]>
granicus.if.org Git - pdns/log
Pieter Lexis [Mon, 13 Nov 2017 13:59:27 +0000 (14:59 +0100)]
Backport #5723
Pieter Lexis [Mon, 13 Nov 2017 13:12:30 +0000 (14:12 +0100)]
Revert "API: url in zone info should be absolute"
This reverts commit
9df0238e1b567cdd7c48185b00160fb952c3e9f4 .
See #5030
Pieter Lexis [Mon, 13 Nov 2017 11:54:10 +0000 (12:54 +0100)]
Backport #5826
Pieter Lexis [Mon, 13 Nov 2017 11:53:53 +0000 (12:53 +0100)]
Backport #5815
Pieter Lexis [Mon, 13 Nov 2017 11:52:58 +0000 (12:52 +0100)]
Backport #5722
Pieter Lexis [Mon, 13 Nov 2017 11:52:30 +0000 (12:52 +0100)]
Backport #5678
Pieter Lexis [Mon, 13 Nov 2017 11:52:10 +0000 (12:52 +0100)]
Backport #5641
Pieter Lexis [Mon, 13 Nov 2017 11:51:58 +0000 (12:51 +0100)]
Backport #5599
Pieter Lexis [Mon, 13 Nov 2017 11:51:49 +0000 (12:51 +0100)]
Backport #5598
Pieter Lexis [Mon, 13 Nov 2017 11:51:40 +0000 (12:51 +0100)]
Backport #5523
Pieter Lexis [Mon, 13 Nov 2017 11:51:28 +0000 (12:51 +0100)]
Backport #5509
Pieter Lexis [Mon, 13 Nov 2017 11:51:15 +0000 (12:51 +0100)]
Backport #5498
Pieter Lexis [Mon, 13 Nov 2017 11:50:59 +0000 (12:50 +0100)]
Backport #5408
Pieter Lexis [Mon, 13 Nov 2017 11:50:39 +0000 (12:50 +0100)]
Backport #5349
Pieter Lexis [Mon, 13 Nov 2017 11:50:12 +0000 (12:50 +0100)]
Backport #5309
Pieter Lexis [Mon, 13 Nov 2017 11:50:01 +0000 (12:50 +0100)]
Backport #5277
Pieter Lexis [Mon, 13 Nov 2017 11:49:37 +0000 (12:49 +0100)]
Backport #5147
Pieter Lexis [Mon, 13 Nov 2017 11:49:21 +0000 (12:49 +0100)]
Backport #5125
Pieter Lexis [Mon, 13 Nov 2017 11:48:40 +0000 (12:48 +0100)]
Backport #5043
Pieter Lexis [Mon, 13 Nov 2017 11:48:22 +0000 (12:48 +0100)]
Backport #4997
Pieter Lexis [Mon, 13 Nov 2017 11:48:12 +0000 (12:48 +0100)]
Backport #4929
Pieter Lexis [Mon, 13 Nov 2017 11:47:17 +0000 (12:47 +0100)]
Backport #4751
Pieter Lexis [Mon, 13 Nov 2017 11:47:00 +0000 (12:47 +0100)]
Backport #4650
Pieter Lexis [Mon, 13 Nov 2017 11:46:41 +0000 (12:46 +0100)]
Backport #4526
Pieter Lexis [Fri, 10 Nov 2017 13:02:24 +0000 (14:02 +0100)]
Merge pull request #5778 from rgacogne/auth40-signing-pipe
Pieter Lexis [Mon, 16 Oct 2017 15:20:38 +0000 (17:20 +0200)]
BIND: reject zones without 'file' stanza
Closes #5786
(cherry picked from commit
6808f3b5faf6ffc4bea8f78107be99766d2be75c )
Pieter Lexis [Mon, 16 Oct 2017 13:00:35 +0000 (15:00 +0200)]
pdnsutil: Check for domain before setting metadata
Closes #5787
(cherry picked from commit
ed99fac4e9bb61c360e68cc71056cfb9f5c80a21 )
Peter van Dijk [Thu, 12 Oct 2017 10:26:37 +0000 (12:26 +0200)]
ignore SOA-EDIT for PRESIGNED zones. Fixes #5814
(cherry picked from commit
3ba1065625b2067da6058fa3e213fbb501b2b536 )
Remi Gacogne [Fri, 22 Sep 2017 12:26:04 +0000 (14:26 +0200)]
auth: Use a unique pointer for bind backend's `d_of`
(cherry picked from commit
7cfe0cc38e6db211da1b880bf24cfe9a9e6914cd )
Pieter Lexis [Fri, 22 Sep 2017 08:17:12 +0000 (10:17 +0200)]
Auth: Publish inactive KSK/CSK as CDNSKEY/CDS
Closes #5721
(cherry picked from commit
c74f51e221b8ef9194604afa1aeabc46a5dd7018 )
Remi Gacogne [Thu, 7 Sep 2017 07:43:53 +0000 (09:43 +0200)]
auth: Treat requestor's payload size lower than 512 as equal to 512
(cherry picked from commit
7a9b7c95891deddb1f907b743f30df82fad84ffd )
Pieter Lexis [Tue, 22 Aug 2017 12:10:27 +0000 (14:10 +0200)]
Catch DNSName exception in the Zoneparser
This wraps all calls to `toCanonic` in try/catch and rethrows it as a
PDNSException with more information.
