Log message:
powerdns-recursor: Remove patches not needed in 4.4.0

Log message:
net/powerdns-recursor: Update to 4.4.0

Changelog for 4.4.0:
Released: 19th of October 2020
Bug Fixes
  - Backport of CVE-2020-25829: Cache pollution.

Changelog for 4.4.0-rc2:
Released: 6th of October 2020
Improvements:
  - Don’t parse any config with –version.
  - Expose typed cache flush via Web API.
  - Log when going Bogus because of a missing SOA in authority.
  - Raise an exception on invalid content in unknown record.
Bug Fixes:
  - When deciding if we are auth in the local auth or forwarding case, DS is
	special.
  - Fix wipe-cache-typed.
  - Watch the descriptor again after an out-of-order read timeout.

Changelog for 4.4.0-rc1:
Released: 21st of September 2020
Bug Fixes:
  - Only do QName Minimization for the names inside a forwarded domain.
  - Fix the parsing of dont-throttle-netmasks in the presence of
	dont-throttle-names.

Changelog for 4.4.0-beta1:
Released: 31st of August 2020
Improvements:
  - Store RPZ trigger and hit in appliedPolicy and protobuf message and log
	them in the trace log.
  - Apply filtering policies (RPZ) on CNAME chains as well.
  - Fix warning: initialized lambda captures are a C++14 extension.
  - Clean some coverity reported cases of exceptions thrown but not caught.
  - Export record cache lock (contention) stats via the various channels.
  - Allow multiple local data records when doing RPZ IP matching.
  - Replace the use of ‘1’ by QClass::IN to improve readability.
  - Avoid name clashes on Solaris derived systems.
Bug Fixes:
  - Allow some more depth headroom for the no-qname-minimization fallback case.
  - If we have an NS in cache, use it in the forwarder case.
  - Disable outgoing v4 when query-local-address has no v4 addresses.
  - Resize hostname to final size in getCarbonHostname() (Aki Tuomi).

Changelog for 4.4.0-alpha2:
Released: 20th of July 2020
Improvements:
  - Check that DNSKEYs have the zone flag set.
  - Remove redundant toLogString() calls (Chris Hofstaedtler).
  - Stop cluttering the global namespace with validation states.
  - Use explicit flag for the specific version of c++ we’re targeting.
  - Use new operator to print states.
  - Refuse QType 0 right away, based on rfc6895 section 3.1.
  - Specify a storage type for validation states.
  - Common TCP write problems should only be logged if wanted.
  - Dump the authority records of a negative cache entry as well.
  - Alternative way to do “skip cname check” for DS and DNSKEY records
  - Control stack depth when priming.
  - Add version ‘statistic’ to prometheus.
  - Cleanup cache cleaner pruneCollection function.
  - RPZ policy should override gettag_ffi answer by default.
  - Don’t copy the records when scanning for CNAME loops.
  - Do not use using namespace std; .
  - More sophisticated CNAME loop detection.
  - Use std::string_view when available (Rosen Penev).
  - Make sure we can install unsigned packages.
  - Clarify docs (Josh Soref).
  - Ensure runtime dirs for virtual services differ.
  - Builder: improve shipped config files (Chris Hofstaedtler).
  - Less negatives in error messages improves readability.
  - Boost 1.73 moved boost::bind placeholders to the placeholders namespace.
  - Fix useless copies in loop reported by clang++ 10.
  - NetmaskTree: do not test node for null, the loop guarantees node is not
	null.
  - Wrap pthread objects
  - Get rid of a naked pointer in the /dev/poll event multiplexer.
  - Random engine.
Bug Fixes:
  - Update proxy-protocol.cc (ihsinme).
  - Kill an signed vs unsigned warning on OpenBSD.
  - Don’t validate a NXD with a NSEC proving that the name is an ENT.
  - Fix three shared cache issues.
  - Limit the TTL of RRSIG records as well.
  - Avoid throwing an exception in Logger::log().

