Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package pdns-recursor for openSUSE:Factory
checked in at 2021-11-09 23:54:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pdns-recursor (Old)
and /work/SRC/openSUSE:Factory/.pdns-recursor.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns-recursor"
Tue Nov 9 23:54:42 2021 rev:49 rq:930191 version:4.5.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/pdns-recursor/pdns-recursor.changes
2021-10-12 21:50:42.283987797 +0200
+++ /work/SRC/openSUSE:Factory/.pdns-recursor.new.1890/pdns-recursor.changes
2021-11-09 23:55:04.939967051 +0100
@@ -1,0 +2,11 @@
+Fri Nov 5 12:00:12 UTC 2021 - Michael Str??der <mich...@stroeder.com>
+
+- update to 4.5.7:
+ * A SHA-384 DS should not trump a SHA-256 one, only potentially ignore SHA-1
DS records.
+ References: #10908, pull request 10912
+ * rec_control wipe-cache-typed should check if a qtype arg is present and
valid.
+ References: #10905, pull request 10911
+ * Put the correct string into appliedPolicyTrigger for Netmask matching
rules.
+ References: #10842, pull request 10863
+
+-------------------------------------------------------------------
Old:
----
pdns-recursor-4.5.6.tar.bz2
pdns-recursor-4.5.6.tar.bz2.sig
New:
----
pdns-recursor-4.5.7.tar.bz2
pdns-recursor-4.5.7.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pdns-recursor.spec ++++++
--- /var/tmp/diff_new_pack.ikXh19/_old 2021-11-09 23:55:05.679967429 +0100
+++ /var/tmp/diff_new_pack.ikXh19/_new 2021-11-09 23:55:05.679967429 +0100
@@ -31,7 +31,7 @@
%endif
Name: pdns-recursor
-Version: 4.5.6
+Version: 4.5.7
Release: 0
BuildRequires: autoconf
BuildRequires: automake
++++++ pdns-recursor-4.5.6.tar.bz2 -> pdns-recursor-4.5.7.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/configure
new/pdns-recursor-4.5.7/configure
--- old/pdns-recursor-4.5.6/configure 2021-10-08 15:10:32.000000000 +0200
+++ new/pdns-recursor-4.5.7/configure 2021-11-05 07:41:58.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pdns-recursor 4.5.6.
+# Generated by GNU Autoconf 2.69 for pdns-recursor 4.5.7.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='pdns-recursor'
PACKAGE_TARNAME='pdns-recursor'
-PACKAGE_VERSION='4.5.6'
-PACKAGE_STRING='pdns-recursor 4.5.6'
+PACKAGE_VERSION='4.5.7'
+PACKAGE_STRING='pdns-recursor 4.5.7'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1530,7 +1530,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pdns-recursor 4.5.6 to adapt to many kinds of systems.
+\`configure' configures pdns-recursor 4.5.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1601,7 +1601,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pdns-recursor 4.5.6:";;
+ short | recursive ) echo "Configuration of pdns-recursor 4.5.7:";;
esac
cat <<\_ACEOF
@@ -1780,7 +1780,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pdns-recursor configure 4.5.6
+pdns-recursor configure 4.5.7
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2497,7 +2497,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pdns-recursor $as_me 4.5.6, which was
+It was created by pdns-recursor $as_me 4.5.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3365,7 +3365,7 @@
