Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pdns-recursor-5.1.2-1.3 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: pdns-recursor Distribution: openSUSE:Factory:zSystems
Version: 5.1.2 Vendor: openSUSE
Release: 1.3 Build date: Tue Nov 5 02:41:30 2024
Group: Productivity/Networking/DNS/Servers Build host: reproducible
Size: 14239996 Source RPM: pdns-recursor-5.1.2-1.3.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.powerdns.com/
Summary: Modern, advanced and high performance recursing/non authoritative nameserver
 
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this
package if you need a dns cache for your network.


Authors:
--------
    http://www.powerdns.com

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Tue Nov 05 2024 Marcus Rueckert <mrueckert@suse.de>
  - update to 5.1.2 (boo#1231292 CVE-2024-25590)
    https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.2
  - drop powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch included
    in update
* Sun Sep 29 2024 Marcus Rueckert <mrueckert@suse.de>
  - update to 5.1.1
    https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.1
    https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.8
  - add powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch from arch
    linux to fix building with boost 1.86
  - refreshed cargo_build_fix.patch
  - track series file for easier patching
  - no more conf.dist file. I think we should switch the default
    config in the package to the yaml format maybe
* Sat May 25 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - update to 5.0.5:
    * Do not count RRSIGs using unsupported algorithms toward RRSIGs
      limit
    * Correctly count NSEC3s considered when chasing the closest
      encloser.
    * Let NetmaskGroup parse dont-throttle-netmasks, allowing
      negations.
    * Fix types of two YAML settings (incoming.edns_padding_from,
      incoming.proxy_protocol_from) that should be sequences of
      subnets
    * Fix trace=fail regression and add regression test for it
* Wed Apr 24 2024 Adam Majer <adam.majer@suse.de>
  - update to 5.0.4:
    * fixes a case when a crafted responses can lead to a denial of
      service in Recursor if recursive forwarding is configured
      (bsc#1223262, CVE-2024-25583)
  - changes in 5.0.3
    * Log if a DNSSEC related limit was hit if log_bogus is set
    * Reduce RPZ memory usage by not keeping the initially loaded
      RPZs in memory
    * Fix the zoneToCache regression introduced by 5.0.2 security
      update
* Tue Feb 13 2024 Adam Majer <adam.majer@suse.de>
  - update to 5.0.2
    * fixes crafted DNSSEC records in a zone can lead to a denial
      of service in Recursor
    https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
    (bsc#1219823, bsc#1219826, CVE-2023-50387, CVE-2023-50868)
* Fri Feb 09 2024 Adam Majer <adam.majer@suse.de> 5.0.1
  - update to 5.0.1
    https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.1
    For upgrade from 4.9.x, see
    https://doc.powerdns.com/recursor/upgrade.html#to-5-0-0-and-master
  - cargo_build_fix.patch: add cargo_build parameters to Makefile...
* Fri Aug 25 2023 Adam Majer <adam.majer@suse.de> 4.9.1
  - update to 4.9.1
    * The setting of policy tags for packet cache hist has been fixed.
      Previously, packet cache hits would not contain policy tags set in
      the Lua gettags(-ffi) intercept functions.
    * The retrieval of RPZ zones could fail in situations where a read of
      the chunk length from the IXFR TCP stream would produce an
      incomplete result.
  - enable DSN-over-TLS (DoT) via OpenSSL
    For complete list of changes, see
    https://doc.powerdns.com/recursor/changelog/4.9.html#change-4.9.1
    For upgrades since 4.8.x and earlier, see
    https://doc.powerdns.com/recursor/upgrade.html
* Tue Apr 04 2023 Adam Majer <adam.majer@suse.de>
  - update to 4.8.4
    * Deterred spoofing attempts can lead to authoritative servers
      being marked unavailable (bsc#1209897, CVE-2023-26437)
* Tue Mar 07 2023 Adam Majer <adam.majer@suse.de> 4.8.3
  - update to 4.8.3
    * Fix serve-stale logic to not cause intermittent high CPU load by:
      + correcting the removal of a negative cache entry,
      + correcting the serve-stale main loop regarding exception handling,
      + correctly handle negcache entries with serve-state status.
  - changes in version 4.8.2
    * Make cache cleaning of record an negative cache more fair
    * Do not report “not decreasing socket buf size” as an error
    * Do not use “message” as key, it has a special meaning to systemd-journal
    * Add the ‘parse packet from auth’ error message to structured logging
    * Refresh of negcache stale entry might use wrong qtype
    * Do not chain ECS enabled queries
    * Properly encode json string containing binary data
* Fri Jan 20 2023 Adam Majer <adam.majer@suse.de>
  - update to 4.8.1
    * Avoid unbounded recursion when retrieving DS records from some
      misconfigured domains. (bsc#1207342, CVE-2023-22617)
* Mon Dec 12 2022 Michael Ströder <michael@stroeder.com>
  - update to 4.8.0 with these major changes:
    * Structured Logging has been implemented for almost all
      subsystems.
    * Optional Serve Stale functionality has been implemented,
      providing resilience against connectivity problems towards
      authoritative servers.
    * Optional Record Locking has been implemented, providing an extra
      layer of protection against spoofing attempts at the price of
      reduced cache efficiency.
    * Internal tables used to track information about authoritative
      servers are now shared instead of per-thread, resulting in
      better performance and lower memory usage.
    * EDNS padding of outgoing DoT queries has been implemented,
      providing better privacy protection.
    * Metrics have been added about the protobuf and dnstap logging
