Attachment #131139 for bug #175185

View | Details | Raw Unified | Return to bug 175185
Collapse All | Expand All




# $FreeBSD$

PORTNAME=	powerdns
PORTVERSION=	3.2.r4
PORTREVISION?=	0
PORTEPOCH=	1
CATEGORIES=	dns ipv6

LICENSE=	GPLv2

LIB_DEPENDS=	boost_serialization.[4-9]:${PORTSDIR}/devel/boost-libs
#		botan.0:${PORTSDIR}/security/botan

USE_LUA=	5.1
LUA_COMPS=	lua


.if ${PORT_OPTIONS:MDNSSEC}
BUILD_DEPENDS+=		${LOCALBASE}/lib/libcryptopp.a:${PORTSDIR}/security/cryptopp
CONFIGURE_ARGS+=	--enable-cryptopp
.endif

post-patch:

Lines 1-2 Link Here

(-)distinfo (-2 / +2 lines)
1	SHA256 (pdns-3.2-rc1.tar.gz) = c450828c042e6c893fb8f5232b67f7808f9cbb0d09296aa11b331cfe9ed6a7dd	1	SHA256 (pdns-3.2-rc4.tar.gz) = adcf5f651811fb979f9033a3c156492c5637b3f9c872f335ac24ffa046a60934
2	SIZE (pdns-3.2-rc1.tar.gz) = 1277305	2	SIZE (pdns-3.2-rc4.tar.gz) = 1292662

Lines 1-10 Link Here

(-)files/patch-pdns__dnsreplay.cc (-10 lines)
1	--- ./pdns/dnsreplay.cc.orig 2012-12-04 13:37:13.000000000 -0500
2	+++ ./pdns/dnsreplay.cc 2012-12-04 13:37:43.000000000 -0500
3	@@ -489,7 +489,6 @@
4
5	QuestionData qd;
6	try {
7	- dnsheader* dh=(dnsheader*)pr.d_payload;
8	if(!dh->qr) {
9	qd.d_assignedID = s_idmanager.peakID();
10	uint16_t tmp=dh->id;




--- pdns/cryptoppsigners.cc	(revision 3032)
+++ pdns/cryptoppsigners.cc	(working copy)
@@ -82,18 +82,26 @@
   storvect.push_back(make_pair("PrivateKey", string((char*)buffer, sizeof(buffer))));
   return storvect;
 }
+
 template<class HASHER, class CURVE, int BITS>
 void CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap )
 {
+  AutoSeededRandomPool prng;
   privatekey_t* privateKey = new privatekey_t;
-  const CryptoPP::Integer x;
+  const CryptoPP::Integer x(reinterpret_cast<const unsigned char*>(stormap["privatekey"].c_str()), BITS/8); // well it should be this long
   CryptoPP::OID oid=CURVE();
-  privateKey->Initialize(oid, x );
+  privateKey->Initialize(oid, x);
+  bool result = privateKey->Validate(prng, 3);
+  if (!result) {
+      throw "Cannot load private key - validation failed!";
+  }
   d_key = shared_ptr<privatekey_t>(privateKey);
   publickey_t* publicKey = new publickey_t();
   d_key->MakePublicKey(*publicKey);
   d_pubkey = shared_ptr<publickey_t>(publicKey);
+  drc.d_algorithm = atoi(stormap["algorithm"].c_str());
 }
+
 template<class HASHER, class CURVE, int BITS>
 std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::getPubKeyHash() const
 {




--- pdns/backends/bind/binddnssec.cc	(revision 2874)
+++ pdns/backends/bind/binddnssec.cc	(revision 2888)
@@ -29,6 +29,4 @@
   if(!getArg("dnssec-db").empty())
     throw runtime_error("bind-dnssec-db requires building PowerDNS with SQLite3");
-
-  d_dnssecdb->setLog(::arg().mustDo("query-logging"));
 }
 
@@ -80,4 +78,6 @@
     throw runtime_error("Error opening DNSSEC database in BIND backend: "+se.txtReason());
   }
+
+  d_dnssecdb->setLog(::arg().mustDo("query-logging"));
 }
 

Lines 1-6 Link Here

(-)pkg-plist (+1 lines)
1	bin/dnsreplay	1	bin/dnsreplay
2	bin/pdns_control	2	bin/pdns_control
3	bin/pdnssec	3	bin/pdnssec
		4	bin/zone2json
4	bin/zone2ldap	5	bin/zone2ldap
5	bin/zone2sql	6	bin/zone2sql
6	sbin/pdns_server	7	sbin/pdns_server

