]>
git.ipfire.org Git - thirdparty/pdns.git/log
Peter van Dijk [Thu, 2 May 2024 13:25:12 +0000 (15:25 +0200)]
Merge pull request #14021 from Habbie/auth-lua-join-whitespace
auth LUA: make whitespace insertion on chunk combine optional
Peter van Dijk [Thu, 2 May 2024 11:19:12 +0000 (13:19 +0200)]
Merge pull request #14036 from romeroalx/meson-auth-ci
GH Actions - Meson: Build auth using meson in `build-and-test-all`.
Peter van Dijk [Thu, 2 May 2024 11:17:59 +0000 (13:17 +0200)]
Merge pull request #14061 from romeroalx/ci-runner-image-branch
GH actions - build-and-test-all: parameterize workflow to run different docker runner versions
Peter van Dijk [Thu, 2 May 2024 11:14:49 +0000 (13:14 +0200)]
Merge pull request #14085 from romeroalx/pip-doc-hashes
GH actions: check that only pinned pip packages are pulled when building docs
romeroalx [Thu, 11 Apr 2024 15:15:19 +0000 (17:15 +0200)]
meson: enable systemd for auth-configure
romeroalx [Mon, 8 Apr 2024 11:13:28 +0000 (13:13 +0200)]
simplify build-auth job
romeroalx [Wed, 27 Mar 2024 09:39:08 +0000 (10:39 +0100)]
gh actions add meson build for auth
Remi Gacogne [Thu, 25 Apr 2024 09:34:55 +0000 (11:34 +0200)]
Merge pull request #14078 from rgacogne/ddist-harvest-quic
dnsdist: Use the correct source IP for outgoing QUIC datagrams
Remi Gacogne [Thu, 25 Apr 2024 09:31:28 +0000 (11:31 +0200)]
Merge pull request #14076 from rgacogne/ddist-update-tuning-design-doc-for-doq-doh3
dnsdist: Update tuning/design documentation for DoQ and DoH3
Remi Gacogne [Thu, 25 Apr 2024 09:04:04 +0000 (11:04 +0200)]
Merge pull request #14104 from rgacogne/ddist-fix-abort-nghttp2_session_mem_recv
dnsdist: Fix a crash in incoming DoH with nghttp2
Otto Moerbeek [Thu, 25 Apr 2024 08:51:14 +0000 (10:51 +0200)]
Merge pull request #14062 from franklouwers/patch-1
rec: Remove `current` from the extended error code binding descriptions
Otto Moerbeek [Thu, 25 Apr 2024 08:50:19 +0000 (10:50 +0200)]
Merge pull request #14023 from omoerbeek/rec-proxy-physaddr
rec: add interface (not subject to proxy protocol substitutions) addresses in Lua DNSQuestion and corresponding FFI
Otto Moerbeek [Thu, 25 Apr 2024 08:15:41 +0000 (10:15 +0200)]
Better wording in docs from @rgacogne
Co-authored-by: Remi Gacogne <github@coredump.fr>
Remi Gacogne [Thu, 18 Apr 2024 08:49:10 +0000 (10:49 +0200)]
dnsdist: Fix a crash in incoming DoH with nghttp2
This fixes an issue in the code dealing with incoming DNS over HTTPS
queries with the nghttp2 provider. In some rare cases, if the incoming
query is forwarded to the backend over TCP and the response comes back
immediately (the `read()` call done just after the `write()` call sending
the query must succeed and yield a complete response), the processing
of the response might end up calling `IncomingHTTP2Connection::readHTTPData()`
down the line, via the `nghttp2` callbacks, while we were already
inside this function. This does not actually work because
`nghttp2_session_mem_recv` is not reentrant, so the internal state of
the `nghttp2_session` object might become inconsistent and trigger
an assertion, for example:
```
nghttp2_session.c:6854: nghttp2_session_mem_recv2: Assertion `iframe->state == NGHTTP2_IB_IGN_ALL' failed.
