Your message dated Sat, 02 Sep 2017 21:07:27 +0000
with message-id <[email protected]>
and subject line Bug#864257: fixed in sleekxmpp 1.3.3-1
has caused the Debian Bug report #864257,
regarding python3-sleekxmpp: TLS certificate verification fails
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
864257: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864257
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: python3-sleekxmpp
Version: 1.3.1-6
Severity: normal
Dear Maintainer,
I have been using painintheapt on several systems running jessie,
jessie-backports, and stretch. For quite some time the hosts running
jessie-backports and stretch have been failing to execute painintheapt,
in fact there's an infinite loop. Today I decided to investigate the
problem and discovered a bug in sleekxmpp.
I tweaked a copy of the painintheapt script to enable debug logging
which produced the following output, with reconnection attempts repeated
indefinitely:
DEBUG Waiting 2.072999311351683 seconds before connecting.
DEBUG DNS: Querying SRV records for unzane.com
DEBUG DNS: Querying jabber.unzane.com for AAAA records.
DEBUG DNS: Querying jabber.unzane.com for A records.
DEBUG Connecting to [2001:470:e861:4::2]:5222
DEBUG Event triggered: connected
DEBUG ==== TRANSITION disconnected -> connected
DEBUG Starting HANDLER THREAD
DEBUG Loading event runner
DEBUG SEND (IMMED): <stream:stream to='unzane.com'
xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'
xml:lang='en' version='1.0'>
DEBUG RECV: <stream:stream id="15762184421087048225" version="1.0"
from="unzane.com" xml:lang="en">
DEBUG RECV: <stream:features xmlns="http://etherx.jabber.org/streams";><c
xmlns="http://jabber.org/protocol/caps";
node="http://www.process-one.net/en/ejabberd/"; hash="sha-1"
ver="N+nCub6oxVjIxxoREHOeJv4wQNU=" /><starttls
xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls><compression
xmlns="http://jabber.org/features/compress";><method>zlib</method></compression></stream:features>
DEBUG SEND (IMMED): <starttls
xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required /></starttls>
DEBUG RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
DEBUG Starting TLS
INFO Negotiating TLS
INFO Using SSL version: TLSv1
DEBUG CERT: -----BEGIN CERTIFICATE-----
MIIGdjCCBF6gAwIBAgIEALIrzTANBgkqhkiG9w0BAQsFADBdMTgwNgYDVQQDEy9V
bnphbmUgSW50ZXJtZWRpYXRlIENlcnRpZmljYXRlIEF1dGhvcml0eSAoUlNBKTEh
MB8GA1UECgwY8J+GhPCfhb3wn4aJ8J+FsPCfhb3wn4W0MCIYDzIwMTQwNDA3MTcy
NzAwWhgPMjAzODAxMTkwMzE0MDdaMCIxIDAeBgNVBAMTF255YXJsYXRob3RlcC51
bnphbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo/IzfzDD
EHc1NO/EzOGT8+l8Uqiu2ZLt89gohrxgohijWRFLJCJHoD8Q9NgVhYRXPQMzWxC1
hzZfps8UDGUeDfgfEbW2NdvXRElSUexgcb4pqIJlQEUQ7qe22mETMqYwu7jSgswz
Rg7LQqbNRQRKYQRbAezhGe/reHm8mhKoV6guz7XPBHGxJMvWxgiwfNXFZJ3tlp7W
Qu0zz/f/CZKS+Y5QqfAcwyfbnD/jV4ekixi/utt77Qq3AhxbZmW6TuoKuGiD9JBA
+51XFbI3Xkf5yokfZaj7cVGes+ntZMNmDOXyuHnf1zsUYfDentWqwclMdjPO6hu4
oagzy245PlsAiRgdFqrngrimTmKn+Ab/uaMq/y+XU5e1wnBP1WgWynFmfIw3fXhI
gRjrrnM2tcLshS0Tmwf8NAUivKS+yf5wEdFdXmAWwjaOqIm4Co7PxCb722X4MaR4
0y9whFDVFl87wv2C21n0yPRqnsk6CViSA1NqFk7IEiYF/VrQRZ5wtZor4ImzLyNM
