]>
granicus.if.org Git - pdns/log
Remi Gacogne [Fri, 17 Mar 2017 16:57:33 +0000 (17:57 +0100)]
Merge pull request #5174 from rgacogne/auth40-backport-5085
Peter van Dijk [Fri, 17 Mar 2017 11:16:33 +0000 (12:16 +0100)]
Merge pull request #5170 from mind04/auth-4.0.x
Kees Monshouwer [Thu, 16 Mar 2017 20:26:02 +0000 (21:26 +0100)]
Add an option to allow AXFR of zones with a different serial.
Remi Gacogne [Fri, 24 Feb 2017 15:42:55 +0000 (16:42 +0100)]
calidns: Use the correct socket family (IPv4 / IPv6)
(cherry picked from commit
7f363f60451fa8e54508c2628be122a8eb021b53 )
Pieter Lexis [Mon, 27 Feb 2017 14:29:08 +0000 (15:29 +0100)]
Merge pull request #5073 from Habbie/backport-4824
bert hubert [Thu, 23 Feb 2017 12:19:14 +0000 (13:19 +0100)]
Merge pull request #5071 from Habbie/backport-5051
backport #5051: fix godbc query logging (cherry-pick of
d2bc6b2 )
Pieter Lexis [Thu, 29 Dec 2016 17:01:30 +0000 (18:01 +0100)]
Backport #4824 (cherry-pick of
2a4c374 )
Check in the detected OpenSSL/libcrypto for ECDSA
We used to 'just' use the default includes for this detection.
Fixes #4680
Peter van Dijk [Fri, 17 Feb 2017 15:36:25 +0000 (16:36 +0100)]
fix godbc query logging (cherry-pick of
d2bc6b2 )
Pieter Lexis [Fri, 17 Feb 2017 09:59:28 +0000 (10:59 +0100)]
Merge pull request #4932 from zeha/auth40-api-comment-zero-ttl
Pieter Lexis [Fri, 17 Feb 2017 09:59:18 +0000 (10:59 +0100)]
Merge pull request #4934 from rgacogne/auth40-backport-4901
Pieter Lexis [Fri, 17 Feb 2017 09:59:06 +0000 (10:59 +0100)]
Merge pull request #4936 from rgacogne/auth40-backport-4911
Pieter Lexis [Fri, 17 Feb 2017 09:58:57 +0000 (10:58 +0100)]
Merge pull request #5048 from rgacogne/auth40-backport-4744
Pieter Lexis [Fri, 17 Feb 2017 09:58:44 +0000 (10:58 +0100)]
Merge pull request #5046 from rgacogne/auth40-backport-4746
Remi Gacogne [Tue, 6 Dec 2016 09:08:55 +0000 (10:08 +0100)]
auth: Fix coverity warning in `pdnsutil show-zone`
(cherry picked from commit
0944e3fc8333686767678eadb80fb0236fdc5fba )
Remi Gacogne [Mon, 5 Dec 2016 15:42:55 +0000 (16:42 +0100)]
Handle exceptions raised by `closesocket()`
This was not very well handled, and could cause the PowerDNS process
to terminate. This is especially nasty when `closesocket()` is called
from a destructor, as we could already be dealing with an exception.
