Package: libxml-stream-perl Version: 1.24-4 Severity: normal Tags: upstream Control: affects -1 sendxmpp libnet-xmpp-perl
Dear Maintainers, after upgrading to Debian Bookworm, we noticed that the sendxmpp command line tool was not working anymore in our setup. During the investigation of this issue, I noticed that downgrading IO-Socket-SSL to the version in Bullseye made sendxmpp work again. I then started to try all versions of IO-Socket-SSL between the version in Bullseye and the one in Bookworm and found that it stopped working with version 2.078. Eventually, I came up with a pull request [1] containing a patch that fixed it for us - apparently, the way XML-Stream was using IO-Socket-SSL most likely always resulted in the hostname verification to be done against the IP address of the peer instead of an actual hostname, which was always considered to be successful in IO-Socket-SSL < 2.078, but not anymore in newer versions. Since the upstream seems quite inactive, it might be worth considering to add this or a similar patch to the package in Debian, as I came across several other bug reports in the Debian BTS which might actually be caused by this issue, like #986971 [2], #1032868 [3] and maybe also #1050336 [4] - at least the error messages in the first two look very similar to what I saw. Cheers, Manfred [1]: https://github.com/dap/XML-Stream/pull/28 [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986971 [3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032868 [4]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050336 -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-18-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_CH.utf8, LC_CTYPE=de_CH.utf8 (charmap=UTF-8), LANGUAGE=de_CH:de Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages libxml-stream-perl depends on: ii libauthen-sasl-perl 2.1600-3 ii libio-socket-ssl-perl 2.081-2 ii perl 5.36.0-7+deb12u1 libxml-stream-perl recommends no packages. Versions of packages libxml-stream-perl suggests: ii libnet-dns-perl 1.36-1 -- no debconf information
