]>
granicus.if.org Git - pdns/log
Remi Gacogne [Mon, 24 Oct 2016 09:09:00 +0000 (11:09 +0200)]
auth: Correctly check unknown record content size
(cherry picked from commit
b2af454119290be074fc873052d80631c5e16dce )
Pieter Lexis [Wed, 11 Jan 2017 18:09:05 +0000 (19:09 +0100)]
Merge pull request #4869 from rgacogne/auth40-backport-4852
Remi Gacogne [Wed, 4 Jan 2017 10:48:47 +0000 (11:48 +0100)]
DNSName: Check that both first two bits are set in compressed labels
We checked that at least one of the first two bits was set,
but the 10 and 01 are combinations do not indicate a compressed label
and are reserved for future use.
(cherry picked from commit
99bbbc7bdf675509caf61f41464a1ae62c09f342 )
Pieter Lexis [Tue, 10 Jan 2017 10:53:57 +0000 (11:53 +0100)]
Merge pull request #4863 from rgacogne/auth40-backport-4862
Pieter Lexis [Tue, 10 Jan 2017 10:53:38 +0000 (11:53 +0100)]
Merge pull request #4808 from rgacogne/auth40-backport-4791
Remi Gacogne [Mon, 9 Jan 2017 09:24:08 +0000 (10:24 +0100)]
jdnssec-tools 0.13 has been released
(cherry picked from commit
02f1e33288015a38161e1dc037c61dd0e2005bb1 )
Remi Gacogne [Mon, 2 Jan 2017 10:35:17 +0000 (11:35 +0100)]
auth: Remove `XXX` comment after -hopefully- cleaning the `DNSName` pain
Remi Gacogne [Mon, 19 Dec 2016 16:43:18 +0000 (17:43 +0100)]
Auth: Cleanup `DNSName::getRawLabels()` usage
No real issue I'm aware of, but it's cleaner that way.
(cherry picked from commit
f48c35c07dae04ab409f007d242b71692d49d5da )
Pieter Lexis [Fri, 16 Dec 2016 08:38:39 +0000 (09:38 +0100)]
Merge pull request #4755 from rgacogne/auth40-backport-4686
Pieter Lexis [Fri, 16 Dec 2016 08:38:34 +0000 (09:38 +0100)]
Merge pull request #4754 from rgacogne/auth40-backport-4638
Remi Gacogne [Wed, 26 Oct 2016 13:42:27 +0000 (15:42 +0200)]
auth: In `Bind2Backend::lookup()`, use the `zoneId` when we have it
After the initial lookup corresponding to a `DNSBackend::getAuth()`,
the subsequent ones already have the `zoneId`, so use it instead of
looping on `chopOff()` again. This should be much more efficient.
(cherry picked from commit
937a66255ff05f2e754ef113833e54cc4cf2004b )
Remi Gacogne [Tue, 15 Nov 2016 15:37:53 +0000 (16:37 +0100)]
calidns: Don't crash if we don't have enough 'unknown' queries remaining
(cherry picked from commit
b4f5799bf3ed50dc0146a2bbfb2c61551de0136b )
Peter van Dijk [Thu, 8 Dec 2016 12:02:45 +0000 (13:02 +0100)]
Merge pull request #4750 from rgacogne/auth40-backport-4625
Remi Gacogne [Mon, 29 Aug 2016 15:28:35 +0000 (17:28 +0200)]
auth: Unify usage of randomness source by using `dns_random()`
`Utility::random()` is not impossible to predict, so even if we are not
using it for anything sensitive it's better to just use `dns_random()`
instead.
Reported by mongo (thanks!).
(cherry picked from commit
d2116c15dbf1e0cef93e478678d1f9d403d87f90 )
Peter van Dijk [Tue, 6 Dec 2016 09:47:30 +0000 (10:47 +0100)]
Merge pull request #4738 from rgacogne/auth40-dnsname-4718
Remi Gacogne [Thu, 1 Dec 2016 12:00:13 +0000 (13:00 +0100)]
Fix incorrect length check in `DNSName` when extracting qtype or qclass
In `DNSName::packetParser()`, the length check might have been incorrect
when the caller asked for the `qtype` and/or the `qclass` to be extracted.
