openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pdns-recursor

Dominique Leuenberger (dimstar_suse) accepted request 690877 from

Adam Majer (adamm) about 5 years ago (revision 26)

Dominique Leuenberger (dimstar_suse) accepted request 668666 from

Adam Majer (adamm) over 5 years ago (revision 25)

Dominique Leuenberger (dimstar_suse) accepted request 667620 from

Adam Majer (adamm) over 5 years ago (revision 24)

- update to 4.1.9
  https://blog.powerdns.com/2019/01/21/powerdns-recursor-4-1-9-released/
  - Fixes case when Lua hooks are not called over TCP
    (CVE-2019-3806, bsc#1121887)
  - Fixes DNSSEC validation is not performed for AA=0 responses
    (CVE-2019-3807, bsc#1121889)

Dominique Leuenberger (dimstar_suse) accepted request 652039 from

Adam Majer (adamm) over 5 years ago (revision 23)

- update to 4.1.8
  https://blog.powerdns.com/2018/11/26/powerdns-recursor-4-1-8-released/
  - Fixes case where a crafted query can cause a denial of service
    (CVE-2018-16855, bsc#1116592)

- update to 4.1.7
  https://blog.powerdns.com/2018/11/09/powerdns-recursor-4-1-7-released/
  - Revert ‘Keep the EDNS status of a server on FormErr with EDNS’
  - Refuse queries for all meta-types

Dominique Leuenberger (dimstar_suse) accepted request 646976 from

Adam Majer (adamm) over 5 years ago (revision 22)

- update to 4.1.6
  - Revert "rec: Authority records in AA=1 CNAME answer are
    authoritative"
    https://github.com/PowerDNS/pdns/issues/7158

- update to 4.1.5
  - Improvements
    * Add pdnslog to lua configuration scripts
    * Fix compilation with libressl 2.7.0+
    * Export outgoing ECS value and server ID in protobuf (if any)
    * Switch to devtoolset 7 for el6
    * Allow the signature inception to be off by number of seconds
  - Bug Fixes
    * Crafted answer can cause a denial of service
      (bsc#1114157, CVE-2018-10851)
    * Packet cache pollution via crafted query
      (bsc#1114169, CVE-2018-14626)
    * Crafted query for meta-types can cause a denial of service
      (bsc#1114170, CVE-2018-14644)
    * Delay creation of rpz threads until we dropped privileges
    * Cleanup the netmask trees used for the ecs index on removals
    * Make sure that the ecs scope from the auth is < to the source
    * Authority records in aa=1 cname answer are authoritative
    * Avoid a memory leak in catch-all exception handler
    * Don’t require authoritative answers for forward-recurse zones
    * Release memory in case of error in openssl ecdsa constructor
    * Convert a few uses to toLogString to print DNSName’s that
      may be empty in a safer manner
    * Avoid a crash on DEC Alpha systems
    * Clear all caches on (N)TA changes

Dominique Leuenberger (dimstar_suse) accepted request 632520 from

Adam Majer (adamm) over 5 years ago (revision 21)

- update to 4.1.4
  - Improvements
    * Split pdns_enable_unit_tests.
    * Add a new max-udp-queries-per-round setting.
    * Fix warnings reported by gcc 8.1.0.
    * Tests: replace awk command by perl.
    * Allow the snmp thread to retrieve statistics.
  - Bug Fixes
    * Don’t account chained queries more than once.
    * Make rec_control respect include-dir.
    * Load lua scripts only in worker threads.
    * Purge all auth/forward zone data including subtree.

Dominique Leuenberger (dimstar_suse) accepted request 611478 from

Adam Majer (adamm) almost 6 years ago (revision 20)

- update to 4.1.3
  - Improvements
    * Add a subtree option to the API cache flush endpoint
    * Use a separate, non-blocking pipe to distribute queries
    * Move carbon/webserver/control/stats handling to a separate
      thread
    * Add _raw versions for QName / ComboAddresses to the FFI API
    * Fix a warning on botan >= 2.5.0
  - Bug Fixes
    * Count a lookup into an internal auth zone as a cache miss
    * Don’t increase the DNSSEC validations counters when running
      with process-no-validate
    * Respect the AXFR timeout while connecting to the RPZ server
    * Increase MTasker stacksize to avoid crash in exception
      unwinding
    * Use the SyncRes time in our unit tests when checking cache
      validity
    * Add -rdynamic to C{,XX}FLAGS when we build with LuaJIT
    * Delay the loading of RPZ zones until the parsing is done,
      fixing a race condition
    * Reorder includes to avoid boost L conflict (bsc#1089814)

