From f87a426408f1c65fe8dd2d5e9b49a3d433ff2663 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Mon, 6 Apr 2020 13:48:36 +0200 Subject: [PATCH] changelog&secpoll for auth 4.2.2 --- docs/changelog/4.2.rst | 41 +++++++++++++++++++++++++++++++++++++++++ docs/secpoll.zone | 3 ++- docs/upgrading.rst | 13 +++++++++++++ 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/docs/changelog/4.2.rst b/docs/changelog/4.2.rst index b02102f4ee..af82c6051c 100644 --- a/docs/changelog/4.2.rst +++ b/docs/changelog/4.2.rst @@ -1,6 +1,47 @@ Changelogs for 4.2.x ==================== +.. changelog:: + :version: 4.2.2 + :released: 9th of April 2020 + + + .. change:: + :tags: Bug Fixes + :pullreq: 9010 + + fix records ending up in wrong packet section (Kees Monshouwer) + + .. change:: + :tags: Improvents + :pullreq: 9003, 8736 + + cache: strictly enforce maximum size, and improve cleanup routine + + .. change:: + :tags: Bug Fixes + :pullreq: 9001 + + avoid IXFR-in corruption when deltas come in close together (please see the :ref:`ixfr-in-corruption-4.2.2` upgrade notes) + + .. change:: + :tags: New Features + :pullreq: 8786 + + api: add includerings option to statistics endpoint + + .. change:: + :tags: Bug Fixes + :pullreq: 8612 + + fix out-of-bound access for zero length "serialized" string when using lmdbbackend. (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 8602 + + bind backend: pthread_mutex_t should be inited and destroyed and not be copied + .. changelog:: :version: 4.2.1 :released: 2nd of December 2019 diff --git a/docs/secpoll.zone b/docs/secpoll.zone index 57cd8e0bd7..cc1f1205f5 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020040701 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020040901 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. @@ -60,6 +60,7 @@ auth-4.2.0-rc2.security-status 60 IN TXT "2 Unsupported auth-4.2.0-rc3.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)" auth-4.2.0.security-status 60 IN TXT "1 OK" auth-4.2.1.security-status 60 IN TXT "1 OK" +auth-4.2.2.security-status 60 IN TXT "1 OK" auth-4.3.0-alpha1.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)" auth-4.3.0-beta1.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)" auth-4.3.0-beta2.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)" diff --git a/docs/upgrading.rst b/docs/upgrading.rst index fdd29ae7d7..1e7d7f84ea 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -77,6 +77,19 @@ A bug in PowerDNS versions before 4.2.2/4.3.0 would cause wrong deletion or addi If you have zones which use inbound IXFR (in other words, the ``IXFR`` metadata item for that zone is set to ``1``), we strongly suggest triggering a completely fresh transfer. You could accomplish that by deleting all records in the zone with an SQL query and waiting for a fresh transfer, or (1) disabling IXFR (2) forcing a fresh transfer using ``pdns_control retrieve example.com`` (3) enabling IXFR again. +4.X.X to 4.2.2 +-------------- + +.. _ixfr-in-corruption-4.2.2: + +IXFR-in corruption +^^^^^^^^^^^^^^^^^^ + +A bug in PowerDNS versions before 4.2.2/4.3.0 would cause wrong deletion or addition of records if IXFR deltas came in very quickly (within the query cache timeout, which defaults to 20/60 seconds). +If you have zones which use inbound IXFR (in other words, the ``IXFR`` metadata item for that zone is set to ``1``), we strongly suggest triggering a completely fresh transfer. +You could accomplish that by deleting all records in the zone with an SQL query and waiting for a fresh transfer, or (1) disabling IXFR (2) forcing a fresh transfer using ``pdns_control retrieve example.com`` (3) enabling IXFR again. + + 4.1.X to 4.2.0 -------------- -- 2.47.2