The `pos + labellen + 2 > end` check was wrong because `pos` might have already
been incremented by `labellen`. There are 3 ways to exit the main loop:
* `labellen` is 0, the most common case, and in that case the check is valid
* `pos >= end`, meaning that `pos + labellen + 2 > end` will be true regardless
of the value of `labellen` since it cannot be negative
* if `uncompress` is set and a compressed label is found, the main loop is
broken out of, and `labellen` still holds a now irrelevant, possibly non-zero value
corresponding to the first byte of the compressed label length & ~0xc0.
In that last case, if the compressed label points to a position > 255 the check
is wrong and might have rejected a valid packet.
A quick look throught the code didn't show any place where we request decompression
and ask for `qtype` and/or `qclass` in a response, but I might have missed one.
Reported by Houssam El Hajoui (thanks!).
(cherry picked from commit
7b9c052c617d02e1870195d0f216732047d56e22 )
Peter van Dijk [Mon, 5 Dec 2016 13:15:27 +0000 (14:15 +0100)]
Merge pull request #4737 from Habbie/auth-4.0.x-travis-only-auth
Peter van Dijk [Mon, 5 Dec 2016 08:19:57 +0000 (09:19 +0100)]
Merge pull request #4728 from Habbie/auth-4.0.x-travis-update
Peter van Dijk [Fri, 2 Dec 2016 19:38:53 +0000 (20:38 +0100)]
do not build/test recursor, dnsdist, docs
Remi Gacogne [Fri, 2 Dec 2016 16:05:42 +0000 (17:05 +0100)]
MySQL 5.6 is now installed by default in travis images
Peter van Dijk [Mon, 14 Nov 2016 17:25:23 +0000 (18:25 +0100)]
Merge pull request #4682 from Habbie/odbc-40x
Peter van Dijk [Fri, 11 Nov 2016 19:29:16 +0000 (20:29 +0100)]
build and test godbc backend in travis
Peter van Dijk [Fri, 11 Nov 2016 18:21:17 +0000 (19:21 +0100)]
actually prepare statements
Peter van Dijk [Fri, 11 Nov 2016 17:58:32 +0000 (18:58 +0100)]
throw actual exceptions instead of strings so that they get caught and reported properly
Peter van Dijk [Fri, 11 Nov 2016 17:03:22 +0000 (18:03 +0100)]
update odbc-sqlite3 queries in regression tests
Remi Gacogne [Wed, 9 Nov 2016 09:03:06 +0000 (10:03 +0100)]
Merge pull request #4651 from rgacogne/auth-40-backport-4573
Peter van Dijk [Tue, 8 Nov 2016 11:15:25 +0000 (12:15 +0100)]
Merge pull request #4666 from ton31337/Fix/do_not_thrown_an_error
Donatas Abraitis [Mon, 7 Nov 2016 16:28:52 +0000 (18:28 +0200)]
Do not thrown an error for get() if zone was not found
Remi Gacogne [Mon, 17 Oct 2016 08:07:26 +0000 (10:07 +0200)]
Fix building with ECDSA support disabled in libcrypto
(cherry picked from commit
aa74d164ae29269168d048d2cc8d7e1f984774c4 )
Pieter Lexis [Mon, 24 Oct 2016 22:24:25 +0000 (00:24 +0200)]
Merge pull request #4592 from rgacogne/auth40-web-rings-leak
Pieter Lexis [Mon, 24 Oct 2016 22:24:12 +0000 (00:24 +0200)]
Merge pull request #4600 from rgacogne/backport-4537
Pieter Lexis [Mon, 24 Oct 2016 22:23:53 +0000 (00:23 +0200)]
Merge pull request #4614 from pieterlexis/backport-4608
Donatas Abraitis [Mon, 24 Oct 2016 13:39:42 +0000 (16:39 +0300)]
Make MyDNS backend rpm
Sangwhan Moon [Tue, 4 Oct 2016 06:06:40 +0000 (15:06 +0900)]
Replace std::forward/std::make_tuple combo with std::forward_as_tuple
Quick and dirty fix for #3552. May not work or break compatibility
with other compilers.
(cherry picked from commit
352bc0409454032acc5e8fb256d5ed8f46445b5a )
Remi Gacogne [Fri, 7 Oct 2016 13:04:12 +0000 (15:04 +0200)]
auth: Fix a possible memory leak in the webserver
Also state clearly that we advise against running the webserver
without password protection.
Reported by mongo (thanks!).
