Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pdns for openSUSE:Factory checked in at 2023-10-25 18:04:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pdns (Old) and /work/SRC/openSUSE:Factory/.pdns.new.24901 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns" Wed Oct 25 18:04:23 2023 rev:90 rq:1118580 version:4.8.3 Changes: -------- --- /work/SRC/openSUSE:Factory/pdns/pdns.changes 2023-06-01 17:21:23.194824128 +0200 +++ /work/SRC/openSUSE:Factory/.pdns.new.24901/pdns.changes 2023-10-25 18:05:03.822965173 +0200 @@ -1,0 +2,11 @@ +Wed Oct 18 10:59:55 UTC 2023 - Dominique Leuenberger <dims...@opensuse.org> + +- Update to version 4.8.3: + * New Feature: add default-catalog-zone setting. + + Improvements: smysql: stop explicitly setting + MYSQL_OPT_RECONNECT to . + + Bug Fix: ixfrdist: set AA=1 on SOA responses. +For details, see +https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.3 + +------------------------------------------------------------------- Old: ---- pdns-4.8.0.tar.bz2 pdns-4.8.0.tar.bz2.sig New: ---- pdns-4.8.3.tar.bz2 pdns-4.8.3.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pdns.spec ++++++ --- /var/tmp/diff_new_pack.PaAb9l/_old 2023-10-25 18:05:05.763030421 +0200 +++ /var/tmp/diff_new_pack.PaAb9l/_new 2023-10-25 18:05:05.763030421 +0200 @@ -57,7 +57,7 @@ %endif Name: pdns -Version: 4.8.0 +Version: 4.8.3 Release: 0 Summary: Authoritative-only nameserver License: GPL-2.0-only ++++++ pdns-4.8.0.tar.bz2 -> pdns-4.8.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/configure new/pdns-4.8.3/configure --- old/pdns-4.8.0/configure 2023-06-01 08:55:24.000000000 +0200 +++ new/pdns-4.8.3/configure 2023-10-05 11:22:42.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pdns 4.8.0. +# Generated by GNU Autoconf 2.69 for pdns 4.8.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='pdns' PACKAGE_TARNAME='pdns' -PACKAGE_VERSION='4.8.0' -PACKAGE_STRING='pdns 4.8.0' +PACKAGE_VERSION='4.8.3' +PACKAGE_STRING='pdns 4.8.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1666,7 +1666,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pdns 4.8.0 to adapt to many kinds of systems. +\`configure' configures pdns 4.8.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1737,7 +1737,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pdns 4.8.0:";; + short | recursive ) echo "Configuration of pdns 4.8.3:";; esac cat <<\_ACEOF @@ -2000,7 +2000,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pdns configure 4.8.0 +pdns configure 4.8.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2759,7 +2759,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pdns $as_me 4.8.0, which was +It was created by pdns $as_me 4.8.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3629,7 +3629,7 @@ # Define the identity of the package. PACKAGE='pdns' - VERSION='4.8.0' + VERSION='4.8.3' cat >>confdefs.h <<_ACEOF @@ -21755,11 +21755,11 @@ CPPFLAGS="$LIBCRYPTO_INCLUDES $CPPFLAGS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include <openssl/crypto.h> +#include <openssl/bn.h> int main () { -ERR_load_CRYPTO_strings() +BN_new() ; return 0; } @@ -21780,7 +21780,12 @@ fi done - ac_fn_cxx_check_decl "$LINENO" "EVP_PKEY_CTX_set1_scrypt_salt" "ac_cv_have_decl_EVP_PKEY_CTX_set1_scrypt_salt" "#include <openssl/kdf.h> + # you might be wondering why the stdarg.h and stddef.h includes, + # in which case please have a look at https://github.com/PowerDNS/pdns/issues/12926 + # and weep, yelling at Red Hat + ac_fn_cxx_check_decl "$LINENO" "EVP_PKEY_CTX_set1_scrypt_salt" "ac_cv_have_decl_EVP_PKEY_CTX_set1_scrypt_salt" "#include <stdarg.h> + #include <stddef.h> + #include <openssl/kdf.h> " if test "x$ac_cv_have_decl_EVP_PKEY_CTX_set1_scrypt_salt" = xyes; then : @@ -30146,7 +30151,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pdns $as_me 4.8.0, which was +This file was extended by pdns $as_me 4.8.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30212,7 +30217,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pdns config.status 4.8.0 +pdns config.status 4.8.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/configure.ac new/pdns-4.8.3/configure.ac --- old/pdns-4.8.0/configure.ac 2023-06-01 08:55:11.000000000 +0200 +++ new/pdns-4.8.3/configure.ac 2023-10-05 11:22:29.000000000 +0200 @@ -1,6 +1,6 @@ AC_PREREQ([2.69]) -AC_INIT([pdns], [4.8.0]) +AC_INIT([pdns], [4.8.3]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability subdir-objects parallel-tests 1.11]) AM_SILENT_RULES([yes]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/calidns.1 new/pdns-4.8.3/docs/calidns.1 --- old/pdns-4.8.0/docs/calidns.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/calidns.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "CALIDNS" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "CALIDNS" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME calidns \- A DNS recursor testing tool .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnsbulktest.1 new/pdns-4.8.3/docs/dnsbulktest.1 --- old/pdns-4.8.0/docs/dnsbulktest.1 2023-06-01 08:57:00.000000000 +0200 +++ new/pdns-4.8.3/docs/dnsbulktest.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSBULKTEST" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSBULKTEST" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnsbulktest \- A debugging tool for intermittent resolver failures .