Pidgin-sipe connection error after upgrade to Ubuntu 12.04

Bug #950790 reported by tvicol
284
This bug affects 66 people
Affects Status Importance Assigned to Milestone
pidgin (Ubuntu)
Undecided
Unassigned
pidgin-sipe (Debian)
Fix Released
Unknown

Bug Description

Have upgraded from Ubuntu 11.10 to Ubuntu 12.04 and I'm no longer able to connect to Microsoft Office Communicator.
Every time I try to reconnect I get a "Read error".

Any support is appreciated.

Regards,
Tibi

Revision history for this message
tvicol (tiberiu-vicol) wrote :

Ref https://bugs.launchpad.net/ubuntu/+source/pidgin-sipe/+bug/947920
Setting NSS_SSL_CBC_RANDOM_IV=0 didn´t work for me.

Here is a copy from debug screen with above environment variable set.

(10:51:58) account: Connecting to account xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
(10:51:58) connection: Connecting. gc = 0x220f2d38
(10:51:58) dnsquery: Performing DNS lookup for xxxxxxxxxxxxxxxxxxxxxxxxxx
(10:51:58) dns: Wait for DNS child 2366 failed: No child processes
(10:51:58) dns: Created new DNS child 2368, there are now 1 children.
(10:51:58) dns: Successfully sent DNS request to child 2368
(10:51:58) dns: Got response for 'xxxxxxxxxxxxxxxxxxxxxxxx'
(10:51:58) dnsquery: IP resolved for xxxxxxxxxxxxxxxxxxxxxxxx
(10:51:58) proxy: Attempting connection to xxxxxxxxxxx
(10:51:58) proxy: Connecting to xxxxxxxxxxxxxxxx:5061 with no proxy
(10:51:58) proxy: Connection in progress
(10:51:59) proxy: Connecting to xxxxxxxxxxxxxxxx:5061.
(10:51:59) proxy: Connected to xxxxxxxxxxxxxxxxxx:5061.
(10:51:59) nss: subject=CN=xxxxxxxxxxxxxxxxxxxx,OU=xx,O=xx,L=PARIS,ST=ILE DE FRANCE,C=FR issuer=CN=xxxxxxxxxxxxxxxx CA 1-2,OU=0002 380129866,OU=WesternEU MiddleEast Africa,O=xxxxxxxxx SA,C=FR
(10:51:59) nss: partial certificate chain
(10:51:59) certificate/x509/tls_cached: Starting verify for xxxxxxxxxxxxxxxxxx
(10:51:59) certificate/x509/tls_cached: Checking for cached cert...
(10:51:59) certificate/x509/tls_cached: ...Found cached cert
(10:51:59) nss/x509: Loading certificate from /home/xxxx/.purple/certificates/x509/tls_peers/xxxxxxxxxxxxxxxx
(10:51:59) certificate/x509/tls_cached: Peer cert matched cached
(10:51:59) nss/x509: Exporting certificate to /home/xxxx/.purple/certificates/x509/tls_peers/xxxxxxxxxxxxxxxxxx
(10:51:59) util: Writing file /home/xxxx/.purple/certificates/x509/tls_peers/xxxxxxxxxxxxxxxxxxxx
(10:51:59) certificate: Successfully verified certificate for xxxxxxxxxxxxxxxxx
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) stun: using server
(10:51:59) connection: Connection error on 0x220f2d38 (reason: 0 description: Read error)
(10:51:59) account: Disconnecting account xxxxxxxxxxxxxxxxxxx,ad.xxxxxxxxxxxxxxxxxxx\xxxxxxxxxx (0x21abd538)
(10:51:59) connection: Disconnecting connection 0x220f2d38
(10:51:59) GLib: g_hash_table_destroy: assertion `hash_table != NULL' failed
(10:51:59) connection: Destroying connection 0x220f2d38
(10:52:04) util: Writing file accounts.xml to directory /home/xxxx/.purple
(10:52:04) util: Writing file /home/xxxx/.purple/accounts.xml

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pidgin (Ubuntu):
status: New → Confirmed
Revision history for this message
Jari Salo (jari-salo) wrote :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649456

You can make a workaround by exporting this before starting pidgin:
export NSS_SSL_CBC_RANDOM_IV=0

Revision history for this message
tvicol (tiberiu-vicol) wrote :

As I said above

Setting NSS_SSL_CBC_RANDOM_IV=0 didn´t work for me.

