Bug 250464 - dns/powerdns-recursor: Update to 4.4.0
Summary: dns/powerdns-recursor: Update to 4.4.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Matthias Andree
URL: https://doc.powerdns.com/recursor/cha...
Depends on:
Reported: 2020-10-19 15:05 UTC by Juraj Lutter
Modified: 2020-11-01 21:15 UTC (History)
2 users (show)

See Also:
tremere: maintainer-feedback+

dns/powerdns-recursor: Update to 4.4.0 (2.74 KB, patch)
2020-10-19 15:05 UTC, Juraj Lutter
no flags Details | Diff
Update to PowerDNS Recursor 4.4.0 and add DNSTAP knob (1.34 KB, patch)
2020-10-21 07:46 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff
Update to PowerDNS Recursor 4.4.0 and add DNSTAP knob (fix whitespace) (1.32 KB, patch)
2020-10-21 07:53 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Juraj Lutter 2020-10-19 15:05:44 UTC
Created attachment 218890 [details]
dns/powerdns-recursor: Update to 4.4.0


please find the patch attached.

Changelog for 4.4.0:
Released: 19th of October 2020
Bug Fixes
  - Backport of CVE-2020-25829: Cache pollution.

Changelog for 4.4.0-rc2:
Released: 6th of October 2020
  - Don’t parse any config with –version.
  - Expose typed cache flush via Web API.
  - Log when going Bogus because of a missing SOA in authority.
  - Raise an exception on invalid content in unknown record.
Bug Fixes:
  - When deciding if we are auth in the local auth or forwarding case, DS is
  - Fix wipe-cache-typed.
  - Watch the descriptor again after an out-of-order read timeout.

Changelog for 4.4.0-rc1:
Released: 21st of September 2020
Bug Fixes:
  - Only do QName Minimization for the names inside a forwarded domain.
  - Fix the parsing of dont-throttle-netmasks in the presence of

Changelog for 4.4.0-beta1:
Released: 31st of August 2020
  - Store RPZ trigger and hit in appliedPolicy and protobuf message and log
	them in the trace log.
  - Apply filtering policies (RPZ) on CNAME chains as well.
  - Fix warning: initialized lambda captures are a C++14 extension.
  - Clean some coverity reported cases of exceptions thrown but not caught.
  - Export record cache lock (contention) stats via the various channels.
  - Allow multiple local data records when doing RPZ IP matching.
  - Replace the use of ‘1’ by QClass::IN to improve readability.
  - Avoid name clashes on Solaris derived systems.
Bug Fixes:
  - Allow some more depth headroom for the no-qname-minimization fallback case.
  - If we have an NS in cache, use it in the forwarder case.
  - Disable outgoing v4 when query-local-address has no v4 addresses.
  - Resize hostname to final size in getCarbonHostname() (Aki Tuomi).

Changelog for 4.4.0-alpha2:
Released: 20th of July 2020
  - Check that DNSKEYs have the zone flag set.
  - Remove redundant toLogString() calls (Chris Hofstaedtler).
  - Stop cluttering the global namespace with validation states.
  - Use explicit flag for the specific version of c++ we’re targeting.
  - Use new operator to print states.
  - Refuse QType 0 right away, based on rfc6895 section 3.1.
  - Specify a storage type for validation states.
  - Common TCP write problems should only be logged if wanted.
  - Dump the authority records of a negative cache entry as well.
  - Alternative way to do “skip cname check” for DS and DNSKEY records
  - Control stack depth when priming.
  - Add version ‘statistic’ to prometheus.
  - Cleanup cache cleaner pruneCollection function.
  - RPZ policy should override gettag_ffi answer by default.
  - Don’t copy the records when scanning for CNAME loops.
  - Do not use using namespace std; .
  - More sophisticated CNAME loop detection.
  - Use std::string_view when available (Rosen Penev).
  - Make sure we can install unsigned packages.
  - Clarify docs (Josh Soref).
  - Ensure runtime dirs for virtual services differ.
  - Builder: improve shipped config files (Chris Hofstaedtler).
  - Less negatives in error messages improves readability.
  - Boost 1.73 moved boost::bind placeholders to the placeholders namespace.
  - Fix useless copies in loop reported by clang++ 10.
  - NetmaskTree: do not test node for null, the loop guarantees node is not
  - Wrap pthread objects
  - Get rid of a naked pointer in the /dev/poll event multiplexer.
  - Random engine.
Bug Fixes:
  - Update proxy-protocol.cc (ihsinme).
  - Kill an signed vs unsigned warning on OpenBSD.
  - Don’t validate a NXD with a NSEC proving that the name is an ENT.
  - Fix three shared cache issues.
  - Limit the TTL of RRSIG records as well.
  - Avoid throwing an exception in Logger::log().

Changelog for 4.4.0-alpha1:
Released: 22th of April 2020
New Features:
  - Implement native DNS64 support, without Lua.
  - Add custom tags to RPZ hits.
  - Allow attaching a ‘routing’ tag string to a query in lua code and use that
	tag in the record cache when appropriate.
  - Share record cache between threads.
  - Add support for Proxy Protocol between dnsdist and the recursor.
  - Fix warnings with llvm10 and -Wrange-loop-construct (Kirill Ponomarev).
  - Fix compilation without deprecated OpenSSL APIs (Rosen Penev).
  - Detect {Libre,Open}SSL functions availability during configure.
  - Better handling of reconnections in Remote Logger.
  - Add ‘queue full’ metrics for our remote logger, log at debug only.
  - Update boost.m4
  - Keep a masked network in the Netmask class.
  - Replace include guard ifdef/define with pragma once (Chris Hofstaedtler).
  - YaHTTP: Support bracketed IPv6 addresses
  - Rework NetmaskTree for better CPU and memory efficiency (Stephan Bosch).
  - RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.
  - Add ‘IO wait’ and ‘steal’ metrics on Linux.
  - DNSName: Don’t call strlen() when the length is already known.
  - Fix build with gcc-10 (Sander Hoentjen).
Bug Fixes
  - Fix compilation of the ports event multiplexer.
  - Init zone’s d_priority field.
  - QName Minimization sometimes uses 1 label too many.

Testport results:
Comment 2 Ralf van der Enden 2020-10-21 07:46:45 UTC
Created attachment 218939 [details]
Update to PowerDNS Recursor 4.4.0 and add DNSTAP knob

The patch supplied by OP adds libsodium (but it was already pulled in near the bottom of the Makefile)

He also added libfstrm, which adds support for dnstap, so added a knob for that and made it optional.

Poudriere: builds ok on 12.1-amd64
Comment 3 Ralf van der Enden 2020-10-21 07:53:57 UTC
Created attachment 218940 [details]
Update to PowerDNS Recursor 4.4.0 and add DNSTAP knob (fix whitespace)
Comment 4 commit-hook freebsd_committer 2020-11-01 21:15:48 UTC
A commit references this bug:

Author: mandree
Date: Sun Nov  1 21:15:42 UTC 2020
New revision: 553866
URL: https://svnweb.freebsd.org/changeset/ports/553866

  dns/powerdns-recursor: update to 4.4.0 and add DNSTAP knob


  PR:		250464
  Submitted by:	Juraj Lutter; Ralf van der Enden (maintainer)
  Approved by:	Ralf van der Enden (maintainer)