```
This results in a call to `abort()` and very unlikely to be exploitable,
because there is no memory corruption occurring. It would also be quite
difficult for an attacker to trigger the conditions leading to this event
remotely.
Reported by Daniel Stirnimann from Switch and Stephane Bortzmeyer, many thanks to them.
Otto Moerbeek [Thu, 25 Apr 2024 05:56:31 +0000 (07:56 +0200)]
Merge pull request #14102 from Habbie/2024-02-formatting
security advisory 2024-02: fix formatting
Peter van Dijk [Wed, 24 Apr 2024 14:26:48 +0000 (16:26 +0200)]
Merge pull request #14100 from Habbie/rec-cname-wc
rec: a name can be present already when building the cname chain
Peter van Dijk [Wed, 24 Apr 2024 12:14:24 +0000 (14:14 +0200)]
security advisory 2024-02: fix formatting
Peter van Dijk [Wed, 24 Apr 2024 10:14:21 +0000 (12:14 +0200)]
Merge pull request #14099 from Habbie/rec-prep-sec-2024-02
security advisory 2024-02+changelogs+secpoll
Peter van Dijk [Tue, 23 Apr 2024 11:17:54 +0000 (13:17 +0200)]
Merge pull request #14075 from romuald/backend-guide-clarification
Add clarification on backend writer guide
Remi Gacogne [Tue, 23 Apr 2024 09:27:35 +0000 (11:27 +0200)]
Merge pull request #14083 from rgacogne/fix-dnsdist-and-rec-home-dirs
dnsdist/rec: Change home directory to /var/lib/<product> on EL-based OSs
Remi Gacogne [Tue, 23 Apr 2024 08:50:50 +0000 (10:50 +0200)]
rec: Fix home directory location comment in the EL spec
Remi Gacogne [Tue, 23 Apr 2024 08:50:19 +0000 (10:50 +0200)]
dnsdist: Fix home directory location comment in the EL spec
Remi Gacogne [Tue, 23 Apr 2024 08:39:22 +0000 (10:39 +0200)]
Merge pull request #14037 from rgacogne/ddist-fix-odr
dnsdist: Fix "C++ One Definition Rule" warnings in XSK
Remi Gacogne [Tue, 23 Apr 2024 08:38:49 +0000 (10:38 +0200)]
Merge pull request #14070 from rgacogne/ddist-fix-dns-over-http-reload-all-certs
dnsdist: Fix DNS over plain HTTP broken by `reloadAllCertificates()`
Otto Moerbeek [Tue, 23 Apr 2024 07:14:12 +0000 (09:14 +0200)]
Better wording
Co-authored-by: Remi Gacogne <remi.gacogne@powerdns.com>
Otto Moerbeek [Mon, 22 Apr 2024 14:02:25 +0000 (16:02 +0200)]
Merge pull request #14049 from omoerbeek/rec-no-count-unsup-algos
rec: do not count RRSIGs using unsupported algorithms towards RRSIGs limit
romeroalx [Mon, 22 Apr 2024 12:50:33 +0000 (14:50 +0200)]
gh actions: add scm and pbr to the spell-check allowed words
romeroalx [Mon, 22 Apr 2024 12:46:10 +0000 (14:46 +0200)]
gh actions: check pip packages pulling when building docs
romeroalx [Mon, 22 Apr 2024 12:43:33 +0000 (14:43 +0200)]
add pip pinning for dnsdist docs
romeroalx [Mon, 22 Apr 2024 12:41:52 +0000 (14:41 +0200)]
add pip pinning for recursor docs
romeroalx [Thu, 8 Feb 2024 16:12:19 +0000 (17:12 +0100)]
update list of pip packages pulled when building auth docs
Peter van Dijk [Mon, 22 Apr 2024 11:31:31 +0000 (13:31 +0200)]
Merge pull request #13772 from mortenstevens/patch-1
Change home directory to /var/lib/pdns
