Bug#794963: libnet-xmpp-perl: "Insecure dependency in eval (...) at /usr/share/perl5/Net/XMPP/Protocol.pm line 1007."
Axel Beckert
abe at debian.org
Mon Aug 10 14:41:33 UTC 2015
Hi Christoph,
Christoph Biedl wrote:
> > Can you give me some example code which triggers this issue so that I
> > can test if it's fixed with the new upstream release?
>
> It's rather simple: Use Net::XMPP while running setuid. So execute the
> following code as root after adjusting the server information and
> credentials, login must succeed to trigger the error.
I'm sorry, but I failed to get that script working.
I tried with:
* My own server (cacert certificate, Net::XMPP::Client can't seem to
pass ssl_ca_path to XML::Stream)
* Upstream's test server (connection refused despite I used the same
data as in their own test scripts)
* locally installed jabberd2 (gave nothing 500 server error after I
had it purged and installed again)
* locally installed prosody (connection timeout).
I see currently two options:
a) you try to checkout
https://anonscm.debian.org/cgit/pkg-perl/packages/libnet-xmpp-perl.git
and build the package from there to test it.
b) I'll upload the new upstream release without fixing this issue, you
try it afterwards in Sid oder Testing and I either close this issue
retroactively or try to fix it based on your feedback.
Regards, Axel
--
,''`. | Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
More information about the pkg-perl-maintainers
mailing list