FreeBSD Bugzilla – Attachment 232771 Details for
Bug 262879
dns/powerdns dns/powerdns-recursor: Update to 4.6.1 (fixes CVE-2022-27227) + fix building against LibreSSL
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Update PowerDNS Recursor to 4.6.1
powerdns-recursor-4.6.1.diff (text/plain), 5.88 KB, created by
Ralf van der Enden
on 2022-03-28 07:14:40 UTC
(
hide
)
Description:
Update PowerDNS Recursor to 4.6.1
Filename:
MIME Type:
Creator:
Ralf van der Enden
Created:
2022-03-28 07:14:40 UTC
Size:
5.88 KB
patch
obsolete
>diff --git a/dns/powerdns-recursor/Makefile b/dns/powerdns-recursor/Makefile >index fa938d9f3c..068f21266b 100644 >--- a/dns/powerdns-recursor/Makefile >+++ b/dns/powerdns-recursor/Makefile >@@ -1,7 +1,7 @@ > # Created by: sten@blinkenlights.nl > > PORTNAME= recursor >-DISTVERSION= 4.6.0 >+DISTVERSION= 4.6.1 > CATEGORIES= dns > MASTER_SITES= http://downloads.powerdns.com/releases/ > PKGNAMEPREFIX= powerdns- >diff --git a/dns/powerdns-recursor/distinfo b/dns/powerdns-recursor/distinfo >index 4103f40bb3..aa8ef23989 100644 >--- a/dns/powerdns-recursor/distinfo >+++ b/dns/powerdns-recursor/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1639754437 >-SHA256 (pdns-recursor-4.6.0.tar.bz2) = df06559398aebc594d2e1e27d177f981bdbbc17f968d6306a52aa7d1119fbcf2 >-SIZE (pdns-recursor-4.6.0.tar.bz2) = 1549434 >+TIMESTAMP = 1648224655 >+SHA256 (pdns-recursor-4.6.1.tar.bz2) = 7b8500908b84a87ea8a021cbff3f6c1f9ff95f0199e7c972b15b93dfb1561ceb >+SIZE (pdns-recursor-4.6.1.tar.bz2) = 1541000 >diff --git a/dns/powerdns-recursor/files/patch-credentials.cc b/dns/powerdns-recursor/files/patch-credentials.cc >new file mode 100644 >index 0000000000..4d71e65ad7 >--- /dev/null >+++ b/dns/powerdns-recursor/files/patch-credentials.cc >@@ -0,0 +1,101 @@ >+--- credentials.cc.orig 2021-11-23 18:39:17 UTC >++++ credentials.cc >+@@ -28,7 +28,7 @@ >+ #include <sodium.h> >+ #endif >+ >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ #include <openssl/evp.h> >+ #include <openssl/kdf.h> >+ #include <openssl/rand.h> >+@@ -42,7 +42,7 @@ >+ #include "credentials.hh" >+ #include "misc.hh" >+ >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ static size_t const pwhash_max_size = 128U; /* maximum size of the output */ >+ static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ >+ static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ >+@@ -95,7 +95,7 @@ void SensitiveData::clear() >+ >+ static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); >+ if (!pctx) { >+ throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); >+@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str >+ >+ static std::string generateRandomSalt() >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ /* generate a random salt */ >+ std::string salt; >+ salt.resize(pwhash_salt_size); >+@@ -159,7 +159,7 @@ static std::string generateRandomSalt() >+ >+ std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ std::string result; >+ result.reserve(pwhash_max_size); >+ >+@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, >+ >+ std::string hashPassword(const std::string& password) >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); >+ #else >+ throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); >+@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password) >+ >+ bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); >+ return constantTimeStringEquals(expected, binaryHash); >+ #else >+@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con >+ /* parse a hashed password in PHC string format */ >+ static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ auto parametersEnd = hash.find('$', pwhash_prefix.size()); >+ if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { >+ throw std::runtime_error("Invalid hashed password format, no parameters"); >+@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std >+ return false; >+ } >+ >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ std::string salt; >+ std::string hashedPassword; >+ uint64_t workFactor = 0; >+@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std >+ >+ bool isPasswordHashed(const std::string& password) >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { >+ return false; >+ } >+@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas >+ >+ bool CredentialsHolder::isHashingAvailable() >+ { >+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >+ return true; >+ #else >+ return false;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=232771">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
tremere
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 262879
:
232770
| 232771 |
232772