(cherry picked from commit
a7b68ae7e414ec9f3184df70ac8008f8a310ae60 )
Pieter Lexis [Thu, 16 Feb 2017 11:21:36 +0000 (12:21 +0100)]
Merge pull request #5033 from pieterlexis/auth-backport-4508
Pieter Lexis [Thu, 16 Feb 2017 11:21:22 +0000 (12:21 +0100)]
Merge pull request #5032 from pieterlexis/backport-4463
Pieter Lexis [Thu, 16 Feb 2017 11:21:05 +0000 (12:21 +0100)]
Merge pull request #5029 from pieterlexis/backport-4500
Pieter Lexis [Thu, 16 Feb 2017 11:20:48 +0000 (12:20 +0100)]
Merge pull request #5027 from pieterlexis/backport-4622
Pieter Lexis [Thu, 16 Feb 2017 11:20:37 +0000 (12:20 +0100)]
Merge pull request #5026 from pieterlexis/backport-4684
Pieter Lexis [Thu, 16 Feb 2017 11:20:07 +0000 (12:20 +0100)]
Merge pull request #5024 from pieterlexis/auth-backport-4762
Pieter Lexis [Thu, 16 Feb 2017 11:19:11 +0000 (12:19 +0100)]
Merge pull request #5019 from pieterlexis/auth-backport-4793
Pieter Lexis [Thu, 16 Feb 2017 11:18:42 +0000 (12:18 +0100)]
Merge pull request #5016 from pieterlexis/auth-backport-4838
Pieter Lexis [Thu, 16 Feb 2017 11:18:35 +0000 (12:18 +0100)]
Merge pull request #5015 from pieterlexis/backport-4861
Pieter Lexis [Thu, 16 Feb 2017 11:18:18 +0000 (12:18 +0100)]
Merge pull request #5013 from pieterlexis/auth-backport-4868
Pieter Lexis [Thu, 16 Feb 2017 09:04:16 +0000 (10:04 +0100)]
Merge pull request #5011 from pieterlexis/auth-backport-4879
Peter van Dijk [Mon, 26 Sep 2016 12:52:10 +0000 (14:52 +0200)]
Revert "Merge pull request #947 from mind04/right"
This code only served to fix a combination of system misconfiguration and a
bug in glibc. Meanwhile it turns out this code is incorrect. Removing it.
(cherry picked from commit
c96765dae8da4c9322ca4a80e3e101d64faf141f )
Pieter Lexis [Mon, 12 Sep 2016 13:10:41 +0000 (15:10 +0200)]
Auth: build Bind backend for CentOS 6
Pieter Lexis [Tue, 14 Feb 2017 14:16:29 +0000 (15:16 +0100)]
Silence a GCC 6.2 compiler warning
Closes #5007
(cherry picked from commit
f226db2f2c12a2c0c16b3125a0438d9aca0d017c )
Mark Schouten [Tue, 25 Oct 2016 08:48:38 +0000 (10:48 +0200)]
According to IRC, this should fix #4621
(cherry picked from commit
8f95565346ba5dcc7d26fbd4165da7d9c7faf362 )
Håkan Lindqvist [Mon, 14 Nov 2016 12:24:13 +0000 (13:24 +0100)]
Clarify pdnsutil activate-tsig-key description
This clarifies the description of pdnsutil {de,}activate-tsig-key.
The command enables TSIG authenticated AXFR for a given zone + key,
which was not clear from the previous description.
(cherry picked from commit
ad7568d52bdd29eb708e16176f8b410f0e07b891 )
Remi Gacogne [Mon, 12 Dec 2016 16:16:11 +0000 (17:16 +0100)]
SuffixMatchNode: Fix insertion issue for an existing node
If the node we are about to insert already existed as an intermediary
one, we need to mark it as an end node.
(cherry picked from commit
ed221d0bc700158c21fcb8fc4463085713d07c53 )
Pieter Lexis [Mon, 19 Dec 2016 17:02:24 +0000 (18:02 +0100)]
Don't call `hostname -f` on openbsd
Closes #2579
(cherry picked from commit
df925537cfe0a4706b85353376da6f12996871bb )
Pieter Lexis [Mon, 2 Jan 2017 11:23:05 +0000 (12:23 +0100)]
Check if we can link against libatomic if needed
Also move the OS detection to the top
(cherry picked from commit
03571f7ac3d5bebb4879849b094e2e03f019cd10 )
Klaus Darilion [Sun, 8 Jan 2017 22:15:01 +0000 (22:15 +0000)]
Do not resolve the NS-records for NOTIFY targets if the "only-notify" whitelist is empty, as a target will never match an empty whitelist.