# Define the identity of the package.
PACKAGE='pdns-recursor'
- VERSION='4.5.6'
+ VERSION='4.5.7'
cat >>confdefs.h <<_ACEOF
@@ -27384,7 +27384,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pdns-recursor $as_me 4.5.6, which was
+This file was extended by pdns-recursor $as_me 4.5.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -27450,7 +27450,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-pdns-recursor config.status 4.5.6
+pdns-recursor config.status 4.5.7
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/configure.ac
new/pdns-recursor-4.5.7/configure.ac
--- old/pdns-recursor-4.5.6/configure.ac 2021-10-08 15:10:18.000000000
+0200
+++ new/pdns-recursor-4.5.7/configure.ac 2021-11-05 07:41:48.000000000
+0100
@@ -1,6 +1,6 @@
AC_PREREQ([2.69])
-AC_INIT([pdns-recursor], [4.5.6])
+AC_INIT([pdns-recursor], [4.5.7])
AC_CONFIG_AUX_DIR([build-aux])
AM_INIT_AUTOMAKE([foreign dist-bzip2 no-dist-gzip tar-ustar -Wno-portability
subdir-objects parallel-tests 1.11])
AM_SILENT_RULES([yes])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/effective_tld_names.dat
new/pdns-recursor-4.5.7/effective_tld_names.dat
--- old/pdns-recursor-4.5.6/effective_tld_names.dat 2021-10-08
15:12:20.000000000 +0200
+++ new/pdns-recursor-4.5.7/effective_tld_names.dat 2021-11-05
07:43:21.000000000 +0100
@@ -842,7 +842,13 @@
inf.cu
// cv : https://en.wikipedia.org/wiki/.cv
+// cv :
http://www.dns.cv/tldcv_portal/do?com=DS;5446457100;111;+PAGE(4000018)+K-CAT-CODIGO(RDOM)+RCNT(100);
<- registration rules
cv
+com.cv
+edu.cv
+int.cv
+nome.cv
+org.cv
// cw : http://www.una.cw/cw_registry/
// Confirmed by registry <regis...@una.net> 2013-03-26
@@ -1179,6 +1185,7 @@
web.gu
// gw : https://en.wikipedia.org/wiki/.gw
+// gw : https://nic.gw/regras/
gw
// gy : https://en.wikipedia.org/wiki/.gy
@@ -5853,7 +5860,7 @@
org.ps
net.ps
-// pt : http://online.dns.pt/dns/start_dns
+// pt :
https://www.dns.pt/en/domain/pt-terms-and-conditions-registration-rules/
pt
net.pt
gov.pt
@@ -7125,7 +7132,7 @@
// newGTLDs
-// List of new gTLDs imported from
https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on
2021-10-07T15:11:34Z
+// List of new gTLDs imported from
https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on
2021-10-28T15:13:35Z
// This list is auto-generated, don't edit it manually.
// aaa : 2015-02-26 American Automobile Association, Inc.
aaa
@@ -9449,9 +9456,6 @@
// quest : 2015-03-26 XYZ.COM LLC
quest
-// qvc : 2015-07-30 QVC, Inc.
-qvc
-
// racing : 2014-12-04 Premier Registry Limited
racing
@@ -10313,9 +10317,6 @@
// xn--3ds443g : 2013-09-08 TLD REGISTRY LIMITED OY
??????
-// xn--3oq18vl8pn36a : 2015-07-02 Volkswagen (China) Investment Co., Ltd.
-????????????
-
// xn--3pxu8k : 2015-01-15 VeriSign Sarl
??????