(cherry picked from commit
bea69e320e7f3ec4b9e607f6492a58f01b4fe9bf )
Pieter Lexis [Thu, 20 Oct 2016 07:52:47 +0000 (09:52 +0200)]
Merge pull request #4558 from mind04/auth-4.0.x
Pieter Lexis [Thu, 20 Oct 2016 07:52:34 +0000 (09:52 +0200)]
Merge pull request #4586 from rgacogne/backport-4544
Remi Gacogne [Mon, 29 Aug 2016 13:50:44 +0000 (15:50 +0200)]
auth: Fix a stack-based off-by-one write in the HTTP remote backend
Reported by mongo (thanks!).
(cherry picked from commit
9e5fa399eea5152a451753f1db68dec46537447c )
Pieter Lexis [Tue, 18 Oct 2016 09:38:39 +0000 (11:38 +0200)]
Merge pull request #4523 from zeha/backport-4459
Pieter Lexis [Tue, 18 Oct 2016 09:36:41 +0000 (11:36 +0200)]
Merge pull request #4543 from zeha/api-search-no-ents-40x
Christian Hofstaedtler [Thu, 6 Oct 2016 14:18:09 +0000 (16:18 +0200)]
API: search should not return ENTs
Kees Monshouwer [Fri, 30 Sep 2016 20:50:57 +0000 (22:50 +0200)]
fix a few 'types may not be defined in a for-range-declaration' warnings
Kees Monshouwer [Fri, 30 Sep 2016 20:53:05 +0000 (22:53 +0200)]
add gcc 6.2 to boost.m4
bert hubert [Sun, 11 Sep 2016 18:40:44 +0000 (20:40 +0200)]
eleksir noted that we leak a ton of memory in postgresql. I'm no postgres expert, but this plugs my leak and still appears to function. In other news, do we need a transaction for every query?
(cherry-picked from master
903bb4924bc5130c0e81f0c5759d0177f53e82fd )
Kees Monshouwer [Sat, 17 Sep 2016 22:28:41 +0000 (00:28 +0200)]
disable negative getSOA caching if the negcache_ttl is 0
bert hubert [Thu, 29 Sep 2016 17:51:34 +0000 (19:51 +0200)]
fix up packetcache not to use constexpr which upset clang (perhaps it is right)
bert hubert [Thu, 29 Sep 2016 15:23:42 +0000 (17:23 +0200)]
document cache cleaning rate adjustment, plus switch to symbolic names for limits
Kees Monshouwer [Tue, 27 Sep 2016 08:55:47 +0000 (10:55 +0200)]
adaptive packetcache cleaning interval
Kees Monshouwer [Mon, 26 Sep 2016 18:31:22 +0000 (20:31 +0200)]
remove some outdated comments in packetcache.cc
Kees Monshouwer [Mon, 26 Sep 2016 18:30:20 +0000 (20:30 +0200)]
remove unnecessary locking in packetcache
Kees Monshouwer [Mon, 26 Sep 2016 18:28:27 +0000 (20:28 +0200)]
update packetcache size in insert()
Pieter Lexis [Wed, 28 Sep 2016 11:42:51 +0000 (13:42 +0200)]
Merge pull request #4452 from pieterlexis/backport-4319
Pieter Lexis [Wed, 28 Sep 2016 11:42:45 +0000 (13:42 +0200)]
Merge pull request #4453 from pieterlexis/backport-4442
bert hubert [Sun, 11 Sep 2016 19:10:28 +0000 (21:10 +0200)]
Merge pull request #4451 from pieterlexis/backport-4407
bert hubert [Sun, 11 Sep 2016 19:10:03 +0000 (21:10 +0200)]
Merge pull request #4454 from pieterlexis/backport-4371
Hannu Ylitalo [Sat, 27 Aug 2016 08:22:03 +0000 (11:22 +0300)]
pdnsutil: create-slave-zone accept multiple masters
(cherry picked from commit
af3a3769097ed43b8a1ebc623a6697f668f9f4c5 )
Aki Tuomi [Thu, 8 Sep 2016 09:15:05 +0000 (12:15 +0300)]
geoipbackend: Fix minor naming issue
(cherry picked from commit
d0f81f040c6ef6dfc6d84471c084a1a86ce18e4e )
Christian Hofstaedtler [Fri, 2 Sep 2016 19:52:36 +0000 (21:52 +0200)]
Fix warning: types may not be defined in a for-range-declaration
As emitted by gcc 6.2.0
20160830 (Debian 6.2.0-2)
(cherry picked from commit
8ce9e4e67dbe8ce2cf546f5f549c3fb638946c56 )
Pieter Lexis [Tue, 16 Aug 2016 13:51:47 +0000 (15:51 +0200)]
pipe: SERVFAIL when needed:
* SERVFAIL, but don't restart the coprocess if we get a FAIL.
