SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pdns-recursor-debuginfo-3.7.3-5.26.x86_64.rpm :

* Tue Jul 21 2015 mrueckertAATTsuse.de- do not use /run/pdns instead of /var/run/pdns in the init script for the rest we have the systemd unit file
* Tue Jun 09 2015 michaelAATTstroeder.com- update to 3.7.3 will prevent short bursts of high resource usage with malformed qnames.
* Wed Apr 29 2015 mrueckertAATTsuse.de- call systemd-tmpfiles during installation
* Thu Apr 23 2015 michaelAATTstroeder.com- update to 3.7.2 with a fix for CVE-2015-1868 (boo# 927569) Bug fixes: - commit adb10be commit 3ec3e0f commit dc02ebf Fix handling of forward references in label compressed packets; fixes CVE-2015-1868 - commit a7be3f1: make sure we never call sendmsg with msg_control!=NULL && msg_controllen>0. Fixes ticket #2227 - commit 9d835ed: Improve robustness of root-nx-trust. Improvements: - commit 99c595b: Silence warnings that always occur on FreeBSD (Ruben Kerkhof)
* Thu Feb 12 2015 mrueckertAATTsuse.de- update to 3.7.1 This version contains a mix of speedups and improvements, the combined effect of which is vastly improved resilience against traffic spikes and malicious query overloads. Minor changes: - Removal of dead code here and there 04dc6d618734fc630122de4c56dff641ebaf0988 - Per-qtype response counters are now 64 bit 297bb6acf7902068693a4aae1443c424d0e8dd52 on 64 bit systems - Add IPv6 addresses for b and c.root-servers.net hints efc2595423c9a1be6f2d8f4da25445198ceb8b57 - Add IP address to logging about terminated queries 37aa9904d1cc967ba4b5d5e17dbe41485f8cdece - Improve qtype name logging fab3ed3453e15ae88e29a0e4071b214eb19caad9 (Aki Tuomi) - Redefine \'BAD_NETS\' for dont-query based on newer IANA guidance 12cd44ee0fcde5893f85dccc499bfc35152c5fff (lochiiconnectivity) - Add documentation links to systemd unit eb154adfdffa5c78624e2ea98e938d7b5787119e (Ruben Kerkhof) Improvements: - Upgrade embedded PolarSSL to 1.3.9: d330a2ea1a93d7675ef680311f8aa0306aeefcf1 - yahttp upgrade c290975778942ed1082ca66918695a5bd2d6bac4 c65a57e888ee48eaa948e590c90c51420bffa847 (Aki Tuomi) - Replace . in hostnames by - for Carbon so as not to confuse Metronome 46541751ed1c3bc051d78217543d5fc76733e212 - Manpages got a lot of love and are now built from Markdown (Pieter Lexis) - Move to PolarSSL base64 488360551009784ab35c43ee4580e773a2a8a227 (Kees Monshouwer) - The quiet=no query logging is now more informative 461df9d20c560d240285f772c09b3beb89d46daa - We can finally bind to 0.0.0.0 and :: and guarantee answers from the correct source b71b60ee73ef3c86f80a2179981eda2e61c4363f - We use per-packet timestamps to drop ancient traffic in case of overload b71b60ee73ef3c86f80a2179981eda2e61c4363f, non-Linux portability in d63f0d83631c41eff203d30b0b7c475a88f1db59 - Builtin webserver can be queried with the API key in the URL again c89f8cd022c4a9409b95d22ffa3b03e4e98dc400 - Ringbuffers are now available via API c89f8cd022c4a9409b95d22ffa3b03e4e98dc400 - Lua 5.3 compatibility 59c6fc3e3931ca87d484337daee512e716bc4cf4 (Kees Monshouwer) - No longer leave a stale UNIX domain socket around from rec_control if the recursor was down 524e4f4d81f4ed9eb218715cbc8a59f0b9868234, ticket #2061 - Running with \'quiet=no\' would strangely actually prevent debug messages from being logged f48d7b657ec32517f8bfcada3bfe6353ca313314 - Webserver now implements CORS for the API ea89a97e864c43c1cb03f2959ad04c4ebe7580ad, fixing ticket #1984 - Houskeeping thread would sometimes run multiple times simultaneously, which worked, but was odd cc59bce675e62e2b9657b42614ce8be3312cae82 New features: - New `root-nx-trust` flag makes PowerDNS generalize NXDOMAIN responses from the root-servers 01402d56846a3a61811ebd4e6bc97e53f908e568 - `getregisteredname()` for Lua, which turns \'www.bbc.co.uk\' into \'bbc.co.uk\' 8cd4851beb78bc6ab320926fb5cb6a09282016b1 - Lua preoutquery filter 3457a2a0ec41d3b3aff7640f30008788e1228a6e - Lua IP-based filter (ipfilter) before parsing packets 4ea949413c495254acb0bd19335142761c1efc0c - `iputils` class for Lua, to quickly process IP addresses and netmasks in their native format - `getregisteredname` function for Lua, to find the registered domain for a given name - Various new ringbuffers: top-servfail-remotes, top-largeanswer-remotes, top-servfail-queries Speedups: - Remove unneeded malloc traffic 93d4a89096e64d53740790f58fadec56f6a0af14 8682c32bc45b6ffa7c0f6da778e1b223ae7f03ce a903b39cfe7364c56324038264d3db50b8cece87 - Our nameserver-loop detection carried around a lot of baggage for complex domain names, plus did not differentiate IPv4 and IPv6 well enough 891fbf888ccac074e3edc38864641ca774f2f03c - Prioritize new queries over nameserver responses, improving latency under query bursts bf3b0cec366c090af000b066267b6f6bbb3a512a - Remove escaping in case there was nothing to escape 83b746fd1d94c8742d8bd87a44beb44c154230c7 - Our logging infrastructure had a lot of locking d1449e4d073595e1e1581804f121fc90e37158bf - Reduce logging level of certain common messages, which locked up synchronously logging systems 854d44e31c76aa650520e6d462dd3a02b5936f7a - Add limit on total wall-clock time spent on a query 9de3e0340fa066d4c59449e1643a1de8c343f8f2 - Packet cache is now case-insensitive, which increases hitrate 90974597aadaf1096e3fd0dc450be7422ea591a5 Security relevant: - Check for PIE, RELRO and stack protector during configure 8d0354b189c12e1e14f5309d3b49935c17f9eeb0 (Aki Tuomi) - Testing for support of PIE etc was improved in b2053c28ccb9609e2ce7bcb6beda83f98a062aa3 and beyond, fixes [#2125] (Ruben Kerkhof) - Max query-per-query limit (max-qperq) is now configurable 173d790ead08f67733010ca4c6fc404a040fe699 Bugs fixed: - IPv6 outgoing queries had a disproportionate effect on our query load. Fixed in 76f190f2a0877cd79ede2994124c1a58dc69ae49 and beyond. - rec_control gave incorrect output on a timeout 12997e9d800734da51b808767e1e2477244c30eb - When using the webserver AND having an error in the Lua script, recursor could crash during startup 62f0ae62984adadab687c23fe1b287c1f219b2cb - Hugely long version strings would trip up security polling 18b7333828a1275ae5f5574a9c8330290d8557ff (Kees Monshouwer) - The \'remotes\' ringbuffer was sized incorrectly f8f243b01215d6adcb59389f09ef494f1309041f - Cache sizes had an off-by-one scaling problem, with the wrong number of entries allocated per thread f8f243b01215d6adcb59389f09ef494f1309041f - Our automatic file descriptor limit raising was attempted
* after
* setuid, which made it a lot less effective. Found and fixed by Aki Tuomi a6414fdce9b0ec32c340d1f2eea2254f3fedc1c1 - Timestamps used for dropping packets were occasionaly wrong 183eb8774e4bc2569f06d5894fec65740f4b70b6 and 4c4765c104bacc146533217bcc843efb244a8086 (RC2) with thanks to Winfried for debugging. - In RC1, our new DoS protection measures would crash the Recursor if too many root servers were unreachable. 6a6fb05ad81c519b4002ed1db00f3ed9b7bce6b4. Debugging and testing by Fusl.- remove pdns-rec-lua52.patch: no longer needed
* Sun Nov 09 2014 michaelAATTstroeder.com- Fixed broken _localstatedir
* Thu Oct 30 2014 michaelAATTstroeder.com- update to upstream release 3.6.2 (boo# 906583) CVE-2014-8601 This is a bugfix update to 3.6.1. A list of changes since 3.6.1 follows.
* gab14b4f: expedite servfail generation for ezdns-like failures (fully abort query resolving if we hit more than 50 outqueries)
* g42025be: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, \"Security polling\".
