/knot.changes 2023-08-03 17:31:14.116290707 +0200 @@ -1,0 +2,6 @@ +Thu Jul 27 13:50:22 UTC 2023 - Michal Hrusecky <[email protected]> + +- update to version 3.2.9, see: + https://www.knot-dns.cz/2023-07-27-version-329.html + +------------------------------------------------------------------- Old: ---- knot-3.2.8.tar.xz knot-3.2.8.tar.xz.asc New: ---- knot-3.2.9.tar.xz knot-3.2.9.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ knot.spec ++++++ --- /var/tmp/diff_new_pack.VGHcoG/_old 2023-08-03 17:31:14.872295282 +0200 +++ /var/tmp/diff_new_pack.VGHcoG/_new 2023-08-03 17:31:14.876295306 +0200 @@ -35,7 +35,7 @@ %{?systemd_requires} %endif Name: knot -Version: 3.2.8 +Version: 3.2.9 Release: 0 Summary: An authoritative DNS daemon License: GPL-3.0-or-later ++++++ knot-3.2.8.tar.xz -> knot-3.2.9.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/NEWS new/knot-3.2.9/NEWS --- old/knot-3.2.8/NEWS 2023-06-26 07:44:21.000000000 +0200 +++ new/knot-3.2.9/NEWS 2023-07-27 06:55:42.000000000 +0200 @@ -1,3 +1,20 @@ +Knot DNS 3.2.9 (2023-27-07) +=========================== + +Improvements: +------------- + - keymgr: 'import-pkcs11' not allowed if no PKCS #11 keystore backend is configured + - keymgr: more verbose key import errors + - doc: extended migration notes + - doc: various improvements + +Bugfixes: +--------- + - knotd: server may crash when storing changeset of a big zone migrating to/from NSEC3 + - knotd: zone refresh loop when all masters are outdated and timers cleared + - knotd: failed to active D-Bus notifications if not started as systemd service + - kjournalprint: database transaction not properly closed when terminated prematurely + Knot DNS 3.2.8 (2023-26-06) =========================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/configure new/knot-3.2.9/configure --- old/knot-3.2.8/configure 2023-06-26 07:44:27.000000000 +0200 +++ new/knot-3.2.9/configure 2023-07-27 06:55:48.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for knot 3.2.8. +# Generated by GNU Autoconf 2.69 for knot 3.2.9. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='knot' PACKAGE_TARNAME='knot' -PACKAGE_VERSION='3.2.8' -PACKAGE_STRING='knot 3.2.8' +PACKAGE_VERSION='3.2.9' +PACKAGE_STRING='knot 3.2.9' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1578,7 +1578,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures knot 3.2.8 to adapt to many kinds of systems. +\`configure' configures knot 3.2.9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1649,7 +1649,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of knot 3.2.8:";; + short | recursive ) echo "Configuration of knot 3.2.9:";; esac cat <<\_ACEOF @@ -1898,7 +1898,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -knot configure 3.2.8 +knot configure 3.2.9 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2313,7 +2313,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by knot $as_me 3.2.8, which was +It was created by knot $as_me 3.2.9, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3175,7 +3175,7 @@ # Define the identity of the package. PACKAGE='knot' - VERSION='3.2.8' + VERSION='3.2.9' cat >>confdefs.h <<_ACEOF @@ -4957,7 +4957,7 @@ KNOT_VERSION_MINOR=2 -KNOT_VERSION_PATCH=8 +KNOT_VERSION_PATCH=9 # Store ./configure parameters and CFLAGS @@ -14759,7 +14759,7 @@ -if test "$enable_xdp" == "yes"; then : +if test "$enable_xdp" = "yes"; then : pkg_failed=no @@ -14832,7 +14832,7 @@ $as_echo "yes" >&6; } enable_xdp=libxdp