From owner-svn-ports-all@freebsd.org  Wed Sep 25 13:43:24 2019
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id E0E39127996;
 Wed, 25 Sep 2019 13:43:24 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46dfQh5fBxz3QSC;
 Wed, 25 Sep 2019 13:43:24 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A5FF41890C;
 Wed, 25 Sep 2019 13:43:24 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x8PDhOwE028446;
 Wed, 25 Sep 2019 13:43:24 GMT (envelope-from krion@FreeBSD.org)
Received: (from krion@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x8PDhNhu028437;
 Wed, 25 Sep 2019 13:43:23 GMT (envelope-from krion@FreeBSD.org)
Message-Id: <201909251343.x8PDhNhu028437@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: krion set sender to
 krion@FreeBSD.org using -f
From: Kirill Ponomarev <krion@FreeBSD.org>
Date: Wed, 25 Sep 2019 13:43:23 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r512785 - in branches/2019Q3/dns/powerdns: . files
X-SVN-Group: ports-branches
X-SVN-Commit-Author: krion
X-SVN-Commit-Paths: in branches/2019Q3/dns/powerdns: . files
X-SVN-Commit-Revision: 512785
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2019 13:43:24 -0000

Author: krion
Date: Wed Sep 25 13:43:22 2019
New Revision: 512785
URL: https://svnweb.freebsd.org/changeset/ports/512785

Log:
  MFH: r511195
  
  dns/powerdns: upgrade 4.1.14 -> 4.2.0
  
  - Please note: to fix CVE-2019-10203, upgrading is not enough
    Manually apply the schema change:
    ALTER TABLE domains ALTER notified_serial TYPE bigint
    USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
  
  PR:		239850
  Submitted by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
  Relnotes:	https://doc.powerdns.com/authoritative/changelog/4.2.html
  		http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/
  Security:	CVE-2019-10203
  
  Approved by:	ports-secteam (implicit)

Added:
  branches/2019Q3/dns/powerdns/files/patch-pdns_dns__random.cc
     - copied unchanged from r511195, head/dns/powerdns/files/patch-pdns_dns__random.cc
  branches/2019Q3/dns/powerdns/pkg-install
     - copied unchanged from r511195, head/dns/powerdns/pkg-install
Modified:
  branches/2019Q3/dns/powerdns/Makefile
  branches/2019Q3/dns/powerdns/distinfo
  branches/2019Q3/dns/powerdns/files/pdns.in
  branches/2019Q3/dns/powerdns/files/pkg-message.in
  branches/2019Q3/dns/powerdns/pkg-plist
Directory Properties:
  branches/2019Q3/   (props changed)

Modified: branches/2019Q3/dns/powerdns/Makefile
==============================================================================
--- branches/2019Q3/dns/powerdns/Makefile	Wed Sep 25 12:16:40 2019	(r512784)
+++ branches/2019Q3/dns/powerdns/Makefile	Wed Sep 25 13:43:22 2019	(r512785)
@@ -1,9 +1,9 @@
 # $FreeBSD$
 
 PORTNAME=	powerdns
-DISTVERSION=	4.1.10
+DISTVERSION=	4.2.0
 CATEGORIES=	dns ipv6
-MASTER_SITES=	http://downloads.powerdns.com/releases/
+MASTER_SITES=	https://downloads.powerdns.com/releases/
 DISTNAME=	pdns-${DISTVERSION}
 
 MAINTAINER=	tremere@cainites.net
@@ -14,11 +14,11 @@ LICENSE=	GPLv2
 BROKEN_powerpc64=	Does not build: undefined reference to std::__throw_out_of_range_fmt
 BROKEN_sparc64=		Does not compile: error: to_string is not a member of std
 
-LIB_DEPENDS=	libboost_serialization.so:devel/boost-libs
+LIB_DEPENDS=	libboost_serialization.so:devel/boost-libs \
+		libcurl.so:ftp/curl
 
