Your message dated Wed, 13 Mar 2019 21:04:19 +0000 with message-id <[email protected]> and subject line Bug#921558: fixed in lsb 10.2019031300 has caused the Debian Bug report #921558, regarding stunnel4: Fails to stop with sysvinit: start-stop-daemon: matching only on non-root pidfile /var/lib/stunnel4///stunnel4.pid is insecure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 921558: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921558 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: stunnel4 Version: 3:5.50-3 Severity: serious stopping or restarting stunnel4 on systems with sysvinit (or probably also any other init system using start-stop-daemon) fails as follows for me: invoke-rc.d stunnel4 restart Restarting TLS tunnels: /etc/stunnel/stunnel.conf: /sbin/start-stop-daemon: matching only on non-root pidfile /var/lib/stunnel4///stunnel4.pid is insecure stopped And despite it claims at the end "stopped", stunnel is not stopped as ps shows: stunnel4 26991 0.0 0.0 87196 156 ? Ssl Jan21 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf This is caused by the following change in dpkg 1.19.3 from 22 Jan 2019: * start-stop-daemon: Check whether standalone --pidfile use is secure. Prompted by Michael Orlitzky <[email protected]>. The usual fix seems to be to also specify the binary to be stopped with IIRC the --exec option. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages stunnel4 depends on: ii adduser 3.118 ii libc6 2.28-8 ii libssl1.1 1.1.1b-1 ii libsystemd0 241-1 ii libwrap0 7.6.q-28 ii lsb-base 10.2018112800 ii netbase 5.6 ii openssl 1.1.1b-1 ii perl 5.28.1-4 stunnel4 recommends no packages. Versions of packages stunnel4 suggests: pn logcheck-database <none> -- Configuration Files: /etc/stunnel/stunnel.conf changed: ; Sample stunnel configuration file by Michal Trojnara 2002-2009 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of the chroot jail) ; Certificate/key is needed in server mode and optional in client mode ;cert = /etc/ssl/certs/stunnel.pem ;key = /etc/ssl/certs/stunnel.pem ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = TLSv1 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = zlib ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /etc/stunnel/crls.pem ; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = /var/log/stunnel4/stunnel.log ; Use it for client mode ;client = yes ; Service-level configuration ;[pop3s] ;accept = 995 ;connect = 110 ;[imaps] ;accept = 993 ;connect = 143 ;[ssmtp] ;accept = 465 ;connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 [bbs] ;accept = localhost:1984 accept = 127.0.0.1:1984 connect = sym.noone.org:1983 client = yes [bbs2] ;accept = localhost:1984 accept = 127.0.0.2:1984 connect = c3pio.deuxchevaux.org:1983 client = yes ; vim:ft=dosini -- no debconf information
--- End Message ---
--- Begin Message ---Source: lsb Source-Version: 10.2019031300 We believe that the bug you reported is fixed in the latest version of lsb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Didier Raboud <[email protected]> (supplier of updated lsb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Mar 2019 21:42:26 +0100 Source: lsb Architecture: source Version: 10.2019031300 Distribution: unstable Urgency: low Maintainer: Debian LSB Team <[email protected]> Changed-By: Didier Raboud <[email protected]> Closes: 921558 Changes: lsb (10.2019031300) unstable; urgency=low . [ Dmitry Bogatov ] * init-functions: in killproc, pass '--name' to start-stop-daemon (Closes: #921558) Checksums-Sha1: ba44df4600d285880f68e50cb271e324c42ce3c7 1695 lsb_10.2019031300.dsc 1635aec3dc49e88e6f0761bdfbcd1b32946762d0 42132 lsb_10.2019031300.tar.xz Checksums-Sha256: 7b71ba5ea22d9d650d4066aeff92f63b2795e02b2b23b8f2ad4328b02a67e646 1695 lsb_10.2019031300.dsc a956c45c7e0830b9c9a17407ed91c3373972493cead42b9c4dc53a8619a3898a 42132 lsb_10.2019031300.tar.xz Files: 523af3064863251feef1391e2aad0744 1695 misc extra lsb_10.2019031300.dsc c19e974983e70abcb128ed03999023b7 42132 misc extra lsb_10.2019031300.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAlyJbCUACgkQi8+nHsoW NFWwaQv/VT0mLI+9BRMz5WL7idk11YSzBQj7msbocPUFF0u9L/wj8lk1FFUgaXeV SlszkjmT6snzjR1RjvTdlVIe7YosXHu73u3fsq+WsvV3DRU7anx3sL+rRCTmh1Hk g360mPzwmNvfDgHYuymnESEbV96qSCWhcmiBwKuta3QnBDcBYrJUbeLGDkXsLmuB r0T6gNSel5Nmwn+yX+e7kR1Vv6o0X31fa0O/HVg2Fi+Nf9Z8VA9NP3GN2QqlXV7L vYEY0w1gMROy1om88Ixkcszdeew19K2rnSb3beWQ93fYZsErvjv5W1gjGtl68GV6 pg/q/k20ybHhrjsoMS7XgsmiC1IIkcfXmWodcWrqyoaYLOfgfxjxvU8D82X3+Njd nnp43nTjy4JijoYikKqMT+diFzTan3OxiurMq6vQ0CQ5oo3PbHS6eafW8m3fbENs MibXktv3S9nkqiLCUcV+/n+Q5zEM3WmhAd6Gt6kTFrvP4pGm5bDhI47RgY3U1EX5 F1IPmL4L =xeQT -----END PGP SIGNATURE-----
--- End Message ---