* g5027429: We did not transmit the right \'local\' socket address to Lua for TCP/IP queries in the recursor. In addition, we would attempt to lookup a filedescriptor that wasn\'t there in an unlocked map which could conceivably lead to crashes. Closes t1828, thanks Winfried for reporting
* g752756c: Sync embedded yahttp copy. API: Replace HTTP Basic auth with static key in custom header
* g6fdd40d: add missing #include to rec-channel.hh (this fixes building on OS X).
* Tue Oct 28 2014 mrueckertAATTsuse.de- sync permissions/ownership of home and config dir with the pdns package
* Thu Sep 11 2014 mrueckertAATTsuse.de- added systemd support for 12.3 and newer
* Thu Sep 11 2014 mrueckertAATTsuse.de- update to 3.6.1 PowerDNS Recursor 3.6.0 could crash with a specific sequence of packets. For more details, see Section 13, “PowerDNS Security Advisory 2014-01: PowerDNS Recursor 3.6.0 can be crashed remotely”. PowerDNS Recursor 3.6.1 was very well tested, and is in full production already, so it should be a safe upgrade. For all the details see http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.6.1- additional changes from 3.6.0 This is a performance, feature and bugfix update to 3.5/3.5.3. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. It also brings robust resilience against certain classes of attacks. For all the details see http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.6.0- refreshed pdns-rec-lua52.patch- replaced pdns-recursor-3.2rc1-strip.patch and pdns-recursor-3.5.3_config.patch with cmdline options on the make commandline.
* Sat Aug 09 2014 dimstarAATTopensuse.org- Move control files from /var/run/pdns to /run/pdns.
* Tue Sep 17 2013 michaelAATTstroeder.com- update to upstrean release 3.5.3 This is a bugfix and performance update to 3.5.2. It brings serious performance improvements for dual stack users. For all the details see http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.3- Remove patch (pdns-recursor-3.3_config.patch)- Add patch (pdns-recursor-3.5.3_config.patch)
* Fri Jun 07 2013 michaelAATTstroeder.com- update to upstrean release 3.5.2 This is a stability and bugfix update to 3.5.1. - Responses without the QR bit set now get matched up to an outstanding query, so that resolution can be aborted early instead of waiting for a timeout. - The depth limiter changes in 3.5.1 broke some legal domains with lots of indirection. - Slightly improved logging to aid debugging.
* Sun May 19 2013 mrueckertAATTsuse.de- update to version 3.5.1 This is a stability and bugfix update to 3.5. It contains important fixes that improve operation for certain domains. This is a stability, security and bugfix update to 3.3/3.3.1. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. For all details see http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.1- adapted patches: pdns-rec-lua52.patch pdns-recursor-3.5.1_config.patch- fixed conditional for different lua versions- started some basic support to build packages for non suse distros
* Mon Nov 19 2012 dimstarAATTopensuse.org- Fix useradd invocation: -o is useless without -u and newer versions of pwdutils/shadowutils fail on this now.
* Tue Oct 09 2012 crrodriguezAATTopensuse.org- Use LUA 5.2
* Wed Apr 18 2012 mrueckertAATTsuse.de- update to version 3.3 fixes a number of small but persistent issues, rounds off our IPv6 %link-level support and adds an important feature for many users of the Lua scripts. For all details see http://doc.powerdns.com/changelog.html#changelog-recursor-3-3- Build binaries as PIE.- refreshed config patch: old: pdns-recursor-3.2_config.patch new: pdns-recursor-3.3_config.patch- fix lua linking on factory
* Mon Feb 13 2012 cooloAATTsuse.com- patch license to follow spdx.org standard
* Wed Apr 28 2010 mrueckertAATTsuse.de- create /var/run/pdns directory in the init script and package it as ghost.
* Fri Mar 12 2010 mrueckertAATTsuse.de- update to version 3.2 The 3.2 release is the first major release of the PowerDNS Recursor in a long time. Partly this is because 3.1.7.
* functioned very well, and delivered satisfying performance, partly this is because in order to really move forward, some heavy lifting had to be done. This version of the PowerDNS Recursor contains a rather novel form of lock-free multithreading, a situation that comes close to the old \'--fork\' trick, but allows the Recursor to fully utilize multiple CPUs, while delivering unified statistics and operational control. In effect, this delivers the best of both worlds: near linear scaling, with almost no administrative overhead. http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-2- patches dropped: pdns-recursor-3.1.7.1_atomicity.patch pdns-recursor-3.1.7.1_lua.patch- patches refreshed for the update: old name: pdns-recursor-3.1.7.1-strip.patch new name: pdns-recursor-3.2rc1-strip.patch old name: pdns-recursor-3.1.7.2_config.patch new name: pdns-recursor-3.2_config.patch
* Fri Jan 08 2010 mrueckertAATTsuse.de- update to version 3.1.7.2 This release consist of a number of vital security updates. These updates address issues that can in all likelihood lead to a full system compromise. In addition, it is possible for third parties to pollute your cache with dangerous data, exposing your users to possible harm. http://rtfm.powerdns.com/powerdns-advisory-2010-01.html http://rtfm.powerdns.com/powerdns-advisory-2010-02.html CVE-2009-4009
* Wed Nov 11 2009 mrueckertAATTsuse.de- update to version 3.1.7.1 This release consists entirely of fixes for tiny bugs that have been reported over the past year. In addition, compatibility has been restored with the latest versions of the gcc compiler and the \'boost\' libraries. No features have been added, but some debugging code that very slightly impacted performance (and polluted the console when operating in the foreground) has been removed. - Improved error messages when parsing zones for authoritative serving (commit 1235). - Better resilience against whitespace in configuration (changesets 1237, 1240, 1242) - Slight performance increase (commit 1378) - Fix rare case where timeouts were not being reported to the right query-thread (commit 1260) - Fix compilation against newer versions of the Boost C++ libraries (commit 1381) - Close very rare issue with TCP/IP close reporting ECONNRESET on FreeBSD. Reported by Andrei Poelov in ticket 192. - Silence debugging output (commit 1286). - Fix compilation against newer versions of gcc (commit 1384) - No longer set export-etc-hosts to \'on\' on reload-zones. Discovered by Paul Cairney, closes ticket 225. - Sane default for the maximum cache size in the Recursor, suggested by Roel van der Made (commit 1354). - No longer exit because of the changed behaviour of the Solaris \'completion ports\' in more recent versions of Solaris. Fix in commit 1372, reported by Jan Gyselinck- update to version 3.1.7 This version contains powerful scripting abilities, allowing operators to modify DNS responses in many interesting ways. Among other things, these abilities can be used to filter out malware domains, to perform load balancing, to comply with legal and other requirements and finally, to implement \'NXDOMAIN\' redirection. It is hoped that the addition of Lua scripting will enable responsible DNS modification for those that need it. For more details about the Lua scripting, which can be modified, loaded and unloaded at runtime, see Section 12.6. Many thanks are due to the #lua irc channel, for excellent near-realtime Lua support. In addition, a number of PowerDNS users have been enthousiastically testing prereleases of the scripting support, and have found and solved many issues. - In 3.1.5 and 3.1.6, an authoritative server could continue to renew its authority, even though a domain had been delegated to other servers in the meantime. - In the rare cases where this happened, and the old servers were not shut down, the observed effect is that users were fed outdated data. - Bug spotted and analysed by Darren Gamble, fix in commit 1182 and commit 1183. - Thanks to long time PowerDNS contributor Stefan Arentz, for the first time, Mac OS X 10.5 users can compile and run the PowerDNS Recursor! Patch in commit 1185. - Sten Spans spotted that for outgoing TCP/IP queries, the query-local-address setting was not honored. Fixed in commit 1190. - rec_control wipe-cache now also wipes domains from the negative cache, hurrying up the expiry of negatively cached records. Suggested by Simon Kirby, implemented in commit 1204. - When a forwarder server is configured for a domain, using the forward-zones setting, this server IP address was filtered using the dont-query setting, which is generally not what is desired: the server to which queries are forwarded will often live in private IP space, and the operator should be trusted to know what he is doing. Reported and argued by Simon Kirby, fix in commit 1211. - Marcus Rueckert of OpenSUSE reported that very recent gcc versions emitted a (correct) warning on an overly complicated line in syncres.cc, fixed in commit 1189. - Stefan Schmidt discovered that the netmask matching code, used by the new Lua scripts, but also by all other parts of PowerDNS, had problems with explicit \'/32\' matches. Fixed in commit 1205.- added pdns-recursor-3.1.7.1_lua.patch fix linking with lua- dropping patches included upstream: pdns-recursor-3.1.4_char_casting.patch pdns-recursor-3.1.4_r965.patch pdns-recursor-3.1.4_gcc43.patch- refreshed patches: old: pdns-recursor-3.1.3-strip.patch new: pdns-recursor-3.1.7.1-strip.patch old: pdns-recursor-3.1.4_atomicity.patch new: pdns-recursor-3.1.7.1_atomicity.patch old: pdns-recursor-3.1.4_config.patch new: pdns-recursor-3.1.7.1_config.patch
* Tue Jun 09 2009 cooloAATTnovell.com- fix build with gcc 4.4
* Thu Nov 20 2008 mrueckertAATTsuse.de- fix typo in pdns-recursor-3.1.5_config.patch: (bnc#446608) pdns_recursor was looking for the config file in the wrong path- added pdns-recursor-3.1.7_lua.patch: use pkg-config to find the CFLAGS/LIBS for the lua support
* Thu Nov 06 2008 mrueckertAATTsuse.de- added pdns-recursor-3.1.7_new_boost_exceptions.patch: clearify the referenced exception class
* Mon Sep 08 2008 anosekAATTsuse.cz- updated to version 3.1.7
* this version contains powerful scripting abilities, allowing operators to modify DNS responses in many interesting ways. Among other things, these abilities can be used to filter out malware domains, to perform load balancing, to comply with legal and other requirements and finally, to implement \'NXDOMAIN\' redirection.
* number of bugfixes- dropped obsoleted patches: (svn_fixes.patch) (make_it_compile.patch)
* Tue May 20 2008 mrueckertAATTsuse.de- backport the fixes from 3.1.6 - The new high-quality random generator was not used for all random numbers, especially in source port selection. (bnc#375400) - fix issue resolving popular domains where one of the nameservers is suffering from a timeout.- added pdns-recursor-3.1.6_make_it_compile.patch: missing include broke build- added pdns-recursor-3.1.6_parentheses_warning.patch: fix small warning about missing parentheses (disabled for now)
* Wed Apr 02 2008 anosekAATTsuse.cz- updated to version 3.1.5 New features:
* Implemented rec_control command get uptime
* The Recursor Authorative component, meant for having the Recursor serve some zones authoritatively, now supports $INCLUDE and $GENERATE.
* Implemented forward-zones-file option in order to support larger amounts of zones which should be forwarded to another nameserver.
* Both forward-zones and forward-zones-file can now specify multiple forwarders per domain.
* Sten Spans contributed allow-from-file. This feature allows the Recursor to read access rules from a (large) file. Several improvements and bugfixes as well- fixes VUL-0: pdns DNS spoofing vulnerability (bnc#375400)- dropped patches applied by upstream: (char_casting.patch), (r965.patch), (gcc43.patch)
* Sun Oct 28 2007 mrueckertAATTsuse.de- added pdns-recursor-3.1.4_gcc43.patch: fix all warnings in pdns-recursor. (patch is upstream)
* Tue Jul 24 2007 mrueckertAATTsuse.de- added pdns-recursor-3.1.4_r965.patch: fix building on 10.0
* Wed Feb 28 2007 mrueckertAATTsuse.de- added pdns-recursor-3.1.4_atomicity.patch: The optimized code in recursor_cache.cc is included in gcc 4.2. Proper #if to use it only with older gcc.- added pdns-recursor-3.1.4_char_casting.patch Don\'t cast string constants to char
*.
* Tue Nov 14 2006 mrueckertAATTsuse.de- update to version 3.1.4 This release contains two important security fixes, which should also solve the very rare reports of stability problems. Additionally, a new class of misconfigured domains will now always be resolved correctly, instead of intermittently.- removed patches applied upstream: pdns-recursor-3.1.3_2006-02.patch pdns-recursor-3.1.3_cve-2006-4251.patch pdns-recursor-3.1.3_implicit_declarations.patch
* Mon Nov 13 2006 mrueckertAATTsuse.de- added pdns-recursor-3.1.3_2006-02.patch: fix an endless recursion in CNAME handling [#219355]
* Sat Nov 11 2006 mrueckertAATTsuse.de- added pdns-recursor-3.1.3_cve-2006-4251.patch: fix a stack corruption with malformed packages [#219355]- added pdns-recursor-3.1.3_implicit_declarations.patch: fix an implicit declaration warning from gcc http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/920
* Mon Nov 06 2006 schwabAATTsuse.de- Don\'t strip binaries.
* Mon Oct 23 2006 mrueckertAATTsuse.de- initial package of version 3.1.3
  
ICM