pkgsrc

kpriv/pkgsrc

Fork 0

Commit graph

Author	SHA1	Message	Date
fhajny	255d32ab4b	Update net/powerdns* to 4.1.0. PowerDNS Authoritative Server 4.1.0 =========================================================== - Improved performance: 400% speedup in some scenarios - Crypto API: DNSSEC fully configurable via RESTful API - Improved documentation - Database related improvements - Enhanced tooling - Support for TCP Fast Open - Support for non-local bind - Support for Botan 2.x (and removal of support for Botan 1.10) - Our packages now ship with PKCS #11 support. - Recursor passthrough removal Full changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html PowerDNS Authoritative Server 4.0.5 =========================================================== Fixes - Fix for missing check on API operations (CVE-2017-15091) - Bindbackend: do not corrupt data supplied by other backends in getAllDomains - API: prevent sending nameservers list and zone-level NS in rrsets - gpgsql: make statement names actually unique - Fix remotebackend params - Fix godbc query logging - For create-slave-zone, actually add all slaves, and not only first n times - Fix a regression in axfr-rectify + test - When making a netmask from a comboaddress, we neglected to zero the port - Fix libatomic detection on ppc64 - Catch DNSName exception in the Zoneparser - Publish inactive KSK/CSK as CDNSKEY/CDS - Handle AFSDB record separately due to record structure. - Treat requestor's payload size lower than 512 as equal to 512 - Correctly purge entries from the caches after a transfer - Handle a signing pipe worker dying with work still pending - Ignore SOA-EDIT for PRESIGNED zones. - Check return value for all getTSIGKey calls. Improvements - Fix ldap-strict autoptr feature, including a test - mydnsbackend: Add getAllDomains - Stubresolver: Use only recursor setting if given - LuaWrapper: Allow embedded NULs in strings received from Lua - sdig: Clarify that the ednssubnet option takes "subnet/mask" - Tests: Ensure all required tools are available - PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet mask - LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace - Add support for Botan 2.x - Ship ldapbackend schema files in tarball - Collection of schema changes - Fix typo in two log messages - Add help text on autodetecting systemd support - Use a unique pointer for bind backend's d_of - Fix some of the issues found by @jpmens	2018-01-02 12:18:15 +00:00
fhajny	ec510cc887	Fix SunOS segfaults. Bump PKGREVISION.	2017-03-29 11:46:03 +00:00
fhajny	8791799143	Update net/powerdns to 4.0.3. pkgsrc changes: - Remove options for cryptopp and geoip (the latter to go into a separate package). - Clean up a lot of patches that do not seem to be needed anymore. PowerDNS Authoritative Server 4.0.3 =================================== - Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it" PowerDNS Authoritative Server 4.0.2 Security issues fixed: - 2016-02: Crafted queries can cause abnormal CPU usage - 2016-03: Denial of service via the web server - 2016-04: Insufficient validation of TSIG signatures - 2016-05: Crafted zone record can cause a denial of service Other highlights: - Don't parse spurious RRs in queries when we don't need them (Security Advisory 2016-02) - Don't exit if the webserver can't accept a connection (Security Advisory 2016-03) - Check TSIG signature on IXFR (Security Advisory 2016-04) - Correctly check unknown record content size (Security Advisory 2016-05) - ODBC backend: actually prepare statements - Improve root-zone performance - Plug memory leak in postgresql backend (Christian Hofstaedtler) - calidns: Don't crash if we don't have enough 'unknown' queries remaining - Improve PacketCache cleaning (Kees Monshouwer) - Bind backend: update status message on reload, keep the existing zone on failure - Fix TSIG for single thread distributor (Kees Monshouwer) - Change default for any-to-tcp to yes (Kees Monshouwer) - Don't look up the packet cache for TSIG-enabled queries - Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler) - pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo) PowerDNS Authoritative Server 4.0.1 =================================== Bug fixes - Wait for the connection to the carbon server to be established - Don't try to deallocate empty PG statements - Send the correct response when queried for an NSEC directly (Kees Monshouwer) - Don't include bind files if length <= 2 or > sizeof(filename) - Catch runtime_error when parsing a broken MNAME Improvements - Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi) - OpenSSL 1.1.0 support (Christian Hofstaedtler) - Fix typos in a logmessage and exception (Christian Hofsteadtler) - pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo) - dnsreplay: Only add Client Subnet stamp when asked - Use toLogString() for ringAccount (Kees Monshouwer) Additions - Add limits to the size of received {A,I}XFR - Add used filedescriptor statistic (Kees Monshouwer) PowerDNS Authoritative Server 4.0.0 =================================== - Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places. - Implemented dedicated infrastructure for dealing with DNS names that is fully "DNS Native" and needs less escaping and unescaping. - Due to this, the PowerDNS Authoritative Server can now serve DNSSEC-enabled root-zones. - All backends derived from the Generic SQL backend use prepared statements. - Both the server and pdns_control do the right thing when chroot'ed. - Caches are now fully canonically ordered, which means entries can be wiped on suffix in all places - A revived and supported ODBC backend (godbc). - A revived and supported LDAP backend (ldap). - Support for CDS/CDNSKEY and RFC 7344 key-rollovers. - Support for the ALIAS record. - The webserver and API are no longer experimental. - The API-path has moved to /api/v1 - DNSUpdate is no longer experimental. - ECDSA (algorithm 13 and 14) supported without in-tree cryptographic libraries (provided by OpenSSL). - Experimental support for ed25519 DNSSEC signatures (when compiled with libsodium support). - Many new pdnsutil commands. - GeoIP backend has gained many features, and can now e.g. run based on explicit netmasks not present in the GeoIP databases - Removed support for LMDB. - Removed the Geo backened (use the improved GeoIP instead). - pdnssec has been renamed to pdnsutil. - Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic libraries have been dropped in favor of the (faster) OpenSSL libcrypto (except for GOST, which is still provided by Botan). - ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when securing zones. - The PowerDNS Authoritative Server now listens by default on all IPv6 addresses. - Several superfluous queries have been dropped from the Generic SQL backends. - The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are marked as deprecated and will be removed in 4.1.0	2017-03-09 13:32:54 +00:00

