Created attachment 206533 [details]
Update to PowerDNS Auhoritative Server 4.1.13
The 4.1.12 release was skipped due to a packaging issue.
This is a bugfix release for high traffic setups using the pipebackend or remotebackend. It contains the following changes:
gpgsqlbackend: add missing schema file to Makefile (#8157)
stop using select() in places where FDs can be >1023 (#8162)
This release contains the updated PostgreSQL schema for PowerDNS Security Advisory 2019-06 (CVE-2019-10203).
Upgrading is not enough - you need to manually apply the schema change: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
I've added a pkg-install file with a 10s delay which essentially says the same as mentioned in the 4.1.11 changelog. Since this is the first time a schema change is required to fix a security vulnerability I hope this is the best way to do it. If not... I'm ready to be educated :)
portlint: OK (looks fine.)
testport: OK (12.0, amd64)
Created attachment 207101 [details]
Update to PowerDNS Authrotative Server 4.2.0
In the new patch I changed the delay from 10s to 5s.
A commit references this bug:
Date: Thu Sep 5 16:51:06 UTC 2019
New revision: 511195
dns/powerdns: upgrade 4.1.14 -> 4.2.0
- Please note: to fix CVE-2019-10203, upgrading is not enough
Manually apply the schema change:
ALTER TABLE domains ALTER notified_serial TYPE bigint
USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
Submitted by: Ralf van der Enden <email@example.com> (maintainer)