Jabber Digest authentication requires SHA1. The implementation included in centericq does however produce incorrect results. Attached is a patch to correct it, and a patch for centericq-4.20.0-r1.ebuild. Source of the patch is <URL:http://article.gmane.org/gmane.network.centericq/3116>. fixes for sha_c.patch were already in the patch found in portage, but those for libxode.h were not. Since the patch was found on the centericq mailing list, the centericq author might have already be informed, but I will contect him tomorrow about inclusion of both patches in centericq. I chose Major priority because the program's jabber functions are useless without being able to log in. Reproducible: Always Steps to Reproduce: 1. Compile centericq on amd64 with USE="jabber" 2. Try to log in using jabber 3. Actual Results: Login always fails because the SHA1-implementation used for digest auth produces incorrect results. Expected Results: Compute correct SHA1 hash and do a successful login. Portage 2.0.51.19 (default-linux/amd64/2005.0, gcc-3.4.3-hardened, glibc-2.3.4. 20041102-r1, 2.6.11.6-grsec-13 x86_64) ================================================================= System uname: 2.6.11.6-grsec-13 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.4-r1,dev-lang/python-2.4-r3 [2.4 (#2, Mar 22 2005, 17:22:24)] ccache version 2.3 [enabled] dev-lang/python: 2.3.4-r1, 2.4-r3 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.7.9-r1, 1.8.5-r3, 1.6.3, 1.9.4, 1.5 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CFLAGS="-O2 -march=k8 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/ share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb / usr/share/config /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/ domains /var/vpopmail/etc" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=k8 -pipe -fomit-frame-pointer" DISTDIR="/usr/src/pkg" FEATURES="autoaddcvs autoconfig buildpkg ccache distlocks sandbox strict userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo ftp://ftp. uni-erlangen.de/pub/mirrors/gentoo http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://gentoo.inode.at/source http://gentoo.inode.at/" LANG="de_DE.UTF-8" MAKEOPTS="-j2" PKGDIR="/usr/portage/pkg" PORTAGE_TMPDIR="/usr/portage/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="amd64 X aalib acpi acpi4linux alsa apache2 audiofile avi bash-completion bcmath bdf berkdb bitmap-fonts bzip2 bzlib cdparanoia cdr crypt cups curl dga dlloader dvd dvdread encode exif fam flac font-server foomaticdb fortran freetds freetype fs ftp gd gdbm gif gimp gimpprint glut gmp gnutls gphoto2 gpm gstreamer gtk gtk2 gtkhtml iconv imagemagick imap imlib innodb ipv6 jabber jack java jp2 jpeg kde kerberos ldap lesstif libcaca libwww lzo lzw lzw-tiff mad mailwrapper matroska mcal memlimit mmap mng mp3 mysql ncurses nls nvidia ogg oggvorbis openal opengl pam perl png ppds python qt readline sasl scanner sdl snmp speex spell ssl svg tcltk tcpd theora tidy tiff truetype truetype-fonts type1-fonts unicode usb userlocales utf8 vidix visualization wmf xanim xine xinerama xml xml2 xmms xpm xrandr xsl xv xvid xvmc zlib linguas_de linguas_en_GB" Unset: ASFLAGS, CBUILD, CTARGET, LC_ALL, LDFLAGS
Created attachment 55915 [details, diff] One more fix for centericq on amd64 This patch fixes the SHA1 implemention included in centericq and used for Jabber digest authentication for usage on amd64.
Comment on attachment 55915 [details, diff] One more fix for centericq on amd64 Source of the patch: http://article.gmane.org/gmane.network.centericq/3116 (the former one, the latter already is in the patch used in portage.)
Created attachment 55916 [details, diff] Add the epatch centericq-sha1-amd64-fix.patch to the ebuild (I'm not sure whether sending such patches is of any use, so I'm just doing it.) I tested this on my amd64 machine, and it works.
While we are speaking about jabber-patches for cicq: It isn't possible to go offline. The fix is here: http://article.gmane.org/gmane.network.centericq/3503 And cicq isn't able to decrypt every pgp crypted message. The patch: http://www.fefe.de/diffs/centericq-pgp.diff
Upstream does not care about fixing bugs. We should probably remove CenterICQ from Portage.
