Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pdns-backend-postgresql-4.1.8-lp151.1.2 RPM for aarch64

From OpenSuSE Ports Leap 15.1 for aarch64

Name: pdns-backend-postgresql Distribution: openSUSE Leap 15.1
Version: 4.1.8 Vendor: openSUSE
Release: lp151.1.2 Build date: Mon Apr 22 09:35:33 2019
Group: Productivity/Networking/DNS/Servers Build host: obs-arm-1
Size: 140329 Source RPM: pdns-4.1.8-lp151.1.2.src.rpm
Summary: PostgreSQL backend for pdns
The PowerDNS Nameserver is a authoritative-only nameserver.
It conforms to contemporary DNS standards documents.

This package holds the PostgreSQL backend for pdns.






* Fri Mar 22 2019 Michael Ströder <>
  - Update to 4.1.8
    * #7604: Correctly interpret an empty AXFR response to an IXFR query,
    * #7610: Fix replying from ANY address for non-standard port,
    * #7609: Fix rectify for ENT records in narrow zones,
    * #7607: Do not compress the root,
    * #7608: Fix dot stripping in `setcontent()`,
    * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting,
    * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR,
    * #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”,
    * #7509: Plug `mysql_thread_init` memory leak,
    * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.
* Mon Mar 18 2019 Michael Ströder <>
  - Update to 4.1.7 with a security fix:
    * Insufficient validation in the HTTP remote backend
      (bsc#1129734, CVE-2019-3871)
* Mon Mar 18 2019 Michael Ströder <>
  - Update to 4.1.6
    * Prevent more than one CNAME/SOA record in the same RRset
* Wed Mar 13 2019 Dirk Mueller <>
  - adjust buildrequires for mariadb 10.2.x on SLES
* Wed Nov 07 2018 Michael Ströder <>
  - Update to 4.1.5
    * Improvements
    - Apply alias scopemask after chasing
    - Release memory in case of error in the openssl ecdsa constructor
    - Switch to devtoolset 7 for el6
    * Bug Fixes
    - Crafted zone record can cause a denial of service
      (bsc#1114157, CVE-2018-10851)
    - Packet cache pollution via crafted query
      (bsc#1114169, CVE-2018-14626)
    - Fix compilation with libressl 2.7.0+
    - Actually truncate truncated responses
* Wed Aug 29 2018
  - Update to 4.1.4
    - Improvements
    * #6590: Fix warnings reported by gcc 8.1.0.
    * #6632, #6844, #6842, #6848: Make the gmysql backend future-proof
    * #6685, #6686: Initialize some missed qtypes.
    - Bug Fixes
    * #6780: Avoid concurrent records/comments iteration from
      running out of sync.
    * #6816: Fix a crash in the API when adding records.
    * #4457, #6691: pdns_control notify: handle slave without
      renotify properly.
    * #6736, #6738: Reset the TSIG state between queries.
    * #6857: Remove SOA-check backoff on incoming notify and fix
      lock handling.
    * #6858: Fix an issue where updating a record via DNS-UPDATE in
      a child zone that also exists in the parent zone, we would
      incorrectly apply the update to the parent zone.
