Security fix for CVE-2014-8760

ok MAINTAINER
2014-10-27 15:44:20 +00:00 · 2014-10-27 15:44:20 +00:00 · 185923aa6b
commit 185923aa6b
parent 10434cd3c6
2 changed files with 27 additions and 2 deletions
--- a/net/ejabberd/Makefile
+++ b/net/ejabberd/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.32 2014/01/24 19:05:29 zhuk Exp $
+# $OpenBSD: Makefile,v 1.33 2014/10/27 15:44:20 jasper Exp $

 COMMENT=		jabber server written in Erlang

 V=			2.1.12
 DISTNAME=		ejabberd-$V
-REVISION=		0
+REVISION=		1

 CATEGORIES=		net

--- a/net/ejabberd/patches/patch-src_ejabberd_c2s_erl
+++ b/net/ejabberd/patches/patch-src_ejabberd_c2s_erl
@ -0,0 +1,25 @@
+$OpenBSD: patch-src_ejabberd_c2s_erl,v 1.1 2014/10/27 15:44:20 jasper Exp $
+
+Security fix for CVE-2014-8760
+https://github.com/processone/ejabberd/commit/7bdc1151b11d26d33649c5cce2817b74a4f231a8
+
+--- src/ejabberd_c2s.erl.orig	Tue Feb  5 17:22:34 2013
+++ src/ejabberd_c2s.erl	Mon Oct 27 15:51:33 2014
+@@ -615,7 +615,7 @@ wait_for_feature_request({xmlstreamelement, El}, State
+     TLSRequired = StateData#state.tls_required,
+     SockMod = (StateData#state.sockmod):get_sockmod(StateData#state.socket),
+     case {xml:get_attr_s("xmlns", Attrs), Name} of
+-	{?NS_SASL, "auth"} when not ((SockMod == gen_tcp) and TLSRequired) ->
+	{?NS_SASL, "auth"} when TLSEnabled or not TLSRequired ->
+ 	    Mech = xml:get_attr_s("mechanism", Attrs),
+ 	    ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
+ 	    case cyrsasl:server_start(StateData#state.sasl_state,
+@@ -722,7 +722,7 @@ wait_for_feature_request({xmlstreamelement, El}, State
+ 	    end;
+ 	_ ->
+ 	    if
+-		(SockMod == gen_tcp) and TLSRequired ->
+		TLSRequired and not TLSEnabled ->
+ 		    Lang = StateData#state.lang,
+ 		    send_element(StateData, ?POLICY_VIOLATION_ERR(
+ 					       Lang,