Bug#766475: python-xmpp: Error in SSLSocket
Hi guys. You were quick :) First of all - huge thanks for doing that! Next - re: no acks on previous NMUs - there are two possibilities - could be that I was not asked explicitly to ack (like this time) and assumed it is not needed or I was super busy or ack happened to be off thread. Or some combination of the above. In any case, I am always happy to see that someone comes to rescue of the poor package. If you want me to comment on the future plans - I'll happily do that even though I'll probably not have enough capacity to do anything more serious than that. Thanks again! Alexey Control: severity -1 serious Control: retitle -1 Connection to TLS-enabled servers is broken: Error in SSLSocket Hi, anonym wrote (19 Mar 2015 11:03:49 GMT) : Next, here's a small test case to for triggering the bug: import xmpp xmpp.Client(jabber.ccc.de).connect() This bug seems RC to me, as: 1. it's a regression from Wheezy; 2. most popular XMPP servers offer TLS these days, so it seems to be that this bug breaks break the most common use-case of this library; and also 3. python-xmpp has quite a few reverse-deps that might be affected (I didn't check, though). = bumping severity. Alexey, what do you think? (Now, I don't see any reply from Alexey to the open bugs on this package, some of them dating back to 2010. Last upload by Alexey was in 2008, and there have been 2 NMUs since then, none of them acknowledged = I won't hold my breath too long.) With the patch supplied by Vladimir Osintsev, the problem is indeed fixed. I'll try to come up with a minimal patch that satisfies the freeze policy (introducing the quilt machinery is definitely not an option at this stage of the freeze). And then I'll prepare a NMU. There are, however, other issues with xmpppy, so the python-xmpp package is in a pretty poor state [...] Indeed, it would be good if something could be done about it during the Stretch cycle. python-xmpp has quite a few reverse-dependencies, so perhaps a couple of their upstream or Debian maintainers will want to adopt xmpppy upstream. Let's say it's off-topic here, though: the discussion that was started on #592010 feels like a better place to discuss future plans. Cheers! -- intrigeri
Bug#766475: python-xmpp: Error in SSLSocket
Hi, Alexey Nezhdanov wrote (20 Mar 2015 05:56:55 GMT) : First of all - huge thanks for doing that! Thanks for answering :) Just to be extra clear: does this implicitly mean you agree with the RC severity and the NMU I've proposed? Should I just go ahead without waiting any more time? Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#766475: python-xmpp: Error in SSLSocket
Please go ahead. Security is important - thus it is a major feature that is broken and that you fix - I believe, RC severity is appropriate. Thanks! Alexey 2015-03-20 8:50 GMT+01:00 intrigeri intrig...@debian.org: Hi, Alexey Nezhdanov wrote (20 Mar 2015 05:56:55 GMT) : First of all - huge thanks for doing that! Thanks for answering :) Just to be extra clear: does this implicitly mean you agree with the RC severity and the NMU I've proposed? Should I just go ahead without waiting any more time? Cheers, -- intrigeri
Bug#766475: python-xmpp: Error in SSLSocket
Hi, First off, I'd like to make it clear that this is a regression since Debian Wheezy, probably due to the switch from python 2.7.3 to 2.7.9. Next, here's a small test case to for triggering the bug: import xmpp xmpp.Client(jabber.ccc.de).connect() With the patch supplied by Vladimir Osintsev, the problem is indeed fixed. There are, however, other issues with xmpppy, so the python-xmpp package is in a pretty poor state (bit rot since the maintainder abandoned it ~seven years ago). Some more details can be found here: https://labs.riseup.net/code/issues/9074 Cheers! signature.asc Description: OpenPGP digital signature
Bug#766475: Intent to NMU [Was: Bug#766475: python-xmpp: Error in SSLSocket]
On 19/03/15 17:14, intrigeri wrote: 0. anonym confirms that a package built with this patch applied fixes the problem for him on current Jessie Your patch does the trick. Cheers! signature.asc Description: OpenPGP digital signature
Bug#766475: python-xmpp: Error in SSLSocket
Control: severity -1 serious Control: retitle -1 Connection to TLS-enabled servers is broken: Error in SSLSocket Hi, anonym wrote (19 Mar 2015 11:03:49 GMT) : Next, here's a small test case to for triggering the bug: import xmpp xmpp.Client(jabber.ccc.de).connect() This bug seems RC to me, as: 1. it's a regression from Wheezy; 2. most popular XMPP servers offer TLS these days, so it seems to be that this bug breaks break the most common use-case of this library; and also 3. python-xmpp has quite a few reverse-deps that might be affected (I didn't check, though). = bumping severity. Alexey, what do you think? (Now, I don't see any reply from Alexey to the open bugs on this package, some of them dating back to 2010. Last upload by Alexey was in 2008, and there have been 2 NMUs since then, none of them acknowledged = I won't hold my breath too long.) With the patch supplied by Vladimir Osintsev, the problem is indeed fixed. I'll try to come up with a minimal patch that satisfies the freeze policy (introducing the quilt machinery is definitely not an option at this stage of the freeze). And then I'll prepare a NMU. There are, however, other issues with xmpppy, so the python-xmpp package is in a pretty poor state [...] Indeed, it would be good if something could be done about it during the Stretch cycle. python-xmpp has quite a few reverse-dependencies, so perhaps a couple of their upstream or Debian maintainers will want to adopt xmpppy upstream. Let's say it's off-topic here, though: the discussion that was started on #592010 feels like a better place to discuss future plans. Cheers! -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#766475: Intent to NMU [Was: Bug#766475: python-xmpp: Error in SSLSocket]
Hi,
intrigeri wrote (19 Mar 2015 15:30:15 GMT) :
I'll try to come up with a minimal patch that satisfies the freeze
policy (introducing the quilt machinery is definitely not an option at
this stage of the freeze). And then I'll prepare a NMU.
