Re: Cipher suites in Jabberd2, disabling RC4

2016-10-26 Thread Adrian Reber
On Wed, Oct 26, 2016 at 01:08:28PM -0400, Pete Fuller wrote:
> Greetings, I am attempting to remove support for the RC4 cipher in TLS
> connections to Jabber2d, per results of a recent security audit.  I
> have done this for our web servers and other encrypted services
> already.  I am not finding any information as to how to make this
> change in jabber2d.  I’m using jabberd version 2.4 from the EPEL repo
> on Centos7.  The only info I could find on the list was someone asking
> this question a few years ago and being told it was an experimental
> feature.
> http://www.mail-archive.com/jabberd2@lists.xiaoka.com/msg02359.html
> 
> . I’m hoping this feature has been included in the release and I am
> just having issues finding that information.  

Looking at c2s.xml.dist.in (and s2s.xml.dist.in) for 2.4 I see:




and

 ciphers
 List of available TLS ciphers. The format of the string is
 described in https://www.openssl.org/docs/apps/ciphers.html

Looks you can just list the needed ciphers in those two files.

Adrian


signature.asc
Description: PGP signature


Re: jabberd-2.4.0 release

2016-05-27 Thread Adrian Reber
On Fri, May 27, 2016 at 12:09:41AM -0700, li...@lazygranch.com wrote:
> On Fri, 27 May 2016 06:22:01 +0200
> Tomasz Sterna  wrote:
> 
> > W dniu 26.05.2016, czw o godzinie 19∶46 -0700, użytkownik
> > li...@lazygranch.com napisał:
> > > This is from my attempt to compile the tar.gz file after doing
> > > autoreconf -i
> > > ./configure
> > > 
> > > I get
> > > ./configure: 12735: Syntax error: word unexpected (expecting ")")
> > 
> > 
> > Do not use the source labeled "Source code (tar.gz)" - this is plain
> > git source dump, not ready for direct consumption.
> > 
> > Use the source labeled jabberd-2.4.0.tar.xz or jabberd-2.4.0.tar.gz
> > (the ones with .asc signatures). These are prepared, with ./configure
> > script etc. generated.
> > 
> > 
> > 
> > P.S. or install autoconf-archive package
> > 
> 
> Actually I had downloaded  jabberd-2.4.0.tar.gz. However I downloaded
> the xz file. I also installed autoconf-archive, though I don't know how
> I'm supposed to use it.
> 
> Doing some internet search, it is suggested the procedure should be:
> aclocal
> automake --add-missing
> autoconf
> ./configure
> 
> I get this error message:
> --
> checking for XML_ParserCreate in -lexpat... no
> configure: error: Expat not found
> --
> I have expat, so it is a matter of configure not finding it.

As a reference: The Fedora package was also built from jabberd-2.4.0.tar.gz
without any problems.

https://kojipkgs.fedoraproject.org//packages/jabberd/2.4.0/1.fc25/data/logs/x86_64/build.log

Adrian


signature.asc
Description: PGP signature


Re: Questions...

2016-04-14 Thread Adrian Reber
On Thu, Apr 14, 2016 at 04:19:06PM +0200, Matěj Cepl wrote:
> On 2016-04-14, 10:26 GMT, Adrian Reber wrote:
> > In the configuration I am running jabberd2 on Fedora I did not  
> > have many (maybe any) upgrading the last few versions. EPEL-7 
> > would be an upgrade from 2.3.2 to 2.3.6. It probably depends 
> > on the installation and which backends are used if the 
> > upgrade. Looking at 
> >
> >  https://github.com/jabberd2/jabberd2/blob/master/NEWS
> >
> > it seems upgrading from 2.3.4 to 2.3.5 can require database  
> > changes. Not sure how to handle this. But we can try. 
> 
> # mod_verify requires CREATE TABLE "verify" in DB. Make sure 
> # you created it before enabling the module in sm.xml.
> 
> However, the mod_verify is new in 2.3.5, so we don't have to 
> care about its migration, right? Or what am I missing?

Ah, now that you say so. I never read it that way. But true.

Then it is probably not more than a 'git merge master' to get the latest
jabberd2 on EPEL-7. If you want you can update it for EPEL-7.

Adrian




Re: Questions...

2016-04-14 Thread Adrian Reber
On Thu, Apr 14, 2016 at 10:49:30AM +0200, Matěj Cepl wrote:
> On 2016-04-14, 06:27 GMT, Adrian Reber wrote:
> > On Wed, Apr 13, 2016 at 09:19:45AM -0700, John Oliver wrote:
> >> 1) Is this project the 'jabberd' that's available in EPEL?
> >
> > I can answer that one. jabberd in EPEL is jabberd2. As it is EPEL it
> > will not see as many updates as the upstream package
> 
> I agree that I would keep EPEL-6 (or even EPEL-5) untouched just 
> with possible security patches, but it seems to me that rebase 
> in EPEL-7 would not be the worst idea. What do you think? I am 
> willing to help with patching.
> 
> Do we know what is the upgrade story? Does the latest jabberd2 
> just takes over the original configuration?

