ports/129016: [patch] Fixes to security/p5-Net-OpenID-Server

Alex Kapranoff kappa at rambler-co.ru
Thu Nov 20 14:30:10 UTC 2008 

>Number:         129016
>Category:       ports
>Synopsis:       [patch] Fixes to security/p5-Net-OpenID-Server
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 20 14:30:10 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Alex Kapranoff
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
Rambler
>Environment:
FreeBSD capella.park.rambler.ru 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Fri Mar 17 16:20:26 MSK 2006     root at capella.park.rambler.ru:/usr/obj/usr/src/sys/CAPELLA2  i386

	
>Description:

These fixes are reported to the author of the module. He promised to
include them in the next release but there's no progress yet. So why
not include them at least in FreeBSD?

>How-To-Repeat:
	
>Fix:

===> Generating patch
===> Viewing diff with more
diff -ruN --exclude=CVS /usr/ports/security/p5-Net-OpenID-Server/Makefile /usr/home/kappa/work/ports/p5-Net-OpenID-Server/Makefile
--- /usr/ports/security/p5-Net-OpenID-Server/Makefile	2008-10-29 23:43:07.000000000 +0300
+++ /usr/home/kappa/work/ports/p5-Net-OpenID-Server/Makefile	2008-11-20 17:15:45.000000000 +0300
@@ -7,6 +7,7 @@
 
 PORTNAME=	Net-OpenID-Server
 PORTVERSION=	1.01
+PORTREVISION=	1
 CATEGORIES=	security perl5
 MASTER_SITES=	CPAN
 PKGNAMEPREFIX=	p5-
diff -ruN --exclude=CVS /usr/ports/security/p5-Net-OpenID-Server/files/patch-Server.pm /usr/home/kappa/work/ports/p5-Net-OpenID-Server/files/patch-Server.pm
--- /usr/ports/security/p5-Net-OpenID-Server/files/patch-Server.pm	1970-01-01 03:00:00.000000000 +0300
+++ /usr/home/kappa/work/ports/p5-Net-OpenID-Server/files/patch-Server.pm	2008-11-20 17:15:32.000000000 +0300
@@ -0,0 +1,60 @@
+--- Server.pm.orig	2008-10-13 06:36:19.000000000 +0400
++++ lib/Net/OpenID/Server.pm	2008-11-20 17:14:48.000000000 +0300
+@@ -228,8 +228,11 @@
+     my $ns           = delete $opts{'ns'};
+     my $extra_fields = delete $opts{'additional_fields'} || {};
+ 
+-    # verify the trust_root, if provided
+-    if (my $trust_root = delete $opts{'trust_root'}) {
++    # verify the trust_root and realm, if provided
++    if (my $realm = delete $opts{'realm'}) {
++        return undef unless _url_is_under($realm, $return_to);
++        delete $opts{'trust_root'};
++    } elsif (my $trust_root = delete $opts{'trust_root'}) {
+         return undef unless _url_is_under($trust_root, $return_to);
+     }
+     Carp::croak("Unknown options: " . join(", ", keys %opts)) if %opts;
+@@ -357,15 +360,20 @@
+                       $self->_setup_map("identity"),     $identity,
+                       $self->_setup_map("assoc_handle"), $self->args("openid.assoc_handle"),
+                       );
+-    $setup_args{'ns'}  = $self->args('openid.ns') if $self->args('openid.ns');
++    $setup_args{$self->_setup_map('ns')} = $self->args('openid.ns') if $self->args('openid.ns');
+ 
+     my $setup_url = $self->{setup_url} or Carp::croak("No setup_url defined.");
+     _push_url_arg(\$setup_url, %setup_args);
+ 
+     if ($mode eq "checkid_immediate") {
+         my $ret_url = $return_to;
+-        _push_url_arg(\$ret_url, "openid.mode",           "id_res");
+-        _push_url_arg(\$ret_url, "openid.user_setup_url", $setup_url);
++        if ($self->args('openid.ns') eq $OPENID2_NS) {
++            _push_url_arg(\$ret_url, "openid.ns",             $self->args('openid.ns'));
++            _push_url_arg(\$ret_url, "openid.mode",           "setup_needed");
++        } else {
++            _push_url_arg(\$ret_url, "openid.mode",           "id_res");
++            _push_url_arg(\$ret_url, "openid.user_setup_url", $setup_url);
++        }
+         return ("redirect", $ret_url);
+     } else {
+         # the "checkid_setup" mode, where we take control of the user-agent
+@@ -481,6 +489,19 @@
+     # FUTURE: protocol will let people choose their preferred authn scheme,
+     # in which case we see if we support any of them, and override the
+     # default value of HMAC-SHA1
++    
++    if ($self->pargs('openid.ns') eq $OPENID2_NS &&
++        ($self->pargs('openid.assoc_type') ne $assoc_type ||
++        $self->pargs('openid.session_type') ne 'DH-SHA1')) {
++
++        $prop{'ns'}         = $self->pargs('openid.ns') if $self->pargs('openid.ns');
++        $prop{'error_code'} = "unsupported-type";
++        $prop{'error'}      = "This server support $assoc_type only.";
++        $prop{'assoc_type'} = $assoc_type;
++        $prop{'session_type'} = "DH-SHA1";
++
++        return $self->_serialized_props(\%prop);
++    }
+ 
+     my ($assoc_handle, $secret, $expires) =
+         $self->_generate_association(type => $assoc_type);
===> Done
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list