    * #6676, #6677: Geoipbackend: check geoip_id_by_addr_gl and
      geoip_id_by_addr_v6_gl return value. (Aki Tuomi)
* Thu May 24 2018
  - Use HTTPS links in .spec file like mentioned in PowerDNS announcements
  - removed obsolete 6370.patch
  - Update to 4.1.3
    - Improvements
    * #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi)
    * #6130: Update copyright years to 2018 (Matt Nordhoff)
    * #6312, #6545: Lower ‘packet too short’ loglevel
    - Bug Fixes
    * #6441, #6614: Restrict creation of OPT and TSIG RRsets
    * #6228, #6370: Fix handling of user-defined axfr filters return values
    * #6584, #6585, #6608: Prevent the GeoIP backend from copying
      NetMaskTrees around, fixes slow-downs in certain configurations
      (Aki Tuomi)
    * #6654, #6659: Ensure alias answers over TCP have correct name
* Fri May 11 2018
  - Update to 4.1.2
    - Improvements
    * API: increase serial after dnssec related updates
    * Auth: lower ‘packet too short’ loglevel
    * Make check-zone error on rows that have content but shouldn’t
    * Auth: avoid an isane amount of new backend connections during an axfr
    * Report unparseable data in stoul invalid_argument exception
    * Backport: recheck serial when axfr is done
    * Backport: add tcp support for alias
    - Bug Fixes
    * Auth: allocate new statements after reconnecting to postgresql
    * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer)
    * Rather than crash, sheepishly report no file/linenum
    * Document undocumented config vars
    * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate
    - misc
    * Move includes around to avoid boost L conflict
    * Backport: update edns option code list
    * Auth: link dnspcap2protobuf against librt when needed
    * Fix a warning on botan >= 2.5.0
    * Auth 4.1.x: unbreak build
    * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)
* Mon Apr 23 2018
  - add patch for upstream issue #6228
* Fri Apr 13 2018
  - geoip not available on SLE15 but protobuf support is available.
* Fri Feb 16 2018
  - Update to version 4.1.1:
    bug-fix only release, with fixes to the LDAP and MySQL backends,
    the pdnsutil tool, and PDNS internals
* Thu Nov 30 2017
  - Update to version 4.1.0:
    + Recursor passthrough removal. Migration plans for users of
      recursor passthrough are in documentation and available at,
    + Improved performance: 4x speedup in some scenarios
    + Crypto API: DNSSEC fully configurable via RESTful API
    + Database: enhanced reconnection logic solving problems
      associated with idle disonnection from database servers.
    + Documentation improvements
    + Support for TCP Fast Open
    + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK
  - pkgconfig(krb5) is now always required for building LDAP backend
  - pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed
* Mon Nov 27 2017
  - package schema files in ldap subpackage
* Mon Nov 27 2017
  - Update to version 4.0.5:
    + fixes CVE-2017-15091: Missing check on API operations
    + Bindbackend: do not corrupt data supplied by other backends in
    + For create-slave-zone, actually add all slaves, and not only
      first n times
    + Check return value for all getTSIGKey calls.
    + Publish inactive KSK/CSK as CDNSKEY/CDS
    + Treat requestor’s payload size lower than 512 as equal to 512
    + Correctly purge entries from the caches after a transfer
    + LuaWrapper: Allow embedded NULs in strings received from Lua
    + Stubresolver: Use only recursor setting if given
    + mydnsbackend: Add getAllDomains
    + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace
    + gpgsql: make statement names actually unique
    + API: prevent sending nameservers list and zone-level NS in rrsets
* Tue Oct 31 2017
  - Ensure descriptions are neutral. Remove ineffective --with-pic.
  - Do not ignore errors from useradd.
  - Trim idempotent %if..%endif around %package.
* Thu Oct 19 2017
  - Added pdns.keyring linked from
* Fri Sep 29 2017
  - Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322)
    * upstream support for Botan was dropped in favor of OpenSSL, see
* Sun Jul 30 2017
  - This makes the schema fit storage requirements of various
    mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch
  - preset uid and gid in configuration
* Fri Jun 23 2017
  - fixed use of pdns_protobuf
* Fri Jun 23 2017
  - update to 4.0.4
    - fixes ed25519 signer. This signer hashed the message before
      signing, resulting in unverifiable signatures.
