FreeBSD Bugzilla – Attachment 236967 Details for
Bug 266722
dns/dnsdist: enable scrypt & hash functions everywhere
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
make it so
dnsdist.patch (text/plain), 7.78 KB, created by
Dave Cottlehuber
on 2022-09-30 12:03:58 UTC
(
hide
)
Description:
make it so
Filename:
MIME Type:
Creator:
Dave Cottlehuber
Created:
2022-09-30 12:03:58 UTC
Size:
7.78 KB
patch
obsolete
>diff --git dns/dnsdist/Makefile dns/dnsdist/Makefile >index 68acf04e6a36..2db2af707db7 100644 >--- dns/dnsdist/Makefile >+++ dns/dnsdist/Makefile >@@ -1,97 +1,97 @@ > PORTNAME= dnsdist > DISTVERSION= 1.7.2 >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= dns net > MASTER_SITES= https://downloads.powerdns.com/releases/ > > MAINTAINER= tremere@cainites.net > COMMENT= Highly DNS-, DoS- and abuse-aware loadbalancer > WWW= https://dnsdist.org/ > > LICENSE= GPLv2 ISCL MIT > LICENSE_COMB= multi > LICENSE_FILE_GPLv2= ${WRKSRC}/COPYING > LICENSE_FILE_ISCL= ${WRKSRC}/ext/ipcrypt/LICENSE > LICENSE_FILE_MIT= ${WRKSRC}/ext/yahttp/LICENSE > > NOT_FOR_ARCHS= i386 > NOT_FOR_ARCHS_REASON= archs with 32-bits time_t are no longer supported by upstream > > BUILD_DEPENDS= ${LOCALBASE}/lib/libatomic_ops.a:devel/libatomic_ops > LIB_DEPENDS= libboost_serialization.so:devel/boost-libs \ > libh2o-evloop.so:www/h2o \ > libre2.so:devel/re2 \ > libsodium.so:security/libsodium > > USES= bison:alias compiler:c++14-lang cpe gmake libedit libtool \ > localbase pkgconfig tar:bz2 > CPE_VENDOR= powerdns > USE_RC_SUBR= dnsdist > > GNU_CONFIGURE= yes > CONFIGURE_ARGS= --bindir=${PREFIX}/sbin \ > --enable-dns-over-https \ > --enable-dns-over-tls \ > --enable-dnscrypt \ > --sysconfdir=${ETCDIR} \ > --with-libsodium \ > --with-re2 > > INSTALL_TARGET= install-strip > > USERS= _dnsdist > GROUPS= _dnsdist > > OPTIONS_DEFINE= DNSTAP SNMP > OPTIONS_DEFAULT= CDB GNUTLS LMDB LUA OPENSSL > OPTIONS_GROUP= KSVOPT > OPTIONS_GROUP_KSVOPT= CDB LMDB > OPTIONS_MULTI= TLS > OPTIONS_MULTI_TLS= GNUTLS OPENSSL > OPTIONS_SINGLE= EXTLUA > OPTIONS_SINGLE_EXTLUA= LUA LUAJIT LUAJITOR > > CDB_DESC= CDB backend > DNSTAP_DESC= dnstap support (see dnstap.info) > KSVOPT_DESC= Key Value Stores > LMDB_DESC= LMDB backend > LUAJITOR_DESC= Use lang/luajit-openresty > LUAJIT_DESC= Use lang/luajit > LUA_DESC= Use lang/lua > > CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb > CDB_CONFIGURE_ON= CDB_CFLAGS="-I${LOCALBASE}/include" \ > CDB_LIBS="-L${LOCALBASE}/lib -lcdb" > > DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm > DNSTAP_CONFIGURE_ENABLE= dnstap > > GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls > GNUTLS_CONFIGURE_WITH= gnutls > > LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb > LMDB_CONFIGURE_ON= --with-lmdb=${LOCALBASE} > LMDB_CONFIGURE_OFF= --without-lmdb > > LUAJITOR_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty > LUAJITOR_CONFIGURE_ON= --with-lua=luajit > > LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit > LUAJIT_CONFIGURE_ON= --with-lua=luajit > > LUA_USES= lua > LUA_CONFIGURE_ON= --with-lua=lua-${LUA_VER} > > OPENSSL_USES= ssl > OPENSSL_CONFIGURE_ON= LIBSSL_CFLAGS=-I${OPENSSLINC} \ > LIBSSL_LIBS="-L${OPENSSLLIB} -lssl" > OPENSSL_CONFIGURE_WITH= libssl > > SNMP_LIB_DEPENDS= libnetsnmp.so:net-mgmt/net-snmp > SNMP_CONFIGURE_WITH= net-snmp > > post-install: > @${MKDIR} ${STAGEDIR}${ETCDIR} > ${INSTALL_DATA} ${FILESDIR}/dnsdist.conf.sample ${STAGEDIR}${ETCDIR} > > .include <bsd.port.mk> >diff --git dns/dnsdist/files/patch-credentials.cc dns/dnsdist/files/patch-credentials.cc >deleted file mode 100644 >index 4d71e65ad7aa..000000000000 >--- dns/dnsdist/files/patch-credentials.cc >+++ /dev/null >@@ -1,101 +0,0 @@ >---- credentials.cc.orig 2021-11-23 18:39:17 UTC >-+++ credentials.cc >-@@ -28,7 +28,7 @@ >- #include <sodium.h> >- #endif >- >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- #include <openssl/evp.h> >- #include <openssl/kdf.h> >- #include <openssl/rand.h> >-@@ -42,7 +42,7 @@ >- #include "credentials.hh" >- #include "misc.hh" >- >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- static size_t const pwhash_max_size = 128U; /* maximum size of the output */ >- static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ >- static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ >-@@ -95,7 +95,7 @@ void SensitiveData::clear() >- >- static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); >- if (!pctx) { >- throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); >-@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str >- >- static std::string generateRandomSalt() >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- /* generate a random salt */ >- std::string salt; >- salt.resize(pwhash_salt_size); >-@@ -159,7 +159,7 @@ static std::string generateRandomSalt() >- >- std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- std::string result; >- result.reserve(pwhash_max_size); >- >-@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, >- >- std::string hashPassword(const std::string& password) >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); >- #else >- throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); >-@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password) >- >- bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); >- return constantTimeStringEquals(expected, binaryHash); >- #else >-@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con >- /* parse a hashed password in PHC string format */ >- static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- auto parametersEnd = hash.find('$', pwhash_prefix.size()); >- if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { >- throw std::runtime_error("Invalid hashed password format, no parameters"); >-@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std >- return false; >- } >- >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- std::string salt; >- std::string hashedPassword; >- uint64_t workFactor = 0; >-@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std >- >- bool isPasswordHashed(const std::string& password) >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { >- return false; >- } >-@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas >- >- bool CredentialsHolder::isHashingAvailable() >- { >--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT >-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) >- return true; >- #else >- return false;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=236967">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 266722
: 236967