Hello community, here is the log from the commit of package pdns-recursor for openSUSE:Factory checked in at 2016-09-30 15:31:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pdns-recursor (Old) and /work/SRC/openSUSE:Factory/.pdns-recursor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns-recursor" Changes: -------- --- /work/SRC/openSUSE:Factory/pdns-recursor/pdns-recursor.changes 2015-08-01 11:37:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pdns-recursor.new/pdns-recursor.changes 2016-09-30 15:31:11.000000000 +0200 @@ -1,0 +2,104 @@ +Tue Sep 13 13:42:33 UTC 2016 - [email protected] + +- 4462.patch: + Disable fcontext usage with Boost 1.61+ and revert back to + slower SystemV ucontext. This fixes failure to build with + newer Boost version. (boo#998408) + +------------------------------------------------------------------- +Tue Sep 6 21:54:15 UTC 2016 - [email protected] + +- update to 4.0.3 + A new release for the PowerDNS Recursor with version 4.0.3 is + available. This release has many fixes and improvements in the + Policy Engine (RPZ) and the Lua bindings to it. Therefore, we + recommend users of RPZ to upgrade to this release. We would like + to thank Wim (42wim on github) for testing and reporting on the + RPZ module. + + Bug fixes + - #4350: Call gettag() for TCP queries + - #4376: Fix the use of an uninitialized filtering policy + - #4381: Parse query-local-address before lua-config-file + - #4383: Fix accessing an empty policyCustom, policyName from Lua + - #4387: ComboAddress: don’t allow invalid ports + - #4388: Fix RPZ default policy not being applied over IXFR + - #4391: DNSSEC: Actually follow RFC 7646 §2.1 + - #4396: Add boost context ldflags so freebsd builds can find the + libs + - #4402: Ignore NS records in a RPZ zone received over IXFR + - #4403: Fix build with OpenSSL 1.1.0 final + - #4404: Don’t validate when a Lua hook took the query + - #4425: Fix a protobuf regression (requestor/responder mix-up) + Additions and Enhancements + - #4394: Support Boost 1.61+ fcontext + - #4402: Add Lua binding for DNSRecord::d_place + +------------------------------------------------------------------- +Sun Sep 4 11:41:48 UTC 2016 - [email protected] + +- update to 4.0.2 + Bug fixes + - #4264: Set dq.rcode before calling postresolve + - #4294: Honor PIE flags. + - #4310: Fix build with LibreSSL, for which + OPENSSL_VERSION_NUMBER is irrelevant + - #4340: Don't shuffle CNAME records. (thanks to Gert van Dijk + for the extensive bug report!) + - #4354: Fix delegation-only + Additions and enhancements + - #4288: Respect the timeout when connecting to a protobuf server + - #4300: allow newDN to take a DNSName in; document missing + methods + - #4301: expose SMN toString to lua + - #4318: Anonymize the protobuf ECS value as well (thanks to Kai + Storbeck of XS4All for finding this) + - #4324: Allow Lua access to the result of the Policy Engine + decision, skip RPZ, finish RPZ implementation + - #4349: Remove unused DNSPacket::d_qlen + - #4351: RPZ: Use query-local-address(6) by default (thanks to + Oli Schacher of switch.ch for the bug report) + - #4357: Move the root DNSSEC data to a header file + +------------------------------------------------------------------- +Sat Jul 30 12:38:43 UTC 2016 - [email protected] + +- update to 4.0.1 + Bug fixes + - #4119 