gfaI7WrkbnRn5isSZZn3CIKkSelcVADPAq0XuLqAcY4pr3ttt3DJd9bgYRsKq9ZQ
f408fRlLmVbxYh2sl15p8uowClHTxng7wnuMt+kCVL8TACXiohnF7TrvOL+/5zjz
jzgCgC8NfHnhnCyY/jlOOqnOewS44Dx7o4UCAwEAAaOCAXMwggFvMAwGA1UdEwEB
/wQCMAAwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDETCB
owYDVR0RBIGbMIGYghdueWFybGF0aG90ZXAudW56YW5lLmNvbYIKdW56YW5lLmNv
bYIRamFiYmVyLnVuemFuZS5jb22CEyouamFiYmVyLnVuemFuZS5jb22CEHdlYXZl
LnVuemFuZS5jb22CD3NvZ28udW56YW5lLmNvbYITZnVuYW1ib2wudW56YW5lLmNv
bYIRbXVtYmxlLnVuemFuZS5jb20wDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQU
2aIsO1Rktllh9KaeS6LqBYp2A+cwHwYDVR0jBBgwFoAUuz3o+9sxu31sw58Q19zU
HVuefiUwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cHM6Ly93d3cudW56YW5lLmNvbS94
NTA5L3Jldm9jYXRpb24tcnNhLnBlbTANBgkqhkiG9w0BAQsFAAOCAgEAmGKimuSw
xMtIomsygb0U1qoui5h2pkhI5UnPMAFvUm5bMwkSHgrMhyC31P2XI1zA9FovtTxV
Olm8RrdPV0wJ/tgfBHLZ6a8DpuEYhD+1llrQ81RowcfQHYsdKs2SHuChe85hJiVz
IpZZXDXKsiyKnrvtOPETitWI+KhYcEDChO/kwoL3jG6ffKhjrkNDXO4iuiwTJidN
CHNmkKWKwN1ywXmuopt5eD6x/QMPjs45GPL7WU5FtHcdjDHPcWv4xl4yXj/O2HBy
RgoshWLdxOisP7Cy+BT6IM9PwqqNF657ke7nsdZr/BA2AdXlcwObGixLqLMcz6On
IGR8RfenmcZVBWrZnMOPuv9snJZzPWmbYGl/v0Tk+L72WhJa4/22TnjJWRmq4Daq
DLOZYQtsV/FPHM+Q+Je9amR7CXZx/j+s97ZVQEaj5Y6bqgQoTL36L2LtKlUo2tI2
y4FjGiMdI+bqOqfe1TOV6F4NoepDoAtT6DUvH/rdB2GV8MKe8YPaimhJe62L9gzx
LkuFv4uPO+qhzP8MN9tbB3F6jyHYJI7d0sn2WFzFIBlbNkaI3oYvxevpugEkLP1t
KgeGGXolMxYz8S9rNTr9aSSYjLVsdOsTOMS6h0nvFIF/EhvWOqIDAXkj+v9TIwyH
j3shn0Jwh8RgTYLNHNyD36+MO6p5imiVODg=
-----END CERTIFICATE-----
DEBUG Event triggered: ssl_cert
ERROR time data '20140407172700Z' does not match format '%y%m%d%H%M%SZ'
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/xmlstream.py",
line 1492, in _process
if not self.__read_xml():
File "/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/xmlstream.py",
line 1564, in __read_xml
self.__spawn_event(xml)
File "/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/xmlstream.py",
line 1632, in __spawn_event
handler.prerun(stanza_copy)
File
"/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/handler/callback.py", line
64, in prerun
self.run(payload, True)
File
"/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/handler/callback.py", line
76, in run
self._pointer(payload)
File
"/usr/lib/python3/dist-packages/sleekxmpp/features/feature_starttls/starttls.py",
line 64, in _handle_starttls_proceed
if self.xmpp.start_tls():
File "/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/xmlstream.py",
line 889, in start_tls
cert.verify(self._expected_server_name, self._der_cert)
File "/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/cert.py", line
141, in verify
not_before, not_after = extract_dates(raw_cert)
File "/usr/lib/python3/dist-packages/sleekxmpp/xmlstream/cert.py", line
118, in extract_dates
not_before = datetime.strptime(not_before, '%y%m%d%H%M%SZ')
File "/usr/lib/python3.5/_strptime.py", line 510, in _strptime_datetime
tt, fraction = _strptime(data_string, format)
File "/usr/lib/python3.5/_strptime.py", line 343, in _strptime
(data_string, format))
ValueError: time data '20140407172700Z' does not match format '%y%m%d%H%M%SZ'
DEBUG reconnecting...
