Page MenuHomeFreeBSD

dns/powerdns: Update to 4.4.0
ClosedPublic

Authored by otis on Dec 19 2020, 2:26 PM.
Tags
None
Referenced Files
F86740957: D27680.diff
Mon, Jun 24, 8:52 PM
F86712982: D27680.id81124.diff
Mon, Jun 24, 10:46 AM
Unknown Object (File)
May 21 2024, 6:03 PM
Unknown Object (File)
May 21 2024, 1:57 PM
Unknown Object (File)
May 17 2024, 11:51 PM
Unknown Object (File)
May 7 2024, 1:48 AM
Unknown Object (File)
Apr 26 2024, 3:07 AM
Unknown Object (File)
Jan 17 2024, 4:18 PM

Details

Summary

dns/powerdns: Update to 4.4.0

Changes:

  • This release drops GSS/TSIG support, please see PowerDNS Security Advisory 2020-06.
  • New features:
    • the LMDB backend now supports long record content, making it production ready for everybody
    • the SVCB and HTTPS record types are supported, with limited additional processing transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes a new setting (consistent-backends) offers a roughly 30% speedup, subject to conditions
    • we finally emit Prometheus metrics!
  • Improvements:
    • don’t log trusted-notification-proxy notify at error level
    • Stop using incbin and use od & sed to generate constant string data.
  • Bug Fixes:
    • clear the LMDB set state when performing a new lookup or list to prevent corruption cases
    • SVCB: Correctly parse and print unknown params
    • fix direct-dnskey in AXFR-out

Please make sure to read the upgrade notes before upgrading:
https://doc.powerdns.com/authoritative/upgrading.html

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

otis requested review of this revision.Dec 19 2020, 2:26 PM

Because of a security update of the port, an update of security/vuxml is required.

From the security advisory:
Affects: PowerDNS Authoritative versions before 4.4.0, when compiled with –enable-experimental-gss-tsig

The port never built using that configure flag. I'd be happy to supply an update to VuXML, but IMO it's not necessary.

From the security advisory:
Affects: PowerDNS Authoritative versions before 4.4.0, when compiled with –enable-experimental-gss-tsig

The port never built using that configure flag. I'd be happy to supply an update to VuXML, but IMO it's not necessary.

You are right. Looks good to me, then.

My thoughts are it's better to add a record about that CVE to our vuln.xml, so that record provides correct information what is vulnerable and what is not to avoid any questions in the future.

@swills what's your thoughts?

@swills could you please provide an update, thanks!

@osa I'll construct and commit a vulnxm entries (except from dns/powerdns also for mail/postsrsd)

This revision is now accepted and ready to land.Dec 22 2020, 5:28 AM
This revision was automatically updated to reflect the committed changes.