Fred Morcos [Mon, 22 Apr 2024 10:26:58 +0000 (12:26 +0200)]
Merge pull request #14068 from omoerbeek/meson-libdecaf-followup
meson: don't assume libdecaf is present when declaring dependency
Otto Moerbeek [Mon, 22 Apr 2024 10:03:29 +0000 (12:03 +0200)]
Prep for Security Advisory 2024-02
Remi Gacogne [Mon, 22 Apr 2024 09:28:52 +0000 (11:28 +0200)]
rec: Change home directory to /var/lib/pdns-recursor on EL-based OSs
Remi Gacogne [Mon, 22 Apr 2024 09:27:53 +0000 (11:27 +0200)]
dnsdist: Change home directory to /var/lib/dnsdist on EL-based OSs
Remi Gacogne [Mon, 22 Apr 2024 09:19:17 +0000 (11:19 +0200)]
auth: Remove trailing tab in builder-support/specs/pdns.spec
Remi Gacogne [Mon, 22 Apr 2024 08:26:51 +0000 (10:26 +0200)]
dnsdist: Fix clang-tidy warnings
Remi Gacogne [Fri, 19 Apr 2024 14:37:43 +0000 (16:37 +0200)]
dnsdist: Add regression for destination address harvesting with QUIC
Remi Gacogne [Fri, 19 Apr 2024 13:58:25 +0000 (15:58 +0200)]
dnsdist: Use the correct source IP for outgoing QUIC datagrams
And expose the correct destination IP to Lua.
Remi Gacogne [Thu, 18 Apr 2024 15:23:30 +0000 (17:23 +0200)]
dnsdist: Update tuning/design documentation for DoQ and DoH3
Romuald Brunet [Thu, 18 Apr 2024 08:52:20 +0000 (10:52 +0200)]
Add clarification on backend writer guide
For `getBeforeAndAfterNamesAbsolute()`, in case of proof of non
existence for a type (and not the name), the requested name should be
returned, **not** the name before it.
Remi Gacogne [Mon, 15 Apr 2024 14:58:44 +0000 (16:58 +0200)]
dnsdist: Fix DNS over plain HTTP broken by `reloadAllCertificates()`
This was introduced in 1.9.0, with the use of the `nghttp2` library
for incoming DNS over HTTP(S).
Remi Gacogne [Mon, 15 Apr 2024 08:35:17 +0000 (10:35 +0200)]
Merge pull request #14066 from PowerDNS/dependabot/pip/regression-tests.ixfrdist/dnspython-2.6.1
build(deps): bump dnspython from 2.1.0 to 2.6.1 in /regression-tests.ixfrdist
Remi Gacogne [Mon, 15 Apr 2024 08:32:47 +0000 (10:32 +0200)]
Merge pull request #14064 from PowerDNS/dependabot/pip/docs/idna-3.7
build(deps): bump idna from 3.4 to 3.7 in /docs
Remi Gacogne [Mon, 15 Apr 2024 08:32:10 +0000 (10:32 +0200)]
Merge pull request #14063 from PowerDNS/dependabot/pip/pdns/keyroller/idna-3.7
build(deps): bump idna from 3.4 to 3.7 in /pdns/keyroller
Remi Gacogne [Mon, 15 Apr 2024 08:25:34 +0000 (10:25 +0200)]
Merge pull request #14041 from rgacogne/ddist-fix-crash-tcp-downstream
dnsdist: Fix a crash in the Downstream TCP handler
Remi Gacogne [Mon, 15 Apr 2024 08:13:08 +0000 (10:13 +0200)]
Merge pull request #14050 from omoerbeek/dnsdist-syslog-default
dnsdist: syslog should be enabled by default
Otto Moerbeek [Mon, 15 Apr 2024 08:02:16 +0000 (10:02 +0200)]
meson: don't assume libdecaf is present when declaring dependency
dependabot[bot] [Fri, 12 Apr 2024 21:58:05 +0000 (21:58 +0000)]
build(deps): bump dnspython in /regression-tests.ixfrdist
Bumps [dnspython](https://github.com/rthalley/dnspython) from 2.1.0 to 2.6.1.