(cherry picked from commit
99844905a8abcab33a3b8ed42d3a49f2e419a310 )
Pieter Lexis [Tue, 14 Feb 2017 12:53:27 +0000 (13:53 +0100)]
Document that carbon-server requires IP address, no hostname accepted.
(cherry picked from commit
e12f84078798343e9749864cdeee44e68c4a81e6 and
90217d3960e3ee439405989b78fdf7e810d562f2 )
Pieter Lexis [Wed, 11 Jan 2017 22:06:51 +0000 (23:06 +0100)]
Remove a relative import in yahttp-config.h
We set our include directories nowadays.
Closes #4866 (again)
(cherry picked from commit
4c3c83f3bc1eecd82d09e1e527108fae98ce1fda )
bert hubert [Fri, 10 Feb 2017 16:49:29 +0000 (17:49 +0100)]
Merge pull request #4971 from rgacogne/auth40-tsig-canonical-algo
Remi Gacogne [Tue, 31 Jan 2017 10:18:37 +0000 (11:18 +0100)]
Lowercase the TSIG algorithm name in hash computation
`RFC2845` states that the algorithm name should be in `canonical wire
format` for the hash computation, which implies it should be lowercased.
We actually did lowercase it in 3.x, until it was moved to a `DNSName`
in 4.x.
(cherry picked from commit
68e9d647d4229c7a2ebd64d50837195d148c574b )
Remi Gacogne [Sun, 15 Jan 2017 20:45:27 +0000 (21:45 +0100)]
Fix negative port detection for IPv6 addresses on 32-bit
Remi Gacogne [Fri, 13 Jan 2017 13:02:19 +0000 (14:02 +0100)]
Fix AtomicCounter unit tests on 32-bit
(cherry picked from commit
00c6f2b9f5173c98cc883332f5ecf8b941715abc )
Christian Hofstaedtler [Tue, 24 Jan 2017 10:13:19 +0000 (11:13 +0100)]
Backport #4781: API: correctly take TTL from first record even if we are at the last comment
Cherry picked from master
50d739d0ae978b8b0b737b079992744ff8aa126d
Pieter Lexis [Mon, 16 Jan 2017 14:38:02 +0000 (15:38 +0100)]
Merge pull request #4906 from rgacogne/auth40-revert-4638
Remi Gacogne [Fri, 13 Jan 2017 16:40:02 +0000 (17:40 +0100)]
Revert "auth: In `Bind2Backend::lookup()`, use the `zoneId` when we have it"
This reverts commit
937a66255ff05f2e754ef113833e54cc4cf2004b .
It doesn't work with multiple backends since the `zoneId` is passed to
every available backend on `lookup()`.
(cherry picked from commit
98b9845f2dae3a9fecc64aecaf41150b54388d26 )
Pieter Lexis [Fri, 13 Jan 2017 17:03:04 +0000 (18:03 +0100)]
Merge pull request #4904 from pieterlexis/auth-4-centos-6-rpm-bind-backend
Pieter Lexis [Fri, 13 Jan 2017 15:03:48 +0000 (16:03 +0100)]
Build the bind backend for CentOS 6 differently
Pieter Lexis [Fri, 13 Jan 2017 08:10:39 +0000 (09:10 +0100)]
Merge pull request #4895 from rgacogne/auth40-tsig-ixfr
Remi Gacogne [Thu, 15 Sep 2016 13:28:45 +0000 (15:28 +0200)]
Check TSIG signature on IXFR
(cherry picked from commit
16c7f7823221d5d75282a77b2e9043b3f60e1ad2 )
Pieter Lexis [Thu, 12 Jan 2017 13:15:14 +0000 (14:15 +0100)]
Merge pull request #4885 from rgacogne/auth40-spurious-rrs
Pieter Lexis [Thu, 12 Jan 2017 13:14:55 +0000 (14:14 +0100)]
Merge pull request #4891 from rgacogne/auth40-unknown-record-content-size
Pieter Lexis [Thu, 12 Jan 2017 13:14:47 +0000 (14:14 +0100)]
Merge pull request #4892 from rgacogne/auth40-webserver-exit
Remi Gacogne [Thu, 15 Sep 2016 14:41:32 +0000 (16:41 +0200)]
auth: Don't exit if the webserver can't accept a connection
This could lead to a Denial Of Service, before we even got a chance
to check that the remote client is allowed by the ACL.