DEBUG Event triggered: session_end
DEBUG SEND (IMMED): </stream:stream>
INFO Waiting for </stream:stream> from server
DEBUG Event triggered: disconnected
DEBUG ==== TRANSITION connected -> disconnected
DEBUG connecting...
DEBUG Waiting 2.238069225097097 seconds before connecting.
...
The "ValueError: time data '20140407172700Z' does not match format
'%y%m%d%H%M%SZ'" exception shows that sleekxmpp is expecting a two digit year
rather than a four digit year.
Further inspection of the extract_dates function in xmlstream/cert.py reveals
some programming mistakes:
def extract_dates(raw_cert):
if not HAVE_PYASN1:
log.warning("Could not find pyasn1 and pyasn1_modules. " + \
"SSL certificate expiration COULD NOT BE VERIFIED.")
return None, None
cert = decoder.decode(raw_cert, asn1Spec=Certificate())[0]
tbs = cert.getComponentByName('tbsCertificate')
validity = tbs.getComponentByName('validity')
not_before = validity.getComponentByName('notBefore')
① not_before = str(not_before.getComponent())
not_after = validity.getComponentByName('notAfter')
① not_after = str(not_after.getComponent())
② if isinstance(not_before, GeneralizedTime):
not_before = datetime.strptime(not_before, '%Y%m%d%H%M%SZ')
else:
③ not_before = datetime.strptime(not_before, '%y%m%d%H%M%SZ')
② if isinstance(not_after, GeneralizedTime):
not_after = datetime.strptime(not_after, '%Y%m%d%H%M%SZ')
else:
③ not_after = datetime.strptime(not_after, '%y%m%d%H%M%SZ')
return not_before, not_after
At ①, the use of str() causes the isinstance() test at ② always be False
resulting in strptime() calls at ③ which use %y instead of %Y and throw
ValueError.
It looks like this was for some compatibility with ancient versions of
pyasn1.
-- System Information:
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set
to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python3-sleekxmpp depends on:
ii python3 3.5.3-1
ii python3-dnspython 1.15.0-1
ii python3-pyasn1 0.1.9-2
ii python3-pyasn1-modules 0.0.7-0.1
Versions of packages python3-sleekxmpp recommends:
ii python3-dateutil 2.5.3-2
ii python3-gnupg 0.3.9-1
ii python3-socks 1.6.5-1
python3-sleekxmpp suggests no packages.
-- no debconf information
--
Gerald Turner <[email protected]> Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: sleekxmpp
Source-Version: 1.3.3-1
We believe that the bug you reported is fixed in the latest version of
sleekxmpp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
W. Martin Borgert <[email protected]> (supplier of updated sleekxmpp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 02 Sep 2017 19:27:48 +0000
Source: sleekxmpp
Binary: python-sleekxmpp python3-sleekxmpp
Architecture: source all
Version: 1.3.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: W. Martin Borgert <[email protected]>
Description:
python-sleekxmpp - Python XMPP (Jabber) Library Implementing Everything as a
Plugin
python3-sleekxmpp - Python XMPP (Jabber) Library Implementing Everything as a
Plugin
Closes: 864257
Changes:
sleekxmpp (1.3.3-1) unstable; urgency=medium
.
