Package Release Info

pdns-recursor-4.1.12-bp151.4.9.1

Update Info: openSUSE-2020-1687
Available in Package Hub : 15 SP1 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

pdns-recursor

Change Logs

* Tue Oct 13 2020 Adam Majer <adam.majer@suse.de>

- update to 4.3.5:
  * fixes cache pollution related to DNSSEC validation.
    (CVE-2020-25829, bsc#1177383)
  * now raise an exception on invalid content in unknown records
  * fixes the parsing of dont-throttle-netmasks in the presence of
    dont-throttle-names
- 9070.patch: refreshed, looks like only partially upstreamed

Version: 4.1.12-bp151.4.6.1

* Wed Jul 01 2020 Adam Majer <adam.majer@suse.de>

- update to 4.3.2
  * Fixes a access restriction bypass vulnerability where ACL applied
    to the internal web server via webserver-allow-from is
    not properly enforced, allowing a remote attacker to send
    HTTP queries to the internal web server, bypassing the restriction.
    (CVE-2020-14196, bsc#1173302)
  * improves CNAME loop detection
  * Fix the handling of DS queries for the root
  * Fix RPZ removals when an update has several deltas

Version: 4.1.12-bp151.4.3.1

* Wed May 13 2020 Adam Majer <adam.majer@suse.de>

- bogus-empty-nxd-4.1.15.diff: fixes an issue where records in
  the answer section of a NXDOMAIN response lacking an SOA were
  not properly validated (CVE-2020-12244, bsc#1171553)
- hostname-4.1.15.diff: fixes an issue where invalid hostname
  on the server can result in disclosure of invalid memory
  (CVE-2020-10030, bsc#1171553)
- ns-ampl-4.1.15.diff: fixes an issue in the DNS protocol has been found that
  allows malicious parties to use recursive DNS services to attack third
  party authoritative name servers (CVE-2020-10995, bsc#1171553)

Version: 4.1.12-bp151.3.1

Version: 4.1.12-bp151.2.3

* Fri Apr 26 2019 mvetter@suse.com

- bsc#1130588: Require shadow instead of old pwdutils

* Tue Apr 02 2019 Michael Ströder <michael@stroeder.com>

- update to 4.1.12:
  * Improvements
  - Provide CPU usage statistics per thread (worker & distributor).
  - Use a bounded load-balancing algo to distribute queries.
  - Implement a configurable ECS cache limit so responses with an
    ECS scope more specific than a certain threshold and a TTL
    smaller than a specific threshold are not inserted into the
    records cache at all.
  * Bug Fixes
  - Correctly interpret an empty AXFR response to an IXFR query.
- update to 4.1.11:
  * Improvements
  - Add an option to export only responses over protobuf to the
    Lua protobufServer() directive.
  - Reduce systemcall usage in protobuf logging. (See #7428.)

* Fri Jan 25 2019 Michael Ströder <michael@stroeder.com>

- update to 4.1.10
  - #7403: Fix compilation in handleRunningTCPQuestion without
    protobuf support

* Mon Nov 26 2018 adam.majer@suse.de

- update to 4.1.8
  https://blog.powerdns.com/2018/11/26/powerdns-recursor-4-1-8-released/
  - Fixes case where a crafted query can cause a denial of service
    (CVE-2018-16855, bsc#1116592)

* Fri Nov 09 2018 adam.majer@suse.de

- update to 4.1.7
  https://blog.powerdns.com/2018/11/09/powerdns-recursor-4-1-7-released/
  - Revert ?Keep the EDNS status of a server on FormErr with EDNS?
  - Refuse queries for all meta-types

* Wed Nov 07 2018 adam.majer@suse.de

- update to 4.1.6
  - Revert "rec: Authority records in AA=1 CNAME answer are
    authoritative"
    https://github.com/PowerDNS/pdns/issues/7158

* Wed Nov 07 2018 Michael Ströder <michael@stroeder.com>

- update to 4.1.5
  - Improvements
  * Add pdnslog to lua configuration scripts
  * Fix compilation with libressl 2.7.0+
  * Export outgoing ECS value and server ID in protobuf (if any)
  * Switch to devtoolset 7 for el6
  * Allow the signature inception to be off by number of seconds
  - Bug Fixes
  * Crafted answer can cause a denial of service
    (bsc#1114157, CVE-2018-10851)
  * Packet cache pollution via crafted query
    (bsc#1114169, CVE-2018-14626)
  * Crafted query for meta-types can cause a denial of service
    (bsc#1114170, CVE-2018-14644)
  * Delay creation of rpz threads until we dropped privileges
  * Cleanup the netmask trees used for the ecs index on removals
  * Make sure that the ecs scope from the auth is < to the source
  * Authority records in aa=1 cname answer are authoritative
  * Avoid a memory leak in catch-all exception handler
  * Don?t require authoritative answers for forward-recurse zones
  * Release memory in case of error in openssl ecdsa constructor
  * Convert a few uses to toLogString to print DNSName?s that
    may be empty in a safer manner
  * Avoid a crash on DEC Alpha systems
  * Clear all caches on (N)TA changes

* Fri Aug 31 2018 adam.majer@suse.de

- update to 4.1.4
  - Improvements
  * Split pdns_enable_unit_tests.
  * Add a new max-udp-queries-per-round setting.
  * Fix warnings reported by gcc 8.1.0.
  * Tests: replace awk command by perl.
  * Allow the snmp thread to retrieve statistics.
  - Bug Fixes
  * Don?t account chained queries more than once.
  * Make rec_control respect include-dir.
  * Load lua scripts only in worker threads.
  * Purge all auth/forward zone data including subtree.

* Tue May 22 2018 michael@stroeder.com

- update to 4.1.3
  - Improvements
  * Add a subtree option to the API cache flush endpoint
  * Use a separate, non-blocking pipe to distribute queries
  * Move carbon/webserver/control/stats handling to a separate
    thread
  * Add _raw versions for QName / ComboAddresses to the FFI API
  * Fix a warning on botan >= 2.5.0
  - Bug Fixes
  * Count a lookup into an internal auth zone as a cache miss
  * Don?t increase the DNSSEC validations counters when running
    with process-no-validate
  * Respect the AXFR timeout while connecting to the RPZ server
  * Increase MTasker stacksize to avoid crash in exception
    unwinding
  * Use the SyncRes time in our unit tests when checking cache
    validity
  * Add -rdynamic to C{,XX}FLAGS when we build with LuaJIT
  * Delay the loading of RPZ zones until the parsing is done,
    fixing a race condition
  * Reorder includes to avoid boost L conflict (bsc#1089814)