Return to bug 175185

Lines 1-7 Link Here

(-)Makefile (-3 / +2 lines)
1	# $FreeBSD$	1	# $FreeBSD$
2		2
3	PORTNAME= powerdns	3	PORTNAME= powerdns
4	PORTVERSION= 3.2.r1	4	PORTVERSION= 3.2.r4
5	PORTREVISION?= 0	5	PORTREVISION?= 0
6	PORTEPOCH= 1	6	PORTEPOCH= 1
7	CATEGORIES= dns ipv6	7	CATEGORIES= dns ipv6
Lines 15-21 Link Here
15	LICENSE= GPLv2	15	LICENSE= GPLv2
16		16
17	LIB_DEPENDS= boost_serialization.[4-9]:${PORTSDIR}/devel/boost-libs	17	LIB_DEPENDS= boost_serialization.[4-9]:${PORTSDIR}/devel/boost-libs
18	# botan.0:${PORTSDIR}/security/botan
19		18
20	USE_LUA= 5.1	19	USE_LUA= 5.1
21	LUA_COMPS= lua	20	LUA_COMPS= lua
Lines 160-166 Link Here
160		159
161	.if ${PORT_OPTIONS:MDNSSEC}	160	.if ${PORT_OPTIONS:MDNSSEC}
162	BUILD_DEPENDS+= ${LOCALBASE}/lib/libcryptopp.a:${PORTSDIR}/security/cryptopp	161	BUILD_DEPENDS+= ${LOCALBASE}/lib/libcryptopp.a:${PORTSDIR}/security/cryptopp
163	CONFIGURE_FLAGS+= --enable-cryptopp	162	CONFIGURE_ARGS+= --enable-cryptopp
164	.endif	163	.endif
165		164
166	post-patch:	165	post-patch:

Line 0 Link Here

(-)files/patch-pdns_cryptoppsigners_cc (+31 lines)
	1	--- pdns/cryptoppsigners.cc (revision 3032)
	2	+++ pdns/cryptoppsigners.cc (working copy)
	3	@@ -82,18 +82,26 @@
	4	storvect.push_back(make_pair("PrivateKey", string((char*)buffer, sizeof(buffer))));
	5	return storvect;
	6	}
	7	+
	8	template<class HASHER, class CURVE, int BITS>
	9	void CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap )
	10	{
	11	+ AutoSeededRandomPool prng;
	12	privatekey_t* privateKey = new privatekey_t;
	13	- const CryptoPP::Integer x;
	14	+ const CryptoPP::Integer x(reinterpret_cast<const unsigned char*>(stormap["privatekey"].c_str()), BITS/8); // well it should be this long
	15	CryptoPP::OID oid=CURVE();
	16	- privateKey->Initialize(oid, x );
	17	+ privateKey->Initialize(oid, x);
	18	+ bool result = privateKey->Validate(prng, 3);
	19	+ if (!result) {
	20	+ throw "Cannot load private key - validation failed!";
	21	+ }
	22	d_key = shared_ptr<privatekey_t>(privateKey);
	23	publickey_t* publicKey = new publickey_t();
	24	d_key->MakePublicKey(*publicKey);
	25	d_pubkey = shared_ptr<publickey_t>(publicKey);
	26	+ drc.d_algorithm = atoi(stormap["algorithm"].c_str());
	27	}
	28	+
	29	template<class HASHER, class CURVE, int BITS>
	30	std::string CryptoPPECDSADNSCryptoKeyEngine<HASHER,CURVE,BITS>::getPubKeyHash() const
	31	{

Lines 1-16 Link Here

(-)files/patch-pdns_pdns_backends_bind_binddnssec_cc (-16 lines)
1	--- pdns/backends/bind/binddnssec.cc (revision 2874)
2	+++ pdns/backends/bind/binddnssec.cc (revision 2888)
3	@@ -29,6 +29,4 @@
4	if(!getArg("dnssec-db").empty())
5	throw runtime_error("bind-dnssec-db requires building PowerDNS with SQLite3");
6	-
7	- d_dnssecdb->setLog(::arg().mustDo("query-logging"));
8	}
9
10	@@ -80,4 +78,6 @@
11	throw runtime_error("Error opening DNSSEC database in BIND backend: "+se.txtReason());
12	}
13	+
14	+ d_dnssecdb->setLog(::arg().mustDo("query-logging"));
15	}
16