aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorswills <swills@FreeBSD.org>2014-02-15 03:06:46 +0800
committerswills <swills@FreeBSD.org>2014-02-15 03:06:46 +0800
commit571d669e38dea8e395e308aab643e880bdfa5415 (patch)
tree1d9fef570a86f32c72d3b1b438247e47ec5d5927 /net
parent578d549a5fc65aa2b6ae9f0823964ce0c34b9a4f (diff)
downloadfreebsd-ports-gnome-571d669e38dea8e395e308aab643e880bdfa5415.tar.gz
freebsd-ports-gnome-571d669e38dea8e395e308aab643e880bdfa5415.tar.zst
freebsd-ports-gnome-571d669e38dea8e395e308aab643e880bdfa5415.zip
Patches that address CVE-2014-0083
Submitted by: delphij
Diffstat (limited to 'net')
-rw-r--r--net/rubygem-net-ldap/Makefile2
-rw-r--r--net/rubygem-net-ldap/files/patch-CVE-2014-008355
2 files changed, 56 insertions, 1 deletions
diff --git a/net/rubygem-net-ldap/Makefile b/net/rubygem-net-ldap/Makefile
index 4f6f61591732..b43c602dacf5 100644
--- a/net/rubygem-net-ldap/Makefile
+++ b/net/rubygem-net-ldap/Makefile
@@ -3,7 +3,7 @@
PORTNAME= net-ldap
PORTVERSION= 0.3.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net rubygems
MASTER_SITES= RG
diff --git a/net/rubygem-net-ldap/files/patch-CVE-2014-0083 b/net/rubygem-net-ldap/files/patch-CVE-2014-0083
new file mode 100644
index 000000000000..885eb385d44c
--- /dev/null
+++ b/net/rubygem-net-ldap/files/patch-CVE-2014-0083
@@ -0,0 +1,55 @@
+--- lib/net/ldap/password.rb.orig 2014-02-13 17:28:50.000000000 -0800
++++ lib/net/ldap/password.rb 2014-02-13 17:29:06.000000000 -0800
+@@ -1,31 +1,38 @@
+ # -*- ruby encoding: utf-8 -*-
+ require 'digest/sha1'
+ require 'digest/md5'
++require 'base64'
++require 'securerandom'
+
+ class Net::LDAP::Password
+ class << self
+ # Generate a password-hash suitable for inclusion in an LDAP attribute.
+- # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
++ # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
+ # password. This function will return a hashed representation.
+ #
+ #--
+ # STUB: This is here to fulfill the requirements of an RFC, which
+ # one?
+ #
+- # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
+- # sha1 as a synonym for sha1? I vote no because then should you also
+- # provide ssha1 for symmetry?
++ # TODO:
++ # * maybe salted-md5
++ # * Should we provide sha1 as a synonym for sha1? I vote no because then
++ # should you also provide ssha1 for symmetry?
++ #
++ attribute_value = ""
+ def generate(type, str)
+- digest, digest_name = case type
+- when :md5
+- [Digest::MD5.new, 'MD5']
+- when :sha
+- [Digest::SHA1.new, 'SHA']
+- else
+- raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+- end
+- digest << str.to_s
+- return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
++ case type
++ when :md5
++ attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
++ when :sha
++ attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
++ when :ssha
++ salt = SecureRandom.random_bytes(16)
++ attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
++ else
++ raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
++ end
++ return attribute_value
+ end
+ end
+ end