Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pdns-recursor

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 902291 from Adam Majer's avatar Adam Majer (adamm) (revision 45) 
- no longer supports 32-bit arches -- requiers 64-bit time_t
- specfile cleanup - drop initrd cases
- build-require gcc7 on SLE-12 variant
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 882324 from Adam Majer's avatar Adam Majer (adamm) (revision 43) 
- update to 4.4.3:
  Improvements
    Use a short-lived NSEC3 hashes cache for denial validation.
    References: #9856, pull request 10221
  Bug Fixes
    More fail-safe handling of Newly Discovered Domain files.
    Handle policy (if needed) after postresolve.
    Return current rcode instead of 0 if there are no CNAME records to follow.
    Lookup DS entries before CNAME entries.
    Handle failure to start the web server more gracefully.
    Test that we correctly cap the answer’s TTL in expanded wildcard cases.
    Fix the gathering of denial proof for wildcard-expanded answers.
    Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case.
For details see,
https://doc.powerdns.com/recursor/changelog/4.4.html#change-4.4.3
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 855754 from Adam Majer's avatar Adam Majer (adamm) (revision 42) 
- update to 4.4.2:
  Improvements
  * UUID: Use the non-cryptographic variant of the boost::uuid.
  * Keep a cached, valid entry over a fresher Bogus one.
  * Ensure socket-dir matches runtime directory on old systemd
  * Move to several distinct Bogus states, for easier debugging.
  * Do not chase CNAME during qname minimization step 4.
  Bug Fixes
  * Untangle the validation/resolving qnames and qtypes.
  * APL records: fix endianness problem.
For details see,
https://doc.powerdns.com/recursor/changelog/4.4.html#change-4.4.2
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 850845 from Adam Majer's avatar Adam Majer (adamm) (revision 41) 
- update to 4.4.1
  * Allow specifying a name in getMetric() that is used for Prometheus
  * Avoids a CNAME loop detection issue with DNS64
  * No longer sends overly long NOD lookups.
  * If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization.
  * Fix the processing of answers generated from gettag.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 845522 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 39) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 841527 from Adam Majer's avatar Adam Majer (adamm) (revision 37) 
- update to 4.3.5:
  * fixes cache pollution related to DNSSEC validation.
    (CVE-2020-25829, bsc#1177383)
  * now raise an exception on invalid content in unknown records
  * fixes the parsing of dont-throttle-netmasks in the presence of
    dont-throttle-names
- 9070.patch: refreshed, looks like only partially upstreamed
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 833218 from Adam Majer's avatar Adam Majer (adamm) (revision 36) 
- 9070.patch: backport compilation fix vs. latest Boost 1.74
  based on https://github.com/PowerDNS/pdns/pull/9070

- update to 4.3.4
  * fixes an issue where certain CNAMEs could lead to resolver failure
  * fixes an issue with the hostname reported in Carbon messages
  * allows for multiple recursor services to run under systemd
- use HTTPS scheme for all URLs
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 818168 from Adam Majer's avatar Adam Majer (adamm) (revision 34) 
- update to 4.3.2
  * Fixes a access restriction bypass vulnerability where ACL applied
    to the internal web server via webserver-allow-from is
    not properly enforced, allowing a remote attacker to send
    HTTP queries to the internal web server, bypassing the restriction.
    (CVE-2020-14196, bsc#1173302)
  * improves CNAME loop detection
  * Fix the handling of DS queries for the root
  * Fix RPZ removals when an update has several deltas
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 807216 from Adam Majer's avatar Adam Majer (adamm) (revision 33) 
- update to 4.3.1
  * fixes an issue where records in the answer section of
    a NXDOMAIN response lacking an SOA were not properly validated
    (CVE-2020-12244, bsc#1171553)
  * fixes an issue where invalid hostname on the server can result in
    disclosure of invalid memory (CVE-2020-10030, bsc#1171553)
  * fixes an issue in the DNS protocol has been found that allows
    malicious parties to use recursive DNS services to attack third
    party authoritative name servers (CVE-2020-10995, bsc#1171553)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 781144 from Adam Majer's avatar Adam Majer (adamm) (revision 31) 
- update to 4.3.0:
  * A relaxed form of QName Minimization as described in rfc7816bis-01.
    This feature is enabled by default
  * Dnstap support for outgoing queries to authoritative servers and
    the corresponding replies.
  * The recursor now processes a number of requests incoming over
    a TCP connection simultaneously and will return results
    (potentially) out-of-order.
  * Newly Observed Domain (NOD) functionality
  * For details see
    https://blog.powerdns.com/2020/03/03/powerdns-recursor-4-3-0-released/
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 755197 from Adam Majer's avatar Adam Majer (adamm) (revision 30) 
- update to 4.2.1:
  * Add deviceName field to protobuf messages
  * Purge map of failed auths periodically by keeping
    last changed timestamp.
  * Prime NS records of root-servers.net parent (.net)
  * Issue with “zz” abbreviation for IPv6 RPZ triggers
  * Basic validation of $GENERATE parameters
  * Fix inverse handler registration logic for SNMP
Displaying revisions 21 - 40 of 69
openSUSE Build Service is sponsored by
Places