Security Fix for SA44807, ejabberd Nested XML Entities Denial of Service Vulnerability

OK sthen@ viq(MAINTAINER) "looks fine" jasper@
2011-06-03 13:45:43 +00:00 · 2011-06-03 13:45:43 +00:00 · dd8b7de103
commit dd8b7de103
parent 8579c8b7c3
2 changed files with 20 additions and 2 deletions
--- a/net/ejabberd/Makefile
+++ b/net/ejabberd/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.25 2011/06/02 13:41:39 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.26 2011/06/03 13:45:43 gsoares Exp $

 COMMENT=		jabber server written in Erlang

 V=			2.1.6
 DISTNAME=		ejabberd-$V
-REVISION=		0
+REVISION=		1

 CATEGORIES=		net

--- a/net/ejabberd/patches/patch-src_expat_erl_c
+++ b/net/ejabberd/patches/patch-src_expat_erl_c
@ -0,0 +1,18 @@
+$OpenBSD: patch-src_expat_erl_c,v 1.1 2011/06/03 13:45:43 gsoares Exp $
+
+Fix for SA44807, ejabberd Nested XML Entities Denial of Service Vulnerability.
+
+from upstream git:
+https://git.process-one.net/ejabberd/mainline/commit/bd1df027c622e1f96f9eeaac612a6a956c1ff0b6
+
+--- src/expat_erl.c.orig	Mon Dec 13 08:21:26 2010
+++ src/expat_erl.c	Fri Jun  3 10:39:09 2011
+@@ -113,6 +113,8 @@ static ErlDrvData expat_erl_start(ErlDrvPort port, cha
+       d->parser, (XML_CharacterDataHandler)erlXML_CharacterDataHandler);
+ 
+ 
+   XML_SetDefaultHandler(d->parser, NULL);
+
+    return (ErlDrvData)d;
+ }
+