Improve DNSSEC record skipping for non dnssec queries + (Kees Monshouwer) + - #4162 Don't validate zones from the local auth store, go one + level down while validating when there is a CNAME + - #4187: + - Don't go bogus on islands of security + - Check all possible chains for Insecures + - Don't go Bogus on a CNAME at the apex + - #4215 RPZ: default policy should also override local data RRs + - #4243 Fix a crash when the next name in a chained query is + empty and rec_control current-queries is invoked + Improvements + - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler) + - #4140 Fix warnings with gcc on musl-libc (James Taylor) + - #4160 Also validate on +DO + - #4164 Fail to start when the lua-dns-script does not exist + - #4168 Add more Netmask methods for Lua (Aki Tuomi) + - #4210 Validate DNSSEC for security polling + - #4217 Turn on root-nx-trust by default and + log-common-errors=off + - #4207 Allow for multiple trust anchors per zone + - #4242 Fix compilation warning when building without Protobuf + - #4133 Add limits to the size of received {A,I}XFR + (CVE-2016-6172) + +------------------------------------------------------------------- +Mon Jul 11 15:22:49 UTC 2016 - [email protected] + +- update to 4.0.0 + https://blog.powerdns.com/2016/07/11/powerdns-recursor-4-0-0-released/ + https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/ +- packaging changes: + - enabled protobuf based stats + - enabled botan based code + - use upstream systemd files + +------------------------------------------------------------------- Old: ---- pdns-recursor-3.7.3.tar.bz2 pdns-recursor.service pdns-recursor.tmpfiles.d New: ---- 4462.patch pdns-recursor-4.0.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pdns-recursor.spec ++++++ --- /var/tmp/diff_new_pack.G9fkZS/_old 2016-09-30 15:31:13.000000000 +0200 +++ /var/tmp/diff_new_pack.G9fkZS/_new 2016-09-30 15:31:14.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package pdns-recursor (Version 3.1.7.1) +# spec file for package pdns-recursor # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,30 +15,47 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild + %if 0%{?suse_version} > 1230 %bcond_without systemd %else %bcond_with systemd %endif +%if 0%{?fedora_version} >= 24 || 0%{?fc24}%{?fc25} +%bcond_with systemd_separetedlibs +%else +%bcond_without systemd_separetedlibs +%endif + +%if 0%{?suse_version} && ! ( 0%{?suse_version} == 1315 && ! 0%{?is_opensuse} ) +%bcond_without pdns_protobuf +%bcond_without pdns_botan +%else +%bcond_with pdns_protobuf +%bcond_with pdns_botan +%endif Name: pdns-recursor -Version: 3.7.3 -Release: 1 -%define pkg_version %{version} +Version: 4.0.3 +Release: 0 +%define pkg_version 4.0.3 # -Group: Productivity/Networking/DNS/Servers -License: GPL-2.0+ # -%define home %{_var}/lib/pdns -%if %{with systemd} -%define _localstatedir /run/pdns +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +%if %{with pdns_botan} +BuildRequires: Botan-devel >= 1.10 +%endif +%if (0%{?suse_version} == 1315) && 0%{?is_opensuse} +BuildRequires: boost_1_58_0-devel %else -%define _localstatedir /var/run/pdns +BuildRequires: boost-devel %endif -%define makeflags OPTFLAGS="%{optflags} -fpic -DPIC -fPIE" LUA=1 LUA_LIBS_CONFIG="-l%lua_lib -Wl,-z,relro,-z,now -pie" LUA_CPPFLAGS_CONFIG="-I/usr/include/lua5.1" STRIP_BINARIES=0 