Hello community, here is the log from the commit of package pdns-recursor for openSUSE:Factory checked in at Wed Apr 28 23:09:47 CEST 2010. -------- --- pdns-recursor/pdns-recursor.changes 2009-06-09 15:40:45.000000000 +0200 +++ pdns-recursor/pdns-recursor.changes 2010-04-28 12:02:18.000000000 +0200 @@ -1,0 +2,136 @@ +Wed Apr 28 09:53:33 UTC 2010 - mrueckert@suse.de + +- create /var/run/pdns directory in the init script and package it + as ghost. + +------------------------------------------------------------------- +Fri Mar 12 12:01:31 UTC 2010 - mrueckert@suse.de + +- update to version 3.2 + The 3.2 release is the first major release of the PowerDNS + Recursor in a long time. Partly this is because 3.1.7.* + functioned very well, and delivered satisfying performance, + partly this is because in order to really move forward, some + heavy lifting had to be done. + This version of the PowerDNS Recursor contains a rather novel + form of lock-free multithreading, a situation that comes close to + the old '--fork' trick, but allows the Recursor to fully utilize + multiple CPUs, while delivering unified statistics and + operational control. + In effect, this delivers the best of both worlds: near linear + scaling, with almost no administrative overhead. + http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-2 +- patches dropped: + pdns-recursor-3.1.7.1_atomicity.patch + pdns-recursor-3.1.7.1_lua.patch +- patches refreshed for the update: + old name: pdns-recursor-3.1.7.1-strip.patch + new name: pdns-recursor-3.2rc1-strip.patch + old name: pdns-recursor-3.1.7.2_config.patch + new name: pdns-recursor-3.2_config.patch + +------------------------------------------------------------------- +Fri Jan 8 04:33:27 UTC 2010 - mrueckert@suse.de + +- update to version 3.1.7.2 + This release consist of a number of vital security updates. These + updates address issues that can in all likelihood lead to a full + system compromise. In addition, it is possible for third parties + to pollute your cache with dangerous data, exposing your users to + possible harm. + http://rtfm.powerdns.com/powerdns-advisory-2010-01.html + http://rtfm.powerdns.com/powerdns-advisory-2010-02.html + CVE-2009-4009 + +------------------------------------------------------------------- +Wed Nov 11 17:34:48 CET 2009 - mrueckert@suse.de + +- update to version 3.1.7.1 + This release consists entirely of fixes for tiny bugs that have + been reported over the past year. In addition, compatibility has + been restored with the latest versions of the gcc compiler and + the 'boost' libraries. + No features have been added, but some debugging code that very + slightly impacted performance (and polluted the console when + operating in the foreground) has been removed. + - Improved error messages when parsing zones for authoritative + serving (commit 1235). + - Better resilience against whitespace in configuration + (changesets 1237, 1240, 1242) + - Slight performance increase (commit 1378) + - Fix rare case where timeouts were not being reported to the + right query-thread (commit 1260) + - Fix compilation against newer versions of the Boost C++ + libraries (commit 1381) + - Close very rare issue with TCP/IP close reporting ECONNRESET on + FreeBSD. Reported by Andrei Poelov in ticket 192. + - Silence debugging output (commit 1286). + - Fix compilation against newer versions of gcc (commit 1384) + - No longer set export-etc-hosts to 'on' on reload-zones. + Discovered by Paul Cairney, closes ticket 225. + - Sane default for the maximum cache size in the Recursor, + suggested by Roel van der Made (commit 1354). + - No longer exit because of the changed behaviour of the Solaris + 'completion ports' in more recent versions of Solaris. Fix in + commit 1372, reported by Jan Gyselinck +- update to version 3.1.7 + This version contains