diff options
author | swills <swills@FreeBSD.org> | 2014-02-15 03:06:46 +0800 |
---|---|---|
committer | swills <swills@FreeBSD.org> | 2014-02-15 03:06:46 +0800 |
commit | 571d669e38dea8e395e308aab643e880bdfa5415 (patch) | |
tree | 1d9fef570a86f32c72d3b1b438247e47ec5d5927 /net | |
parent | 578d549a5fc65aa2b6ae9f0823964ce0c34b9a4f (diff) | |
download | freebsd-ports-gnome-571d669e38dea8e395e308aab643e880bdfa5415.tar.gz freebsd-ports-gnome-571d669e38dea8e395e308aab643e880bdfa5415.tar.zst freebsd-ports-gnome-571d669e38dea8e395e308aab643e880bdfa5415.zip |
Patches that address CVE-2014-0083
Submitted by: delphij
Diffstat (limited to 'net')
-rw-r--r-- | net/rubygem-net-ldap/Makefile | 2 | ||||
-rw-r--r-- | net/rubygem-net-ldap/files/patch-CVE-2014-0083 | 55 |
2 files changed, 56 insertions, 1 deletions
diff --git a/net/rubygem-net-ldap/Makefile b/net/rubygem-net-ldap/Makefile index 4f6f61591732..b43c602dacf5 100644 --- a/net/rubygem-net-ldap/Makefile +++ b/net/rubygem-net-ldap/Makefile @@ -3,7 +3,7 @@ PORTNAME= net-ldap PORTVERSION= 0.3.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net rubygems MASTER_SITES= RG diff --git a/net/rubygem-net-ldap/files/patch-CVE-2014-0083 b/net/rubygem-net-ldap/files/patch-CVE-2014-0083 new file mode 100644 index 000000000000..885eb385d44c --- /dev/null +++ b/net/rubygem-net-ldap/files/patch-CVE-2014-0083 @@ -0,0 +1,55 @@ +--- lib/net/ldap/password.rb.orig 2014-02-13 17:28:50.000000000 -0800 ++++ lib/net/ldap/password.rb 2014-02-13 17:29:06.000000000 -0800 +@@ -1,31 +1,38 @@ + # -*- ruby encoding: utf-8 -*- + require 'digest/sha1' + require 'digest/md5' ++require 'base64' ++require 'securerandom' + + class Net::LDAP::Password + class << self + # Generate a password-hash suitable for inclusion in an LDAP attribute. +- # Pass a hash type (currently supported: :md5 and :sha) and a plaintext ++ # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext + # password. This function will return a hashed representation. + # + #-- + # STUB: This is here to fulfill the requirements of an RFC, which + # one? + # +- # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide +- # sha1 as a synonym for sha1? I vote no because then should you also +- # provide ssha1 for symmetry? ++ # TODO: ++ # * maybe salted-md5 ++ # * Should we provide sha1 as a synonym for sha1? I vote no because then ++ # should you also provide ssha1 for symmetry? ++ # ++ attribute_value = "" + def generate(type, str) +- digest, digest_name = case type +- when :md5 +- [Digest::MD5.new, 'MD5'] +- when :sha +- [Digest::SHA1.new, 'SHA'] +- else +- raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})" +- end +- digest << str.to_s +- return "{#{digest_name}}#{[digest.digest].pack('m').chomp }" ++ case type ++ when :md5 ++ attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp! ++ when :sha ++ attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! ++ when :ssha ++ salt = SecureRandom.random_bytes(16) ++ attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp! ++ else ++ raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})" ++ end ++ return attribute_value + end + end + end |