2 files changed, 56 insertions, 1 deletions

diff --git a/net/rubygem-net-ldap/Makefile b/net/rubygem-net-ldap/Makefile
index 4f6f61591732..b43c602dacf5 100644
--- a/net/rubygem-net-ldap/Makefile
+++ b/net/rubygem-net-ldap/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	net-ldap
 PORTVERSION=	0.3.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net rubygems
 MASTER_SITES=	RG
 
diff --git a/net/rubygem-net-ldap/files/patch-CVE-2014-0083 b/net/rubygem-net-ldap/files/patch-CVE-2014-0083
new file mode 100644
index 000000000000..885eb385d44c
--- /dev/null
+++ b/net/rubygem-net-ldap/files/patch-CVE-2014-0083
@@ -0,0 +1,55 @@
+--- lib/net/ldap/password.rb.orig	2014-02-13 17:28:50.000000000 -0800
++++ lib/net/ldap/password.rb	2014-02-13 17:29:06.000000000 -0800
+@@ -1,31 +1,38 @@
+ # -*- ruby encoding: utf-8 -*-
+ require 'digest/sha1'
+ require 'digest/md5'
++require 'base64'
++require 'securerandom'
+ 
+ class Net::LDAP::Password
+   class << self
+     # Generate a password-hash suitable for inclusion in an LDAP attribute.
+-    # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
++    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
+     # password. This function will return a hashed representation.
+     #
+     #--
+     # STUB: This is here to fulfill the requirements of an RFC, which
+     # one?
+     #
+-    # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
+-    # sha1 as a synonym for sha1? I vote no because then should you also
+-    # provide ssha1 for symmetry?
++    # TODO:
++    # * maybe salted-md5
++    # * Should we provide sha1 as a synonym for sha1? I vote no because then
++    #   should you also provide ssha1 for symmetry?
++    #
++    attribute_value = ""
+     def generate(type, str)
+-      digest, digest_name = case type
+-                            when :md5
+-                              [Digest::MD5.new, 'MD5']
+-                            when :sha
+-                              [Digest::SHA1.new, 'SHA']
+-                            else
+-                              raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+-                            end
+-      digest << str.to_s
+-      return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
++       case type
++         when :md5
++            attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp! 
++         when :sha
++            attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! 
++         when :ssha
++            salt = SecureRandom.random_bytes(16)
++            attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
++         else
++            raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
++         end
++      return attribute_value
+     end
+   end
+ end