Closes #5520.
(cherry picked from commit
1293f91eac4810769b88b6cfc404c60b1d5abee0 )
Pieter Lexis [Fri, 11 Aug 2017 12:37:01 +0000 (14:37 +0200)]
Fix libatomic detection on ppc64
Thanks @tjikkun!
Closes #5456
(cherry picked from commit
b16f46605d86a62e4f37bc1e2caab0c52fa9f75c )
Pieter Lexis [Fri, 11 Aug 2017 11:54:21 +0000 (13:54 +0200)]
Add help text on autodetecting systemd support
Closes #5524
(cherry picked from commit
56d30a9c8a1c1754b478de79e823e015e103b5b0 )
Ruben Kerkhof [Fri, 14 Jul 2017 17:55:53 +0000 (19:55 +0200)]
Fix typo in two log messages
(cherry picked from commit
59d26fc8d63fd2ff924be2fa5b3bda3699081914 )
Christian Hofstaedtler [Mon, 10 Jul 2017 08:59:31 +0000 (10:59 +0200)]
Ship ldapbackend schema files in tarball
(cherry picked from commit
38f5336f54caee29566368564b7ad518d1f71f9c )
Kees Monshouwer [Wed, 25 Oct 2017 23:06:54 +0000 (01:06 +0200)]
replace depricated botan.h include
(cherry picked from commit
00f1924bb1900e8c6eab1bd0fe03ff21d41f38eb )
Kees Monshouwer [Wed, 25 Oct 2017 20:43:35 +0000 (22:43 +0200)]
drop botan 1.x support
(cherry picked from commit
e11963ce69059d1fa47e92927ed48bd744b95348 )
Remi Gacogne [Wed, 5 Jul 2017 10:02:17 +0000 (12:02 +0200)]
travis: Build the rec with Botan and libsodium
(cherry picked from commit
18a93d3812bfbf2e2dbc9b6353e3619d626283fd )
Remi Gacogne [Tue, 4 Jul 2017 19:59:00 +0000 (21:59 +0200)]
Add support for Botan 2.x
Initial testing indicates that both 2.0.1 and 2.1.0 work fine,
but signature is 10 times slower with 2.1.0, apparently due to
blinding (callgrind reports a lot of CPU spent in the `RNG`).
(cherry picked from commit
13f34f2e0ccff514cbd5f9ec076c220473da347a )
bert hubert [Thu, 15 Jun 2017 01:14:01 +0000 (03:14 +0200)]
when making a netmask from a comboaddress, we neglected to zero the port. This could lead to a proliferation of netmasks.
(cherry picked from commit
0bdabe94e6fd873455d34b88f8954d8cc6034a72 )
bert hubert [Sun, 28 May 2017 08:47:34 +0000 (10:47 +0200)]
typo in the fix, sorry!
(cherry picked from commit
6d4eca051e68c7cf91b8cf704cca36c766dc5406 )
bert hubert [Sun, 28 May 2017 08:33:57 +0000 (10:33 +0200)]
we guess which versions of Lua need help with luaL_setfuncs, and then supply our own. If we guess wrong however, we trample on the Lua namespace.
With this commit, we don't do the trampling, which should close #5348. We can improve on the fix by using the native luaL_setfuncs for LuaJIT 2.1 beta too.
(cherry picked from commit
a00713437a40d512976d4688d270c4866123d678 )
Arthur Gautier [Fri, 5 May 2017 19:25:06 +0000 (19:25 +0000)]
tests: Ensure all required tools are available
If one of those tools misses, the test will silently PASS.
