pdns-recursor-4.1.12-bp151.2.3

- bsc#1130588: Require shadow instead of old pwdutils

- update to 4.1.12:
  * Improvements
  - Provide CPU usage statistics per thread (worker & distributor).
  - Use a bounded load-balancing algo to distribute queries.
  - Implement a configurable ECS cache limit so responses with an
    ECS scope more specific than a certain threshold and a TTL
    smaller than a specific threshold are not inserted into the
    records cache at all.
  * Bug Fixes
  - Correctly interpret an empty AXFR response to an IXFR query.
- update to 4.1.11:
  * Improvements
  - Add an option to export only responses over protobuf to the
    Lua protobufServer() directive.
  - Reduce systemcall usage in protobuf logging. (See #7428.)

- update to 4.1.10
  - #7403: Fix compilation in handleRunningTCPQuestion without
    protobuf support

- update to 4.1.8
  https://blog.powerdns.com/2018/11/26/powerdns-recursor-4-1-8-released/
  - Fixes case where a crafted query can cause a denial of service
    (CVE-2018-16855, bsc#1116592)

- update to 4.1.7
  https://blog.powerdns.com/2018/11/09/powerdns-recursor-4-1-7-released/
  - Revert ?Keep the EDNS status of a server on FormErr with EDNS?
  - Refuse queries for all meta-types

- update to 4.1.6
  - Revert "rec: Authority records in AA=1 CNAME answer are
    authoritative"
    https://github.com/PowerDNS/pdns/issues/7158

- update to 4.1.5
  - Improvements
  * Add pdnslog to lua configuration scripts
  * Fix compilation with libressl 2.7.0+
  * Export outgoing ECS value and server ID in protobuf (if any)
  * Switch to devtoolset 7 for el6
  * Allow the signature inception to be off by number of seconds
  - Bug Fixes
  * Crafted answer can cause a denial of service
    (bsc#1114157, CVE-2018-10851)
  * Packet cache pollution via crafted query
    (bsc#1114169, CVE-2018-14626)
  * Crafted query for meta-types can cause a denial of service
    (bsc#1114170, CVE-2018-14644)
  * Delay creation of rpz threads until we dropped privileges
  * Cleanup the netmask trees used for the ecs index on removals
  * Make sure that the ecs scope from the auth is < to the source
  * Authority records in aa=1 cname answer are authoritative
  * Avoid a memory leak in catch-all exception handler
  * Don?t require authoritative answers for forward-recurse zones
  * Release memory in case of error in openssl ecdsa constructor
  * Convert a few uses to toLogString to print DNSName?s that
    may be empty in a safer manner
  * Avoid a crash on DEC Alpha systems
  * Clear all caches on (N)TA changes

- update to 4.1.4
  - Improvements
  * Split pdns_enable_unit_tests.
  * Add a new max-udp-queries-per-round setting.
  * Fix warnings reported by gcc 8.1.0.
  * Tests: replace awk command by perl.
  * Allow the snmp thread to retrieve statistics.
  - Bug Fixes
  * Don?t account chained queries more than once.
  * Make rec_control respect include-dir.
  * Load lua scripts only in worker threads.
  * Purge all auth/forward zone data including subtree.

- update to 4.1.3
  - Improvements
  * Add a subtree option to the API cache flush endpoint
  * Use a separate, non-blocking pipe to distribute queries
  * Move carbon/webserver/control/stats handling to a separate
    thread
  * Add _raw versions for QName / ComboAddresses to the FFI API
  * Fix a warning on botan >= 2.5.0
  - Bug Fixes
  * Count a lookup into an internal auth zone as a cache miss
  * Don?t increase the DNSSEC validations counters when running
    with process-no-validate
  * Respect the AXFR timeout while connecting to the RPZ server
  * Increase MTasker stacksize to avoid crash in exception
    unwinding
  * Use the SyncRes time in our unit tests when checking cache
    validity
  * Add -rdynamic to C{,XX}FLAGS when we build with LuaJIT
  * Delay the loading of RPZ zones until the parsing is done,
    fixing a race condition
  * Reorder includes to avoid boost L conflict (bsc#1089814)