    - send a notification to all slave servers after every dnsupdate
    for complete list of changes, see
* Fri Mar 31 2017
  - added pdns-4.0.3_allow_dacoverride_in_capset.patch:
    Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3
* Thu Feb 02 2017
  - use individual libboost-*-devel packages instead of boost-devel
* Tue Jan 17 2017
  - update to 4.0.3 which obsoletes b854d9f.diff
* Fri Jan 13 2017
  - b854d9f.diff: revert upstream change that caused a regression
    with multiple-backends
* Fri Jan 13 2017
  - update to 4.0.2:
    The following security issues were fixed:
    - 2016-02: Crafted queries can cause abnormal CPU usage
    (CVE-2016-7068, boo#1018326)
    - 2016-03: Denial of service via the web server
    (CVE-2016-7072, boo#1018327)
    - 2016-04: Insufficient validation of TSIG signatures
    (CVE-2016-7073, CVE-2016-7074, boo#1018328)
    - 2016-05: Crafted zone record can cause a denial of service
    (CVE-2016-2120, boo#1018329)
    For complete changelog, see
* Mon Dec 12 2016
  - BuildRequire pkgconfig(libsystemd) instead of
    pkgconfig(libsystemd-daemon): these libs were merged in systemd
    209 times. The build system is capable of finding either one.
* Sat Jul 30 2016
  - update to 4.0.1
    Bug fixes
    - #4126 Wait for the connection to the carbon server to be established
    - #4206 Don't try to deallocate empty PG statements
    - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer)
    - #4252 Don't include bind files if length <= 2 or > sizeof(filename)
    - #4255 Catch runtime_error when parsing a broken MNAME
    - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi)
    - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler)
    - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler)
    - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo)
    - #4192 dnsreplay: Only add Client Subnet stamp when asked
    - #4250 Use toLogString() for ringAccount (Kees Monshouwer)
    - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172)
    - #4142 Add used filedescriptor statistic (Kees Monshouwer)
* Mon Jul 11 2016
  - update to 4.0.0
  - packaging changes:
    - remotebackend split out now
    - enabled experimental_gss_tsig support
    - enabled protobuf based stats support
    - no more xdb and lmdb backend
    - added odbc backend where supported
  - drop pdns-3.4.0-no_date_time.patch: replaced with
    - -enable-reproducible
* Sun May 29 2016
  - update to 3.4.9
    * use OpenSSL for ECDSA signing where available
    * allow common signing key
    * Add a disable-syslog setting
    * fix SOA caching with multiple backends
    * whitespace-related zone parsing fixes [ticket #3568]
    * bindbackend: fix, set domain in list()
* Wed Feb 03 2016
  - update to 3.4.8
    * Use AC_SEARCH_LIBS (Ruben Kerkhof)
    * Check for inet_aton in libresolv (Ruben Kerkhof)
    * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof)
    * pdnssec: don't check disabled records (Pieter Lexis)
    * pdnssec: check all records (including disabled ones)
      only in verbose mode (Kees Monshouwer)
    * traling dot in DNAME content (Kees Monshouwer)
    * Fix luabackend compilation on FreeBSD i386 (RvdE)
    * silence g++ 6.0 warnings and error (Kees Monshouwer)
    * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)
* Tue Nov 03 2015
  - update to 3.4.7
    Bug fixes:
    * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler)
    * Don't reply to truncated queries (Christian Hofstaedtler)
    * don't log out-of-zone ents during AXFR in (Kees Monshouwer)
    * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien
    Cauquil at Sysdream for pointing this out.
    * Handle NULL and boolean properly in gPGSql (Aki Tuomi)
    * Improve negative caching (Kees Monshouwer)
    * Do not divide timeout twice (Aki Tuomi)
    * Correctly sort records with a priority.