Changelog for 4.4.0-alpha1:
Released: 22th of April 2020
New Features:
  - Implement native DNS64 support, without Lua.
  - Add custom tags to RPZ hits.
  - Allow attaching a ‘routing’ tag string to a query in lua code and use that
	tag in the record cache when appropriate.
  - Share record cache between threads.
  - Add support for Proxy Protocol between dnsdist and the recursor.
Improvements:
  - Fix warnings with llvm10 and -Wrange-loop-construct (Kirill Ponomarev).
  - Fix compilation without deprecated OpenSSL APIs (Rosen Penev).
  - Detect {Libre,Open}SSL functions availability during configure.
  - Better handling of reconnections in Remote Logger.
  - Add ‘queue full’ metrics for our remote logger, log at debug only.
  - Update boost.m4
  - Keep a masked network in the Netmask class.
  - Replace include guard ifdef/define with pragma once (Chris Hofstaedtler).
  - YaHTTP: Support bracketed IPv6 addresses
  - Rework NetmaskTree for better CPU and memory efficiency (Stephan Bosch).
  - RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.
  - Add ‘IO wait’ and ‘steal’ metrics on Linux.
  - DNSName: Don’t call strlen() when the length is already known.
  - Fix build with gcc-10 (Sander Hoentjen).
Bug Fixes
  - Fix compilation of the ports event multiplexer.
  - Init zone’s d_priority field.
  - QName Minimization sometimes uses 1 label too many.

Log message:
net/powerdns-recursor: Update to 4.3.4

Changelog for 4.3.4:
Released: 8th of September 2020
* Improvements:
  - Ensure runtime dirs for virtual services differ.

* Bug Fixes:
  - Allow some more depth headroom for the no-qname-minimization fallback case
  - Resize hostname to final size in getCarbonHostname().

Changelog for 4.3.3:
Released: 17th of July 2020
* Bug Fixes:
  - Validate cached DNSKEYs against the DSs, not the RRSIGs only.
  - Ignore cache-only for DNSKEYs and DS retrieval.
  - A ServFail while retrieving DS/DNSKEY records is just that.
  - Refuse DS records received from child zones.
  - Better exception handling in houseKeeping/handlePolicyHit.
  - Take initial refresh time from loaded zone.

pkgsrc-specific changes:
  - Move pdns socket directory to /var/run/pdns-recursor
    to reduce diff
  - Introduce SMF method script that also creates the
    socket directory on platforms where /var/run is not
    persistent (i.e. swap or tmpfs-mounted)

Log message:
net/powerdns-recursor: Update to 4.3.1

Changelog since 4.3.0:

* Released:
  - 19th of May 2020

* Improvements:
  - Add ubuntu focal target.

* Bug Fixes:
  - Backport of security fixes for:
    - CVE-2020-10995
    - CVE-2020-12244
    - CVE-2020-10030
  - avoid a crash when loading an invalid RPZ.
  - RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.

* misc:
  - Update boost.m4.

Log message:
powerdns-recursor: Pull in upstream patch to fix SunOS.

Log message:
powerdns-recursor: updated to 4.3.0

4.3.0
Improvements
Only log qname parsing errors when ‘log-common-errors’ is set.
Update copyright year.

4.2.1
Improvements
Add CentOS 8 as builder target
Update boost.m4
Add deviceName field to protobuf messages
Test improvements
Builder: add raspbian-buster target

Bug Fixes
Purge map of failed auths periodically by keeping a last changed timestamp.
Prime NS records of root-servers.net parent (.net)
Issue with “zz” abbreviation for IPv6 RPZ triggers
Basic validation of $GENERATE parameters
Fix inverse handler registration logic for SNMP.

4.2.0
Improvements
Clear CMSG_SPACE(sizeof(data)) in cmsghdr to appease valgrind

Bug Fixes
Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0
Limit compression pointers to 14 bits

misc
Fix the export of only outgoing queries or incoming responses

Log message:
*: Recursive revision bump for openssl 1.1.1.

