Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pdns-recursor

buildservice-autocommit accepted request 841527 from Adam Majer's avatar Adam Majer (adamm) (revision 150) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 149) 
- 9070.patch: refreshed, looks like only partially upstreamed
Adam Majer's avatar Adam Majer (adamm) committed (revision 148)
Adam Majer's avatar Adam Majer (adamm) committed (revision 147) 
- update to 4.3.5:
  * fixes cache pollution related to DNSSEC validation.
    (CVE-2020-25829, bsc#1177383)
  * now raise an exception on invalid content in unknown records
  * fixes the parsing of dont-throttle-netmasks in the presence of
    dont-throttle-names
- 9070.patch: upstreamed and removed
buildservice-autocommit accepted request 833218 from Adam Majer's avatar Adam Majer (adamm) (revision 146) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 145) 
- 9070.patch: backport compilation fix vs. latest Boost 1.74
  based on https://github.com/PowerDNS/pdns/pull/9070
Adam Majer's avatar Adam Majer (adamm) accepted request 832972 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 144) 
Update to 4.3.4

Note:
Currently building package pdns-recursor fails to build on Tumbleweed/Factory because of a incompability with Boost >= 1.73. Nevertheless we should get 4.3.4 prepared and fix Tumbleweed/Factory builds with a back-port patch provided by upstream really soon.

See also: https://mailman.powerdns.com/pipermail/pdns-users/2020-September/026825.html
Possible upstream fix: https://github.com/PowerDNS/pdns/pull/9070
buildservice-autocommit accepted request 821852 from Adam Majer's avatar Adam Majer (adamm) (revision 143) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 821505 from Michael Ströder's avatar Michael Ströder (stroeder) (revision 142) 
- update to 4.3.3
  * Validate cached DNSKEYs against the DSs, not the RRSIGs only.
  * Ignore cache-only for DNSKEYs and DS retrieval.
  * A ServFail while retrieving DS/DNSKEY records is just that.
  * Refuse DS records received from child zones.
  * Better exception handling in houseKeeping/handlePolicyHit.
  * Take initial refresh time from loaded zone.
buildservice-autocommit accepted request 818168 from Adam Majer's avatar Adam Majer (adamm) (revision 141) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 140)
Adam Majer's avatar Adam Majer (adamm) committed (revision 139) 
- update to 4.3.2
  * Fixes a access restriction bypass vulnerability where ACL applied
    to the internal web server via webserver-allow-from is
    not properly enforced, allowing a remote attacker to send
    HTTP queries to the internal web server, bypassing the restriction.
    (CVE-2020-14196, bsc#1173302)
  * improves CNAME loop detection
  * Fix the handling of DS queries for the root
  * Fix RPZ removals when an update has several deltas
buildservice-autocommit accepted request 807216 from Adam Majer's avatar Adam Majer (adamm) (revision 138) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 137) 
- update to 4.3.1
  * fixes an issue where records in the answer section of
    a NXDOMAIN response lacking an SOA were not properly validated
    (CVE-2020-12244, bsc#1171553)
  * fixes an issue where invalid hostname on the server can result in
    disclosure of invalid memory (CVE-2020-10030, bsc#1171553)
  * fixes an issue in the DNS protocol has been found that allows
    malicious parties to use recursive DNS services to attack third
    party authoritative name servers (CVE-2020-10995, bsc#1171553)
buildservice-autocommit accepted request 782531 from Adam Majer's avatar Adam Majer (adamm) (revision 136) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) accepted request 782525 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 135) 
The service did not even start up w/o these changes

- fixed configuration to make the service start
  https://docs.powerdns.com/recursor/upgrade.html#x-to-4-3-0-or-master
buildservice-autocommit accepted request 781144 from Adam Majer's avatar Adam Majer (adamm) (revision 134) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 133) 
- update to 4.3.0:
  * A relaxed form of QName Minimization as described in rfc7816bis-01.
    This feature is enabled by default
  * Dnstap support for outgoing queries to authoritative servers and
    the corresponding replies.
  * The recursor now processes a number of requests incoming over
    a TCP connection simultaneously and will return results
    (potentially) out-of-order.
  * Newly Observed Domain (NOD) functionality
  * For details see
    https://blog.powerdns.com/2020/03/03/powerdns-recursor-4-3-0-released/
buildservice-autocommit accepted request 755197 from Adam Majer's avatar Adam Majer (adamm) (revision 132) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 131) 
- update to 4.2.1:
  * Add deviceName field to protobuf messages
  * Purge map of failed auths periodically by keeping
    last changed timestamp.
  * Prime NS records of root-servers.net parent (.net)
  * Issue with “zz” abbreviation for IPv6 RPZ triggers
  * Basic validation of $GENERATE parameters
  * Fix inverse handler registration logic for SNMP
Displaying revisions 61 - 80 of 210
openSUSE Build Service is sponsored by
Places