We should ensure it is present
Signed-off-by: Arthur Gautier <baloo@gandi.net>
(cherry picked from commit
7e47805b3898cead8418a9933d1592a884842e72 )
Remi Gacogne [Thu, 27 Apr 2017 11:06:06 +0000 (13:06 +0200)]
sdig: Clarify that the `ednssubnet` option takes "subnet/mask"
The `mask` part is actually optional but it's probably better to
provide it explicitely anyway.
(cherry picked from commit
3fa6cdbb999f5f043f4d710a5f8500938ba8e4e9 )
Peter van Dijk [Fri, 10 Mar 2017 09:48:46 +0000 (10:48 +0100)]
LuaWrapper: Allow embedded NULs in strings received from Lua
(cherry picked from commit
448990ab9bd7355f42ff8752a973aff20bdaf4e7 )
bert hubert [Tue, 7 Mar 2017 22:44:28 +0000 (23:44 +0100)]
for create-slave-zone, actually look at subsequent arguments, and not keep on adding the first one. Closes #5124.
(cherry picked from commit
215464424ca9183dad4eecf7d9605e41ffa3ef2c )
Aki Tuomi [Thu, 16 Feb 2017 13:20:15 +0000 (15:20 +0200)]
mydnsbackend: Add getAllDomains
(cherry picked from commit
cfc5b5c0d05f1a0d13120c2c2bc6087323a214de )
Aki Tuomi [Sun, 12 Feb 2017 09:19:52 +0000 (11:19 +0200)]
remotebackend: Update regression test to notice domain id on do_list
(cherry picked from commit
2449d3a010df4d8cf63d137bbb382e47a5be3308 )
Aki Tuomi [Sun, 12 Feb 2017 08:33:19 +0000 (10:33 +0200)]
remotebackend: Update unit test to notice domain id on do_list
(cherry picked from commit
dd598a1adc34e7967d1f23c3c04d8264aed5e724 )
Aki Tuomi [Sun, 12 Feb 2017 08:32:55 +0000 (10:32 +0200)]
remotebackend: Treat NULL as empty string in POST parameters
asString() cannot convert NULL to ""
(cherry picked from commit
4b8967c5f793810ad8ce399d155946c93e909bef )
Aki Tuomi [Sun, 12 Feb 2017 08:32:27 +0000 (10:32 +0200)]
remotebackend: Fix incorrect parameter name
(cherry picked from commit
1fa27e370ba1560f3c1a9967715182a5314abc1d )
Christian Hofstaedtler [Tue, 31 Jan 2017 11:02:56 +0000 (12:02 +0100)]
gpgsql: Use a simple counter for statement names
(cherry picked from commit
46703164da40199245cee4d8720faa141221cf1b )
Christian Hofstaedtler [Sat, 21 Jan 2017 22:13:57 +0000 (23:13 +0100)]
gpgsql: make statement names actually unique
(cherry picked from commit
e21e9fcc7f4f4fdcae52ed03448adab8484f6c52 )
Christian Hofstaedtler [Fri, 15 Jul 2016 14:08:21 +0000 (16:08 +0200)]
API: prevent sending nameservers list and zone-level NS in rrsets
(cherry picked from commit
33e6c3e9505ac7c0e9b36850868aca1a1a91dd79 )
Christian Hofstaedtler [Sat, 29 Oct 2016 14:01:32 +0000 (16:01 +0200)]
bindbackend: do not corrupt data supplied by other backends in getAllDomains
(cherry picked from commit
99d6d7f6420fae2cfa4f00b09f39fc9c22574c65 )
Christian Hofstaedtler [Sat, 29 Oct 2016 13:36:38 +0000 (15:36 +0200)]
Add test demonstrating issue #4328
Where, when bindbackend is loaded, serials show up as zero in domain listing.
(cherry picked from commit
a21e85669c4abe1ceaf8b07626aef3d102b68dd9 )
Christian Hofstaedtler [Mon, 3 Oct 2016 14:12:48 +0000 (16:12 +0200)]
API: url in zone info should be absolute
Fixes #4524.
