MFH: r459742

Update to version 4.1.1

• Fixes "PowerDNS Security Advisory 2018-01: Insufficient validation of DNSSEC signatures". An issue has been found in the DNSSEC validation component of PowerDNS Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be used to wrongfully prove the non-existence of a RR below the owner name of that record. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist. The 4.0.x branch is not vulnerable.

• Add support for algo16 and simplify Lua/LuaJIT engine choice.

PR: 225397
Submitted by: maintainer
Security: CVE-2018-1000003

Approved by: ports-secteam