Re: IMPORTEND squid3 stable needs update

[startrekfan]

I didn't subscribed to the mailing list. So* please put my mail address
into cc*. thanks.

I think I found a security issue that is not fixed in debian squid 3.4.8.
Squid 3.4 seems to use the sha1 algorithm for dynamic certificate
generation. Sha1 is unsafe. This seems to be fixed only in squid 3.5

ref: https://forum.pfsense.org/index.php?topic=99141.0 (I think it's the
same problem with debian jessie. The certificates are only generated with
sha1)

2016-01-18 12:53 GMT+01:00 Martin Wuertele :

>
> * startrekfan  [2016-01-15 23:39]:
>
> > squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is
> > actually only a fix of this bugs/security issues. There is no patch for
> > 3.4.8 because it's outdated. Debian Jessie is the current active release.
> > So why not fixing squid3 in Debian Jessie with an stable 3.5 update?
>
> Not the version in Debian. All bugfixes are backported. Check the
> changelog, security tracker,...
>
>

Diese
E-Mail wurde von einem virenfreien Computer gesendet, der von Avast
geschützt wird.
www.avast.com

<#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Re: IMPORTEND squid3 stable needs update

[Luigi Gangitano]

Hi,

The link you provided refers to an issue with proxy certificates for SSL 
interception. This feature is disabled in Debian squid3 package due to 
licensing issues with OpenSSL, thus this is not a bug in Debian squid3 packages.

The only way this bug could affect a Debian user would be if the user had 
recompiled squid3 with OpenSSL supporto. I’m sure you understand that we cannot 
provide support for any custom built package.

Is there any other security issue in Debian squid3 package that you are aware 
of?

Squid3 in Debian is in very good shape because Amos Jeffrey, one of the 
upstream developers is directly involved in packaging squid3 for Debian and is 
doing an excellent job keeping up with upstream fixes.

Best regards,

L

--
Luigi Gangitano -- mailto:lu...@debian.org>> -- 
mailto:gangit...@lugroma3.org>>
GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972  C24A F19B A618 924C 0C26
GPG: 4096R/2BA97CED: 8D48 5A35 FF1E 6EB7 90E5  0F6D 0284 F20C 2BA9 7CED

> Il giorno 22 gen 2016, alle ore 09:20, startrekfan  
> ha scritto:
> 
> I didn't subscribed to the mailing list. So please put my mail address into 
> cc. thanks.
> 
> I think I found a security issue that is not fixed in debian squid 3.4.8. 
> Squid 3.4 seems to use the sha1 algorithm for dynamic certificate generation. 
> Sha1 is unsafe. This seems to be fixed only in squid 3.5
> 
> ref: https://forum.pfsense.org/index.php?topic=99141.0 
>  (I think it's the same 
> problem with debian jessie. The certificates are only generated with sha1)
> 
> 2016-01-18 12:53 GMT+01:00 Martin Wuertele  >:
> 
> * startrekfan mailto:startrekfa...@freenet.de>> 
> [2016-01-15 23:39]:
> 
> > squid3 3.4.8 has some security issues(risks)/bugs so an upgrade to 3.5 is
> > actually only a fix of this bugs/security issues. There is no patch for
> > 3.4.8 because it's outdated. Debian Jessie is the current active release.
> > So why not fixing squid3 in Debian Jessie with an stable 3.5 update?
> 
> Not the version in Debian. All bugfixes are backported. Check the
> changelog, security tracker,...
> 
> 
>  
> 
> Diese E-Mail wurde von einem virenfreien Computer gesendet, der von 
> Avast geschützt wird. 
> www.avast.com 
> 
>  

Re: Packages with /outdated/ packaging style

[Thorsten Glaser]

On Tue, 19 Jan 2016, Andreas Tille wrote:

> > dh exists to optimise the common case,
> > with some limited amount of extendability, but in some cases, dh5 style
> > works better and/or ensures more legible debian/rules files than dh7 style.
>
> s?ensures more legible debian/rules?ensures less legible debian/rules?

No, I precisely meant what I wrote.

> my bet is that at least 95% of packages featuring old packaging style do
> not do these extra means.

For the other 5% (and I’m not disputing the figure), the dh5
style is *more* legible.

As I said earlier: dh7 style is just optimising the common case,
more not.

bye,
//mirabilos
-- 
 Du hast Recht.
 Du hast Recht!

Re: GitLab B.V. to host free-software GitLab for Debian project

[Balasankar C]

On വ്യാഴം 21 ജനുവരി 2016 07:11 വൈകു, Pirate Praveen wrote:
> I need help with integrating debconf for configuring hostname. Somehow I'm 
> not able to troubleshoot the error. It seems I'm missing something simple, I 
> tried to follow debconf tutorial and compare many times, but only to see a 
> cryptic error message.
> 
> https://gitlab.com/debian-ruby/TaskTracker/issues/41

This issue has been fixed. Two echo statements (for verbosity) used
before loading confmodule caused the issue. Removed them and debconf is
no longer an issue.


-- 
Regards
Balasankar C
http://balasankarc.in

Re: IMPORTEND squid3 stable needs update

[Michael Tokarev]

15.01.2016 22:47, startrekfan wrote:

> *squid3 Version 3.4.8* is deployed in the Jessie stable repository.*This 
> version is outdated and has some security risks!!*. Version 3.5 is more 
> secure but unfortunately it's only marked as unstable

I wonder how many times this question should be asked.
It has been answered multiple times previously.

/mjt

Bug#812367: ITP: swift-bench -- benchmarking tool for Swift

[Ondřej Nový]

Package: wnpp
Severity: wishlist
Owner: "Ondřej Nový" 

* Package name: swift-bench
  Version : 1.0
* URL : https://github.com/openstack/swift-bench
* License : Apache-2
  Programming Lang: Python
  Description : benchmarking tool for Swift

Swift Bench is simple tool for benchmarking OpenStack Swift cluster

As part of the pkg-openstack team, I am planning to package it.

Bug#812373: ITP: odhcp6c -- IPv6 DHCP and RA client from OpenWRT

[Ben Hutchings]

Package: wnpp
Severity: wishlist
Owner: Ben Hutchings 

* Package name: odhcp6c
  Version : 1.1
  Upstream Author : Steven Barth 
* URL : https://github.com/sbyx/odhcp6c
* License : GPLv2
  Programming Lang: C
  Description : IPv6 DHCP and RA client from OpenWRT

odhcp6c is a minimal DHCPv6 and RA-client for use in embedded Linux
systems especially routers.  It is intended to comply with RFC7084.
Unlike isc-dhcp-client, it can be used with PPP links.

[I have yet to verify that it does actually work over PPP, but the
OpenWRT documentation implies that it does.]