svn commit: r344296 - in head/net/rubygem-net-ldap: . files

Steve Wills swills at FreeBSD.org
Fri Feb 14 19:06:47 UTC 2014 

Author: swills
Date: Fri Feb 14 19:06:46 2014
New Revision: 344296
URL: http://svnweb.freebsd.org/changeset/ports/344296
QAT: https://qat.redports.org/buildarchive/r344296/

Log:
  Patches that address CVE-2014-0083
  
  Submitted by:	delphij

Added:
  head/net/rubygem-net-ldap/files/patch-CVE-2014-0083   (contents, props changed)
Modified:
  head/net/rubygem-net-ldap/Makefile

Modified: head/net/rubygem-net-ldap/Makefile
==============================================================================
--- head/net/rubygem-net-ldap/Makefile	Fri Feb 14 18:57:15 2014	(r344295)
+++ head/net/rubygem-net-ldap/Makefile	Fri Feb 14 19:06:46 2014	(r344296)
@@ -3,7 +3,7 @@
 
 PORTNAME=	net-ldap
 PORTVERSION=	0.3.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net rubygems
 MASTER_SITES=	RG
 

Added: head/net/rubygem-net-ldap/files/patch-CVE-2014-0083
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/rubygem-net-ldap/files/patch-CVE-2014-0083	Fri Feb 14 19:06:46 2014	(r344296)
@@ -0,0 +1,55 @@
+--- lib/net/ldap/password.rb.orig	2014-02-13 17:28:50.000000000 -0800
++++ lib/net/ldap/password.rb	2014-02-13 17:29:06.000000000 -0800
+@@ -1,31 +1,38 @@
+ # -*- ruby encoding: utf-8 -*-
+ require 'digest/sha1'
+ require 'digest/md5'
++require 'base64'
++require 'securerandom'
+ 
+ class Net::LDAP::Password
+   class << self
+     # Generate a password-hash suitable for inclusion in an LDAP attribute.
+-    # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
++    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
+     # password. This function will return a hashed representation.
+     #
+     #--
+     # STUB: This is here to fulfill the requirements of an RFC, which
+     # one?
+     #
+-    # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
+-    # sha1 as a synonym for sha1? I vote no because then should you also
+-    # provide ssha1 for symmetry?
++    # TODO:
++    # * maybe salted-md5
++    # * Should we provide sha1 as a synonym for sha1? I vote no because then
++    #   should you also provide ssha1 for symmetry?
++    #
++    attribute_value = ""
+     def generate(type, str)
+-      digest, digest_name = case type
+-                            when :md5
+-                              [Digest::MD5.new, 'MD5']
+-                            when :sha
+-                              [Digest::SHA1.new, 'SHA']
+-                            else
+-                              raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+-                            end
+-      digest << str.to_s
+-      return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
++       case type
++         when :md5
++            attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp! 
++         when :sha
++            attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! 
++         when :ssha
++            salt = SecureRandom.random_bytes(16)
++            attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
++         else
++            raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
++         end
++      return attribute_value
+     end
+   end
+ end

More information about the svn-ports-all mailing list