powerful scripting abilities, allowing + operators to modify DNS responses in many interesting ways. Among + other things, these abilities can be used to filter out malware + domains, to perform load balancing, to comply with legal and + other requirements and finally, to implement 'NXDOMAIN' + redirection. + It is hoped that the addition of Lua scripting will enable + responsible DNS modification for those that need it. + For more details about the Lua scripting, which can be modified, + loaded and unloaded at runtime, see Section 12.6. Many thanks are + due to the #lua irc channel, for excellent near-realtime Lua + support. In addition, a number of PowerDNS users have been + enthousiastically testing prereleases of the scripting support, + and have found and solved many issues. + - In 3.1.5 and 3.1.6, an authoritative server could continue to + renew its authority, even though a domain had been delegated to + other servers in the meantime. + - In the rare cases where this happened, and the old servers were + not shut down, the observed effect is that users were fed + outdated data. + - Bug spotted and analysed by Darren Gamble, fix in commit 1182 + and commit 1183. + - Thanks to long time PowerDNS contributor Stefan Arentz, for the + first time, Mac OS X 10.5 users can compile and run the + PowerDNS Recursor! Patch in commit 1185. + - Sten Spans spotted that for outgoing TCP/IP queries, the + query-local-address setting was not honored. Fixed in commit + 1190. + - rec_control wipe-cache now also wipes domains from the negative + cache, hurrying up the expiry of negatively cached records. + Suggested by Simon Kirby, implemented in commit 1204. + - When a forwarder server is configured for a domain, using the + forward-zones setting, this server IP address was filtered + using the dont-query setting, which is generally not what is + desired: the server to which queries are forwarded will often + live in private IP space, and the operator should be trusted to + know what he is doing. Reported and argued by Simon Kirby, fix + in commit 1211. + - Marcus Rueckert of OpenSUSE reported that very recent gcc + versions emitted a (correct) warning on an overly complicated + line in syncres.cc, fixed in commit 1189. + - Stefan Schmidt discovered that the netmask matching code, used + by the new Lua scripts, but also by all other parts of + PowerDNS, had problems with explicit '/32' matches. Fixed in + commit 1205. +- added pdns-recursor-3.1.7.1_lua.patch + fix linking with lua +- dropping patches included upstream: + pdns-recursor-3.1.4_char_casting.patch + pdns-recursor-3.1.4_r965.patch + pdns-recursor-3.1.4_gcc43.patch +- refreshed patches: + old: pdns-recursor-3.1.3-strip.patch + new: pdns-recursor-3.1.7.1-strip.patch + old: pdns-recursor-3.1.4_atomicity.patch + new: pdns-recursor-3.1.7.1_atomicity.patch + old: pdns-recursor-3.1.4_config.patch + new: pdns-recursor-3.1.7.1_config.patch + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- pdns-recursor-3.1.7-strip.patch pdns-recursor-3.1.7.tar.bz2 pdns-recursor-3.1.7_atomicity.patch pdns-recursor-3.1.7_config.patch pdns-recursor-3.1.7_gcc44.patch pdns-recursor-3.1.7_lua.patch pdns-recursor-3.1.7_new_boost_exceptions.patch pdns-recursor-3.1.7_parentheses_warning.patch New: ---- pdns-recursor-3.2.tar.bz2 pdns-recursor-3.2_config.patch pdns-recursor-3.2rc1-strip.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pdns-recursor.spec ++++++ --- /var/tmp/diff_new_pack.KC9bI6/_old 2010-04-28 23:08:43.000000000 +0200 +++ /var/tmp/diff_new_pack.KC9bI6/_new 2010-04-28 23:08:43.