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnsgram.1 new/pdns-4.8.3/docs/dnsgram.1 --- old/pdns-4.8.0/docs/dnsgram.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dnsgram.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSGRAM" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSGRAM" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnsgram \- A debugging tool for intermittent resolver failures .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnspcap2calidns.1 new/pdns-4.8.3/docs/dnspcap2calidns.1 --- old/pdns-4.8.0/docs/dnspcap2calidns.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dnspcap2calidns.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSPCAP2CALIDNS" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSPCAP2CALIDNS" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnspcap2calidns \- A tool to convert PCAPs of DNS traffic to calidns input .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnspcap2protobuf.1 new/pdns-4.8.3/docs/dnspcap2protobuf.1 --- old/pdns-4.8.0/docs/dnspcap2protobuf.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dnspcap2protobuf.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSPCAP2PROTOBUF" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSPCAP2PROTOBUF" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnspcap2protobuf \- A tool to convert PCAPs of DNS traffic to PowerDNS Protobuf .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnsreplay.1 new/pdns-4.8.3/docs/dnsreplay.1 --- old/pdns-4.8.0/docs/dnsreplay.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dnsreplay.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSREPLAY" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSREPLAY" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnsreplay \- A PowerDNS nameserver debugging tool .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnsscan.1 new/pdns-4.8.3/docs/dnsscan.1 --- old/pdns-4.8.0/docs/dnsscan.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dnsscan.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSSCAN" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSSCAN" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnsscan \- List the amount of queries per qtype in a pcap .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnsscope.1 new/pdns-4.8.3/docs/dnsscope.1 --- old/pdns-4.8.0/docs/dnsscope.1 2023-06-01 08:57:00.000000000 +0200 +++ new/pdns-4.8.3/docs/dnsscope.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSSCOPE" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSSCOPE" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnsscope \- A PowerDNS nameserver debugging tool .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnstcpbench.1 new/pdns-4.8.3/docs/dnstcpbench.1 --- old/pdns-4.8.0/docs/dnstcpbench.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dnstcpbench.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSTCPBENCH" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSTCPBENCH" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnstcpbench \- tool to perform TCP benchmarking of nameservers .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dnswasher.1 new/pdns-4.8.3/docs/dnswasher.1 --- old/pdns-4.8.0/docs/dnswasher.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dnswasher.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DNSWASHER" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DNSWASHER" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dnswasher \- A PowerDNS nameserver debugging tool .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/dumresp.1 new/pdns-4.8.3/docs/dumresp.1 --- old/pdns-4.8.0/docs/dumresp.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/dumresp.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "DUMRESP" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "DUMRESP" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME dumresp \- A dumb DNS responder .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/ixfrdist.1 new/pdns-4.8.3/docs/ixfrdist.1 --- old/pdns-4.8.0/docs/ixfrdist.1 2023-06-01 08:57:00.000000000 +0200 +++ new/pdns-4.8.3/docs/ixfrdist.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "IXFRDIST" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "IXFRDIST" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME ixfrdist \- An IXFR/AXFR-only server that re-distributes zones .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/ixfrdist.yml.5 new/pdns-4.8.3/docs/ixfrdist.yml.5 --- old/pdns-4.8.0/docs/ixfrdist.yml.5 2023-06-01 08:57:00.000000000 +0200 +++ new/pdns-4.8.3/docs/ixfrdist.yml.5 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "IXFRDIST.YML" "5" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "IXFRDIST.YML" "5" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME ixfrdist.yml \- The ixfrdist configuration file .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/ixplore.1 new/pdns-4.8.3/docs/ixplore.1 --- old/pdns-4.8.0/docs/ixplore.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/ixplore.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "IXPLORE" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "IXPLORE" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME ixplore \- A tool that provides insights into IXFRs .