[tor-bugs] #1676 [Archived/Tor Messenger]: Audit jabber/XMPP support for pidgin

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 21 21:45:08 UTC 2018 

#1676: Audit jabber/XMPP support for pidgin
---------------------------------------+-------------------------
 Reporter:  katmagic                   |          Owner:  ioerror
     Type:  defect                     |         Status:  closed
 Priority:  Medium                     |      Milestone:
Component:  Archived/Tor Messenger     |        Version:
 Severity:  Blocker                    |     Resolution:  invalid
 Keywords:  pidgin, DNS, needs-triage  |  Actual Points:
Parent ID:                             |         Points:
 Reviewer:                             |        Sponsor:
---------------------------------------+-------------------------
Changes (by traumschule):

 * severity:   => Blocker
 * parent:  #2918 =>


Comment:

 Just to clarify: the ticket has been closed as invalid because the
 intention to use pidgin for TorMessenger did go (#2918),
 [https://blog.torproject.org/sunsetting-tor-messenger just as the latter
 itself]. For alternatives see https://blog.torproject.org/tor-heart-onion-
 messaging


 Unfortunately the ticket description still makes a valid point. You can
 verify this with {{{torsocks -d}}}. The DNS requests are blocked and
 pidgin is waiting for reply hanging forever with
 > Waiting for connection.

 The torsocks log shows:
 > DEBUG torsocks[30140]: IPv4/v6 non TCP socket denied. Tor network can't
 handle it. (in tsocks_socket() at socket.c:69)
 > DEBUG torsocks[30140]: [conect] Connection is not IPv4/v6. Ignoring. (in
 tsocks_validate_socket() at connect.c:63)

 [[doc/TorifyHOWTO/InstantMessaging#Libpurple-basedclients]] rightfully
 states:
 > Warning: Libpurple has been proven critically flawed in recent years.
 While problems do continually come up related to that and most times they
 are subsequently patched, the long-term vulnerability of the platform is
 inevitable and therefore it is recommended against using any of the
 software listed below.

 (leaving it closed though because there is still no reason to audit)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1676#comment:49>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list