708226 – net-im/pidgin-2.13.0 SSL bug causes TLS failure connecting to pidgin.im

Bug 708226 - net-im/pidgin-2.13.0 SSL bug causes TLS failure connecting to pidgin.im

Summary: net-im/pidgin-2.13.0 SSL bug causes TLS failure connecting to pidgin.im

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Lars Wendler (Polynomial-C) (RETIRED)

URL:	https://bitbucket.org/pidgin/main/com...
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2020-02-04 16:38 UTC by Phil Stracchino (Unix Ronin)
Modified:	2020-02-11 13:16 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch to ebuild (pidgin-2.13.0-r4.ebuild.patch,667 bytes, patch) 2020-02-04 16:39 UTC, Phil Stracchino (Unix Ronin)	Details \| Diff
Patch to ssl-gnutls.c to correct TLS authentication problem (pidgin-2.13.0-ssl-gnutls.patch,755 bytes, patch) 2020-02-04 16:40 UTC, Phil Stracchino (Unix Ronin)	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Phil Stracchino (Unix Ronin) 2020-02-04 16:38:05 UTC

If the release notification plugin is enabled, pidgin will attempt to connect to pidgin.im to check whether an update is available.  This connection will currently fail to authenticate the certificate due to an error in the SSL code.

The attached patch from upstream fixes the SSL problem and allows the release notification plugin to continue to work correctly.  This should be viewed as an interim fix pending 


Reproducible: Always

Steps to Reproduce:
1. Enable release notification plugin (you may also possibly need the XMPP Service Discovery plugin)
2. Launch pidgin
3. Pidgin attempts to check for update but fails to authenticate

Comment 1 Phil Stracchino (Unix Ronin) 2020-02-04 16:39:02 UTC

Created attachment 611566 [details, diff]
Patch to ebuild

Comment 2 Phil Stracchino (Unix Ronin) 2020-02-04 16:40:12 UTC

Created attachment 611568 [details, diff]
Patch to ssl-gnutls.c to correct TLS authentication problem

Comment 3 Phil Stracchino (Unix Ronin) 2020-02-05 04:56:49 UTC

Oops.  I submitted without finishing a sentence.

"Per upstream developers, this should be viewed as an interim fix pending release of pidgin 2.14.0."  (Which they are going to try to get out soon.)

Comment 4 tt_1 2020-02-08 11:08:04 UTC

Is this an upstream patch?

Comment 5 Phil Stracchino (Unix Ronin) 2020-02-08 15:23:52 UTC

(In reply to tt_1 from comment #4)
> Is this an upstream patch?

This patch is from upstream, yes.  As noted, this should be viewed as an interim fix pending release of 2.14, which will HOPEFULLY be done soon but who knows, with most of the development effort going into pidgin 3.0.  In the meantime, until 2.14 is released, this patch makes release notification in 2.13 work correctly.

Comment 6 Larry the Git Cow gentoo-dev

2020-02-11 13:16:54 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55f5d8938ea10bd15797d263d9dd132c74c5cc4d

commit 55f5d8938ea10bd15797d263d9dd132c74c5cc4d
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-02-11 13:16:02 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-02-11 13:16:49 +0000

    net-im/pidgin: Revbump to fix gnutls plugin
    
    Thanks-to: Phil Stracchino (Unix Ronin) <phils@caerllewys.net>
    Closes: https://bugs.gentoo.org/708226
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 .../files/pidgin-2.13.0-gnutls_sni_support.patch   | 33 ++++++++++++++++++++++
 ...in-2.13.0-r5.ebuild => pidgin-2.13.0-r6.ebuild} |  1 +
 2 files changed, 34 insertions(+)