Revision history for this message
Jari Salo (jari-salo) wrote :

Sorry, missed that. That workaround isn't working for me anymore either.

Revision history for this message
sacapeao (sacapeao) wrote :

export NSS_SSL_CBC_RANDOM_IV=0 worked
for it to take effect open a terminal window then
$ export NSS_SSL_CBC_RANDOM_IV=0
$ pidgin

Revision history for this message
tvicol (tiberiu-vicol) wrote :

Many thanks, sacapeao !
Now I got it working.

Does anyone know when we´ll have a permanent fix ?

Revision history for this message
Jari Salo (jari-salo) wrote :

I had wrong server address on the second time I tried to use this workaround. I can confirm that the workaround is (still) working.

Revision history for this message
thefuzz4 (jason-hamilton) wrote :

I also can verify that the work around as stated above does work. Thank you sacapeao

Revision history for this message
Brian (brian-battaglia) wrote :

While using this fix, my status message is always set to "./t". If I remove it, it seems to come back. This could be related to another bug, but it started when I started using this fix.

Revision history for this message
MBybee (mike-bybee) wrote :

Doesn't seem to work when empathy is using the pidgin-sipe plugin. I'll try installing all of pidgin and see if it works.

Revision history for this message
MBybee (mike-bybee) wrote :

Confirmed - if I install pidgin and run the fix it works. Empathy (using the pidgin-sipe plugin) with the fix doesn't.
Yet another strike for Empathy.

Revision history for this message
Titantux (israel-m-dj) wrote :

It works the workaround for me too!!
Thanks !!

Revision history for this message
Sebastiaan Renkens (srenkens) wrote :

I too confirm Empathy is not working while pidgin does (if the workaround is in place).

Revision history for this message
Sebastiaan Renkens (srenkens) wrote :

Just found out that setting ¨NSS_SSL_CBC_RANDOM_IV=0" in /etc/environment and rebooting does the trick. My Empathy connected to Microsoft Communications Server is working again.

I'am not sure how much of a security impact this change has though, setting the var in /etc/environment makes it system wide one.

Revision history for this message
sergio (serge-simon) wrote :

The export NSS_SSL_CBC_RANDOM_IV=0 worked for me too, thanks for the tip.

Revision history for this message
MBybee (mike-bybee) wrote :

That works for me on empathy too.
Man, going from pidgin to empathy really makes me miss pidgin. Dang.

Revision history for this message
Christopher Knörle (cknoerle) wrote :

For me the setting ¨NSS_SSL_CBC_RANDOM_IV=0" in /etc/environment and rebooting did not help for both empathy and pidging.

Revision history for this message
Lars Magnus Herland (zhakal) wrote :

Neither of the suggested settings work for me :(

Revision history for this message
Alexander Wingård (alexander-wingard) wrote :

NSS_SSL_CBC_RANDOM_IV=0 worked for me too.

Revision history for this message
Clayton (cletusw) wrote :

export NSS_SSL_CBC_RANDOM_IV=0 worked for me too.

Revision history for this message
Clayton (cletusw) wrote :

Note that for Ubuntu (at least for 12.04), you can add the line

NSS_SSL_CBC_RANDOM_IV=0

to ~/.pam_environment and it'll work as well.

Revision history for this message
pbuzas (peter-buzas) wrote :

The workarounds emntioned in post #6 and post #22 seems to fix Pidgin for me as well, however I could not get Empathy to work.

Revision history for this message
Goofy (nilay-badavne) wrote :

The workaround in post #6 works. But I don't have ~/.pam_environment. Do we need to create this file?

Revision history for this message
pbuzas (peter-buzas) wrote :

Yes, I had to create the file as well.

Revision history for this message
Goofy (nilay-badavne) wrote :

I have created the "~/.pam_environment" and put NSS_SSL_CBC_RANDOM_IV=0.
Pidgin will now connect with the office communicator.
But it seems to be plagued with a new issue. It connects and immediately disconnects.

Revision history for this message
Roger Preece (rwpreece) wrote :

If you create a text file in /etc/profile.d folder and call it something like my_environment.sh you can put you personalized environment variables in it and it will be run each time you login to your desktop environment. Whatever you decide to name it be sure it's file extension is .sh so that it will be recognized as a script file.

