Modify

#370 closed enhancement (fixed)

Yahoo warning: Version of messenger will expire on April 2, 2008

Reported by: anonymous Owned by: wilmer
Priority: normal Milestone:
Component: Yahoo Version: 1.0.3
Keywords: Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro:

Description

Upon logging in to Yahoo! via bitlbee, I've got the following notice:

YAHOO - Logging in: Connecting
YAHOO - Yahoo! system message: Warning: This version of Messenger will expire on April 2, 2008. Please upgrade to the latest supported version: http://messenger.yahoo.com Learn more: http://messenger.yahoo.com/eol
YAHOO - Logged in

It seems as if bitlbee may lose the ability to connect to Yahoo! IM if nothing is being done here...?

I'm using bitlbee 1.0.3 from Ubuntu Gutsy (7.10) at the moment.

Attachments (1)

yahoo-https-authentication.diff (6.5 KB) - added by wilmer at 2008-03-15T17:38:16Z.
This patch implements the HTTPS-based authentication.

Download all attachments as: .zip

Change History (21)

comment:1 Changed at 2008-03-07T20:00:29Z by wilmer

Hmm, this is annoying. :-( Pidgin doesn't seem to have this problem. I wonder what's different in their Yahoo! module...

comment:2 Changed at 2008-03-10T00:19:15Z by wilmer

Component: BitlBeeYahoo
Owner: set to wilmer

Their module seems quite different from where libyahoo2 is now. I tried simply copying version strings from libpurple, but that wasn't enough. I'm not sure what would help. Surprisingly, this hasn't come up on the libyahoo2 mailing lists yet, I may have to bring it up myself.

I'm not sure how much time I'll need (and have) to fix this in time...

comment:3 Changed at 2008-03-10T20:20:25Z by wilmer

Okay, looked at some traffic dumps. For some reason, the Yahoo! servers send a recent libpurple a different authentication method request than to BitlBee. I can't see any obvious reason why this happens but may find out later.

comment:4 Changed at 2008-03-10T23:12:34Z by wilmer

Ok, theoretically this is a one-line fix:

--- protocols/yahoo/libyahoo2.c 2007-11-23 23:07:44 +0000
+++ protocols/yahoo/libyahoo2.c 2008-03-10 23:01:30 +0000
@@ -736,7 +736,8 @@
        data = y_new0(unsigned char, len + 1);
 
        memcpy(data + pos, "YMSG", 4); pos += 4;
-       pos += yahoo_put16(data + pos, 0x0a00);
+//     pos += yahoo_put16(data + pos, 0x0a00);
+       pos += yahoo_put16(data + pos, 0x000f);
        pos += yahoo_put16(data + pos, 0x0000);
        pos += yahoo_put16(data + pos, pktlen + extra_pad);
        pos += yahoo_put16(data + pos, pkt->service);

With this, the warning doesn't show up anymore. I'm not convinced that this would be a full solution though, I assume there will be more changes. For example, with this change the server requests a different authentication method, while BitlBee (and libpurple as well) still uses the "old" one. It's quite likely that Yahoo! will drop support for this authentication method in April.

comment:5 Changed at 2008-03-10T23:55:32Z by wilmer

The new authentication is HTTPS-based, like the MS Passport authentication. I'll let someone else figure out how that works...

comment:6 Changed at 2008-03-12T12:23:32Z by anonymous

I know wilmer knows this, but for others: this will be a problem on the latest version, 1.0.4 too.

comment:7 Changed at 2008-03-12T12:50:28Z by wilmer

Not just 1.0.4, but all BitlBee versions. And if they're going to replace the current authentication method, probably all existing "alternative" Yahoo! clients.

comment:8 Changed at 2008-03-14T18:38:09Z by wilmer

Lots of interesting information at: http://www.google.com/search?q=pwtoken_login

comment:9 Changed at 2008-03-14T22:09:59Z by bitlbee-trac@…

If someone with a Windows machine, a copy of Wireshark and some spare time wants to find out if the one line fix is likely to work there is a fairly simple test possible.

Go to http://www.oldversion.com/program.php?n=yahoo and get copies of the old official yahoo client versions and determine the oldest one that doesn't generate this warning. Then look with Wireshark and see if it uses http or https protocols when logging in. If http then the one line fix will probably work for now.

comment:10 Changed at 2008-03-15T17:37:39Z by wilmer

After a short chat on the libyahoo2 mailing list, I decided to bounce this to 0x000c. This is the oldest version that doesn't generate this message and also it doesn't request HTTPS-based authentication.

