diff --git a/dns/powerdns/Makefile b/dns/powerdns/Makefile
index 3f6d4e520844..690787c2e53f 100644
--- a/dns/powerdns/Makefile
+++ b/dns/powerdns/Makefile
@@ -1,133 +1,133 @@
 PORTNAME=	powerdns
-DISTVERSION=	4.6.0
+DISTVERSION=	4.6.1
 CATEGORIES=	dns
 MASTER_SITES=	https://downloads.powerdns.com/releases/
 DISTNAME=	pdns-${DISTVERSION}
 
 MAINTAINER=	tremere@cainites.net
 COMMENT=	Advanced DNS server with multiple backends including SQL
 
 LICENSE=	GPLv2
 
 BROKEN_sparc64=	Does not compile: error: to_string is not a member of std
 NOT_FOR_ARCHS=	i386
 NOT_FOR_ARCHS_REASON=	archs with 32-bits time_t are no longer supported by upstream
 
 LIB_DEPENDS=	libboost_serialization.so:devel/boost-libs \
 		libcurl.so:ftp/curl
 
 USES=		autoreconf compiler:c++11-lib cpe gmake libtool \
 		localbase:ldflags pathfix pkgconfig ssl tar:bzip2
 
 USE_RC_SUBR=	pdns
 USE_SUBMAKE=	YES
 
 GNU_CONFIGURE=	YES
 CONFIGURE_ARGS=	--disable-static \
 		--docdir="${PREFIX}/share/doc/powerdns" \
 		--sysconfdir="${PREFIX}/etc/pdns" \
 		--with-boost="${LOCALBASE}" \
 		--with-dynmodules="pipe bind ${MODULES}" \
 		--with-modules="" \
 		--with-libsodium=no
 
 SCRIPTS_ENV=	CURDIR2="${.CURDIR}" \
 		DISTNAME="${DISTNAME}" \
 		MKDIR="${MKDIR}" \
 		POWERDNS_OPTIONS="${POWERDNS_OPTIONS}" \
 		WRKDIRPREFIX="${WRKDIRPREFIX}"
 INSTALL_TARGET=	install-strip
 SUB_FILES=	pkg-message
 
 USERS=		pdns
 GROUPS=		pdns
 
 OPTIONS_DEFINE=			DOCS EXAMPLES GEOIP IXFRDIST LMDB LUABACKEND \
 				MYSQL OPENLDAP PGSQL REMOTE SQLITE3 TINYDNS \
 				TOOLS UNIXODBC
 OPTIONS_DEFAULT=		LMDB LUA MYSQL PGSQL SQLITE3
 OPTIONS_GROUP=			GEOIPOPT REMOTEOPT
 OPTIONS_GROUP_REMOTEOPT=	ZEROMQ
 OPTIONS_SINGLE=			EXTLUA
 OPTIONS_SINGLE_EXTLUA=		LUA LUAJIT LUAJITOR
 
 OPTIONS_SUB=	yes
 
 GEOIPOPT_DESC=		GeoIP DB options
 GEOIP_DESC=		GeoIP backend (GeoIP2 DB)
 IXFRDIST_DESC=		Build ixfrdist
 LMDB_DESC=		LMDB backend
 LUABACKEND_DESC=	Lua2 backend
 LUAJITOR_DESC=		Use lang/luajit-openresty
 LUAJIT_DESC=		Use lang/luajit
 LUA_DESC=		Use lang/lua
 MYSQL_DESC=		MySQL backend
 OPENLDAP_DESC=		OpenLDAP backend
 PGSQL_DESC=		PostgreSQL backend
 REMOTEOPT_DESC=		Remote backend connectors
 REMOTE_DESC=		Remote backend
 SQLITE3_DESC=		SQLite 3 backend
 TINYDNS_DESC=		TinyDNS backend
 TOOLS_DESC=		Build extra tools
 ZEROMQ_DESC=		Enable ZeroMQ connector (Implies REMOTE enabled)
 
 GEOIP_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb \
 			libyaml-cpp.so:devel/yaml-cpp
 GEOIP_VARS=		MODULES+=geoip
 
 IXFRDIST_LIB_DEPENDS=		libyaml-cpp.so:devel/yaml-cpp
 IXFRDIST_CONFIGURE_ENABLE=	ixfrdist
 
 LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
 LMDB_CONFIGURE_ON=	--with-lmdb=${LOCALBASE}
 LMDB_CONFIGURE_OFF=	--without-lmdb
 LMDB_VARS=		MODULES+=lmdb
 
 LUABACKEND_VARS=	MODULES+=lua2
 
 LUAJITOR_LIB_DEPENDS=	libluajit-5.1.so.2:lang/luajit-openresty
 LUAJITOR_CONFIGURE_ON=	--with-lua=luajit
 
 LUAJIT_LIB_DEPENDS=	libluajit-5.1.so.2:lang/luajit
 LUAJIT_CONFIGURE_ON=	--with-lua=luajit
 
 LUA_USES=	lua
 
 MYSQL_USES=		mysql
 MYSQL_CONFIGURE_ON=	--with-mysql=${LOCALBASE}
 MYSQL_CONFIGURE_OFF=	--without-mysql
 MYSQL_VARS=		MODULES+=gmysql
 
 OPENLDAP_USE=		OPENLDAP=YES
 OPENLDAP_CXXFLAGS=	-DLDAP_DEPRECATED=1
 OPENLDAP_VARS=		MODULES+=ldap
 
 PGSQL_USES=		pgsql
 PGSQL_CONFIGURE_ON=	--with-pg-config=${LOCALBASE}/bin/pg_config
 PGSQL_VARS=		MODULES+=gpgsql
 
