| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Add_--install-layout=deb_to_setup.py_call.patch | Add_--install-layout=deb_to_setup.py_call | Debian DNS Packaging <pkg-dns-devel@lists.alioth.debian.org> | no | 2017-11-24 | ||
| 0002-python-fix-for-dist-packages.patch | python fix for dist-packages | Jim Popovitch <jimpop@domainmail.org> | no | 2019-07-13 | ||
| 0003-Remove-the-reference-to-OPTIONS.md-it-breaks-build-o.patch | Remove the reference to OPTIONS.md - it breaks build on Debian stretch | =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@debian.org> | no | 2022-03-16 | ||
| 0004-Disable-treat-warnings-as-errors-in-sphinx-build.patch | Disable treat-warnings-as-errors in sphinx-build | =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@debian.org> | no | 2022-05-18 | ||
| 0005-Add-a-limit-to-the-number-of-RRs-in-RRSets.patch | Add a limit to the number of RRs in RRSets Previously, the number of RRs in the RRSets were internally unlimited. As the data structure that holds the RRs is just a linked list, and there are places where we just walk through all of the RRs, adding an RRSet with huge number of RRs inside would slow down processing of said RRSets. The fix for end-of-life branches make the limit compile-time only for simplicity and the limit can be changed at the compile time by adding following define to CFLAGS: -DDNS_RDATASET_MAX_RECORDS=<limit> (cherry picked from commit c5c4d00c38530390c9e1ae4c98b65fbbadfe9e5e) |
=?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org> | no | 2024-03-01 | ||
| 0006-Add-a-limit-to-the-number-of-RR-types-for-single-nam.patch | Add a limit to the number of RR types for single name Previously, the number of RR types for a single owner name was limited only by the maximum number of the types (64k). As the data structure that holds the RR types for the database node is just a linked list, and there are places where we just walk through the whole list (again and again), adding a large number of RR types for a single owner named with would slow down processing of such name (database node). Add a hard-coded limit (100) to cap the number of the RR types for a single owner. The limit can be changed at the compile time by adding following define to CFLAGS: -DDNS_RBTDB_MAX_RTYPES=<limit> |
=?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org> | no | 2024-05-29 | ||
| 0007-Expand-the-list-of-the-priority-types.patch | Expand the list of the priority types Add HTTPS, SVCB, SRV, PTR, NAPTR, DNSKEY and TXT records to the list of the priority types that are put at the beginning of the slabheader list for faster access and to avoid eviction when there are more types than the max-types-per-name limit. (cherry picked from commit b27c6bcce894786a8e082eafd59eccbf6f2731cb) |
=?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org> | no | 2024-06-17 | ||
| 0008-Make-the-resolver-qtype-ANY-test-order-agnostic.patch | Make the resolver qtype ANY test order agnostic Instead of relying on a specific order of the RR types in the databases pick the first RR type as returned from the cache. (cherry picked from commit 58f660cf2b800963fa649bc9823a626009db3a7e) |
=?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org> | no | 2024-06-17 | ||
| 0009-Be-smarter-about-refusing-to-add-many-RR-types-to-th.patch | Be smarter about refusing to add many RR types to the database Instead of outright refusing to add new RR types to the cache, be a bit smarter: 1. If the new header type is in our priority list, we always add either positive or negative entry at the beginning of the list. 2. If the new header type is negative entry, and we are over the limit, we mark it as ancient immediately, so it gets evicted from the cache as soon as possible. 3. Otherwise add the new header after the priority headers (or at the head of the list). 4. If we are over the limit, evict the last entry on the normal header list. (cherry picked from commit 57cd34441a1b4ecc9874a4a106c2c95b8d7a3120) |
=?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org> | no | 2024-06-17 | ||
| 0010-Remove-support-for-SIG-0-message-verification.patch | Remove support for SIG(0) message verification (cherry picked from commit 857fd5c346e3309ee8e280c29174b46579af5a13) |
=?utf-8?b?UGV0ciDFoHBhxI1law==?= <pspacek@isc.org> | no | 2024-05-16 | ||
| 0011-Document-SIG-0-verification-removal.patch | Document SIG(0) verification removal (cherry picked from commit 654ba34d80b8b6ed805461d7ada2466f8c19a6f1) |
=?utf-8?b?UGV0ciDFoHBhxI1law==?= <pspacek@isc.org> | no | 2024-05-16 | ||
| 0012-Enable-stdout-autoflush-in-authsock.pl.patch | Enable stdout autoflush in authsock.pl With enabled buffering the output gets lost when the process receives a TERM signal. Disable the buffering. (cherry picked from commit a0311dfb6e2a51f89dfa8b200b96a0f4675fb654) |
Aram Sargsyan <aram@isc.org> | no | 2024-05-21 | ||
| 0013-Adapt-the-tsiggss-test-to-the-SIG-0-removal.patch | Adapt the tsiggss test to the SIG(0) removal Test that SIG(0) signer is NOT sent to the external socket for authorization. It MUST NOT be considered a valid signature by any chance. Also check that the signer's name does not appear in authsock.pl output. (cherry picked from commit cf8838085905171fbc00747eb210e8b8284ca0e1) |
=?utf-8?b?UGV0ciDFoHBhxI1law==?= <pspacek@isc.org> | no | 2024-05-17 | ||
| 0014-Adapt-the-upforwd-test-to-the-SIG-0-removal.patch | Adapt the upforwd test to the SIG(0) removal Change the check so that update with SIG(0) is expected to fail. (cherry picked from commit 5f7558f6dbb0527c08caf281299245ab8de268cd) |
Aram Sargsyan <aram@isc.org> | no | 2024-05-21 | ||
| 0015-Clear-qctx-zversion.patch | Clear qctx->zversion Clear qctx->zversion when clearing qctx->zrdataset et al in lib/ns/query.c:qctx_freedata. The uncleared pointer could lead to an assertion failure if zone data needed to be re-saved which could happen with stale data support enabled. (cherry picked from commit 179fb3532ab8d4898ab070b2db54c0ce872ef709) |
Mark Andrews <marka@isc.org> | no | 2024-01-16 | ||
| 0016-Clear-DNS_FETCHOPT_TRYSTALE_ONTIMEOUT.patch | Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT When calling dns_resolver_createfetch in resolver.c with a callback of resume_dslookup, clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT from options as DNS_EVENT_TRYSTALE is not an expected event type and triggers a REQUIRE. (cherry picked from commit 6faea6da3d646557d234d63ddd5d524d222e8082) |
Mark Andrews <marka@isc.org> | no | 2024-04-03 |