MFH: r511195

dns/powerdns: upgrade 4.1.14 -> 4.2.0

- Please note: to fix CVE-2019-10203, upgrading is not enough
  Manually apply the schema change:
  ALTER TABLE domains ALTER notified_serial TYPE bigint
  USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;

PR:		239850
Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
Relnotes:	https://doc.powerdns.com/authoritative/changelog/4.2.html
		http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/
Security:	CVE-2019-10203

Approved by:	ports-secteam (implicit)

1 files changed, 42 insertions, 0 deletions

diff --git a/dns/powerdns/pkg-install b/dns/powerdns/pkg-install
new file mode 100644
index 000000000000..bbdcebe10481
--- /dev/null
+++ b/dns/powerdns/pkg-install
@@ -0,0 +1,42 @@
+#! /bin/sh
+
+# $FreeBSD$
+
+PATH=/bin:/usr/bin:/usr/sbin
+
+securitywarning() {
+cat <<EOF
+
+  === IMPORTANT FOR GPGSQL BACKEND USERS! ===
+  The following only impacts anyone using the
+  gpgsql (PostgreSQL) backend:
+
+  An issue has been found in PowerDNS
+  Authoritative Server allowing an authorized
+  user to cause the server to exit by
+  inserting a crafted record in a MASTER type
+  zone under their control. The issue is due
+  to the fact that the Authoritative Server
+  will exit when it tries to store the
+  notified serial in the PostgreSQL database,
+  if this serial cannot be represented in 31
+  bits.
+
+  To fix the issue, run the following command
+  against your PostgreSQL pdns database:
+
+  ALTER TABLE domains ALTER notified_serial
+  TYPE bigint USING CASE WHEN notified_serial
+  >= 0 THEN notified_serial::bigint END;
+
+  No software changes are required.
+  ===========================================
+EOF
+}
+
+case $2 in
+PRE-INSTALL)
+        securitywarning
+        sleep 5
+        ;;
+esac