Your message dated Sun, 24 Mar 2024 20:44:29 +0000 with message-id <e1rouhh-00a0iu...@fasolo.debian.org> and subject line Bug#1064058: fixed in libxml-stream-perl 1.24-4+deb12u1 has caused the Debian Bug report #1064058, regarding libxml-stream-perl: TLS/SSL broken with IO-Socket-SSL >= 2.078 when hostname verification is enabled to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1064058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064058 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libxml-stream-perl Version: 1.24-4 Severity: normal Tags: upstream Control: affects -1 sendxmpp libnet-xmpp-perl Dear Maintainers, after upgrading to Debian Bookworm, we noticed that the sendxmpp command line tool was not working anymore in our setup. During the investigation of this issue, I noticed that downgrading IO-Socket-SSL to the version in Bullseye made sendxmpp work again. I then started to try all versions of IO-Socket-SSL between the version in Bullseye and the one in Bookworm and found that it stopped working with version 2.078. Eventually, I came up with a pull request [1] containing a patch that fixed it for us - apparently, the way XML-Stream was using IO-Socket-SSL most likely always resulted in the hostname verification to be done against the IP address of the peer instead of an actual hostname, which was always considered to be successful in IO-Socket-SSL < 2.078, but not anymore in newer versions. Since the upstream seems quite inactive, it might be worth considering to add this or a similar patch to the package in Debian, as I came across several other bug reports in the Debian BTS which might actually be caused by this issue, like #986971 [2], #1032868 [3] and maybe also #1050336 [4] - at least the error messages in the first two look very similar to what I saw. Cheers, Manfred [1]: https://github.com/dap/XML-Stream/pull/28 [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986971 [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032868 [4]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050336 -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-18-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_CH.utf8, LC_CTYPE=de_CH.utf8 (charmap=UTF-8), LANGUAGE=de_CH:de Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages libxml-stream-perl depends on: ii libauthen-sasl-perl 2.1600-3 ii libio-socket-ssl-perl 2.081-2 ii perl 5.36.0-7+deb12u1 libxml-stream-perl recommends no packages. Versions of packages libxml-stream-perl suggests: ii libnet-dns-perl 1.36-1 -- no debconf information
--- End Message ---
--- Begin Message ---Source: libxml-stream-perl Source-Version: 1.24-4+deb12u1 Done: gregor herrmann <gre...@debian.org> We believe that the bug you reported is fixed in the latest version of libxml-stream-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1064...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gregor herrmann <gre...@debian.org> (supplier of updated libxml-stream-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 03 Mar 2024 16:02:42 +0100 Source: libxml-stream-perl Architecture: source Version: 1.24-4+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: gregor herrmann <gre...@debian.org> Closes: 1064058 Changes: libxml-stream-perl (1.24-4+deb12u1) bookworm; urgency=medium . * Team upload. * Add Set_SSL_verifycn_name_parameter_to_fix_hostname_verification.patch to adjust to IO::Socket::SSL >= 2.078. Thanks to Manfred Stock for the bug report and the patch. (Closes: #1064058) Checksums-Sha1: fb30bd6a1ea3e8ace0475749f6f5cb65137d960c 2523 libxml-stream-perl_1.24-4+deb12u1.dsc bec97360ef55ee94793a7827fa89a667be233aeb 7140 libxml-stream-perl_1.24-4+deb12u1.debian.tar.xz Checksums-Sha256: 5e3b78e6fca3396feee7456fd6e38fcb038563fde93de1032e01e745787c779d 2523 libxml-stream-perl_1.24-4+deb12u1.dsc eadf675738027ab8447228686bfe8d20c6dd521f3c7a9ab31d809288c6e6d92d 7140 libxml-stream-perl_1.24-4+deb12u1.debian.tar.xz Files: 328f6fcb20ce0c9cf8c0f740da766a9e 2523 perl optional libxml-stream-perl_1.24-4+deb12u1.dsc 140814e7bf2be6f8c54c982b2aabe05a 7140 perl optional libxml-stream-perl_1.24-4+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmXkkfJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgavnBAAsuD/5y/HrswOTmuSxZ1hBxDi3utJfqD+OqWcKRUk9EcUrEJImMRWnRRa 1Whsmj3Cz2Rp/vH2xMzkFp2a63O/j3UqbRKk/+KD18oYi5eD/yRQxEKii84AQB91 MX1hwsjYF6LlGf6tXxZbXEuOYhM941RC26QLs+MTmqRSPwe3HYvFI6eAYizxhdj1 /0yFkBb2LOD7dS3jwRFkDMwbk0Fsy+36U3s3mU5nfHJuqGsCB/rw04mHUBIhruJX MXAI7yBUT41fG8jz5YCK3xdQQu8wDsig/e1BjaJQ5v5uJeIYIkXJbbYAwnO/Zh9P vnDba2XJOa00iFiDEHXD8M5GX9OUdKo5iS3zfAswRijDH4y2A4QguQmAlrlRWRGS u2P723Ec6PpaaEhp+PGwV1joPE1hyTaw3Q+N80MtQUZZ4Bc6fZ4ADLcJcgxhUpqX maKi+pTaK9ujQIfPE/XUszBP52q1C1xp2xJ1EWO0wuS0QdAk3PAqg5cwYvzBkR8q /+VXybeJ1+oSUbLTOAaDXOYl/BtGPKgjomxIaPnnn14egfoYXZv9owTEoq2oMvJK COAd6GvleO5a1Qw5Q5tOK1VWhIIh4cgsuBKkKeT0/6p66EogV7HpEqX1DL2oFSAW K1rAQKU6buPRdSa/FfckcbVbyxk/33JhPzh83baTH6sTjG5LnDs= =Qs9I -----END PGP SIGNATURE-----pgpK3tKpFYEat.pgp
Description: PGP signature
--- End Message ---