Hello community, here is the log from the commit of package pdns-recursor for openSUSE:Factory checked in at 2015-02-20 12:01:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pdns-recursor (Old) and /work/SRC/openSUSE:Factory/.pdns-recursor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns-recursor" Changes: -------- --- /work/SRC/openSUSE:Factory/pdns-recursor/pdns-recursor.changes 2014-12-16 14:50:09.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.pdns-recursor.new/pdns-recursor.changes 2015-02-20 12:01:42.000000000 +0100 @@ -1,0 +2,133 @@ +Thu Feb 12 15:05:49 UTC 2015 - mrueck...@suse.de + +- update to 3.7.1 + This version contains a mix of speedups and improvements, the combined effect + of which is vastly improved resilience against traffic spikes and malicious + query overloads. + Minor changes: + - Removal of dead code here and there + 04dc6d618734fc630122de4c56dff641ebaf0988 + - Per-qtype response counters are now 64 bit + 297bb6acf7902068693a4aae1443c424d0e8dd52 on 64 bit systems + - Add IPv6 addresses for b and c.root-servers.net hints + efc2595423c9a1be6f2d8f4da25445198ceb8b57 + - Add IP address to logging about terminated queries + 37aa9904d1cc967ba4b5d5e17dbe41485f8cdece + - Improve qtype name logging + fab3ed3453e15ae88e29a0e4071b214eb19caad9 (Aki Tuomi) + - Redefine 'BAD_NETS' for dont-query based on newer IANA guidance + 12cd44ee0fcde5893f85dccc499bfc35152c5fff (lochiiconnectivity) + - Add documentation links to systemd unit + eb154adfdffa5c78624e2ea98e938d7b5787119e (Ruben Kerkhof) + Improvements: + - Upgrade embedded PolarSSL to 1.3.9: + d330a2ea1a93d7675ef680311f8aa0306aeefcf1 + - yahttp upgrade c290975778942ed1082ca66918695a5bd2d6bac4 + c65a57e888ee48eaa948e590c90c51420bffa847 (Aki Tuomi) + - Replace . in hostnames by - for Carbon so as not to confuse + Metronome 46541751ed1c3bc051d78217543d5fc76733e212 + - Manpages got a lot of love and are now built from Markdown + (Pieter Lexis) + - Move to PolarSSL base64 + 488360551009784ab35c43ee4580e773a2a8a227 (Kees Monshouwer) + - The quiet=no query logging is now more informative + 461df9d20c560d240285f772c09b3beb89d46daa + - We can finally bind to 0.0.0.0 and :: and guarantee answers + from the correct source + b71b60ee73ef3c86f80a2179981eda2e61c4363f + - We use per-packet timestamps to drop ancient traffic in case of + overload b71b60ee73ef3c86f80a2179981eda2e61c4363f, non-Linux + portability in d63f0d83631c41eff203d30b0b7c475a88f1db59 + - Builtin webserver can be queried with the API key in the URL + again c89f8cd022c4a9409b95d22ffa3b03e4e98dc400 + - Ringbuffers are now available via API + c89f8cd022c4a9409b95d22ffa3b03e4e98dc400 + - Lua 5.3 compatibility 59c6fc3e3931ca87d484337daee512e716bc4cf4 + (Kees Monshouwer) + - No longer leave a stale UNIX domain socket around from + rec_control if the recursor was down + 524e4f4d81f4ed9eb218715cbc8a59f0b9868234, ticket #2061 + - Running with 'quiet=no' would strangely actually prevent debug + messages from being logged + f48d7b657ec32517f8bfcada3bfe6353ca313314 + - Webserver now implements CORS for the API + ea89a97e864c43c1cb03f2959ad04c4ebe7580ad, fixing ticket #1984 + - Houskeeping thread would sometimes run multiple times + simultaneously, which worked, but was odd + cc59bce675e62e2b9657b42614ce8be3312cae82 + New features: + - New `root-nx-trust` flag makes PowerDNS generalize NXDOMAIN + responses from the root-servers + 01402d56846a3a61811ebd4e6bc97e53f908e568 + - `getregisteredname()` for Lua, which turns 'www.bbc.co.uk' into + 'bbc.co.uk' 8cd4851beb78bc6ab320926fb5cb6a09282016b1 + - Lua preoutquery filter 3457a2a0ec41d3b3aff7640f30008788e1228a6e + - Lua IP-based filter (ipfilter) before parsing packets + 4ea949413c495254acb0bd19335142761c1efc0c + - `iputils` class for Lua, to quickly process IP addresses and + netmasks in their native format + - `getregisteredname` function for Lua, to find the registered + domain for a given name + - Various new ringbuffers: top-servfail-remotes, + top-largeanswer-remotes, top-servfail-queries + Speedups: + - Remove unneeded malloc traffic + 93d4a89096e64d53740790f58fadec56f6a0af14 + 8682c32bc45b6ffa7c0f6da778e1b223ae7f03ce + a903b39cfe7364c56324038264d3db50b8cece87 + - Our nameserver-loop detection carried around a lot of baggage + for complex domain names, plus did not differentiate IPv4 and + IPv6 well enough 891fbf888ccac074e3edc38864641ca774f2f03c + - Prioritize new queries over nameserver responses, improving + latency under query bursts + bf3b0cec366c090af000b066267b6f6bbb3a512a + - Remove escaping in case there was nothing to escape + 83b746fd1d94c8742d8bd87a44beb44c154230c7 + - Our logging infrastructure had a lot of locking + d1449e4d073595e1e1581804f121fc90e37158bf + - Reduce logging level of certain common messages, which locked + up synchronously logging systems + 854d44e31c76aa650520e6d462dd3a02b5936f7a + - Add limit on total wall-clock time spent on a query + 9de3e0340fa066d4c59449e1643a1de8c343f8f2 + - Packet cache is now case-insensitive, which increases hitrate + 90974597aadaf1096e3fd0dc450be7422ea591a5 + Security relevant: + - Check for PIE, RELRO and stack protector during configure + 8d0354b189c12e1e14f5309d3b49935c17f9eeb0 (Aki Tuomi) + - Testing for support of PIE etc was improved in + b2053c28ccb9609e2ce7bcb6beda83f98a062aa3 and beyond, fixes + #2125 (Ruben Kerkhof) + - Max query-per-query limit (max-qperq) is now configurable + 173d790ead08f67733010ca4c6fc404a040fe699 + Bugs fixed: + - IPv6 outgoing queries had a disproportionate effect on our + query load. Fixed in 76f190f2a0877cd79ede2994124c1a58dc69ae49 + and beyond. + - rec_control gave incorrect output on a timeout + 12997e9d800734da51b808767e1e2477244c30eb + - When using the webserver AND having an error in the Lua script, + recursor could crash during startup + 62f0ae62984adadab687c23fe1b287c1f219b2cb + - Hugely long version strings would trip up security polling + 18b7333828a1275ae5f5574a9c8330290d8557ff (Kees Monshouwer) + - The 'remotes' ringbuffer was sized incorrectly + f8f243b01215d6adcb59389f09ef494f1309041f + - Cache sizes had an off-by-one scaling problem, with the wrong + number of entries allocated per thread + f8f243b01215d6adcb59389f09ef494f1309041f + - Our automatic file descriptor limit raising was attempted + *after* setuid, which made it a lot less effective. Found and + fixed by Aki Tuomi a6414fdce9b0ec32c340d1f2eea2254f3fedc1c1 + - Timestamps used for dropping packets were occasionaly wrong + 183eb8774e4bc2569f06d5894fec65740f4b70b6 and + 4c4765c104bacc146533217bcc843efb244a8086 (RC2) with thanks to + Winfried for debugging. + - In RC1, our new DoS protection measures would crash the + Recursor if too many root servers were unreachable. + 6a6fb05ad81c519b4002ed1db00f3ed9b7bce6b4. Debugging and testing + by Fusl. +- remove pdns-rec-lua52.patch: + no longer needed + +------------------------------------------------------------------- Old: ---- pdns-rec-lua52.patch pdns-recursor-3.6.2.tar.bz2 New: ---- pdns-recursor-3.7.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pdns-recursor.spec ++++++ --- /var/tmp/diff_new_pack.LrhWsi/_old 2015-02-20 12:01:43.000000000 +0100 +++ /var/tmp/diff_new_pack.LrhWsi/_new 2015-02-20 12:01:43.000000000 +0100 @@ -24,7 +24,7 @@ Name: pdns-recursor -Version: 3.6.2 +Version: 3.7.1 Release: 1 %define pkg_version %{version} # @@ -69,7 +69,6 @@ Source2: recursor.conf Source3: pdns-recursor.service Source4: pdns-recursor.tmpfiles.d -Patch: pdns-rec-lua52.patch # Summary: Modern, advanced and high performance recursing/non authoritative nameserver %description @@ -83,10 +82,10 @@ %prep %setup -n %{name}-%{pkg_version} -%patch %build -make %{makeflags} +./configure +make %{makeflags} all %install make install DESTDIR="%{buildroot}" %{makeflags} ++++++ pdns-recursor-3.6.2.tar.bz2 -> pdns-recursor-3.7.1.tar.bz2 ++++++ ++++ 27095 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org