aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/rubygem-net-ldap/Makefile2
-rw-r--r--net/rubygem-net-ldap/files/patch-CVE-2014-008355
2 files changed, 56 insertions, 1 deletions
diff --git a/net/rubygem-net-ldap/Makefile b/net/rubygem-net-ldap/Makefile
index 4f6f61591732..b43c602dacf5 100644
--- a/net/rubygem-net-ldap/Makefile
+++ b/net/rubygem-net-ldap/Makefile
@@ -3,7 +3,7 @@
PORTNAME= net-ldap
PORTVERSION= 0.3.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net rubygems
MASTER_SITES= RG
diff --git a/net/rubygem-net-ldap/files/patch-CVE-2014-0083 b/net/rubygem-net-ldap/files/patch-CVE-2014-0083
new file mode 100644
index 000000000000..885eb385d44c
--- /dev/null
+++ b/net/rubygem-net-ldap/files/patch-CVE-2014-0083
@@ -0,0 +1,55 @@
+--- lib/net/ldap/password.rb.orig 2014-02-13 17:28:50.000000000 -0800
++++ lib/net/ldap/password.rb 2014-02-13 17:29:06.000000000 -0800
+@@ -1,31 +1,38 @@
+ # -*- ruby encoding: utf-8 -*-
+ require 'digest/sha1'
+ require 'digest/md5'
++require 'base64'
++require 'securerandom'
+
+ class Net::LDAP::Password
+ class << self
+ # Generate a password-hash suitable for inclusion in an LDAP attribute.
+- # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
++ # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
+ # password. This function will return a hashed representation.
+ #
+ #--
+ # STUB: This is here to fulfill the requirements of an RFC, which
+ # one?
+ #
+- # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
+- # sha1 as a synonym for sha1? I vote no because then should you also
+- # provide ssha1 for symmetry?
++ # TODO:
++ # * maybe salted-md5
++ # * Should we provide sha1 as a synonym for sha1? I vote no because then
++ # should you also provide ssha1 for symmetry?
++ #
++ attribute_value = ""
+ def generate(type, str)
+- digest, digest_name = case type
+- when :md5
+- [Digest::MD5.new, 'MD5']
+- when :sha
+- [Digest::SHA1.new, 'SHA']
+- else
+- raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+- end
+- digest << str.to_s
+- return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
++ case type
++ when :md5
++ attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
++ when :sha
++ attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
++ when :ssha
++ salt = SecureRandom.random_bytes(16)
++ attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
++ else
++ raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
++ end
++ return attribute_value
+ end
+ end
+ end