* New upstream release which (Closes: #864257)
* Removed patches added in 1.3.1-6, now applied upstream
* Use dh 10, bump standars version to 4.1.0, no changes
Checksums-Sha1:
b84e6f589b9c057487465e4fbca3087f098af78a 2249 sleekxmpp_1.3.3-1.dsc
a65877332cb30712fae976ad897bbd0bf4eef1b4 1022315 sleekxmpp_1.3.3.orig.tar.gz
41d983bac5a43aff2fe49786f0a450c433c67c0c 21188 sleekxmpp_1.3.3-1.debian.tar.xz
cb56a55947b12275452486d4e189a5572c4095c6 198484
python-sleekxmpp_1.3.3-1_all.deb
817af227902d67bbf21e484c3b5141121a2ae7bd 198604
python3-sleekxmpp_1.3.3-1_all.deb
66926990482d3e4dd8cb8c62af387ba387757b23 6689 sleekxmpp_1.3.3-1_amd64.buildinfo
Checksums-Sha256:
31683613942d0c59bffb17d5566684b4194e400ab429f4a0b29afc699c73cfcc 2249
sleekxmpp_1.3.3-1.dsc
2a06b75ed254347ba97e5080a27aefac25947250090f5b386bc437d9b984d374 1022315
sleekxmpp_1.3.3.orig.tar.gz
63c4202db803601d5bbac05c3897f16ffab696b8f2b92a632eeb5ef3a216534e 21188
sleekxmpp_1.3.3-1.debian.tar.xz
e94b16e991bd0f6ef22063f63d9768127df3b434248f13ab63f2046ae4455e63 198484
python-sleekxmpp_1.3.3-1_all.deb
f9a39b9425b915413825dcde9709f9ebb2d00498d53af2dc05f3af9c1e81c362 198604
python3-sleekxmpp_1.3.3-1_all.deb
aca4dc65874ca73d08111976d4e21a456cee739efbf0547176ac90a89c1971f3 6689
sleekxmpp_1.3.3-1_amd64.buildinfo
Files:
e766d1f163e18e9f9421f600039c914a 2249 python optional sleekxmpp_1.3.3-1.dsc
8707ba293cce2b003d1b93b9d1b0565f 1022315 python optional
sleekxmpp_1.3.3.orig.tar.gz
19fa67e42df0143bdc6b2bed7fc5e62b 21188 python optional
sleekxmpp_1.3.3-1.debian.tar.xz
a7e92105b842984e451afc9fe92be087 198484 python optional
python-sleekxmpp_1.3.3-1_all.deb
6cc7a8bdf71224164d2c9eba6e434bc6 198604 python optional
python3-sleekxmpp_1.3.3-1_all.deb
a1782d8c847df571cb24a2d7173e250f 6689 python optional
sleekxmpp_1.3.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEftHeo0XZoKEY1KdA4+Chwoa5Y+oFAlmrFdUACgkQ4+Chwoa5
Y+qn4g//SG7kxMf+g9v2xaCAAIUE68RZWwochnbPGoehIP13ERuAAtSRgJD/Br+D
0RiZG+a3/8AJhJiHN5Vkp9KtejoB/81UWP6Jcr5GATt4YBU3QZG2ixPRdgUSnOuI
yVN7qJPvUwa5t5426MKBFUDXUKHe8HoJfR5Y2rVnXI9UDpvg9ApFYqsSvQAXmrxb
kx61EZBS6jpOhezA60RXJU4JlQsGP6L4V0Q+rIOsl2nG0uBED3G9ba7m+Elv6B79
rvGVNqRzZmX+dTOY/adxzATwS8IScBeo/9xgfvw7JjGYsILfmvOlBSs5pWoTefXO
ufjy6IFSufmcCpwc/DIFjhgb6ZWqt9UHj/xVG7Qhs5nz276oFy8jVp+c/86Y4i52
rhkAV+2Yjnrq1HSFiBMygG9mBs62My7AwfW7l4SXGLkijM2u75r0u+gwmtmSzO9Z
wS0kdYlOTvW4ty1o6A58b4LQYotpSSScYiuTbCLMY/s3XzAQgyxQ5LnwysyKbu/t
z+1HzFXr5HzXYcxoygYxc2NoPO3ouzl14B2RFH3nsUBcWWZIbYupphhOPGXO4Epf
hz8xnDRv4uy9CJt3tHOP481TyxhSW/mOJsLNGFAcEorJ6KoTuCjJAPYtoqS4vyK2
Y9TtMtV/kanBzwkET+Fe+WHn65OY8c6TGemJlkefuKgz/rH6bgo=
=Nb94
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
