Hi,
I’m using the stock kvirc (4.2.0) on openSUSE 13.2 and, since December, have had consistent SASL authentication failures when connection to chat.freenode.net. I finally found the source of the problem in the kvirc project bug tracker (see below). The problem has been fixed in SVN. What is the best way to request that this fix gets pulled into the regular 13.2 security updates?
Thanks!
**[Ticket #1483](https://svn.kvirc.de/kvirc/ticket/1483) (closed Bug: fixed)**
...
**SASL fallback to PLAIN mode fails if both 908 and 904 numerics are sent by server**
**Description**
Both 908 (RPL_SASLMECHS) and 904 (RPL_SASLFAILED) numerics are parsed through KviIrcServerParser::parseNumericSaslIdiocy.
inspircd will send *both* a 908 and a 904 message upon requesting an unsupported SASL mechanism (unsure about other ircd's). This results in the following failure sequence:
- KVIrc sends an unsupported AUTHENTICATE DH-BLOWFISH attempt
- 908 numeric received from server
- KviIrcServerParser::parseNumericSaslIdiocy is called
- It calls KviIrcConnection::handleAuthenticateFallback
- KviIrcConnection::handleAuthenticateFallback checks isInsideAuthenticateFallback(), which is **false**
; it therefore sets it to true and sends an AUTHENTICATE PLAIN message - The next message received from the server is a 904 numeric
- KviIrcServerParser::parseNumericSaslIdiocy is called
- It calls KviIrcConnection::handleAuthenticateFallback
- KviIrcConnection::handleAuthenticateFallback checks isInsideAuthenticateFallback(), which is now **true**
; it therefore calls KviIrcConnection::endInitialCapNegotiation and terminates the CAP phase
Because the CAP phase is prematurely terminated before the fallback handshake is complete, KVIrc continues with the normal registration phase, and SASL authentication fails.