From nobody Wed Apr 06 10:37:43 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B9A7C1A9D418; Wed, 6 Apr 2022 10:37:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KYLYz4w8qz4Vj6; Wed, 6 Apr 2022 10:37:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649241463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T0rCx0jmev4RowBGwhqevnG7CaFZbvCHkqU6OsNGXm4=; b=OodOqsgRSlH1gmFyJPS4V/G1cY7lzZD7ArooAPWzqdcUAvpnorH3xcNry7ts6S3v88ByJe BPUUbrM4E6w1bWY30MIKrL4Cp2xcaA2C6iGEcUZusDqHQXiDP9d9I+1yQTIrhOtppnQOkN 1plEMrXlyqy0GcSyN5H1CcgTJa4q1OYj8O8wK6WPWudpYGqUMIJj/DuQjfLf6jgONlL/bl Gvz9bu2apc1zMa/pAtEliUJPbWvto6AANhXJTwLDDGAN/mXA8NaW9k46MSoGYRXhj90sZ5 +2J8n3rbZ2TmkUQzzAAeGeLM9BU0qpYl+dJR8Ocy6avS05Ucm1/6bAbRk8fz+w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 89524194DF; Wed, 6 Apr 2022 10:37:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 236Abh4n041561; Wed, 6 Apr 2022 10:37:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 236Abh47041560; Wed, 6 Apr 2022 10:37:43 GMT (envelope-from git) Date: Wed, 6 Apr 2022 10:37:43 GMT Message-Id: <202204061037.236Abh47041560@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Fernando Apestegu=C3=ADa?= Subject: git: 56b664aa3d2c - main - dns/powerdns-recursor: update to 4.6.1 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 56b664aa3d2cd0e8dbf48d26d0839d0b1aa5998f Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649241463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=T0rCx0jmev4RowBGwhqevnG7CaFZbvCHkqU6OsNGXm4=; b=YxwaIf1JRqXdhdC2LE9UvhRWHfGPM7Htg5VsAR1XYMu6mzue1wto2E/FNdAjR6Gl6D7zYU 9vfqNqeET6Z3CthD8uLlDmUrRx1b5yV8jpErVL3Mpu83ORiIW0dzSJbxXMEGoDnaQBpXnx 0VfZeuzZrrOsohi4bX5Np313oEJJQlGTshBRbmL7H7XnZgwjydNehIYohSGlHu6GCFrEhT FufDody1A0BOupTPVk891DfBY+Edy2y4bRv1lols2VxRzsuaSy3HFJjDMmD7e6FIGWM7Lg ChA+NIbaxTlyKSb92a7tiWtLwDMAHaRsXw/2wn8Khn5HmtZMYXqNRhF9cvXyyg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649241463; a=rsa-sha256; cv=none; b=e3lGSFwABVk/HgztCazVEZpwA2mG71270/KIYib7NLT2hIrtr4ktxrQ4ClWRMWH9I4ZryK t8no8mdXT59TPe+gVaODPjCpzJL7q6L1768s4XJyyZTR3ixdya5nOVUcUvAuB8NxU4NEtL q5WClzggoLOS68x/7C/ZHBHnhlb7zNbCoCO2GxDrB2HS93Sy5kAVofIFEtwQ63/GhUQtRl Qf/lfw9MeAnwuPJK7WS8vxPL3FiEUlyGuo5CoPRcPVusouEV8MSOsgLGeSpoX0egGmL91g 6X60pAbeHXvkisbLc/IFYTz0P3cdGFxsyKRc2nUJtPGlrMtfwYlzIp5DKRzGwg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=56b664aa3d2cd0e8dbf48d26d0839d0b1aa5998f commit 56b664aa3d2cd0e8dbf48d26d0839d0b1aa5998f Author: Ralf van der Enden AuthorDate: 2022-04-05 10:21:08 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2022-04-06 10:35:45 +0000 dns/powerdns-recursor: update to 4.6.1 Fixes CVE-2022-27227 PR: 262879 Reported by: Ralf van der Enden (maintainer) MFH: 2022Q2 (security fix) Security: CVE-2022-27227 --- dns/powerdns-recursor/Makefile | 2 +- dns/powerdns-recursor/distinfo | 6 +- dns/powerdns-recursor/files/patch-credentials.cc | 101 +++++++++++++++++++++++ 3 files changed, 105 insertions(+), 4 deletions(-) diff --git a/dns/powerdns-recursor/Makefile b/dns/powerdns-recursor/Makefile index fa938d9f3cb8..068f21266b00 100644 --- a/dns/powerdns-recursor/Makefile +++ b/dns/powerdns-recursor/Makefile @@ -1,7 +1,7 @@ # Created by: sten@blinkenlights.nl PORTNAME= recursor -DISTVERSION= 4.6.0 +DISTVERSION= 4.6.1 CATEGORIES= dns MASTER_SITES= http://downloads.powerdns.com/releases/ PKGNAMEPREFIX= powerdns- diff --git a/dns/powerdns-recursor/distinfo b/dns/powerdns-recursor/distinfo index 4103f40bb370..aa8ef2398908 100644 --- a/dns/powerdns-recursor/distinfo +++ b/dns/powerdns-recursor/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1639754437 -SHA256 (pdns-recursor-4.6.0.tar.bz2) = df06559398aebc594d2e1e27d177f981bdbbc17f968d6306a52aa7d1119fbcf2 -SIZE (pdns-recursor-4.6.0.tar.bz2) = 1549434 +TIMESTAMP = 1648224655 +SHA256 (pdns-recursor-4.6.1.tar.bz2) = 7b8500908b84a87ea8a021cbff3f6c1f9ff95f0199e7c972b15b93dfb1561ceb +SIZE (pdns-recursor-4.6.1.tar.bz2) = 1541000 diff --git a/dns/powerdns-recursor/files/patch-credentials.cc b/dns/powerdns-recursor/files/patch-credentials.cc new file mode 100644 index 000000000000..4d71e65ad7aa --- /dev/null +++ b/dns/powerdns-recursor/files/patch-credentials.cc @@ -0,0 +1,101 @@ +--- credentials.cc.orig 2021-11-23 18:39:17 UTC ++++ credentials.cc +@@ -28,7 +28,7 @@ + #include + #endif + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + #include + #include + #include +@@ -42,7 +42,7 @@ + #include "credentials.hh" + #include "misc.hh" + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + static size_t const pwhash_max_size = 128U; /* maximum size of the output */ + static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ + static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ +@@ -95,7 +95,7 @@ void SensitiveData::clear() + + static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto pctx = std::unique_ptr(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); + if (!pctx) { + throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); +@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str + + static std::string generateRandomSalt() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + /* generate a random salt */ + std::string salt; + salt.resize(pwhash_salt_size); +@@ -159,7 +159,7 @@ static std::string generateRandomSalt() + + std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string result; + result.reserve(pwhash_max_size); + +@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, + + std::string hashPassword(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); + #else + throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); +@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password) + + bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); + return constantTimeStringEquals(expected, binaryHash); + #else +@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con + /* parse a hashed password in PHC string format */ + static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + auto parametersEnd = hash.find('$', pwhash_prefix.size()); + if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { + throw std::runtime_error("Invalid hashed password format, no parameters"); +@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std + return false; + } + +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + std::string salt; + std::string hashedPassword; + uint64_t workFactor = 0; +@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std + + bool isPasswordHashed(const std::string& password) + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { + return false; + } +@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas + + bool CredentialsHolder::isHashingAvailable() + { +-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT ++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT) + return true; + #else + return false;