* SERVFAIL if the coprocess sends something we don't understand.
* In this case, restart the coprocess.
Closes #4308
(cherry picked from commit
6e0daabf5d93bd240c4c3a5ba5afcb843686f3b8 )
Pieter Lexis [Mon, 5 Sep 2016 14:06:33 +0000 (16:06 +0200)]
Merge pull request #4410 from pieterlexis/auth-4.0-autoconf-modules-no
Pieter Lexis [Mon, 5 Sep 2016 14:06:26 +0000 (16:06 +0200)]
Merge pull request #4421 from pieterlexis/auth-backport-4403
Pieter Lexis [Mon, 5 Sep 2016 14:06:19 +0000 (16:06 +0200)]
Merge pull request #4423 from pieterlexis/backport-4306
Peter van Dijk [Thu, 11 Aug 2016 14:45:22 +0000 (16:45 +0200)]
limit size of mysql cell to 128 kilobytes
(cherry picked from commit
9acd983b8de33c3d2d70a8cb0c9e3bdc2adca7a9 )
Christian Hofstaedtler [Fri, 2 Sep 2016 19:55:52 +0000 (21:55 +0200)]
Bump version requirement for CRYPTO_ctr128_encrypt
While CRYPTO_ctr128_encrypt should be available in 1.0.1,
apparently in some library builds (Ubuntu) one can not link
against it.
(cherry picked from commit
3e4b01664660f1a8d9564508843a7e51b8f7549e )
Christian Hofstaedtler [Fri, 2 Sep 2016 12:06:35 +0000 (12:06 +0000)]
Fix build with OpenSSL 1.1.0 final
Where aes.h apparently no longer includes opensslv.h.
(cherry picked from commit
e6fc073faf3b1d9b4da301821da40dff33186057 )
Pieter Lexis [Fri, 2 Sep 2016 13:38:47 +0000 (15:38 +0200)]
Auth: allow --with-(dyn-)modules=no
Pieter Lexis [Fri, 2 Sep 2016 07:32:58 +0000 (09:32 +0200)]
Auth: remove unused AC_DEFINE
Pieter Lexis [Fri, 2 Sep 2016 07:31:57 +0000 (09:31 +0200)]
auth: remove autoconf leftover from before the split
Pieter Lexis [Thu, 1 Sep 2016 12:48:31 +0000 (14:48 +0200)]
Merge pull request #4393 from rgacogne/dnsdist-110-beta-changelog
Remi Gacogne [Thu, 1 Sep 2016 12:34:46 +0000 (14:34 +0200)]
dnsdist: Update ChangeLog for 1.1.0-beta1
Pieter Lexis [Thu, 1 Sep 2016 09:38:03 +0000 (11:38 +0200)]
Merge pull request #4346 from mind04/anytotcp
bert hubert [Wed, 31 Aug 2016 14:48:04 +0000 (16:48 +0200)]
Merge pull request #4305 from rgacogne/dnsdist-lua-anon
bert hubert [Wed, 31 Aug 2016 14:44:05 +0000 (16:44 +0200)]
Merge pull request #4350 from rgacogne/rec-tcp-gettag
bert hubert [Wed, 31 Aug 2016 14:43:40 +0000 (16:43 +0200)]
Merge pull request #4380 from rgacogne/dnsdist-clang-ebpf
bert hubert [Wed, 31 Aug 2016 14:42:49 +0000 (16:42 +0200)]
Merge pull request #4387 from pieterlexis/port-overflow
bert hubert [Wed, 31 Aug 2016 14:28:25 +0000 (16:28 +0200)]
Merge pull request #4379 from sspans/patch-1
Pieter Lexis [Wed, 31 Aug 2016 13:30:30 +0000 (15:30 +0200)]
ComboAddress: don't allow invalid portsFixes: #4382
Remi Gacogne [Tue, 30 Aug 2016 08:41:07 +0000 (10:41 +0200)]
dnsdist: Fix warnings when compiling with clang
Sten Spans [Tue, 30 Aug 2016 06:51:04 +0000 (08:51 +0200)]
remove hash signs
Sten Spans [Tue, 30 Aug 2016 06:42:22 +0000 (08:42 +0200)]
Update notrack rules
* switch from NOTRACK to CT target (deprecated around 2012)
* add output accept for sport 53
* describe firewalld configuration for newer centos/fedora/redhat versions
```
Date: Thu, 20 Dec 2012 12:26:22 +0100
Subject: [PATCH] netfilter: xt_CT: recover NOTRACK target support
Florian Westphal reported that the removal of the NOTRACK target
(
9655050 netfilter: remove xt_NOTRACK) is breaking some existing
setups.
