commit pdns-recursor for openSUSE:Factory

Source-Sync Fri, 20 Jan 2023 08:40:18 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package pdns-recursor for openSUSE:Factory 
checked in at 2023-01-20 17:39:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pdns-recursor (Old)
 and      /work/SRC/openSUSE:Factory/.pdns-recursor.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "pdns-recursor"

Fri Jan 20 17:39:53 2023 rev:61 rq:1059961 version:4.8.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/pdns-recursor/pdns-recursor.changes      
2022-12-13 18:56:11.347434398 +0100
+++ /work/SRC/openSUSE:Factory/.pdns-recursor.new.32243/pdns-recursor.changes   
2023-01-20 17:40:07.401000154 +0100
@@ -1,0 +2,7 @@
+Fri Jan 20 12:32:44 UTC 2023 - Adam Majer <adam.ma...@suse.de>
+
+- update to 4.8.1
+  * Avoid unbounded recursion when retrieving DS records from some
+    misconfigured domains. (bsc#1207342, CVE-2023-22617)
+
+-------------------------------------------------------------------

Old:
----
  pdns-recursor-4.8.0.tar.bz2
  pdns-recursor-4.8.0.tar.bz2.sig

New:
----
  pdns-recursor-4.8.1.tar.bz2
  pdns-recursor-4.8.1.tar.bz2.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ pdns-recursor.spec ++++++
--- /var/tmp/diff_new_pack.Il2BKv/_old  2023-01-20 17:40:07.985003384 +0100
+++ /var/tmp/diff_new_pack.Il2BKv/_new  2023-01-20 17:40:07.993003428 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package pdns-recursor
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
 %endif
 
 Name:           pdns-recursor
-Version:        4.8.0
+Version:        4.8.1
 Release:        0
 BuildRequires:  autoconf
 BuildRequires:  automake

++++++ pdns-recursor-4.8.0.tar.bz2 -> pdns-recursor-4.8.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pdns-recursor-4.8.0/configure 
new/pdns-recursor-4.8.1/configure
--- old/pdns-recursor-4.8.0/configure   2022-12-09 11:47:41.000000000 +0100
+++ new/pdns-recursor-4.8.1/configure   2023-01-18 11:47:25.000000000 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pdns-recursor 4.8.0.
+# Generated by GNU Autoconf 2.69 for pdns-recursor 4.8.1.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
 # Identity of this package.
 PACKAGE_NAME='pdns-recursor'
 PACKAGE_TARNAME='pdns-recursor'
-PACKAGE_VERSION='4.8.0'
-PACKAGE_STRING='pdns-recursor 4.8.0'
+PACKAGE_VERSION='4.8.1'
+PACKAGE_STRING='pdns-recursor 4.8.1'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1552,7 +1552,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures pdns-recursor 4.8.0 to adapt to many kinds of systems.
+\`configure' configures pdns-recursor 4.8.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1623,7 +1623,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of pdns-recursor 4.8.0:";;
+     short | recursive ) echo "Configuration of pdns-recursor 4.8.1:";;
    esac
   cat <<\_ACEOF
 
@@ -1810,7 +1810,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-pdns-recursor configure 4.8.0
+pdns-recursor configure 4.8.1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2569,7 +2569,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by pdns-recursor $as_me 4.8.0, which was
+It was created by pdns-recursor $as_me 4.8.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3437,7 +3437,7 @@
 
 # Define the identity of the package.
  PACKAGE='pdns-recursor'
- VERSION='4.8.0'
+ VERSION='4.8.1'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -28247,7 +28247,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by pdns-recursor $as_me 4.8.0, which was
+This file was extended by pdns-recursor $as_me 4.8.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -28313,7 +28313,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-pdns-recursor config.status 4.8.0
+pdns-recursor config.status 4.8.1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pdns-recursor-4.8.0/configure.ac 
new/pdns-recursor-4.8.1/configure.ac
--- old/pdns-recursor-4.8.0/configure.ac        2022-12-09 11:47:31.000000000 
+0100
+++ new/pdns-recursor-4.8.1/configure.ac        2023-01-18 11:47:15.000000000 
+0100
@@ -1,6 +1,6 @@
 AC_PREREQ([2.69])
 
