openSUSE Build Service

Ana Guerrero (anag+factory) accepted request 1170013 from

Adam Majer (adamm) 2 days ago (revision 66)

- update to 5.0.4:
  * fixes a case when a crafted responses can lead to a denial of
    service in Recursor if recursive forwarding is configured
    (bsc#1223262, CVE-2024-25583)
- changes in 5.0.3
  * Log if a DNSSEC related limit was hit if log_bogus is set
  * Reduce RPZ memory usage by not keeping the initially loaded
    RPZs in memory
  * Fix the zoneToCache regression introduced by 5.0.2 security
    update

Ana Guerrero (anag+factory) accepted request 1146434 from

Adam Majer (adamm) 2 months ago (revision 65)

- update to 5.0.2
  * fixes crafted DNSSEC records in a zone can lead to a denial
    of service in Recursor
  https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
  (bsc#1219823, bsc#1219826, CVE-2023-50387, CVE-2023-50868)

- update to 5.0.1
  https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.1
  For upgrade from 4.9.x, see
  https://doc.powerdns.com/recursor/upgrade.html#to-5-0-0-and-master
- cargo_build_fix.patch: add cargo_build parameters to Makefile...

Ana Guerrero (anag+factory) accepted request 1108433 from

Factory Maintainer (factory-maintainer) 8 months ago (revision 64)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 1077167 from

Adam Majer (adamm) about 1 year ago (revision 63)

- update to 4.8.4
  * Deterred spoofing attempts can lead to authoritative servers
    being marked unavailable (bsc#1209897, CVE-2023-26437)

Dominique Leuenberger (dimstar_suse) accepted request 1069900 from

Adam Majer (adamm) about 1 year ago (revision 62)

- update to 4.8.3
  * Fix serve-stale logic to not cause intermittent high CPU load by:
    + correcting the removal of a negative cache entry,
    + correcting the serve-stale main loop regarding exception handling,
    + correctly handle negcache entries with serve-state status.
- changes in version 4.8.2
  * Make cache cleaning of record an negative cache more fair
  * Do not report “not decreasing socket buf size” as an error
  * Do not use “message” as key, it has a special meaning to systemd-journal
  * Add the ‘parse packet from auth’ error message to structured logging
  * Refresh of negcache stale entry might use wrong qtype
  * Do not chain ECS enabled queries
  * Properly encode json string containing binary data

Dominique Leuenberger (dimstar_suse) accepted request 1059961 from

Adam Majer (adamm) over 1 year ago (revision 61)

- update to 4.8.1
  * Avoid unbounded recursion when retrieving DS records from some
    misconfigured domains. (bsc#1207342, CVE-2023-22617)

Dominique Leuenberger (dimstar_suse) accepted request 1042523 from

Adam Majer (adamm) over 1 year ago (revision 60)

- update to 4.8.0 with these major changes:
  * Structured Logging has been implemented for almost all
    subsystems.
  * Optional Serve Stale functionality has been implemented,
    providing resilience against connectivity problems towards
    authoritative servers.
  * Optional Record Locking has been implemented, providing an extra
    layer of protection against spoofing attempts at the price of
    reduced cache efficiency.
  * Internal tables used to track information about authoritative
    servers are now shared instead of per-thread, resulting in
    better performance and lower memory usage.
  * EDNS padding of outgoing DoT queries has been implemented,
    providing better privacy protection.
  * Metrics have been added about the protobuf and dnstap logging
    subsystems and the rcodes received from authoritative
    servers.

Dominique Leuenberger (dimstar_suse) accepted request 1040841 from

Factory Maintainer (factory-maintainer) over 1 year ago (revision 59)

Automatic submission by obs-autosubmit

Richard Brown (RBrownFactory) accepted request 1006510 from

Adam Majer (adamm) over 1 year ago (revision 58)

Dominique Leuenberger (dimstar_suse) accepted request 1000494 from

Factory Maintainer (factory-maintainer) over 1 year ago (revision 57)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 998985 from

Adam Majer (adamm) over 1 year ago (revision 56)

- update to 4.7.2
  * incomplete exception handling related to protobuf message generation.
    (CVE-2022-37428, bsc#1202664)

Dominique Leuenberger (dimstar_suse) accepted request 987946 from

Adam Majer (adamm) almost 2 years ago (revision 55)

- update to 4.7.1
  * Improvements
    - Allow generic format while parsing zone files for ZoneToCache.
      References: #11724, #11726, pull request 11750
    - Force gzip compression for debian packages (Zash). #11735, PR#11740
  * Bug Fixes
    - Run tasks from housekeeping thread in the proper way, causing queued 
      DoT probes to run more promptly. #11692, PR#11748

Dominique Leuenberger (dimstar_suse) accepted request 980065 from

Adam Majer (adamm) almost 2 years ago (revision 54)

Dominique Leuenberger (dimstar_suse) accepted request 969514 from

Adam Majer (adamm) about 2 years ago (revision 53)

Dominique Leuenberger (dimstar_suse) accepted request 965587 from

Adam Majer (adamm) about 2 years ago (revision 52)

- fix building against sle-12 backports with gcc-9
- remove obsolete BR on protobuf
- add bundled information to the spec file
- boost_context.patch: Boost.Context detection fix on SLE12

Dominique Leuenberger (dimstar_suse) accepted request 964870 from

Adam Majer (adamm) about 2 years ago (revision 51)

- update to 4.6.1
  fixes incomplete validation of incoming IXFR transfer in
  the Recursor. It applies to setups retrieving one or more RPZ
  zones from a remote server if the network path to the server
  is not trusted. (bsc#1197525, CVE-2022-27227)

Dominique Leuenberger (dimstar_suse) accepted request 942366 from

Factory Maintainer (factory-maintainer) over 2 years ago (revision 50)