In the configuration I am running jabberd2 on Fedora I did not have many
(maybe any) upgrading the last few versions. EPEL-7 would be an upgrade
from 2.3.2 to 2.3.6. It probably depends on the installation and which
backends are used if the upgrade. Looking at

 https://github.com/jabberd2/jabberd2/blob/master/NEWS

it seems upgrading from 2.3.4 to 2.3.5 can require database changes. Not
sure how to handle this. But we can try.

Adrian




Re: Questions...

2016-04-14 Thread Adrian Reber
On Wed, Apr 13, 2016 at 09:19:45AM -0700, John Oliver wrote:
> 1) Is this project the 'jabberd' that's available in EPEL?

I can answer that one. jabberd in EPEL is jabberd2. As it is EPEL it
will not see as many updates as the upstream package

Adrian




systemd unit files

2014-02-14 Thread Adrian Reber
I have a simple patch which includes the systemd unit files from the
fedora package into jabberd2 at:

https://lisas.de/git/?p=jabberd2.git;a=commitdiff;h=c78c0f4a68cda23ce5d43153da5e73c0c0472de1

Adrian




Re: releases plans

2012-03-24 Thread Adrian Reber
On Wed, Mar 21, 2012 at 04:17:02PM +0100, Tomasz Sterna wrote:
 Dnia 2012-03-21, śro o godzinie 15:13 +0100, Adrian Reber pisze:
  Seeing all the changes which have been committed since 2.2.14
  I am wondering if there are any plans for a new release?
 
 Yes... I have one more feature in cooking though.
 
 Once it is done it may even yeld a 2.3 release :-)
 
 But since you mentioned... It may be worthwhile to do one more 2.2 line
 release with already committed bugfixes.
 
 What do you think, community?

I am all for a new release. That was the reason for my question.

Adrian




releases plans

2012-03-21 Thread Adrian Reber

Seeing all the changes which have been committed since 2.2.14
I am wondering if there are any plans for a new release?

Adrian




Re: [jabberd2] Hi ....

2008-12-22 Thread Adrian Reber
On Mon, Dec 22, 2008 at 05:01:54AM -0800, Raghu wrote:
 I have installed jabberd-2.2.4 via rpm and the server
 is starting after configuring, the problem is when i
 try to connect from client (exodus) or any other
 client software. it gets connect then its not able to
 the user or create the new user. I have follwed the
 document from
 http://jabberd2.xiaoka.com/wiki/InstallGuide/InstallJabberd2
 the log message int he server as follows.
 
 using MYSQL as database and authentication.
 
[...]
 
 from client ( exodus ) the error is
 An error accourred trying to register new account.
 This server may not allow open register. 

Have you enabled account registration in c2s.xml?

Adrian

-- 
To unsubscribe send a mail to jabberd2+unsubscr...@lists.xiaoka.com



Re: [jabberd2] compile probs

2008-10-20 Thread Adrian Reber
On Mon, Oct 20, 2008 at 12:03:38PM -0700, Bazooka Joe wrote:
 I get this error in configure
 
 configure: error: Expat not found
 
 but my centos system says
 
 Package expat - 1.95.8-8.2.1.x86_64 is already installed.
 
 I don't compile programs very often so any help would be appreciated.

Install expat-devel.

Adrian

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]



Re: [jabberd2] Trouble with installation and gsasl

2008-08-26 Thread Adrian Reber
On Mon, Aug 25, 2008 at 10:13:02PM +0200, Thomas Kerkmann wrote:
 Yes, libgsasl is installed in /usr/lib64
 
 So I changed everything to point there
 
 [EMAIL PROTECTED] jabberd-2.2.3]# ./configure --enable-sqlite  --enable-ssl \
   --with-extra-include-path=/usr/local/include \
   --with-extra-library-path=/usr/lib64
 
 [EMAIL PROTECTED] jabberd-2.2.3]# cat /etc/ld.so.conf
 include ld.so.conf.d/*.conf /usr/lib64

You give us very little information about your system. But could it be
that your distribution has an older version of gsasl installed which is
found by the configure script?

and please, do not top post on mailing lists
http://en.wikipedia.org/wiki/Posting_style ;-)

Adrian

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]



Re: [jabberd2] Trouble with installation and gsasl

2008-08-25 Thread Adrian Reber
On Mon, Aug 25, 2008 at 08:41:03PM +0200, Thomas Kerkmann wrote:
 Thanks for replying, but nope
 
