pdns-4.1.2-9.1

- Update to 4.1.2
  - Improvements
  * API: increase serial after dnssec related updates
  * Auth: lower ?packet too short? loglevel
  * Make check-zone error on rows that have content but shouldn?t
  * Auth: avoid an isane amount of new backend connections during an axfr
  * Report unparseable data in stoul invalid_argument exception
  * Backport: recheck serial when axfr is done
  * Backport: add tcp support for alias
  - Bug Fixes
  * Auth: allocate new statements after reconnecting to postgresql
  * Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer)
  * Rather than crash, sheepishly report no file/linenum
  * Document undocumented config vars
  * Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate
  - misc
  * Move includes around to avoid boost L conflict
  * Backport: update edns option code list
  * Auth: link dnspcap2protobuf against librt when needed
  * Fix a warning on botan >= 2.5.0
  * Auth 4.1.x: unbreak build
  * Dnsreplay: bail out on a too small outgoing buffer (CVE-2018-1046 bsc#1092540)

- add patch for upstream issue #6228
  https://patch-diff.githubusercontent.com/raw/PowerDNS/pdns/pull/6370.patch

- geoip not available on SLE15 but protobuf support is available.

- Update to 4.1.14:
  * fixes a security issue that results in leaking uninitialised
  memory through crafted zone records (CVE-2020-17482, bsc#1176535)
  Other changes since 4.1.11,
  * Raise an exception on invalid hex content in unknown records
  * stop using select() in places where FDs can be >1023
  For details, see
  https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html

- Update to 4.1.11:
  * update postgresql schema to address a possible denial of service
    by an authorized user by inserting a crafted record in a MASTER
    type zone under their control. (bsc#1142810, CVE-2019-10203)
  To fix the issue, run the following command against your PostgreSQL
  pdns database:
    ALTER TABLE domains ALTER notified_serial TYPE bigint
    USING CASE WHEN notified_serial >= 0
    THEN notified_serial::bigint END;
- spec file simplifications and cleanup

- Update to 4.1.10 with security fixes:
  * fixes a denial of service but when authorized user to cause
    the server to exit by inserting a crafted record in a MASTER
    type zone under their control. (bsc#1138582, CVE-2019-10162)
  * fixes a denial of service of slave server when an authorized
    master server sends large number of NOTIFY messages
    (bsc#1138582, CVE-2019-10163)

- Update to 4.1.9
  * #7922: by popular demand, the option to disable superslave support
    has been backported from 4.2.0 to 4.1.9
  * #7921: `pdnsutil b2b-migrate` would lose NSEC3 settings.
    This has been corrected now.

- Update to 4.1.8
  * #7604: Correctly interpret an empty AXFR response to an IXFR query,
  * #7610: Fix replying from ANY address for non-standard port,
  * #7609: Fix rectify for ENT records in narrow zones,
  * #7607: Do not compress the root,
  * #7608: Fix dot stripping in `setcontent()`,
  * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting,
  * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR,
  * #7602: Fix API search failed with ?Commands out of sync; you can?t run this command now?,
  * #7509: Plug `mysql_thread_init` memory leak,
  * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.

- Update to version 4.1.1:
  bug-fix only release, with fixes to the LDAP and MySQL backends,
  the pdnsutil tool, and PDNS internals

- Update to version 4.1.0:
  + Recursor passthrough removal. Migration plans for users of
    recursor passthrough are in documentation and available at,
    https://doc.powerdns.com/authoritative/guides/recursion.html
  + Improved performance: 4x speedup in some scenarios
  + Crypto API: DNSSEC fully configurable via RESTful API
  + Database: enhanced reconnection logic solving problems
    associated with idle disonnection from database servers.
  + Documentation improvements
  + Support for TCP Fast Open
  + Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK
- pkgconfig(krb5) is now always required for building LDAP backend
- pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed

- package schema files in ldap subpackage

- Update to version 4.0.5:
  + fixes CVE-2017-15091: Missing check on API operations
  + Bindbackend: do not corrupt data supplied by other backends in
    getAllDomains
  + For create-slave-zone, actually add all slaves, and not only
    first n times
  + Check return value for all getTSIGKey calls.
  + Publish inactive KSK/CSK as CDNSKEY/CDS
  + Treat requestor?s payload size lower than 512 as equal to 512
  + Correctly purge entries from the caches after a transfer
  + LuaWrapper: Allow embedded NULs in strings received from Lua
  + Stubresolver: Use only recursor setting if given
  + mydnsbackend: Add getAllDomains
  + LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace
  + gpgsql: make statement names actually unique
  + API: prevent sending nameservers list and zone-level NS in rrsets

- Ensure descriptions are neutral. Remove ineffective --with-pic.
- Do not ignore errors from useradd.
- Trim idempotent %if..%endif around %package.

