Re: Cipher suites in Jabberd2, disabling RC4

2016-10-26 Thread Adrian Reber 
On Wed, Oct 26, 2016 at 01:08:28PM -0400, Pete Fuller wrote:
> Greetings, I am attempting to remove support for the RC4 cipher in TLS
> connections to Jabber2d, per results of a recent security audit.  I
> have done this for our web servers and other encrypted services
> already.  I am not finding any information as to how to make this
> change in jabber2d.  I’m using jabberd version 2.4 from the EPEL repo
> on Centos7.  The only info I could find on the list was someone asking
> this question a few years ago and being told it was an experimental
> feature.
> http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg02359.html
> 
> . I’m hoping this feature has been included in the release and I am
> just having issues finding that information.  

Looking at c2s.xml.dist.in (and s2s.xml.dist.in) for 2.4 I see:




and

 ciphers
 List of available TLS ciphers. The format of the string is
 described in https://www.openssl.org/docs/apps/ciphers.html

Looks you can just list the needed ciphers in those two files.

Adrian


signature.asc
Description: PGP signature

Re: jabberd-2.4.0 release

2016-05-27 Thread Adrian Reber 
On Fri, May 27, 2016 at 12:09:41AM -0700, li...@lazygranch.com wrote:
> On Fri, 27 May 2016 06:22:01 +0200
> Tomasz Sterna  wrote:
> 
> > W dniu 26.05.2016, czw o godzinie 19∶46 -0700, użytkownik
> > li...@lazygranch.com napisał:
> > > This is from my attempt to compile the tar.gz file after doing
> > > autoreconf -i
> > > ./configure
> > > 
> > > I get
> > > ./configure: 12735: Syntax error: word unexpected (expecting ")")
> > 
> > 
> > Do not use the source labeled "Source code (tar.gz)" - this is plain
> > git source dump, not ready for direct consumption.
> > 
> > Use the source labeled jabberd-2.4.0.tar.xz or jabberd-2.4.0.tar.gz
> > (the ones with .asc signatures). These are prepared, with ./configure
> > script etc. generated.
> > 
> > 
> > 
> > P.S. or install autoconf-archive package
> > 
> 
> Actually I had downloaded  jabberd-2.4.0.tar.gz. However I downloaded
> the xz file. I also installed autoconf-archive, though I don't know how
> I'm supposed to use it.
> 
> Doing some internet search, it is suggested the procedure should be:
> aclocal
> automake --add-missing
> autoconf
> ./configure
> 
> I get this error message:
> --
> checking for XML_ParserCreate in -lexpat... no
> configure: error: Expat not found
> --
> I have expat, so it is a matter of configure not finding it.

As a reference: The Fedora package was also built from jabberd-2.4.0.tar.gz
without any problems.

https://kojipkgs.fedoraproject.org//packages/jabberd/2.4.0/1.fc25/data/logs/x86_64/build.log

Adrian


signature.asc
Description: PGP signature

Re: Questions...

2016-04-14 Thread Adrian Reber 
On Thu, Apr 14, 2016 at 04:19:06PM +0200, Matěj Cepl wrote:
> On 2016-04-14, 10:26 GMT, Adrian Reber wrote:
> > In the configuration I am running jabberd2 on Fedora I did not  
> > have many (maybe any) upgrading the last few versions. EPEL-7 
> > would be an upgrade from 2.3.2 to 2.3.6. It probably depends 
> > on the installation and which backends are used if the 
> > upgrade. Looking at 
> >
> >  https://github.com/jabberd2/jabberd2/blob/master/NEWS
> >
> > it seems upgrading from 2.3.4 to 2.3.5 can require database  
> > changes. Not sure how to handle this. But we can try. 
> 
> # mod_verify requires CREATE TABLE "verify" in DB. Make sure 
> # you created it before enabling the module in sm.xml.
> 
> However, the mod_verify is new in 2.3.5, so we don't have to 
> care about its migration, right? Or what am I missing?

Ah, now that you say so. I never read it that way. But true.

Then it is probably not more than a 'git merge master' to get the latest
jabberd2 on EPEL-7. If you want you can update it for EPEL-7.

Adrian

Re: Questions...

2016-04-14 Thread Adrian Reber 
On Thu, Apr 14, 2016 at 10:49:30AM +0200, Matěj Cepl wrote:
> On 2016-04-14, 06:27 GMT, Adrian Reber wrote:
> > On Wed, Apr 13, 2016 at 09:19:45AM -0700, John Oliver wrote:
> >> 1) Is this project the 'jabberd' that's available in EPEL?
> >
> > I can answer that one. jabberd in EPEL is jabberd2. As it is EPEL it
> > will not see as many updates as the upstream package
> 
> I agree that I would keep EPEL-6 (or even EPEL-5) untouched just 
> with possible security patches, but it seems to me that rebase 
> in EPEL-7 would not be the worst idea. What do you think? I am 
> willing to help with patching.
> 
> Do we know what is the upgrade story? Does the latest jabberd2 
> just takes over the original configuration?

In the configuration I am running jabberd2 on Fedora I did not have many
(maybe any) upgrading the last few versions. EPEL-7 would be an upgrade
from 2.3.2 to 2.3.6. It probably depends on the installation and which
backends are used if the upgrade. Looking at

 https://github.com/jabberd2/jabberd2/blob/master/NEWS

it seems upgrading from 2.3.4 to 2.3.5 can require database changes. Not
sure how to handle this. But we can try.

Adrian

Re: Questions...

2016-04-14 Thread Adrian Reber 
On Wed, Apr 13, 2016 at 09:19:45AM -0700, John Oliver wrote:
> 1) Is this project the 'jabberd' that's available in EPEL?

I can answer that one. jabberd in EPEL is jabberd2. As it is EPEL it
will not see as many updates as the upstream package

Adrian

systemd unit files

2014-02-14 Thread Adrian Reber 
I have a simple patch which includes the systemd unit files from the
fedora package into jabberd2 at:

https://lisas.de/git/?p=jabberd2.git;a=commitdiff;h=c78c0f4a68cda23ce5d43153da5e73c0c0472de1

Adrian

Re: releases plans

2012-03-24 Thread Adrian Reber 
On Wed, Mar 21, 2012 at 04:17:02PM +0100, Tomasz Sterna wrote:
 Dnia 2012-03-21, śro o godzinie 15:13 +0100, Adrian Reber pisze:
  Seeing all the changes which have been committed since 2.2.14
  I am wondering if there are any plans for a new release?
 
 Yes... I have one more feature in cooking though.
 
 Once it is done it may even yeld a 2.3 release :-)
 
 But since you mentioned... It may be worthwhile to do one more 2.2 line
 release with already committed bugfixes.
 
 What do you think, community?

I am all for a new release. That was the reason for my question.

Adrian

releases plans

2012-03-21 Thread Adrian Reber 

Seeing all the changes which have been committed since 2.2.14
I am wondering if there are any plans for a new release?

Adrian

Re: [jabberd2] Hi ....

2008-12-22 Thread Adrian Reber 
On Mon, Dec 22, 2008 at 05:01:54AM -0800, Raghu wrote:
 I have installed jabberd-2.2.4 via rpm and the server
 is starting after configuring, the problem is when i
 try to connect from client (exodus) or any other
 client software. it gets connect then its not able to
 the user or create the new user. I have follwed the
 document from
 http://jabberd2.xiaoka.com/wiki/InstallGuide/InstallJabberd2
 the log message int he server as follows.
 
 using MYSQL as database and authentication.
 
[...]
 
 from client ( exodus ) the error is
 An error accourred trying to register new account.
 This server may not allow open register. 

Have you enabled account registration in c2s.xml?