(cherry picked from commit
16e25450a17bee09f83a6cf7817ebd95e3504c6a )
Pieter Lexis [Tue, 7 Nov 2017 20:22:31 +0000 (21:22 +0100)]
Merge pull request #5927 from pieterlexis/auth-backport-travis-happiness
Kees Monshouwer [Wed, 1 Nov 2017 09:37:23 +0000 (10:37 +0100)]
make travis happy
(cherry picked from commit
664135769af13364a4de0ed9e3efc6cd281a52b2 )
Remi Gacogne [Wed, 11 Oct 2017 14:26:05 +0000 (16:26 +0200)]
Merge pull request #5811 from rgacogne/auth40-travis-encrypt-channel
Remi Gacogne [Mon, 9 Oct 2017 08:46:59 +0000 (10:46 +0200)]
Encrypt the IRC channel name so notifications are not sent for forks
(cherry picked from commit
f4614876f16ac3223786b26b18a4386045102f09 )
Remi Gacogne [Fri, 6 Oct 2017 10:48:26 +0000 (12:48 +0200)]
auth: Handle signing pipe worker dying with work still pending
(cherry picked from commit
e3200e070e7cc4e243676776c41eb806c4edb7a5 )
Remi Gacogne [Tue, 12 Sep 2017 07:57:42 +0000 (09:57 +0200)]
Merge pull request #5682 from rgacogne/auth40-empty-java-options
Remi Gacogne [Fri, 8 Sep 2017 15:29:16 +0000 (17:29 +0200)]
auth: Unset _JAVA_OPTIONS before using jdnssec
Travis now [1] defaults to _JAVA_OPTIONS="-Xmx2048m -Xms512m". We wouldn't
care much, except that every Java command now outputs the following line
to stderr, breaking our jdnssec diffs:
"Picked up _JAVA_OPTIONS: -Xmx2048m -Xms512m"
[1]: https://docs.travis-ci.com/user/build-environment-updates/2017-09-06/
(cherry picked from commit
a20029adeecbf314594ca3a921ca1f2e22669e6c )
aerique [Thu, 7 Sep 2017 18:32:22 +0000 (20:32 +0200)]
Merge pull request #5677 from aerique/feature/update-copryright-year-auth-4.0.x
Pieter Lexis [Thu, 16 Feb 2017 13:08:40 +0000 (14:08 +0100)]
Update copyright year in publicly visible output and files
(cherry picked from commit
ff8f70b800e8b81a6d97c2d2568483d03228df2a )
Remi Gacogne [Mon, 21 Aug 2017 08:03:28 +0000 (10:03 +0200)]
Merge pull request #5628 from rgacogne/auth40-travis-build-dir
Remi Gacogne [Wed, 8 Feb 2017 14:33:57 +0000 (15:33 +0100)]
Use `${TRAVIS_BUILD_DIR}` instead of assuming the repo is in `pdns`
Thus avoiding issues when/if the repository is cloned with a different
name.
(cherry picked from commit
1e0253cad96199647f92ef4fa8230f614637e80c )
Peter van Dijk [Mon, 14 Aug 2017 14:46:46 +0000 (16:46 +0200)]
Merge pull request #5517 from mind04/bp-ds-40
Kees Monshouwer [Thu, 13 Jul 2017 12:49:21 +0000 (14:49 +0200)]
auth: ds-at-parent test is failing with ldap-simple and ldap-strict
Kees Monshouwer [Thu, 13 Jul 2017 06:48:08 +0000 (08:48 +0200)]
auth: add a test to make sure we lookup DS in the right zone
Kees Monshouwer [Wed, 12 Jul 2017 19:29:52 +0000 (21:29 +0200)]
auth: external child zones did confuse getAuth() for qytpe DS
Pieter Lexis [Wed, 5 Jul 2017 10:47:43 +0000 (12:47 +0200)]
Merge pull request #5491 from rgacogne/auth40-4940
Remi Gacogne [Wed, 25 Jan 2017 09:26:08 +0000 (10:26 +0100)]
Backport json11 fixes from upstream
(cherry picked from commit
3c20dd3b30bd0c15c5f7a1e82fba3bb5254b28df )
Peter van Dijk [Thu, 22 Jun 2017 13:50:08 +0000 (15:50 +0200)]
Merge pull request #5450 from Habbie/auth-4.0.x-5105
Remi Gacogne [Fri, 3 Mar 2017 14:09:10 +0000 (15:09 +0100)]
auth: Don't leak a CDB object in case of bogus data
Pieter Lexis [Thu, 22 Jun 2017 12:22:37 +0000 (14:22 +0200)]
Merge pull request #5445 from Habbie/auth-4.0.x-uri
Peter van Dijk [Thu, 22 Jun 2017 09:00:17 +0000 (11:00 +0200)]
Merge pull request #5441 from mind04/backport-5427
