Thu Nov 13 09:45:47 2014 UTC ()

Backport upstream commit to fix CVE-2014-8760. Bump PKGREVISION.


(fhajny)

diff -r1.46 -r1.47 pkgsrc/chat/ejabberd/Makefile
diff -r1.27 -r1.28 pkgsrc/chat/ejabberd/distinfo
diff -r0 -r1.1 pkgsrc/chat/ejabberd/patches/patch-src_ejabberd__c2s.erl

--- pkgsrc/chat/ejabberd/Makefile 2014/10/16 12:47:59 1.46
+++ pkgsrc/chat/ejabberd/Makefile 2014/11/13 09:45:47 1.47

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.46 2014/10/16 12:47:59 fhajny Exp $
+# $NetBSD: Makefile,v 1.47 2014/11/13 09:45:47 fhajny Exp $
 DISTNAME=	ejabberd-14.07
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	chat
 MASTER_SITES=	http://www.process-one.net/downloads/ejabberd/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=	.tgz
 DISTFILES+=	${DEFAULT_DISTFILES} ${DISTNAME}-deps.tar.gz
 SITES.${DISTNAME}-deps.tar.gz=	ftp://ftp.NetBSD.org/pub/NetBSD/misc/fhajny/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.ejabberd.im/
 COMMENT=	Free and Open Source distributed fault-tolerant Jabber server
 LICENSE=	gnu-gpl-v2
 BUILD_DEPENDS+=		git-base>=1.5:../../devel/git-base

--- pkgsrc/chat/ejabberd/distinfo 2014/10/16 12:47:59 1.27
+++ pkgsrc/chat/ejabberd/distinfo 2014/11/13 09:45:47 1.28

 @@ -1,13 +1,14 @@
-$NetBSD: distinfo,v 1.27 2014/10/16 12:47:59 fhajny Exp $
+$NetBSD: distinfo,v 1.28 2014/11/13 09:45:47 fhajny Exp $
 SHA1 (ejabberd-14.07-deps.tar.gz) = 102a78c428fe587d57385c66a11cc731d2ec434e
 RMD160 (ejabberd-14.07-deps.tar.gz) = 02c28e5a0c234800811d8ff24ca6afab4d3d0eec
 Size (ejabberd-14.07-deps.tar.gz) = 8797259 bytes
 SHA1 (ejabberd-14.07.tgz) = 321b28faedbc28f80664d4b301424b118dd0bad0
 RMD160 (ejabberd-14.07.tgz) = 6df710abe3a73746939930790623d65009c2b83f
 Size (ejabberd-14.07.tgz) = 3200975 bytes
 SHA1 (patch-aa) = f573f541ae6963acffa5a470a290874b3312b787
 SHA1 (patch-ad) = cdd7a61333f3206ac3ae9168b1878a059da25988
 SHA1 (patch-ae) = 542ac36eecc4b679dded78e56903686060fd643a
 SHA1 (patch-configure) = 8cf03f571ef13ed825b445e0f1664d387895b8fe
 SHA1 (patch-deps_p1__iconv_rebar.config) = e9252229695195ebfe5aeea7ef3ef2c6cd95bc02
 SHA1 (patch-src_ejabberd__c2s.erl) = f9b8a00e1d5f85134cce8bb9b770d1e41a29b906

$NetBSD: patch-src_ejabberd__c2s.erl,v 1.1 2014/11/13 09:45:47 fhajny Exp $

Backport upstream commit to fix CVE-2014-8760
--- src/ejabberd_c2s.erl.orig	2014-07-22 15:42:49.000000000 +0000
+++ src/ejabberd_c2s.erl
@@ -718,7 +718,7 @@ wait_for_feature_request({xmlstreameleme
 	(StateData#state.sockmod):get_sockmod(StateData#state.socket),
     case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of
       {?NS_SASL, <<"auth">>}
-	  when not ((SockMod == gen_tcp) and TLSRequired) ->
+	  when TLSEnabled or not TLSRequired ->
 	  Mech = xml:get_attr_s(<<"mechanism">>, Attrs),
 	  ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
 	  case cyrsasl:server_start(StateData#state.sasl_state,
@@ -832,7 +832,7 @@ wait_for_feature_request({xmlstreameleme
 		end
 	  end;
       _ ->
-	  if (SockMod == gen_tcp) and TLSRequired ->
+	  if TLSRequired and not TLSEnabled ->
 		 Lang = StateData#state.lang,
 		 send_element(StateData,
 			      ?POLICY_VIOLATION_ERR(Lang,