    * Direct query answers and correct zone-rectification in the GeoIP
    backend (Aki Tuomi)
    * Use token names to identify PKCS#11 keys (Aki Tuomi)
    * Fix typo in an error message (Arjen Zonneveld)
    * limit NSEC3 iterations in bindbackend (Kees Monshouwer)
    * Initialize minbody (Aki Tuomi)
    New features:
    * OPENPGPKEY record-type (James Cloos and Kees Monshouwer)
    * add global soa-edit settings (Kees Monshouwer)
* Wed Sep 02 2015
  - update to 3.4.6 [boo#943078] CVE-2015-5230
    Bug fixes:
    * Avoid superfluous backend recycling
    * Removal of dnsdist from the authoritative server distribution
    * Add EDNS unknown version handling and tests EDNS unknown version
    * Update YaHTTP to v0.1.7
    * Make trailing/leading spaces stand out in pdnssec check_zone
    * GCC 5.2 support and sync boost.m4 macro with upstream
    * Log answer packets only if log-dns-details is enabled
* Tue Jun 09 2015
  - update to 3.4.5
    Bug fixes:
    * be careful reading empty lines in our config parser and prevent
    integer overflow.
    * prevent crash after --list-modules (Ruben Kerkhof)
    * Limit the maximum length of a qname
    * Support /etc/default for our debian/ubuntu packages (Aki Tuomi)
    * Our Boost check doesn't recognize gcc 5.1 yet (Ruben Kerkhof)
    * Various PKCS#11 fixes and improvements (Aki Tuomi)
    * Several fixes for building on OpenBSD (Florian Obser)
    * Fix several issues found by Coverity (Aki Tuomi)
    * Look for mbedtls before polarssl (Ruben Kerkhof)
    * Detect Lua on OpenBSD (Ruben Kerkhof)
    * Let pkg-config determine botan dependency libs (Ruben Kerkhof)
    * kill some further mallocs and add note to remind us not to add them back
    * Move remotebackend-unix test socket to testsdir (Aki Tuomi)
    * Defer launch of coprocess until first question (Aki Tuomi)
    * pdnssec: check for glue and delegations in parent zones (Kees
* Mon Apr 27 2015
  - no longer ship dnsdist here, we will ship a new package based on
    the snapshots from
* Thu Apr 23 2015
  - update to 3.4.4 with a fix for CVE-2015-1868 (boo# 927569)
    Bug fixes:
    - commit ac3ae09: fix rectify-(all)-zones for mixed case domain
    - commit 2dea55e, commit 032d565, commit 55f2dbf: fix
    - commit 21cdbe5: Blocking IO in busy-wait for remote backend
      (Wieger Opmeer)
    - commit cc7b2ac: fix double dot for root MX/SRV in bind slave
      zone files (Kees Monshouwer)
    - commit c40307b: Properly lock lmdb database, fixes ticket #1954
      (Aki Tuomi)
    - commit 662e76d: Fix segfault in zone2lmdb (Ruben Kerkhof)
    New Features:
    - commit 5ae212e: pdnssec: warn for insecure wildcards in opt-out
    - commits cd3f21c, 8b582f6, 0b7e766, f743af9, dcde3c8 and
      f12fcf7: TKEY record type (Aki Tuomi)
    - commits 0fda1d9, 3dd139d, ba146ce, 25109e2, c011a01, 0600350,
      fc96b5e, 4414468, c163d41, f52c7f6, 8d56a31, 7821417, ea62bd9,
      c5ababd, 91c8351 and 073ac49: Many PKCS#11 improvements (Aki
    - commits 6f0d4f1 and 5eb33cb: Introduce xfrBlobNoSpaces and use
      them for TSIG (Aki Tuomi)
    - commit e4f48ab: allow "pdnssec set-nsec3 ZONE" for insecure
      zones; this saves on one rectify when securing a NSEC3 zone
    - commits cce95b9, e2e9243 and e82da97: Improvements to the
      config-file parsing (Aki Tuomi)
    - commit 2180e21: postgresql check should not touch LDFLAGS
      (Ruben Kerkhof)
    - commit 0481021: Log error when remote cannot do AXFR (Aki
    - commit 1ecc3a5: Speed improvements when AXFR is disabled
      (Christian Hofstaedtler)
    - commits 1f7334e and b17799a: NSEC3 and related RRSIGS are not
      part of the dnstree (Kees Monshouwer)
    - commits dd943dd and 58c4834: Change ifdef to check for
      __GLIBC__ instead of __linux__ to prevent errors with other
