From nobody Wed Apr 06 10:36:04 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 303D21A9CA1A; Wed, 6 Apr 2022 10:36:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KYLX50tyDz4VGv; Wed, 6 Apr 2022 10:36:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649241365; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hGUTgoEq6JMY+xI6NumXRn7LQPrcTSH50gTGedzYX1s=; b=xM/LTU1DMGux/qIko0bod3vaV8v155in73uvdzf1Sqcy6eKK1qGn1j7wG+orOf+x4akBQl E5wG3SoYyM3/mRFiGS6uH8uuY8U3Iqf1y0lcbDDlMyycS+wQ429qXwvcufFI8ieD8V/Qt6 BSyk+ZGIv5nRAQUqAnts0w6skcNxIDo7yPeFDY/+OGPl/Amp8Fp3jH/oMHJy0SIVOR2N8Z sHbPZBl1gsddGu5rRL7em8TdYFuzNgCXAPKo3SWDn1VPTX/FJh4nGqVBCxsETsTJEqFyDY y4sNv24NQDMTV6ALu3UBYpWxDU0xr7BX3i/tZC1Imc7rkap9x4vbMco8adpVdw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF4E8194DE; Wed, 6 Apr 2022 10:36:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 236Aa40T041323; Wed, 6 Apr 2022 10:36:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 236Aa4N6041322; Wed, 6 Apr 2022 10:36:04 GMT (envelope-from git) Date: Wed, 6 Apr 2022 10:36:04 GMT Message-Id: <202204061036.236Aa4N6041322@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: =?utf-8?Q?Fernando Apestegu=C3=ADa?= Subject: git: e44c01f03f4a - 2022Q2 - dns/powerdns: update to 4.6.1 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/2022Q2 X-Git-Reftype: branch X-Git-Commit: e44c01f03f4a6653bbab0de99cc60d861d96739d Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649241365; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hGUTgoEq6JMY+xI6NumXRn7LQPrcTSH50gTGedzYX1s=; b=WzY7LeQ3mvLGtMvqpLhrphQ+gjYa0nYSLuM31+KPovaiWJYVKo85EDqHDTLV7G0OBSplo3 V9f5Grgx/3anuaV2OOLFmOROdu8suO/qoM5RvxSAdqPlKsmF3weL0+3zD46r9c37hzOnCE bIN6+4IiTz5wcZN97ilsj+IIA2SMxjGSLQXLqzyI6PwTuAF5KCHk0tw5YFyGNzmhkKLm7Z JdXwVXH17epGOqFTsnYEiIa9g/EsfCTlKqSlR8qvcj1Jn4o9jk+d98tRI15Mgzgm/m52y2 Z6H8IDvJUgdQCE0KGTFT4gCwoSwXkSsKmy7CXZf/V1rixr1lnv+tMj89PKULwQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649241365; a=rsa-sha256; cv=none; b=eTAEy5IN1qIDYGxVT/6/rLrBxXdSv9K93QefxPc2TTZtC7eHSWg5ReREp/KTSJsMOe8JI2 +kXu/+gT+sBogjnG6cSxv4V3m2ZA8NU54Vfrd2nHHFLiiCe59Xe3a7eH2Ui6kH/VbQxp8n LOfRlBNOq8yXYIYdnmGL586sT8wlzu0nL8iakZGpPhRUgZvAlliXgmnVEkPdl94B0IFHdy 6MieRHRiZPi1G8Tjtqp01nJ3xIY5/COEUp3WzwY81Wl/sZVM9jqdds6Z2mWK4yqtf5ibdz 5ke7B4zHQpQK7/WIjJOV1brqdwnmkNAuMnYdhrURo4aFM/Wr8hd5n0/5nVwRZg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch 2022Q2 has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=e44c01f03f4a6653bbab0de99cc60d861d96739d commit e44c01f03f4a6653bbab0de99cc60d861d96739d Author: Ralf van der Enden AuthorDate: 2022-04-05 10:08:23 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2022-04-06 10:32:36 +0000 dns/powerdns: update to 4.6.1 Fixes CVE-2022-27227 PR: 262879 Reported by: Ralf van der Enden (maintainer) MFH: 2022Q2 (security fix) Security: CVE-2022-27227 (cherry picked from commit 79872ab6096b3bfc3edbd2ec845698316260bd0d) --- dns/powerdns/Makefile | 2 +- dns/powerdns/distinfo | 6 +- dns/powerdns/files/patch-credentials.cc | 101 ++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+), 4 deletions(-) diff --git a/dns/powerdns/Makefile b/dns/powerdns/Makefile index 3f6d4e520844..690787c2e53f 100644 --- a/dns/powerdns/Makefile +++ b/dns/powerdns/Makefile @@ -1,5 +1,5 @@ PORTNAME= powerdns -DISTVERSION= 4.6.0 +DISTVERSION= 4.6.1 CATEGORIES= dns MASTER_SITES= https://downloads.powerdns.com/releases/ DISTNAME= pdns-${DISTVERSION} diff --git a/dns/powerdns/distinfo b/dns/powerdns/distinfo index 5c1782eebd72..ddaf4dbe680d 100644 --- a/dns/powerdns/distinfo +++ b/dns/powerdns/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1648050226 -SHA256 (pdns-4.6.0.tar.bz2) = b9effb7968a7badbb91eea431c73346482a67592684d84660edd8b7528cc1325 -SIZE (pdns-4.6.0.tar.bz2) = 1299604 +TIMESTAMP = 1648224641 +SHA256 (pdns-4.6.1.tar.bz2) = 7912b14887d62845185f7ce4b47db580eaa7b8b897dcb1c9555dfe0fac5efae3 +SIZE (pdns-4.6.1.tar.bz2) = 1315530 diff --git a/dns/powerdns/files/patch-credentials.cc b/dns/powerdns/files/patch-credentials.cc new file mode 100644 index 000000000000..791344b68a30 --- /dev/null +++ b/dns/powerdns/files/patch-credentials.cc @@ -0,0 +1,101 @@ +--- pdns/credentials.cc.orig 2021-11-23 18:39:17 UTC ++++ pdns/credentials.cc +@@ -28,7 +28,7 @@ + #include + #endif + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + #include + #include + #include +@@ -42,7 +42,7 @@ + #include "credentials.hh" + #include "misc.hh" + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + static size_t const pwhash_max_size = 128U; /* maximum size of the output */ + static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ + static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ +@@ -95,7 +95,7 @@ void SensitiveData::clear() + + static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto pctx = std::unique_ptr(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); + if (!pctx) { + throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); +@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str + + static std::string generateRandomSalt() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + /* generate a random salt */ + std::string salt; + salt.resize(pwhash_salt_size); +@@ -159,7 +159,7 @@ static std::string generateRandomSalt() + + std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string result; + result.reserve(pwhash_max_size); + +@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, + + std::string hashPassword(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); + #else + throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); +@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password) + + bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); + return constantTimeStringEquals(expected, binaryHash); + #else +@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con + /* parse a hashed password in PHC string format */ + static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto parametersEnd = hash.find('$', pwhash_prefix.size()); + if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { + throw std::runtime_error("Invalid hashed password format, no parameters"); +@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std + return false; + } + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string salt; + std::string hashedPassword; + uint64_t workFactor = 0; +@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std + + bool isPasswordHashed(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { + return false; + } +@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas + + bool CredentialsHolder::isHashingAvailable() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return true; + #else + return false;