Bug#867253: libp11-openssl1.1: New upstream release is available
Source: libp11-openssl1.1 Version: 0.4.4-2 Severity: important Tags: upstream Dear Maintainer, A new upstream release 0.4.7 is available with several bugfixes: https://github.com/OpenSC/libp11/blob/libp11-0.4.7/NEWS Best regards, Mike (the upstream maintainer) -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: sysvinit (via /sbin/init)
Bug#685725: Bug still exists in Wheezy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi David, It is difficult to say anything conclusive without the logs of stunnel and postfix. Mike -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlRQBRAACgkQ/NU+nXTHMtEQYACg2L2jEACpZkNZW4ZcheVA9uio alMAn0Jn5H3ViQvKIeWDNTu41+G8bQfE =6+RY -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#692796: Wrong syntax
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, This bug report is clearly invalid. Please close it. Mike -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlRQA2EACgkQ/NU+nXTHMtEaxACfcRfP43m9Nv32MC1U+WqS4cAw Mu0An3G5WsVMHFZrXm3bVRkEp6Xk8C0X =TtHz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#516783: Add helpful error notices
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Guys, In order to prevent these kind of problems I have changed the default value for "pid" in the upstream release of stunnel 5.00. This and newer versions of stunnel also print any critical errors to stderr. Best regards, Michal Trojnara -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlRQAPsACgkQ/NU+nXTHMtFWtACcCGcUEC+vmgc7fomMxvOdfTc/ m2YAnjDxrYQxkSlZrv7fxsrmouweyMkZ =GZR0 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#765332: [Pkg-stud-maintainers] Bug#765332: stud: The upstream is no longer maintained
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vincent Bernat wrote: > On the other hand, because the codebase is relatively small, it is > easy to maintain as is. As far as I know it can still fill its role > (but the 0.3 version doesn't have support for EC cryptography). > > The big question is: should it be removed now or should it be > removed in jessie+1? Unless you have enough time to take over the upstream, it's probably best to remove stud before Jessie is frozen. The more you delay it the better chance of someone else creating dependencies on stud. https://release.debian.org/jessie/freeze_policy.html Mike -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlQ89rwACgkQ/NU+nXTHMtFWvQCfXomB1cYH26EFywFDEOoL/o53 sHwAoJTb9P7tMa9Moc6kAxudMYq4cJc4 =uneN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#765332: stud: The upstream is no longer maintained
Package: stud Version: 0.3-3 Severity: normal Tags: upstream Dear Maintainer, The upstream for stud seems to be dead, as the team that authored and supported this software no longer exists. I'm not sure whether it affects the Debian package or not. I could not find anything on this topic in the Debian policy. The home page (https://github.com/bumptech/stud) claims "stud (...) is maintained by the Bump (http://bu.mp) server team." According to http://bu.mp/ "Bump is no longer available.". Further details can be found on http://blog.bu.mp/: "We are now deeply focused on our new projects within Google, and we've decided to discontinue Bump and Flock." The latest Git commit is dated 4 Sep 2012. Best regards, Michal Trojnara -- System Information: Debian Release: 7.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.15.4-x86_64-linode45 (SMP w/2 CPU cores) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages stud depends on: ii adduser 3.113+nmu3 ii libc62.13-38+deb7u4 ii libev4 1:4.11-1 ii libssl1.0.0 1.0.1e-2+deb7u12 stud recommends no packages. stud suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#692796: Wrong syntax
Hi, The correct syntax is: options = CIPHER_SERVER_PREFERENCE and not: options = SSL_OP_CIPHER_SERVER_PREFERENCE You should not include "SSL_OP_" at the beginning of every SSL option. CIPHER_SERVER_PREFERENCE is supported since stunnel 4.28. Mike signature.asc Description: OpenPGP digital signature
Bug#676661: Stunnel configuration needs to be reloaded to re-read CRL
Hi, Just add "service stunnel4 reload" to your cron script. Mike signature.asc Description: OpenPGP digital signature
Bug#599138: Please close this "bug"
Hi, This is an obvious false positive. Please close it. Mike signature.asc Description: OpenPGP digital signature
Bug#535924: Could anyone reproduce this bug?