fi - if test "$enable_xdp" == "libxdp"; then : + if test "$enable_xdp" = "libxdp"; then : $as_echo "#define USE_LIBXDP 1" >>confdefs.h @@ -20375,7 +20375,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by knot $as_me 3.2.8, which was +This file was extended by knot $as_me 3.2.9, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20441,7 +20441,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -knot config.status 3.2.8 +knot config.status 3.2.9 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/configure.ac new/knot-3.2.9/configure.ac --- old/knot-3.2.8/configure.ac 2023-06-26 07:44:21.000000000 +0200 +++ new/knot-3.2.9/configure.ac 2023-07-27 06:55:42.000000000 +0200 @@ -2,7 +2,7 @@ m4_define([knot_VERSION_MAJOR], 3)dnl m4_define([knot_VERSION_MINOR], 2)dnl -m4_define([knot_VERSION_PATCH], 8)dnl Leave empty if the master branch! +m4_define([knot_VERSION_PATCH], 9)dnl Leave empty if the master branch! m4_include([m4/knot-version.m4]) AC_INIT([knot], [knot_PKG_VERSION], [[email protected]]) @@ -227,9 +227,9 @@ AC_SUBST([embedded_libbpf_CFLAGS]) AC_SUBST([embedded_libbpf_LIBS]) -AS_IF([test "$enable_xdp" == "yes"], [ +AS_IF([test "$enable_xdp" = "yes"], [ PKG_CHECK_MODULES([libxdp], [libxdp], [enable_xdp=libxdp], [enable_xdp=yes]) - AS_IF([test "$enable_xdp" == "libxdp"], [ + AS_IF([test "$enable_xdp" = "libxdp"], [ AC_DEFINE([USE_LIBXDP], [1], [Use external libxdp and libbpf.]) libbpf_CFLAGS="$libbpf_CFLAGS $libxdp_CFLAGS" libbpf_LIBS="$libbpf_LIBS $libxdp_LIBS" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/doc/Makefile.in new/knot-3.2.9/doc/Makefile.in --- old/knot-3.2.8/doc/Makefile.in 2023-06-26 07:44:28.000000000 +0200 +++ new/knot-3.2.9/doc/Makefile.in 2023-07-27 06:55:49.000000000 +0200 @@ -716,8 +716,9 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DOCS_FALSE@install-html-local: -@HAVE_SPHINXBUILD_FALSE@install-html-local: +@HAVE_DOCS_FALSE@info-local: +@HAVE_MAKEINFO_FALSE@info-local: +@HAVE_SPHINXBUILD_FALSE@info-local: @HAVE_DOCS_FALSE@pdf-local: @HAVE_PDFLATEX_FALSE@pdf-local: @HAVE_SPHINXBUILD_FALSE@pdf-local: @@ -729,9 +730,8 @@ @HAVE_SPHINXBUILD_FALSE@install-info-local: @HAVE_DOCS_FALSE@html-local: @HAVE_SPHINXBUILD_FALSE@html-local: -@HAVE_DOCS_FALSE@info-local: -@HAVE_MAKEINFO_FALSE@info-local: -@HAVE_SPHINXBUILD_FALSE@info-local: +@HAVE_DOCS_FALSE@install-html-local: +@HAVE_SPHINXBUILD_FALSE@install-html-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/doc/configuration.rst new/knot-3.2.9/doc/configuration.rst --- old/knot-3.2.8/doc/configuration.rst 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/doc/configuration.rst 2023-07-26 19:11:44.000000000 +0200 @@ -588,11 +588,10 @@ Catalog zones ============= -Catalog zones are a concept whereby a list of zones to be configured is maintained +Catalog zones (:rfc:`9432`) are a concept whereby a list of zones to be configured is maintained as contents of a separate, special zone. This approach has the benefit of simple propagation of a zone list to secondary servers, especially when the list is -frequently updated. Currently, catalog zones are described in this `Internet Draft -<https://tools.ietf.org/html/draft-ietf-dnsop-dns-catalog-zones>`_. +frequently updated. Terminology first. *Catalog zone* is a meta-zone which shall not be a part of the DNS tree, but it contains information about the set of member zones and @@ -682,8 +681,7 @@ at any time using `knotc -f