- Added pdns.keyring linked from https://dnsdist.org/install.html

- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322)
  * upstream support for Botan was dropped in favor of OpenSSL, see
  https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released

- This makes the schema fit storage requirements of various
  mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch
- preset uid and gid in configuration

- fixed use of pdns_protobuf

- fixed use of pdns_protobuf

- added pdns-4.0.3_allow_dacoverride_in_capset.patch:
  Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3
  backend

- use individual libboost-*-devel packages instead of boost-devel

- update to 4.0.3 which obsoletes b854d9f.diff

- b854d9f.diff: revert upstream change that caused a regression
  with multiple-backends

- b854d9f.diff: revert upstream change that caused a regression
  with multiple-backends

- BuildRequire pkgconfig(libsystemd) instead of
  pkgconfig(libsystemd-daemon): these libs were merged in systemd
  209 times. The build system is capable of finding either one.

- update to 4.0.1
  Bug fixes
  - #4126 Wait for the connection to the carbon server to be established
  - #4206 Don't try to deallocate empty PG statements
  - #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer)
  - #4252 Don't include bind files if length <= 2 or > sizeof(filename)
  - #4255 Catch runtime_error when parsing a broken MNAME
  Improvements
  - #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi)
  - #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler)
  - #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler)
  - #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo)
  - #4192 dnsreplay: Only add Client Subnet stamp when asked
  - #4250 Use toLogString() for ringAccount (Kees Monshouwer)
  Additions
  - #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172)
  - #4142 Add used filedescriptor statistic (Kees Monshouwer)

- update to 4.0.0
  https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/
  https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/
- packaging changes:
  - remotebackend split out now
  - enabled experimental_gss_tsig support
  - enabled protobuf based stats support
  - no more xdb and lmdb backend
  - added odbc backend where supported
- drop pdns-3.4.0-no_date_time.patch: replaced with
  - -enable-reproducible

- update to 3.4.9
  * use OpenSSL for ECDSA signing where available
  * allow common signing key
  * Add a disable-syslog setting
  * fix SOA caching with multiple backends
  * whitespace-related zone parsing fixes [ticket #3568]
  * bindbackend: fix, set domain in list()

- update to 3.4.8
  * Use AC_SEARCH_LIBS (Ruben Kerkhof)
  * Check for inet_aton in libresolv (Ruben Kerkhof)
  * Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof)
  * pdnssec: don't check disabled records (Pieter Lexis)
  * pdnssec: check all records (including disabled ones)
    only in verbose mode (Kees Monshouwer)
  * traling dot in DNAME content (Kees Monshouwer)
  * Fix luabackend compilation on FreeBSD i386 (RvdE)
  * silence g++ 6.0 warnings and error (Kees Monshouwer)
  * add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)

- update to 3.4.7
  Bug fixes:
  * Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler)
  * Don't reply to truncated queries (Christian Hofstaedtler)
  * don't log out-of-zone ents during AXFR in (Kees Monshouwer)
  * Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien
  Cauquil at Sysdream for pointing this out.
  * Handle NULL and boolean properly in gPGSql (Aki Tuomi)
  * Improve negative caching (Kees Monshouwer)
  * Do not divide timeout twice (Aki Tuomi)
  * Correctly sort records with a priority.
  Improvements:
  * Direct query answers and correct zone-rectification in the GeoIP
  backend (Aki Tuomi)
  * Use token names to identify PKCS#11 keys (Aki Tuomi)
  * Fix typo in an error message (Arjen Zonneveld)
  * limit NSEC3 iterations in bindbackend (Kees Monshouwer)
  * Initialize minbody (Aki Tuomi)
  New features:
  * OPENPGPKEY record-type (James Cloos and Kees Monshouwer)
  * add global soa-edit settings (Kees Monshouwer)