--- - branch: MAIN date: Thu Mar 9 13:43:49 UTC 2017 files: - new: '1.19' old: '1.18' path: pkgsrc/net/powerdns-recursor/Makefile pathrev: pkgsrc/net/powerdns-recursor/Makefile@1.19 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/powerdns-recursor/PLIST pathrev: pkgsrc/net/powerdns-recursor/PLIST@1.4 type: modified - new: '1.16' old: '1.15' path: pkgsrc/net/powerdns-recursor/distinfo pathrev: pkgsrc/net/powerdns-recursor/distinfo@1.16 type: modified - new: '0' old: '1.1' path: pkgsrc/net/powerdns-recursor/patches/patch-Makefile.in pathrev: pkgsrc/net/powerdns-recursor/patches/patch-Makefile.in@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/net/powerdns-recursor/patches/patch-sysdeps_SunOS.inc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-sysdeps_SunOS.inc@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-dnsparser.cc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-dnsparser.cc@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-dnsparser.hh pathrev: pkgsrc/net/powerdns-recursor/patches/patch-dnsparser.hh@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-namespaces.hh pathrev: pkgsrc/net/powerdns-recursor/patches/patch-namespaces.hh@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-pdns__recursor.1 pathrev: pkgsrc/net/powerdns-recursor/patches/patch-pdns__recursor.1@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-rec__channel__rec.cc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-rec__channel__rec.cc@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-rec__control.1 pathrev: pkgsrc/net/powerdns-recursor/patches/patch-rec__control.1@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-recursor__cache.cc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-recursor__cache.cc@0 type: deleted - new: '0' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-reczones.cc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-reczones.cc@0 type: deleted - new: '1.2' old: '1.1' path: pkgsrc/net/powerdns-recursor/patches/patch-iputils.hh pathrev: pkgsrc/net/powerdns-recursor/patches/patch-iputils.hh@1.2 type: modified - new: '1.3' old: '1.2' path: pkgsrc/net/powerdns-recursor/patches/patch-kqueuemplexer.cc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-kqueuemplexer.cc@1.3 type: modified - new: '0' old: '1.4' path: pkgsrc/net/powerdns-recursor/patches/patch-pdns__recursor.cc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-pdns__recursor.cc@0 type: deleted - new: '1.1' old: '0' path: pkgsrc/net/powerdns-recursor/patches/patch-qtype.hh pathrev: pkgsrc/net/powerdns-recursor/patches/patch-qtype.hh@1.1 type: added - new: '0' old: '1.3' path: pkgsrc/net/powerdns-recursor/patches/patch-rec__channel.cc pathrev: pkgsrc/net/powerdns-recursor/patches/patch-rec__channel.cc@0 type: deleted id: 20170309T134349Z.2c824ae0318c84ec25595bc29f5ac605d5401cd1 log: "Update net/powerdns-recursor to 4.0.4.\n\nPowerDNS Recursor 4.0.4\n=======================\n\nChange highlights include:\n\n- Check TSIG signature on IXFR (Security Advisory 2016-04)\n- Don't parse spurious RRs in queries when we don't need them\n (Security Advisory 2016-02)\n- Add 'max-recursion-depth' to limit the number of internal recursion\n- Wait until after daemonizing to start the RPZ and protobuf threads\n- On RPZ customPolicy, follow the resulting CNAME\n- Make the negcache forwarded zones aware\n- Cache records for zones that were delegated to from a forwarded zone\n- DNSSEC: don't go bogus on zero configured DSs\n- DNSSEC: NSEC3 optout and Bogus insecure forward fixes\n- DNSSEC: Handle CNAMEs at the apex of secure zones to other secure\n zones\n\nPowerDNS Recursor 4.0.3\n=======================\n\nBug fixes\n- Call gettag() for TCP queries\n- Fix the use of an uninitialized filtering policy\n- Parse query-local-address before lua-config-file\n- Fix accessing an empty policyCustom, policyName from Lua\n- ComboAddress: don't allow invalid