zone-purge +expire`. Currently, expiration of a catalog zone doesn't have any effect on its - member zones. This will likely change in the future depending on the - Internet Draft. + member zones. .. WARNING:: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/doc/man/knot.conf.5in new/knot-3.2.9/doc/man/knot.conf.5in --- old/knot-3.2.8/doc/man/knot.conf.5in 2023-06-26 07:44:42.000000000 +0200 +++ new/knot-3.2.9/doc/man/knot.conf.5in 2023-07-27 06:56:03.000000000 +0200 @@ -2465,6 +2465,14 @@ \fBmember\fP â A member zone that is assigned to one generated catalog zone. .UNINDENT .sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +If set to \fBgenerate\fP, the \fI\%zonefile\-load\fP option has no effect +since a zone file is never loaded. +.UNINDENT +.UNINDENT +.sp \fIDefault:\fP \fBnone\fP .SS catalog\-template .sp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/doc/man/knsupdate.1in new/knot-3.2.9/doc/man/knsupdate.1in --- old/knot-3.2.8/doc/man/knsupdate.1in 2023-06-26 07:44:42.000000000 +0200 +++ new/knot-3.2.9/doc/man/knsupdate.1in 2023-07-27 06:56:03.000000000 +0200 @@ -156,11 +156,12 @@ .sp Options \fB\-k\fP and \fB\-y\fP can not be used simultaneously. .sp -Dnssec\-keygen keyfile format is not supported. Use \fBkeymgr(8)\fP instead. +Neither \fItsig\-keygen(8)\fP nor \fIdnssec\-keygen(1)\fP keyfile formats are supported. +Use \fBkeymgr(8)\fP to construct a string for \fB\-y\fP or the file passed to \fB\-k\fP\&. .sp Zone name/server guessing is not supported if the zone name/server is not specified. .sp -Empty line doesn\(aqt send the update. +An empty line doesn\(aqt send the update. .SS Interactive mode .sp The utility provides interactive mode with basic line editing functionality, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/doc/man_knsupdate.rst new/knot-3.2.9/doc/man_knsupdate.rst --- old/knot-3.2.8/doc/man_knsupdate.rst 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/doc/man_knsupdate.rst 2023-07-26 19:11:44.000000000 +0200 @@ -134,11 +134,12 @@ Options **-k** and **-y** can not be used simultaneously. -Dnssec-keygen keyfile format is not supported. Use :manpage:`keymgr(8)` instead. +Neither `tsig-keygen(8)` nor `dnssec-keygen(1)` keyfile formats are supported. +Use :manpage:`keymgr(8)` to construct a string for **-y** or the file passed to **-k**. Zone name/server guessing is not supported if the zone name/server is not specified. -Empty line doesn't send the update. +An empty line doesn't send the update. Interactive mode ................ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/doc/migration.rst new/knot-3.2.9/doc/migration.rst --- old/knot-3.2.8/doc/migration.rst 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/doc/migration.rst 2023-07-26 19:11:44.000000000 +0200 @@ -160,7 +160,7 @@ - ``server.tcp-handshake-timeout`` - ``zone.request-edns-option`` -- New default values for: +- New default value for: - :ref:`server_tcp-workers` - :ref:`server_tcp-max-clients` @@ -305,6 +305,21 @@ Configuration changes --------------------- +- Default value for: + + - :ref:`zone_journal-max-depth` was lowered to 20. + This change may trigger journal history merging. + - :ref:`policy_nsec3-iterations` was lowered to 0. + This change may trigger complete NSEC3 chain reconstruction! + - :ref:`policy_rrsig-refresh` is set to :ref:`policy_propagation-delay` + "zone maximum TTL". + This change affects effective RRSIG lifetime! + +- New checks: + + - :ref:`policy_rrsig-refresh` must be high enough to ensure all RRSIGs are + refreshed before their expiration. + - A notice log message is emitted if :ref:`policy_algorithm` is deprecated. + - Ignored obsolete option (with a notice log): - ``server.listen-xdp`` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/doc/reference.rst new/knot-3.2.9/doc/reference.rst --- old/knot-3.2.8/doc/reference.rst 2023-06-26 07:44:21.000000000 +0200 +++ new/knot-3.2.9/doc/reference.rst 2023-07-26 19:11:44.000000000 +0200 @@ -2697,6 +2697,10 @@ assigned member zones. - ``member`` â A member zone that is assigned to one generated catalog zone. +.. NOTE:: + If set to ``generate``, the :ref:`zone_zonefile-load` option has no effect + since a zone file is never loaded. + *Default:* ``none`` .. _zone_catalog-template: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/samples/Makefile.in new/knot-3.2.9/samples/Makefile.in --- old/knot-3.2.8/samples/Makefile.in 2023-06-26 07:44:28.000000000 +0200 +++ new/knot-3.2.9/samples/Makefile.in 2023-07-27 06:55:49.000000000 +0200 @@ -448,8 +448,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@HAVE_DAEMON_FALSE@install-data-local: @HAVE_DAEMON_FALSE@uninstall-local: +@HAVE_DAEMON_FALSE@install-data-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/knot/dnssec/context.c new/knot-3.2.9/src/knot/dnssec/context.c --- old/knot-3.2.8/src/knot/dnssec/context.c 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/src/knot/dnssec/context.c 2023-07-26 19:11:44.000000000 +0200 @@ -224,8 +224,8 @@ conf_id_fix_default(&policy_id); policy_load(ctx->policy, conf, &policy_id, ctx->zone->dname); - ret = zone_init_keystore(conf, &policy_id, &ctx->keystore, NULL, - &ctx->policy->key_label); + ret = zone_init_keystore(conf, &policy_id, &ctx->keystore, + &ctx->keystore_type, &ctx->policy->key_label); if (ret != KNOT_EOK) { goto init_error; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/knot/dnssec/context.h new/knot-3.2.9/src/knot/dnssec/context.h --- old/knot-3.2.8/src/knot/dnssec/context.h 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/src/knot/dnssec/context.h 2023-07-26 19:11:44.000000000 +0200 @@ -34,6 +34,7 @@ knot_kasp_zone_t *zone; knot_kasp_policy_t *policy; dnssec_keystore_t *keystore; + unsigned keystore_type; char *kasp_zone_path; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/knot/events/handlers/refresh.c new/knot-3.2.9/src/knot/events/handlers/refresh.c --- old/knot-3.2.8/src/knot/events/handlers/refresh.c 2023-06-22 07:40:50.000000000 +0200 +++ new/knot-3.2.9/src/knot/events/handlers/refresh.c 2023-07-26 19:11:44.000000000 +0200 @@ -201,7 +201,7 @@ } } -static void finalize_timers(struct refresh_data *data) +static void finalize_timers_base(struct refresh_data *data, bool also_expire) { conf_t *conf = data->conf; zone_t *zone = data->zone; @@ -222,7 +222,7 @@ if (zone->is_catalog_flag) { // It's already zero in most cases. zone->timers.next_expire = 0; - } else { + } else if (also_expire) { limit_timer(conf, zone->name, &data->expire_timer, "expire", // Limit min if not received as EDNS Expire. data->expire_timer == knot_soa_expire(soa->rdata) ? @@ -232,6 +232,16 @@ } } +static void finalize_timers(struct refresh_data *data) +{ + finalize_timers_base(data, true); +} + +static void finalize_timers_noexpire(struct refresh_data *data) +{ + finalize_timers_base(data, false); +} + static void fill_expires_in(char *expires_in, size_t