Actually I also implemented the HTTPS-based authentication, but won't commit it for now since it's not required, and I noticed some changes in server behaviour I'd have to handle properly. (New way of sending the contact list.)

So I'll bounce this to 0x000c then. This is probably a good reason to try to release 1.2 before the second of April...

Changed at 2008-03-15T17:38:16Z by wilmer

This patch implements the HTTPS-based authentication.

comment:11 Changed at 2008-03-15T17:48:31Z by wilmer

Resolution: fixed
Status: newclosed

Protocol version bumped in changeset:devel,345. I hope this indeed doesn't break anything else.

comment:13 in reply to:  11 Changed at 2008-04-03T19:47:26Z by xpert.developer@…

Resolution: fixed
Status: closedreopened

Hello, I have developed Yahoo Messenger for J2Me. I am having the same problem "This version of Messenger will expire on April 2, 2008. Please upgrade to the latest supported version: http://messenger.yahoo.com Learn more: http://messenger.yahoo.com/eol" I have gone thorugh the link given in the last messages but not getting anything.So,Please please help me.... I can provide you my code if anybody can help me to resolve this problem in Java/J2Me.

Thanks in advance.

Replying to wilmer:

Protocol version bumped in changeset:devel,345. I hope this indeed doesn't break anything else.

comment:14 Changed at 2008-04-03T20:57:26Z by wilmer

Resolution: fixed
Status: reopenedclosed

Sir, you were repeating yourself a bit (three almost identical comments). :-)

Anyway, the fix is *very* simple. At least in my case (libyahoo2) it was. Just increase the version number sent in every packet (right after the "YMSG" header), experiment with it a bit. Possibly you may have to change handling of some packet types slightly, depending on the state of your other code. See that changelist 345 linked to above.

comment:15 Changed at 2008-04-03T21:11:19Z by wilmer

Oops, sorry, I removed all three comments now. Anyway, please stop reopening this ticket, this is the *BitlBee* bug tracker. Your comments are visible even when the ticket is closed.

I don't "speak" Java so there's not much I can do for you. You should probably talk to the author of the Yahoo! module you use in your program. Simply look for the part of the code that sends the "YMSG" header, the version number comes right after that.

comment:16 in reply to:  15 Changed at 2008-04-03T21:24:12Z by xpert.developer@…

Thanks for your reply. Just one last help.

  1. Can you please tell me what should be the version number?

Right now i am using : {10, 0x00,0x00,0x00}

  1. What other changes should be made to the parser?

Thanks. Please reply.

Replying to wilmer:

Oops, sorry, I removed all three comments now. Anyway, please stop reopening this ticket, this is the *BitlBee* bug tracker. Your comments are visible even when the ticket is closed.

I don't "speak" Java so there's not much I can do for you. You should probably talk to the author of the Yahoo! module you use in your program. Simply look for the part of the code that sends the "YMSG" header, the version number comes right after that.

comment:17 Changed at 2008-04-03T21:28:23Z by Wilmer van der Gaast <wilmer@…>

BitlBee wrote:

  1. Can you please tell me what should be the version number?
    Right now i am using : {10, 0x00,0x00,0x00}

Try 12. Or 13. You may have to swap the version number and the last 0x00.

  1. What other changes should be made to the parser?


I don't know.

Good luck.

comment:18 Changed at 2008-04-04T15:19:00Z by bitlbee@…

Hi,

What source tree version is this patch for, and where/how to get it?

Thanks

comment:19 in reply to:  18 ; Changed at 2008-04-05T05:06:57Z by xpert.developer@…

Hi, Thanks for your interest. You can get the source code / API documents for yahoo messenger from here http://jymsg9.sourceforge.net/

Thanks Replying to bitlbee@faxm0dem.org:

Hi,

What source tree version is this patch for, and where/how to get it?

Thanks

comment:20 in reply to:  19 Changed at 2008-04-07T07:00:05Z by bitlbee@…

Replying to xpert.developer@gmail.com:

Hi, Thanks for your interest. You can get the source code / API documents for yahoo messenger from here http://jymsg9.sourceforge.net/

hmmm thanks but I was looking for the source code for bitlbee I grabbed 1.2 and the debian source package but none work with the attached patch

comment:21 Changed at 2008-04-22T07:58:30Z by sangngdht@…

Yahoo System Message: This version of Messenger expired on April help My this Error

Modify Ticket

Action
as closed The owner will remain wilmer.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.