@@ -10794,6 +10795,10 @@
// Submitted by Apigee Security Team <secur...@apigee.com>
apigee.io
+// Apphud : https://apphud.com
+// Submitted by Alexander Selivanov <a...@apphud.com>
+siiites.com
+
// Appspace : https://www.appspace.com
// Submitted by Appspace Security Team <secur...@appspace.com>
appspacehosted.com
@@ -11634,12 +11639,6 @@
// Submitted by Dominik Menke <d...@digineo.de>
dynv6.net
-// Ellucian : https://ellucian.com
-// Submitted by Josue Colon <cloudops-netw...@ellucian.com>
-elluciancrmadvance.com
-elluciancrmadvise.com
-elluciancrmrecruit.com
-
// E4YOU spol. s.r.o. : https://e4you.cz/
// Submitted by Vladimir Dudr <i...@e4you.cz>
e4.cz
@@ -11668,10 +11667,6 @@
onred.one
staging.onred.one
-// One.com: https://www.one.com/
-// Submitted by Jacob Bunk Nielsen <j...@one.com>
-service.one
-
// EU.org https://eu.org/
// Submitted by Pierre Beyssac <hostmas...@eu.org>
eu.org
@@ -12915,6 +12910,10 @@
// Submitted by Vicary Archangel <vic...@omniwe.com>
omniwe.site
+// One.com: https://www.one.com/
+// Submitted by Jacob Bunk Nielsen <j...@one.com>
+service.one
+
// One Fold Media : http://www.onefoldmedia.com/
// Submitted by Eddie Jones <ed...@onefoldmedia.com>
nid.io
@@ -13469,6 +13468,11 @@
// Submitted by Bjoern Henke <dev-ser...@taifun-software.de>
taifun-dns.de
+// Tailscale Inc. : https://www.tailscale.com
+// Submitted by David Anderson <dander...@tailscale.com>
+beta.tailscale.net
+ts.net
+
// TASK geographical domains (www.task.gda.pl/uslugi/dns)
gda.pl
gdansk.pl
@@ -13745,7 +13749,7 @@
js.wpenginepowered.com
// Wix.com, Inc. : https://www.wix.com
-// Submitted by Shahar Talmi <shah...@wix.com>
+// Submitted by Shahar Talmi <sha...@wix.com>
wixsite.com
editorx.io
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/filterpo.cc
new/pdns-recursor-4.5.7/filterpo.cc
--- old/pdns-recursor-4.5.6/filterpo.cc 2021-10-08 15:09:57.000000000 +0200
+++ new/pdns-recursor-4.5.7/filterpo.cc 2021-11-05 07:41:08.000000000 +0100
@@ -50,13 +50,21 @@
bool DNSFilterEngine::Zone::findExactNSPolicy(const DNSName& qname,
DNSFilterEngine::Policy& pol) const
{
- return findExactNamedPolicy(d_propolName, qname, pol);
+ if (findExactNamedPolicy(d_propolName, qname, pol)) {
+ pol.d_trigger = qname;
+ pol.d_trigger.appendRawLabel(rpzNSDnameName);
+ return true;
+ }
+ return false;
}
bool DNSFilterEngine::Zone::findNSIPPolicy(const ComboAddress& addr,
DNSFilterEngine::Policy& pol) const
{
if (const auto fnd = d_propolNSAddr.lookup(addr)) {
pol = fnd->second;
+ pol.d_trigger = Zone::maskToRPZ(fnd->first);
+ pol.d_trigger.appendRawLabel(rpzNSIPName);
+ pol.d_hit = addr.toString();
return true;
}
return false;
@@ -66,6 +74,9 @@
{
if (const auto fnd = d_postpolAddr.lookup(addr)) {
pol = fnd->second;
+ pol.d_trigger = Zone::maskToRPZ(fnd->first);
+ pol.d_trigger.appendRawLabel(rpzIPName);
+ pol.d_hit = addr.toString();
return true;
}
return false;
@@ -75,6 +86,9 @@
{
if (const auto fnd = d_qpolAddr.lookup(addr)) {
pol = fnd->second;
+ pol.d_trigger = Zone::maskToRPZ(fnd->first);
+ pol.d_trigger.appendRawLabel(rpzClientIPName);
+ pol.d_hit = addr.toString();
return true;
}
return false;
@@ -179,17 +193,13 @@
}
if (z->findExactNSPolicy(qname, pol)) {
// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process the
query"<<endl;
- pol.d_trigger = qname;
- pol.d_trigger.appendRawLabel(rpzNSDnameName);
- pol.d_hit = qname.toStringNoDot();
return true;
}
for (const auto& wc : wcNames) {
if (z->findExactNSPolicy(wc, pol)) {
// cerr<<"Had a hit on the nameserver ("<<qname<<") used to process
the query"<<endl;
- pol.d_trigger = wc;
- pol.d_trigger.appendRawLabel(rpzNSDnameName);
+ // Hit is not the wildcard passed to findExactQNamePolicy but the
actual qname!
