8c8d07eb33
4.1.11 Since Spectre/Meltdown, system calls have become more expensive. This made exporting a very high number of protobuf messages costly, which is addressed in this release by reducing the number of sycalls per message. Improvements Add an option to export only responses over protobuf to the Lua protobufServer() directive. Reduce systemcall usage in protobuf logging. 4.1.10 This release fixes a bug when trying to build PowerDNS Recursor with protobuf support disabled, thus this release is only relevant to people building PowerDNS Recursor from source and not if you’re installing it as a package from our repositories. Bug Fixes PowerDNS Recursor release 4.1.9 introduced a call to the Lua ipfilter() hook that required access to the DNS header, but the corresponding variable was only declared when protobuf support had been enabled. 4.1.9 This release fixes Security Advisory 2019-01 and Security Advisory 2019-02 that were recently discovered, affecting PowerDNS Recursor: CVE-2019-3806, 2019-01: from 4.1.4 up to and including 4.1.8 ; CVE-2019-3807, 2019-02: from 4.1.0 up to and including 4.1.8. The issues are: CVE-2019-3806, 2019-01: Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua ; CVE-2019-3807, 2019-02: records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. Improvements Try another worker before failing if the first pipe was full |
||
---|---|---|
.. | ||
patch-configure | ||
patch-dns.hh | ||
patch-ext_json11_json11.cpp | ||
patch-iputils.cc | ||
patch-iputils.hh | ||
patch-kqueuemplexer.cc | ||
patch-m4_pdns__check__os.m4 | ||
patch-portsmplexer.cc | ||
patch-qtype.hh | ||
patch-version.cc |