Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pdns-recursor

buildservice-autocommit accepted request 850235 from Adam Majer's avatar Adam Majer (adamm) (revision 156) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 850222 from Franck Bui's avatar Franck Bui (fbui) (revision 155) 
- Only require 'insserv' when this package ships an initscript
buildservice-autocommit accepted request 845522 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 154) 
baserev update by copy to link target
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 153) 
- fix default config
  - turn off chroot by default as it is not supported on systemd
    enabled systems
  - set query-local-address to ::,0.0.0.0
    to make ipv6 only nameservers work out of the box
buildservice-autocommit accepted request 842575 from Adam Majer's avatar Adam Majer (adamm) (revision 152) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 842567 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 151) 
- update to 4.4.0 with these major enhancements:
  * Native DNS64 support, without the need to use Lua.
  * The ability to add custom tags to RPZ hits.
  * Names encountered while resolving CNAMEs are now subject to RPZ
    processing.
  * More detailed information about RPZ handling is now available while
    tracing, in Lua and in the protobuf logging messages.
  * To allow more efficient use, the record cache is now shared between
    threads.
  * A routing tag[3] can be added in Lua code, which will be used as an
    additional record cache key instead of an EDNS subnet mask,
    enabling for a simpler record cache structure which will enhance
    query processing where the EDNS subnet mask is relevant.
  * The Proxy Protocol version 2 has been implemented to allow for a
    structured exchange of information between a client (typically
    dnsdist) and the Recursor.
- removed obsolete back-port fix 9070.patch
buildservice-autocommit accepted request 841527 from Adam Majer's avatar Adam Majer (adamm) (revision 150) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 149) 
- 9070.patch: refreshed, looks like only partially upstreamed
Adam Majer's avatar Adam Majer (adamm) committed (revision 148)
Adam Majer's avatar Adam Majer (adamm) committed (revision 147) 
- update to 4.3.5:
  * fixes cache pollution related to DNSSEC validation.
    (CVE-2020-25829, bsc#1177383)
  * now raise an exception on invalid content in unknown records
  * fixes the parsing of dont-throttle-netmasks in the presence of
    dont-throttle-names
- 9070.patch: upstreamed and removed
buildservice-autocommit accepted request 833218 from Adam Majer's avatar Adam Majer (adamm) (revision 146) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 145) 
- 9070.patch: backport compilation fix vs. latest Boost 1.74
  based on https://github.com/PowerDNS/pdns/pull/9070
Adam Majer's avatar Adam Majer (adamm) accepted request 832972 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 144) 
Update to 4.3.4

Note:
Currently building package pdns-recursor fails to build on Tumbleweed/Factory because of a incompability with Boost >= 1.73. Nevertheless we should get 4.3.4 prepared and fix Tumbleweed/Factory builds with a back-port patch provided by upstream really soon.

See also: https://mailman.powerdns.com/pipermail/pdns-users/2020-September/026825.html
Possible upstream fix: https://github.com/PowerDNS/pdns/pull/9070
buildservice-autocommit accepted request 821852 from Adam Majer's avatar Adam Majer (adamm) (revision 143) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 821505 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 142) 
- update to 4.3.3
  * Validate cached DNSKEYs against the DSs, not the RRSIGs only.
  * Ignore cache-only for DNSKEYs and DS retrieval.
  * A ServFail while retrieving DS/DNSKEY records is just that.
  * Refuse DS records received from child zones.
  * Better exception handling in houseKeeping/handlePolicyHit.
  * Take initial refresh time from loaded zone.
buildservice-autocommit accepted request 818168 from Adam Majer's avatar Adam Majer (adamm) (revision 141) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 140)
Adam Majer's avatar Adam Majer (adamm) committed (revision 139) 
- update to 4.3.2
  * Fixes a access restriction bypass vulnerability where ACL applied
    to the internal web server via webserver-allow-from is
    not properly enforced, allowing a remote attacker to send
    HTTP queries to the internal web server, bypassing the restriction.
    (CVE-2020-14196, bsc#1173302)
  * improves CNAME loop detection
  * Fix the handling of DS queries for the root
  * Fix RPZ removals when an update has several deltas
buildservice-autocommit accepted request 807216 from Adam Majer's avatar Adam Majer (adamm) (revision 138) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 137) 
- update to 4.3.1
  * fixes an issue where records in the answer section of
    a NXDOMAIN response lacking an SOA were not properly validated
    (CVE-2020-12244, bsc#1171553)
  * fixes an issue where invalid hostname on the server can result in
    disclosure of invalid memory (CVE-2020-10030, bsc#1171553)
  * fixes an issue in the DNS protocol has been found that allows
    malicious parties to use recursive DNS services to attack third
    party authoritative name servers (CVE-2020-10995, bsc#1171553)
Displaying revisions 61 - 80 of 216
openSUSE Build Service is sponsored by
Places