Bug#1041545: marked as done ([stunnel4] Fails to recognize EOF on a TLS socket without a proper TLS shutdown)

Sun, 23 Jul 2023 04:42:21 -0700 

Your message dated Sun, 23 Jul 2023 11:38:09 +0000
with message-id <[email protected]>
and subject line Bug#1041545: fixed in stunnel4 3:5.68-2+deb12u1
has caused the Debian Bug report #1041545,
regarding [stunnel4] Fails to recognize EOF on a TLS socket without a proper 
TLS shutdown
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1041545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041545
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: stunnel4
Version: 3:5.68-2
Severity: important
Tags: patch upstream
X-Debbugs-Cc: [email protected]

In versions before 5.70, stunnel4 fails to recognize a new OpenSSL 3.x
error code that signals that the remote side closed the network
connection without performing a proper TLS shutdown. Instead, stunnel
treats this situation as an error.

If there was any pending data that the stunnel service had enqueued for
sending over the encrypted connection, it is discarded, so if the TLS
session is later resumed, the encrypted data stream will be corrupted.

This is fixed in stunnel-5.70 by a block of code in the src/client.c
file handling the SSL_R_UNEXPECTED_EOF_WHILE_READING error constant.


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'oldstable-updates'), (500, 'oldstable-security'), 
(500, 'oldoldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 
'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages stunnel4 depends on:
ii  adduser                     3.134
ii  init-system-helpers         1.65.2
ii  libc6                       2.37-5
ii  libssl3                     3.0.9-1
ii  libsystemd0                 253.5-1
ii  libwrap0                    7.6.q-32
ii  netbase                     6.4
ii  openssl                     3.0.9-1
ii  perl                        5.36.0-7
ii  systemd [systemd-sysusers]  253.5-1

stunnel4 recommends no packages.

Versions of packages stunnel4 suggests:
pn  logcheck-database  <none>

-- no debconf information

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: stunnel4
Source-Version: 3:5.68-2+deb12u1
Done: Peter Pentchev <[email protected]>

We believe that the bug you reported is fixed in the latest version of
stunnel4, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Pentchev <[email protected]> (supplier of updated stunnel4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Jul 2023 22:01:31 +0300
Source: stunnel4
Architecture: source
Version: 3:5.68-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Peter Pentchev <[email protected]>
Changed-By: Peter Pentchev <[email protected]>
Closes: 1041545
Changes:
 stunnel4 (3:5.68-2+deb12u1) bookworm; urgency=medium
 .
   * Add the 08-tls-eof patch to fix the handling of a peer closing
     a TLS connection without proper TLS shutdown messaging.
     Closes: #1041545
Checksums-Sha1:
 987fbb8461b88ac36aac76e407cedac877f7940a 2581 stunnel4_5.68-2+deb12u1.dsc
 2ad6439d71c575bb51b957828f8b1e32bff845d8 55236 
stunnel4_5.68-2+deb12u1.debian.tar.xz
Checksums-Sha256:
 0dd75f679eaca8b06bb8e813b6299c10c953ab2341a8a80b709a1f7196ac5768 2581 
stunnel4_5.68-2+deb12u1.dsc
 45478a35b9257486832be74f0acd305595db23bcb56d8c282079ba3bb9011032 55236 
stunnel4_5.68-2+deb12u1.debian.tar.xz
Files:
 161be80b72076495ca27f234451c27c9 2581 net optional stunnel4_5.68-2+deb12u1.dsc
 c1647b6681fa086b9ed4c170a622dbd5 55236 net optional 
stunnel4_5.68-2+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmS8EawQHHJvYW1AZGVi
aWFuLm9yZwAKCRBlHu+wJSffE/9hEADI57vQtqyezpWLRHoeS6dWKMAybDJ8IPcz
0DQ1wWL6u+h8ITTQ//zn9pZ7KjOtWhYEK58RsJ4IiR1CHqgXQ+1Zig2SLia1zg1R
r35X8dLxuxLjNe8lDYeJYugle5hla1+KuFYrNcpYGXWnccCMuimHT75z6oVEhTR4
BqhA08wQOSiJX3kFz4tlSETGKH3/2Lvm6sfkiJ8PmYALHOxQXfKHQT3MC2BEFv74
0tD84TUCvgS3endeDjlKbvATK0A7E65DSVV6b945DoV1vLiUl9dsWManHTdB+Ymt
kU49e0v6Ga0OFUGjLPC3+ZuzhiwQoeJruh99zwzbwLtaNQYkqWpBld8MVrKlWuSS
FxplhQStDQFNIs/7wQe8wd0GEsJfqqiAaHq9bm6oYw1DNJTAxd4ny7pWjzV1f5rT
Ghtrl6bCsiPE4Tfk49RU62fMfQyHAs3XBtLd1VpS5onHQQjxUw0PmN+mdEpujLWN
juScWE8udaiK7p75R/m7m0SAIutCMgGb2yMk2aHgPcdU4lZeZhATtsQ0URbNQpco
SZ3bLSJ7dVYqsISNODMb2rkdSKQSA53IH+TJLHeirlBLnnxYn08D65gLFr66y65V
ggq614l886CmJFHZ/H08O464bYocFW1ByMPSG7MdMwJcSKc4eAX0ZLCTZz74AiM/
P5NQBa+4pA==
=JDhN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to