Reported by mongo (thanks!).
(cherry picked from commit
a84b0d994dfc39d4379050ff9249891ed3e82f56 )
Remi Gacogne [Fri, 16 Sep 2016 15:10:25 +0000 (17:10 +0200)]
Don't parse spurious RRs in queries when we don't need them
Remi Gacogne [Mon, 24 Oct 2016 09:09:00 +0000 (11:09 +0200)]
auth: Correctly check unknown record content size
(cherry picked from commit
b2af454119290be074fc873052d80631c5e16dce )
Pieter Lexis [Wed, 11 Jan 2017 18:09:05 +0000 (19:09 +0100)]
Merge pull request #4869 from rgacogne/auth40-backport-4852
Remi Gacogne [Wed, 4 Jan 2017 10:48:47 +0000 (11:48 +0100)]
DNSName: Check that both first two bits are set in compressed labels
We checked that at least one of the first two bits was set,
but the 10 and 01 are combinations do not indicate a compressed label
and are reserved for future use.
(cherry picked from commit
99bbbc7bdf675509caf61f41464a1ae62c09f342 )
Pieter Lexis [Tue, 10 Jan 2017 10:53:57 +0000 (11:53 +0100)]
Merge pull request #4863 from rgacogne/auth40-backport-4862
Pieter Lexis [Tue, 10 Jan 2017 10:53:38 +0000 (11:53 +0100)]
Merge pull request #4808 from rgacogne/auth40-backport-4791
Remi Gacogne [Mon, 9 Jan 2017 09:24:08 +0000 (10:24 +0100)]
jdnssec-tools 0.13 has been released
(cherry picked from commit
02f1e33288015a38161e1dc037c61dd0e2005bb1 )
Remi Gacogne [Mon, 2 Jan 2017 10:35:17 +0000 (11:35 +0100)]
auth: Remove `XXX` comment after -hopefully- cleaning the `DNSName` pain
Remi Gacogne [Mon, 19 Dec 2016 16:43:18 +0000 (17:43 +0100)]
Auth: Cleanup `DNSName::getRawLabels()` usage
No real issue I'm aware of, but it's cleaner that way.
(cherry picked from commit
f48c35c07dae04ab409f007d242b71692d49d5da )
Pieter Lexis [Fri, 16 Dec 2016 08:38:39 +0000 (09:38 +0100)]
Merge pull request #4755 from rgacogne/auth40-backport-4686
Pieter Lexis [Fri, 16 Dec 2016 08:38:34 +0000 (09:38 +0100)]
Merge pull request #4754 from rgacogne/auth40-backport-4638
Remi Gacogne [Wed, 26 Oct 2016 13:42:27 +0000 (15:42 +0200)]
auth: In `Bind2Backend::lookup()`, use the `zoneId` when we have it
After the initial lookup corresponding to a `DNSBackend::getAuth()`,
the subsequent ones already have the `zoneId`, so use it instead of
looping on `chopOff()` again. This should be much more efficient.
(cherry picked from commit
937a66255ff05f2e754ef113833e54cc4cf2004b )
Remi Gacogne [Tue, 15 Nov 2016 15:37:53 +0000 (16:37 +0100)]
calidns: Don't crash if we don't have enough 'unknown' queries remaining
(cherry picked from commit
b4f5799bf3ed50dc0146a2bbfb2c61551de0136b )
Peter van Dijk [Thu, 8 Dec 2016 12:02:45 +0000 (13:02 +0100)]
Merge pull request #4750 from rgacogne/auth40-backport-4625
Remi Gacogne [Mon, 29 Aug 2016 15:28:35 +0000 (17:28 +0200)]
auth: Unify usage of randomness source by using `dns_random()`
`Utility::random()` is not impossible to predict, so even if we are not
using it for anything sensitive it's better to just use `dns_random()`
instead.