Adrian

-- 
To unsubscribe send a mail to jabberd2+unsubscr...@lists.xiaoka.com

Re: [jabberd2] Trouble with installation and gsasl

2008-08-26 Thread Adrian Reber 
On Mon, Aug 25, 2008 at 10:13:02PM +0200, Thomas Kerkmann wrote:
 Yes, libgsasl is installed in /usr/lib64
 
 So I changed everything to point there
 
 [EMAIL PROTECTED] jabberd-2.2.3]# ./configure --enable-sqlite  --enable-ssl \
   --with-extra-include-path=/usr/local/include \
   --with-extra-library-path=/usr/lib64
 
 [EMAIL PROTECTED] jabberd-2.2.3]# cat /etc/ld.so.conf
 include ld.so.conf.d/*.conf /usr/lib64

You give us very little information about your system. But could it be
that your distribution has an older version of gsasl installed which is
found by the configure script?

and please, do not top post on mailing lists
http://en.wikipedia.org/wiki/Posting_style ;-)

Adrian

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] Trouble with installation and gsasl

2008-08-25 Thread Adrian Reber 
On Mon, Aug 25, 2008 at 08:41:03PM +0200, Thomas Kerkmann wrote:
 Thanks for replying, but nope
 
 [EMAIL PROTECTED] jabberd-2.2.3]# ./configure --enable-sqlite --enable-ssl
 --with-extra-include-path=/usr/local/include
 --with-extra-library-path=/usr/local/lib
 
 checking for stringprep_check_version in -lidn... yes
 checking for Libidn version = 0.3.0... yes
 checking for dns_init in -ludns... yes
 checking gsasl.h usability... yes
 checking gsasl.h presence... yes
 checking for gsasl.h... yes
 checking for gsasl_check_version in -lgsasl... yes
 checking for GnuSASL version = 0.2.27... no
 configure: error: no SASL backend available out of: gsasl
 [EMAIL PROTECTED] jabberd-2.2.3]# gsasl --version
 gsasl (GNU SASL) 0.2.27
 Copyright (C) 2008 Simon Josefsson.
 License GPLv3+: GNU GPL version 3 or later
 http://gnu.org/licenses/gpl.html
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.
 
 Written by Simon Josefsson.
 [EMAIL PROTECTED] jabberd-2.2.3]# cat /etc/ld.so.conf
 include ld.so.conf.d/*.conf /usr/local/lib
 [EMAIL PROTECTED] jabberd-2.2.3]# 
 
 BTW, this is an x86_64 system.

And where is libgsasl installed? If it is a 64 bit system I would expect
it to be in /lib64 and not /lib

Adrian




 -Ursprüngliche Nachricht-
 Von: Tomasz Sterna [mailto:[EMAIL PROTECTED] 
 Gesendet: Sonntag, 24. August 2008 23:31
 An: jabberd2@lists.xiaoka.com
 Betreff: Re: [jabberd2] Trouble with installation and gsasl
 
 Dnia 2008-08-24, nie o godzinie 10:19 +0200, Thomas Kerkmann pisze:
  checking for GnuSASL version = 0.2.27... no
  configure: error: no SASL backend available out of: gsasl
  
  [EMAIL PROTECTED] jabberd-2.2.3]# gsasl --version gsasl (GNU SASL) 
  0.2.27
 [...]
  Can anybody help me out here please - what am I missing
 
 http://jabberd2.xiaoka.com/ticket/98#comment:3 ?

--
To unsubscribe send a mail to [EMAIL PROTECTED]

Re: [jabberd2] Jabberd2 Debian package

2008-08-08 Thread Adrian Reber 
On Wed, Aug 06, 2008 at 10:15:21AM +0200, Harald Braumann wrote:
 Jabberd2 is back in Debian main, as Jorge Salamero Sanz announced in a
 previous post -- well, maybe not so much announced but hid in a
 btw-clause. Still, it's great news.
 
 I myself maintained an unofficial jabberd2 package on
 debian.unheit.net. I don't know if many people besides me used it,
 but anyway it will be discontinued. I'd rather contribute to the
 official package. 

I am maintaining jabberd for Fedora, but since 2.2.0 I have not updated
anymore because I cannot connect to jabberd with pidgin.

http://developer.pidgin.im/ticket/6394

Does this problem also exists on debian?

Adrian

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]