ports\n- Fix RPZ default policy not being applied over IXFR\n- DNSSEC: Actually follow RFC 7646 å\x89\x872.1\n- Add boost context ldflags so freebsd builds can find the libs\n- Ignore NS records in a RPZ zone received over IXFR\n- Fix build with OpenSSL 1.1.0 final\n- Don't validate when a Lua hook took the query\n- Fix a protobuf regression (requestor/responder mix-up)\n\nAdditions and Enhancements\n- Support Boost 1.61+ fcontext\n- Add Lua binding for DNSRecord::d_place\n\nPowerDNS Recursor 4.0.2\n=======================\n\nBug fixes\n- Set dq.rcode before calling postresolve\n- Honor PIE flags.\n- Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is\n irrelevant\n- Don't shuffle CNAME records. (thanks to Gert van Dijk for the\n extensive bug report!)\n- Fix delegation-only\n\nAdditions and enhancements\n- Respect the timeout when connecting to a protobuf server\n- allow newDN to take a DNSName in; document missing methods\n- expose SMN toString to lua\n- Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of\n XS4All for finding this)\n- Allow Lua access to the result of the Policy Engine decision, skip\n RPZ, finish RPZ implementation\n- Remove unused DNSPacket::d_qlen\n- RPZ: Use query-local-address(6) by default (thanks to Oli Schacher\n of switch.ch for the feature request)\n- Move the root DNSSEC data to a header file\n\nPowerDNS Recursor 4.0.1\n=======================\n\nBug fixes\n- Improve DNSSEC record skipping for non dnssec queries (Kees\n Monshouwer)\n- Don't validate zones from the local auth store, go one level down\n while validating when there is a CNAME\n- Don't go bogus on islands of security\n- Check all possible chains for Insecures\n- Don't go Bogus on a CNAME at the apex\n- RPZ: default policy should also override local data RRs\n- Fix a crash when the next name in a chained query is empty and\n rec_control current-queries is invoked\n\nImprovements\n- OpenSSL 1.1.0 support (Christian Hofstaedtler)\n- Fix warnings with gcc on musl-libc (James Taylor)\n- Also validate on +DO\n- Fail to start when the lua-dns-script does not exist\n- Add more Netmask methods for Lua (Aki Tuomi)\n- Validate DNSSEC for security polling\n- Turn on root-nx-trust by default and log-common-errors=off\n- Allow for multiple trust anchors per zone\n- Fix compilation warning when building without Protobuf\n\nPowerDNS Recursor 4.0.0\n=======================\n\n- Moved to C++ 2011, a cleaner more powerful version of C++ that has\n allowed us to improve the quality of implementation in many places.\n- Implemented dedicated infrastructure for dealing with DNS names that\n is fully \"DNS Native\" and needs less escaping and unescaping.\n- Switched to binary storage of DNS records in all places.\n- Moved ACLs to a dedicated Netmask Tree.\n- Implemented a version of RCU for configuration changes\n- Instrumented our use of the memory allocator, reduced number of\n malloc calls substantially.\n- The Lua hook infrastructure was redone using LuaWrapper; old scripts\n will no longer work, but new scripts are easier to write under the\n new interface.\n- DNSSEC processing: if you ask for DNSSEC records, you will get them.\n- DNSSEC validation: if so configured, PowerDNS perform DNSSEC\n validation of your answers.\n- Completely revamped Lua scripting API that is \"DNSName\" native and\n therefore far less error prone, and likely faster for most commonly\n used scenarios.\n- New asynchronous per-domain, per-ip address, query engine.\n- RPZ (from file, over AXFR or IXFR) support.\n- All caches can now be wiped on suffixes, because of canonical\n ordering.\n- Many, many more relevant performance metrics, including upstream\n authoritative performance measurements.\n- EDNS Client Subnet support, including cache awareness of\n subnet-varying answers.\n" module: pkgsrc subject: 'CVS commit: pkgsrc/net/powerdns-recursor' unixtime: '1489067029' user: fhajny