Hi, I could not reproduce this issue. Mike signature.asc Description: OpenPGP digital signature
Bug#702267: Security update is pending
On 2013-04-22 20:02, Salvatore Bonaccorso wrote: > Unfortunately stunnel4 package cannot be updated to latest upstream > version due to the freeze and wheezy beeing relased very soon. So the > version based on 4.53 needs to be patched. I think the patch correctly addresses this specific security issue. On the other hand 4.53 is outdated and it lacks several important stability bugfixes I implemented during the last year, e.g. half-close handling, signal handling, memory leaks, file descriptor leaks, and randoms stalls in libwrap support. I would really love 4.56 to make it into wheezy, or *at least* into sid. It's a pity Debian users cannot benefit from numerous hours of my work spent improving stunnel. http://www.stunnel.org/sdf_ChangeLog.html Best regards, Michal Trojnara signature.asc Description: OpenPGP digital signature
Bug#702267: Security update is pending
Hi, This is a security vulnerability that may result in remote code execution. It should be fixed immediately. Current stunnel Debian package is based on stunnel 4.53. This upstream version is over a year old. Please update the package to stunnel 4.56. This version seems to be very stable. Best regards, Michal Trojnara signature.asc Description: OpenPGP digital signature
Bug#633006: localhost is usually defined in /etc/hosts
Hi, Please check your /etc/hosts for the definition of localhost. I don't this definition should be overridden by stunnel. Best regards, Michal Trojnara -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#599138: This is not a bug
Hi Guys, It looks like Matt doesn't really understand what a file descriptor is. This is a bit scary, as he is a Debian Maintainer. I recommend to start learning with https://en.wikipedia.org/wiki/File_descriptor Contrary to their name, file descriptors are not only about files. Each thread of stunnel needs at least two (sometimes three) file descriptors for sockets. Best regards, Michal Trojnara -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#653882: Upstream fix
Hi Guys, I think I fixed this issue in ftp://ftp.stunnel.org/stunnel/beta/stunnel-4.51b5.tar.gz Would you be so kind to test it, so I can release this fix in stunnel 4.51? TIA, Mike PGP.sig Description: This is a digitally signed message part
Bug#641976: I second that
Hi Guys, I second that request. Please also update to the latest upstream release (currently 4.45). Best regards, Michal Trojnara -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#548973: This is not a bug
Hi Micah, Your failure to read the manual is not a bug of stunnel. Even the header of stunnel.conf template says it's only and example. Best regards, Michal Trojnara -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#571989: Not really a bug
Hi Guys, Options "chroot", "setuid" and "setgid" may break some other features. I think it's a limitation of current architecture rather than a bug. The only portable (not depending on the installed resolver library) would be to implement a separate set of resolver processes. My recommendation is to just turn chroot off. Best regards, Michal Trojnara -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#637932: This issue is fixed upstream
Hi Guys, This is a security issue in stunnel 4.40 and 4.41 only. It was fixed in stunnel 4.42. Best regards, Michal Trojnara -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#471085: This bug is fixed since version 4.27
Hi, This bug was fixed upstream in version 4.27. Stunnel now tries to connect all IP addresses returned by the resolver. $ stunnel3 -D 7 -f -c -r hydra.gt.owl.de:443 [cut] 2010.07.02 11:25:27 LOG6[19463:3075217072]: connect_blocking: connecting 2001:6f8:1173:2::1:443 2010.07.02 11:25:27 LOG7[19463:3075217072]: connect_blocking: s_poll_wait 2001:6f8:1173:2::1:443: waiting 10 seconds 2010.07.02 11:25:37 LOG3[19463:3075217072]: connect_blocking: s_poll_wait 2001:6f8:1173:2::1:443: timeout 2010.07.02 11:25:37 LOG7[19463:3075217072]: FD=6 in non-blocking mode 2010.07.02 11:25:37 LOG6[19463:3075217072]: connect_blocking: connecting 195.71.99.218:443 2010.07.02 11:25:37 LOG7[19463:3075217072]: connect_blocking: s_poll_wait 195.71.99.218:443: waiting 10 seconds 2010.07.02 11:25:37 LOG5[19463:3075217072]: connect_blocking: connected 195.71.99.218:443 2010.07.02 11:25:37 LOG5[19463:3075217072]: Service stunnel connected remote server from 207.192.69.165:44998 Best regards, Michal Trojnara upstream maintainer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#569148: This is not a bug
Hi, Stunnel security model is not designed to rely on domain name checks. SSL/TLS protocol is not the same as HTTPS. Stunnel is not expected to meet requirements of RFC 2818 section 3. This is *not* a bug. Best regards, Michal Trojnara upstream maintainer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org