Bug 239850 - dns/powerdns: Update to 4.2.0 (Fixes security vulnerability)
Summary: dns/powerdns: Update to 4.2.0 (Fixes security vulnerability)
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Kurt Jaeger
URL: https://doc.powerdns.com/authoritativ...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-14 12:24 UTC by Ralf van der Enden
Modified: 2019-09-05 16:51 UTC (History)
1 user (show)

See Also:


Attachments
Update to PowerDNS Auhoritative Server 4.1.13 (3.62 KB, patch)
2019-08-14 12:24 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff
Update to PowerDNS Authrotative Server 4.2.0 (9.05 KB, patch)
2019-09-02 13:02 UTC, Ralf van der Enden
tremere: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf van der Enden 2019-08-14 12:24:08 UTC
Created attachment 206533 [details]
Update to PowerDNS Auhoritative Server 4.1.13

4.1.13 changelog:

The 4.1.12 release was skipped due to a packaging issue.

This is a bugfix release for high traffic setups using the pipebackend or remotebackend. It contains the following changes:

gpgsqlbackend: add missing schema file to Makefile (#8157)
stop using select() in places where FDs can be >1023 (#8162)

4.1.11 changelog:

This release contains the updated PostgreSQL schema for PowerDNS Security Advisory 2019-06 (CVE-2019-10203).

Upgrading is not enough - you need to manually apply the schema change: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;

======
I've added a pkg-install file with a 10s delay which essentially says the same as mentioned in the 4.1.11 changelog. Since this is the first time a schema change is required to fix a security vulnerability I hope this is the best way to do it. If not... I'm ready to be educated :)
======

QA:
portlint: OK (looks fine.)
testport: OK (12.0, amd64)
Comment 1 Ralf van der Enden 2019-09-02 13:02:51 UTC
Created attachment 207101 [details]
Update to PowerDNS Authrotative Server 4.2.0
Comment 2 Ralf van der Enden 2019-09-02 13:05:01 UTC
In the new patch I changed the delay from 10s to 5s.
Comment 3 Kurt Jaeger freebsd_committer 2019-09-05 05:26:39 UTC
testbuilds@work
Comment 4 commit-hook freebsd_committer 2019-09-05 16:51:18 UTC
A commit references this bug:

Author: pi
Date: Thu Sep  5 16:51:06 UTC 2019
New revision: 511195
URL: https://svnweb.freebsd.org/changeset/ports/511195

Log:
  dns/powerdns: upgrade 4.1.14 -> 4.2.0

  - Please note: to fix CVE-2019-10203, upgrading is not enough
    Manually apply the schema change:
    ALTER TABLE domains ALTER notified_serial TYPE bigint
    USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;

  PR:		239850
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
  MFH:		2019Q3
  Relnotes:	https://doc.powerdns.com/authoritative/changelog/4.2.html
  		http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/
  Security:	CVE-2019-10203

Changes:
  head/dns/powerdns/Makefile
  head/dns/powerdns/distinfo
  head/dns/powerdns/files/patch-pdns_dns__random.cc
  head/dns/powerdns/files/pdns.in
  head/dns/powerdns/files/pkg-message.in
  head/dns/powerdns/pkg-install
  head/dns/powerdns/pkg-plist