Your message dated Mon, 13 Apr 2009 22:32:11 +0000
with message-id <[email protected]>
and subject line Bug#516528: fixed in ejabberd 2.0.5-1
has caused the Debian Bug report #516528,
regarding ejabberd: starttls hangs after upgrade from etch-bpo to lenny
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
516528: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516528
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ejabberd
Version: 2.0.1-6
Severity: important
Version installed on etch was 2.0.1-6~bpo40+1
After upgrade to lenny, any attempts to starttls on 5222 cause the connection
to hang. For debugging, I enabled the legacy SSL on port 5223 and attempted
to connect with openssl's s_client. The exchange was:
$ openssl s_client -connect jabber.nivex.net:5223
CONNECTED(00000003)
25231:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
Logging set to level 5, /var/log/ejabberd/ejabberd.log reports:
=INFO REPORT==== 2009-02-21 23:18:23 ===
I(<0.250.0>:ejabberd_listener:112) : (#Port<0.407>) Accepted connection
{{207,192,73,107},38014} -> {{207,192,73,107},5223}
=INFO REPORT==== 2009-02-21 23:18:23 ===
D(<0.335.0>:ejabberd_receiver:297) : Received XML on stream = []
An strace on ejabberd shows the process reading the .pem listed in the config
file as well as the files that make up the certificate chain (cacert.org).
Immediately after reading and closing the last cacert .pem file, the
process peforms a mumnap() and closes the socket connection to the client.
As this was an upgrade from a working server, no configs have changed.
I have verified that the permissions on the .pem file are correct.
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18.8-linode10 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages ejabberd depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii erlang-base [erlang-ab 1:12.b.3-dfsg-4 Concurrent, real-time, distributed
ii erlang-nox 1:12.b.3-dfsg-4 Concurrent, real-time, distributed
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libexpat1 2.0.1-4 XML parsing C library - runtime li
ii libpam0g 1.0.1-5 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8g-15 SSL shared libraries
ii openssl 0.9.8g-15 Secure Socket Layer (SSL) binary a
ii ucf 3.0016 Update Configuration File: preserv
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
ejabberd recommends no packages.
Versions of packages ejabberd suggests:
pn libunix-syslog-perl <none> (no description available)
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: ejabberd
Source-Version: 2.0.5-1
We believe that the bug you reported is fixed in the latest version of
ejabberd, which is due to be installed in the Debian FTP archive:
ejabberd_2.0.5-1.diff.gz
to pool/main/e/ejabberd/ejabberd_2.0.5-1.diff.gz
ejabberd_2.0.5-1.dsc
to pool/main/e/ejabberd/ejabberd_2.0.5-1.dsc
ejabberd_2.0.5-1_i386.deb
to pool/main/e/ejabberd/ejabberd_2.0.5-1_i386.deb
ejabberd_2.0.5.orig.tar.gz
to pool/main/e/ejabberd/ejabberd_2.0.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Torsten Werner <[email protected]> (supplier of updated ejabberd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 05 Apr 2009 22:53:46 +0200
Source: ejabberd
Binary: ejabberd
Architecture: source i386
Version: 2.0.5-1
Distribution: unstable
Urgency: high
Maintainer: Torsten Werner <[email protected]>
Changed-By: Torsten Werner <[email protected]>
Description:
ejabberd - Distributed, fault-tolerant Jabber/XMPP server written in Erlang
Closes: 516528 518079 520852
Changes:
ejabberd (2.0.5-1) unstable; urgency=high
.
* new upstream release
- Fixes 'CVE-2009-0934: Cross-site scripting (XSS) vulnerability in
ejabberd' (Closes: #520852)
- Fixes 'starttls hangs' (Closes: #516528, #518079)
* Disable patch ldaps.patch because it does not apply any more.
* Refresh all other patches.
Checksums-Sha1:
a7c93b2b539632c4427d4263a469e0d9053769ee 1311 ejabberd_2.0.5-1.dsc
e5b8c4b742fdcc439da9458f94f530604abdfdd5 1796737 ejabberd_2.0.5.orig.tar.gz
bfaff27c316bdebb3aa434bb127c3265862a701e 53630 ejabberd_2.0.5-1.diff.gz
0913ccf6e199f82630829667aadc49a27c036de4 1188056 ejabberd_2.0.5-1_i386.deb
Checksums-Sha256:
878b6b0bdcce00378cf3b09cdeeef8ac4dc774aec141c5d66c7144392d0fac5e 1311
ejabberd_2.0.5-1.dsc
37ef90e2afa2b73a620bf71a096df48d5fde8f1cd669fac83d8c143a1295198c 1796737
ejabberd_2.0.5.orig.tar.gz
c6bee73614745b68ca6f5cd161cf0c2f49de888debf1250fb97c32868c49cfb0 53630
ejabberd_2.0.5-1.diff.gz
9988a1f73a0a002990046f67cc623b3e557fa8859eeed55d25f816cad3a87602 1188056
ejabberd_2.0.5-1_i386.deb
Files:
ffaaeffe7439df384251e7fbb01ddfce 1311 net optional ejabberd_2.0.5-1.dsc
2d85b47df969daf0a78ed3b16562d731 1796737 net optional
ejabberd_2.0.5.orig.tar.gz
563a11a1adac253dbc1d020d6795bfe1 53630 net optional ejabberd_2.0.5-1.diff.gz
8d55f958c5af64aa2af1807a54d55388 1188056 net optional ejabberd_2.0.5-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknjufoACgkQfY3dicTPjsPbjQCeK5bGxBYmziD/GBTehvaD/v4b
ozAAnRxeebccox98itsbzNkzTnNNGseU
=sH9V
-----END PGP SIGNATURE-----
--- End Message ---