size, const struct refresh_data *data) { assert(!data->zone->is_catalog_flag || data->zone->timers.next_expire == 0); @@ -1074,6 +1084,7 @@ remote_serial, expires_in); return KNOT_STATE_DONE; } else { + finalize_timers_noexpire(data); REFRESH_LOG(LOG_INFO, data, LOG_DIRECTION_NONE, "remote serial %u, remote is outdated", remote_serial); return KNOT_STATE_DONE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/knot/journal/serialization.c new/knot-3.2.9/src/knot/journal/serialization.c --- old/knot-3.2.8/src/knot/journal/serialization.c 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/src/knot/journal/serialization.c 2023-07-26 19:11:44.000000000 +0200 @@ -114,7 +114,8 @@ ctx->changeset_phase = PHASE_ZONE_NODES; return node_rrset(ctx->zdiff.apex, KNOT_RRTYPE_SOA); case PHASE_ZONE_NODES: - case PHASE_ZONE_NSEC3: + case PHASE_ZONE_NSEC3: ; +skip_next_nsec3: while (ctx->n == NULL || ctx->node_pos >= ctx->n->rrset_count) { if (zone_tree_it_finished(&ctx->zit)) { zone_tree_it_free(&ctx->zit); @@ -141,13 +142,13 @@ } res = node_rrset_at(ctx->n, ctx->node_pos++); if (ctx->n == ctx->zdiff.apex && res.type == KNOT_RRTYPE_SOA) { - return get_next_rrset(ctx); + goto skip_next_nsec3; } if (ctx->zone_diff) { knot_rrset_t counter_rr = node_rrset(binode_counterpart(ctx->n), res.type); if (counter_rr.ttl == res.ttl && !knot_rrset_empty(&counter_rr)) { if (knot_rdataset_subset(&res.rrs, &counter_rr.rrs)) { - return get_next_rrset(ctx); + goto skip_next_nsec3; } knot_rdataset_t rd_copy; ctx->ret = knot_rdataset_copy(&rd_copy, &res.rrs, NULL); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/knot/zone/backup.c new/knot-3.2.9/src/knot/zone/backup.c --- old/knot-3.2.8/src/knot/zone/backup.c 2023-06-22 07:40:50.000000000 +0200 +++ new/knot-3.2.9/src/knot/zone/backup.c 2023-07-26 19:11:44.000000000 +0200 @@ -327,7 +327,7 @@ return ret; } if (backend_type == KEYSTORE_BACKEND_PKCS11) { - log_zone_warning(zone->name, "private keys from PKCS#11 aren't subject of backup/restore"); + log_zone_warning(zone->name, "private keys from PKCS #11 aren't subject of backup/restore"); (void)dnssec_keystore_deinit(from); return KNOT_EOK; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/libdnssec/version.h new/knot-3.2.9/src/libdnssec/version.h --- old/knot-3.2.8/src/libdnssec/version.h 2023-06-26 07:44:35.000000000 +0200 +++ new/knot-3.2.9/src/libdnssec/version.h 2023-07-27 06:55:56.000000000 +0200 @@ -18,7 +18,7 @@ #define DNSSEC_VERSION_MAJOR 3 #define DNSSEC_VERSION_MINOR 2 -#define DNSSEC_VERSION_PATCH 0x08 +#define DNSSEC_VERSION_PATCH 0x09 #define DNSSEC_VERSION_HEX ((DNSSEC_VERSION_MAJOR << 16) | \ (DNSSEC_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/libknot/version.h new/knot-3.2.9/src/libknot/version.h --- old/knot-3.2.8/src/libknot/version.h 2023-06-26 07:44:35.000000000 +0200 +++ new/knot-3.2.9/src/libknot/version.h 2023-07-27 06:55:56.000000000 +0200 @@ -18,7 +18,7 @@ #define KNOT_VERSION_MAJOR 3 #define KNOT_VERSION_MINOR 2 -#define KNOT_VERSION_PATCH 0x08 +#define KNOT_VERSION_PATCH 0x09 #define KNOT_VERSION_HEX ((KNOT_VERSION_MAJOR << 16) | \ (KNOT_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/libzscanner/version.h new/knot-3.2.9/src/libzscanner/version.h --- old/knot-3.2.8/src/libzscanner/version.h 2023-06-26 07:44:35.000000000 +0200 +++ new/knot-3.2.9/src/libzscanner/version.h 2023-07-27 06:55:56.000000000 +0200 @@ -18,7 +18,7 @@ #define ZSCANNER_VERSION_MAJOR 3 #define ZSCANNER_VERSION_MINOR 2 -#define ZSCANNER_VERSION_PATCH 0x08 +#define ZSCANNER_VERSION_PATCH 0x09 #define ZSCANNER_VERSION_HEX ((ZSCANNER_VERSION_MAJOR << 16) | \ (ZSCANNER_VERSION_MINOR << 8) | \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/utils/keymgr/functions.c new/knot-3.2.9/src/utils/keymgr/functions.c --- old/knot-3.2.8/src/utils/keymgr/functions.c 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/src/utils/keymgr/functions.c 2023-07-26 19:11:44.000000000 +0200 @@ -446,6 +446,13 @@ return knot_error_from_libdnssec(ret); } +static void err_import_key(char *keyid, const char *file) +{ + ERR2("failed to get key%s%s from %s%s", + *keyid == '\0' ? "" : " ", keyid, + *file == '\0' ? "the keystore" : "file ", file); +} + static int import_key(kdnssec_ctx_t *ctx, unsigned backend, const char *param, int argc, char *argv[]) { @@ -477,6 +484,7 @@ // open file int fd = open(param, O_RDONLY, 0); if (fd == -1) { + err_import_key("", param); return knot_map_errno(); } @@ -484,10 +492,12 @@ off_t fsize = lseek(fd, 0, SEEK_END); if (fsize == -1) { close(fd); + err_import_key("", param); return knot_map_errno(); } if (lseek(fd, 0, SEEK_SET) == -1) { close(fd); + err_import_key("", param); return knot_map_errno(); } @@ -496,6 +506,7 @@ ret = dnssec_binary_alloc(&pem, fsize); if (ret != DNSSEC_EOK) { close(fd); + err_import_key("", param); goto fail; } @@ -505,6 +516,7 @@ if (read_count == -1) { dnssec_binary_free(&pem); ret = knot_map_errno(); + err_import_key("", param); goto fail; } @@ -512,6 +524,7 @@ ret = dnssec_keystore_import(ctx->keystore, &pem, &keyid); dnssec_binary_free(&pem); if (ret != DNSSEC_EOK) { + err_import_key(keyid, param); goto fail; } } else { @@ -534,6 +547,7 @@ // fill key structure from keystore (incl. pubkey from privkey computation) ret = dnssec_keystore_get_private(ctx->keystore, keyid, key); if (ret != DNSSEC_EOK) { + err_import_key(keyid, ""); goto fail; } @@ -576,6 +590,14 @@ if (!dnssec_keyid_is_valid(key_id)) { return DNSSEC_INVALID_KEY_ID; } + + if (ctx->keystore_type != KEYSTORE_BACKEND_PKCS11) { + knot_dname_txt_storage_t dname_str; + (void)knot_dname_to_str(dname_str, ctx->zone->dname, sizeof(dname_str)); + ERR2("not a PKCS #11 keystore for zone %s", dname_str); + return KNOT_ERROR; + } + dnssec_keyid_normalize(key_id); return import_key(ctx, KEYSTORE_BACKEND_PKCS11, key_id, argc, argv); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/utils/kjournalprint/main.c new/knot-3.2.9/src/utils/kjournalprint/main.c --- old/knot-3.2.8/src/utils/kjournalprint/main.c 2023-06-19 10:39:15.000000000 +0200 +++ new/knot-3.2.9/src/utils/kjournalprint/main.c 2023-07-27 06:55:42.000000000 +0200 @@ -15,6 +15,7 @@ */ #include <getopt.h> +#include <signal.h> #include <stdlib.h> #include <sys/stat.h> #include <unistd.h> @@ -35,6 +36,19 @@ #define PROGRAM_NAME "kjournalprint" +knot_lmdb_db_t journal_db = { 0 }; // global so that accessible from signal handler + +int SIGNAL_REPEAT = 1; + +static void signal_handler(int signum) +{ + if (--SIGNAL_REPEAT < 0) { + abort(); + } + knot_lmdb_close(&journal_db); + exit(EXIT_FAILURE); +} + static void print_help(void) { printf("Usage:\n" @@ -188,25 +202,24 @@ int print_journal(char *path, knot_dname_t *name, print_params_t *params) { - knot_lmdb_db_t jdb = { 0 }; - zone_journal_t j = { &jdb, name }; + zone_journal_t j = { &journal_db, name }; bool exists; uint64_t occupied, occupied_all; - knot_lmdb_init(&jdb, path, 