Author

SHA1

Message

Date

fhajny

255d32ab4b

Update net/powerdns* to 4.1.0.

PowerDNS Authoritative Server 4.1.0
===========================================================

- Improved performance: 400% speedup in some scenarios
- Crypto API: DNSSEC fully configurable via RESTful API
- Improved documentation
- Database related improvements
- Enhanced tooling
- Support for TCP Fast Open
- Support for non-local bind
- Support for Botan 2.x (and removal of support for Botan 1.10)
- Our packages now ship with PKCS #11 support.
- Recursor passthrough removal

Full changelog:

  https://doc.powerdns.com/authoritative/changelog/4.1.html



PowerDNS Authoritative Server 4.0.5
===========================================================

Fixes
- Fix for missing check on API operations (CVE-2017-15091)
- Bindbackend: do not corrupt data supplied by other backends in
  getAllDomains
- API: prevent sending nameservers list and zone-level NS in rrsets
- gpgsql: make statement names actually unique
- Fix remotebackend params
- Fix godbc query logging
- For create-slave-zone, actually add all slaves, and not only first n
  times
- Fix a regression in axfr-rectify + test
- When making a netmask from a comboaddress, we neglected to zero the
  port
- Fix libatomic detection on ppc64
- Catch DNSName exception in the Zoneparser
- Publish inactive KSK/CSK as CDNSKEY/CDS
- Handle AFSDB record separately due to record structure.
- Treat requestor's payload size lower than 512 as equal to 512
- Correctly purge entries from the caches after a transfer
- Handle a signing pipe worker dying with work still pending
- Ignore SOA-EDIT for PRESIGNED zones.
- Check return value for all getTSIGKey calls.

Improvements
- Fix ldap-strict autoptr feature, including a test
- mydnsbackend: Add getAllDomains
- Stubresolver: Use only recursor setting if given
- LuaWrapper: Allow embedded NULs in strings received from Lua
- sdig: Clarify that the ednssubnet option takes "subnet/mask"
- Tests: Ensure all required tools are available
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
  mask
- LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace
- Add support for Botan 2.x
- Ship ldapbackend schema files in tarball
- Collection of schema changes
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Use a unique pointer for bind backend's d_of
- Fix some of the issues found by @jpmens

2018-01-02 12:18:15 +00:00

fhajny

ec510cc887

Fix SunOS segfaults. Bump PKGREVISION.