For this particular issue you would add the following line to your .sh file:

export NSS_SSL_CBC_RANDOM_IV=0

Once your added this file and the above line to this file, just reboot your system.

You can also put other environment variables in this file such as:

export JAVA_HOME=/home/xxxxxx/tools/jdk1.6.0_29
export PATH=$PATH:$M2:$JAVA_HOME/bin:$CATALINA_HOME/bin:$ORACLE_HOME/bin

Note that the PATH= environment variable is using other environment variables to augment your systems PATH environment variable.

Revision history for this message
Dmitry Veltishev (vdmit) wrote :

workaround 'export NSS_SSL_CBC_RANDOM_IV=0' works indeed, thanks a lot!

Revision history for this message
Dragonfist (kunal-narkhede) wrote :
Download full text (13.8 KiB)

I have similiar error in pidgin and I am not able to connect to ocs server through pidgin sipe. I have set the env variable in /etc/environment, did export too..I tried in empathy and pidgin both..Its not working for me.. Following is the pidgin debug log for me...
(10:34:06) prefs: Reading /home/mitza/.purple/prefs.xml
(10:34:06) prefs: Finished reading /home/mitza/.purple/prefs.xml
(10:34:06) prefs: purple_prefs_get_path: Unknown pref /pidgin/browsers/command
(10:34:06) dbus: okkk
(10:34:06) plugins: probing /usr/lib/pidgin/gestures.so
(10:34:06) plugins: probing /usr/lib/pidgin/xmppdisco.so
(10:34:06) plugins: probing /usr/lib/pidgin/timestamp_format.so
(10:34:06) plugins: probing /usr/lib/pidgin/extplacement.so
(10:34:06) plugins: probing /usr/lib/pidgin/spellchk.so
(10:34:06) plugins: probing /usr/lib/pidgin/iconaway.so
(10:34:06) plugins: probing /usr/lib/pidgin/history.so
(10:34:06) plugins: probing /usr/lib/pidgin/musicmessaging.so
(10:34:06) plugins: probing /usr/lib/pidgin/themeedit.so
(10:34:06) plugins: probing /usr/lib/pidgin/notify.so
(10:34:06) plugins: probing /usr/lib/pidgin/sendbutton.so
(10:34:06) plugins: probing /usr/lib/pidgin/cap.so
(10:34:06) plugins: probing /usr/lib/pidgin/timestamp.so
(10:34:06) plugins: probing /usr/lib/pidgin/convcolors.so
(10:34:06) plugins: probing /usr/lib/pidgin/pidginrc.so
(10:34:06) plugins: probing /usr/lib/pidgin/ticker.so
(10:34:06) plugins: probing /usr/lib/pidgin/vvconfig.so
(10:34:06) plugins: probing /usr/lib/pidgin/gtkbuddynote.so
(10:34:06) plugins: probing /usr/lib/pidgin/xmppconsole.so
(10:34:06) plugins: probing /usr/lib/pidgin/markerline.so
(10:34:06) plugins: probing /usr/lib/purple-2/libbonjour.so
(10:34:06) plugins: probing /usr/lib/purple-2/libicq.so
(10:34:06) plugins: probing /usr/lib/purple-2/libmxit.so
(10:34:06) prpl-loubserp-mxit: Loading MXit libPurple plugin...
(10:34:06) plugins: probing /usr/lib/purple-2/dbus-example.so
(10:34:06) plugins: probing /usr/lib/purple-2/libyahoojp.so
(10:34:06) plugins: probing /usr/lib/purple-2/libmsn.so
(10:34:06) plugins: probing /usr/lib/purple-2/libsametime.so
(10:34:06) plugins: /usr/lib/purple-2/libsametime.so has a prefs_info, but is a prpl. This is no longer supported.
(10:34:06) plugins: probing /usr/lib/purple-2/ssl.so
(10:34:06) plugins: probing /usr/lib/purple-2/statenotify.so
(10:34:06) plugins: probing /usr/lib/purple-2/autoaccept.so
(10:34:06) plugins: probing /usr/lib/purple-2/buddynote.so
(10:34:06) plugins: probing /usr/lib/purple-2/libyahoo.so
(10:34:06) plugins: probing /usr/lib/purple-2/libirc.so
(10:34:06) plugins: probing /usr/lib/purple-2/psychic.so
(10:34:06) plugins: probing /usr/lib/purple-2/libxmpp.so
(10:34:06) plugins: probing /usr/lib/purple-2/libzephyr.so
(10:34:06) plugins: probing /usr/lib/purple-2/libgg.so
(10:34:06) plugins: probing /usr/lib/purple-2/libnovell.so
(10:34:06) plugins: probing /usr/lib/purple-2/perl.so
(10:34:06) plugins: probing /usr/lib/purple-2/pidgin-libnotify.so
(10:34:06) plugins: probing /usr/lib/purple-2/log_reader.so
(10:34:06) plugins: probing /usr/lib/purple-2/libjabber.so
(10:34:06) plugins: /usr/lib/purple-2/libjabber.so is not usable because the 'purple_init_plugin' symbol...

