Bug#1050336: marked as done (libnet-xmpp-perl: unable to StartTLS, without any feedback)

Sun, 24 Mar 2024 13:46:29 -0700 

Your message dated Sun, 24 Mar 2024 20:44:29 +0000
with message-id <e1rouhh-00a0iu...@fasolo.debian.org>
and subject line Bug#1064058: fixed in libxml-stream-perl 1.24-4+deb12u1
has caused the Debian Bug report #1064058,
regarding libnet-xmpp-perl: unable to StartTLS, without any feedback
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1064058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libnet-xmpp-perl
Version: 1.05-1.1
Severity: serious
Justification: cannot perform basic authentication

Hi,

I have a few scripts around that use Net::XMPP to send notifications
when this or that happens, and all of them broke after upgrading from
bullseye to bookworm. This is definitely not related to changes on the
server side (which I control and didn't change), and other existing
hosts still on bullseye still work fine.

The error manifests itself like this:

    AuthIQAuth requires a resource arguement at /local/wrapper.pm line 42.

Tracking it down, it appears AuthSend uses AuthSASL on bullseye (OK)
and AuthIQAuth on bookworm (KO). The latter is the fallback:

,---[ Net/XMPP/Protocol.pm ]---
| sub AuthSend
| {
[…]
|     if($self->{STREAM}->GetStreamFeature($self->GetStreamID(),"xmpp-sasl"))
|     {
|         return $self->AuthSASL(%args);
|     }
|     return $self->AuthIQAuth(%args);
| }
`---

The GetStreamID isn't happy because it tries to pick the ID part of the
SESSION, which is missing.

Diving into the connection implementation, I managed to confirm that the
connection is established at first, giving me a $self->{SESSION} set,
but that goes away later on:

,---[ Net/XMPP/Connection.pm ]---
| sub Connect
| {       
|     if ($self->{SESSION})
|     {
|         $self->{DEBUG}->Log1("Connect: connection made");
| 
|         my $weak = $self;
|         weaken $weak;
|         $self->{STREAM}->SetCallBacks(node=>sub{ $weak->CallBack(@_) });
|         $self->{CONNECTED} = 1;
|         $self->{RECONNECTING} = 0;
| 
|         if (exists($self->{SESSION}->{version}) &&
|             ($self->{SESSION}->{version} ne ""))
|         {
|             my $tls = $self->GetStreamFeature("xmpp-tls");
|             if (defined($tls) && $self->{SERVER}->{tls})
|             {
|                 $self->{SESSION} =
|                     $self->{STREAM}->StartTLS(
|                         $self->{SESSION}->{id},
|                         $self->{SERVER}->{timeout},
|                     );

Here be dragons.

|             }
|             elsif (defined($tls) && ($tls eq "required"))
|             {
|                 $self->SetErrorCode("The server requires us to use TLS, but 
you did not specify that\nTLS was an option.");
|                 return;
|             }
|         }
| 
|         return 1;
|     }
|     else
|     {
|         $self->SetErrorCode($self->{STREAM}->GetErrorCode());
|         return;
|     }
`---

I also confirmed (yay for print-debugging) that the xmpp-tls branch is
entered, the StartTLS() fails for some reason (or at least returns
nothing at all), and $self->{SESSION} gets reset. The rest explodes.


There are only minor differences between the package in bullseye and
bookworm (mostly packaging metadata), so it looks to me something
external (undetermined at the moment) triggered this problem during
the upgrade. I thought I'd file my findings then think a little more
about a game plan.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

--- End Message ---
--- Begin Message --- 
Source: libxml-stream-perl
Source-Version: 1.24-4+deb12u1
Done: gregor herrmann <gre...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libxml-stream-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1064...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <gre...@debian.org> (supplier of updated libxml-stream-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 03 Mar 2024 16:02:42 +0100
Source: libxml-stream-perl
Architecture: source
Version: 1.24-4+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: gregor herrmann <gre...@debian.org>
Closes: 1064058
Changes:
 libxml-stream-perl (1.24-4+deb12u1) bookworm; urgency=medium
 .
   * Team upload.
   * Add Set_SSL_verifycn_name_parameter_to_fix_hostname_verification.patch
     to adjust to IO::Socket::SSL >= 2.078.
     Thanks to Manfred Stock for the bug report and the patch.
     (Closes: #1064058)
Checksums-Sha1:
 fb30bd6a1ea3e8ace0475749f6f5cb65137d960c 2523 
libxml-stream-perl_1.24-4+deb12u1.dsc
 bec97360ef55ee94793a7827fa89a667be233aeb 7140 
libxml-stream-perl_1.24-4+deb12u1.debian.tar.xz
Checksums-Sha256:
 5e3b78e6fca3396feee7456fd6e38fcb038563fde93de1032e01e745787c779d 2523 
libxml-stream-perl_1.24-4+deb12u1.dsc
 eadf675738027ab8447228686bfe8d20c6dd521f3c7a9ab31d809288c6e6d92d 7140 
libxml-stream-perl_1.24-4+deb12u1.debian.tar.xz
Files:
 328f6fcb20ce0c9cf8c0f740da766a9e 2523 perl optional 
libxml-stream-perl_1.24-4+deb12u1.dsc
 140814e7bf2be6f8c54c982b2aabe05a 7140 perl optional 
libxml-stream-perl_1.24-4+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmXkkfJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgavnBAAsuD/5y/HrswOTmuSxZ1hBxDi3utJfqD+OqWcKRUk9EcUrEJImMRWnRRa
1Whsmj3Cz2Rp/vH2xMzkFp2a63O/j3UqbRKk/+KD18oYi5eD/yRQxEKii84AQB91
MX1hwsjYF6LlGf6tXxZbXEuOYhM941RC26QLs+MTmqRSPwe3HYvFI6eAYizxhdj1
/0yFkBb2LOD7dS3jwRFkDMwbk0Fsy+36U3s3mU5nfHJuqGsCB/rw04mHUBIhruJX
MXAI7yBUT41fG8jz5YCK3xdQQu8wDsig/e1BjaJQ5v5uJeIYIkXJbbYAwnO/Zh9P
vnDba2XJOa00iFiDEHXD8M5GX9OUdKo5iS3zfAswRijDH4y2A4QguQmAlrlRWRGS
u2P723Ec6PpaaEhp+PGwV1joPE1hyTaw3Q+N80MtQUZZ4Bc6fZ4ADLcJcgxhUpqX
maKi+pTaK9ujQIfPE/XUszBP52q1C1xp2xJ1EWO0wuS0QdAk3PAqg5cwYvzBkR8q
/+VXybeJ1+oSUbLTOAaDXOYl/BtGPKgjomxIaPnnn14egfoYXZv9owTEoq2oMvJK
COAd6GvleO5a1Qw5Q5tOK1VWhIIh4cgsuBKkKeT0/6p66EogV7HpEqX1DL2oFSAW
K1rAQKU6buPRdSa/FfckcbVbyxk/33JhPzh83baTH6sTjG5LnDs=
=Qs9I
-----END PGP SIGNATURE-----

Attachment: pgpkhZ8NqXQ0S.pgp
Description: PGP signature


--- End Message ---

Reply via email to