Overview
Request 1059963 accepted
- update to 4.8.1
* Avoid unbounded recursion when retrieving DS records from some
misconfigured domains. (bsc#1207342, CVE-2023-22617)
- update to 4.8.0 with these major changes:
* Structured Logging has been implemented for almost all
subsystems.
* Optional Serve Stale functionality has been implemented,
providing resilience against connectivity problems towards
authoritative servers.
* Optional Record Locking has been implemented, providing an extra
layer of protection against spoofing attempts at the price of
reduced cache efficiency.
* Internal tables used to track information about authoritative
servers are now shared instead of per-thread, resulting in
better performance and lower memory usage.
* EDNS padding of outgoing DoT queries has been implemented,
providing better privacy protection.
* Metrics have been added about the protobuf and dnstap logging
subsystems and the rcodes received from authoritative
servers.
- update to 4.7.4
* Fix compilation of the event ports multiplexer. #12046, PR#12231
* Correct skip record condition in processRecords. #12198, PR#12230
* Also consider recursive forward in the “forwarded DS should not end up in negCache code.” #12189, #12199, PR#12227
* Timout handling for IXFRs as a client. #12125, PR#12190
* Detect invalid bytes in makeBytesFromHex(). #12066, PR#12173
* Log invalid RPZ content when obtained via IXFR. #12081, PR#12171
* When an expired NSEC3 entry is seen, move it to the front of the expiry queue. #12038, PR#12168
Request History
adamm created request
- update to 4.8.1
* Avoid unbounded recursion when retrieving DS records from some
misconfigured domains. (bsc#1207342, CVE-2023-22617)
- update to 4.8.0 with these major changes:
* Structured Logging has been implemented for almost all
subsystems.
* Optional Serve Stale functionality has been implemented,
providing resilience against connectivity problems towards
authoritative servers.
* Optional Record Locking has been implemented, providing an extra
layer of protection against spoofing attempts at the price of
reduced cache efficiency.
* Internal tables used to track information about authoritative
servers are now shared instead of per-thread, resulting in
better performance and lower memory usage.
* EDNS padding of outgoing DoT queries has been implemented,
providing better privacy protection.
* Metrics have been added about the protobuf and dnstap logging
subsystems and the rcodes received from authoritative
servers.
- update to 4.7.4
* Fix compilation of the event ports multiplexer. #12046, PR#12231
* Correct skip record condition in processRecords. #12198, PR#12230
* Also consider recursive forward in the “forwarded DS should not end up in negCache code.” #12189, #12199, PR#12227
* Timout handling for IXFRs as a client. #12125, PR#12190
* Detect invalid bytes in makeBytesFromHex(). #12066, PR#12173
* Log invalid RPZ content when obtained via IXFR. #12081, PR#12171
* When an expired NSEC3 entry is seen, move it to the front of the expiry queue. #12038, PR#12168
licensedigger accepted review
ok
factory-auto added origin-reviewers as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
maxlin_factory added as a reviewer
Being evaluated by staging project "openSUSE:Backports:SLE-15-SP5:Staging:adi:4"
maxlin_factory accepted review
Picked "openSUSE:Backports:SLE-15-SP5:Staging:adi:4"
mlin7442 accepted review
ok
maxlin_factory accepted review
Staging Project openSUSE:Backports:SLE-15-SP5:Staging:adi:4 got accepted.
maxlin_factory approved review
Staging Project openSUSE:Backports:SLE-15-SP5:Staging:adi:4 got accepted.
maxlin_factory accepted request
Staging Project openSUSE:Backports:SLE-15-SP5:Staging:adi:4 got accepted.
sr#1044817 has different source and is already staged
Yes, it should be superseded by this request. This one adds a security fix ;)
Unignored: returned to active backlog.