- [Release notes](https://github.com/rthalley/dnspython/releases)
- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)
- [Commits](https://github.com/rthalley/dnspython/compare/v2.1.0...v2.6.1)
---
updated-dependencies:
- dependency-name: dnspython
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
romeroalx [Thu, 11 Apr 2024 12:46:19 +0000 (14:46 +0200)]
fix build-and-test-all debian-11
romeroalx [Thu, 11 Apr 2024 09:18:45 +0000 (11:18 +0200)]
run build-and-test-all weekly on debian 11 containers
romeroalx [Thu, 11 Apr 2024 08:03:53 +0000 (10:03 +0200)]
build-and-test-all: container image parameterized for jobs
dependabot[bot] [Fri, 12 Apr 2024 02:42:38 +0000 (02:42 +0000)]
build(deps): bump idna from 3.4 to 3.7 in /docs
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7)
---
updated-dependencies:
- dependency-name: idna
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Fri, 12 Apr 2024 01:58:05 +0000 (01:58 +0000)]
build(deps): bump idna from 3.4 to 3.7 in /pdns/keyroller
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7)
---
updated-dependencies:
- dependency-name: idna
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Frank Louwers [Thu, 11 Apr 2024 15:08:58 +0000 (17:08 +0200)]
Update dq.rst
Remove `current` from the dq.extendedError* docs. Keeping `current` suggests it's a read-only field
Fred Morcos [Thu, 11 Apr 2024 14:43:31 +0000 (16:43 +0200)]
Merge pull request #14055 from fredmorcos/meson-systemd-services
Meson: `pdns-auth` and `ixfrdist` systemd service files
Peter van Dijk [Thu, 11 Apr 2024 13:27:01 +0000 (15:27 +0200)]
Merge pull request #14056 from romeroalx/revert-changes-13907
Revert "gh actions: wo issue 9491 - actions/runner-images"
romeroalx [Wed, 10 Apr 2024 12:05:22 +0000 (14:05 +0200)]
Revert "gh actions: wo issue 9491 - actions/runner-images"
This reverts commit
e0bf314e472d0c1d4bc1ff82d97cabf87be1e929 .
Fred Morcos [Wed, 10 Apr 2024 08:59:52 +0000 (10:59 +0200)]
Meson: Support pdns-auth and ixfrdist service files
Service files are treated like a config.h.in file. This adds support for a common base of
service file configuration options containing basic systemd feature checks.
Then, each of pdns-auth and ixfrdist have their own "general" and "instance" service files
that are generated from a common service file. This is why things like @Description@,
@ConfigName@ and @Config@ are made generic so that each version of the service file can
use it own string.
Fred Morcos [Tue, 9 Apr 2024 11:15:30 +0000 (13:15 +0200)]
Meson: Add systemd feature support for service files
This moves things around a bit. Moves libsystem detection to
meson/libsystem/meson.build and uses meson/systemd/meson.build for
systemd/systemctl version and feature detection
Fred Morcos [Tue, 9 Apr 2024 10:17:48 +0000 (12:17 +0200)]
Meson: Add basic support for systemd service file
Fred Morcos [Tue, 9 Apr 2024 10:17:37 +0000 (12:17 +0200)]
Meson: Add system build flag
Peter van Dijk [Mon, 8 Apr 2024 14:46:25 +0000 (16:46 +0200)]
Merge pull request #14011 from Habbie/check-zone-svcb-lua-addr
pdnsutil check-zone: accept LUA A/AAAA as SVCB address targets
Peter van Dijk [Mon, 8 Apr 2024 12:56:36 +0000 (14:56 +0200)]
Merge pull request #14047 from zeha/s390xauth
auth dnsproxy: fix build on s390x
Otto Moerbeek [Mon, 8 Apr 2024 10:14:01 +0000 (12:14 +0200)]
rec: do not count RRSIGs using unsupported algorithms toward RRSIGs limit
Otto Moerbeek [Mon, 8 Apr 2024 11:14:21 +0000 (13:14 +0200)]
dnsdist: syslog should be enabled by default
Regression introduced with the logging refactoring of dnsdist.
