Subject: CVS commit: pkgsrc/net/powerdns-recursor
From: Adam Ciarcinski
Date: 2018-11-30 13:57:42
Message id: 20181130125742.2AD5CFB1F@cvs.NetBSD.org

Log Message:
powerdns-recursor: updated to 4.1.8

Recursor 4.1.8
Crafted query can cause a denial of service (CVE-2018-16855)

Recursor 4.1.7
Revert ‘Keep the EDNS status of a server on FormErr with EDNS’
Refuse queries for all meta-types

Recursor 4.1.6
Revert “rec: Authority records in AA=1 CNAME answer are authoritative”.

Recursor 4.1.5

PowerDNS Security Advisory 2018-04 (CVE-2018-10851)
PowerDNS Security Advisory 2018-06 (CVE-2018-14626)
PowerDNS Security Advisory 2018-07 (CVE-2018-14644)

Improvements
Add pdnslog to lua configuration scripts (Chris Hofstaedtler)
Fix compilation with libressl 2.7.0+
Export outgoing ECS value and server ID in protobuf (if any)
Switch to devtoolset 7 for el6
Allow the signature inception to be off by a number of seconds (Kees Monshouwer)

Bug Fixes
Crafted answer can cause a denial of service (CVE-2018-10851)
Packet cache pollution via crafted query (CVE-2018-14626)
Crafted query for meta-types can cause a denial of service (CVE-2018-14644)
Delay the creation of rpz threads until we have dropped privileges
Cleanup the netmask trees used for the ecs index on removals
Make sure that the ecs scope from the auth is < to the source
Authority records in aa=1 cname answer are authoritative
Avoid a memory leak in catch-all exception handler
Don’t require authoritative answers for forward-recurse zones
Release memory in case of error in the openssl ecdsa constructor
Convert a few uses to toLogString to print DNSName’s that may be empty in a \ 
safer manner
Avoid a crash on DEC Alpha systems
Clear all caches on (N)TA changes

Files:
RevisionActionfile
1.31modifypkgsrc/net/powerdns-recursor/Makefile
1.27modifypkgsrc/net/powerdns-recursor/distinfo