Reported by mongo (thanks!).
(cherry picked from commit
d2116c15dbf1e0cef93e478678d1f9d403d87f90 )
Peter van Dijk [Tue, 6 Dec 2016 09:47:30 +0000 (10:47 +0100)]
Merge pull request #4738 from rgacogne/auth40-dnsname-4718
Remi Gacogne [Thu, 1 Dec 2016 12:00:13 +0000 (13:00 +0100)]
Fix incorrect length check in `DNSName` when extracting qtype or qclass
In `DNSName::packetParser()`, the length check might have been incorrect
when the caller asked for the `qtype` and/or the `qclass` to be extracted.
The `pos + labellen + 2 > end` check was wrong because `pos` might have already
been incremented by `labellen`. There are 3 ways to exit the main loop:
* `labellen` is 0, the most common case, and in that case the check is valid
* `pos >= end`, meaning that `pos + labellen + 2 > end` will be true regardless
of the value of `labellen` since it cannot be negative
* if `uncompress` is set and a compressed label is found, the main loop is
broken out of, and `labellen` still holds a now irrelevant, possibly non-zero value
corresponding to the first byte of the compressed label length & ~0xc0.
In that last case, if the compressed label points to a position > 255 the check
is wrong and might have rejected a valid packet.
A quick look throught the code didn't show any place where we request decompression
and ask for `qtype` and/or `qclass` in a response, but I might have missed one.
Reported by Houssam El Hajoui (thanks!).
(cherry picked from commit
7b9c052c617d02e1870195d0f216732047d56e22 )
Peter van Dijk [Mon, 5 Dec 2016 13:15:27 +0000 (14:15 +0100)]
Merge pull request #4737 from Habbie/auth-4.0.x-travis-only-auth
Peter van Dijk [Mon, 5 Dec 2016 08:19:57 +0000 (09:19 +0100)]
Merge pull request #4728 from Habbie/auth-4.0.x-travis-update
Peter van Dijk [Fri, 2 Dec 2016 19:38:53 +0000 (20:38 +0100)]
do not build/test recursor, dnsdist, docs
Remi Gacogne [Fri, 2 Dec 2016 16:05:42 +0000 (17:05 +0100)]
MySQL 5.6 is now installed by default in travis images
Peter van Dijk [Mon, 14 Nov 2016 17:25:23 +0000 (18:25 +0100)]
Merge pull request #4682 from Habbie/odbc-40x
Peter van Dijk [Fri, 11 Nov 2016 19:29:16 +0000 (20:29 +0100)]
build and test godbc backend in travis
Peter van Dijk [Fri, 11 Nov 2016 18:21:17 +0000 (19:21 +0100)]
actually prepare statements
Peter van Dijk [Fri, 11 Nov 2016 17:58:32 +0000 (18:58 +0100)]
throw actual exceptions instead of strings so that they get caught and reported properly
Peter van Dijk [Fri, 11 Nov 2016 17:03:22 +0000 (18:03 +0100)]
update odbc-sqlite3 queries in regression tests
Remi Gacogne [Wed, 9 Nov 2016 09:03:06 +0000 (10:03 +0100)]
Merge pull request #4651 from rgacogne/auth-40-backport-4573
Peter van Dijk [Tue, 8 Nov 2016 11:15:25 +0000 (12:15 +0100)]
Merge pull request #4666 from ton31337/Fix/do_not_thrown_an_error
Donatas Abraitis [Mon, 7 Nov 2016 16:28:52 +0000 (18:28 +0200)]
Do not thrown an error for get() if zone was not found
Remi Gacogne [Mon, 17 Oct 2016 08:07:26 +0000 (10:07 +0200)]
Fix building with ECDSA support disabled in libcrypto
(cherry picked from commit
aa74d164ae29269168d048d2cc8d7e1f984774c4 )
Pieter Lexis [Mon, 24 Oct 2016 22:24:25 +0000 (00:24 +0200)]
Merge pull request #4592 from rgacogne/auth40-web-rings-leak
Pieter Lexis [Mon, 24 Oct 2016 22:24:12 +0000 (00:24 +0200)]
Merge pull request #4600 from rgacogne/backport-4537
Pieter Lexis [Mon, 24 Oct 2016 22:23:53 +0000 (00:23 +0200)]
Merge pull request #4614 from pieterlexis/backport-4608
Donatas Abraitis [Mon, 24 Oct 2016 13:39:42 +0000 (16:39 +0300)]
Make MyDNS backend rpm
Sangwhan Moon [Tue, 4 Oct 2016 06:06:40 +0000 (15:06 +0900)]
Replace std::forward/std::make_tuple combo with std::forward_as_tuple
Quick and dirty fix for #3552. May not work or break compatibility
with other compilers.
