diff options
| author | Kirill Ponomarev <krion@FreeBSD.org> | 2019-09-25 13:43:22 +0000 |
|---|---|---|
| committer | Kirill Ponomarev <krion@FreeBSD.org> | 2019-09-25 13:43:22 +0000 |
| commit | eb02344e7fddd4c3edd7b996d03d22b493b6a0d8 (patch) | |
| tree | 9270e6f6e752e2aa6e7e23e6293f4f39f4d582e0 | |
| parent | 7a47e56c0fb84efb51455697ad475f2869d489d8 (diff) | |
| download | ports-eb02344e7fddd4c3edd7b996d03d22b493b6a0d8.tar.gz ports-eb02344e7fddd4c3edd7b996d03d22b493b6a0d8.zip | |
MFH: r511195
dns/powerdns: upgrade 4.1.14 -> 4.2.0
- Please note: to fix CVE-2019-10203, upgrading is not enough
Manually apply the schema change:
ALTER TABLE domains ALTER notified_serial TYPE bigint
USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
PR: 239850
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Relnotes: https://doc.powerdns.com/authoritative/changelog/4.2.html
http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/
Security: CVE-2019-10203
Approved by: ports-secteam (implicit)
Notes
Notes:
svn path=/branches/2019Q3/; revision=512785
| -rw-r--r-- | dns/powerdns/Makefile | 52 | ||||
| -rw-r--r-- | dns/powerdns/distinfo | 6 | ||||
| -rw-r--r-- | dns/powerdns/files/patch-pdns_dns__random.cc | 12 | ||||
| -rw-r--r-- | dns/powerdns/files/pdns.in | 2 | ||||
| -rw-r--r-- | dns/powerdns/files/pkg-message.in | 6 | ||||
| -rw-r--r-- | dns/powerdns/pkg-install | 42 | ||||
| -rw-r--r-- | dns/powerdns/pkg-plist | 10 |
7 files changed, 98 insertions, 32 deletions
diff --git a/dns/powerdns/Makefile b/dns/powerdns/Makefile index 122fd1e06e0f..83fb26c65863 100644 --- a/dns/powerdns/Makefile +++ b/dns/powerdns/Makefile @@ -1,9 +1,9 @@ # $FreeBSD$ PORTNAME= powerdns -DISTVERSION= 4.1.10 +DISTVERSION= 4.2.0 CATEGORIES= dns ipv6 -MASTER_SITES= http://downloads.powerdns.com/releases/ +MASTER_SITES= https://downloads.powerdns.com/releases/ DISTNAME= pdns-${DISTVERSION} MAINTAINER= tremere@cainites.net @@ -14,11 +14,11 @@ LICENSE= GPLv2 BROKEN_powerpc64= Does not build: undefined reference to std::__throw_out_of_range_fmt BROKEN_sparc64= Does not compile: error: to_string is not a member of std -LIB_DEPENDS= libboost_serialization.so:devel/boost-libs +LIB_DEPENDS= libboost_serialization.so:devel/boost-libs \ + libcurl.so:ftp/curl USES= compiler:c++11-lib cpe gmake libtool localbase:ldflags pathfix \ pkgconfig ssl tar:bzip2 - USE_LDCONFIG= YES USE_RC_SUBR= pdns USE_SUBMAKE= YES @@ -35,27 +35,25 @@ INSTALL_TARGET= install-strip SCRIPTS_ENV= CURDIR2="${.CURDIR}" DISTNAME="${DISTNAME}" MKDIR="${MKDIR}" \ POWERDNS_OPTIONS="${POWERDNS_OPTIONS}" \ WRKDIRPREFIX="${WRKDIRPREFIX}" - SUB_FILES= pkg-message -OPTIONS_DEFINE= DOCS EXAMPLES LUAJIT MYDNS MYSQL OPENDBX OPENLDAP \ - OPTALGO PGSQL PROTOBUF REMOTE SQLITE3 TINYDNS TOOLS \ - UNIXODBC -OPTIONS_DEFAULT= MYSQL PGSQL SQLITE3 - -OPTIONS_GROUP= EXPERIMENTAL REMOTEOPT -OPTIONS_GROUP_EXPERIMENTAL= LUABACKEND +OPTIONS_DEFINE= DOCS EXAMPLES GEOIP LUABACKEND LUAJIT MYDNS \ + MYSQL OPENDBX OPENLDAP PGSQL PROTOBUF REMOTE \ + SQLITE3 TINYDNS TOOLS UNIXODBC +OPTIONS_DEFAULT= MYSQL PGSQL SQLITE3 +OPTIONS_GROUP= GEOIPOPT REMOTEOPT OPTIONS_GROUP_REMOTEOPT= ZEROMQ OPTIONS_SUB= yes -LUABACKEND_DESC= Lua backend +GEOIPOPT_DESC= GeoIP DB options +GEOIP_DESC= GeoIP backend (GeoIP2 DB) +LUABACKEND_DESC= Lua2 backend LUAJIT_DESC= Use LuaJIT instead of Lua MYDNS_DESC= MyDNS backend MYSQL_DESC= MySQL backend OPENDBX_DESC= OpenDBX backend OPENLDAP_DESC= OpenLDAP