By now version 2.0.5 is in use, and in ports there is old 2.0.3 with vulnerability.
patch attached:
Code:
===> ejabberd-2.0.3 has known vulnerabilities:
=> ejabberd -- cross-site scripting vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/cf91c1e4-2b6d-11de-931b-00e0815b8da8.html>
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/net-im/ejabberd.
*** Error code 1
Stop in /usr/ports/net-im/ejabberd.patch attached:
Code:
diff -ur ejabberd.old/Makefile ejabberd.new/Makefile
--- ejabberd.old/Makefile 2009-05-20 02:48:32.000000000 +0400
+++ ejabberd.new/Makefile 2009-05-20 02:36:14.000000000 +0400
@@ -6,7 +6,7 @@
#
PORTNAME= ejabberd
-PORTVERSION= 2.0.3
+PORTVERSION= 2.0.5
CATEGORIES= net-im
MASTER_SITES= http://www.process-one.net/downloads/ejabberd/${PORTVERSION}/ \
http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/
@@ -25,7 +25,7 @@
USE_RC_SUBR= ${PORTNAME}
NOPRECIOUSMAKEVARS= yes
-OPTIONS= ODBC "Enable ODBC support" off
+OPTIONS= ODBC "Enable ODBC support" on
MAKE_ENV= PORTVERSION=${PORTVERSION}
PKGMESSAGE= ${WRKDIR}/pkg-message
diff -ur ejabberd.old/distinfo ejabberd.new/distinfo
--- ejabberd.old/distinfo 2009-05-20 02:48:32.000000000 +0400
+++ ejabberd.new/distinfo 2009-05-20 02:36:14.000000000 +0400
@@ -1,3 +1,3 @@
-MD5 (ejabberd-2.0.3.tar.gz) = b647e74b0f94f030bd8747c8a8a4d0f9
-SHA256 (ejabberd-2.0.3.tar.gz) = d34bcf6c73e8d3fd5bf3b2555b3db8f0bd8197a6303b6db17df8945a2cd339ff
-SIZE (ejabberd-2.0.3.tar.gz) = 1089870
+MD5 (ejabberd-2.0.5.tar.gz) = 2d85b47df969daf0a78ed3b16562d731
+SHA256 (ejabberd-2.0.5.tar.gz) = 37ef90e2afa2b73a620bf71a096df48d5fde8f1cd669fac83d8c143a1295198c
+SIZE (ejabberd-2.0.5.tar.gz) = 1796737