* Wed May 13 2020 Adam Majer <adam.majer@suse.de>
- bogus-empty-nxd-4.1.15.diff: fixes an issue where records in
the answer section of a NXDOMAIN response lacking an SOA were
not properly validated (CVE-2020-12244, bsc#1171553)
- hostname-4.1.15.diff: fixes an issue where invalid hostname
on the server can result in disclosure of invalid memory
(CVE-2020-10030, bsc#1171553)
- ns-ampl-4.1.15.diff: fixes an issue in the DNS protocol has been found that
allows malicious parties to use recursive DNS services to attack third
party authoritative name servers (CVE-2020-10995, bsc#1171553)
Version: 4.1.12-bp151.2.3
* Fri Apr 26 2019 mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
* Tue Apr 02 2019 Michael Ströder <michael@stroeder.com>
- update to 4.1.12:
* Improvements
- Provide CPU usage statistics per thread (worker & distributor).
- Use a bounded load-balancing algo to distribute queries.
- Implement a configurable ECS cache limit so responses with an
ECS scope more specific than a certain threshold and a TTL
smaller than a specific threshold are not inserted into the
records cache at all.
* Bug Fixes
- Correctly interpret an empty AXFR response to an IXFR query.
- update to 4.1.11:
* Improvements
- Add an option to export only responses over protobuf to the
Lua protobufServer() directive.
- Reduce systemcall usage in protobuf logging. (See #7428.)
* Fri Jan 25 2019 Michael Ströder <michael@stroeder.com>
- update to 4.1.10
- #7403: Fix compilation in handleRunningTCPQuestion without
protobuf support
* Mon Nov 26 2018 adam.majer@suse.de
- update to 4.1.8
https://blog.powerdns.com/2018/11/26/powerdns-recursor-4-1-8-released/
- Fixes case where a crafted query can cause a denial of service
(CVE-2018-16855, bsc#1116592)
* Fri Nov 09 2018 adam.majer@suse.de
- update to 4.1.7
https://blog.powerdns.com/2018/11/09/powerdns-recursor-4-1-7-released/
- Revert ?Keep the EDNS status of a server on FormErr with EDNS?
- Refuse queries for all meta-types
* Wed Nov 07 2018 adam.majer@suse.de
- update to 4.1.6
- Revert "rec: Authority records in AA=1 CNAME answer are
authoritative"
https://github.com/PowerDNS/pdns/issues/7158
* Wed Nov 07 2018 Michael Ströder <michael@stroeder.com>
- update to 4.1.5
- Improvements
* Add pdnslog to lua configuration scripts
* Fix compilation with libressl 2.7.0+
* Export outgoing ECS value and server ID in protobuf (if any)
* Switch to devtoolset 7 for el6
* Allow the signature inception to be off by number of seconds
- Bug Fixes
* Crafted answer can cause a denial of service
(bsc#1114157, CVE-2018-10851)
* Packet cache pollution via crafted query
(bsc#1114169, CVE-2018-14626)
* Crafted query for meta-types can cause a denial of service
(bsc#1114170, CVE-2018-14644)
* Delay creation of rpz threads until we dropped privileges
* Cleanup the netmask trees used for the ecs index on removals
* Make sure that the ecs scope from the auth is < to the source
* Authority records in aa=1 cname answer are authoritative
* Avoid a memory leak in catch-all exception handler
* Don?t require authoritative answers for forward-recurse zones
* Release memory in case of error in openssl ecdsa constructor
* Convert a few uses to toLogString to print DNSName?s that
may be empty in a safer manner
* Avoid a crash on DEC Alpha systems
* Clear all caches on (N)TA changes
* Fri Aug 31 2018 adam.majer@suse.de
- update to 4.1.4
- Improvements
* Split pdns_enable_unit_tests.
* Add a new max-udp-queries-per-round setting.
* Fix warnings reported by gcc 8.1.0.
* Tests: replace awk command by perl.
* Allow the snmp thread to retrieve statistics.
- Bug Fixes
* Don?t account chained queries more than once.
* Make rec_control respect include-dir.
* Load lua scripts only in worker threads.
* Purge all auth/forward zone data including subtree.
* Tue May 22 2018 michael@stroeder.com
- update to 4.1.3
- Improvements
* Add a subtree option to the API cache flush endpoint
* Use a separate, non-blocking pipe to distribute queries
* Move carbon/webserver/control/stats handling to a separate
thread
* Add _raw versions for QName / ComboAddresses to the FFI API
* Fix a warning on botan >= 2.5.0
- Bug Fixes
* Count a lookup into an internal auth zone as a cache miss
* Don?t increase the DNSSEC validations counters when running
with process-no-validate
* Respect the AXFR timeout while connecting to the RPZ server
* Increase MTasker stacksize to avoid crash in exception
unwinding
* Use the SyncRes time in our unit tests when checking cache
validity
* Add -rdynamic to C{,XX}FLAGS when we build with LuaJIT
* Delay the loading of RPZ zones until the parsing is done,
fixing a race condition
* Reorder includes to avoid boost L conflict (bsc#1089814)