 REMOTE_VARS=	MODULES+=remote
 
 SQLITE3_USES=	sqlite:3
 SQLITE3_VARS=	MODULES+=gsqlite3
 
 TINYDNS_LIB_DEPENDS=	libcdb.so:databases/tinycdb
 TINYDNS_CONFIGURE_ON=	CDB_CFLAGS="-I${LOCALBASE}/include" \
 			CDB_LIBS="-L${LOCALBASE}/lib -lcdb"
 TINYDNS_VARS=		MODULES+=tinydns
 
 TOOLS_CONFIGURE_ENABLE=	tools
 
 UNIXODBC_LIB_DEPENDS=	libodbc.so:databases/unixODBC
 UNIXODBC_VARS=		MODULES+=godbc
 
 ZEROMQ_IMPLIES=		REMOTE
 ZEROMQ_LIB_DEPENDS=	libzmq.so:net/libzmq4
 ZEROMQ_CONFIGURE_ON=	--enable-remotebackend-zeromq
 
 post-install::
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${STAGEDIR}/var/run/pdns
 	@${STAGEDIR}${PREFIX}/sbin/pdns_server --module-dir=${STAGEDIR}${PREFIX}/lib/pdns --launch="pipe bind ${MODULES}" --config > ${STAGEDIR}${EXAMPLESDIR}/pdns.conf
 	@${REINPLACE_CMD} -e 's;${STAGEDIR};;' -i '' ${STAGEDIR}${EXAMPLESDIR}/pdns.conf
 
 .include <bsd.port.mk>
diff --git a/dns/powerdns/distinfo b/dns/powerdns/distinfo
index 5c1782eebd72..ddaf4dbe680d 100644
--- a/dns/powerdns/distinfo
+++ b/dns/powerdns/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1648050226
-SHA256 (pdns-4.6.0.tar.bz2) = b9effb7968a7badbb91eea431c73346482a67592684d84660edd8b7528cc1325
-SIZE (pdns-4.6.0.tar.bz2) = 1299604
+TIMESTAMP = 1648224641
+SHA256 (pdns-4.6.1.tar.bz2) = 7912b14887d62845185f7ce4b47db580eaa7b8b897dcb1c9555dfe0fac5efae3
+SIZE (pdns-4.6.1.tar.bz2) = 1315530
diff --git a/dns/powerdns/files/patch-credentials.cc b/dns/powerdns/files/patch-credentials.cc
new file mode 100644
index 000000000000..791344b68a30
--- /dev/null
+++ b/dns/powerdns/files/patch-credentials.cc
@@ -0,0 +1,101 @@
+--- pdns/credentials.cc.orig	2021-11-23 18:39:17 UTC
++++ pdns/credentials.cc
+@@ -28,7 +28,7 @@
+ #include <sodium.h>
+ #endif
+ 
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+ #include <openssl/evp.h>
+ #include <openssl/kdf.h>
+ #include <openssl/rand.h>
+@@ -42,7 +42,7 @@
+ #include "credentials.hh"
+ #include "misc.hh"
+ 
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+ static size_t const pwhash_max_size = 128U; /* maximum size of the output */
+ static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */
+ static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */
+@@ -95,7 +95,7 @@ void SensitiveData::clear()
+ 
+ static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   auto pctx = std::unique_ptr<EVP_PKEY_CTX, void (*)(EVP_PKEY_CTX*)>(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free);
+   if (!pctx) {
+     throw std::runtime_error("Error getting a scrypt context to hash the supplied password");
+@@ -142,7 +142,7 @@ static std::string hashPasswordInternal(const std::str
+ 
+ static std::string generateRandomSalt()
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   /* generate a random salt */
+   std::string salt;
+   salt.resize(pwhash_salt_size);
+@@ -159,7 +159,7 @@ static std::string generateRandomSalt()
+ 
+ std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize)
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   std::string result;
+   result.reserve(pwhash_max_size);
+ 
+@@ -187,7 +187,7 @@ std::string hashPassword(const std::string& password, 
+ 
+ std::string hashPassword(const std::string& password)
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize);
+ #else
+   throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available");
+@@ -196,7 +196,7 @@ std::string hashPassword(const std::string& password)
+ 
+ bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword)
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize);
+   return constantTimeStringEquals(expected, binaryHash);
+ #else
+@@ -207,7 +207,7 @@ bool verifyPassword(const std::string& binaryHash, con
+ /* parse a hashed password in PHC string format */
+ static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize)
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   auto parametersEnd = hash.find('$', pwhash_prefix.size());
+   if (parametersEnd == std::string::npos || parametersEnd == hash.size()) {
+     throw std::runtime_error("Invalid hashed password format, no parameters");
+@@ -276,7 +276,7 @@ bool verifyPassword(const std::string& hash, const std
+     return false;
+   }
+ 
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   std::string salt;
+   std::string hashedPassword;
+   uint64_t workFactor = 0;
+@@ -294,7 +294,7 @@ bool verifyPassword(const std::string& hash, const std
+ 
+ bool isPasswordHashed(const std::string& password)
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) {
+     return false;
+   }
+@@ -389,7 +389,7 @@ bool CredentialsHolder::matches(const std::string& pas
+ 
+ bool CredentialsHolder::isHashingAvailable()
+ {
+-#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
++#if defined(HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT) && defined(EVP_PKEY_SCRYPT)
+   return true;
+ #else
+   return false;