In rel/dnsdist-1.8.x: https://github.com/PowerDNS/pdns/blob/
4d5bb67a2a75f9d88894e7dfc42bbbebfda297b0 /pdns/dnsdist.cc#L103 :
bool g_syslog{true};
In master and 1.9.x the newly intrdoduced LoggingConfiguration::s_syslog
is inited to false.
This does not matter using the default systemd unit file as it disables syslog:
ExecStart=@bindir@/dnsdist --supervised --disable-syslog
but it does matter for non-systemd cases.
Peter van Dijk [Tue, 2 Apr 2024 14:00:07 +0000 (16:00 +0200)]
auth LUA: (optionally) drop whitespace on join
fixes #14002
Peter van Dijk [Mon, 8 Apr 2024 10:47:45 +0000 (12:47 +0200)]
Merge pull request #14044 from romeroalx/remove-yq-snap
GH Actions: Remove yq snap dependency in collect job, workflow `build-and-test-all`
Otto Moerbeek [Mon, 8 Apr 2024 08:35:05 +0000 (10:35 +0200)]
Use consistent terminology in the proxy mapping docs
Otto Moerbeek [Mon, 8 Apr 2024 08:07:05 +0000 (10:07 +0200)]
Name the values "interface_localaddr" and "interface_remoteaddr" instead of "phys_..."
Chris Hofstaedtler [Sat, 6 Apr 2024 21:51:35 +0000 (23:51 +0200)]
auth dnsproxy: fix build on s390x
Otto Moerbeek [Fri, 5 Apr 2024 12:17:21 +0000 (14:17 +0200)]
Add test for cname already present for the forward case
Remi Gacogne [Fri, 5 Apr 2024 11:49:30 +0000 (13:49 +0200)]
Merge pull request #14042 from rgacogne/ddist-1.9.3-secpoll-changelog
dnsdist: Update secpoll and ChangeLog for 1.9.3
romeroalx [Fri, 5 Apr 2024 10:02:55 +0000 (12:02 +0200)]
gh actions - replace yq snap in collect job build-and-test-all
Otto Moerbeek [Fri, 5 Apr 2024 11:39:41 +0000 (13:39 +0200)]
rec: a name can be present already when building the cname chain
Remi Gacogne [Fri, 5 Apr 2024 11:27:19 +0000 (13:27 +0200)]
dnsdist: Update secpoll and ChangeLog for 1.9.3
Remi Gacogne [Fri, 5 Apr 2024 10:44:17 +0000 (12:44 +0200)]
dnsdist: Fix a crash in the Downstream TCP handler
when we are looking for an existing TCP connection to a backend to
reuse, we routinely (every 60s by default) clean up existing
connections from the cache.
7b5f590ee72fecf54c0c40b24e98ba03a406af53 removes a connection
from the cache more aggressively when it has failed, but I did not
notice that the same function might be called from the cache cleaning
algorithm. It caused the cache cleanup function to call this function
which in turns tried to remove the connection from the same cache,
invalidating the iterator of the cache algorithm, and causing a crash
when the function returned.
