Backport upstream commit to fix CVE-2014-8760. Bump PKGREVISION.


(fhajny)

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.46 2014/10/16 12:47:59 fhajny Exp $
+# $NetBSD: Makefile,v 1.47 2014/11/13 09:45:47 fhajny Exp $
 
 DISTNAME=	ejabberd-14.07
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	chat
 MASTER_SITES=	http://www.process-one.net/downloads/ejabberd/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=	.tgz

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2014/10/16 12:47:59 fhajny Exp $
+$NetBSD: distinfo,v 1.28 2014/11/13 09:45:47 fhajny Exp $
 
 SHA1 (ejabberd-14.07-deps.tar.gz) = 102a78c428fe587d57385c66a11cc731d2ec434e
 RMD160 (ejabberd-14.07-deps.tar.gz) = 02c28e5a0c234800811d8ff24ca6afab4d3d0eec
@@ -11,3 +11,4 @@
 SHA1 (patch-ae) = 542ac36eecc4b679dded78e56903686060fd643a
 SHA1 (patch-configure) = 8cf03f571ef13ed825b445e0f1664d387895b8fe
 SHA1 (patch-deps_p1__iconv_rebar.config) = e9252229695195ebfe5aeea7ef3ef2c6cd95bc02
+SHA1 (patch-src_ejabberd__c2s.erl) = f9b8a00e1d5f85134cce8bb9b770d1e41a29b906

$NetBSD: patch-src_ejabberd__c2s.erl,v 1.1 2014/11/13 09:45:47 fhajny Exp $

Backport upstream commit to fix CVE-2014-8760
--- src/ejabberd_c2s.erl.orig	2014-07-22 15:42:49.000000000 +0000
+++ src/ejabberd_c2s.erl
@@ -718,7 +718,7 @@ wait_for_feature_request({xmlstreameleme
 	(StateData#state.sockmod):get_sockmod(StateData#state.socket),
     case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of
       {?NS_SASL, <<"auth">>}
-	  when not ((SockMod == gen_tcp) and TLSRequired) ->
+	  when TLSEnabled or not TLSRequired ->
 	  Mech = xml:get_attr_s(<<"mechanism">>, Attrs),
 	  ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
 	  case cyrsasl:server_start(StateData#state.sasl_state,
@@ -832,7 +832,7 @@ wait_for_feature_request({xmlstreameleme
 		end
 	  end;
       _ ->
-	  if (SockMod == gen_tcp) and TLSRequired ->
+	  if TLSRequired and not TLSEnabled ->
 		 Lang = StateData#state.lang,
 		 send_element(StateData,
 			      ?POLICY_VIOLATION_ERR(Lang,