Backport upstream commit to fix CVE-2014-8760. Bump PKGREVISION.diff -r1.46 -r1.47 pkgsrc/chat/ejabberd/Makefile
(fhajny)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.46 2014/10/16 12:47:59 fhajny Exp $ | 1 | # $NetBSD: Makefile,v 1.47 2014/11/13 09:45:47 fhajny Exp $ | |
2 | 2 | |||
3 | DISTNAME= ejabberd-14.07 | 3 | DISTNAME= ejabberd-14.07 | |
4 | PKGREVISION= 3 | 4 | PKGREVISION= 4 | |
5 | CATEGORIES= chat | 5 | CATEGORIES= chat | |
6 | MASTER_SITES= http://www.process-one.net/downloads/ejabberd/${PKGVERSION_NOREV}/ | 6 | MASTER_SITES= http://www.process-one.net/downloads/ejabberd/${PKGVERSION_NOREV}/ | |
7 | EXTRACT_SUFX= .tgz | 7 | EXTRACT_SUFX= .tgz | |
8 | 8 | |||
9 | DISTFILES+= ${DEFAULT_DISTFILES} ${DISTNAME}-deps.tar.gz | 9 | DISTFILES+= ${DEFAULT_DISTFILES} ${DISTNAME}-deps.tar.gz | |
10 | SITES.${DISTNAME}-deps.tar.gz= ftp://ftp.NetBSD.org/pub/NetBSD/misc/fhajny/ | 10 | SITES.${DISTNAME}-deps.tar.gz= ftp://ftp.NetBSD.org/pub/NetBSD/misc/fhajny/ | |
11 | 11 | |||
12 | MAINTAINER= pkgsrc-users@NetBSD.org | 12 | MAINTAINER= pkgsrc-users@NetBSD.org | |
13 | HOMEPAGE= http://www.ejabberd.im/ | 13 | HOMEPAGE= http://www.ejabberd.im/ | |
14 | COMMENT= Free and Open Source distributed fault-tolerant Jabber server | 14 | COMMENT= Free and Open Source distributed fault-tolerant Jabber server | |
15 | LICENSE= gnu-gpl-v2 | 15 | LICENSE= gnu-gpl-v2 | |
16 | 16 | |||
17 | BUILD_DEPENDS+= git-base>=1.5:../../devel/git-base | 17 | BUILD_DEPENDS+= git-base>=1.5:../../devel/git-base |
@@ -1,13 +1,14 @@ | @@ -1,13 +1,14 @@ | |||
1 | $NetBSD: distinfo,v 1.27 2014/10/16 12:47:59 fhajny Exp $ | 1 | $NetBSD: distinfo,v 1.28 2014/11/13 09:45:47 fhajny Exp $ | |
2 | 2 | |||
3 | SHA1 (ejabberd-14.07-deps.tar.gz) = 102a78c428fe587d57385c66a11cc731d2ec434e | 3 | SHA1 (ejabberd-14.07-deps.tar.gz) = 102a78c428fe587d57385c66a11cc731d2ec434e | |
4 | RMD160 (ejabberd-14.07-deps.tar.gz) = 02c28e5a0c234800811d8ff24ca6afab4d3d0eec | 4 | RMD160 (ejabberd-14.07-deps.tar.gz) = 02c28e5a0c234800811d8ff24ca6afab4d3d0eec | |
5 | Size (ejabberd-14.07-deps.tar.gz) = 8797259 bytes | 5 | Size (ejabberd-14.07-deps.tar.gz) = 8797259 bytes | |
6 | SHA1 (ejabberd-14.07.tgz) = 321b28faedbc28f80664d4b301424b118dd0bad0 | 6 | SHA1 (ejabberd-14.07.tgz) = 321b28faedbc28f80664d4b301424b118dd0bad0 | |
7 | RMD160 (ejabberd-14.07.tgz) = 6df710abe3a73746939930790623d65009c2b83f | 7 | RMD160 (ejabberd-14.07.tgz) = 6df710abe3a73746939930790623d65009c2b83f | |
8 | Size (ejabberd-14.07.tgz) = 3200975 bytes | 8 | Size (ejabberd-14.07.tgz) = 3200975 bytes | |
9 | SHA1 (patch-aa) = f573f541ae6963acffa5a470a290874b3312b787 | 9 | SHA1 (patch-aa) = f573f541ae6963acffa5a470a290874b3312b787 | |
10 | SHA1 (patch-ad) = cdd7a61333f3206ac3ae9168b1878a059da25988 | 10 | SHA1 (patch-ad) = cdd7a61333f3206ac3ae9168b1878a059da25988 | |
11 | SHA1 (patch-ae) = 542ac36eecc4b679dded78e56903686060fd643a | 11 | SHA1 (patch-ae) = 542ac36eecc4b679dded78e56903686060fd643a | |
12 | SHA1 (patch-configure) = 8cf03f571ef13ed825b445e0f1664d387895b8fe | 12 | SHA1 (patch-configure) = 8cf03f571ef13ed825b445e0f1664d387895b8fe | |
13 | SHA1 (patch-deps_p1__iconv_rebar.config) = e9252229695195ebfe5aeea7ef3ef2c6cd95bc02 | 13 | SHA1 (patch-deps_p1__iconv_rebar.config) = e9252229695195ebfe5aeea7ef3ef2c6cd95bc02 | |
14 | SHA1 (patch-src_ejabberd__c2s.erl) = f9b8a00e1d5f85134cce8bb9b770d1e41a29b906 |
$NetBSD: patch-src_ejabberd__c2s.erl,v 1.1 2014/11/13 09:45:47 fhajny Exp $
Backport upstream commit to fix CVE-2014-8760
--- src/ejabberd_c2s.erl.orig 2014-07-22 15:42:49.000000000 +0000
+++ src/ejabberd_c2s.erl
@@ -718,7 +718,7 @@ wait_for_feature_request({xmlstreameleme
(StateData#state.sockmod):get_sockmod(StateData#state.socket),
case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of
{?NS_SASL, <<"auth">>}
- when not ((SockMod == gen_tcp) and TLSRequired) ->
+ when TLSEnabled or not TLSRequired ->
Mech = xml:get_attr_s(<<"mechanism">>, Attrs),
ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
case cyrsasl:server_start(StateData#state.sasl_state,
@@ -832,7 +832,7 @@ wait_for_feature_request({xmlstreameleme
end
end;
_ ->
- if (SockMod == gen_tcp) and TLSRequired ->
+ if TLSRequired and not TLSEnabled ->
Lang = StateData#state.lang,
send_element(StateData,
?POLICY_VIOLATION_ERR(Lang,