dns/powerdns-recursor: update 4.0.3 -> 4.0.4

Changes:	https://doc.powerdns.com/md/changelog/#powerdns-recursor-404

PR:		216135
Reported by:	Dani <i.dani@outlook.com>
Submitted by:	ghostonthewire@gmail.com
Approved by:	Ralf van der Enden <tremere@cainites.net> (maintainer)
Security:	CVE-2016-7068
Security:	CVE-2016-7073
Security:	CVE-2016-7074
Security:	https://vuxml.FreeBSD.org/freebsd/e3200958-dd6c-11e6-ae1b-002590263bf5.html
MFH:		2017Q1

6 files changed, 15 insertions, 198 deletions

diff --git a/dns/powerdns-recursor/Makefile b/dns/powerdns-recursor/Makefile
index 5933f2bd420f..3d0263f211d9 100644
--- a/dns/powerdns-recursor/Makefile
+++ b/dns/powerdns-recursor/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	recursor
-PORTVERSION=	4.0.3
-PORTREVISION=	3
+PORTVERSION=	4.0.4
 CATEGORIES=	dns ipv6
 MASTER_SITES=	http://downloads.powerdns.com/releases/
 PKGNAMEPREFIX=	powerdns-
diff --git a/dns/powerdns-recursor/distinfo b/dns/powerdns-recursor/distinfo
index e5a5c7f9c220..390356a6f336 100644
--- a/dns/powerdns-recursor/distinfo
+++ b/dns/powerdns-recursor/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1473284590
-SHA256 (pdns-recursor-4.0.3.tar.bz2) = ae9813a64d13d9ebe4b44e89e8e4e44fc438693b6ce4c3a98e4cab1af22d9627
-SIZE (pdns-recursor-4.0.3.tar.bz2) = 1045041
+TIMESTAMP = 1484621032
+SHA256 (pdns-recursor-4.0.4.tar.bz2) = 2338778f49ccd03401e65f6f4b39047890e691c8ff6d810ecee45321fb4f1e4d
+SIZE (pdns-recursor-4.0.4.tar.bz2) = 1050596
diff --git a/dns/powerdns-recursor/files/extrapatch-setuid b/dns/powerdns-recursor/files/extrapatch-setuid
index 3ccbd3fc8ea7..4ab90f53ac4f 100644
--- a/dns/powerdns-recursor/files/extrapatch-setuid
+++ b/dns/powerdns-recursor/files/extrapatch-setuid
@@ -1,8 +1,8 @@
---- pdns_recursor.cc.orig	2010-03-06 13:10:44.000000000 +0100
-+++ pdns_recursor.cc	2010-03-07 21:13:07.000000000 +0100
-@@ -1890,8 +1890,8 @@
-     ::arg().set("daemon","Operate as a daemon")="yes";
-     ::arg().set("log-common-errors","If we should log rather common errors")="yes";
+--- pdns_recursor.cc.orig	2017-01-17 02:48:30 UTC
++++ pdns_recursor.cc
+@@ -2969,8 +2969,8 @@ int main(int argc, char **argv)
+     ::arg().set("disable-syslog","Disable logging to syslog, useful when running inside a supervisor that logs stdout")="no";
+     ::arg().set("log-common-errors","If we should log rather common errors")="no";
      ::arg().set("chroot","switch to chroot jail")="";
 -    ::arg().set("setgid","If set, change group id to this gid for more security")="";
 -    ::arg().set("setuid","If set, change user id to this uid for more security")="";
@@ -10,4 +10,4 @@
 +    ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor";
      ::arg().set("network-timeout", "Wait this nummer of milliseconds for network i/o")="1500";
      ::arg().set("threads", "Launch this number of threads")="2";
- #ifdef WIN32
+     ::arg().set("processes", "Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)")="1"; // if we un-experimental this, need to fix openssl rand seeding for multiple PIDs!
diff --git a/dns/powerdns-recursor/files/patch-dnsname.hh b/dns/powerdns-recursor/files/patch-dnsname.hh
index 3f110e832d3e..a1de8ea78853 100644
--- a/dns/powerdns-recursor/files/patch-dnsname.hh
+++ b/dns/powerdns-recursor/files/patch-dnsname.hh
@@ -1,13 +1,11 @@
-https://github.com/PowerDNS/pdns/issues/2955
-
---- dnsname.hh.orig	2016-09-06 12:50:29 UTC
+--- dnsname.hh.orig	2017-01-17 03:18:41 UTC
 +++ dnsname.hh
 @@ -30,7 +30,7 @@
  #include <boost/version.hpp>
  