That removal was scheduled for removal since long time ago as
described in Documentation/feature-removal-schedule.txt
```
https://patchwork.ozlabs.org/patch/207653/
Remi Gacogne [Mon, 29 Aug 2016 15:54:03 +0000 (17:54 +0200)]
dnsdist: Fix compilation with clang when eBPF is enabled
Pieter Lexis [Mon, 29 Aug 2016 15:49:38 +0000 (17:49 +0200)]
Merge pull request #4359 from pieterlexis/doc-fixes
Pieter Lexis [Mon, 29 Aug 2016 15:49:29 +0000 (17:49 +0200)]
Merge pull request #4368 from rgacogne/rec-more-lua-bindings
Pieter Lexis [Mon, 29 Aug 2016 15:49:21 +0000 (17:49 +0200)]
Merge pull request #4376 from rgacogne/rec-uninit-policy
Pieter Lexis [Mon, 29 Aug 2016 13:09:53 +0000 (15:09 +0200)]
Document config-dir in the manpage better
Pieter Lexis [Tue, 23 Aug 2016 15:50:27 +0000 (17:50 +0200)]
rec: document edns-subnet-whitelist
Pieter Lexis [Tue, 23 Aug 2016 15:42:27 +0000 (17:42 +0200)]
Rec: Fully document loglevel
Remi Gacogne [Mon, 29 Aug 2016 09:52:00 +0000 (11:52 +0200)]
rec: fix the use of an uninitialized filtering policy
Remi Gacogne [Mon, 29 Aug 2016 09:10:54 +0000 (11:10 +0200)]
Merge pull request #4365 from rgacogne/dnsdist-outstanding-race
Remi Gacogne [Mon, 29 Aug 2016 09:10:23 +0000 (11:10 +0200)]
Merge pull request #4348 from rgacogne/dnsdist-outstanding-xfr
Remi Gacogne [Mon, 29 Aug 2016 09:07:02 +0000 (11:07 +0200)]
Merge pull request #4375 from rgacogne/dnsdist-dynbpf-tuple-rga
Remi Gacogne [Fri, 26 Aug 2016 15:52:48 +0000 (17:52 +0200)]
dnsdist: tuple requires make_tuple to initialize
Pieter Lexis [Fri, 26 Aug 2016 13:23:09 +0000 (15:23 +0200)]
Add recursor 4.0.2 secpoll
bert hubert [Fri, 26 Aug 2016 10:30:05 +0000 (12:30 +0200)]
slightly improve 4.0.2 recursor release notes
Pieter Lexis [Fri, 26 Aug 2016 10:19:24 +0000 (12:19 +0200)]
Merge pull request #4364 from pieterlexis/rec-4.0.2-changelog
Pieter Lexis [Thu, 25 Aug 2016 09:54:29 +0000 (11:54 +0200)]
Add Recursor 4.0.2 changelog
Remi Gacogne [Mon, 22 Aug 2016 16:12:32 +0000 (18:12 +0200)]
doc: Clarify `gettag()` use, `dq`'s `addPolicyTag()`, `{get,set}PolicyTags()`
Remi Gacogne [Mon, 22 Aug 2016 14:15:12 +0000 (16:15 +0200)]
rec: Call `gettag()` for TCP queries
Remi Gacogne [Fri, 26 Aug 2016 10:06:17 +0000 (12:06 +0200)]
rec: Fix doc for ComboAddress/Netmask Lua bindings, add missing ones
bert hubert [Fri, 26 Aug 2016 10:06:27 +0000 (12:06 +0200)]
Merge pull request #4324 from rgacogne/lua-RPZ-discard-rebased
projects / pdns / log