 USES=		compiler:c++11-lib cpe gmake libtool localbase:ldflags pathfix \
 		pkgconfig ssl tar:bzip2
-
 USE_LDCONFIG=	YES
 USE_RC_SUBR=	pdns
 USE_SUBMAKE=	YES
@@ -35,27 +35,25 @@ INSTALL_TARGET=	install-strip
 SCRIPTS_ENV=	CURDIR2="${.CURDIR}" DISTNAME="${DISTNAME}" MKDIR="${MKDIR}" \
 		POWERDNS_OPTIONS="${POWERDNS_OPTIONS}" \
 		WRKDIRPREFIX="${WRKDIRPREFIX}"
-
 SUB_FILES=	pkg-message
 
-OPTIONS_DEFINE=		DOCS EXAMPLES LUAJIT MYDNS MYSQL OPENDBX OPENLDAP \
-			OPTALGO PGSQL PROTOBUF REMOTE SQLITE3 TINYDNS TOOLS \
-			UNIXODBC
-OPTIONS_DEFAULT=	MYSQL PGSQL SQLITE3
-
-OPTIONS_GROUP=			EXPERIMENTAL REMOTEOPT
-OPTIONS_GROUP_EXPERIMENTAL=	LUABACKEND
+OPTIONS_DEFINE=			DOCS EXAMPLES GEOIP LUABACKEND LUAJIT MYDNS \
+				MYSQL OPENDBX OPENLDAP PGSQL PROTOBUF REMOTE \
+				SQLITE3 TINYDNS TOOLS UNIXODBC
+OPTIONS_DEFAULT=		MYSQL PGSQL SQLITE3
+OPTIONS_GROUP=			GEOIPOPT REMOTEOPT
 OPTIONS_GROUP_REMOTEOPT=	ZEROMQ
 
 OPTIONS_SUB=	yes
 
-LUABACKEND_DESC=	Lua backend
+GEOIPOPT_DESC=		GeoIP DB options
+GEOIP_DESC=		GeoIP backend (GeoIP2 DB)
+LUABACKEND_DESC=	Lua2 backend
 LUAJIT_DESC=		Use LuaJIT instead of Lua
 MYDNS_DESC=		MyDNS backend
 MYSQL_DESC=		MySQL backend
 OPENDBX_DESC=		OpenDBX backend
 OPENLDAP_DESC=		OpenLDAP backend
-OPTALGO_DESC=		Enable optional algorithms (12, 15 & 16)
 PGSQL_DESC=		PostgreSQL backend
 PROTOBUF_DESC=		Protobuf support
 REMOTEOPT_DESC=		Remote backend connectors
@@ -65,11 +63,15 @@ TINYDNS_DESC=		TinyDNS backend
 TOOLS_DESC=		Build extra tools
 ZEROMQ_DESC=		Enable ZeroMQ connector (Implies REMOTE enabled)
 
-LUABACKEND_VARS=	MODULES+=lua
+GEOIP_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb \
+			libyaml-cpp.so:devel/yaml-cpp
+GEOIP_VARS=		MODULES+=geoip
 
+LUABACKEND_VARS=	MODULES+=lua2
+
 LUAJIT_LIB_DEPENDS=	libluajit-5.1.so.2:lang/luajit
 LUAJIT_USES_OFF=	lua
-LUAJIT_CONFIGURE_WITH=	luajit
+LUAJIT_CONFIGURE_ON=	--with-lua=luajit
 
 MYDNS_USES=		mysql
 MYDNS_CONFIGURE_ON=	--with-mysql=${LOCALBASE}
@@ -87,13 +89,6 @@ OPENLDAP_USE=		OPENLDAP=YES
 OPENLDAP_CXXFLAGS=	-DLDAP_DEPRECATED=1
 OPENLDAP_VARS=		MODULES+=ldap
 
-OPTALGO_LIB_DEPENDS=	libbotan-2.so:security/botan2 \
-			libdecaf.so:security/libdecaf \
-			libsodium.so:security/libsodium
-OPTALGO_CONFIGURE_ON=	--enable-botan \
-			--enable-libdecaf \
-			--enable-libsodium
-
 PGSQL_USES=		pgsql
 PGSQL_CONFIGURE_ON=	--with-pg-config=${LOCALBASE}/bin/pg_config
 PGSQL_VARS=		MODULES+=gpgsql
@@ -120,9 +115,18 @@ ZEROMQ_IMPLIES=		REMOTE
 ZEROMQ_LIB_DEPENDS=	libzmq.so:net/libzmq4
 ZEROMQ_CONFIGURE_ON=	--enable-remotebackend-zeromq
 
