PowerDNS Authoritative Server 3.4.5
Bug fixes:
- Be careful reading empty lines in our config parser and prevent
integer overflow.
- prevent crash after --list-modules (Ruben Kerkhof)
- Limit the maximum length of a qname
Improvements:
- Support /etc/default for our debian/ubuntu packages (Aki Tuomi)
- Detect GCC 5.1 for boost (Ruben Kerkhof)
- Various PKCS#11 fixes and improvements (Aki Tuomi)
- Fix Coverity issues (Aki Tuomi)
- Fix building on OpenBSD (Florian Obser and Ruben Kerkhof)
- Look for mbedtls before polarssl (Ruben Kerkhof)
- Let pkg-config determine botan dependency libs (Ruben Kerkhof)
- Kill some further mallocs and add note to remind us not to add them back
- Move remotebackend-unix test socket to testsdir (Aki Tuomi)
- Defer launch of coprocess until first question (Aki Tuomi)
- pdnssec: check for glue and delegations in parent zones (Kees Monshouwer)
PowerDNS Authoritative Server 3.4.4
Bug fixes:
- Fix rectify-(all)-zones for mixed case domain names
- Fix CVE-2015-1868
- Blocking IO in busy-wait for remote backend (Wieger Opmeer)
- Fix double dot for root MX/SRV in bind slave zone files (Kees Monshouwer)
- Properly lock lmdb database, fixes ticket #1954 (Aki Tuomi)
- Fix segfault in zone2lmdb (Ruben Kerkhof)
New Features:
- pdnssec: warn for insecure wildcards in opt-out zones
- TKEY record type (Aki Tuomi)
- Many PKCS#11 improvements (Aki Tuomi)
- Introduce xfrBlobNoSpaces and use them for TSIG (Aki Tuomi)
Improvements:
- Allow "pdnssec set-nsec3 ZONE" for insecure zones; this saves on
one rectify when securing a NSEC3 zone
- Improvements to the config-file parsing (Aki Tuomi)
- Postgresql check should not touch LDFLAGS (Ruben Kerkhof)
- Log error when remote cannot do AXFR (Aki Tuomi)
- Speed improvements when AXFR is disabled (Christian Hofstaedtler)
- NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer)
- Change ifdef to check for __GLIBC__ instead of __linux__ to prevent
errors with other libc's (James Taylor)
- Try to raise open files before dropping privileges (Aki Tuomi)
- Add newline to carbon error message on auth (Aki Tuomi)
- Make sure we send servfail on error (Aki Tuomi)
- Ship lmdb-example.pl in tarball (Ruben Kerkhof)
- Allocate TCP buffer dynamically, decreasing stack usage
- Throw if getSOA gets non-SOA record
997d4b3ac4