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package pdns-recursor (Version 3.1.7) +# spec file for package pdns-recursor (Version 3.2) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,16 +19,23 @@ Name: pdns-recursor -Version: 3.1.7 -Release: 7 -%define pkg_version 3.1.7 +Version: 3.2 +Release: 1 +%define pkg_version 3.2 # Group: Productivity/Networking/DNS/Servers -License: GPL v2 or later +License: GPLv2+ # %define home %{_var}/lib/pdns %define _localstatedir %{_var}/run/pdns -BuildRequires: boost-devel gcc-c++ lua-devel pkg-config +BuildRequires: boost-devel gcc-c++ +%if 0%{?suse_version} < 1030 +BuildRequires: lua51-devel +%define lua_lib lua5.1 +%else +BuildRequires: lua-devel +%define lua_lib lua +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq pwdutils # @@ -36,14 +43,8 @@ Source: http://downloads.powerdns.com/releases/%{name}-%{pkg_version}.tar.bz2 Source1: pdns-recursor.init Source2: recursor.conf -Patch: %{name}-%{version}_config.patch -Patch1: %{name}-%{version}-strip.patch -Patch2: %{name}-%{version}_atomicity.patch -# patch is under review by upstream. disabled so long -Patch5: pdns-recursor-%{version}_parentheses_warning.patch -Patch6: pdns-recursor-3.1.7_new_boost_exceptions.patch -Patch7: pdns-recursor-3.1.7_lua.patch -Patch8: pdns-recursor-3.1.7_gcc44.patch +Patch: pdns-recursor-%{version}_config.patch +Patch1: pdns-recursor-3.2rc1-strip.patch # Summary: Modern, advanced and high performance recursing/non authoritative nameserver @@ -61,15 +62,10 @@ %setup -n %{name}-%{pkg_version} %patch %patch1 -%patch2 -# patch is under review by upstream. disabled so long -#patch5 -%patch6 -%patch7 -%patch8 -p1 %build -%{__make} OPTFLAGS="%{optflags} -D_GNU_SOURCE" LUA=1 +%{__make} OPTFLAGS="%{optflags}" \ + LUA=1 LUA_LIBS_CONFIG="-l%lua_lib" LUA_CPPFLAGS_CONFIG="-I/usr/include/lua5.1" %install %{__install} -Dd -m 0755 %{buildroot}{%{home},%{_localstatedir}} @@ -100,14 +96,14 @@ %dir %{_sysconfdir}/pdns/ %config(noreplace) %{_sysconfdir}/pdns/recursor.conf %config %{_sysconfdir}/pdns/recursor.conf-dist -%{_sysconfdir}/init.d/%{name} +%config(noreplace) %{_sysconfdir}/init.d/%{name} %{_sbindir}/rcpdns-recursor %{_sbindir}/pdns_recursor %{_sbindir}/rec_control %{_mandir}/man1/pdns_recursor.1* %{_mandir}/man1/rec_control.1* -%doc README COPYING rrd/ +%doc README COPYING rrd/ powerdns-example-script.lua %dir %{home} -%dir %{_localstatedir} +%ghost %dir %{_localstatedir} %changelog ++++++ pdns-recursor-3.1.7.tar.bz2 -> pdns-recursor-3.2.tar.bz2 ++++++ ++++ 16906 lines of diff (skipped) ++++++ pdns-recursor-3.1.7_config.patch -> pdns-recursor-3.2_config.patch ++++++ --- pdns-recursor/pdns-recursor-3.1.7_config.patch 2008-11-20 16:47:34.000000000 +0100 +++ pdns-recursor/pdns-recursor-3.2_config.patch 2010-03-12 13:19:20.000000000 +0100 @@ -1,12 +1,11 @@ Index: config.h -================================================================================ ---- config.h +=================================================================== +--- config.h.orig +++ config.h -@@ -1,5 +1,5 @@ +@@ -1,4 +1,4 @@ -#define SYSCONFDIR "/etc/powerdns/" -#define LOCALSTATEDIR "/var/run/" -+#define SYSCONFDIR "/etc/pdns/" -+#define LOCALSTATEDIR "/var/run/pdns" - #define VERSION "3.1.7" ++#define SYSCONFDIR "/etc/pdns/" ++#define LOCALSTATEDIR "/var/run/pdns/" + #define VERSION "3.2" #define RECURSOR - #ifndef WIN32 ++++++ pdns-recursor-3.2rc1-strip.patch ++++++ Index: Makefile =================================================================== --- Makefile.orig +++ Makefile @@ -71,10 +71,8 @@ basic_checks: install: all -mkdir -p $(DESTDIR)/$(SBINDIR) mv pdns_recursor $(DESTDIR)/$(SBINDIR) - strip $(DESTDIR)/$(SBINDIR)/pdns_recursor mkdir -p $(DESTDIR)/$(BINDIR) mv rec_control $(DESTDIR)/$(BINDIR) - strip $(DESTDIR)/$(BINDIR)/rec_control -mkdir -p $(DESTDIR)/$(CONFIGDIR) $(DESTDIR)/$(SBINDIR)/pdns_recursor --config > $(DESTDIR)/$(CONFIGDIR)/recursor.conf-dist -mkdir -p $(DESTDIR)/usr/share/man/man1 ++++++ pdns-recursor.init ++++++ --- /var/tmp/diff_new_pack.KC9bI6/_old 2010-04-28 23:08:43.000000000 +0200 +++ /var/tmp/diff_new_pack.KC9bI6/_new 2010-04-28 