Backport upstream commit to fix CVE-2014-8760. Bump PKGREVISION.
This commit is contained in:
parent
491623caf1
commit
b4eb3326bc
3 changed files with 27 additions and 3 deletions
|
@ -1,7 +1,7 @@
|
|||
# $NetBSD: Makefile,v 1.46 2014/10/16 12:47:59 fhajny Exp $
|
||||
# $NetBSD: Makefile,v 1.47 2014/11/13 09:45:47 fhajny Exp $
|
||||
|
||||
DISTNAME= ejabberd-14.07
|
||||
PKGREVISION= 3
|
||||
PKGREVISION= 4
|
||||
CATEGORIES= chat
|
||||
MASTER_SITES= http://www.process-one.net/downloads/ejabberd/${PKGVERSION_NOREV}/
|
||||
EXTRACT_SUFX= .tgz
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.27 2014/10/16 12:47:59 fhajny Exp $
|
||||
$NetBSD: distinfo,v 1.28 2014/11/13 09:45:47 fhajny Exp $
|
||||
|
||||
SHA1 (ejabberd-14.07-deps.tar.gz) = 102a78c428fe587d57385c66a11cc731d2ec434e
|
||||
RMD160 (ejabberd-14.07-deps.tar.gz) = 02c28e5a0c234800811d8ff24ca6afab4d3d0eec
|
||||
|
@ -11,3 +11,4 @@ SHA1 (patch-ad) = cdd7a61333f3206ac3ae9168b1878a059da25988
|
|||
SHA1 (patch-ae) = 542ac36eecc4b679dded78e56903686060fd643a
|
||||
SHA1 (patch-configure) = 8cf03f571ef13ed825b445e0f1664d387895b8fe
|
||||
SHA1 (patch-deps_p1__iconv_rebar.config) = e9252229695195ebfe5aeea7ef3ef2c6cd95bc02
|
||||
SHA1 (patch-src_ejabberd__c2s.erl) = f9b8a00e1d5f85134cce8bb9b770d1e41a29b906
|
||||
|
|
23
chat/ejabberd/patches/patch-src_ejabberd__c2s.erl
Normal file
23
chat/ejabberd/patches/patch-src_ejabberd__c2s.erl
Normal file
|
@ -0,0 +1,23 @@
|
|||
$NetBSD: patch-src_ejabberd__c2s.erl,v 1.1 2014/11/13 09:45:47 fhajny Exp $
|
||||
|
||||
Backport upstream commit to fix CVE-2014-8760
|
||||
--- src/ejabberd_c2s.erl.orig 2014-07-22 15:42:49.000000000 +0000
|
||||
+++ src/ejabberd_c2s.erl
|
||||
@@ -718,7 +718,7 @@ wait_for_feature_request({xmlstreameleme
|
||||
(StateData#state.sockmod):get_sockmod(StateData#state.socket),
|
||||
case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of
|
||||
{?NS_SASL, <<"auth">>}
|
||||
- when not ((SockMod == gen_tcp) and TLSRequired) ->
|
||||
+ when TLSEnabled or not TLSRequired ->
|
||||
Mech = xml:get_attr_s(<<"mechanism">>, Attrs),
|
||||
ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
|
||||
case cyrsasl:server_start(StateData#state.sasl_state,
|
||||
@@ -832,7 +832,7 @@ wait_for_feature_request({xmlstreameleme
|
||||
end
|
||||
end;
|
||||
_ ->
|
||||
- if (SockMod == gen_tcp) and TLSRequired ->
|
||||
+ if TLSRequired and not TLSEnabled ->
|
||||
Lang = StateData#state.lang,
|
||||
send_element(StateData,
|
||||
?POLICY_VIOLATION_ERR(Lang,
|
Loading…
Reference in a new issue