FreeBSD Bugzilla – Attachment 207101 Details for
Bug 239850
dns/powerdns: Update to 4.2.0 (Fixes security vulnerability)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Update to PowerDNS Authrotative Server 4.2.0
powerdns-4.2.0.diff (text/plain), 9.05 KB, created by
Ralf van der Enden
on 2019-09-02 13:02:51 UTC
(
hide
)
Description:
Update to PowerDNS Authrotative Server 4.2.0
Filename:
MIME Type:
Creator:
Ralf van der Enden
Created:
2019-09-02 13:02:51 UTC
Size:
9.05 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 510767) >+++ Makefile (working copy) >@@ -1,10 +1,9 @@ > # $FreeBSD$ > > PORTNAME= powerdns >-DISTVERSION= 4.1.10 >-PORTREVISION= 4 >+DISTVERSION= 4.2.0 > CATEGORIES= dns ipv6 >-MASTER_SITES= http://downloads.powerdns.com/releases/ >+MASTER_SITES= https://downloads.powerdns.com/releases/ > DISTNAME= pdns-${DISTVERSION} > > MAINTAINER= tremere@cainites.net >@@ -14,11 +13,11 @@ > > BROKEN_sparc64= Does not compile: error: to_string is not a member of std > >-LIB_DEPENDS= libboost_serialization.so:devel/boost-libs >+LIB_DEPENDS= libboost_serialization.so:devel/boost-libs \ >+ libcurl.so:ftp/curl > > USES= compiler:c++11-lib cpe gmake libtool localbase:ldflags pathfix \ > pkgconfig ssl tar:bzip2 >- > USE_LDCONFIG= YES > USE_RC_SUBR= pdns > USE_SUBMAKE= YES >@@ -35,27 +34,25 @@ > SCRIPTS_ENV= CURDIR2="${.CURDIR}" DISTNAME="${DISTNAME}" MKDIR="${MKDIR}" \ > POWERDNS_OPTIONS="${POWERDNS_OPTIONS}" \ > WRKDIRPREFIX="${WRKDIRPREFIX}" >- > SUB_FILES= pkg-message > >-OPTIONS_DEFINE= DOCS EXAMPLES LUAJIT MYDNS MYSQL OPENDBX OPENLDAP \ >- OPTALGO PGSQL PROTOBUF REMOTE SQLITE3 TINYDNS TOOLS \ >- UNIXODBC >-OPTIONS_DEFAULT= MYSQL PGSQL SQLITE3 >- >-OPTIONS_GROUP= EXPERIMENTAL REMOTEOPT >-OPTIONS_GROUP_EXPERIMENTAL= LUABACKEND >+OPTIONS_DEFINE= DOCS EXAMPLES GEOIP LUABACKEND LUAJIT MYDNS \ >+ MYSQL OPENDBX OPENLDAP PGSQL PROTOBUF REMOTE \ >+ SQLITE3 TINYDNS TOOLS UNIXODBC >+OPTIONS_DEFAULT= MYSQL PGSQL SQLITE3 >+OPTIONS_GROUP= GEOIPOPT REMOTEOPT > OPTIONS_GROUP_REMOTEOPT= ZEROMQ > > OPTIONS_SUB= yes > >-LUABACKEND_DESC= Lua backend >+GEOIPOPT_DESC= GeoIP DB options >+GEOIP_DESC= GeoIP backend (GeoIP2 DB) >+LUABACKEND_DESC= Lua2 backend > LUAJIT_DESC= Use LuaJIT instead of Lua > MYDNS_DESC= MyDNS backend > MYSQL_DESC= MySQL backend > OPENDBX_DESC= OpenDBX backend > OPENLDAP_DESC= OpenLDAP backend >-OPTALGO_DESC= Enable optional algorithms (12, 15 & 16) > PGSQL_DESC= PostgreSQL backend > PROTOBUF_DESC= Protobuf support > REMOTEOPT_DESC= Remote backend connectors >@@ -65,11 +62,15 @@ > TOOLS_DESC= Build extra tools > ZEROMQ_DESC= Enable ZeroMQ connector (Implies REMOTE enabled) > >-LUABACKEND_VARS= MODULES+=lua >+GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb \ >+ libyaml-cpp.so:devel/yaml-cpp >+GEOIP_VARS= MODULES+=geoip > >+LUABACKEND_VARS= MODULES+=lua2 >+ > LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit > LUAJIT_USES_OFF= lua >-LUAJIT_CONFIGURE_WITH= luajit >+LUAJIT_CONFIGURE_ON= --with-lua=luajit > > MYDNS_USES= mysql > MYDNS_CONFIGURE_ON= --with-mysql=${LOCALBASE} >@@ -87,13 +88,6 @@ > OPENLDAP_CXXFLAGS= -DLDAP_DEPRECATED=1 > OPENLDAP_VARS= MODULES+=ldap > >-OPTALGO_LIB_DEPENDS= libbotan-2.so:security/botan2 \ >- libdecaf.so:security/libdecaf \ >- libsodium.so:security/libsodium >-OPTALGO_CONFIGURE_ON= --enable-botan \ >- --enable-libdecaf \ >- --enable-libsodium >- > PGSQL_USES= pgsql > PGSQL_CONFIGURE_ON= --with-pg-config=${LOCALBASE}/bin/pg_config > PGSQL_VARS= MODULES+=gpgsql >@@ -120,9 +114,18 @@ > ZEROMQ_LIB_DEPENDS= libzmq.so:net/libzmq4 > ZEROMQ_CONFIGURE_ON= --enable-remotebackend-zeromq > >+.include <bsd.port.pre.mk> >+ >+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl111 >+CONFIGURE_ARGS+= --with-libdecaf \ >+ --with-libsodium >+LIB_DEPENDS+= libdecaf.so:security/libdecaf \ >+ libsodium.so:security/libsodium >+.endif >+ > post-install:: > @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} > @${STAGEDIR}${LOCALBASE}/sbin/pdns_server --module-dir=${STAGEDIR}${LOCALBASE}/lib/pdns --launch="pipe bind ${MODULES}" --config > ${STAGEDIR}${EXAMPLESDIR}/pdns.conf > @${REINPLACE_CMD} -e 's;${STAGEDIR};;' -i '' ${STAGEDIR}${EXAMPLESDIR}/pdns.conf > >-.include <bsd.port.mk> >+.include <bsd.port.post.mk> >Index: distinfo >=================================================================== >--- distinfo (revision 510767) >+++ distinfo (working copy) >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1561114944 >-SHA256 (pdns-4.1.10.tar.bz2) = 5a46cfde92caaaa2e85af9a15acb9ad81b56f4c8a8255c457e6938d8c0cb15c7 >-SIZE (pdns-4.1.10.tar.bz2) = 1117663 >+TIMESTAMP = 1567076172 >+SHA256 (pdns-4.2.0.tar.bz2) = 222007f25e25aad71ac7d8b7f1797a4bcb30781e456d74ed00396e53828a903a >+SIZE (pdns-4.2.0.tar.bz2) = 1249282 >Index: files/patch-pdns_dns__random.cc >=================================================================== >--- files/patch-pdns_dns__random.cc (nonexistent) >+++ files/patch-pdns_dns__random.cc (working copy) >@@ -0,0 +1,12 @@ >+--- pdns/dns_random.cc.orig 2018-11-29 12:53:42 UTC >++++ pdns/dns_random.cc >+@@ -40,7 +40,9 @@ >+ #include <openssl/rand.h> >+ #endif >+ #if defined(HAVE_GETRANDOM) >++extern "C" { >+ #include <sys/random.h> >++} >+ #endif >+ >+ static enum DNS_RNG { > >Property changes on: files/patch-pdns_dns__random.cc >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/pdns.in >=================================================================== >--- files/pdns.in (revision 510767) >+++ files/pdns.in (working copy) >@@ -4,7 +4,7 @@ > # > > # PROVIDE: pdns_server >-# REQUIRE: DAEMON SERVERS >+# REQUIRE: DAEMON SERVERS mysql postgresql slapd > # KEYWORD: shutdown > > # >Index: files/pkg-message.in >=================================================================== >--- files/pkg-message.in (revision 510767) >+++ files/pkg-message.in (working copy) >@@ -15,9 +15,9 @@ > { type: upgrade > maximum_versio: 3.4 > message: <<EOM >- --------------------------------------------- >- IMPORTANT: PowerDNS Authoritive Server 3.4.0+: >- --------------------------------------------- >+ ----------------------------------------------- >+ IMPORTANT: PowerDNS Authoritative Server 3.4.0+: >+ ----------------------------------------------- > This version needs a mandatory schema change for the gmsyql, > gpgsql and gsqlite3 backends. SQL statements are available in > %%DOCSDIR%% or