SYSCONFDIR="%{_sysconfdir}/pdns" LOCALSTATEDIR="%{_localstatedir}" BINDIR="%{_sbindir}" -BuildRequires: boost-devel gcc-c++ +BuildRequires: gcc-c++ +BuildRequires: openssl-devel +BuildRequires: pkgconfig %if 0%{?suse_version} && (0%{?suse_version} < 1030 || 0%{?suse_version} > 1210) BuildRequires: lua51-devel %if 0%{?suse_version} > 1210 @@ -57,20 +74,28 @@ %else PreReq: shadow-utils %endif +%if %{with pdns_protobuf} +BuildRequires: protobuf-devel +%endif %if %{with systemd} BuildRequires: pkgconfig(systemd) +%if %{with systemd_separetedlibs} +BuildRequires: pkgconfig(libsystemd-daemon) +%endif %{?systemd_requires} -%define has_systemd 1 %endif +PreReq: pdns-common # Url: http://www.powerdns.com/ Source: http://downloads.powerdns.com/releases/%{name}-%{pkg_version}.tar.bz2 Source1: pdns-recursor.init Source2: recursor.conf -Source3: pdns-recursor.service -Source4: pdns-recursor.tmpfiles.d +Patch1: https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/4462.patch # Summary: Modern, advanced and high performance recursing/non authoritative nameserver +License: GPL-2.0+ +Group: Productivity/Networking/DNS/Servers + %description PowerDNS Recursor is a non authoritative/recursing DNS server. Use this package if you need a dns cache for your network. @@ -82,43 +107,50 @@ %prep %setup -n %{name}-%{pkg_version} +%patch1 -p2 +autoreconf -fi %build -./configure -make %{makeflags} all +ln effective_tld_names.dat effective_tld_list.dat +%configure \ + --enable-reproducible \ + --disable-silent-rules \ + --bindir=%{_sbindir} \ + --sysconfdir=%{_sysconfdir}/pdns/ \ +%if %{with dnsdist_protobuf} + --with-protobuf \ +%endif +%if %{with pdns_botan} + --enable-botan1.10 \ +%endif + --with-lua \ + --with-socketdir=%{_localstatedir} +make %{?_smp_mflags} %install -make install DESTDIR="%{buildroot}" %{makeflags} +make %{?_smp_mflags} install DESTDIR="%{buildroot}" # config %{__install} -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/pdns/recursor.conf -mkdir -p %{buildroot}%{_localstatedir} # init systems %if %{with systemd} -%{__install} -D -m 0644 %{S:3} %{buildroot}%{_unitdir}/%{name}.service -%{__install} -D -m 0644 %{S:4} %{buildroot}/usr/lib/tmpfiles.d/%{name}.conf %{__ln_s} -f %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} # installed by make install -rm -rv %{buildroot}%{_sysconfdir}/init.d/%{name} +rm -rvf %{buildroot}%{_sysconfdir}/init.d/%{name} %else %{__install} -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{name} %{__ln_s} -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name} %endif -# homedir -%{__install} -Dd -m 0755 %{buildroot}%{home} %clean %{__rm} -rf %{buildroot} %pre -/usr/sbin/groupadd -r pdns &>/dev/null || : -/usr/sbin/useradd -g pdns -s /bin/false -r -c "pdns" -d %{home} pdns &>/dev/null || : %if 0%{?suse_version} && %{with systemd} %service_add_pre %{name}.service %endif %if 0%{?suse_version} && %{with systemd} %post -systemd-tmpfiles --create /usr/lib/tmpfiles.d/pdns-recursor.conf || true %service_add_post %{name}.service %endif @@ -143,23 +175,19 @@ %files %defattr (-,root,root,-) -%dir %attr(750,root,pdns) %{_sysconfdir}/pdns -%attr(700,pdns,pdns) %dir %ghost %{_localstatedir} %config(noreplace) %attr(640,root,pdns) %{_sysconfdir}/pdns/*.conf %{_sysconfdir}/pdns/recursor.conf-dist %if %{with systemd} %{_unitdir}/%{name}.service -/usr/lib/tmpfiles.d/%{name}.conf +%{_unitdir}/%{name}@.service %else %config(noreplace) %{_sysconfdir}/init.d/%{name} -%dir %{_localstatedir} %endif %{_sbindir}/rcpdns-recursor %{_sbindir}/pdns_recursor %{_sbindir}/rec_control %{_mandir}/man1/pdns_recursor.1* %{_mandir}/man1/rec_control.1* -%doc README COPYING rrd/ powerdns-example-script.lua -%dir %attr(750,pdns,pdns) %{home} +%doc README COPYING %changelog ++++++ 4462.patch ++++++ >From f6fec655049340fc051414abd01378b98794f9c9 Mon Sep 17 00:00:00 2001 From: Pieter Lexis <[email protected]> Date: Mon, 12 Sep 2016 13:48:47 +0200 Subject: [PATCH 1/2] Revert "Rec: support boost's fcontext in boost 1.61+" This reverts commit a30361f9f07cb3c4f9ad32dc83555bc593aa3311. (cherry picked from commit f103e371bd83381feb11dba742843484bf8e95f2) --- pdns/mtasker_fcontext.cc | 4 ---- pdns/recursordist/configure.ac | 12 +++--------- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/pdns/mtasker_fcontext.cc b/pdns/mtasker_fcontext.cc index bc37e76..1b2a11b 100644 --- a/pdns/mtasker_fcontext.cc +++ b/pdns/mtasker_fcontext.cc @@ -23,11 +23,7 @@ #include <exception> #include <cassert> #include <type_traits> -#if BOOST_VERSION > 106100 -#include <boost/context/detail/fcontext.hpp> -#else #include <boost/context/fcontext.hpp> -#endif #include <boost/version.hpp> using boost::context::make_fcontext; diff --git a/pdns/recursordist/configure.ac b/pdns/recursordist/configure.ac index fe5e625..6918ce3 100644 --- pdns/recursordist/configure.ac +++ pdns/recursordist/configure.ac @@ -55,15 +55,9 @@ AC_DEFUN([PDNS_SELECT_CONTEXT_IMPL], [ LDFLAGS="$LDFLAGS $BOOST_THREAD_LDFLAGS" fi AC_MSG_NOTICE([checking whether the Boost context library actually links...]) - if test $boost_major_version -ge 161; then - BOOST_FIND_HEADER([boost/context/detail/fcontext.hpp], [ : ], [ - BOOST_FIND_LIB([context], [$1], [boost/context/detail/fcontext.hpp], [[]]) - ]) - else - BOOST_FIND_HEADER([boost/context/fcontext.hpp], [ : ], [ - BOOST_FIND_LIB([context], [$1], [boost/context/fcontext.hpp], [[]]) - ]) - fi + BOOST_FIND_HEADER([boost/context/fcontext.hpp], [ : ], [ + BOOST_FIND_LIB([context], [$1], [boost/context/fcontext.hpp], [[]]) + ]) case $boost_cv_lib_context in (yes) pdns_context_library="Boost context" >From f19e0bd022c9305c7c938c86560ff3f4cbdd1bc0 Mon Sep 17 00:00:00 2001 From: Pieter Lexis <[email protected]> Date: Mon, 12 Sep 2016 13:51:27 +0200 Subject: [PATCH 2/2] Rec: Disable boost-fcontext on boost 1.61 and up Fall back to the slower system v ucontext. (cherry picked from commit cb51346bbd4ea54bc86966e80aa68c990c03dbce) --- pdns/recursordist/configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pdns/recursordist/configure.ac b/pdns/recursordist/configure.ac index 6918ce3..7a07d96 100644 --- pdns/recursordist/configure.ac +++ pdns/recursordist/configure.ac @@ -46,7 +46,7 @@ pdns_context_library="System V ucontexts" AC_DEFUN([PDNS_SELECT_CONTEXT_IMPL], [ AC_MSG_CHECKING([whether Boost is new enough to use the context library...]) - if test $boost_major_version -ge 152; then + if test $boost_major_version -ge 152 -a $boost_major_version -lt 161 ; then AC_MSG_RESULT([yes]) if test $boost_major_version -ge 157; then BOOST_THREAD([$1]) ++++++ pdns-recursor-3.7.3.tar.bz2 -> pdns-recursor-4.0.3.tar.bz2 ++++++ ++++ 142658 lines of diff (skipped)
