Date: Fri, 14 Feb 2014 19:06:46 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r344296 - in head/net/rubygem-net-ldap: . files Message-ID: <201402141906.s1EJ6k2u086006@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Fri Feb 14 19:06:46 2014 New Revision: 344296 URL: http://svnweb.freebsd.org/changeset/ports/344296 QAT: https://qat.redports.org/buildarchive/r344296/ Log: Patches that address CVE-2014-0083 Submitted by: delphij Added: head/net/rubygem-net-ldap/files/patch-CVE-2014-0083 (contents, props changed) Modified: head/net/rubygem-net-ldap/Makefile Modified: head/net/rubygem-net-ldap/Makefile ============================================================================== --- head/net/rubygem-net-ldap/Makefile Fri Feb 14 18:57:15 2014 (r344295) +++ head/net/rubygem-net-ldap/Makefile Fri Feb 14 19:06:46 2014 (r344296) @@ -3,7 +3,7 @@ PORTNAME= net-ldap PORTVERSION= 0.3.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net rubygems MASTER_SITES= RG Added: head/net/rubygem-net-ldap/files/patch-CVE-2014-0083 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/rubygem-net-ldap/files/patch-CVE-2014-0083 Fri Feb 14 19:06:46 2014 (r344296) @@ -0,0 +1,55 @@ +--- lib/net/ldap/password.rb.orig 2014-02-13 17:28:50.000000000 -0800 ++++ lib/net/ldap/password.rb 2014-02-13 17:29:06.000000000 -0800 +@@ -1,31 +1,38 @@ + # -*- ruby encoding: utf-8 -*- + require 'digest/sha1' + require 'digest/md5' ++require 'base64' ++require 'securerandom' + + class Net::LDAP::Password + class << self + # Generate a password-hash suitable for inclusion in an LDAP attribute. +- # Pass a hash type (currently supported: :md5 and :sha) and a plaintext ++ # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext + # password. This function will return a hashed representation. + # + #-- + # STUB: This is here to fulfill the requirements of an RFC, which + # one? + # +- # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide +- # sha1 as a synonym for sha1? I vote no because then should you also +- # provide ssha1 for symmetry? ++ # TODO: ++ # * maybe salted-md5 ++ # * Should we provide sha1 as a synonym for sha1? I vote no because then ++ # should you also provide ssha1 for symmetry? ++ # ++ attribute_value = "" + def generate(type, str) +- digest, digest_name = case type +- when :md5 +- [Digest::MD5.new, 'MD5'] +- when :sha +- [Digest::SHA1.new, 'SHA'] +- else +- raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})" +- end +- digest << str.to_s +- return "{#{digest_name}}#{[digest.digest].pack('m').chomp }" ++ case type ++ when :md5 ++ attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp! ++ when :sha ++ attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! ++ when :ssha ++ salt = SecureRandom.random_bytes(16) ++ attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp! ++ else ++ raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})" ++ end ++ return attribute_value + end + end + end
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402141906.s1EJ6k2u086006>