Bug 262879
| Summary: | dns/powerdns dns/powerdns-recursor: Update to 4.6.1 (fixes CVE-2022-27227) + fix building against LibreSSL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Ralf van der Enden <tremere> | ||||||||
| Component: | Individual Port(s) | Assignee: | Fernando Apesteguía <fernape> | ||||||||
| Status: | Closed FIXED | ||||||||||
| Severity: | Affects Many People | CC: | fernape, ports-secteam | ||||||||
| Priority: | Normal | Keywords: | security | ||||||||
| Version: | Latest | Flags: | fernape:
merge-quarterly+
|
||||||||
| Hardware: | Any | ||||||||||
| OS: | Any | ||||||||||
| URL: | https://blog.powerdns.com/2022/03/25/security-advisory-2022-01-for-powerdns-authoritative-server-4-4-2-4-5-3-4-6-0-and-powerdns-recursor-4-4-7-4-5-7-4-6-0/ | ||||||||||
| Attachments: |
|
||||||||||
Created attachment 232771 [details]
Update PowerDNS Recursor to 4.6.1
Created attachment 232772 [details]
Add entries to VuXML for both PowerDNS as PowerDNS Recursor
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=79872ab6096b3bfc3edbd2ec845698316260bd0d commit 79872ab6096b3bfc3edbd2ec845698316260bd0d Author: Ralf van der Enden <tremere@cainites.net> AuthorDate: 2022-04-05 10:08:23 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-04-06 10:29:22 +0000 dns/powerdns: update to 4.6.1 Fixes CVE-2022-27227 PR: 262879 Reported by: Ralf van der Enden <tremere@cainites.net> (maintainer) MFH: 2022Q2 (security fix) Security: CVE-2022-27227 dns/powerdns/Makefile | 2 +- dns/powerdns/distinfo | 6 +- dns/powerdns/files/patch-credentials.cc (new) | 101 ++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 4 deletions(-) A commit in branch 2022Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e44c01f03f4a6653bbab0de99cc60d861d96739d commit e44c01f03f4a6653bbab0de99cc60d861d96739d Author: Ralf van der Enden <tremere@cainites.net> AuthorDate: 2022-04-05 10:08:23 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-04-06 10:32:36 +0000 dns/powerdns: update to 4.6.1 Fixes CVE-2022-27227 PR: 262879 Reported by: Ralf van der Enden <tremere@cainites.net> (maintainer) MFH: 2022Q2 (security fix) Security: CVE-2022-27227 (cherry picked from commit 79872ab6096b3bfc3edbd2ec845698316260bd0d) dns/powerdns/Makefile | 2 +- dns/powerdns/distinfo | 6 +- dns/powerdns/files/patch-credentials.cc (new) | 101 ++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 4 deletions(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=56b664aa3d2cd0e8dbf48d26d0839d0b1aa5998f commit 56b664aa3d2cd0e8dbf48d26d0839d0b1aa5998f Author: Ralf van der Enden <tremere@cainites.net> AuthorDate: 2022-04-05 10:21:08 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-04-06 10:35:45 +0000 dns/powerdns-recursor: update to 4.6.1 Fixes CVE-2022-27227 PR: 262879 Reported by: Ralf van der Enden <tremere@cainites.net> (maintainer) MFH: 2022Q2 (security fix) Security: CVE-2022-27227 dns/powerdns-recursor/Makefile | 2 +- dns/powerdns-recursor/distinfo | 6 +- .../files/patch-credentials.cc (new) | 101 +++++++++++++++++++++ 3 files changed, 105 insertions(+), 4 deletions(-) A commit in branch 2022Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=02c45cd6d377b1cac574e32754b65052c10bfdc5 commit 02c45cd6d377b1cac574e32754b65052c10bfdc5 Author: Ralf van der Enden <tremere@cainites.net> AuthorDate: 2022-04-05 10:21:08 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-04-06 10:36:49 +0000 dns/powerdns-recursor: update to 4.6.1 Fixes CVE-2022-27227 PR: 262879 Reported by: Ralf van der Enden <tremere@cainites.net> (maintainer) MFH: 2022Q2 (security fix) Security: CVE-2022-27227 (cherry picked from commit 56b664aa3d2cd0e8dbf48d26d0839d0b1aa5998f) dns/powerdns-recursor/Makefile | 2 +- dns/powerdns-recursor/distinfo | 6 +- .../files/patch-credentials.cc (new) | 101 +++++++++++++++++++++ 3 files changed, 105 insertions(+), 4 deletions(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=bfd5d06e21859b3312d82348a8cf30a4018a8e31 commit bfd5d06e21859b3312d82348a8cf30a4018a8e31 Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2022-04-06 10:16:24 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2022-04-06 10:37:56 +0000 dns/powerdns*: document CVE-2022-27227 Related commits: 79872ab6096b3bfc3edbd2ec845698316260bd0d 56b664aa3d2cd0e8dbf48d26d0839d0b1aa5998f PR: 262879 Reported by: Ralf van der Enden <tremere@cainites.net> (maintainer) security/vuxml/vuln-2022.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) Commited and merged to 2022Q2. Thanks for this very prepared PR. Especially the vuxml entry. |
Created attachment 232770 [details] Update PowerDNS Authoritative Server to 4.6.1 This release fixes CVE-2022-27227 (see URL) and only that. Q&A: poudriere: testport ok (13.0-RELEASE;amd64;) Makefile portclippy/portmft processed