+.include <bsd.port.pre.mk>
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} != openssl111
+CONFIGURE_ARGS+=	--with-libdecaf \
+			--with-libsodium
+LIB_DEPENDS+=		libdecaf.so:security/libdecaf \
+			libsodium.so:security/libsodium
+.endif
+
 post-install::
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 	@${STAGEDIR}${LOCALBASE}/sbin/pdns_server --module-dir=${STAGEDIR}${LOCALBASE}/lib/pdns --launch="pipe bind ${MODULES}" --config > ${STAGEDIR}${EXAMPLESDIR}/pdns.conf
 	@${REINPLACE_CMD} -e 's;${STAGEDIR};;' -i '' ${STAGEDIR}${EXAMPLESDIR}/pdns.conf
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>

Modified: branches/2019Q3/dns/powerdns/distinfo
==============================================================================
--- branches/2019Q3/dns/powerdns/distinfo	Wed Sep 25 12:16:40 2019	(r512784)
+++ branches/2019Q3/dns/powerdns/distinfo	Wed Sep 25 13:43:22 2019	(r512785)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1561114944
-SHA256 (pdns-4.1.10.tar.bz2) = 5a46cfde92caaaa2e85af9a15acb9ad81b56f4c8a8255c457e6938d8c0cb15c7
-SIZE (pdns-4.1.10.tar.bz2) = 1117663
+TIMESTAMP = 1567076172
+SHA256 (pdns-4.2.0.tar.bz2) = 222007f25e25aad71ac7d8b7f1797a4bcb30781e456d74ed00396e53828a903a
+SIZE (pdns-4.2.0.tar.bz2) = 1249282

Copied: branches/2019Q3/dns/powerdns/files/patch-pdns_dns__random.cc (from r511195, head/dns/powerdns/files/patch-pdns_dns__random.cc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2019Q3/dns/powerdns/files/patch-pdns_dns__random.cc	Wed Sep 25 13:43:22 2019	(r512785, copy of r511195, head/dns/powerdns/files/patch-pdns_dns__random.cc)
@@ -0,0 +1,12 @@
+--- pdns/dns_random.cc.orig	2018-11-29 12:53:42 UTC
++++ pdns/dns_random.cc
+@@ -40,7 +40,9 @@
+ #include <openssl/rand.h>
+ #endif
+ #if defined(HAVE_GETRANDOM)
++extern "C" {
+ #include <sys/random.h>
++}
+ #endif
+ 
+ static enum DNS_RNG {

Modified: branches/2019Q3/dns/powerdns/files/pdns.in
==============================================================================
--- branches/2019Q3/dns/powerdns/files/pdns.in	Wed Sep 25 12:16:40 2019	(r512784)
+++ branches/2019Q3/dns/powerdns/files/pdns.in	Wed Sep 25 13:43:22 2019	(r512785)
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: pdns_server
-# REQUIRE: DAEMON SERVERS
+# REQUIRE: DAEMON SERVERS mysql postgresql slapd
 # KEYWORD: shutdown
 
 #

Modified: branches/2019Q3/dns/powerdns/files/pkg-message.in
==============================================================================
--- branches/2019Q3/dns/powerdns/files/pkg-message.in	Wed Sep 25 12:16:40 2019	(r512784)
+++ branches/2019Q3/dns/powerdns/files/pkg-message.in	Wed Sep 25 13:43:22 2019	(r512785)
@@ -10,9 +10,9 @@
  A pdns.conf with all possible options is available in
  %%EXAMPLESDIR%%
 
- ---------------------------------------------
- IMPORTANT: PowerDNS Authoritive Server 3.4.0+:
- ---------------------------------------------
+ -----------------------------------------------
+ IMPORTANT: PowerDNS Authoritative Server 3.4.0+:
+ -----------------------------------------------
  This version needs a mandatory schema change for the gmsyql,
  gpgsql and gsqlite3 backends. SQL statements are available in
  %%DOCSDIR%% or http://doc.powerdns.com

