diff options
| author | fhajny <fhajny@pkgsrc.org> | 2014-11-13 09:45:47 +0000 |
|---|---|---|
| committer | fhajny <fhajny@pkgsrc.org> | 2014-11-13 09:45:47 +0000 |
| commit | e97a4b88861beb3efa346b7ee8ebd8c1bf83018b (patch) | |
| tree | ef4e9f8d4c389b3ee30602a63bb9f720cd8a6977 | |
| parent | a9bfbce5638d759228e6dca993d7e69e91ccad8d (diff) | |
| download | pkgsrc-e97a4b88861beb3efa346b7ee8ebd8c1bf83018b.tar.gz | |
Backport upstream commit to fix CVE-2014-8760. Bump PKGREVISION.
| -rw-r--r-- | chat/ejabberd/Makefile | 4 | ||||
| -rw-r--r-- | chat/ejabberd/distinfo | 3 | ||||
| -rw-r--r-- | chat/ejabberd/patches/patch-src_ejabberd__c2s.erl | 23 |
3 files changed, 27 insertions, 3 deletions
diff --git a/chat/ejabberd/Makefile b/chat/ejabberd/Makefile index faa61ff9e08..35cd3a8b499 100644 --- a/chat/ejabberd/Makefile +++ b/chat/ejabberd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.46 2014/10/16 12:47:59 fhajny Exp $ +# $NetBSD: Makefile,v 1.47 2014/11/13 09:45:47 fhajny Exp $ DISTNAME= ejabberd-14.07 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= chat MASTER_SITES= http://www.process-one.net/downloads/ejabberd/${PKGVERSION_NOREV}/ EXTRACT_SUFX= .tgz diff --git a/chat/ejabberd/distinfo b/chat/ejabberd/distinfo index 949cdde1594..a063176ed45 100644 --- a/chat/ejabberd/distinfo +++ b/chat/ejabberd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.27 2014/10/16 12:47:59 fhajny Exp $ +$NetBSD: distinfo,v 1.28 2014/11/13 09:45:47 fhajny Exp $ SHA1 (ejabberd-14.07-deps.tar.gz) = 102a78c428fe587d57385c66a11cc731d2ec434e RMD160 (ejabberd-14.07-deps.tar.gz) = 02c28e5a0c234800811d8ff24ca6afab4d3d0eec @@ -11,3 +11,4 @@ SHA1 (patch-ad) = cdd7a61333f3206ac3ae9168b1878a059da25988 SHA1 (patch-ae) = 542ac36eecc4b679dded78e56903686060fd643a SHA1 (patch-configure) = 8cf03f571ef13ed825b445e0f1664d387895b8fe SHA1 (patch-deps_p1__iconv_rebar.config) = e9252229695195ebfe5aeea7ef3ef2c6cd95bc02 +SHA1 (patch-src_ejabberd__c2s.erl) = f9b8a00e1d5f85134cce8bb9b770d1e41a29b906 diff --git a/chat/ejabberd/patches/patch-src_ejabberd__c2s.erl b/chat/ejabberd/patches/patch-src_ejabberd__c2s.erl new file mode 100644 index 00000000000..252d5ddf71b --- /dev/null +++ b/chat/ejabberd/patches/patch-src_ejabberd__c2s.erl @@ -0,0 +1,23 @@ +$NetBSD: patch-src_ejabberd__c2s.erl,v 1.1 2014/11/13 09:45:47 fhajny Exp $ + +Backport upstream commit to fix CVE-2014-8760 +--- src/ejabberd_c2s.erl.orig 2014-07-22 15:42:49.000000000 +0000 ++++ src/ejabberd_c2s.erl +@@ -718,7 +718,7 @@ wait_for_feature_request({xmlstreameleme + (StateData#state.sockmod):get_sockmod(StateData#state.socket), + case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of + {?NS_SASL, <<"auth">>} +- when not ((SockMod == gen_tcp) and TLSRequired) -> ++ when TLSEnabled or not TLSRequired -> + Mech = xml:get_attr_s(<<"mechanism">>, Attrs), + ClientIn = jlib:decode_base64(xml:get_cdata(Els)), + case cyrsasl:server_start(StateData#state.sasl_state, +@@ -832,7 +832,7 @@ wait_for_feature_request({xmlstreameleme + end + end; + _ -> +- if (SockMod == gen_tcp) and TLSRequired -> ++ if TLSRequired and not TLSEnabled -> + Lang = StateData#state.lang, + send_element(StateData, + ?POLICY_VIOLATION_ERR(Lang, |