      subsystems and the rcodes received from authoritative
      servers.
* Fri Nov 25 2022 Michael Ströder <michael@stroeder.com>
  - update to 4.7.4
    * Fix compilation of the event ports multiplexer. #12046, PR#12231
    * Correct skip record condition in processRecords. #12198, PR#12230
    * Also consider recursive forward in the “forwarded DS should not end up in negCache code.” #12189, #12199, PR#12227
    * Timout handling for IXFRs as a client. #12125, PR#12190
    * Detect invalid bytes in makeBytesFromHex(). #12066, PR#12173
    * Log invalid RPZ content when obtained via IXFR. #12081, PR#12171
    * When an expired NSEC3 entry is seen, move it to the front of the expiry queue. #12038, PR#12168
* Tue Sep 20 2022 Michael Ströder <michael@stroeder.com>
  - update to 4.7.3
    * Improvements
    - For zones having many NS records, we are not interested in all so take a sample. #11904, PR#11936
    - Also check qperq limit if throttling happened, as it increases counters. #11848, PR#11897
    * Bug Fixes
    - Failure to retrieve DNSKEYs of an Insecure zone should not be fatal. #11890, PR#11940
    - Fix recursor not responsive after Lua config reload. #11850, PR#11879
    - Clear the caches after loading authzones. #11843, PR#11847
    - Resize answer length to actual received length in udpQueryResponse. #11773, PR#11774
* Wed Aug 24 2022 Adam Majer <adam.majer@suse.de>
  - Bump requires to newer Boost, effectively disabling support for SLE-12
* Tue Aug 23 2022 Michael Ströder <michael@stroeder.com>
  - update to 4.7.2
    * incomplete exception handling related to protobuf message generation.
      (CVE-2022-37428, bsc#1202664)
* Fri Jul 08 2022 Michael Ströder <michael@stroeder.com>
  - update to 4.7.1
    * Improvements
    - Allow generic format while parsing zone files for ZoneToCache.
      References: #11724, #11726, pull request 11750
    - Force gzip compression for debian packages (Zash). #11735, PR#11740
    * Bug Fixes
    - Run tasks from housekeeping thread in the proper way, causing queued
      DoT probes to run more promptly. #11692, PR#11748
* Mon May 30 2022 Michael Ströder <michael@stroeder.com>
  - update to 4.7.0
    * A configurable way of adding Additional records to answers sent
      to the client, so the client does not have to ask for these
      records.
    * The step sizes for Query Minimization are now computed following to
      guidelines in [2]RFC 9156.
    * The Recursor now schedules tasks to resolve IPv6 addresses of name
      servers not learned by glue records. This has the consequence that,
      if applicable, name servers will be contacted over IPv6 more often.
    * An experimental implementation of unilateral [3]DoT probing. This
      allows the Recursor to learn if a an authoritative servers supports
      DoT.
    * Recursor has gained a way to fall back to the parent NS set if
      contacting servers in the child NS set does not lead to an answer.
      This works around some broken authoritative servers configurations.
    * ZONEMD validation of the zones retrieved by the [5]Zone to Cache,
      providing integrity guarantees for the zone retrieved.
    * The table recording round trip times of authoritative server IP
      addresses is now shared between threads to make it more effective
      and to reduce its memory footprint.
    * A Lua FFI hook for post-resolve interception: [6]postresolve_ffi,
      providing a very fast way to do post-resolve Lua scripting.
* Mon Apr 04 2022 Michael Ströder <michael@stroeder.com>
  - update to 4.6.2
    * Improvements
    - Allow disabling of processing the root hints.
    - References: #11283, pull request 11360
    - Log an error if pdns.DROP is used as rcode in Lua callbacks.
    - References: #11288, pull request 11361
    - A CNAME answer on DS query should abort DS retrieval.
    - References: #11245, pull request 11358
    - Reject non-apex NSEC(3)s that have both the NS and SOA bits set.
    - References: #11225, pull request 11357
    - Fix build with OpenSSL 3.0.0.
    - References: pull request 11260
    - Shorter thread names.
    - References: #11137, pull request 11170
    - Two more features to print (DoT and scrypt).
    - References: #11109, pull request 11169
    * Bug Fixes
    - Be more careful using refresh mode only for the record asked.
    - References: #11371, pull request 11418
    - Use the Lua context stored in SyncRes when calling hooks.
    - References: #11300, pull request 11380
    - QType ADDR is supposed to be used internally only.
    - References: #11338, pull request 11363
    - If we get NODATA on an AAAA in followCNAMERecords, try native dns64.
    - References: #11327, pull request 11362
    - Initialize isNew before calling a exception throwing function.
    - References: #11257, pull request 11359
* Mon Mar 28 2022 Adam Majer <adam.majer@suse.de>
  - fix building against sle-12 backports with gcc-9
  - remove obsolete BR on protobuf
  - add bundled information to the spec file
  - boost_context.patch: Boost.Context detection fix on SLE12
* Fri Mar 25 2022 Adam Majer <adam.majer@suse.de>
  - update to 4.6.1
    fixes incomplete validation of incoming IXFR transfer in
    the Recursor. It applies to setups retrieving one or more RPZ
    zones from a remote server if the network path to the server
    is not trusted. (bsc#1197525, CVE-2022-27227)

Files

/etc/pdns/recursor.conf
/etc/pdns/recursor.yml-dist
/usr/lib/systemd/system/pdns-recursor.service
/usr/lib/systemd/system/pdns-recursor@.service
/usr/sbin/pdns_recursor
/usr/sbin/rcpdns-recursor
/usr/sbin/rec_control
/usr/share/doc/packages/pdns-recursor
/usr/share/doc/packages/pdns-recursor/README
/usr/share/licenses/pdns-recursor
/usr/share/licenses/pdns-recursor/COPYING
/usr/share/man/man1/pdns_recursor.1.gz
/usr/share/man/man1/rec_control.1.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Feb 21 02:42:40 2025