Revision history for this message
Joyjeet Chowdhury (joyjeetchowdhury-a) wrote :

Hi all,

May be the following might help you out. this is how i resolved...

echo "export NSS_SSL_CBC_RANDOM_IV=0" >> /etc/profile # Export the Variable into Profile files
echo "export NSS_SSL_CBC_RANDOM_IV=0" >> /home/$USER/.bashrc # Export the Variable into Current Profile files

so everytime you reboot it will be a global variable for all your programs, and its a temporary fix for the time being...

Hope this might help you...

:)

Revision history for this message
Iain Buclaw (iainb) wrote :

This patch against libnss fixes the issue.

https://bugzilla.redhat.com/attachment.cgi?id=551038

Has this managed to find it's way into Debian/Ubuntu?

Revision history for this message
era (era) wrote :

https://bugzilla.redhat.com/show_bug.cgi?id=770682 alleges that setting NSS_SSL_CBC_RANDOM_IV=0 globally is a security problem. As an alternative, what I did was this:

Create the following file in /tmp/pidgin

#!/bin/sh
NSS_SSL_CBC_RANDOM_IV=0 exec /usr/bin/pidgin "$@"

Then run the following commands:

sudo cp /tmp/pidgin /usr/local/bin
sudo chmod a+x /usr/local/bin/pidgin

This is just a different way to implement the workaround so that the NSS_SSL_CBC_RANDOM_IV variable is only set for the Pidgin process instead of globally in your environment.

It should not hurt if /usr/local/bin/pidgin remains in use even once a proper fix is deployed, assuming you have a modicum of trust for your local environment (and if not, you should hardly be using SIPE for messaging in the first place).

Revision history for this message
Julian Alarcon (julian-alarcon) wrote :

This is maybe the "best" workaround for Pidgin

Just edit the file "/usr/share/applications/pidgin.desktop"
Add to the line "Exec=" the text "env NSS_SSL_CBC_RANDOM_IV=0"

This is my desktop file on 12.10:

[Desktop Entry]
Name=Pidgin Internet Messenger
GenericName=Internet Messenger
Comment=Chat over IM. Supports AIM, Google Talk, Jabber/XMPP, MSN, Yahoo and more
Exec=env NSS_SSL_CBC_RANDOM_IV=0 pidgin
Icon=pidgin
StartupNotify=true
Terminal=false
Type=Application
Categories=Network;InstantMessaging;
X-Ubuntu-Gettext-Domain=pidgin

Changed in pidgin-sipe (Debian):
status: Unknown → Fix Released
Revision history for this message
L0RE (andreas-vogler) wrote :

I have the same error under Windows? Does someone know a windows fix?

Revision history for this message
xlash911 (guillaume-nourry-marquis) wrote :

Julian Alarcon (alarconj)'s workaround worked for me.

Revision history for this message
Tomas 'tt' Krag (tt) wrote :

This bug is still an issue in 13.04, and the work-around seems to work there as well.

Revision history for this message
Kevin C. (kedoc) wrote :

I can confirm the bug is still here, and the workround still usefull in 13.04.

Revision history for this message
Tommy Nevtelen (dal) wrote :

Confirming that this is still an issue in 13.10.

Revision history for this message
Jeroen (c0p3rn1c) wrote :

Quick fix: change user angent to:

UCCAPI/15.0.4481.1000 OC/15.0.4481.1000 (Microsoft Lync)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.