0, journal_env_flags(JOURNAL_MODE_ROBUST, true), NULL); - int ret = knot_lmdb_exists(&jdb); + knot_lmdb_init(&journal_db, path, 0, journal_env_flags(JOURNAL_MODE_ROBUST, true), NULL); + int ret = knot_lmdb_exists(&journal_db); if (ret == KNOT_EOK) { - ret = knot_lmdb_open(&jdb); + ret = knot_lmdb_open(&journal_db); } if (ret != KNOT_EOK) { - knot_lmdb_deinit(&jdb); + knot_lmdb_deinit(&journal_db); return ret; } ret = journal_info(j, &exists, NULL, NULL, NULL, NULL, NULL, &occupied, &occupied_all); if (ret != KNOT_EOK || !exists) { ERR2("zone not exists in the journal DB %s", path); - knot_lmdb_deinit(&jdb); + knot_lmdb_deinit(&journal_db); return ret == KNOT_EOK ? KNOT_ENOENT : ret; } @@ -246,7 +259,7 @@ printf("Occupied all zones together: %"PRIu64" KiB\n", occupied_all / 1024); } - knot_lmdb_deinit(&jdb); + knot_lmdb_deinit(&journal_db); return ret; } @@ -288,8 +301,7 @@ int list_zones(char *path, bool detailed) { - knot_lmdb_db_t jdb = { 0 }; - knot_lmdb_init(&jdb, path, 0, journal_env_flags(JOURNAL_MODE_ROBUST, true), NULL); + knot_lmdb_init(&journal_db, path, 0, journal_env_flags(JOURNAL_MODE_ROBUST, true), NULL); list_t zones; init_list(&zones); @@ -297,7 +309,7 @@ uint64_t occupied_all = 0; bool first = detailed; - int ret = journals_walk(&jdb, add_zone_to_list, &zones); + int ret = journals_walk(&journal_db, add_zone_to_list, &zones); WALK_LIST(zone, zones) { if (ret != KNOT_EOK) { break; @@ -305,10 +317,10 @@ printf(";; <zone name> <occupied KiB> <first serial> <last serial> <full zone>\n"); first = false; } - ret = list_zone(zone->d, detailed, &jdb, &occupied_all); + ret = list_zone(zone->d, detailed, &journal_db, &occupied_all); } - knot_lmdb_deinit(&jdb); + knot_lmdb_deinit(&journal_db); ptrlist_deep_free(&zones, NULL); if (detailed && ret == KNOT_EOK) { @@ -420,6 +432,15 @@ char *db = conf_db(conf(), C_JOURNAL_DB); + struct sigaction sigact = { .sa_handler = signal_handler }; + sigaction(SIGHUP, &sigact, NULL); + sigaction(SIGINT, &sigact, NULL); + sigaction(SIGPIPE, &sigact, NULL); + sigaction(SIGALRM, &sigact, NULL); + sigaction(SIGTERM, &sigact, NULL); + sigaction(SIGUSR1, &sigact, NULL); + sigaction(SIGUSR2, &sigact, NULL); + if (justlist) { int ret = list_zones(db, params.debug); free(db); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/knot-3.2.8/src/utils/knotd/main.c new/knot-3.2.9/src/utils/knotd/main.c --- old/knot-3.2.8/src/utils/knotd/main.c 2023-06-22 07:40:50.000000000 +0200 +++ new/knot-3.2.9/src/utils/knotd/main.c 2023-07-26 19:11:44.000000000 +0200 @@ -554,18 +554,6 @@ return EXIT_FAILURE; } - if (conf()->cache.srv_dbus_event != DBUS_EVENT_NONE) { - ret = systemd_dbus_open(); - if (ret != KNOT_EOK) { - log_error("d-bus: failed to open system bus (%s)", - knot_strerror(ret)); - } else { - log_info("d-bus: connected to system bus"); - } - int64_t delay = conf_get_int(conf(), C_SRV, C_DBUS_INIT_DELAY); - sleep(delay); - } - /* Alter privileges. */ int uid, gid; if (conf_user(conf(), &uid, &gid) != KNOT_EOK || @@ -581,6 +569,18 @@ return EXIT_FAILURE; } + if (conf()->cache.srv_dbus_event != DBUS_EVENT_NONE) { + ret = systemd_dbus_open(); + if (ret != KNOT_EOK) { + log_error("d-bus: failed to open system bus (%s)", + knot_strerror(ret)); + } else { + log_info("d-bus: connected to system bus"); + } + int64_t delay = conf_get_int(conf(), C_SRV, C_DBUS_INIT_DELAY); + sleep(delay); + } + /* Drop POSIX capabilities. */ drop_capabilities();
