From nobody Wed Apr 06 10:33:03 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2A1A81A9B967; Wed, 6 Apr 2022 10:33:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KYLSc0ctPz4VFP; Wed, 6 Apr 2022 10:33:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649241184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RSR/UhS2/25uNfibj6VOdFv+/mLcjRWLR/KmJxTrOtM=; b=ejPM0gHsIYjmsV8k4BfY/7jnfGYZW4mG47IwWblXHxR/Oc4UH+t57Yuu1lvxsmsNGhv2kL v5vriq2OHDS8vn1nPUMn829MZn4WNQZ9iRsaeRqkJezQ0pfJ46izvfe2nc8ZiA75SEM8Nk M3kNXcgkAhoMWlhunBZtDzeWOnB7ngp2fVQ+USxsFQ7K6ba5UQ/YisaJBSwRTrs9yeWvXa GfY5WaSY8fPb39ZGuDnTgKx+TQqdM8DDfvIV7SAC1MybDqofuU2zwwl8Tr5Qsj907bu2R9 DpdK313K2pMAGY/UjDIzmJ3mW6f8DfZM0gWY0ZBmjLKl7j2/SMrgD/y9jh5vXA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EA39919550; Wed, 6 Apr 2022 10:33:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 236AX3Je040951; Wed, 6 Apr 2022 10:33:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 236AX3Th040950; Wed, 6 Apr 2022 10:33:03 GMT (envelope-from git) Date: Wed, 6 Apr 2022 10:33:03 GMT Message-Id: <202204061033.236AX3Th040950@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Fernando Apestegu=C3=ADa?= Subject: git: 79872ab6096b - main - dns/powerdns: update to 4.6.1 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 79872ab6096b3bfc3edbd2ec845698316260bd0d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649241184; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RSR/UhS2/25uNfibj6VOdFv+/mLcjRWLR/KmJxTrOtM=; b=lnUhstT6Wi3tAfyusWLIb8ucWUocYmBzuYHT2Hono9YsQX19n6G9EmRAuMnAttEwzEtJnP NOrfsL2O75Zr3KrgtgIHHejQqp1NS3URHMZPh/tUuf07xWZuOfLtdrwV2eQfT9AGgQsnU/ 8WwBI021LzpqkKS83XyQQXPNhTGeZAUNbHcIcL35PiBzkcq3euDkln6kQwxmY3F3ENwJR0 cUDrqMqaLV4NWFs5cJPdPT/JEhU327YGwdhGCQxXA/LAw1UV8lv9sSB1hafJPRSFdT+bw/ clA7CLZTw7/xQCXFWcDmJ0BNwnlC4N3j7Cp7Gu9OOFPNNxYd5HeW1s4PlAjhPA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649241184; a=rsa-sha256; cv=none; b=QsWlIlIrIAhp3eQChFDim4mVjs4RHSyZ0qmfvfp1U8g1j1CMeJ6ZeriKdeGMw4ePL4psG2 riYnFkRrEq7gi47ZETRUNSE672RaedCeUfbnEkv0ZWHBZD1jZiFaHXCugUBGVXUIRrOscw KlKJRe7Czvt8aYxwcR533hKK63AsmvlU75CqsA/0Al/NFDBcAVUZHjaA74GG/9jvIJhyRP MC8C+5xQG99kM5uaVoeJ+5oZX1mHlvZlN6yCuyqYKzOcZoK+bxJdvXxrxeNbCMaez1nBbj GWUs3d3n2+bGhqLZb1/LsoiGKTOgw50LHniu3PvLrH7K90x/6v95MXF3EZVxKA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=79872ab6096b3bfc3edbd2ec845698316260bd0d commit 79872ab6096b3bfc3edbd2ec845698316260bd0d Author: Ralf van der Enden AuthorDate: 2022-04-05 10:08:23 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2022-04-06 10:29:22 +0000 dns/powerdns: update to 4.6.1 Fixes CVE-2022-27227 PR: 262879 Reported by: Ralf van der Enden (maintainer) MFH: 2022Q2 (security fix) Security: CVE-2022-27227 --- dns/powerdns/Makefile | 2 +- dns/powerdns/distinfo | 6 +- dns/powerdns/files/patch-credentials.cc | 101 ++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 4 deletions(-) diff --git a/dns/powerdns/Makefile b/dns/powerdns/Makefile index 3f6d4e520844..690787c2e53f 100644 --- a/dns/powerdns/Makefile +++ b/dns/powerdns/Makefile @@ -1,5 +1,5 @@ PORTNAME= powerdns -DISTVERSION= 4.6.0 +DISTVERSION= 4.6.1 CATEGORIES= dns MASTER_SITES= https://downloads.powerdns.com/releases/ DISTNAME= pdns-${DISTVERSION} diff --git a/dns/powerdns/distinfo b/dns/powerdns/distinfo index 5c1782eebd72..ddaf4dbe680d 100644 --- a/dns/powerdns/distinfo +++ b/dns/powerdns/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1648050226 -SHA256 (pdns-4.6.0.tar.bz2) = b9effb7968a7badbb91eea431c73346482a67592684d84660edd8b7528cc1325 -SIZE (pdns-4.6.0.tar.bz2) = 1299604 +TIMESTAMP = 1648224641 +SHA256 (pdns-4.6.1.tar.bz2) = 7912b14887d62845185f7ce4b47db580eaa7b8b897dcb1c9555dfe0fac5efae3 +SIZE (pdns-4.6.1.tar.bz2) = 1315530 diff --git a/dns/powerdns/files/patch-credentials.cc b/dns/powerdns/files/patch-credentials.cc new file mode 100644 index 000000000000..791344b68a30 --- /dev/null +++ b/dns/powerdns/files/patch-credentials.cc @@ -0,0 +1,101 @@ +--- pdns/credentials.cc.orig 2021-11-23 18:39:17 UTC ++++ pdns/credentials.cc +@@ -28,7 +28,7 @@ + #include + #endif + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + #include + #include + #include +@@ -42,7 +42,7 @@ + #include "credentials.hh" + #include "misc.hh" + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + static size_t const pwhash_max_size = 128U; /* maximum size of the output */ + static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ + static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ +@@ -95,7 +95,7 @@ void SensitiveData::clear() + + static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto pctx = std::unique_ptr(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); + if (!pctx) { + throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); +@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str + + static std::string generateRandomSalt() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + /* generate a random salt */ + std::string salt; + salt.resize(pwhash_salt_size); +@@ -159,7 +159,7 @@ static std::string generateRandomSalt() + + std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string result; + result.reserve(pwhash_max_size); + +@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, + + std::string hashPassword(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); + #else + throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); +@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password) + + bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); + return constantTimeStringEquals(expected, binaryHash); + #else +@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con + /* parse a hashed password in PHC string format */ + static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto parametersEnd = hash.find('$', pwhash_prefix.size()); + if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { + throw std::runtime_error("Invalid hashed password format, no parameters"); +@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std + return false; + } + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string salt; + std::string hashedPassword; + uint64_t workFactor = 0; +@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std + + bool isPasswordHashed(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { + return false; + } +@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas + + bool CredentialsHolder::isHashingAvailable() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return true; + #else + return false;