Hi,
just upgraded my server from Ubuntu 10.04 to 12.04 and noticed that
jabberd2 stopped working.
I finally tracked it down to the expat library which now contains a
fix for CVE-2012-0876. This fix tries to add some randomisation to
expat's own hash tables, but by doing so fiddles with srand and
Hi!
Does jabberd2 work after is re-compiled with 12.04?
Anyway, I suspect you blame the following expat's function:
static unsigned long
generate_hash_secret_salt(void)
{
unsigned int seed = time(NULL) % UINT_MAX;
srand(seed);
return rand();
}
It is called once (per parser instance)
Hi!
Find comments embedded.
On 06/15/2012 05:08 PM, Christof Meerwald wrote:
On Fri, Jun 15, 2012 at 04:25:31PM +0400, Eugene Agafonov wrote:
Does jabberd2 work after is re-compiled with 12.04?
No.
That's strange.. It works perfect on Debian Testing with libexpat1_2.1.0-1
Any details? Debug
D'oh! I got it :-)
Stay tuned for patch.
On 06/15/2012 05:14 PM, Eugene Agafonov wrote:
That's strange.. It works perfect on Debian Testing with
libexpat1_2.1.0-1
Any details? Debug logs?
Patch is out
https://github.com/Jabberd2/jabberd2/pull/5
On Fri, Jun 15, 2012 at 5:21 PM, Eugene Agafonov e.a.agafo...@gmail.comwrote:
D'oh! I got it :-)
Stay tuned for patch.
On 06/15/2012 05:14 PM, Eugene Agafonov wrote:
That's strange.. It works perfect on Debian Testing with
Dnia 2012-06-15, piÄ… o godzinie 22:44 +0400, Eugene Agafonov pisze:
Patch is out https://github.com/Jabberd2/jabberd2/pull/5
Ahhh... Pesky expat...
Merged.
Thank you. :-)
--
Tomasz Sterna
Instant Messaging Consultant : Open Source Developer
http://tomasz.sterna.tv/