  // it crashes on OSX and doesn't compile on OpenBSD
--#if BOOST_VERSION >= 104800 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
-+#if BOOST_VERSION >= 104800 && ! defined(_LIBCPP_VERSION) && ! defined(__OpenBSD__)
+-#if BOOST_VERSION >= 105300 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
++#if BOOST_VERSION >= 105300 && ! defined(_LIBCPP_VERSION) && ! defined(__OpenBSD__)
  #include <boost/container/string.hpp>
  #endif
  
@@ -15,8 +13,8 @@ https://github.com/PowerDNS/pdns/issues/2955
    inline bool canonCompare(const DNSName& rhs) const;
    bool slowCanonCompare(const DNSName& rhs) const;  
  
--#if BOOST_VERSION >= 104800 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
-+#if BOOST_VERSION >= 104800 && ! defined(_LIBCPP_VERSION) && ! defined(__OpenBSD__)
+-#if BOOST_VERSION >= 105300 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
++#if BOOST_VERSION >= 105300 && ! defined(_LIBCPP_VERSION) && ! defined(__OpenBSD__)
    typedef boost::container::string string_t;
  #else
    typedef std::string string_t;
diff --git a/dns/powerdns-recursor/files/patch-lua-recursor4.cc b/dns/powerdns-recursor/files/patch-lua-recursor4.cc
deleted file mode 100644
index 5a6483105e0e..000000000000
--- a/dns/powerdns-recursor/files/patch-lua-recursor4.cc
+++ /dev/null
@@ -1,26 +0,0 @@
---- lua-recursor4.cc.orig	2016-09-06 12:50:29 UTC
-+++ lua-recursor4.cc
-@@ -263,8 +263,8 @@ RecursorLua4::RecursorLua4(const std::st
-       return DNSName(boost::get<const DNSName>(dom));
-   });
-   d_lw->registerFunction("isPartOf", &DNSName::isPartOf);
--  d_lw->registerFunction("countLabels", &DNSName::countLabels);
--  d_lw->registerFunction("wirelength", &DNSName::wirelength);
-+  d_lw->registerFunction<unsigned int(DNSName::*)()>("countLabels", [](const DNSName& name) { return name.countLabels(); });
-+  d_lw->registerFunction<size_t(DNSName::*)()>("wirelength", [](const DNSName& name) { return name.wirelength(); });
-   d_lw->registerFunction<bool(DNSName::*)(const std::string&)>(
-     "equal",
-      [](const DNSName& lhs, const std::string& rhs) {
-@@ -285,9 +285,9 @@ RecursorLua4::RecursorLua4(const std::st
-     } );
-   d_lw->registerFunction<bool(ComboAddress::*)()>("isIPv4", [](const ComboAddress& ca) { return ca.sin4.sin_family == AF_INET; });
-   d_lw->registerFunction<bool(ComboAddress::*)()>("isIPv6", [](const ComboAddress& ca) { return ca.sin4.sin_family == AF_INET6; });
--  d_lw->registerFunction("isMappedIPv4", &ComboAddress::isMappedIPv4);
--  d_lw->registerFunction("mapToIPv4", &ComboAddress::mapToIPv4);
--  d_lw->registerFunction("truncate", &ComboAddress::truncate);
-+  d_lw->registerFunction<bool(ComboAddress::*)()>("isMappedIPv4", [](const ComboAddress& ca) { return ca.isMappedIPv4(); });
-+  d_lw->registerFunction<ComboAddress(ComboAddress::*)()>("mapToIPv4", [](const ComboAddress& ca) { return ca.mapToIPv4(); });