pol.d_hit = qname.toStringNoDot();
return true;
}
@@ -214,10 +224,6 @@
if(z->findNSIPPolicy(address, pol)) {
// cerr<<"Had a hit on the nameserver ("<<address.toString()<<")
used to process the query"<<endl;
- // XXX should use ns RPZ
- pol.d_trigger = Zone::maskToRPZ(address);
- pol.d_trigger.appendRawLabel(rpzNSIPName);
- pol.d_hit = address.toString();
return true;
}
}
@@ -294,15 +300,13 @@
if (z->findExactQNamePolicy(qname, pol)) {
// cerr<<"Had a hit on the name of the query"<<endl;
- pol.d_trigger = qname;
- pol.d_hit = qname.toStringNoDot();
return true;
}
for (const auto& wc : wcNames) {
if (z->findExactQNamePolicy(wc, pol)) {
// cerr<<"Had a hit on the name of the query"<<endl;
- pol.d_trigger = wc;
+ // Hit is not the wildcard passed to findExactQNamePolicy but the
actual qname!
pol.d_hit = qname.toStringNoDot();
return true;
}
@@ -356,9 +360,6 @@
}
if (z->findResponsePolicy(ca, pol)) {
- pol.d_trigger = Zone::maskToRPZ(ca);
- pol.d_trigger.appendRawLabel(rpzIPName);
- pol.d_hit = ca.toString();
return true;
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/pdns_recursor.1
new/pdns-recursor-4.5.7/pdns_recursor.1
--- old/pdns-recursor-4.5.6/pdns_recursor.1 2021-10-08 15:12:20.000000000
+0200
+++ new/pdns-recursor-4.5.7/pdns_recursor.1 2021-11-05 07:43:21.000000000
+0100
@@ -27,7 +27,7 @@
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
-.TH "PDNS_RECURSOR" "1" "Oct 08, 2021" "" "PowerDNS Recursor"
+.TH "PDNS_RECURSOR" "1" "Nov 05, 2021" "" "PowerDNS Recursor"
.SH NAME
pdns_recursor \- The PowerDNS Recursor binary
.SH SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/pubsuffix.cc
new/pdns-recursor-4.5.7/pubsuffix.cc
--- old/pdns-recursor-4.5.6/pubsuffix.cc 2021-10-08 15:12:21.000000000
+0200
+++ new/pdns-recursor-4.5.7/pubsuffix.cc 2021-11-05 07:43:21.000000000
+0100
@@ -613,6 +613,11 @@
"net.cu",
"gov.cu",
"inf.cu",
+"com.cv",
+"edu.cv",
+"int.cv",
+"nome.cv",
+"org.cv",
"com.cw",
"edu.cw",
"net.cw",
@@ -5628,6 +5633,7 @@
"t3l3p0rt.net",
"tele.amune.org",
"apigee.io",
+"siiites.com",
"appspacehosted.com",
"appspaceusercontent.com",
"appudo.net",
@@ -6132,9 +6138,6 @@
"myddns.rocks",
"blogsite.xyz",
"dynv6.net",
-"elluciancrmadvance.com",
-"elluciancrmadvise.com",
-"elluciancrmrecruit.com",
"e4.cz",
"eero.online",
"eero-stage.online",
@@ -6145,7 +6148,6 @@
"tuleap-partners.com",
"onred.one",
"staging.onred.one",
-"service.one",
"eu.org",
"al.eu.org",
"asso.eu.org",
@@ -6914,6 +6916,7 @@
"omg.lol",
"cloudycluster.net",
"omniwe.site",
+"service.one",
"nid.io",
"opensocial.site",
"opencraft.hosting",
@@ -7111,6 +7114,8 @@
"direct.quickconnect.to",
"tabitorder.co.il",
"taifun-dns.de",
+"beta.tailscale.net",
+"ts.net",
"gda.pl",
"gdansk.pl",
"gdynia.pl",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/rec_channel_rec.cc
new/pdns-recursor-4.5.7/rec_channel_rec.cc
--- old/pdns-recursor-4.5.6/rec_channel_rec.cc 2021-10-08 15:09:57.000000000
+0200
+++ new/pdns-recursor-4.5.7/rec_channel_rec.cc 2021-11-05 07:41:08.000000000
+0100
@@ -1855,7 +1855,13 @@
