Created attachment 218230 [details] Update to PowerDNS Auhoritative Server 4.3.1 This release contains the fix for PowerDNS Security Advisory 2020-05 (CVE-2020-17482). More information can be found here: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html It also contains several other fixes and improvements: Improvements: - EL8 pkgs: Build mysql backend against mariadb-connector-c-devel - gpgsql: Reintroduce prepared statements - gsqlite3backend: add missing indexes - use real remote for supermaster createSlaveDomain() - Optimize IXFR-to-AXFR fallback path - Install bind SQL schema files as part of bindbackend - Do not send out of zone lookups to the backends Bug Fixes: - Raise an exception on invalid hex content in unknown records. - Handle the extra single-row result set of MySQL stored procedures Lua(JIT) knobs are now the same as for dns/dnsdist and dns/powerdns-recursor
Created attachment 218232 [details] Security advisory for VuXML (1 CVE)
*** Bug 249561 has been marked as a duplicate of this bug. ***
testbuilds@work
A commit references this bug: Author: pi Date: Mon Sep 28 09:42:56 UTC 2020 New revision: 550413 URL: https://svnweb.freebsd.org/changeset/ports/550413 Log: security/vuxml: add entry dns/powerdns below 4.3.1 - CVE-2020-17482 PR: 249560 Submitted by: Ralf van der Enden <tremere@cainites.net> Relnotes: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html Changes: head/security/vuxml/vuln.xml
Committed, thanks!
A commit references this bug: Author: pi Date: Tue Sep 29 01:46:09 UTC 2020 New revision: 550465 URL: https://svnweb.freebsd.org/changeset/ports/550465 Log: dns/powerdns: update 4.3.0 -> 4.3.1 Improvements: - EL8 pkgs: Build mysql backend against mariadb-connector-c-devel - gpgsql: Reintroduce prepared statements - gsqlite3backend: add missing indexes - use real remote for supermaster createSlaveDomain() - Optimize IXFR-to-AXFR fallback path - Install bind SQL schema files as part of bindbackend - Do not send out of zone lookups to the backends Bug Fixes: - Raise an exception on invalid hex content in unknown records. - Handle the extra single-row result set of MySQL stored procedures PR: 249560 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) Security: CVE-2020-17482 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html Relnotes: https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1 Changes: head/dns/powerdns/Makefile head/dns/powerdns/distinfo head/dns/powerdns/pkg-descr head/dns/powerdns/pkg-plist
A commit references this bug: Author: krion Date: Wed Sep 30 07:49:08 UTC 2020 New revision: 550653 URL: https://svnweb.freebsd.org/changeset/ports/550653 Log: MFH: r550465 dns/powerdns: update 4.3.0 -> 4.3.1 Improvements: - EL8 pkgs: Build mysql backend against mariadb-connector-c-devel - gpgsql: Reintroduce prepared statements - gsqlite3backend: add missing indexes - use real remote for supermaster createSlaveDomain() - Optimize IXFR-to-AXFR fallback path - Install bind SQL schema files as part of bindbackend - Do not send out of zone lookups to the backends Bug Fixes: - Raise an exception on invalid hex content in unknown records. - Handle the extra single-row result set of MySQL stored procedures PR: 249560 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) Security: CVE-2020-17482 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html Relnotes: https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1 Approved by: ports-secteam (blanket) Changes: _U branches/2020Q3/ branches/2020Q3/dns/powerdns/Makefile branches/2020Q3/dns/powerdns/distinfo branches/2020Q3/dns/powerdns/pkg-descr branches/2020Q3/dns/powerdns/pkg-plist