23:08:43.000000000 +0200 @@ -69,23 +69,23 @@ # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): -# $local_fs all local file systems are mounted -# (most services should need this!) -# $remote_fs all remote file systems are mounted -# (note that /usr may be remote, so -# many services should Require this!) -# $syslog system logging facility up -# $network low level networking (eth card, ...) -# $named hostname resolution available -# $netdaemons all network daemons are running +# $local_fs all local file systems are mounted +# (most services should need this!) +# $remote_fs all remote file systems are mounted +# (note that /usr may be remote, so +# many services should Require this!) +# $syslog system logging facility up +# $network low level networking (eth card, ...) +# $named hostname resolution available +# $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): -# $time the system time has been set correctly -# $portmap SunRPC portmapping service available +# $time the system time has been set correctly +# $portmap SunRPC portmapping service available # UnitedLinux extensions: -# $ALL indicates that a script should be inserted -# at the end +# $ALL indicates that a script should be inserted +# at the end # * The services specified in the stop tags # (Required-Stop/Should-Stop) # specify which services need to be still running when this service @@ -100,8 +100,8 @@ # It's not used by insserv. # # Note on runlevels: -# 0 - halt/poweroff 6 - reboot -# 1 - single user 2 - multiuser without network exported +# 0 - halt/poweroff 6 - reboot +# 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: @@ -116,16 +116,16 @@ # Note: Special treatment of stop for LSB conformance PDNS_RECURSOR_BIN=/usr/sbin/pdns_recursor test -x $PDNS_RECURSOR_BIN || { echo "$PDNS_RECURSOR_BIN not installed"; - if [ "$1" = "stop" ]; then exit 0; - else exit 5; fi; } + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } # Check for existence of needed config file and read it #PDNS_RECURSOR_CONFIG=/etc/sysconfig/pdns #test -r $PDNS_RECURSOR_CONFIG || { echo "$PDNS_RECURSOR_CONFIG not existing"; -# if [ "$1" = "stop" ]; then exit 0; -# else exit 6; fi; } +# if [ "$1" = "stop" ]; then exit 0; +# else exit 6; fi; } -# Read config +# Read config #. $PDNS_RECURSOR_CONFIG # Source LSB init functions @@ -154,7 +154,7 @@ rc_reset # Return values acc. to LSB for all commands but status: -# 0 - success +# 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") @@ -169,110 +169,116 @@ # with force-reload (in case signaling is not supported) are # considered a success. +# ensure our control directory exists +PDNS_CTRLDIR="/var/run/pdns" +if [ ! -e "$PDNS_CTRLDIR" ] ; then + mkdir --mode=0755 /var/run/pdns +fi + case "$1" in start) - echo -n "Starting pdns recursor " - ## Start daemon with startproc(8). If this fails - ## the return value is set appropriately by startproc. - /sbin/startproc -q $PDNS_RECURSOR_BIN - - # Remember status and be verbose - rc_status -v - ;; + echo -n "Starting pdns recursor " + ## Start daemon with startproc(8). If this fails + ## the return value is set appropriately by startproc. + /sbin/startproc -q $PDNS_RECURSOR_BIN + + # Remember status and be verbose + rc_status -v + ;; stop) - echo -n "Shutting down pdns recursor " - ## Stop daemon with killproc(8) and if this fails - ## killproc sets the return value according to LSB. - - /sbin/killproc -TERM $PDNS_RECURSOR_BIN - - # Remember status and be verbose - rc_status -v - ;; + echo -n "Shutting down pdns recursor " + ## Stop daemon with killproc(8) and if this fails + ## killproc sets the return value according to LSB. + + /sbin/killproc -TERM $PDNS_RECURSOR_BIN + + # Remember status and be verbose + rc_status -v + ;; try-restart|condrestart) - ## Do a restart only if the service was active before. - ## Note: try-restart is now part