pidgin/pidgin

Remove _xmppconnect support
release-2.x.y
9 months ago, Gary Kramlich
13cdb7956bdc
Parents c49dcf00bee6
Children 3230f4408394
Remove _xmppconnect support

It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
and has been removed from XEP-0156 because of that. We have been issued
CVE-2022-26491 for this issue.

More discussion can be found at
https://mail.jabber.org/pipermail/standards/2022-February/038759.html.

Testing Done:
Compiled

Reviewed at https://reviews.imfreedom.org/r/1357/
--- a/libpurple/protocols/jabber/jabber.c Sat Apr 23 05:05:54 2022 -0500
+++ b/libpurple/protocols/jabber/jabber.c Wed Apr 27 23:41:06 2022 -0500
@@ -798,48 +798,6 @@
}
static void
-txt_resolved_cb(GList *responses, gpointer data)
-{
- JabberStream *js = data;
- gboolean found = FALSE;
-
- js->srv_query_data = NULL;
-
- while (responses) {
- PurpleTxtResponse *resp = responses->data;
- gchar **token;
- token = g_strsplit(purple_txt_response_get_content(resp), "=", 2);
- if (purple_strequal(token[0], "_xmpp-client-xbosh")) {
- purple_debug_info("jabber","Found alternative connection method using %s at %s.\n", token[0], token[1]);
- js->bosh = jabber_bosh_connection_init(js, token[1]);
- g_strfreev(token);
- break;
- }
- g_strfreev(token);
- purple_txt_response_destroy(resp);
- responses = g_list_delete_link(responses, responses);
- }
-
- if (js->bosh) {
- found = TRUE;
- jabber_bosh_connection_connect(js->bosh);
- }
-
- if (!found) {
- purple_debug_warning("jabber", "Unable to find alternative XMPP connection "
- "methods after failing to connect directly.\n");
- purple_connection_error_reason(js->gc,
- PURPLE_CONNECTION_ERROR_NETWORK_ERROR,
- _("Unable to connect"));
- return;
- }
-
- if (responses) {
- g_list_free_full(responses, (GDestroyNotify)purple_txt_response_destroy);
- }
-}
-
-static void
jabber_login_callback(gpointer data, gint source, const gchar *error)
{
PurpleConnection *gc = data;
@@ -849,11 +807,6 @@
if (js->srv_rec != NULL) {
purple_debug_error("jabber", "Unable to connect to server: %s. Trying next SRV record or connecting directly.\n", error);
try_srv_connect(js);
- } else {
- purple_debug_info("jabber","Couldn't connect directly to %s. Trying to find alternative connection methods, like BOSH.\n", js->user->domain);
- js->srv_query_data = purple_txt_resolve_account(
- purple_connection_get_account(gc), "_xmppconnect",
- js->user->domain, txt_resolved_cb, js);
}
return;
}