- update to 1.3.2

OBS-URL: https://build.opensuse.org/package/show/server:dns/dnsdist?expand=0&rev=8

dnsdist-1.3.0.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:aa67cd4db8404a13ed4ed1097dd850203dab8a327372f72bb140df11ef7eba08
-size 924183

dnsdist-1.3.2.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0be7704e5a418a8ed6908fc110ecfb9bc23f270b5af8a5525f1fa934ef0e6bc4
+size 918200

dnsdist.changes

@@ -1,3 +1,68 @@
+-------------------------------------------------------------------
+Tue Jul 10 14:26:03 UTC 2018 - mrueckert@suse.de
+
+- update to 1.3.2
+  https://blog.powerdns.com/2018/07/10/dnsdist-1-3-2-released/
+
+   Breaking changes
+  ==================
+
+  After discussing with several users, we noticed that quite a lot
+  of them were not aware that enabling the dnsdist’s console
+  without a key, even restricted to the local host, could be a
+  security issue and allow privilege escalation by allowing an
+  unprivileged user to connect to the console and execute Lua code
+  as the dnsdist user. We therefore decided to refuse any
+  connection to the console until a key has been set, so please
+  check that you do set a key before upgrading if you use the
+  console.
+
+   New features
+  ==================
+
+  The DNS over TLS feature introduced in 1.3.0 was missing the
+  ability to support both an RSA and an ECDSA certificate at the
+  same time, and it was not possible to switch to a new certificate
+  without restarting dnsdist. This has now been fixed.
+
+  The packet cache has also been improved in this release, with the
+  addition of a negative TTL option to be able to specify how long
+  NODATA and NXDOMAIN answers should be cache, as well as a way to
+  dump the content of the cache. We also made the detection of ECS
+  collisions more robust, preventing two queries for the same name,
+  type and class but a different ECS subnet from colliding even if
+  they did hash to the same value.
+
+  This version gained the ability to insert dynamic rules that do
+  nothing, and do not stop the processing of subsequent rules,
+  which is very useful for testing purposes. The optimized
+  DynblockRulesGroup introduced in 1.3.0 also gained the ability to
+  whitelist and blacklist ranges from dynamic rules, for example to
+  prevent some clients from ever being blocked by a rate-limiting
+  rule.
+
+  Finally, we introduced the new SetECSAction directive to be able
+  to force the ECS value sent to a downstream server for some or
+  all queries.
+
+   Bug fixes
+  ===========
+
+  In addition to various documentation and cosmetics fixes, a few
+  annoying bugs have been fixed in this release:
+
+  - If the first connection attempt to a given backend failed,
+    dnsdist didn’t properly reconnect even when the backend became
+    available ;
+  - Dynamic blocks were sometimes created with the wrong duration ;
+  - The ability to iterate over the results of the Lua exceed*()
+    functions was broken in 1.3.0, preventing manual whitelisting
+    from Lua ;
+  - Some statistics were displayed with too many decimals in the
+    web interface ;
+  - A backend outstanding queries counter could become wrong if it
+    dropped a lot of queries for a while.
+
 -------------------------------------------------------------------
 Sun Apr  1 23:56:33 UTC 2018 - mrueckert@suse.de
 

dnsdist.spec

@@ -58,7 +58,7 @@
 %endif
 
 Name:           dnsdist
-Version:        1.3.0
+Version:        1.3.2
 Release:        0
 License:        GPL-2.0
 Summary:        A highly DNS-, DoS- and abuse-aware loadbalancer