• Files Changed
• Browse Source

- no longer supports 32-bit arches -- requiers 64-bit time_t
- specfile cleanup - drop initrd cases
- build-require gcc7 on SLE-12 variant

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 4.4.3:
  Improvements
    Use a short-lived NSEC3 hashes cache for denial validation.
    References: #9856, pull request 10221
  Bug Fixes
    More fail-safe handling of Newly Discovered Domain files.
    Handle policy (if needed) after postresolve.
    Return current rcode instead of 0 if there are no CNAME records to follow.
    Lookup DS entries before CNAME entries.
    Handle failure to start the web server more gracefully.
    Test that we correctly cap the answer’s TTL in expanded wildcard cases.
    Fix the gathering of denial proof for wildcard-expanded answers.
    Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case.
For details see,
https://doc.powerdns.com/recursor/changelog/4.4.html#change-4.4.3

• Files Changed
• Browse Source

- update to 4.4.2:
  Improvements
  * UUID: Use the non-cryptographic variant of the boost::uuid.
  * Keep a cached, valid entry over a fresher Bogus one.
  * Ensure socket-dir matches runtime directory on old systemd
  * Move to several distinct Bogus states, for easier debugging.
  * Do not chase CNAME during qname minimization step 4.
  Bug Fixes
  * Untangle the validation/resolving qnames and qtypes.
  * APL records: fix endianness problem.
For details see,
https://doc.powerdns.com/recursor/changelog/4.4.html#change-4.4.2

• Files Changed
• Browse Source

- update to 4.4.1
  * Allow specifying a name in getMetric() that is used for Prometheus
  * Avoids a CNAME loop detection issue with DNS64
  * No longer sends overly long NOD lookups.
  * If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization.
  * Fix the processing of answers generated from gettag.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 4.3.5:
  * fixes cache pollution related to DNSSEC validation.
    (CVE-2020-25829, bsc#1177383)
  * now raise an exception on invalid content in unknown records
  * fixes the parsing of dont-throttle-netmasks in the presence of
    dont-throttle-names
- 9070.patch: refreshed, looks like only partially upstreamed

• Files Changed
• Browse Source

- 9070.patch: backport compilation fix vs. latest Boost 1.74
  based on https://github.com/PowerDNS/pdns/pull/9070

- update to 4.3.4
  * fixes an issue where certain CNAMEs could lead to resolver failure
  * fixes an issue with the hostname reported in Carbon messages
  * allows for multiple recursor services to run under systemd
- use HTTPS scheme for all URLs

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 4.3.2
  * Fixes a access restriction bypass vulnerability where ACL applied
    to the internal web server via webserver-allow-from is
    not properly enforced, allowing a remote attacker to send
    HTTP queries to the internal web server, bypassing the restriction.
    (CVE-2020-14196, bsc#1173302)
  * improves CNAME loop detection
  * Fix the handling of DS queries for the root
  * Fix RPZ removals when an update has several deltas

• Files Changed
• Browse Source

- update to 4.3.1
  * fixes an issue where records in the answer section of
    a NXDOMAIN response lacking an SOA were not properly validated
    (CVE-2020-12244, bsc#1171553)
  * fixes an issue where invalid hostname on the server can result in
    disclosure of invalid memory (CVE-2020-10030, bsc#1171553)
  * fixes an issue in the DNS protocol has been found that allows
    malicious parties to use recursive DNS services to attack third
    party authoritative name servers (CVE-2020-10995, bsc#1171553)

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 4.3.0:
  * A relaxed form of QName Minimization as described in rfc7816bis-01.
    This feature is enabled by default
  * Dnstap support for outgoing queries to authoritative servers and
    the corresponding replies.
  * The recursor now processes a number of requests incoming over
    a TCP connection simultaneously and will return results
    (potentially) out-of-order.
  * Newly Observed Domain (NOD) functionality
  * For details see
    https://blog.powerdns.com/2020/03/03/powerdns-recursor-4-3-0-released/

• Files Changed
• Browse Source

- update to 4.2.1:
  * Add deviceName field to protobuf messages
  * Purge map of failed auths periodically by keeping
    last changed timestamp.
  * Prime NS records of root-servers.net parent (.net)
  * Issue with “zz” abbreviation for IPv6 RPZ triggers
  * Basic validation of $GENERATE parameters
  * Fix inverse handler registration logic for SNMP

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- update to 4.1.13:
  * Add the disable-real-memory-usage setting to skip expensive
    collection of detailed memory usage info
  * Fix DNSSEC validation of wildcards expanded onto themselves.

• Files Changed
• Browse Source

• Files Changed
• Browse Source