From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Nov 20 14:30:10 2008
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BEE001065674
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 20 Nov 2008 14:30:10 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 983CA8FC13
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 20 Nov 2008 14:30:10 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAKEUAZQ088877
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 20 Nov 2008 14:30:10 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAKEUAUk088874;
	Thu, 20 Nov 2008 14:30:10 GMT (envelope-from gnats)
Resent-Date: Thu, 20 Nov 2008 14:30:10 GMT
Resent-Message-Id: <200811201430.mAKEUAUk088874@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Alex Kapranoff <kappa@rambler-co.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2B2581065672
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 20 Nov 2008 14:29:18 +0000 (UTC)
	(envelope-from kappa@rambler-co.ru)
Received: from mailsupport.rambler.ru (mailsupport.rambler.ru [81.19.66.129])
	by mx1.freebsd.org (Postfix) with ESMTP id A782F8FC16
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 20 Nov 2008 14:29:17 +0000 (UTC)
	(envelope-from kappa@rambler-co.ru)
Received: from capella.park.rambler.ru (unknown [81.19.90.169])
	by mailsupport.rambler.ru (Postfix) with ESMTPSA id D146FCE
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 20 Nov 2008 17:13:25 +0300 (MSK)
Received: by capella.park.rambler.ru (Postfix, from userid 1001)
	id BF8AC4258; Thu, 20 Nov 2008 17:20:14 +0300 (MSK)
Message-Id: <20081120142014.BF8AC4258@capella.park.rambler.ru>
Date: Thu, 20 Nov 2008 17:20:14 +0300 (MSK)
From: Alex Kapranoff <kappa@rambler-co.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/129016: [patch] Fixes to security/p5-Net-OpenID-Server
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2008 14:30:10 -0000


>Number:         129016
>Category:       ports
>Synopsis:       [patch] Fixes to security/p5-Net-OpenID-Server
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 20 14:30:10 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Alex Kapranoff
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
Rambler
>Environment:
FreeBSD capella.park.rambler.ru 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Fri Mar 17 16:20:26 MSK 2006     root@capella.park.rambler.ru:/usr/obj/usr/src/sys/CAPELLA2  i386

	
>Description:

These fixes are reported to the author of the module. He promised to
include them in the next release but there's no progress yet. So why
not include them at least in FreeBSD?

>How-To-Repeat:
	
>Fix:

===> Generating patch
===> Viewing diff with more
diff -ruN --exclude=CVS /usr/ports/security/p5-Net-OpenID-Server/Makefile /usr/home/kappa/work/ports/p5-Net-OpenID-Server/Makefile
--- /usr/ports/security/p5-Net-OpenID-Server/Makefile	2008-10-29 23:43:07.000000000 +0300
+++ /usr/home/kappa/work/ports/p5-Net-OpenID-Server/Makefile	2008-11-20 17:15:45.000000000 +0300
@@ -7,6 +7,7 @@
 
 PORTNAME=	Net-OpenID-Server
 PORTVERSION=	1.01
+PORTREVISION=	1
 CATEGORIES=	security perl5
 MASTER_SITES=	CPAN
 PKGNAMEPREFIX=	p5-
diff -ruN --exclude=CVS /usr/ports/security/p5-Net-OpenID-Server/files/patch-Server.pm /usr/home/kappa/work/ports/p5-Net-OpenID-Server/files/patch-Server.pm
--- /usr/ports/security/p5-Net-OpenID-Server/files/patch-Server.pm	1970-01-01 03:00:00.000000000 +0300
+++ /usr/home/kappa/work/ports/p5-Net-OpenID-Server/files/patch-Server.pm	2008-11-20 17:15:32.000000000 +0300
@@ -0,0 +1,60 @@
+--- Server.pm.orig	2008-10-13 06:36:19.000000000 +0400
++++ lib/Net/OpenID/Server.pm	2008-11-20 17:14:48.000000000 +0300
+@@ -228,8 +228,11 @@
+     my $ns           = delete $opts{'ns'};
+     my $extra_fields = delete $opts{'additional_fields'} || {};
+ 
+-    # verify the trust_root, if provided
+-    if (my $trust_root = delete $opts{'trust_root'}) {
++    # verify the trust_root and realm, if provided
++    if (my $realm = delete $opts{'realm'}) {
++        return undef unless _url_is_under($realm, $return_to);
++        delete $opts{'trust_root'};
++    } elsif (my $trust_root = delete $opts{'trust_root'}) {
+         return undef unless _url_is_under($trust_root, $return_to);
+     }
+     Carp::croak("Unknown options: " . join(", ", keys %opts)) if %opts;
+@@ -357,15 +360,20 @@
+                       $self->_setup_map("identity"),     $identity,
+                       $self->_setup_map("assoc_handle"), $self->args("openid.assoc_handle"),
+                       );
+-    $setup_args{'ns'}  = $self->args('openid.ns') if $self->args('openid.ns');
++    $setup_args{$self->_setup_map('ns')} = $self->args('openid.ns') if $self->args('openid.ns');
+ 
+     my $setup_url = $self->{setup_url} or Carp::croak("No setup_url defined.");
+     _push_url_arg(\$setup_url, %setup_args);
+ 
+     if ($mode eq "checkid_immediate") {
+         my $ret_url = $return_to;
+-        _push_url_arg(\$ret_url, "openid.mode",           "id_res");
+-        _push_url_arg(\$ret_url, "openid.user_setup_url", $setup_url);
++        if ($self->args('openid.ns') eq $OPENID2_NS) {
++            _push_url_arg(\$ret_url, "openid.ns",             $self->args('openid.ns'));
++            _push_url_arg(\$ret_url, "openid.mode",           "setup_needed");
++        } else {
++            _push_url_arg(\$ret_url, "openid.mode",           "id_res");
++            _push_url_arg(\$ret_url, "openid.user_setup_url", $setup_url);
++        }
+         return ("redirect", $ret_url);
+     } else {
+         # the "checkid_setup" mode, where we take control of the user-agent
+@@ -481,6 +489,19 @@
+     # FUTURE: protocol will let people choose their preferred authn scheme,
+     # in which case we see if we support any of them, and override the
+     # default value of HMAC-SHA1
++    
++    if ($self->pargs('openid.ns') eq $OPENID2_NS &&
++        ($self->pargs('openid.assoc_type') ne $assoc_type ||
++        $self->pargs('openid.session_type') ne 'DH-SHA1')) {
++
++        $prop{'ns'}         = $self->pargs('openid.ns') if $self->pargs('openid.ns');
++        $prop{'error_code'} = "unsupported-type";
++        $prop{'error'}      = "This server support $assoc_type only.";
++        $prop{'assoc_type'} = $assoc_type;
++        $prop{'session_type'} = "DH-SHA1";
++
++        return $self->_serialized_props(\%prop);
++    }
+ 
+     my ($assoc_handle, $secret, $expires) =
+         $self->_generate_association(type => $assoc_type);
===> Done
>Release-Note:
>Audit-Trail:
>Unformatted: