* This release drops GSS/TSIG support, please see
PowerDNS Security Advisory 2020-06.
* New features:
- the LMDB backend now supports long record content, making it production
ready for everybody
- the SVCB and HTTPS record types are supported, with limited additional
processing transaction handling in the 2136 handler and the HTTP API was
again improved a lot, avoiding various spurious issues users may have
noticed if they do a lot of changes a new setting (consistent-backends)
offers a roughly 30% speedup, subject to conditions
- we finally emit Prometheus metrics!
* Improvements:
- don’t log trusted-notification-proxy notify at error level
- Stop using incbin and use od & sed to generate constant string data.
* Bug Fixes:
- clear the LMDB set state when performing a new lookup or list to prevent
corruption cases
- SVCB: Correctly parse and print unknown params
- fix direct-dnskey in AXFR-out
Please make sure to read the upgrade notes before upgrading:
https://doc.powerdns.com/authoritative/upgrading.html
PR: 251945
Submitted by: Ralf van der Enden (maintainer)
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Security: 61d89849-43cb-11eb-aba5-00a09858faf5
Differential Revision: https://reviews.freebsd.org/D27680
- Adjust dependencies (IXFRTOOL needs yaml-cpp)
- Explicitly disable decaf and sodium in case they are not enabled.
Otherwise they default to "auto" and if detected in the system,
stage-qa reports unresolved dependency.
- Drop user privilges for worker processes to pdns/pdns (UID is new; GUID already exists)
- Always depend on protobuf. I do the same for dnsdist and powerdns-recursor
- Actually do something with the pdns_flags variable in the rc-script instead of just mentioning it in the comment block
- Bump PORTREVISION
PR: 250961
Submitted by: Juraj Lutter, Ralf van der Enden
Approved by: Ralf van der Enden (maintainer)
Improvements:
- EL8 pkgs: Build mysql backend against mariadb-connector-c-devel
- gpgsql: Reintroduce prepared statements
- gsqlite3backend: add missing indexes
- use real remote for supermaster createSlaveDomain()
- Optimize IXFR-to-AXFR fallback path
- Install bind SQL schema files as part of bindbackend
- Do not send out of zone lookups to the backends
Bug Fixes:
- Raise an exception on invalid hex content in unknown records.
- Handle the extra single-row result set of MySQL stored procedures
PR: 249560
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Security: CVE-2020-17482
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
Relnotes: https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1
- Add missing entries to pkg-plist
- Add ixfrdist tool
- Change pidfile back to ${name}.pid in the rc.d script
- Pet portlint a bit (regenerate files/patch-configure and ran
Makefile though portfmt)
- Remove patch-dns_random.cc (only needed on 12.0, which is EoL)
- Move upgrade instructions from pkg-install to pkg-message
- Bump PORTREVISION
- Upgrading the port now shows a message about required schema
changes for several backends.
PR: 246434
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Reported by: Dominik Lisiak <dominik.lisiak@bemsoft.pl>
Please note that 4.3.0 comes with a mandatory database schema upgrade.
See: https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0
- added OPTIONS LMDB backend
- removed OPTIONS MyDNS backend
- removed OPTIONS OpenDBX backend
- removed patch-fix_memleak_bindbackend
- added `pidfile=/var/run/pdns/pdns_server.pid` to the rc script.
- updated pkg-descr with a more descriptive blurb from their web page.
PR: 246262
Submitted by: yds@Necessitu.de
Approved by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Relnotes: https://blog.powerdns.com/2020/04/07/powerdns-authoritative-4-3-0/
4.2.1 release notes:
This release fixes several bugs and makes a few features more robust or
intuitive. It also contains a few performance improvements for API users.
For a full list of changes look here:
https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.1
PR: 242519
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.
PR: 238330
Previous update was old patch to 4.1.9
PR: 238705
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
MFH: 2019Q2
Security: 1c21f6a3-9415-11e9-95ec-6805ca2fa271
systems:
Don't add -L/usr/lib unconditionally, it makes gcc8 (used on GCC-based
systems) link to base libstdc++.
Given that this is a build fix that does not affect clang-based systems,
there should be no need to bump portrevision.
PR: 238742
Reported by: pkubaj
Approved by: maintainer
defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.
This includes ports
- with USE_GCC=yes or USE_GCC=any,
- with USES=fortran,
- using Mk/bsd.octave.mk which in turn features USES=fortran, and
- with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.
PR: 231590
This releases fixes the following security advisories:
- PowerDNS Security Advisory 2018-03 (CVE-2018-10851)
- PowerDNS Security Advisory 2018-05 (CVE-2018-14626)
It also contains some improvemens and bug fixes.
Full changelog:
https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.5
PR: 233139
Submitted by: maintainer
