# ejabberd is obsolete



## SaveTheRbtz (May 19, 2009)

By now version 2.0.5 is in use, and in ports there is old 2.0.3 with vulnerability.

```
===>  ejabberd-2.0.3 has known vulnerabilities:
=> ejabberd -- cross-site scripting vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/cf91c1e4-2b6d-11de-931b-00e0815b8da8.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/net-im/ejabberd.
*** Error code 1

Stop in /usr/ports/net-im/ejabberd.
```

patch attached:

```
diff -ur ejabberd.old/Makefile ejabberd.new/Makefile
--- ejabberd.old/Makefile       2009-05-20 02:48:32.000000000 +0400
+++ ejabberd.new/Makefile       2009-05-20 02:36:14.000000000 +0400
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      ejabberd
-PORTVERSION=   2.0.3
+PORTVERSION=   2.0.5
 CATEGORIES=    net-im
 MASTER_SITES=  http://www.process-one.net/downloads/ejabberd/${PORTVERSION}/ \
                http://mirror.inerd.com/FreeBSD/distfiles/${PORTNAME}/
@@ -25,7 +25,7 @@
 USE_RC_SUBR=   ${PORTNAME}
 NOPRECIOUSMAKEVARS=    yes
 
-OPTIONS=       ODBC    "Enable ODBC support"           off
+OPTIONS=       ODBC    "Enable ODBC support"           on
 
 MAKE_ENV=      PORTVERSION=${PORTVERSION}
 PKGMESSAGE=    ${WRKDIR}/pkg-message
diff -ur ejabberd.old/distinfo ejabberd.new/distinfo
--- ejabberd.old/distinfo       2009-05-20 02:48:32.000000000 +0400
+++ ejabberd.new/distinfo       2009-05-20 02:36:14.000000000 +0400
@@ -1,3 +1,3 @@
-MD5 (ejabberd-2.0.3.tar.gz) = b647e74b0f94f030bd8747c8a8a4d0f9
-SHA256 (ejabberd-2.0.3.tar.gz) = d34bcf6c73e8d3fd5bf3b2555b3db8f0bd8197a6303b6db17df8945a2cd339ff
-SIZE (ejabberd-2.0.3.tar.gz) = 1089870
+MD5 (ejabberd-2.0.5.tar.gz) = 2d85b47df969daf0a78ed3b16562d731
+SHA256 (ejabberd-2.0.5.tar.gz) = 37ef90e2afa2b73a620bf71a096df48d5fde8f1cd669fac83d8c143a1295198c
+SIZE (ejabberd-2.0.5.tar.gz) = 1796737
```


----------



## SirDice (May 20, 2009)

You can post a PR about it (including the patch):
http://www.freebsd.org/support/bugreports.html


----------



## noobster (May 20, 2009)

Or drop the port maintainer a line.


----------