 [EMAIL PROTECTED] jabberd-2.2.3]# ./configure --enable-sqlite --enable-ssl
 --with-extra-include-path=/usr/local/include
 --with-extra-library-path=/usr/local/lib
 
 checking for stringprep_check_version in -lidn... yes
 checking for Libidn version = 0.3.0... yes
 checking for dns_init in -ludns... yes
 checking gsasl.h usability... yes
 checking gsasl.h presence... yes
 checking for gsasl.h... yes
 checking for gsasl_check_version in -lgsasl... yes
 checking for GnuSASL version = 0.2.27... no
 configure: error: no SASL backend available out of: gsasl
 [EMAIL PROTECTED] jabberd-2.2.3]# gsasl --version
 gsasl (GNU SASL) 0.2.27
 Copyright (C) 2008 Simon Josefsson.
 License GPLv3+: GNU GPL version 3 or later
 http://gnu.org/licenses/gpl.html
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.
 
 Written by Simon Josefsson.
 [EMAIL PROTECTED] jabberd-2.2.3]# cat /etc/ld.so.conf
 include ld.so.conf.d/*.conf /usr/local/lib
 [EMAIL PROTECTED] jabberd-2.2.3]# 
 
 BTW, this is an x86_64 system.

And where is libgsasl installed? If it is a 64 bit system I would expect
it to be in /lib64 and not /lib

Adrian




 -Ursprüngliche Nachricht-
 Von: Tomasz Sterna [mailto:[EMAIL PROTECTED] 
 Gesendet: Sonntag, 24. August 2008 23:31
 An: jabberd2@lists.xiaoka.com
 Betreff: Re: [jabberd2] Trouble with installation and gsasl
 
 Dnia 2008-08-24, nie o godzinie 10:19 +0200, Thomas Kerkmann pisze:
  checking for GnuSASL version = 0.2.27... no
  configure: error: no SASL backend available out of: gsasl
  
  [EMAIL PROTECTED] jabberd-2.2.3]# gsasl --version gsasl (GNU SASL) 
  0.2.27
 [...]
  Can anybody help me out here please - what am I missing
 
 http://jabberd2.xiaoka.com/ticket/98#comment:3 ?

--
To unsubscribe send a mail to [EMAIL PROTECTED]



Re: [jabberd2] Jabberd2 Debian package

2008-08-08 Thread Adrian Reber
On Wed, Aug 06, 2008 at 10:15:21AM +0200, Harald Braumann wrote:
 Jabberd2 is back in Debian main, as Jorge Salamero Sanz announced in a
 previous post -- well, maybe not so much announced but hid in a
 btw-clause. Still, it's great news.
 
 I myself maintained an unofficial jabberd2 package on
 debian.unheit.net. I don't know if many people besides me used it,
 but anyway it will be discontinued. I'd rather contribute to the
 official package. 

I am maintaining jabberd for Fedora, but since 2.2.0 I have not updated
anymore because I cannot connect to jabberd with pidgin.

http://developer.pidgin.im/ticket/6394

Does this problem also exists on debian?

Adrian

-- 
To unsubscribe send a mail to [EMAIL PROTECTED]



Re: [jabberd2] CLOSE_WAIT after SSL handshake errors

2008-01-29 Thread Adrian Reber
On Mon, Jan 28, 2008 at 06:26:31PM -0800, Michiel Frishert wrote:
 and very rarely:
 SSL handshake error (error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong 
 version number)

I am also seeing this with 2.1.21 sometimes. Especially with pidgin. In
my tests it seems like psi does not have this problem in contrast to
pidgin.

Adrian
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com


Re: [jabberd2] CLOSE_WAIT after SSL handshake errors

2008-01-29 Thread Adrian Reber
On Tue, Jan 29, 2008 at 09:48:12AM -0800, Michiel Frishert wrote:
 Do you mean just the SSL error? Or also the CLOSE_WAIT state on the
 associated socket?

I never looked at associated socket until now and if I get a SSL error
the server socket stays at CLOSE_WAIT and the client socket hangs at
FIN_WAIT2 until I kill c2s. With pidgin I get very often SSL (wrong
version number) but never with psi. The first connect of a fresh
jabberd-2.1.22 usually works with pidgin and then it starts to happen
very often.

 On 1/29/08, Adrian Reber [EMAIL PROTECTED] wrote:
 
  On Mon, Jan 28, 2008 at 06:26:31PM -0800, Michiel Frishert wrote:
   and very rarely:
   SSL handshake error (error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
   version number)
 
  I am also seeing this with 2.1.21 sometimes. Especially with pidgin. In
  my tests it seems like psi does not have this problem in contrast to
  pidgin.

Adrian
___
Jabberd2 mailing list
Jabberd2@lists.xiaoka.com
http://lists.xiaoka.com/listinfo.cgi/jabberd2-xiaoka.com