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/nproxy.1 new/pdns-4.8.3/docs/nproxy.1 --- old/pdns-4.8.0/docs/nproxy.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/nproxy.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "NPROXY" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "NPROXY" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME nproxy \- DNS notification proxy .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/nsec3dig.1 new/pdns-4.8.3/docs/nsec3dig.1 --- old/pdns-4.8.0/docs/nsec3dig.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/nsec3dig.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "NSEC3DIG" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "NSEC3DIG" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME nsec3dig \- Show and validate NSEC3 proofs .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/pdns_control.1 new/pdns-4.8.3/docs/pdns_control.1 --- old/pdns-4.8.0/docs/pdns_control.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/pdns_control.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "PDNS_CONTROL" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "PDNS_CONTROL" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME pdns_control \- Control the PowerDNS nameserver .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/pdns_notify.1 new/pdns-4.8.3/docs/pdns_notify.1 --- old/pdns-4.8.0/docs/pdns_notify.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/pdns_notify.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "PDNS_NOTIFY" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "PDNS_NOTIFY" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME pdns_notify \- A simple DNS NOTIFY sender .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/pdns_server.1 new/pdns-4.8.3/docs/pdns_server.1 --- old/pdns-4.8.0/docs/pdns_server.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/pdns_server.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "PDNS_SERVER" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "PDNS_SERVER" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME pdns_server \- The PowerDNS Authoritative Nameserver .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/pdnsutil.1 new/pdns-4.8.3/docs/pdnsutil.1 --- old/pdns-4.8.0/docs/pdnsutil.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/pdnsutil.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "PDNSUTIL" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "PDNSUTIL" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME pdnsutil \- PowerDNS record and DNSSEC command and control .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/saxfr.1 new/pdns-4.8.3/docs/saxfr.1 --- old/pdns-4.8.0/docs/saxfr.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/saxfr.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SAXFR" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "SAXFR" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME saxfr \- Perform AXFRs and show information about it .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/sdig.1 new/pdns-4.8.3/docs/sdig.1 --- old/pdns-4.8.0/docs/sdig.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/sdig.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SDIG" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "SDIG" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME sdig \- Perform a DNS query and show the results .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/zone2json.1 new/pdns-4.8.3/docs/zone2json.1 --- old/pdns-4.8.0/docs/zone2json.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/zone2json.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "ZONE2JSON" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "ZONE2JSON" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME zone2json \- convert BIND zones to JSON .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/zone2ldap.1 new/pdns-4.8.3/docs/zone2ldap.1 --- old/pdns-4.8.0/docs/zone2ldap.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/zone2ldap.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "ZONE2LDAP" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "ZONE2LDAP" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME zone2ldap \- convert zonefiles to ldif .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/docs/zone2sql.1 new/pdns-4.8.3/docs/zone2sql.1 --- old/pdns-4.8.0/docs/zone2sql.1 2023-06-01 08:56:59.000000000 +0200 +++ new/pdns-4.8.3/docs/zone2sql.1 2023-10-05 11:24:10.000000000 +0200 @@ -27,7 +27,7 @@ .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "ZONE2SQL" "1" "Jun 01, 2023" "" "PowerDNS Authoritative Server" +.TH "ZONE2SQL" "1" "Oct 05, 2023" "" "PowerDNS Authoritative Server" .SH NAME zone2sql \- convert BIND zones to SQL .