backend -OPTALGO_DESC= Enable optional algorithms (12, 15 & 16) PGSQL_DESC= PostgreSQL backend PROTOBUF_DESC= Protobuf support REMOTEOPT_DESC= Remote backend connectors @@ -65,11 +63,15 @@ TINYDNS_DESC= TinyDNS backend TOOLS_DESC= Build extra tools ZEROMQ_DESC= Enable ZeroMQ connector (Implies REMOTE enabled) -LUABACKEND_VARS= MODULES+=lua +GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb \ + libyaml-cpp.so:devel/yaml-cpp +GEOIP_VARS= MODULES+=geoip + +LUABACKEND_VARS= MODULES+=lua2 LUAJIT_LIB_DEPENDS= libluajit-5.1.so.2:lang/luajit LUAJIT_USES_OFF= lua -LUAJIT_CONFIGURE_WITH= luajit +LUAJIT_CONFIGURE_ON= --with-lua=luajit MYDNS_USES= mysql MYDNS_CONFIGURE_ON= --with-mysql=${LOCALBASE} @@ -87,13 +89,6 @@ OPENLDAP_USE= OPENLDAP=YES OPENLDAP_CXXFLAGS= -DLDAP_DEPRECATED=1 OPENLDAP_VARS= MODULES+=ldap -OPTALGO_LIB_DEPENDS= libbotan-2.so:security/botan2 \ - libdecaf.so:security/libdecaf \ - libsodium.so:security/libsodium -OPTALGO_CONFIGURE_ON= --enable-botan \ - --enable-libdecaf \ - --enable-libsodium - PGSQL_USES= pgsql PGSQL_CONFIGURE_ON= --with-pg-config=${LOCALBASE}/bin/pg_config PGSQL_VARS= MODULES+=gpgsql @@ -120,9 +115,18 @@ ZEROMQ_IMPLIES= REMOTE ZEROMQ_LIB_DEPENDS= libzmq.so:net/libzmq4 ZEROMQ_CONFIGURE_ON= --enable-remotebackend-zeromq +.include <bsd.port.pre.mk> + +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl111 +CONFIGURE_ARGS+= --with-libdecaf \ + --with-libsodium +LIB_DEPENDS+= libdecaf.so:security/libdecaf \ + libsodium.so:security/libsodium +.endif + post-install:: @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} @${STAGEDIR}${LOCALBASE}/sbin/pdns_server --module-dir=${STAGEDIR}${LOCALBASE}/lib/pdns --launch="pipe bind ${MODULES}" --config > ${STAGEDIR}${EXAMPLESDIR}/pdns.conf @${REINPLACE_CMD} -e 's;${STAGEDIR};;' -i '' ${STAGEDIR}${EXAMPLESDIR}/pdns.conf -.include <bsd.port.mk> +.include <bsd.port.post.mk> diff --git a/dns/powerdns/distinfo b/dns/powerdns/distinfo index 64f456014e46..b11af8d2f674 100644 --- a/dns/powerdns/distinfo +++ b/dns/powerdns/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1561114944 -SHA256 (pdns-4.1.10.tar.bz2) = 5a46cfde92caaaa2e85af9a15acb9ad81b56f4c8a8255c457e6938d8c0cb15c7 -SIZE (pdns-4.1.10.tar.bz2) = 1117663 +TIMESTAMP = 1567076172 +SHA256 (pdns-4.2.0.tar.bz2) = 222007f25e25aad71ac7d8b7f1797a4bcb30781e456d74ed00396e53828a903a +SIZE (pdns-4.2.0.tar.bz2) = 1249282 diff --git a/dns/powerdns/files/patch-pdns_dns__random.cc b/dns/powerdns/files/patch-pdns_dns__random.cc new file mode 100644 index 000000000000..27df80423c0a --- /dev/null +++ b/dns/powerdns/files/patch-pdns_dns__random.cc @@ -0,0 +1,12 @@ +--- pdns/dns_random.cc.orig 2018-11-29 12:53:42 UTC ++++ pdns/dns_random.cc +@@ -40,7 +40,9 @@ + #include <openssl/rand.h> + #endif + #if defined(HAVE_GETRANDOM) ++extern "C" { + #include <sys/random.h> ++} + #endif + + static enum DNS_RNG { diff --git a/dns/powerdns/files/pdns.in b/dns/powerdns/files/pdns.in index 56f8a65e6470..f79c82f862d0 100644 --- a/dns/powerdns/files/pdns.in +++ b/dns/powerdns/files/pdns.in @@ -4,7 +4,7 @@ # # PROVIDE: pdns_server -# REQUIRE: DAEMON SERVERS +# REQUIRE: DAEMON SERVERS mysql postgresql slapd # KEYWORD: shutdown # diff --git a/dns/powerdns/files/pkg-message.in b/dns/powerdns/files/pkg-message.in index 70defb2b70dd..d93c38cd25ca 100644 --- a/dns/powerdns/files/pkg-message.in +++ b/dns/powerdns/files/pkg-message.in @@ -10,9 +10,9 @@ A pdns.conf with all possible