diff options
author | Kirill Ponomarev <krion@FreeBSD.org> | 2019-09-25 13:43:22 +0000 |
---|---|---|
committer | Kirill Ponomarev <krion@FreeBSD.org> | 2019-09-25 13:43:22 +0000 |
commit | eb02344e7fddd4c3edd7b996d03d22b493b6a0d8 (patch) | |
tree | 9270e6f6e752e2aa6e7e23e6293f4f39f4d582e0 /dns/powerdns/pkg-install | |
parent | 7a47e56c0fb84efb51455697ad475f2869d489d8 (diff) | |
download | ports-eb02344e7fddd4c3edd7b996d03d22b493b6a0d8.tar.gz ports-eb02344e7fddd4c3edd7b996d03d22b493b6a0d8.zip |
MFH: r511195
dns/powerdns: upgrade 4.1.14 -> 4.2.0
- Please note: to fix CVE-2019-10203, upgrading is not enough
Manually apply the schema change:
ALTER TABLE domains ALTER notified_serial TYPE bigint
USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
PR: 239850
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
Relnotes: https://doc.powerdns.com/authoritative/changelog/4.2.html
http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/
Security: CVE-2019-10203
Approved by: ports-secteam (implicit)
Notes
Notes:
svn path=/branches/2019Q3/; revision=512785
Diffstat (limited to 'dns/powerdns/pkg-install')
-rw-r--r-- | dns/powerdns/pkg-install | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/dns/powerdns/pkg-install b/dns/powerdns/pkg-install new file mode 100644 index 000000000000..bbdcebe10481 --- /dev/null +++ b/dns/powerdns/pkg-install @@ -0,0 +1,42 @@ +#! /bin/sh + +# $FreeBSD$ + +PATH=/bin:/usr/bin:/usr/sbin + +securitywarning() { +cat <<EOF + + === IMPORTANT FOR GPGSQL BACKEND USERS! === + The following only impacts anyone using the + gpgsql (PostgreSQL) backend: + + An issue has been found in PowerDNS + Authoritative Server allowing an authorized + user to cause the server to exit by + inserting a crafted record in a MASTER type + zone under their control. The issue is due + to the fact that the Authoritative Server + will exit when it tries to store the + notified serial in the PostgreSQL database, + if this serial cannot be represented in 31 + bits. + + To fix the issue, run the following command + against your PostgreSQL pdns database: + + ALTER TABLE domains ALTER notified_serial + TYPE bigint USING CASE WHEN notified_serial + >= 0 THEN notified_serial::bigint END; + + No software changes are required. + =========================================== +EOF +} + +case $2 in +PRE-INSTALL) + securitywarning + sleep 5 + ;; +esac |