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/ext/json11/json11.cpp new/pdns-4.8.3/ext/json11/json11.cpp --- old/pdns-4.8.0/ext/json11/json11.cpp 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/ext/json11/json11.cpp 2023-10-05 11:22:14.000000000 +0200 @@ -93,10 +93,18 @@ out += "\\r"; } else if (ch == '\t') { out += "\\t"; - } else if (static_cast<uint8_t>(ch) <= 0x1f || static_cast<uint8_t>(ch) >= 0x7f) { + } else if (static_cast<uint8_t>(ch) <= 0x1f) { char buf[8]; snprintf(buf, sizeof buf, "\\u%04x", ch); out += buf; + } else if (static_cast<uint8_t>(ch) == 0xe2 && static_cast<uint8_t>(value[i+1]) == 0x80 + && static_cast<uint8_t>(value[i+2]) == 0xa8) { + out += "\\u2028"; + i += 2; + } else if (static_cast<uint8_t>(ch) == 0xe2 && static_cast<uint8_t>(value[i+1]) == 0x80 + && static_cast<uint8_t>(value[i+2]) == 0xa9) { + out += "\\u2029"; + i += 2; } else { out += ch; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/ext/lmdb-safe/lmdb-typed.hh new/pdns-4.8.3/ext/lmdb-safe/lmdb-typed.hh --- old/pdns-4.8.0/ext/lmdb-safe/lmdb-typed.hh 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/ext/lmdb-safe/lmdb-typed.hh 2023-10-05 11:22:14.000000000 +0200 @@ -164,10 +164,8 @@ MDBOutVal currentvalue; - // check if the entry already exists, so we don't uselessly bump the timestamp - if (txn->get(d_idx, combined, currentvalue) == MDB_NOTFOUND) { - txn->put(d_idx, combined, empty, flags); - } + // if the entry existed already, this will just update the timestamp/txid in the LS header. This is intentional, so objects and their indexes always get synced together. + txn->put(d_idx, combined, empty, flags); } void del(MDBRWTransaction& txn, const Class& t, uint32_t id) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/ext/yahttp/yahttp/reqresp.cpp new/pdns-4.8.3/ext/yahttp/yahttp/reqresp.cpp --- old/pdns-4.8.0/ext/yahttp/yahttp/reqresp.cpp 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/ext/yahttp/yahttp/reqresp.cpp 2023-10-05 11:22:14.000000000 +0200 @@ -1,5 +1,7 @@ #include "yahttp.hpp" +#include <limits> + namespace YaHTTP { template class AsyncLoader<Request>; @@ -177,6 +179,9 @@ throw ParseError("Unable to parse chunk size"); } if (chunk_size == 0) { state = 3; break; } // last chunk + if (chunk_size > (std::numeric_limits<decltype(chunk_size)>::max() - 2)) { + throw ParseError("Chunk is too large"); + } } else { int crlf=1; if (buffer.size() < static_cast<size_t>(chunk_size+1)) return false; // expect newline diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/m4/pdns_check_libcrypto.m4 new/pdns-4.8.3/m4/pdns_check_libcrypto.m4 --- old/pdns-4.8.0/m4/pdns_check_libcrypto.m4 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/m4/pdns_check_libcrypto.m4 2023-10-05 11:22:14.000000000 +0200 @@ -108,11 +108,19 @@ LIBS="$LIBCRYPTO_LIBS $LIBS" CPPFLAGS="$LIBCRYPTO_INCLUDES $CPPFLAGS" AC_LINK_IFELSE( - [AC_LANG_PROGRAM([#include <openssl/crypto.h>], [ERR_load_CRYPTO_strings()])], + [AC_LANG_PROGRAM([#include <openssl/bn.h>], [BN_new()])], [ AC_MSG_RESULT([yes]) AC_CHECK_FUNCS([RAND_bytes RAND_pseudo_bytes CRYPTO_memcmp OPENSSL_init_crypto EVP_MD_CTX_new EVP_MD_CTX_free RSA_get0_key]) - AC_CHECK_DECL(EVP_PKEY_CTX_set1_scrypt_salt, [AC_DEFINE([HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT], [1], [Define to 1 if you have EVP_PKEY_CTX_set1_scrypt_salt])], [], [#include <openssl/kdf.h>]) + # you might be wondering why the stdarg.h and stddef.h includes, + # in which case please have a look at https://github.com/PowerDNS/pdns/issues/12926 + # and weep, yelling at Red Hat + AC_CHECK_DECL(EVP_PKEY_CTX_set1_scrypt_salt, + [AC_DEFINE([HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT], [1], [Define to 1 if you have EVP_PKEY_CTX_set1_scrypt_salt])], + [], + [#include <stdarg.h> + #include <stddef.h> + #include <openssl/kdf.h>]) $1 ], [ AC_MSG_RESULT([no]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/modules/gmysqlbackend/smysql.cc new/pdns-4.8.3/modules/gmysqlbackend/smysql.cc --- old/pdns-4.8.0/modules/gmysqlbackend/smysql.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/modules/gmysqlbackend/smysql.cc 2023-10-05 11:22:14.000000000 +0200 @@ -489,11 +489,6 @@ do { -#if MYSQL_VERSION_ID >= 50013 - my_bool set_reconnect = 0; - mysql_options(&d_db, MYSQL_OPT_RECONNECT, &set_reconnect); -#endif - #if MYSQL_VERSION_ID >= 50100 if (d_timeout) { mysql_options(&d_db, MYSQL_OPT_READ_TIMEOUT, &d_timeout); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/modules/lmdbbackend/lmdbbackend.cc new/pdns-4.8.3/modules/lmdbbackend/lmdbbackend.cc --- old/pdns-4.8.0/modules/lmdbbackend/lmdbbackend.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/modules/lmdbbackend/lmdbbackend.cc 2023-10-05 11:22:14.000000000 +0200 @@ -1321,7 +1321,11 @@ idvec.push_back(txn.get<0>(domain, di)); } else { - auto txn = d_tdomains->getROTransaction(); + // this transaction used to be RO. + // it is now RW to narrow a race window between PowerDNS and Lightning Stream + // FIXME: turn the entire delete, including this ID scan, into one RW transaction + // when doing that, first do a short RO check to see if we actually have anything to delete + auto txn = d_tdomains->getRWTransaction(); txn.get_multi<0>(domain, idvec); } @@ -2620,17 +2624,133 @@ string LMDBBackend::directBackendCmd(const string& query) { - if (query == "info") { - ostringstream ret; + ostringstream ret, usage; + + usage << "info show some information about the database" << endl; + usage << "index check domains check zone<>ID indexes" << endl; + usage << "index refresh domains <ID> refresh index for zone with this ID" << endl; + usage << "index refresh-all domains refresh index for all zones with disconnected indexes" << endl; + vector<string> argv; + stringtok(argv, query); + + if (argv.empty()) { + return usage.str(); + } + + string& cmd = argv[0]; + if (cmd == "help") { + return usage.str(); + } + + if (cmd == "info") { ret << "shards: " << s_shards << endl; ret << "schemaversion: " << SCHEMAVERSION << endl; return ret.str(); } - else { - return "unknown lmdbbackend command\n"; + + if (cmd == "index") { + if (argv.size() < 2) { + return "need an index subcommand\n"; + } + + string& subcmd = argv[1]; + + if (subcmd == "check" || subcmd == "refresh-all") { + bool refresh = false; + + if (subcmd == "refresh-all") { + refresh = true; + } + + if (argv.size() < 3) { + return "need an index name\n"; + } + + if (argv[2] != "domains") { + return "can only check the domains index\n"; + } + + vector<uint32_t> refreshQueue; + + { + auto txn = d_tdomains->getROTransaction(); + + for (auto iter = txn.begin(); iter != txn.end(); ++iter) { + DomainInfo di = *iter; + + auto id = iter.getID(); + + LMDBIDvec ids; + txn.get_multi<0>(di.zone, ids); + + if (ids.size() != 1) { + ret << "ID->zone index has " << id << "->" << di.zone << ", "; + + if (ids.empty()) { + ret << "zone->ID index has no entry for " << di.zone << endl; + if (refresh) { + refreshQueue.push_back(id); + } + else { + ret << " suggested remedy: index refresh domains " << id << endl; + } + } + else { + // ids.size() > 1 + ret << "zone->ID index has multiple entries for " << di.zone << ": "; + for (auto id_ : ids) { + ret << id_ << " "; + } + ret << endl; + } + } + } + } + + if (refresh) { + for (const auto& id : refreshQueue) { + if (genChangeDomain(id, [](DomainInfo& /* di */) {})) { + ret << "refreshed " << id << endl; + } + else { + ret << "failed to refresh " << id << endl; + } + } + } + return ret.str(); + } + if (subcmd == "refresh") { + // index refresh domains 12345 + if (argv.size() < 4) { + return "usage: index refresh domains <ID>\n"; + } + + if (argv[2] != "domains") { + return "can only refresh in the domains index\n"; + } + + uint32_t id = 0; + + try { + id = pdns::checked_stoi<uint32_t>(argv[3]); + } + catch (const std::out_of_range& e) { + return "ID out of range\n"; + } + + if (genChangeDomain(id, [](DomainInfo& /* di */) {})) { + ret << "refreshed" << endl; + } + else { + ret << "failed" << endl; + } + return ret.str(); + } } + + return "unknown lmdbbackend command\n"; } class LMDBFactory : public BackendFactory diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/Makefile.am new/pdns-4.8.3/pdns/Makefile.am --- old/pdns-4.8.0/pdns/Makefile.am 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/Makefile.am 2023-10-05 11:22:14.000000000 +0200 @@ -1417,6 +1417,7 @@ test-trusted-notification-proxy_cc.cc \ test-tsig.cc \ test-ueberbackend_cc.cc \ + test-webserver_cc.cc \ test-zonemd_cc.cc \ test-zoneparser_tng_cc.cc \ testrunner.cc \ @@ -1425,7 +1426,9 @@ tsigverifier.cc tsigverifier.hh \ ueberbackend.cc ueberbackend.hh \ unix_utility.cc \ + uuid-utils.cc \ validate.hh \ + webserver.cc \ zonemd.cc zonemd.hh \ zoneparser-tng.cc zoneparser-tng.hh @@ -1440,7 +1443,9 @@ $(RT_LIBS) \ $(LUA_LIBS) \ $(LIBDL) \ - $(IPCRYPT_LIBS) + $(IPCRYPT_LIBS) \ + $(YAHTTP_LIBS) \ + $(JSON11_LIBS) if GSS_TSIG testrunner_LDADD += $(GSS_LIBS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/Makefile.in new/pdns-4.8.3/pdns/Makefile.in --- old/pdns-4.8.0/pdns/Makefile.in 2023-06-01 08:55:28.000000000 +0200 +++ new/pdns-4.8.3/pdns/Makefile.in 2023-10-05 11:22:47.000000000 +0200 @@ -1044,15 +1044,15 @@ test-rcpgenerator_cc.cc test-sha_hh.cc test-signers.cc \ test-statbag_cc.cc test-svc_records_cc.cc \ test-trusted-notification-proxy_cc.cc test-tsig.cc \ - test-ueberbackend_cc.cc test-zonemd_cc.cc \ + test-ueberbackend_cc.cc test-webserver_cc.cc test-zonemd_cc.cc \ test-zoneparser_tng_cc.cc testrunner.cc threadname.hh \ threadname.cc trusted-notification-proxy.cc tsigverifier.cc \ tsigverifier.hh ueberbackend.cc ueberbackend.hh \ - unix_utility.cc validate.hh zonemd.cc zonemd.hh \ - zoneparser-tng.cc zoneparser-tng.hh pkcs11signers.cc \ - pkcs11signers.hh sodiumsigners.cc decafsigners.cc \ - kqueuemplexer.cc epollmplexer.cc devpollmplexer.cc \ - portsmplexer.cc + unix_utility.cc uuid-utils.cc validate.hh webserver.cc \ + zonemd.cc zonemd.hh zoneparser-tng.cc zoneparser-tng.hh \ + pkcs11signers.cc pkcs11signers.hh sodiumsigners.cc \ + decafsigners.cc kqueuemplexer.cc epollmplexer.cc \ + devpollmplexer.cc portsmplexer.cc am_testrunner_OBJECTS = arguments.$(OBJEXT) auth-caches.$(OBJEXT) \ auth-packetcache.$(OBJEXT) auth-querycache.$(OBJEXT) \ auth-zonecache.$(OBJEXT) base32.$(OBJEXT) base64.$(OBJEXT) \ @@ -1092,19 +1092,22 @@ test-svc_records_cc.$(OBJEXT) \ test-trusted-notification-proxy_cc.$(OBJEXT) \ test-tsig.$(OBJEXT) test-ueberbackend_cc.$(OBJEXT) \ - test-zonemd_cc.$(OBJEXT) test-zoneparser_tng_cc.$(OBJEXT) \ - testrunner.$(OBJEXT) threadname.$(OBJEXT) \ - trusted-notification-proxy.$(OBJEXT) tsigverifier.$(OBJEXT) \ - ueberbackend.$(OBJEXT) unix_utility.$(OBJEXT) zonemd.$(OBJEXT) \ - zoneparser-tng.$(OBJEXT) $(am__objects_1) $(am__objects_7) \ - $(am__objects_8) $(am__objects_2) $(am__objects_3) \ - $(am__objects_4) $(am__objects_5) + test-webserver_cc.$(OBJEXT) test-zonemd_cc.$(OBJEXT) \ + test-zoneparser_tng_cc.$(OBJEXT) testrunner.$(OBJEXT) \ + threadname.$(OBJEXT) trusted-notification-proxy.$(OBJEXT) \ + tsigverifier.$(OBJEXT) ueberbackend.$(OBJEXT) \ + unix_utility.$(OBJEXT) uuid-utils.$(OBJEXT) \ + webserver.$(OBJEXT) zonemd.$(OBJEXT) zoneparser-tng.