View | Details | Raw Unified | Return to bug 267260
Collapse All | Expand All

(-)b/dns/powerdns/Makefile (-2 / +1 lines)
Lines 1-6 Link Here
1 
PORTNAME=	powerdns
 1 
PORTNAME=	powerdns
2 
DISTVERSION=	4.6.3
 2 
DISTVERSION=	4.7.0
3 
PORTREVISION=	2
4 
CATEGORIES=	dns
 3 
CATEGORIES=	dns
5 
MASTER_SITES=	https://downloads.powerdns.com/releases/
 4 
MASTER_SITES=	https://downloads.powerdns.com/releases/
6 
DISTNAME=	pdns-${DISTVERSION}
 5 
DISTNAME=	pdns-${DISTVERSION}
(-)b/dns/powerdns/distinfo (-3 / +3 lines)
Lines 1-3 Link Here
1 
TIMESTAMP = 1657734807
 1 
TIMESTAMP = 1666276032
2 
SHA256 (pdns-4.6.3.tar.bz2) = acd06b89ca01d1adf61b906604614f0e1d77a1e94eeecade8ff5d53a16db7389
 2 
SHA256 (pdns-4.7.0.tar.bz2) = b57b75b780ace64e232c6757f17a8fa617016d0128256c66f22da5f4b5e839e7
3 
SIZE (pdns-4.6.3.tar.bz2) = 1302651
 3 
SIZE (pdns-4.7.0.tar.bz2) = 1361265
(-)a/dns/powerdns/files/patch-credentials.cc (-101 lines)
Removed Link Here
1 
--- pdns/credentials.cc.orig	2021-11-23 18:39:17 UTC
2 
+++ pdns/credentials.cc
3 
@@ -28,7 +28,7 @@
4 
 #include <sodium.h>
5 
 #endif
6
7 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
8 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
9 
 #include <openssl/evp.h>
10 
 #include <openssl/kdf.h>
11 
 #include <openssl/rand.h>
12 
@@ -42,7 +42,7 @@
13 
 #include "credentials.hh"
14 
 #include "misc.hh"
15
16 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
17 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
18 
 static size_t const pwhash_max_size = 128U; /* maximum size of the output */
19 
 static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
20 
 static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
21 
@@ -95,7 +95,7 @@ void SensitiveData::clear()
22
23 
 static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
24 
 {
25 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
26 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
27 
   auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);
28 
   if (!pctx) {
29 
     throw std::runtime_error("Error getting a scrypt context to hash the supplied password");
30 
@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str
31
32 
 static std::string generateRandomSalt()
33 
 {
34 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
35 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
36 
   /* generate a random salt */
37 
   std::string salt;
38 
   salt.resize(pwhash_salt_size);
39 
@@ -159,7 +159,7 @@ static std::string generateRandomSalt()
40
41 
 std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
42 
 {
43 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
44 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
45 
   std::string result;
46 
   result.reserve(pwhash_max_size);
47
48 
@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password,
49
50 
 std::string hashPassword(const std::string& password)
51 
 {
52 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
53 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
54 
   return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);
55 
 #else
56 
   throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
57 
@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password)
58
59 
 bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword)
60 
 {
61 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
62 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
63 
   auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);
64 
   return constantTimeStringEquals(expected, binaryHash);
65 
 #else
66 
@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con
67 
 /* parse a hashed password in PHC string format */
68 
 static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize)
69 
 {
70 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
71 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
72 
   auto parametersEnd = hash.find('$', pwhash_prefix.size());
73 
   if (parametersEnd == std::string::npos || parametersEnd == hash.size()) {
74 
     throw std::runtime_error("Invalid hashed password format, no parameters");
75 
@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std
76 
     return false;
77 
   }
78
79 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
80 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
81 
   std::string salt;
82 
   std::string hashedPassword;
83 
   uint64_t workFactor = 0;
84 
@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std
85
86 
 bool isPasswordHashed(const std::string& password)
87 
 {
88 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
89 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
90 
   if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) {
91 
     return false;
92 
   }
93 
@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas
94
95 
 bool CredentialsHolder::isHashingAvailable()
96 
 {
97 
-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
98 
+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
99 
   return true;
100 
 #else
101 
   return false;
(-)b/dns/powerdns/files/patch-pdns_auth-main.cc (+13 lines)
Added Link Here
1 
--- pdns/auth-main.cc.orig	2022-10-19 09:22:23 UTC
2 
+++ pdns/auth-main.cc
3 
@@ -277,8 +277,8 @@ static void declareArguments()
4
5 
   ::arg().setSwitch("no-shuffle", "Set this to prevent random shuffling of answers - for regression testing") = "off";
6
7 
-  ::arg().set("setuid", "If set, change user id to this uid for more security") = "";
8 
-  ::arg().set("setgid", "If set, change group id to this gid for more security") = "";
9 
+  ::arg().set("setuid", "If set, change user id to this uid for more security") = "pdns";
10 
+  ::arg().set("setgid", "If set, change group id to this gid for more security") = "pdns";
11
12 
   ::arg().set("max-cache-entries", "Maximum number of entries in the query cache") = "1000000";
13 
   ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache") = "1000000";
(-)a/dns/powerdns/files/patch-pdns_common__startup.cc (-13 lines)
Removed Link Here
1 
--- pdns/common_startup.cc.orig	2020-02-24 14:34:14 UTC
2 
+++ pdns/common_startup.cc
3 
@@ -191,8 +191,8 @@ void declareArguments()
4
5 
   ::arg().setSwitch("no-shuffle","Set this to prevent random shuffling of answers - for regression testing")="off";
6
7 
-  ::arg().set("setuid","If set, change user id to this uid for more security")="";
8 
-  ::arg().set("setgid","If set, change group id to this gid for more security")="";
9 
+  ::arg().set("setuid","If set, change user id to this uid for more security")="pdns";
10 
+  ::arg().set("setgid","If set, change group id to this gid for more security")="pdns";
11
12 
   ::arg().set("max-cache-entries", "Maximum number of entries in the query cache")="1000000";
13 
   ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache")="1000000";

Return to bug 267260