dns/powerdns: update to 4.7.0

ChangeLog:
https://blog.powerdns.com/2022/10/20/authoritative-server-4-7-0/

PR:		267260

5 files changed, 17 insertions, 119 deletions

diff --git a/dns/powerdns/Makefile b/dns/powerdns/Makefile
index a78160a310d3..e95f69753fa2 100644
--- a/dns/powerdns/Makefile
+++ b/dns/powerdns/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	powerdns
-DISTVERSION=	4.6.3
-PORTREVISION=	2
+DISTVERSION=	4.7.0
 CATEGORIES=	dns
 MASTER_SITES=	https://downloads.powerdns.com/releases/
 DISTNAME=	pdns-${DISTVERSION}
diff --git a/dns/powerdns/distinfo b/dns/powerdns/distinfo
index c8c6146f233e..69b0bd073d4d 100644
--- a/dns/powerdns/distinfo
+++ b/dns/powerdns/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1657734807
-SHA256 (pdns-4.6.3.tar.bz2) = acd06b89ca01d1adf61b906604614f0e1d77a1e94eeecade8ff5d53a16db7389
-SIZE (pdns-4.6.3.tar.bz2) = 1302651
+TIMESTAMP = 1666276032
+SHA256 (pdns-4.7.0.tar.bz2) = b57b75b780ace64e232c6757f17a8fa617016d0128256c66f22da5f4b5e839e7
+SIZE (pdns-4.7.0.tar.bz2) = 1361265
diff --git a/dns/powerdns/files/patch-credentials.cc b/dns/powerdns/files/patch-credentials.cc
deleted file mode 100644
index 791344b68a30..000000000000
--- a/dns/powerdns/files/patch-credentials.cc
+++ /dev/null
@@ -1,101 +0,0 @@
---- pdns/credentials.cc.orig	2021-11-23 18:39:17 UTC
-+++ pdns/credentials.cc
-@@ -28,7 +28,7 @@
- #include <sodium.h>
- #endif
- 
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
- #include <openssl/evp.h>
- #include <openssl/kdf.h>
- #include <openssl/rand.h>
-@@ -42,7 +42,7 @@
- #include "credentials.hh"
- #include "misc.hh"
- 
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
- static size_t const pwhash_max_size = 128U; /* maximum size of the output */
- static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
- static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
-@@ -95,7 +95,7 @@ void SensitiveData::clear()
- 
- static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);
-   if (!pctx) {
-     throw std::runtime_error("Error getting a scrypt context to hash the supplied password");
-@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str
- 
- static std::string generateRandomSalt()
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   /* generate a random salt */
-   std::string salt;
-   salt.resize(pwhash_salt_size);
-@@ -159,7 +159,7 @@ static std::string generateRandomSalt()
- 
- std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   std::string result;
-   result.reserve(pwhash_max_size);
- 
-@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, 
- 
- std::string hashPassword(const std::string& password)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);
- #else
-   throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
-@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password)
- 
- bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);
-   return constantTimeStringEquals(expected, binaryHash);
- #else
-@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con
- /* parse a hashed password in PHC string format */
- static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   auto parametersEnd = hash.find('$', pwhash_prefix.size());
-   if (parametersEnd == std::string::npos || parametersEnd == hash.size()) {
-     throw std::runtime_error("Invalid hashed password format, no parameters");
-@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std
-     return false;
-   }
- 
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   std::string salt;
-   std::string hashedPassword;
-   uint64_t workFactor = 0;
-@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std
- 
- bool isPasswordHashed(const std::string& password)
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) {
-     return false;
-   }
-@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas
- 
- bool CredentialsHolder::isHashingAvailable()
- {
--#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
-+#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
-   return true;
- #else
-   return false;
diff --git a/dns/powerdns/files/patch-pdns_auth-main.cc b/dns/powerdns/files/patch-pdns_auth-main.cc
new file mode 100644
index 000000000000..19c84bfad6ce
--- /dev/null
+++ b/dns/powerdns/files/patch-pdns_auth-main.cc
@@ -0,0 +1,13 @@
+--- pdns/auth-main.cc.orig	2022-10-19 09:22:23 UTC
++++ pdns/auth-main.cc
+@@ -277,8 +277,8 @@ static void declareArguments()
+ 
+   ::arg().setSwitch("no-shuffle", "Set this to prevent random shuffling of answers - for regression testing") = "off";
+ 
+-  ::arg().set("setuid", "If set, change user id to this uid for more security") = "";
+-  ::arg().set("setgid", "If set, change group id to this gid for more security") = "";
++  ::arg().set("setuid", "If set, change user id to this uid for more security") = "pdns";
++  ::arg().set("setgid", "If set, change group id to this gid for more security") = "pdns";
+ 
+   ::arg().set("max-cache-entries", "Maximum number of entries in the query cache") = "1000000";
+   ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache") = "1000000";
diff --git a/dns/powerdns/files/patch-pdns_common__startup.cc b/dns/powerdns/files/patch-pdns_common__startup.cc
deleted file mode 100644
index 85b3e1d6cd5d..000000000000
--- a/dns/powerdns/files/patch-pdns_common__startup.cc
+++ /dev/null
@@ -1,13 +0,0 @@
---- pdns/common_startup.cc.orig	2020-02-24 14:34:14 UTC
-+++ pdns/common_startup.cc
-@@ -191,8 +191,8 @@ void declareArguments()
- 
-   ::arg().setSwitch("no-shuffle","Set this to prevent random shuffling of answers - for regression testing")="off";
- 
--  ::arg().set("setuid","If set, change user id to this uid for more security")="";
--  ::arg().set("setgid","If set, change group id to this gid for more security")="";
-+  ::arg().set("setuid","If set, change user id to this uid for more security")="pdns";
-+  ::arg().set("setgid","If set, change group id to this gid for more security")="pdns";
- 
-   ::arg().set("max-cache-entries", "Maximum number of entries in the query cache")="1000000";
-   ::arg().set("max-packet-cache-entries", "Maximum number of entries in the packet cache")="1000000";