Dominique Leuenberger (dimstar_suse) accepted request 597059 from

Adam Majer (adamm) about 6 years ago (revision 19)

Dominique Leuenberger (dimstar_suse) accepted request 568487 from

Adam Majer (adamm) over 6 years ago (revision 18)

Version update and add missing bugzilla entries

- update to version 4.1.1:
  + Fixes security vulnerability where man-in-the-middle to send
    a NXDOMAIN answer for a DNSSEC name that does exist.
    (bsc#1077154, CVE-2018-1000003)
  + Don't validate signature for "glue" CNAME, since anything else
    than the initial CNAME can’t be considered authoritative.

- update to version 4.0.7: (bsc#1069242)

Dominique Leuenberger (dimstar_suse) accepted request 561067 from

Marguerite Su (MargueriteSu) over 6 years ago (revision 17)

Dominique Leuenberger (dimstar_suse) accepted request 555202 from

Adam Majer (adamm) over 6 years ago (revision 16)

- enable ed25519 support (new BR: libsodium-devel)
- enable net-snmp support (new BR: net-snmp-devel)
- simplify BR for lua: lua-devel everywhere now

- update to version 4.1.0:
  + Improved DNSSEC support
  + Improved documentation
  + Improved RPZ support
  + Improved EDNS Client Subnet support
  + SNMP support
  + Lua engine has gained access to more parts of the recursor
  + CPU affinity can now be specified
  + TCP Fast Open support
  + New performance metrics
  + For complete changes see:
    https://blog.powerdns.com/2017/12/04/powerdns-recursor-4-1/

- update to version 4.0.7:
  + fixes CVE-2017-15090: Insufficient validation of DNSSEC
    signatures
  + fixes CVE-2017-15092: Cross-Site Scripting in the web interface
  + fixes CVE-2017-15093: Configuration file injection in the API
  + fixes CVE-2017-15094: Memory leak in DNSSEC parsing
  + Fix validation at the exact RRSIG inception or expiration time
  + Extract nested exception from Luawrapper
  + Throw an error when lua-conf-file can’t be loaded
  + Lowercase all outgoing qnames when lowercase-outgoing is set

Dominique Leuenberger (dimstar_suse) accepted request 538601 from

Adam Majer (adamm) over 6 years ago (revision 15)

- Added pdns-recursor.keyring linked from
  https://dnsdist.org/install.html

Dominique Leuenberger (dimstar_suse) accepted request 531120 from

Adam Majer (adamm) over 6 years ago (revision 14)

Dominique Leuenberger (dimstar_suse) accepted request 508480 from

Marcus Rueckert (darix) almost 7 years ago (revision 13)

Dominique Leuenberger (dimstar_suse) accepted request 503372 from

Adam Majer (adamm) almost 7 years ago (revision 12)

- update to version 4.0.5
  + adds ed25519 (algorithm 15) support for DNSSEC
  + adds the 2017 DNSSEC root key
  + complete changeset is available at,
  https://doc.powerdns.com/md/changelog/#powerdns-recursor-405

Dominique Leuenberger (dimstar_suse) accepted request 496436 from

Factory Maintainer (factory-maintainer) almost 7 years ago (revision 11)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 454144 from

Adam Majer (adamm) over 7 years ago (revision 10)

- use individual libboost-*-devel packages instead of boost-devel
- add signature file for upstream release

- update to version 4.0.4
  The following security advisories were fixed
  - 2016-02: Crafted queries can cause abnormal CPU usage
  (CVE-2016-7068, boo#1018326)
  - 2016-04: Insufficient validation of TSIG signatures
  (CVE-2016-2120, boo#1018329)
  complete changeset is availalbe at,
  https://doc.powerdns.com/md/changelog/#powerdns-recursor-404
- remove 4462.patch: in upstream release.

Dominique Leuenberger (dimstar_suse) accepted request 447103 from

Factory Maintainer (factory-maintainer) over 7 years ago (revision 9)