-+  d_lw->registerFunction<void(ComboAddress::*)(unsigned int)>("truncate", [](ComboAddress& ca, unsigned int bits) { ca.truncate(bits); });
- 
-   d_lw->writeFunction("newCA", [](const std::string& a) { return ComboAddress(a); });
-   typedef std::unordered_set<ComboAddress,ComboAddress::addressOnlyHash,ComboAddress::addressOnlyEqual> cas_t;
diff --git a/dns/powerdns-recursor/files/patch-mtasker__fcontext.cc b/dns/powerdns-recursor/files/patch-mtasker__fcontext.cc
deleted file mode 100644
index 41dd007e1309..000000000000
--- a/dns/powerdns-recursor/files/patch-mtasker__fcontext.cc
+++ /dev/null
@@ -1,154 +0,0 @@
-rec: Add support for boost::context >= 1.61
-
-https://github.com/PowerDNS/pdns/commits/64413f6afd9b/pdns/mtasker_fcontext.cc
-
---- mtasker_fcontext.cc.orig	2016-09-06 12:50:29 UTC
-+++ mtasker_fcontext.cc
-@@ -23,14 +23,15 @@
- #include <exception>
- #include <cassert>
- #include <type_traits>
--#if BOOST_VERSION > 106100
--#include <boost/context/detail/fcontext.hpp>
--#else
--#include <boost/context/fcontext.hpp>
--#endif
- #include <boost/version.hpp>
--
-+#if BOOST_VERSION < 106100
-+#include <boost/context/fcontext.hpp>
- using boost::context::make_fcontext;
-+#else
-+#include <boost/context/detail/fcontext.hpp>
-+using boost::context::detail::make_fcontext;
-+#endif /* BOOST_VERSION < 106100 */
-+
- 
- #if BOOST_VERSION < 105600
- /* Note: This typedef means functions taking fcontext_t*, like jump_fcontext(),
-@@ -61,8 +62,15 @@ jump_fcontext (fcontext_t* const ofc, fc
-     }
- }
- #else
-+
-+#if BOOST_VERSION < 106100
- using boost::context::fcontext_t;
- using boost::context::jump_fcontext;
-+#else
-+using boost::context::detail::fcontext_t;
-+using boost::context::detail::jump_fcontext;
-+using boost::context::detail::transfer_t;
-+#endif /* BOOST_VERSION < 106100 */
- 
- static_assert (std::is_pointer<fcontext_t>::value,
-                "Boost Context has changed the fcontext_t type again :-(");
-@@ -72,7 +80,9 @@ static_assert (std::is_pointer<fcontext_
-  * jump. args_t simply provides a way to pass more by reference.
-  */
- struct args_t {
-+#if BOOST_VERSION < 106100
-     fcontext_t prev_ctx = nullptr;
-+#endif
-     pdns_ucontext_t* self = nullptr;
-     boost::function<void(void)>* work = nullptr;
- };
-@@ -80,7 +90,11 @@ struct args_t {
- extern "C" {
- static
- void
-+#if BOOST_VERSION < 106100
- threadWrapper (intptr_t const xargs) {
-+#else
-+threadWrapper (transfer_t const t) {
-+#endif
-     /* Access the args passed from pdns_makecontext, and copy them directly from
-      * the calling stack on to ours (we're now using the MThreads stack).
-      * This saves heap allocating an args object, at the cost of an extra
-@@ -90,11 +104,28 @@ threadWrapper (intptr_t const xargs) {
-      * the behaviour of the System V implementation, which can inherently only
-      * be passed ints and pointers.
-      */
-+#if BOOST_VERSION < 106100
-     auto args = reinterpret_cast<args_t*>(xargs);
-+#else
-+    auto args = reinterpret_cast<args_t*>(t.data);