      libc's (James Taylor)
    - commit c929d50: Try to raise open files before dropping
      privileges (Aki Tuomi)
    - commit 69fd3dc: Add newline to carbon error message on auth
      (Aki Tuomi)
    - commit 3064f80: Make sure we send servfail on error (Aki Tuomi)
    - commit b004529: Ship in tarball (Ruben Kerkhof)
    - commit 9e6b24f: Allocate TCP buffer dynamically, decreasing
      stack usage
    - commit 267fdde: throw if getSOA gets non-SOA record
* Mon Mar 02 2015
  - update to 3.4.3
    Bug fixes:
    - [commit ceb49ce] pdns_control: exit 1 on unknown command (Ruben
    - [commit 1406891]: evaluate KSK ZSK pairs per algorithm (Kees
    - [commit 3ca050f]: always set di.notified_serial in
      getAllDomains (Kees Monshouwer)
    - [commit d9d09e1]: pdns_control: don't open socket in /tmp
      (Ruben Kerkhof)
    New features:
    - [commit 2f67952]: Limit who can send us AXFR notify queries
      (Ruben Kerkhof)
    - [commit d7bec64]: respond REFUSED instead of NOERROR for
      "unknown zone" situations
    - [commit ebeb9d7]: Check for Lua 5.3 (Ruben Kerkhof)
    - [commit d09931d]: Check compiler for relro support instead of
      linker (Ruben Kerkhof)
    - [commit c4b0d0c]: Replace PacketHandler with UeberBackend where
      possible (Christian Hofstaedtler)
    - [commit 5a85152]: PacketHandler: Share UeberBackend with
      DNSSECKeeper (Christian Hofstaedtler)
    - [commit 97bd444]: fix building with GCC 5
    Experimental API changes (Christian Hofstaedtler):
    - [commit ca44706]: API: move shared DomainInfo reader into it's
      own function
    - [commit 102602f]: API: allow writing to domains.account field
    - [commit d82f632]: API: read and expose domain account field
    - [commit 2b06977]: API: be more strict when parsing record
    - [commit 2f72b7c]: API: Reject unknown types (TYPE0)
    - [commit d82f632]: API: read and expose domain account field
* Tue Feb 03 2015
  - set $LD for now. this fixes the configure check for relro,now.
* Tue Feb 03 2015
  - remove custom PIE handling. upstream does it for us now.
* Tue Feb 03 2015
  - update to 3.4.2
    This is a performance and bugfix update to 3.4.1 and any earlier
    version. For high traffic setups, including those using DNSSEC,
    upgrading to 3.4.2 may show tremendous performance increases.
    A list of changes since 3.4.1 follows. Please see the full
    clickable changelog at
  - move man pages to section 1 to follow upstream change
* Tue Nov 25 2014
  - disable botan and geoip on SLE_12 because of missing
* Tue Nov 11 2014
  - Fixed broken _localstatedir
* Sun Nov 09 2014 Led <>
  - fix bashisms in pre script
* Thu Oct 30 2014
  - update to version 3.4.1
    Changes since 3.4.0:
    * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now
    polls the security status of a release at startup and periodically. More
    detail on this feature, and how to turn it off, can be found in Section 2,
    “Security polling”.
    * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header
    * commit 4a95ab4: Use transaction for pdnssec increase-serial
    * commit 6e82a23: Don't empty ordername during pdnssec increase-serial
    * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes
    ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD
    or BIND.
* Tue Oct 28 2014
  - only enable geoip backend on distros newer than 12.3
    before the package lacks the pkg-config file and there is no
    fallback to finding geoip without it.
* Tue Oct 28 2014
  - fix permissions of the home directory
* Tue Oct 28 2014
  - enable some backends that we had forgotten:
    - pipe   (main package)
    - random (main package)
    - geoip  (new subpackage)
    - new BR: yaml-cpp-devel and GeoIP-devel



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Apr 9 10:38:52 2022