Log message:
powerdns-recursor: updated to 4.1.12

4.1.12
Improvements
Provide CPU usage statistics per thread (worker & distributor).
Use a bounded load-balancing algo to distribute queries.
Implement a configurable ECS cache limit so responses with an ECS scope more \ 
specific than a certain threshold and a TTL smaller than a specific threshold \ 
are not inserted into the records cache at all.

Bug Fixes
Correctly interpret an empty AXFR response to an IXFR query.

Log message:
powerdns-recursor: updated to 4.1.11

4.1.11
Since Spectre/Meltdown, system calls have become more expensive. This made \ 
exporting a very high number of protobuf messages costly, which is addressed in \ 
this release by reducing the number of sycalls per message.

Improvements
Add an option to export only responses over protobuf to the Lua protobufServer() \ 
directive.
Reduce systemcall usage in protobuf logging.

4.1.10
This release fixes a bug when trying to build PowerDNS Recursor with protobuf \ 
support disabled, thus this release is only relevant to people building PowerDNS \ 
Recursor from source and not if you’re installing it as a package from our \ 
repositories.

Bug Fixes
PowerDNS Recursor release 4.1.9 introduced a call to the Lua ipfilter() hook \ 
that required access to the DNS header, but the corresponding variable was only \ 
declared when protobuf support had been enabled.

4.1.9
This release fixes Security Advisory 2019-01 and Security Advisory 2019-02 that \ 
were recently discovered, affecting PowerDNS Recursor:
CVE-2019-3806, 2019-01: from 4.1.4 up to and including 4.1.8 ;
CVE-2019-3807, 2019-02: from 4.1.0 up to and including 4.1.8.

The issues are:
CVE-2019-3806, 2019-01: Lua hooks are not properly applied to queries received \ 
over TCP in some specific combination of settings, possibly bypassing security \ 
policies enforced using Lua ;
CVE-2019-3807, 2019-02: records in the answer section of responses received from \ 
authoritative servers with the AA flag not set were not properly validated, \ 
allowing an attacker to bypass DNSSEC validation.

Improvements
Try another worker before failing if the first pipe was full

Log message:
powerdns-recursor: updated to 4.1.8

Recursor 4.1.8
Crafted query can cause a denial of service (CVE-2018-16855)

Recursor 4.1.7
Revert ‘Keep the EDNS status of a server on FormErr with EDNS’
Refuse queries for all meta-types

Recursor 4.1.6
Revert “rec: Authority records in AA=1 CNAME answer are authoritative”.

Recursor 4.1.5

PowerDNS Security Advisory 2018-04 (CVE-2018-10851)
PowerDNS Security Advisory 2018-06 (CVE-2018-14626)
PowerDNS Security Advisory 2018-07 (CVE-2018-14644)

Improvements
Add pdnslog to lua configuration scripts (Chris Hofstaedtler)
Fix compilation with libressl 2.7.0+
Export outgoing ECS value and server ID in protobuf (if any)
Switch to devtoolset 7 for el6
Allow the signature inception to be off by a number of seconds (Kees Monshouwer)

Bug Fixes
Crafted answer can cause a denial of service (CVE-2018-10851)
Packet cache pollution via crafted query (CVE-2018-14626)
Crafted query for meta-types can cause a denial of service (CVE-2018-14644)
Delay the creation of rpz threads until we have dropped privileges
Cleanup the netmask trees used for the ecs index on removals
Make sure that the ecs scope from the auth is < to the source
Authority records in aa=1 cname answer are authoritative
Avoid a memory leak in catch-all exception handler
Don’t require authoritative answers for forward-recurse zones
Release memory in case of error in the openssl ecdsa constructor
Convert a few uses to toLogString to print DNSName’s that may be empty in a \ 
safer manner
Avoid a crash on DEC Alpha systems
Clear all caches on (N)TA changes