Peter van Dijk [Thu, 22 Jun 2017 08:09:01 +0000 (10:09 +0200)]
make URI integers 16 bits, fixes #5443
Peter van Dijk [Wed, 21 Jun 2017 17:21:21 +0000 (19:21 +0200)]
Merge pull request #5436 from Habbie/auth-4.0.x-travis-edge
Pieter Lexis [Wed, 21 Jun 2017 13:38:15 +0000 (15:38 +0200)]
Merge pull request #5440 from Habbie/auth-4.0.x-5401
Kees Monshouwer [Wed, 21 Jun 2017 12:23:34 +0000 (14:23 +0200)]
don't use the libdecaf
ed25519 signer when libsoduim is enabled
Peter van Dijk [Thu, 15 Jun 2017 07:36:57 +0000 (09:36 +0200)]
unbreak quoting; fixes #5401
Kees Monshouwer [Mon, 19 Jun 2017 09:09:47 +0000 (11:09 +0200)]
add ED448 to signers unit test
Peter van Dijk [Sat, 17 Jun 2017 17:01:52 +0000 (19:01 +0200)]
initial stab at signer testing; has one 8080 test vector for now
Kees Monshouwer [Sat, 17 Jun 2017 15:31:41 +0000 (17:31 +0200)]
hello decaf signers (
ED25519 and ED448)
Testing algorithm 15: 'Decaf
ED25519 ' ->'Decaf
ED25519 ' -> 'Decaf
ED25519 ' Signature & verify ok, signature 68usec, verify 93usec
Testing algorithm 16: 'Decaf ED448' ->'Decaf ED448' -> 'Decaf ED448' Signature & verify ok, signature 163usec, verify 252usec
Peter van Dijk [Tue, 20 Jun 2017 08:33:18 +0000 (10:33 +0200)]
install fakeroot and bump json gem version, for new travis image
Peter van Dijk [Mon, 19 Jun 2017 14:46:33 +0000 (16:46 +0200)]
Merge pull request #5423 from mind04/
ed25519 -40
Backport of #5422 do not hash the message in the
ed25519 signer
Kees Monshouwer [Fri, 16 Jun 2017 20:29:13 +0000 (22:29 +0200)]
do not hash the message in the
ed25519 signer
https://www.rfc-editor.org/errata_search.php?rfc=8080
This is a Native zone
Metadata items: None
Zone has NSEC semantics
keys:
ID = 1 (CSK), flags = 257, tag = 3613, algo = 15, bits = 256 Active (
ED25519 )
CSK DNSKEY = example.com. IN DNSKEY 257 3 15 l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4= ; (
ED25519 )
DS = example.com. IN DS 3613 15 1
b2c63605467c4a40942b47a953e9c0d38f81083a ; ( SHA1 digest )
DS = example.com. IN DS 3613 15 2
3aa5ab37efce57f737fc1627013fee07bdf241bd10f3b1964ab55c78e79a304b ; ( SHA256 digest )
DS = example.com. IN DS 3613 15 4 89389da437fca8372e67359dfc0dd4428fa2615df6e31bc5501677dd068514fea5c4efaf82188530a8a1645d9d3ef884 ; ( SHA-384 digest )
DNSKEY and DS match
Peter van Dijk [Tue, 13 Jun 2017 07:56:57 +0000 (09:56 +0200)]
Merge pull request #5378 from mind04/backports-40
Kees Monshouwer [Mon, 5 Jun 2017 20:13:16 +0000 (22:13 +0200)]
auth: fix override in lua backend
Kees Monshouwer [Mon, 5 Jun 2017 22:21:15 +0000 (00:21 +0200)]
auth: reanimate opendbx backend
Kees Monshouwer [Sun, 4 Jun 2017 11:31:54 +0000 (13:31 +0200)]
auth: make sure Lua axfrfilter() does not insert out of zone data
Kees Monshouwer [Sun, 4 Jun 2017 12:18:38 +0000 (14:18 +0200)]
auth: some small rectify improvements
Kees Monshouwer [Sun, 4 Jun 2017 11:27:07 +0000 (13:27 +0200)]
auth: make sure upcase qnames do not confuse rectify or axfr
Kees Monshouwer [Sun, 4 Jun 2017 11:18:51 +0000 (13:18 +0200)]
auth: make sure all qnames entering pdns via axfr are properly lowered
Kees Monshouwer [Sun, 4 Jun 2017 11:12:13 +0000 (13:12 +0200)]
add makeUsRelative() to DNSName class
Kees Monshouwer [Sun, 4 Jun 2017 22:47:05 +0000 (00:47 +0200)]
auth: test to make sure ordername is always lower case
Kees Monshouwer [Sat, 3 Jun 2017 14:25:02 +0000 (16:25 +0200)]
auth: ignore NSEC3PARAM in an unsigned zone
projects / pdns / log