return {0, doWipeCache(begin, end, 0xffff)};
}
if (cmd == "wipe-cache-typed") {
+ if (begin == end) {
+ return {1, "Need a qtype\n"};
+ }
uint16_t qtype = QType::chartocode(begin->c_str());
+ if (qtype == 0) {
+ return {1, "Unknown qtype " + *begin + "\n"};
+ }
++begin;
return {0, doWipeCache(begin, end, qtype)};
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/rec_control.1
new/pdns-recursor-4.5.7/rec_control.1
--- old/pdns-recursor-4.5.6/rec_control.1 2021-10-08 15:12:20.000000000
+0200
+++ new/pdns-recursor-4.5.7/rec_control.1 2021-11-05 07:43:21.000000000
+0100
@@ -27,7 +27,7 @@
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
-.TH "REC_CONTROL" "1" "Oct 08, 2021" "" "PowerDNS Recursor"
+.TH "REC_CONTROL" "1" "Nov 05, 2021" "" "PowerDNS Recursor"
.SH NAME
rec_control \- Command line tool to control a running Recursor
.SH SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/syncres.cc
new/pdns-recursor-4.5.7/syncres.cc
--- old/pdns-recursor-4.5.6/syncres.cc 2021-10-08 15:09:57.000000000 +0200
+++ new/pdns-recursor-4.5.7/syncres.cc 2021-11-05 07:41:09.000000000 +0100
@@ -2562,10 +2562,10 @@
/* RFC 4509 section 3: "Validator implementations SHOULD ignore DS RRs
containing SHA-1
* digests if DS RRs with SHA-256 digests are present in the DS RRset."
- * As SHA348 is specified as well, the spirit of the this line is "use the
best algorithm".
+ * We interpret that as: do not use SHA-1 if SHA-256 or SHA-384 is
available
*/
for (auto dsrec = ds.begin(); dsrec != ds.end(); ) {
- if (dsrec->d_digesttype != bestDigestType) {
+ if (dsrec->d_digesttype == DNSSECKeeper::DIGEST_SHA1 &&
dsrec->d_digesttype != bestDigestType) {
dsrec = ds.erase(dsrec);
}
else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/test-filterpo_cc.cc
new/pdns-recursor-4.5.7/test-filterpo_cc.cc
--- old/pdns-recursor-4.5.6/test-filterpo_cc.cc 2021-10-08 15:09:57.000000000
+0200
+++ new/pdns-recursor-4.5.7/test-filterpo_cc.cc 2021-11-05 07:41:08.000000000
+0100
@@ -33,19 +33,19 @@
const DNSName blockedWildcardName("*.wildcard-blocked.");
const ComboAddress responseIP("192.0.2.254");
BOOST_CHECK_EQUAL(zone->size(), 0U);
- zone->addClientTrigger(Netmask(clientIP, 32),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ClientIP));
+ zone->addClientTrigger(Netmask(clientIP, 31),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ClientIP));
BOOST_CHECK_EQUAL(zone->size(), 1U);
zone->addQNameTrigger(blockedName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::QName));
BOOST_CHECK_EQUAL(zone->size(), 2U);
zone->addQNameTrigger(blockedWildcardName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::QName));
BOOST_CHECK_EQUAL(zone->size(), 3U);
- zone->addNSIPTrigger(Netmask(nsIP, 32),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSIP));
+ zone->addNSIPTrigger(Netmask(nsIP, 31),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSIP));
BOOST_CHECK_EQUAL(zone->size(), 4U);
zone->addNSTrigger(nsName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSDName));