options is available in %%EXAMPLESDIR%% - --------------------------------------------- - IMPORTANT: PowerDNS Authoritive Server 3.4.0+: - --------------------------------------------- + ----------------------------------------------- + IMPORTANT: PowerDNS Authoritative Server 3.4.0+: + ----------------------------------------------- This version needs a mandatory schema change for the gmsyql, gpgsql and gsqlite3 backends. SQL statements are available in %%DOCSDIR%% or http://doc.powerdns.com diff --git a/dns/powerdns/pkg-install b/dns/powerdns/pkg-install new file mode 100644 index 000000000000..bbdcebe10481 --- /dev/null +++ b/dns/powerdns/pkg-install @@ -0,0 +1,42 @@ +#! /bin/sh + +# $FreeBSD$ + +PATH=/bin:/usr/bin:/usr/sbin + +securitywarning() { +cat <<EOF + + === IMPORTANT FOR GPGSQL BACKEND USERS! === + The following only impacts anyone using the + gpgsql (PostgreSQL) backend: + + An issue has been found in PowerDNS + Authoritative Server allowing an authorized + user to cause the server to exit by + inserting a crafted record in a MASTER type + zone under their control. The issue is due + to the fact that the Authoritative Server + will exit when it tries to store the + notified serial in the PostgreSQL database, + if this serial cannot be represented in 31 + bits. + + To fix the issue, run the following command + against your PostgreSQL pdns database: + + ALTER TABLE domains ALTER notified_serial + TYPE bigint USING CASE WHEN notified_serial + >= 0 THEN notified_serial::bigint END; + + No software changes are required. + =========================================== +EOF +} + +case $2 in +PRE-INSTALL) + securitywarning + sleep 5 + ;; +esac diff --git a/dns/powerdns/pkg-plist b/dns/powerdns/pkg-plist index fbe050f3e2cd..8aae328e5efb 100644 --- a/dns/powerdns/pkg-plist +++ b/dns/powerdns/pkg-plist @@ -4,8 +4,10 @@ bin/zone2json bin/zone2sql sbin/pdns_server %%PROTOBUF%%bin/dnspcap2protobuf +%%TOOLS%%bin/calidns %%TOOLS%%bin/dnsbulktest %%TOOLS%%bin/dnsgram +%%TOOLS%%bin/dnspcap2calidns %%TOOLS%%bin/dnsreplay %%TOOLS%%bin/dnsscan %%TOOLS%%bin/dnsscope @@ -21,7 +23,8 @@ sbin/pdns_server %%TOOLS%%bin/stubquery lib/pdns/libbindbackend.so lib/pdns/libpipebackend.so -%%LUABACKEND%%lib/pdns/libluabackend.so +%%GEOIP%%lib/pdns/libgeoipbackend.so +%%LUABACKEND%%lib/pdns/liblua2backend.so %%MYDNS%%lib/pdns/libmydnsbackend.so %%MYSQL%%lib/pdns/libgmysqlbackend.so %%OPENDBX%%lib/pdns/libopendbxbackend.so @@ -35,6 +38,7 @@ lib/pdns/libpipebackend.so %%TOOLS%%man/man1/calidns.1.gz %%TOOLS%%man/man1/dnsbulktest.1.gz %%TOOLS%%man/man1/dnsgram.1.gz +%%TOOLS%%man/man1/dnspcap2calidns.1.gz %%TOOLS%%man/man1/dnsscan.1.gz %%TOOLS%%man/man1/dumresp.1.gz %%TOOLS%%man/man1/ixplore.1.gz @@ -59,6 +63,10 @@ man/man1/zone2sql.1.gz %%PORTEXAMPLES%%@dir %%EXAMPLESDIR%% %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.mysql.sql %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.pgsql.sql +%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.0.0_schema.sqlite3.sql +%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/4.0.0_to_4.2.0_schema.sqlite3.sql +%%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.mysql.sql +%%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.pgsql.sql %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.mysql.sql %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.pgsql.sql %%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.sqlite3.sql |