Revisions of pdns-recursor
Yuchen Lin (maxlin_factory)
accepted
request 1170014
from
Adam Majer (adamm)
(revision 12)
- update to 5.0.4: * fixes a case when a crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured (bsc#1223262, CVE-2024-25583) - changes in 5.0.3 * Log if a DNSSEC related limit was hit if log_bogus is set * Reduce RPZ memory usage by not keeping the initially loaded RPZs in memory * Fix the zoneToCache regression introduced by 5.0.2 security update
Lubos Kocman (lkocman-factory)
accepted
request 1146435
from
Adam Majer (adamm)
(revision 11)
- update to 5.0.2 * fixes crafted DNSSEC records in a zone can lead to a denial of service in Recursor https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html (bsc#1219823, bsc#1219826, CVE-2023-50387, CVE-2023-50868) - update to 5.0.1 https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.1 For upgrade from 4.9.x, see https://doc.powerdns.com/recursor/upgrade.html#to-5-0-0-and-master - cargo_build_fix.patch: add cargo_build parameters to Makefile...
Yuchen Lin (maxlin_factory)
accepted
request 1115360
from
Yuchen Lin (maxlin_factory)
(revision 10)
Automatically create request by update submitter.This is going to update package to openSUSE:Backports:SLE-15-SP6 from openSUSE:Factory.Please review this change and decline it if Leap do not need it.
Yuchen Lin (maxlin_factory)
accepted
request 1107198
from
Yuchen Lin (maxlin_factory)
(revision 9)
Automatically create request by update submitter.This is going to update package to openSUSE:Backports:SLE-15-SP6 from openSUSE:Factory.Please review this change and decline it if Leap do not need it.
Yuchen Lin (maxlin_factory)
committed
(revision 8)
branch from Backports SP5
Yuchen Lin (maxlin_factory)
accepted
request 1069901
from
Adam Majer (adamm)
(revision 7)
- update to 4.8.3 * Fix serve-stale logic to not cause intermittent high CPU load by: + correcting the removal of a negative cache entry, + correcting the serve-stale main loop regarding exception handling, + correctly handle negcache entries with serve-state status. - changes in version 4.8.2 * Make cache cleaning of record an negative cache more fair * Do not report “not decreasing socket buf size” as an error * Do not use “message” as key, it has a special meaning to systemd-journal * Add the ‘parse packet from auth’ error message to structured logging * Refresh of negcache stale entry might use wrong qtype * Do not chain ECS enabled queries * Properly encode json string containing binary data
Yuchen Lin (maxlin_factory)
accepted
request 1059963
from
Adam Majer (adamm)
(revision 6)
- update to 4.8.1 * Avoid unbounded recursion when retrieving DS records from some misconfigured domains. (bsc#1207342, CVE-2023-22617) - update to 4.8.0 with these major changes: * Structured Logging has been implemented for almost all subsystems. * Optional Serve Stale functionality has been implemented, providing resilience against connectivity problems towards authoritative servers. * Optional Record Locking has been implemented, providing an extra layer of protection against spoofing attempts at the price of reduced cache efficiency. * Internal tables used to track information about authoritative servers are now shared instead of per-thread, resulting in better performance and lower memory usage. * EDNS padding of outgoing DoT queries has been implemented, providing better privacy protection. * Metrics have been added about the protobuf and dnstap logging subsystems and the rcodes received from authoritative servers. - update to 4.7.4 * Fix compilation of the event ports multiplexer. #12046, PR#12231 * Correct skip record condition in processRecords. #12198, PR#12230 * Also consider recursive forward in the “forwarded DS should not end up in negCache code.” #12189, #12199, PR#12227 * Timout handling for IXFRs as a client. #12125, PR#12190 * Detect invalid bytes in makeBytesFromHex(). #12066, PR#12173 * Log invalid RPZ content when obtained via IXFR. #12081, PR#12171 * When an expired NSEC3 entry is seen, move it to the front of the expiry queue. #12038, PR#12168
Yuchen Lin (maxlin_factory)
accepted
request 1011716
from
Yuchen Lin (maxlin_factory)
(revision 5)
Automatically create request by update submitter.This is going to update package to openSUSE:Backports:SLE-15-SP5 from openSUSE:Factory.Please review this change and decline it if Leap do not need it.
Yuchen Lin (maxlin_factory)
committed
(revision 4)
branch from SP4 Backports
Yuchen Lin (maxlin_factory)
accepted
request 964873
from
Adam Majer (adamm)
(revision 3)
- update to 4.6.1 fixes incomplete validation of incoming IXFR transfer in the Recursor. It applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. (bsc#1197525, CVE-2022-27227) - update to 4.6.0 Compared to the previous major (4.5) release of PowerDNS Recursor, this release contains several sets of changes: * The ability to flush records from the caches on a incoming notify requests. * A rewrite of the outgoing TCP code, adding both re-use of connections and support for DoT to authoritative servers or forwarders. * Many improvements in the area of metrics: more metrics are collected and more metrics are now exported in a Prometheus friendly way. * A new Zone to Cache function that will retrieve a zone (using AXFR, HTTP, HTTPS or a local file) periodically and insert the contents into the record cache, allowing the cache to be always hot for a zone. This can be used for the root or any other zone. * An experimental Event Tracing function, providing insight into the time taken by the steps in the process of resolving a name.
Yuchen Lin (maxlin_factory)
accepted
request 938320
from
Yuchen Lin (maxlin_factory)
(revision 2)
Automatically create request by update submitter. This is trying to update package to openSUSE:Backports:SLE-15-SP4 from openSUSE:Factory. Please review this change and decline it if Leap do not need it.
Wolfgang Engel (bigironman)
committed
(revision 1)
osc copypac from project:openSUSE:Backports:SLE-15-SP3 package:pdns-recursor revision:2
Displaying all 12 revisions