-+#endif
-     auto ctx = args->self;
-     auto work = args->work;
-+    /* we switch back to pdns_makecontext() */
-+#if BOOST_VERSION < 106100
-     jump_fcontext (reinterpret_cast<fcontext_t*>(&ctx->uc_mcontext),
-                    static_cast<fcontext_t>(args->prev_ctx), 0);
-+#else
-+    transfer_t res = jump_fcontext (t.fctx, 0);
-+    /* we got switched back from pdns_swapcontext() */
-+    if (res.data) {
-+      /* if res.data is not a nullptr, it holds a pointer to the context
-+         we just switched from, and we need to fill it to be able to
-+         switch back to it later. */
-+      fcontext_t* ptr = static_cast<fcontext_t*>(res.data);
-+      *ptr = res.fctx;
-+    }
-+#endif
-     args = nullptr;
- 
-     try {
-@@ -106,9 +137,14 @@ threadWrapper (intptr_t const xargs) {
- 
-     /* Emulate the System V uc_link feature. */
-     auto const next_ctx = ctx->uc_link->uc_mcontext;
-+#if BOOST_VERSION < 106100
-     jump_fcontext (reinterpret_cast<fcontext_t*>(&ctx->uc_mcontext),
-                    static_cast<fcontext_t>(next_ctx),
-                    static_cast<bool>(ctx->exception));
-+#else
-+    jump_fcontext (static_cast<fcontext_t>(next_ctx), 0);
-+#endif
-+
- #ifdef NDEBUG
-     __builtin_unreachable();
- #endif
-@@ -129,10 +165,27 @@ pdns_ucontext_t::~pdns_ucontext_t
- void
- pdns_swapcontext
- (pdns_ucontext_t& __restrict octx, pdns_ucontext_t const& __restrict ctx) {
-+  /* we either switch back to threadwrapper() if it's the first time,
-+     or we switch back to pdns_swapcontext(),
-+     in both case we will be returning from a call to jump_fcontext(). */
-+#if BOOST_VERSION < 106100
-     if (jump_fcontext (reinterpret_cast<fcontext_t*>(&octx.uc_mcontext),
-                        static_cast<fcontext_t>(ctx.uc_mcontext), 0)) {
-         std::rethrow_exception (ctx.exception);
-     }
-+#else
-+  transfer_t res = jump_fcontext (static_cast<fcontext_t>(ctx.uc_mcontext), &octx.uc_mcontext);
-+  if (res.data) {
-+    /* if res.data is not a nullptr, it holds a pointer to the context
-+       we just switched from, and we need to fill it to be able to
-+       switch back to it later. */
-+    fcontext_t* ptr = static_cast<fcontext_t*>(res.data);
-+    *ptr = res.fctx;
-+  }
-+  if (ctx.exception) {
-+    std::rethrow_exception (ctx.exception);
-+  }
-+#endif
- }
- 
- void
-@@ -146,7 +199,15 @@ pdns_makecontext
-     args_t args;
-     args.self = &ctx;
-     args.work = &start;
-+    /* jumping to threadwrapper */
-+#if BOOST_VERSION < 106100
-     jump_fcontext (reinterpret_cast<fcontext_t*>(&args.prev_ctx),
-                    static_cast<fcontext_t>(ctx.uc_mcontext),
-                    reinterpret_cast<intptr_t>(&args));
-+#else
-+    transfer_t res = jump_fcontext (static_cast<fcontext_t>(ctx.uc_mcontext),
-+                                    &args);
-+    /* back from threadwrapper, updating the context */
-+    ctx.uc_mcontext = res.fctx;
-+#endif
- }