-AC_INIT([pdns-recursor], [4.8.0])
+AC_INIT([pdns-recursor], [4.8.1])
 AC_CONFIG_AUX_DIR([build-aux])
 AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability 
subdir-objects parallel-tests 1.11])
 AM_SILENT_RULES([yes])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pdns-recursor-4.8.0/pdns_recursor.1 
new/pdns-recursor-4.8.1/pdns_recursor.1
--- old/pdns-recursor-4.8.0/pdns_recursor.1     2022-12-09 11:48:49.000000000 
+0100
+++ new/pdns-recursor-4.8.1/pdns_recursor.1     2023-01-18 11:48:35.000000000 
+0100
@@ -27,7 +27,7 @@
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "PDNS_RECURSOR" "1" "Dec 09, 2022" "" "PowerDNS Recursor"
+.TH "PDNS_RECURSOR" "1" "Jan 18, 2023" "" "PowerDNS Recursor"
 .SH NAME
 pdns_recursor \- The PowerDNS Recursor binary
 .SH SYNOPSIS
@@ -201,6 +201,6 @@
 .SH AUTHOR
 PowerDNS.COM BV
 .SH COPYRIGHT
-2001-2022, PowerDNS.COM BV
+2001-2023, PowerDNS.COM BV
 .\" Generated by docutils manpage writer.
 .
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pdns-recursor-4.8.0/rec-main.cc 
new/pdns-recursor-4.8.1/rec-main.cc
--- old/pdns-recursor-4.8.0/rec-main.cc 2022-12-09 11:46:42.000000000 +0100
+++ new/pdns-recursor-4.8.1/rec-main.cc 2023-01-18 11:46:34.000000000 +0100
@@ -2583,7 +2583,7 @@
   try {
 #if HAVE_FIBER_SANITIZER
     // Asan needs more stack
-    ::arg().set("stack-size", "stack size per mthread") = "400000";
+    ::arg().set("stack-size", "stack size per mthread") = "600000";
 #else
     ::arg().set("stack-size", "stack size per mthread") = "200000";
 #endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pdns-recursor-4.8.0/rec_control.1 
new/pdns-recursor-4.8.1/rec_control.1
--- old/pdns-recursor-4.8.0/rec_control.1       2022-12-09 11:48:49.000000000 
+0100
+++ new/pdns-recursor-4.8.1/rec_control.1       2023-01-18 11:48:35.000000000 
+0100
@@ -27,7 +27,7 @@
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "REC_CONTROL" "1" "Dec 09, 2022" "" "PowerDNS Recursor"
+.TH "REC_CONTROL" "1" "Jan 18, 2023" "" "PowerDNS Recursor"
 .SH NAME
 rec_control \- Command line tool to control a running Recursor
 .SH SYNOPSIS
@@ -401,6 +401,6 @@
 .SH AUTHOR
 PowerDNS.COM BV
 .SH COPYRIGHT
-2001-2022, PowerDNS.COM BV
+2001-2023, PowerDNS.COM BV
 .\" Generated by docutils manpage writer.
 .
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pdns-recursor-4.8.0/syncres.cc 
new/pdns-recursor-4.8.1/syncres.cc
--- old/pdns-recursor-4.8.0/syncres.cc  2022-12-09 11:46:42.000000000 +0100
+++ new/pdns-recursor-4.8.1/syncres.cc  2023-01-18 11:46:34.000000000 +0100
@@ -1753,6 +1753,8 @@
         // Case 5: unexpected answer
         QLOG("Step5: other rcode, last effort final resolve");
         setQNameMinimization(false);
+        setQMFallbackMode(true);
+
         // We might have hit a depth level check, but we still want to allow 
some recursion levels in the fallback
         // no-qname-minimization case. This has the effect that a qname 
minimization fallback case might reach 150% of
         // maxdepth.
@@ -3589,7 +3591,7 @@
 
   vState state = vState::Indeterminate;
   const bool oldCacheOnly = setCacheOnly(false);
-  const bool oldQM = setQNameMinimization(true);
+  const bool oldQM = setQNameMinimization(!getQMFallbackMode());
   int rcode = doResolve(zone, QType::DS, dsrecords, depth + 1, beenthere, 
state);
   setCacheOnly(oldCacheOnly);
   setQNameMinimization(oldQM);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pdns-recursor-4.8.0/syncres.hh 
new/pdns-recursor-4.8.1/syncres.hh
--- old/pdns-recursor-4.8.0/syncres.hh  2022-12-09 11:46:42.000000000 +0100
+++ new/pdns-recursor-4.8.1/syncres.hh  2023-01-18 11:46:34.000000000 +0100
@@ -328,6 +328,18 @@
     return old;
   }
 
+  bool setQMFallbackMode(bool state = true)
+  {
+    auto old = d_qNameMinimizationFallbackMode;
+    d_qNameMinimizationFallbackMode = state;
+    return old;
+  }
+
+  bool getQMFallbackMode() const
+  {
+    return d_qNameMinimizationFallbackMode;
+  }
+
   void setDoEDNS0(bool state=true)
   {
     d_doEDNS0=state;
@@ -664,6 +676,7 @@
   bool d_wasOutOfBand{false};
   bool d_wasVariable{false};
   bool d_qNameMinimization{false};
+  bool d_qNameMinimizationFallbackMode{false};
   bool d_queryReceivedOverTCP{false};
   bool d_followCNAME{true};
   bool d_refresh{false};

commit pdns-recursor for openSUSE:Factory

Reply via email to