of LSB (as of 1.9). - ## RH has a similar command named condrestart. - if test "$1" = "condrestart"; then - echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" - fi - $0 status - if test $? = 0; then - $0 restart - else - rc_reset # Not running is not a failure. - fi - # Remember status and be quiet - rc_status - ;; + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + # Remember status and be quiet + rc_status + ;; restart) - ## Stop the service and regardless of whether it was - ## running or not, start it again. - $0 stop - $0 start - - # Remember status and be quiet - rc_status - ;; + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; force-reload) - ## Signal the daemon to reload its config. Most daemons - ## do this on signal 1 (SIGHUP). - ## If it does not support it, restart the service if it - ## is running. - - echo -n "Reload service pdns recursor " - ## if it supports it: - /sbin/killproc -HUP $PDNS_RECURSOR_BIN - #touch /var/run/PDNS_RECURSOR.pid - rc_status -v - - ## Otherwise: - #$0 try-restart - #rc_status - ;; + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart the service if it + ## is running. + + echo -n "Reload service pdns recursor " + ## if it supports it: + /sbin/killproc -HUP $PDNS_RECURSOR_BIN + #touch /var/run/PDNS_RECURSOR.pid + rc_status -v + + ## Otherwise: + #$0 try-restart + #rc_status + ;; reload) - ## Like force-reload, but if daemon does not support - ## signaling, do nothing (!) + ## Like force-reload, but if daemon does not support + ## signaling, do nothing (!) - # If it supports signaling: - echo -n "Reload service pdns recursor " - /sbin/killproc -HUP $PDNS_RECURSOR_BIN - #touch /var/run/PDNS_RECURSOR.pid - rc_status -v - - ## Otherwise if it does not support reload: - #rc_failed 3 - #rc_status -v - ;; + # If it supports signaling: + echo -n "Reload service pdns recursor " + /sbin/killproc -HUP $PDNS_RECURSOR_BIN + #touch /var/run/PDNS_RECURSOR.pid + rc_status -v + + ## Otherwise if it does not support reload: + #rc_failed 3 + #rc_status -v + ;; status) - echo -n "Checking for service pdns recursor " - ## Check status with checkproc(8), if process is running - ## checkproc will return with exit status 0. - - # Return value is slightly different for the status command: - # 0 - service up and running - # 1 - service dead, but /var/run/ pid file exists - # 2 - service dead, but /var/lock/ lock file exists - # 3 - service not running (unused) - # 4 - service status unknown :-( - # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) - - # NOTE: checkproc returns LSB compliant status values. - /sbin/checkproc $PDNS_RECURSOR_BIN - # NOTE: rc_status knows that we called this init script with - # "status" option and adapts its messages accordingly. - rc_status -v - ;; + echo -n "Checking for service pdns recursor " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + # NOTE: checkproc returns LSB compliant status values. + /sbin/checkproc $PDNS_RECURSOR_BIN + # NOTE: rc_status knows that we called this init script with + # "status" option and adapts its messages accordingly. + rc_status -v + ;; probe) - ## Optional: Probe for the necessity of a reload, print out the - ## argument to this init script which is required for a reload. - ## Note: probe is not (yet) part of LSB (as of 1.9) + ## Optional: Probe for the necessity of a reload, print out the + ## argument to this init script which is required for a reload. + ## Note: probe is not (yet) part of LSB (as of 1.9) - test /etc/pdns/recursor.conf -nt /var/run/pdns-recursor.pid && echo reload - ;; + test /etc/pdns/recursor.conf -nt /var/run/pdns-recursor.pid && echo reload + ;; *) - echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" - exit 1 - ;; + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; esac rc_exit ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org