$(OBJEXT) \ + $(am__objects_1) $(am__objects_7) $(am__objects_8) \ + $(am__objects_2) $(am__objects_3) $(am__objects_4) \ + $(am__objects_5) testrunner_OBJECTS = $(am_testrunner_OBJECTS) testrunner_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_5) $(am__DEPENDENCIES_4) \ - $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_7) + $(am__DEPENDENCIES_1) $(JSON11_LIBS) $(am__DEPENDENCIES_5) \ + $(am__DEPENDENCIES_4) $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_7) testrunner_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ $(CXXFLAGS) $(testrunner_LDFLAGS) $(LDFLAGS) -o $@ @@ -1296,7 +1299,7 @@ ./$(DEPDIR)/test-svc_records_cc.Po \ ./$(DEPDIR)/test-trusted-notification-proxy_cc.Po \ ./$(DEPDIR)/test-tsig.Po ./$(DEPDIR)/test-ueberbackend_cc.Po \ - ./$(DEPDIR)/test-zonemd_cc.Po \ + ./$(DEPDIR)/test-webserver_cc.Po ./$(DEPDIR)/test-zonemd_cc.Po \ ./$(DEPDIR)/test-zoneparser_tng_cc.Po \ ./$(DEPDIR)/testrunner.Po ./$(DEPDIR)/threadname.Po \ ./$(DEPDIR)/tkey.Po ./$(DEPDIR)/trusted-notification-proxy.Po \ @@ -2685,23 +2688,24 @@ test-rcpgenerator_cc.cc test-sha_hh.cc test-signers.cc \ test-statbag_cc.cc test-svc_records_cc.cc \ test-trusted-notification-proxy_cc.cc test-tsig.cc \ - test-ueberbackend_cc.cc test-zonemd_cc.cc \ + test-ueberbackend_cc.cc test-webserver_cc.cc test-zonemd_cc.cc \ test-zoneparser_tng_cc.cc testrunner.cc threadname.hh \ threadname.cc trusted-notification-proxy.cc tsigverifier.cc \ tsigverifier.hh ueberbackend.cc ueberbackend.hh \ - unix_utility.cc validate.hh zonemd.cc zonemd.hh \ - zoneparser-tng.cc zoneparser-tng.hh $(am__append_62) \ - $(am__append_66) $(am__append_69) $(am__append_72) \ - $(am__append_74) $(am__append_76) $(am__append_78) + unix_utility.cc uuid-utils.cc validate.hh webserver.cc \ + zonemd.cc zonemd.hh zoneparser-tng.cc zoneparser-tng.hh \ + $(am__append_62) $(am__append_66) $(am__append_69) \ + $(am__append_72) $(am__append_74) $(am__append_76) \ + $(am__append_78) testrunner_LDFLAGS = \ $(AM_LDFLAGS) \ $(LIBCRYPTO_LDFLAGS) \ $(BOOST_UNIT_TEST_FRAMEWORK_LDFLAGS) testrunner_LDADD = $(LIBCRYPTO_LIBS) $(BOOST_UNIT_TEST_FRAMEWORK_LIBS) \ - $(RT_LIBS) $(LUA_LIBS) $(LIBDL) $(IPCRYPT_LIBS) \ - $(am__append_61) $(am__append_63) $(am__append_67) \ - $(am__append_70) + $(RT_LIBS) $(LUA_LIBS) $(LIBDL) $(IPCRYPT_LIBS) $(YAHTTP_LIBS) \ + $(JSON11_LIBS) $(am__append_61) $(am__append_63) \ + $(am__append_67) $(am__append_70) pdns_control_SOURCES = \ arguments.cc \ dnslabeltext.cc \ @@ -3347,6 +3351,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-trusted-notification-proxy_cc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-tsig.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-ueberbackend_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-webserver_cc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-zonemd_cc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-zoneparser_tng_cc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testrunner.Po@am__quote@ # am--include-marker @@ -4301,6 +4306,7 @@ -rm -f ./$(DEPDIR)/test-trusted-notification-proxy_cc.Po -rm -f ./$(DEPDIR)/test-tsig.Po -rm -f ./$(DEPDIR)/test-ueberbackend_cc.Po + -rm -f ./$(DEPDIR)/test-webserver_cc.Po -rm -f ./$(DEPDIR)/test-zonemd_cc.Po -rm -f ./$(DEPDIR)/test-zoneparser_tng_cc.Po -rm -f ./$(DEPDIR)/testrunner.Po @@ -4551,6 +4557,7 @@ -rm -f ./$(DEPDIR)/test-trusted-notification-proxy_cc.Po -rm -f ./$(DEPDIR)/test-tsig.Po -rm -f ./$(DEPDIR)/test-ueberbackend_cc.Po + -rm -f ./$(DEPDIR)/test-webserver_cc.Po -rm -f ./$(DEPDIR)/test-zonemd_cc.Po -rm -f ./$(DEPDIR)/test-zoneparser_tng_cc.Po -rm -f ./$(DEPDIR)/testrunner.Po diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/auth-main.cc new/pdns-4.8.3/pdns/auth-main.cc --- old/pdns-4.8.0/pdns/auth-main.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/auth-main.cc 2023-10-05 11:22:14.000000000 +0200 @@ -328,6 +328,8 @@ ::arg().setSwitch("consistent-backends", "Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups") = "yes"; ::arg().set("rng", "Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom.") = "auto"; + + ::arg().set("default-catalog-zone", "Catalog zone to assign newly created primary zones (via the API) to") = ""; #ifdef ENABLE_GSS_TSIG ::arg().setSwitch("enable-gss-tsig", "Enable GSS TSIG processing") = "no"; #endif @@ -1479,6 +1481,17 @@ g_log << Logger::Error << "Exiting because: " << PE.reason << endl; exit(1); } + + try { + auto defaultCatalog = ::arg()["default-catalog-zone"]; + if (!defaultCatalog.empty()) { + auto defCatalog = DNSName(defaultCatalog); + } + } + catch (const std::exception& e) { + g_log << Logger::Error << "Invalid value '" << ::arg()["default-catalog-zone"] << "' for default-catalog-zone: " << e.what() << endl; + exit(1); + } S.blacklist("special-memory-usage"); DLOG(g_log << Logger::Warning << "Verbose logging in effect" << endl); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/calidns.cc new/pdns-4.8.3/pdns/calidns.cc --- old/pdns-4.8.0/pdns/calidns.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/calidns.cc 2023-10-05 11:22:14.000000000 +0200 @@ -121,7 +121,7 @@ { ComboAddress result = ecsRange.getMaskedNetwork(); uint8_t bits = ecsRange.getBits(); - uint32_t mod = 1 << (32 - bits); + uint32_t mod = (bits > 0) ? (1 << (32 - bits)) : std::numeric_limits<uint32_t>::max(); result.sin4.sin_addr.s_addr = result.sin4.sin_addr.s_addr + ntohl(dns_random(mod)); return result; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/dnspacket.cc new/pdns-4.8.3/pdns/dnspacket.cc --- old/pdns-4.8.0/pdns/dnspacket.