(cherry picked from commit
352bc0409454032acc5e8fb256d5ed8f46445b5a )
Remi Gacogne [Fri, 7 Oct 2016 13:04:12 +0000 (15:04 +0200)]
auth: Fix a possible memory leak in the webserver
Also state clearly that we advise against running the webserver
without password protection.
Reported by mongo (thanks!).
(cherry picked from commit
bea69e320e7f3ec4b9e607f6492a58f01b4fe9bf )
Pieter Lexis [Thu, 20 Oct 2016 07:52:47 +0000 (09:52 +0200)]
Merge pull request #4558 from mind04/auth-4.0.x
Pieter Lexis [Thu, 20 Oct 2016 07:52:34 +0000 (09:52 +0200)]
Merge pull request #4586 from rgacogne/backport-4544
Remi Gacogne [Mon, 29 Aug 2016 13:50:44 +0000 (15:50 +0200)]
auth: Fix a stack-based off-by-one write in the HTTP remote backend
Reported by mongo (thanks!).
(cherry picked from commit
9e5fa399eea5152a451753f1db68dec46537447c )
Pieter Lexis [Tue, 18 Oct 2016 09:38:39 +0000 (11:38 +0200)]
Merge pull request #4523 from zeha/backport-4459
Pieter Lexis [Tue, 18 Oct 2016 09:36:41 +0000 (11:36 +0200)]
Merge pull request #4543 from zeha/api-search-no-ents-40x
Christian Hofstaedtler [Thu, 6 Oct 2016 14:18:09 +0000 (16:18 +0200)]
API: search should not return ENTs
Kees Monshouwer [Fri, 30 Sep 2016 20:50:57 +0000 (22:50 +0200)]
fix a few 'types may not be defined in a for-range-declaration' warnings
Kees Monshouwer [Fri, 30 Sep 2016 20:53:05 +0000 (22:53 +0200)]
add gcc 6.2 to boost.m4
bert hubert [Sun, 11 Sep 2016 18:40:44 +0000 (20:40 +0200)]
eleksir noted that we leak a ton of memory in postgresql. I'm no postgres expert, but this plugs my leak and still appears to function. In other news, do we need a transaction for every query?
(cherry-picked from master
903bb4924bc5130c0e81f0c5759d0177f53e82fd )
Kees Monshouwer [Sat, 17 Sep 2016 22:28:41 +0000 (00:28 +0200)]
disable negative getSOA caching if the negcache_ttl is 0
bert hubert [Thu, 29 Sep 2016 17:51:34 +0000 (19:51 +0200)]
fix up packetcache not to use constexpr which upset clang (perhaps it is right)
bert hubert [Thu, 29 Sep 2016 15:23:42 +0000 (17:23 +0200)]
document cache cleaning rate adjustment, plus switch to symbolic names for limits
projects / pdns / log