Date: Thu, 20 Nov 2008 17:20:14 +0300 (MSK) From: Alex Kapranoff <kappa@rambler-co.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/129016: [patch] Fixes to security/p5-Net-OpenID-Server Message-ID: <20081120142014.BF8AC4258@capella.park.rambler.ru> Resent-Message-ID: <200811201430.mAKEUAUk088874@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129016
>Category: ports
>Synopsis: [patch] Fixes to security/p5-Net-OpenID-Server
>Confidential: no
>Severity: non-critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 20 14:30:10 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Alex Kapranoff
>Release: FreeBSD 5.2-CURRENT i386
>Organization:
Rambler
>Environment:
FreeBSD capella.park.rambler.ru 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0: Fri Mar 17 16:20:26 MSK 2006 root@capella.park.rambler.ru:/usr/obj/usr/src/sys/CAPELLA2 i386
>Description:
These fixes are reported to the author of the module. He promised to
include them in the next release but there's no progress yet. So why
not include them at least in FreeBSD?
>How-To-Repeat:
>Fix:
===> Generating patch
===> Viewing diff with more
diff -ruN --exclude=CVS /usr/ports/security/p5-Net-OpenID-Server/Makefile /usr/home/kappa/work/ports/p5-Net-OpenID-Server/Makefile
--- /usr/ports/security/p5-Net-OpenID-Server/Makefile 2008-10-29 23:43:07.000000000 +0300
+++ /usr/home/kappa/work/ports/p5-Net-OpenID-Server/Makefile 2008-11-20 17:15:45.000000000 +0300
@@ -7,6 +7,7 @@
PORTNAME= Net-OpenID-Server
PORTVERSION= 1.01
+PORTREVISION= 1
CATEGORIES= security perl5
MASTER_SITES= CPAN
PKGNAMEPREFIX= p5-
diff -ruN --exclude=CVS /usr/ports/security/p5-Net-OpenID-Server/files/patch-Server.pm /usr/home/kappa/work/ports/p5-Net-OpenID-Server/files/patch-Server.pm
--- /usr/ports/security/p5-Net-OpenID-Server/files/patch-Server.pm 1970-01-01 03:00:00.000000000 +0300
+++ /usr/home/kappa/work/ports/p5-Net-OpenID-Server/files/patch-Server.pm 2008-11-20 17:15:32.000000000 +0300
@@ -0,0 +1,60 @@
+--- Server.pm.orig 2008-10-13 06:36:19.000000000 +0400
++++ lib/Net/OpenID/Server.pm 2008-11-20 17:14:48.000000000 +0300
+@@ -228,8 +228,11 @@
+ my $ns = delete $opts{'ns'};
+ my $extra_fields = delete $opts{'additional_fields'} || {};
+
+- # verify the trust_root, if provided
+- if (my $trust_root = delete $opts{'trust_root'}) {
++ # verify the trust_root and realm, if provided
++ if (my $realm = delete $opts{'realm'}) {
++ return undef unless _url_is_under($realm, $return_to);
++ delete $opts{'trust_root'};
++ } elsif (my $trust_root = delete $opts{'trust_root'}) {
+ return undef unless _url_is_under($trust_root, $return_to);
+ }
+ Carp::croak("Unknown options: " . join(", ", keys %opts)) if %opts;
+@@ -357,15 +360,20 @@
+ $self->_setup_map("identity"), $identity,
+ $self->_setup_map("assoc_handle"), $self->args("openid.assoc_handle"),
+ );
+- $setup_args{'ns'} = $self->args('openid.ns') if $self->args('openid.ns');
++ $setup_args{$self->_setup_map('ns')} = $self->args('openid.ns') if $self->args('openid.ns');
+
+ my $setup_url = $self->{setup_url} or Carp::croak("No setup_url defined.");
+ _push_url_arg(\$setup_url, %setup_args);
+
+ if ($mode eq "checkid_immediate") {
+ my $ret_url = $return_to;
+- _push_url_arg(\$ret_url, "openid.mode", "id_res");
+- _push_url_arg(\$ret_url, "openid.user_setup_url", $setup_url);
++ if ($self->args('openid.ns') eq $OPENID2_NS) {
++ _push_url_arg(\$ret_url, "openid.ns", $self->args('openid.ns'));
++ _push_url_arg(\$ret_url, "openid.mode", "setup_needed");
++ } else {
++ _push_url_arg(\$ret_url, "openid.mode", "id_res");
++ _push_url_arg(\$ret_url, "openid.user_setup_url", $setup_url);
++ }
+ return ("redirect", $ret_url);
+ } else {
+ # the "checkid_setup" mode, where we take control of the user-agent
+@@ -481,6 +489,19 @@
+ # FUTURE: protocol will let people choose their preferred authn scheme,
+ # in which case we see if we support any of them, and override the
+ # default value of HMAC-SHA1
++
++ if ($self->pargs('openid.ns') eq $OPENID2_NS &&
++ ($self->pargs('openid.assoc_type') ne $assoc_type ||
++ $self->pargs('openid.session_type') ne 'DH-SHA1')) {
++
++ $prop{'ns'} = $self->pargs('openid.ns') if $self->pargs('openid.ns');
++ $prop{'error_code'} = "unsupported-type";
++ $prop{'error'} = "This server support $assoc_type only.";
++ $prop{'assoc_type'} = $assoc_type;
++ $prop{'session_type'} = "DH-SHA1";
++
++ return $self->_serialized_props(\%prop);
++ }
+
+ my ($assoc_handle, $secret, $expires) =
+ $self->_generate_association(type => $assoc_type);
===> Done
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081120142014.BF8AC4258>