Patches that address CVE-2014-0083

Submitted by: delphij
svn path=/head/; revision=344296
2024-11-21 00:25:50 +00:00 · 2014-02-14 19:06:46 +00:00 · 2014-02-14 19:06:46 +00:00 · cac6549a09 · 2021-03-31 03:12:20 +00:00
commit cac6549a09
parent ffbdd6fe3a
2 changed files with 56 additions and 1 deletions
--- a/net/rubygem-net-ldap/Makefile
+++ b/net/rubygem-net-ldap/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	net-ldap
 PORTVERSION=	0.3.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net rubygems
 MASTER_SITES=	RG

--- a/net/rubygem-net-ldap/files/patch-CVE-2014-0083
+++ b/net/rubygem-net-ldap/files/patch-CVE-2014-0083
@ -0,0 +1,55 @@
+--- lib/net/ldap/password.rb.orig	2014-02-13 17:28:50.000000000 -0800
+++ lib/net/ldap/password.rb	2014-02-13 17:29:06.000000000 -0800
+@@ -1,31 +1,38 @@
+ # -*- ruby encoding: utf-8 -*-
+ require 'digest/sha1'
+ require 'digest/md5'
+require 'base64'
+require 'securerandom'
+ 
+ class Net::LDAP::Password
+   class << self
+     # Generate a password-hash suitable for inclusion in an LDAP attribute.
+-    # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
+    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
+     # password. This function will return a hashed representation.
+     #
+     #--
+     # STUB: This is here to fulfill the requirements of an RFC, which
+     # one?
+     #
+-    # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
+-    # sha1 as a synonym for sha1? I vote no because then should you also
+-    # provide ssha1 for symmetry?
+    # TODO:
+    # * maybe salted-md5
+    # * Should we provide sha1 as a synonym for sha1? I vote no because then
+    #   should you also provide ssha1 for symmetry?
+    #
+    attribute_value = ""
+     def generate(type, str)
+-      digest, digest_name = case type
+-                            when :md5
+-                              [Digest::MD5.new, 'MD5']
+-                            when :sha
+-                              [Digest::SHA1.new, 'SHA']
+-                            else
+-                              raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+-                            end
+-      digest << str.to_s
+-      return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
+       case type
+         when :md5
+            attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp! 
+         when :sha
+            attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! 
+         when :ssha
+            salt = SecureRandom.random_bytes(16)
+            attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
+         else
+            raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+         end
+      return attribute_value
+     end
+   end
+ end