http://doc.powerdns.com >Index: pkg-install >=================================================================== >--- pkg-install (nonexistent) >+++ pkg-install (working copy) >@@ -0,0 +1,42 @@ >+#! /bin/sh >+ >+# $FreeBSD$ >+ >+PATH=/bin:/usr/bin:/usr/sbin >+ >+securitywarning() { >+cat <<EOF >+ >+ === IMPORTANT FOR GPGSQL BACKEND USERS! === >+ The following only impacts anyone using the >+ gpgsql (PostgreSQL) backend: >+ >+ An issue has been found in PowerDNS >+ Authoritative Server allowing an authorized >+ user to cause the server to exit by >+ inserting a crafted record in a MASTER type >+ zone under their control. The issue is due >+ to the fact that the Authoritative Server >+ will exit when it tries to store the >+ notified serial in the PostgreSQL database, >+ if this serial cannot be represented in 31 >+ bits. >+ >+ To fix the issue, run the following command >+ against your PostgreSQL pdns database: >+ >+ ALTER TABLE domains ALTER notified_serial >+ TYPE bigint USING CASE WHEN notified_serial >+ >= 0 THEN notified_serial::bigint END; >+ >+ No software changes are required. >+ =========================================== >+EOF >+} >+ >+case $2 in >+PRE-INSTALL) >+ securitywarning >+ sleep 5 >+ ;; >+esac > >Property changes on: pkg-install >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: pkg-plist >=================================================================== >--- pkg-plist (revision 510767) >+++ pkg-plist (working copy) >@@ -4,8 +4,10 @@ > bin/zone2sql > sbin/pdns_server > %%PROTOBUF%%bin/dnspcap2protobuf >+%%TOOLS%%bin/calidns > %%TOOLS%%bin/dnsbulktest > %%TOOLS%%bin/dnsgram >+%%TOOLS%%bin/dnspcap2calidns > %%TOOLS%%bin/dnsreplay > %%TOOLS%%bin/dnsscan > %%TOOLS%%bin/dnsscope >@@ -21,7 +23,8 @@ > %%TOOLS%%bin/stubquery > lib/pdns/libbindbackend.so > lib/pdns/libpipebackend.so >-%%LUABACKEND%%lib/pdns/libluabackend.so >+%%GEOIP%%lib/pdns/libgeoipbackend.so >+%%LUABACKEND%%lib/pdns/liblua2backend.so > %%MYDNS%%lib/pdns/libmydnsbackend.so > %%MYSQL%%lib/pdns/libgmysqlbackend.so > %%OPENDBX%%lib/pdns/libopendbxbackend.so >@@ -35,6 +38,7 @@ > %%TOOLS%%man/man1/calidns.1.gz > %%TOOLS%%man/man1/dnsbulktest.1.gz > %%TOOLS%%man/man1/dnsgram.1.gz >+%%TOOLS%%man/man1/dnspcap2calidns.1.gz > %%TOOLS%%man/man1/dnsscan.1.gz > %%TOOLS%%man/man1/dumresp.1.gz > %%TOOLS%%man/man1/ixplore.1.gz >@@ -59,6 +63,10 @@ > %%PORTEXAMPLES%%@dir %%EXAMPLESDIR%% > %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.mysql.sql > %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.pgsql.sql >+%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.0.0_schema.sqlite3.sql >+%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/4.0.0_to_4.2.0_schema.sqlite3.sql >+%%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.mysql.sql >+%%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.pgsql.sql > %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.mysql.sql > %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.pgsql.sql > %%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.sqlite3.sql
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
tremere
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 239850
:
206533
| 207101