Copied: branches/2019Q3/dns/powerdns/pkg-install (from r511195, head/dns/powerdns/pkg-install)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2019Q3/dns/powerdns/pkg-install	Wed Sep 25 13:43:22 2019	(r512785, copy of r511195, head/dns/powerdns/pkg-install)
@@ -0,0 +1,42 @@
+#! /bin/sh
+
+# $FreeBSD$
+
+PATH=/bin:/usr/bin:/usr/sbin
+
+securitywarning() {
+cat <<EOF
+
+  === IMPORTANT FOR GPGSQL BACKEND USERS! ===
+  The following only impacts anyone using the
+  gpgsql (PostgreSQL) backend:
+
+  An issue has been found in PowerDNS
+  Authoritative Server allowing an authorized
+  user to cause the server to exit by
+  inserting a crafted record in a MASTER type
+  zone under their control. The issue is due
+  to the fact that the Authoritative Server
+  will exit when it tries to store the
+  notified serial in the PostgreSQL database,
+  if this serial cannot be represented in 31
+  bits.
+
+  To fix the issue, run the following command
+  against your PostgreSQL pdns database:
+
+  ALTER TABLE domains ALTER notified_serial
+  TYPE bigint USING CASE WHEN notified_serial
+  >= 0 THEN notified_serial::bigint END;
+
+  No software changes are required.
+  ===========================================
+EOF
+}
+
+case $2 in
+PRE-INSTALL)
+        securitywarning
+        sleep 5
+        ;;
+esac

Modified: branches/2019Q3/dns/powerdns/pkg-plist
==============================================================================
--- branches/2019Q3/dns/powerdns/pkg-plist	Wed Sep 25 12:16:40 2019	(r512784)
+++ branches/2019Q3/dns/powerdns/pkg-plist	Wed Sep 25 13:43:22 2019	(r512785)
@@ -4,8 +4,10 @@ bin/zone2json
 bin/zone2sql
 sbin/pdns_server
 %%PROTOBUF%%bin/dnspcap2protobuf
+%%TOOLS%%bin/calidns
 %%TOOLS%%bin/dnsbulktest
 %%TOOLS%%bin/dnsgram
+%%TOOLS%%bin/dnspcap2calidns
 %%TOOLS%%bin/dnsreplay
 %%TOOLS%%bin/dnsscan
 %%TOOLS%%bin/dnsscope
@@ -21,7 +23,8 @@ sbin/pdns_server
 %%TOOLS%%bin/stubquery
 lib/pdns/libbindbackend.so
 lib/pdns/libpipebackend.so
-%%LUABACKEND%%lib/pdns/libluabackend.so
+%%GEOIP%%lib/pdns/libgeoipbackend.so
+%%LUABACKEND%%lib/pdns/liblua2backend.so
 %%MYDNS%%lib/pdns/libmydnsbackend.so
 %%MYSQL%%lib/pdns/libgmysqlbackend.so
 %%OPENDBX%%lib/pdns/libopendbxbackend.so
@@ -35,6 +38,7 @@ lib/pdns/libpipebackend.so
 %%TOOLS%%man/man1/calidns.1.gz
 %%TOOLS%%man/man1/dnsbulktest.1.gz
 %%TOOLS%%man/man1/dnsgram.1.gz
+%%TOOLS%%man/man1/dnspcap2calidns.1.gz
 %%TOOLS%%man/man1/dnsscan.1.gz
 %%TOOLS%%man/man1/dumresp.1.gz
 %%TOOLS%%man/man1/ixplore.1.gz
@@ -59,6 +63,10 @@ man/man1/zone2sql.1.gz
 %%PORTEXAMPLES%%@dir %%EXAMPLESDIR%%
 %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.mysql.sql
 %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.1.0_schema.pgsql.sql
+%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/3.4.0_to_4.0.0_schema.sqlite3.sql
+%%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/4.0.0_to_4.2.0_schema.sqlite3.sql
+%%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.mysql.sql
+%%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/4.1.0_to_4.2.0_schema.pgsql.sql
 %%MYSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.mysql.sql
 %%PGSQL%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.pgsql.sql
 %%SQLITE3%%%%PORTDOCS%%%%DOCSDIR%%/dnssec-3.x_to_3.4.0_schema.sqlite3.sql