Remi Gacogne [Fri, 5 Apr 2024 08:20:49 +0000 (10:20 +0200)]
dnsdist: Fix "C++ One Definition Rule" warnings in XSK
It turns out we need to include the linux specific headers AFTER the
regular ones, because it then detects that some types have already been
defined (`sockaddr_in6` for example) and does not attempt to re-define
them, which otherwise breaks the C++ One Definition Rule
Remi Gacogne [Fri, 5 Apr 2024 08:19:42 +0000 (10:19 +0200)]
Merge pull request #14032 from rgacogne/ddist-192-changelog-secpoll
dnsdist: Update ChangeLog and secpoll for DNSdist 1.9.2
Remi Gacogne [Fri, 5 Apr 2024 07:29:31 +0000 (09:29 +0200)]
Merge pull request #14030 from rgacogne/enable-leak-detection-unit-tests
ci: Enable LeakSanitizer during dnsdist and recursor unit tests
Remi Gacogne [Fri, 5 Apr 2024 07:09:28 +0000 (09:09 +0200)]
Merge pull request #14034 from rgacogne/ddist-document-console-key-format
dnsdist: Document how to generate a console key without dnsdist
Otto Moerbeek [Fri, 5 Apr 2024 05:29:37 +0000 (07:29 +0200)]
Merge pull request #14025 from omoerbeek/stat_t-tidy
stat_t tidy
Otto Moerbeek [Fri, 5 Apr 2024 05:27:04 +0000 (07:27 +0200)]
Merge pull request #14026 from omoerbeek/rec-docs-no-query-cache
rec docs: we do not have a query cache
Fred Morcos [Thu, 4 Apr 2024 17:54:44 +0000 (19:54 +0200)]
Merge pull request #14035 from fredmorcos/meson-fix-lmdb-gettime
Meson fix: `lmdb-safe` needs gettime
Peter van Dijk [Tue, 2 Apr 2024 07:39:11 +0000 (09:39 +0200)]
pdnsutil check-zone: accept LUA A/AAAA as SVCB address targets
Remi Gacogne [Thu, 4 Apr 2024 14:37:13 +0000 (16:37 +0200)]
dnsdist: Document the `-C /dev/null` trick to generate a key as well
As suggested by @phonedph1 (thanks!).
Peter van Dijk [Thu, 4 Apr 2024 14:19:51 +0000 (16:19 +0200)]
Merge pull request #14033 from rgacogne/auth-remotebackend-unit-tests-leak
auth: Use smart pointers in the remote backend unit tests
Fred Morcos [Thu, 4 Apr 2024 14:04:07 +0000 (16:04 +0200)]
Meson: Fix lmdb-safe needs gettime
Fred Morcos [Thu, 4 Apr 2024 13:56:56 +0000 (15:56 +0200)]
Merge pull request #14031 from fredmorcos/meson-fix-libdecaf-detection
Meson fix for `libdecaf` detection
Remi Gacogne [Thu, 4 Apr 2024 13:15:55 +0000 (15:15 +0200)]
dnsdist: Document how to generate a console key without dnsdist
Remi Gacogne [Thu, 4 Apr 2024 13:01:02 +0000 (15:01 +0200)]
auth: Use smart pointers in the remote backend unit tests
Peter van Dijk [Thu, 4 Apr 2024 12:34:27 +0000 (14:34 +0200)]
Merge pull request #13960 from cmouse/remote-unit-test
Convert remotebackend unit tests to use python
Fred Morcos [Thu, 4 Apr 2024 12:07:02 +0000 (14:07 +0200)]
Meson: Integrate libdecaf library and header detection
Remi Gacogne [Thu, 4 Apr 2024 10:40:45 +0000 (12:40 +0200)]
dnsdist: Update ChangeLog and secpoll for DNSdist 1.9.2
Fred Morcos [Thu, 4 Apr 2024 11:46:05 +0000 (13:46 +0200)]
Meson: Rework libdecaf header file detection
Peter van Dijk [Thu, 4 Apr 2024 11:46:04 +0000 (13:46 +0200)]
Merge pull request #13980 from karelbilek/d_xfr
Do shuffle TCP responses except *XFRs
Fred Morcos [Thu, 4 Apr 2024 09:57:15 +0000 (11:57 +0200)]
Meson: Improve (and fix) libdecaf detection
Peter van Dijk [Thu, 4 Apr 2024 11:31:22 +0000 (13:31 +0200)]
fix typo
Peter van Dijk [Thu, 4 Apr 2024 10:41:32 +0000 (12:41 +0200)]
Merge pull request #13596 from eli-schwartz/configure-correctness
configure.ac fixup: do not require bash