[pkgsrc/trunk]: pkgsrc/chat/ejabberd Backport upstream commit to fix CVE-2014...

[fhajny <fhajny%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3748cde228cf
branches:  trunk
changeset: 641607:3748cde228cf
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Thu Nov 13 09:45:47 2014 +0000

description:
Backport upstream commit to fix CVE-2014-8760. Bump PKGREVISION.

diffstat:

 chat/ejabberd/Makefile                            |   4 ++--
 chat/ejabberd/distinfo                            |   3 ++-
 chat/ejabberd/patches/patch-src_ejabberd__c2s.erl |  23 +++++++++++++++++++++++
 3 files changed, 27 insertions(+), 3 deletions(-)

diffs (54 lines):

diff -r 86cb43621541 -r 3748cde228cf chat/ejabberd/Makefile
--- a/chat/ejabberd/Makefile    Thu Nov 13 09:44:02 2014 +0000
+++ b/chat/ejabberd/Makefile    Thu Nov 13 09:45:47 2014 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.46 2014/10/16 12:47:59 fhajny Exp $
+# $NetBSD: Makefile,v 1.47 2014/11/13 09:45:47 fhajny Exp $
 
 DISTNAME=      ejabberd-14.07
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    chat
 MASTER_SITES=  http://www.process-one.net/downloads/ejabberd/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=  .tgz
diff -r 86cb43621541 -r 3748cde228cf chat/ejabberd/distinfo
--- a/chat/ejabberd/distinfo    Thu Nov 13 09:44:02 2014 +0000
+++ b/chat/ejabberd/distinfo    Thu Nov 13 09:45:47 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.27 2014/10/16 12:47:59 fhajny Exp $
+$NetBSD: distinfo,v 1.28 2014/11/13 09:45:47 fhajny Exp $
 
 SHA1 (ejabberd-14.07-deps.tar.gz) = 102a78c428fe587d57385c66a11cc731d2ec434e
 RMD160 (ejabberd-14.07-deps.tar.gz) = 02c28e5a0c234800811d8ff24ca6afab4d3d0eec
@@ -11,3 +11,4 @@
 SHA1 (patch-ae) = 542ac36eecc4b679dded78e56903686060fd643a
 SHA1 (patch-configure) = 8cf03f571ef13ed825b445e0f1664d387895b8fe
 SHA1 (patch-deps_p1__iconv_rebar.config) = e9252229695195ebfe5aeea7ef3ef2c6cd95bc02
+SHA1 (patch-src_ejabberd__c2s.erl) = f9b8a00e1d5f85134cce8bb9b770d1e41a29b906
diff -r 86cb43621541 -r 3748cde228cf chat/ejabberd/patches/patch-src_ejabberd__c2s.erl
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/ejabberd/patches/patch-src_ejabberd__c2s.erl Thu Nov 13 09:45:47 2014 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-src_ejabberd__c2s.erl,v 1.1 2014/11/13 09:45:47 fhajny Exp $
+
+Backport upstream commit to fix CVE-2014-8760
+--- src/ejabberd_c2s.erl.orig  2014-07-22 15:42:49.000000000 +0000
++++ src/ejabberd_c2s.erl
+@@ -718,7 +718,7 @@ wait_for_feature_request({xmlstreameleme
+       (StateData#state.sockmod):get_sockmod(StateData#state.socket),
+     case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of
+       {?NS_SASL, <<"auth">>}
+-        when not ((SockMod == gen_tcp) and TLSRequired) ->
++        when TLSEnabled or not TLSRequired ->
+         Mech = xml:get_attr_s(<<"mechanism">>, Attrs),
+         ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
+         case cyrsasl:server_start(StateData#state.sasl_state,
+@@ -832,7 +832,7 @@ wait_for_feature_request({xmlstreameleme
+               end
+         end;
+       _ ->
+-        if (SockMod == gen_tcp) and TLSRequired ->
++        if TLSRequired and not TLSEnabled ->
+                Lang = StateData#state.lang,
+                send_element(StateData,
+                             ?POLICY_VIOLATION_ERR(Lang,