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/dnspacket.cc 2023-10-05 11:22:14.000000000 +0200 @@ -333,7 +333,7 @@ if (d_haveednscookie) { if (d_eco.isWellFormed()) { - optsize += EDNSCookiesOpt::EDNSCookieOptSize; + optsize += EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE + EDNSCookiesOpt::EDNSCookieOptSize; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/ixfr.cc new/pdns-4.8.3/pdns/ixfr.cc --- old/pdns-4.8.0/pdns/ixfr.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/ixfr.cc 2023-10-05 11:22:14.000000000 +0200 @@ -123,6 +123,7 @@ } // Returns pairs of "remove & add" vectors. If you get an empty remove, it means you got an AXFR! + // NOLINTNEXTLINE(readability-function-cognitive-complexity): https://github.com/PowerDNS/pdns/issues/12791 vector<pair<vector<DNSRecord>, vector<DNSRecord>>> getIXFRDeltas(const ComboAddress& primary, const DNSName& zone, const DNSRecord& oursr, uint16_t xfrTimeout, bool totalTimeout, const TSIGTriplet& tt, const ComboAddress* laddr, size_t maxReceivedBytes) @@ -203,24 +204,35 @@ const unsigned int expectedSOAForIXFR = 3; unsigned int primarySOACount = 0; + std::string state; for (;;) { // IXFR or AXFR style end reached? We don't want to process trailing data after the closing SOA if (style == AXFR && primarySOACount == expectedSOAForAXFR) { + state = "AXFRdone"; break; } - else if (style == IXFR && primarySOACount == expectedSOAForIXFR) { + if (style == IXFR && primarySOACount == expectedSOAForIXFR) { + state = "IXFRdone"; break; } elapsed = timeoutChecker(); - if (s.readWithTimeout(reinterpret_cast<char*>(&len), sizeof(len), static_cast<int>(xfrTimeout - elapsed)) != sizeof(len)) { + try { + const struct timeval remainingTime = { .tv_sec = xfrTimeout - elapsed, .tv_usec = 0 }; + const struct timeval idleTime = remainingTime; + readn2WithTimeout(s.getHandle(), &len, sizeof(len), idleTime, remainingTime, false); + } + catch (const runtime_error& ex) { + state = ex.what(); break; } len = ntohs(len); if (len == 0) { + state = "zeroLen"; break; } + // Currently no more break statements after this if (maxReceivedBytes > 0 && (maxReceivedBytes - receivedBytes) < (size_t) len) { throw std::runtime_error("Reached the maximum number of received bytes in an IXFR delta for zone '"+zone.toLogString()+"' from primary "+primary.toStringWithPort()); @@ -229,9 +241,9 @@ reply.resize(len); elapsed = timeoutChecker(); - const struct timeval remainingTime = { .tv_sec = xfrTimeout - elapsed, .tv_usec = 0 }; + const struct timeval remainingTime = { .tv_sec = xfrTimeout - elapsed, .tv_usec = 0 }; const struct timeval idleTime = remainingTime; - readn2WithTimeout(s.getHandle(), &reply.at(0), len, idleTime, remainingTime, false); + readn2WithTimeout(s.getHandle(), reply.data(), len, idleTime, remainingTime, false); receivedBytes += len; MOADNSParser mdp(false, reply); @@ -295,7 +307,7 @@ if(r.first.d_type == QType::OPT) continue; - throw std::runtime_error("Unexpected record (" +QType(r.first.d_type).toString()+") in non-answer section ("+std::to_string(r.first.d_place)+")in IXFR response for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()); + throw std::runtime_error("Unexpected record (" +QType(r.first.d_type).toString()+") in non-answer section ("+std::to_string(r.first.d_place)+") in IXFR response for zone '"+zone.toLogString()+"' from primary '"+primary.toStringWithPort()); } r.first.d_name.makeUsRelative(zone); @@ -306,16 +318,16 @@ switch (style) { case IXFR: if (primarySOACount != expectedSOAForIXFR) { - throw std::runtime_error("Incomplete IXFR transfer for '" + zone.toLogString() + "' from primary '" + primary.toStringWithPort()); + throw std::runtime_error("Incomplete IXFR transfer (primarySOACount=" + std::to_string(primarySOACount) + ") for '" + zone.toLogString() + "' from primary '" + primary.toStringWithPort() + " state=" + state); } break; case AXFR: if (primarySOACount != expectedSOAForAXFR){ - throw std::runtime_error("Incomplete AXFR style transfer for '" + zone.toLogString() + "' from primary '" + primary.toStringWithPort()); + throw std::runtime_error("Incomplete AXFR style transfer (primarySOACount=" + std::to_string(primarySOACount) + ") for '" + zone.toLogString() + "' from primary '" + primary.toStringWithPort() + " state=" + state); } break; case Unknown: - throw std::runtime_error("Incomplete XFR for '" + zone.toLogString() + "' from primary '" + primary.toStringWithPort()); + throw std::runtime_error("Incomplete XFR (primarySOACount=" + std::to_string(primarySOACount) + ") for '" + zone.toLogString() + "' from primary '" + primary.toStringWithPort() + " state=" + state); break; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/ixfrdist.cc new/pdns-4.8.3/pdns/ixfrdist.cc --- old/pdns-4.8.0/pdns/ixfrdist.