BOOST_CHECK_EQUAL(zone->size(), 5U);
zone->addNSTrigger(nsWildcardName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSDName));
BOOST_CHECK_EQUAL(zone->size(), 6U);
- zone->addResponseTrigger(Netmask(responseIP, 32),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ResponseIP));
+ zone->addResponseTrigger(Netmask(responseIP, 31),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ResponseIP));
BOOST_CHECK_EQUAL(zone->size(), 7U);
size_t zoneIdx = dfe.addZone(zone);
@@ -81,6 +81,8 @@
const auto matchingPolicy =
dfe.getProcessingPolicy(DNSName("sub.sub.wildcard.wolf."),
std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::NSDName);
BOOST_CHECK(matchingPolicy.d_kind == DNSFilterEngine::PolicyKind::Drop);
+ BOOST_CHECK_EQUAL(matchingPolicy.d_trigger,
DNSName("*.wildcard.wolf.rpz-nsdname"));
+ BOOST_CHECK_EQUAL(matchingPolicy.d_hit, "sub.sub.wildcard.wolf");
/* looking for wildcard.wolf. should not match *.wildcard-blocked. */
const auto notMatchingPolicy =
dfe.getProcessingPolicy(DNSName("wildcard.wolf."),
std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
@@ -92,6 +94,8 @@
/* except if we look exactly for the wildcard */
BOOST_CHECK(zone->findExactNSPolicy(nsWildcardName, zonePolicy));
BOOST_CHECK(zonePolicy == matchingPolicy);
+ BOOST_CHECK_EQUAL(zonePolicy.d_trigger,
DNSName("*.wildcard.wolf.rpz-nsdname"));
+ BOOST_CHECK_EQUAL(zonePolicy.d_hit, nsWildcardName.toStringNoDot());
}
{
@@ -110,6 +114,8 @@
DNSFilterEngine::Policy zonePolicy;
BOOST_CHECK(zone->findNSIPPolicy(nsIP, zonePolicy));
BOOST_CHECK(zonePolicy == matchingPolicy);
+ BOOST_CHECK_EQUAL(zonePolicy.d_trigger, DNSName("31.0.2.0.192.rpz-nsip"));
+ BOOST_CHECK_EQUAL(zonePolicy.d_hit, nsIP.toString());
}
{
@@ -128,6 +134,8 @@
DNSFilterEngine::Policy zonePolicy;
BOOST_CHECK(zone->findExactQNamePolicy(blockedName, zonePolicy));
BOOST_CHECK(zonePolicy == matchingPolicy);
+ BOOST_CHECK_EQUAL(zonePolicy.d_trigger, blockedName);
+ BOOST_CHECK_EQUAL(zonePolicy.d_hit, blockedName.toStringNoDot());
/* but a subdomain should not be blocked (not a wildcard, and this is not
suffix domain matching */
matchingPolicy = dfe.getQueryPolicy(DNSName("sub") + blockedName,
std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
@@ -140,6 +148,8 @@
const auto matchingPolicy =
dfe.getQueryPolicy(DNSName("sub.sub.wildcard-blocked."),
std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
BOOST_CHECK(matchingPolicy.d_type == DNSFilterEngine::PolicyType::QName);
BOOST_CHECK(matchingPolicy.d_kind == DNSFilterEngine::PolicyKind::Drop);
+ BOOST_CHECK_EQUAL(matchingPolicy.d_trigger, blockedWildcardName);
+ BOOST_CHECK_EQUAL(matchingPolicy.d_hit, "sub.sub.wildcard-blocked");
/* looking for wildcard-blocked. should not match *.wildcard-blocked. */
const auto notMatchingPolicy =
dfe.getQueryPolicy(DNSName("wildcard-blocked."),
std::unordered_map<std::string, bool>(), DNSFilterEngine::maximumPriority);
@@ -151,6 +161,8 @@
/* except if we look exactly for the wildcard */
BOOST_CHECK(zone->findExactQNamePolicy(blockedWildcardName, zonePolicy));
