From 80c723fa13e6c0a26c45f1054bc25e3fd10e675b Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 1 May 2015 09:13:26 +0200 Subject: [PATCH] portablize --- build-scripts/git-to-changelog | 2 +- docs/markdown/changelog.md.raw | 48 ++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/build-scripts/git-to-changelog b/build-scripts/git-to-changelog index ea29d47eda..a9f7d6a75a 100755 --- a/build-scripts/git-to-changelog +++ b/build-scripts/git-to-changelog @@ -4,5 +4,5 @@ if [ "$1" = "-" ]; then cat else git log --no-merges --pretty=format:'- [commit %h](https://github.com/PowerDNS/pdns/commit/%h): %s (%an)' "$@" |\ - sed -r 's!#([[:digit:]]+)![ticket #\1](https://github.com/PowerDNS/pdns/issues/\1)!g;' + perl -pe 's!#([[:digit:]]+)![ticket #\1](https://github.com/PowerDNS/pdns/issues/\1)!g;' fi diff --git a/docs/markdown/changelog.md.raw b/docs/markdown/changelog.md.raw index 24d587c4ec..555f2e34c2 100644 --- a/docs/markdown/changelog.md.raw +++ b/docs/markdown/changelog.md.raw @@ -1,5 +1,53 @@ **Note**: Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor are released separately. +# PowerDNS Authoritative Server 3.3.2 + +Released 1st of May, 2015 + +Among other bug fixes and improvements (as listed below), this release incorporates a fix for +CVE-2015-1868, as detailed in [PowerDNS Security Advisory 2015-01](security/powerdns-advisory-2015-01.md) + +If you are running DNSSEC with version 3.3.1, and you cannot currently upgrade to 3.4.4, please consider +upgrading to 3.3.2; it has a lot of improvements and bug fixes and tremendously increases compliance. + +Security fixes: + +- [commit 9df4944](https://github.com/PowerDNS/pdns/commit/9df4944): import CVE-2015-1868 patch (Peter van Dijk) +- [commit dbedfc5](https://github.com/PowerDNS/pdns/commit/dbedfc5): kill some further mallocs and add note to remind us not to add them back (bert hubert) + +Improvements: + +- [commit d0af589](https://github.com/PowerDNS/pdns/commit/d0af589): +- [commit c45b6db](https://github.com/PowerDNS/pdns/commit/c45b6db): auth: limit long version strings to 63 characters and catch exceptions in secpoll (Kees Monshouwer) +- [commit 88c1f21](https://github.com/PowerDNS/pdns/commit/88c1f21): force PACKAGEVERSION to string, fixes [ticket #2030](https://github.com/PowerDNS/pdns/issues/2030) (Peter van Dijk) +- [commit 2a4c620](https://github.com/PowerDNS/pdns/commit/2a4c620): secpoll: Replace ~ with _, too (Christian Hofstaedtler) +- [commit 4a4597e](https://github.com/PowerDNS/pdns/commit/4a4597e): if no nameserver configured in /etc/resolv.conf, send to 127.0.0.1. Closes [ticket #1851](https://github.com/PowerDNS/pdns/issues/1851). (bert hubert) +- [commit 9fa7373](https://github.com/PowerDNS/pdns/commit/9fa7373): initialize security_status to 0 (unknown) (bert hubert) +- [commit 8115a83](https://github.com/PowerDNS/pdns/commit/8115a83): implement security polling for auth (bert hubert) + + +- [commit 185bf20](https://github.com/PowerDNS/pdns/commit/185bf20): fix up compilation on RHEL (missing include) (bert hubert) +- [commit b3dec9c](https://github.com/PowerDNS/pdns/commit/b3dec9c): change default for add-superfluous-nsec3-for-old-bind config option (Kees Monshouwer) +- [commit 017a78b](https://github.com/PowerDNS/pdns/commit/017a78b): limit the number of NSEC3 iterations RFC5155 10.3 (Kees Monshouwer) +- [commit 88c52fe](https://github.com/PowerDNS/pdns/commit/88c52fe): make makeRelative() case insensitive (Kees Monshouwer) +- [commit d768d7f](https://github.com/PowerDNS/pdns/commit/d768d7f): NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) +- [commit 5bbd868](https://github.com/PowerDNS/pdns/commit/5bbd868): import suck() from master (Kees Monshouwer) +- [commit 3a36a1c](https://github.com/PowerDNS/pdns/commit/3a36a1c): import bindbackend rectify code from master (Kees Monshouwer) +- [commit 1ee7e22](https://github.com/PowerDNS/pdns/commit/1ee7e22): limit mode 0 closest provable encloser to optout (Kees Monshouwer) +- [commit bbc0bc5](https://github.com/PowerDNS/pdns/commit/bbc0bc5): fix for errata 3441 of RFC5155 (Kees Monshouwer) +- [commit e8bfa7b](https://github.com/PowerDNS/pdns/commit/e8bfa7b): allow covering NSEC3 record in NODATA response (Kees Monshouwer) +- [commit 194f4d2](https://github.com/PowerDNS/pdns/commit/194f4d2): respond REFUSED instead of NOERROR for "unknown zone" situations (Peter van Dijk) +- [commit 55b0653](https://github.com/PowerDNS/pdns/commit/55b0653): set AA on CNAME into referral, fixes [ticket #589](https://github.com/PowerDNS/pdns/issues/589) (Peter van Dijk) +- [commit f0b3b24](https://github.com/PowerDNS/pdns/commit/f0b3b24): return NOTIMP for direct RRSIG request (Kees Monshouwer) +- [commit c79addc](https://github.com/PowerDNS/pdns/commit/c79addc): import pdnssec checkZone() from master (Kees Monshouwer) +- [commit 2f1fec7](https://github.com/PowerDNS/pdns/commit/2f1fec7): import pdnssec rectifyZone() from master (Kees Monshouwer) +- [commit 71232aa](https://github.com/PowerDNS/pdns/commit/71232aa): update l.root ip (Kees Monshouwer) +- [commit 1202d18](https://github.com/PowerDNS/pdns/commit/1202d18): update expected results for the regression tests (Kees Monshouwer) +- [commit 8ed113c](https://github.com/PowerDNS/pdns/commit/8ed113c): Revert "don't build .a files for backends, we do not use them at all; based on dbff3daf2a5354bbdd20058b356873327d1efc41" (Peter van Dijk) +- [commit d293d1b](https://github.com/PowerDNS/pdns/commit/d293d1b): don't build .a files for backends, we do not use them at all; based on dbff3daf2a5354bbdd20058b356873327d1efc41 (Peter van Dijk) +- [commit 1baa75d](https://github.com/PowerDNS/pdns/commit/1baa75d): move manpages (Peter van Dijk) +- [commit 9b13924](https://github.com/PowerDNS/pdns/commit/9b13924): move auth-git build script from jenkins config into git (Peter van Dijk) + # PowerDNS Recursor 3.7.2 Released 23rd of April, 2015 -- 2.47.2