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/ixfrdist.cc 2023-10-05 11:22:14.000000000 +0200 @@ -532,6 +532,7 @@ pw.getHeader()->id = mdp.d_header.id; pw.getHeader()->rd = mdp.d_header.rd; pw.getHeader()->qr = 1; + pw.getHeader()->aa = 1; pw.startRecord(mdp.d_qname, QType::SOA, zoneInfo->soaTTL); zoneInfo->soa->toPacket(pw); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/test-webserver_cc.cc new/pdns-4.8.3/pdns/test-webserver_cc.cc --- old/pdns-4.8.0/pdns/test-webserver_cc.cc 1970-01-01 01:00:00.000000000 +0100 +++ new/pdns-4.8.3/pdns/test-webserver_cc.cc 2023-10-05 11:22:14.000000000 +0200 @@ -0,0 +1,35 @@ +#define BOOST_TEST_DYN_LINK +#define BOOST_TEST_NO_MAIN + +#include <boost/test/unit_test.hpp> +#include "webserver.hh" + +BOOST_AUTO_TEST_SUITE(test_webserver_cc) + +BOOST_AUTO_TEST_CASE(test_validURL) +{ + // We cannot test\x00 as embedded NULs are not handled by YaHTTP other than stopping the parsing + const std::vector<std::pair<string, bool>> urls = { + {"http://www.powerdns.com/?foo=123";, true}, + {"http://ww.powerdns.com/?foo=%ff";, true}, + {"http://\x01ww.powerdns.com/?foo=123";, false}, + {"http://\xffwww.powerdns.com/?foo=123";, false}, + {"http://www.powerdns.com/?foo=123\x01";, false}, + {"http://www.powerdns.com/\x7f?foo=123";, false}, + {"http://www.powerdns.com/\x80?foo=123";, false}, + {"http://www.powerdns.com/?\xff";, false}, + {"/?foo=123&bar", true}, + {"/?foo=%ff&bar", true}, + {"/?\x01foo=123", false}, + {"/?foo=123\x01", false}, + {"/\x7f?foo=123", false}, + {"/\x80?foo=123", false}, + {"/?\xff", false}, + }; + + for (const auto& testcase : urls) { + BOOST_CHECK_EQUAL(WebServer::validURL(testcase.first), testcase.second); + } +} + +BOOST_AUTO_TEST_SUITE_END(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/webserver.cc new/pdns-4.8.3/pdns/webserver.cc --- old/pdns-4.8.0/pdns/webserver.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/webserver.cc 2023-10-05 11:22:14.000000000 +0200 @@ -36,6 +36,8 @@ #include "json.hh" #include "uuid-utils.hh" #include <yahttp/router.hpp> +#include <algorithm> +#include <unordered_set> json11::Json HttpRequest::json() { @@ -461,6 +463,53 @@ } } + +struct ValidChars { + ValidChars() + { + // letter may be signed, but we only pass positive values + for (auto letter : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~:/?#[]@!$&'()*+,;=") { + set.set(letter); + } + } + std::bitset<127> set; +}; + +static const ValidChars validChars; + +static bool validURLChars(const string& str) +{ + for (auto iter = str.begin(); iter != str.end(); ++iter) { + if (*iter == '%') { + ++iter; + if (iter == str.end() || isxdigit(static_cast<unsigned char>(*iter)) == 0) { + return false; + } + ++iter; + if (iter == str.end() || isxdigit(static_cast<unsigned char>(*iter)) == 0) { + return false; + } + } + else if (static_cast<size_t>(*iter) >= validChars.set.size() || !validChars.set[*iter]) { + return false; + } + } + return true; +} + +bool WebServer::validURL(const YaHTTP::URL& url) +{ + bool isOK = true; + isOK = isOK && validURLChars(url.protocol); + isOK = isOK && validURLChars(url.host); + isOK = isOK && validURLChars(url.username); + isOK = isOK && validURLChars(url.password); + isOK = isOK && validURLChars(url.path); + isOK = isOK && validURLChars(url.parameters); + isOK = isOK && validURLChars(url.anchor); + return isOK; +} + void WebServer::serveConnection(const std::shared_ptr<Socket>& client) const { const auto unique = getUniqueID(); const string logprefix = d_logprefix + to_string(unique) + " "; @@ -504,6 +553,9 @@ d_slog->error(Logr::Warning, e.what(), "Unable to parse request")); } + if (!validURL(req.url)) { + throw PDNSException("Received request with invalid URL"); + } // Uses of `remote` below guarded by d_loglevel if (d_loglevel > WebServer::LogLevel::None) { client->getRemote(remote); @@ -535,7 +587,7 @@ } if (d_loglevel >= WebServer::LogLevel::Normal) { - SLOG(g_log<<Logger::Notice<<logprefix<<remote<<" \""<<req.method<<" "<<YaHTTP::Utility::encodeURL(req.url.path)<<" HTTP/"<<req.versionStr(req.version)<<"\" "<<resp.status<<" "<<reply.size()<<endl, + SLOG(g_log<<Logger::Notice<<logprefix<<remote<<" \""<<req.method<<" "<<req.url.path<<" HTTP/"<<req.versionStr(req.version)<<"\" "<<resp.status<<" "<<reply.size()<<endl, d_slog->info(Logr::Info, "Request", "remote", Logging::Loggable(remote), "method", Logging::Loggable(req.method), "urlpath", Logging::Loggable(req.url.path), "HTTPVersion", Logging::Loggable(req.versionStr(req.version)), "status", Logging::Loggable(resp.status), "respsize", Logging::Loggable(reply.size()))); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/webserver.hh new/pdns-4.8.3/pdns/webserver.hh --- old/pdns-4.8.0/pdns/webserver.hh 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/webserver.hh 2023-10-05 11:22:14.000000000 +0200 @@ -213,6 +213,8 @@ d_acl = nmg; } + static bool validURL(const YaHTTP::URL& url); + void bind(); void go(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-4.8.0/pdns/ws-auth.cc new/pdns-4.8.3/pdns/ws-auth.cc --- old/pdns-4.8.0/pdns/ws-auth.cc 2023-06-01 08:54:16.000000000 +0200 +++ new/pdns-4.8.3/pdns/ws-auth.cc 2023-10-05 11:22:14.000000000 +0200 @@ -1836,6 +1836,13 @@ updateDomainSettingsFromDocument(B, di, zonename, document, !new_records.empty()); + if (!catalog && kind == DomainInfo::Master) { + auto defaultCatalog = ::arg()["default-catalog-zone"]; + if (!defaultCatalog.empty()) { + di.backend->setCatalog(zonename, DNSName(defaultCatalog)); + } + } + di.backend->commitTransaction(); g_zoneCache.add(zonename, di.id); // make new zone visible