2017-03-29 11:46:03 +00:00

fhajny

8791799143

Update net/powerdns to 4.0.3.

pkgsrc changes:

- Remove options for cryptopp and geoip (the latter to go into a
  separate package).
- Clean up a lot of patches that do not seem to be needed anymore.

PowerDNS Authoritative Server 4.0.3
===================================

- Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it"

PowerDNS Authoritative Server 4.0.2

Security issues fixed:

- 2016-02: Crafted queries can cause abnormal CPU usage
- 2016-03: Denial of service via the web server
- 2016-04: Insufficient validation of TSIG signatures
- 2016-05: Crafted zone record can cause a denial of service

Other highlights:

- Don't parse spurious RRs in queries when we don't need them (Security
  Advisory 2016-02)
- Don't exit if the webserver can't accept a connection (Security
  Advisory 2016-03)
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Correctly check unknown record content size (Security Advisory
  2016-05)
- ODBC backend: actually prepare statements
- Improve root-zone performance
- Plug memory leak in postgresql backend (Christian Hofstaedtler)
- calidns: Don't crash if we don't have enough 'unknown' queries
  remaining
- Improve PacketCache cleaning (Kees Monshouwer)
- Bind backend: update status message on reload, keep the existing zone
  on failure
- Fix TSIG for single thread distributor (Kees Monshouwer)
- Change default for any-to-tcp to yes (Kees Monshouwer)
- Don't look up the packet cache for TSIG-enabled queries
- Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
- pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)

PowerDNS Authoritative Server 4.0.1
===================================

Bug fixes
- Wait for the connection to the carbon server to be established
- Don't try to deallocate empty PG statements
- Send the correct response when queried for an NSEC directly (Kees
  Monshouwer)
- Don't include bind files if length <= 2 or > sizeof(filename)
- Catch runtime_error when parsing a broken MNAME

Improvements
- Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi)
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix typos in a logmessage and exception (Christian Hofsteadtler)
- pdnsutil: Remove checking of ctime and always diff the changes (Hannu
  Ylitalo)
- dnsreplay: Only add Client Subnet stamp when asked
- Use toLogString() for ringAccount (Kees Monshouwer)

Additions
- Add limits to the size of received {A,I}XFR
- Add used filedescriptor statistic (Kees Monshouwer)

PowerDNS Authoritative Server 4.0.0
===================================

- Moved to C++ 2011, a cleaner more powerful version of C++ that has
  allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
  is fully "DNS Native" and needs less escaping and unescaping.
- Due to this, the PowerDNS Authoritative Server can now serve
  DNSSEC-enabled root-zones.
- All backends derived from the Generic SQL backend use prepared
  statements.
- Both the server and pdns_control do the right thing when chroot'ed.
- Caches are now fully canonically ordered, which means entries can be
  wiped on suffix in all places
- A revived and supported ODBC backend (godbc).
- A revived and supported LDAP backend (ldap).
- Support for CDS/CDNSKEY and RFC 7344 key-rollovers.
- Support for the ALIAS record.
- The webserver and API are no longer experimental.
- The API-path has moved to /api/v1
- DNSUpdate is no longer experimental.
- ECDSA (algorithm 13 and 14) supported without in-tree cryptographic
  libraries (provided by OpenSSL).
- Experimental support for ed25519 DNSSEC signatures (when compiled with
  libsodium support).
- Many new pdnsutil commands.
- GeoIP backend has gained many features, and can now e.g. run based on
  explicit netmasks not present in the GeoIP databases
- Removed support for LMDB.
- Removed the Geo backened (use the improved GeoIP instead).
- pdnssec has been renamed to pdnsutil.
- Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic
  libraries have been dropped in favor of the (faster) OpenSSL libcrypto
  (except for GOST, which is still provided by Botan).
- ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when
  securing zones.
- The PowerDNS Authoritative Server now listens by default on all IPv6
  addresses.
- Several superfluous queries have been dropped from the Generic SQL
  backends.
- The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are
  marked as deprecated and will be removed in 4.1.0

2017-03-09 13:32:54 +00:00

3 commits