I intend to NMU with the attached patch applied in a few days,
assuming:
0. anonym confirms that a package built with this patch applied fixes
the problem for him on current Jessie
1. The maintainer doesn't disagree this is RC
2. The maintainer doesn't says he has a better fix in progress
Cheers,
--
intrigeri
diff -u python-xmpp-0.4.1/debian/changelog python-xmpp-0.4.1/debian/changelog
--- python-xmpp-0.4.1/debian/changelog
+++ python-xmpp-0.4.1/debian/changelog
@@ -1,3 +1,11 @@
+python-xmpp (0.4.1-cvs20080505.4) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Update SSL socket handling to work with Jessie's Python (Closes: #766475).
+Thanks to Vladimir Osintsev osint...@gmail.com for the patch!
+
+ -- intrigeri intrig...@debian.org Thu, 19 Mar 2015 16:33:09 +0100
+
python-xmpp (0.4.1-cvs20080505.3) unstable; urgency=low
* Non-maintainer upload.
diff -u python-xmpp-0.4.1/xmpp/transports.py python-xmpp-0.4.1/xmpp/transports.py
--- python-xmpp-0.4.1/xmpp/transports.py
+++ python-xmpp-0.4.1/xmpp/transports.py
@@ -27,7 +27,7 @@
Also exception 'error' is defined to allow capture of this module specific exceptions.
-import socket,select,base64,dispatcher,sys
+import socket,ssl,select,base64,dispatcher,sys
from simplexml import ustr
from client import PlugIn
from protocol import *
@@ -305,9 +305,9 @@
Immidiatedly switch socket to TLS mode. Used internally.
Here we should switch pending_data to hint mode.
tcpsock=self._owner.Connection
-tcpsock._sslObj= socket.ssl(tcpsock._sock, None, None)
-tcpsock._sslIssuer = tcpsock._sslObj.issuer()
-tcpsock._sslServer = tcpsock._sslObj.server()
+tcpsock._sslObj= ssl.wrap_socket(tcpsock._sock, None, None)
+tcpsock._sslIssuer = tcpsock._sslObj.getpeercert().get('issuer')
+tcpsock._sslServer = tcpsock._sslObj.getpeercert().get('server')
tcpsock._recv = tcpsock._sslObj.read
tcpsock._send = tcpsock._sslObj.write
Bug#766475:
Patch attached to this mail. python-xmpp_0.4.1-cvs20080505.3-cvs20080505.4.debdiff Description: Binary data
Bug#766475:
tag 766475 + patch thanks Attached patch for source package that fixes this bug. -- Vladimir Osintsev o...@co.ru Systems Administrator, Engineer
Bug#766475: python-xmpp: Error in SSLSocket
Package: python-xmpp Version: 0.4.1-cvs20080505.3 Severity: normal Dear Maintainer, File /root/./sendxmpp.py, line 36, in module cl.connect(); File /usr/lib/python2.7/dist-packages/xmpp/client.py, line 205, in connect while not self.TLS.starttls and self.Process(1): pass File /usr/lib/python2.7/dist-packages/xmpp/dispatcher.py, line 303, in dispatch handler['func'](session,stanza) File /usr/lib/python2.7/dist-packages/xmpp/transports.py, line 330, in StartTLSHandler self._startSSL() File /usr/lib/python2.7/dist-packages/xmpp/transports.py, line 309, in _startSSL tcpsock._sslIssuer = tcpsock._sslObj.issuer() AttributeError: '_ssl._SSLSocket' object has no attribute 'issuer' done Prior we have a bug reported by #765598. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.17.0 (SMP w/4 CPU cores) Locale: LANG=pt_BR, LC_CTYPE=pt_BR (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages python-xmpp depends on: ii python 2.7.8-1 Versions of packages python-xmpp recommends: ii python-dnspython 1.12.0-1 python-xmpp suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