BOOST_CHECK(zonePolicy == matchingPolicy);
+ BOOST_CHECK_EQUAL(zonePolicy.d_trigger, blockedWildcardName);
+ BOOST_CHECK_EQUAL(zonePolicy.d_hit, blockedWildcardName.toStringNoDot());
}
{
@@ -161,6 +173,8 @@
DNSFilterEngine::Policy zonePolicy;
BOOST_CHECK(zone->findClientPolicy(clientIP, zonePolicy));
BOOST_CHECK(zonePolicy == matchingPolicy);
+ BOOST_CHECK_EQUAL(zonePolicy.d_trigger,
DNSName("31.128.2.0.192.rpz-client-ip"));
+ BOOST_CHECK_EQUAL(zonePolicy.d_hit, clientIP.toString());
}
{
@@ -183,6 +197,8 @@
DNSFilterEngine::Policy zonePolicy;
BOOST_CHECK(zone->findResponsePolicy(responseIP, zonePolicy));
BOOST_CHECK(zonePolicy == matchingPolicy);
+ BOOST_CHECK_EQUAL(zonePolicy.d_trigger, DNSName("31.254.2.0.192.rpz-ip"));
+ BOOST_CHECK_EQUAL(zonePolicy.d_hit, responseIP.toString());
}
{
@@ -197,19 +213,19 @@
}
BOOST_CHECK_EQUAL(zone->size(), 7U);
- zone->rmClientTrigger(Netmask(clientIP, 32),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ClientIP));
+ zone->rmClientTrigger(Netmask(clientIP, 31),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ClientIP));
BOOST_CHECK_EQUAL(zone->size(), 6U);
zone->rmQNameTrigger(blockedName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::QName));
BOOST_CHECK_EQUAL(zone->size(), 5U);
zone->rmQNameTrigger(blockedWildcardName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::QName));
BOOST_CHECK_EQUAL(zone->size(), 4U);
- zone->rmNSIPTrigger(Netmask(nsIP, 32),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSIP));
+ zone->rmNSIPTrigger(Netmask(nsIP, 31),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSIP));
BOOST_CHECK_EQUAL(zone->size(), 3U);
zone->rmNSTrigger(nsName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSDName));
BOOST_CHECK_EQUAL(zone->size(), 2U);
zone->rmNSTrigger(nsWildcardName,
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::NSDName));
BOOST_CHECK_EQUAL(zone->size(), 1U);
- zone->rmResponseTrigger(Netmask(responseIP, 32),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ResponseIP));
+ zone->rmResponseTrigger(Netmask(responseIP, 31),
DNSFilterEngine::Policy(DNSFilterEngine::PolicyKind::Drop,
DNSFilterEngine::PolicyType::ResponseIP));
BOOST_CHECK_EQUAL(zone->size(), 0U);
/* DNSFilterEngine::clear() calls clear() on all zones, but keeps the zones
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pdns-recursor-4.5.6/test-syncres_cc9.cc
new/pdns-recursor-4.5.7/test-syncres_cc9.cc
--- old/pdns-recursor-4.5.6/test-syncres_cc9.cc 2021-10-07 09:57:47.000000000
+0200
+++ new/pdns-recursor-4.5.7/test-syncres_cc9.cc 2021-11-03 18:47:25.000000000
+0100
@@ -819,9 +819,9 @@
dsmap_t ds;
auto state = sr->getDSRecords(target, ds, false, 0, false);
BOOST_CHECK_EQUAL(state, vState::Secure);
- BOOST_REQUIRE_EQUAL(ds.size(), 1U);
+ BOOST_REQUIRE_EQUAL(ds.size(), 2U);
for (const auto& i : ds) {
- BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::DIGEST_SHA384);
+ BOOST_CHECK(i.d_digesttype == DNSSECKeeper::DIGEST_SHA384 ||
i.d_digesttype == DNSSECKeeper::DIGEST_SHA256);
}
}
