Your message dated Wed, 06 Oct 2021 21:06:11 +0000
with message-id <e1mye79-0004s8...@fasolo.debian.org>
and subject line Bug#995448: fixed in ruby-httpclient 2.8.3-4
has caused the Debian Bug report #995448,
regarding ruby-httpclient: uses stale copy of CA certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
995448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-listbugs
Version: 0.1.35
Severity: grave
Justification: renders package unusable
Dear Maintainer,
The old Let's Encrypt root certificate expired recently. Let's Encrypt
has moved on from that certificate a long time ago, and in principle
only old devices who don't get their CA store updated should be
affected.
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
However, apt-listbugs fails due to a expired certificate, while curl and
my web browser can access the BTS just fine:
----------------8<----------------8<----------------8<-----------------
~$ apt-listbugs list apt-listbugs
Retrieving bug reports... 0% Fail
Error retrieving bug reports from the server with the following error message:
E: SSL_connect returned=1 errno=0 state=error: certificate verify failed
(certificate has expired)
It could be because your network is down, or because of broken proxy servers,
or the BTS server itself is down. Check network configuration and try again
Retry downloading bug information? [Y/n] n
Continue the installation anyway? [y/N] n
E: Exiting with error
~[1]$ curl -I https://bugs.debian.org/src:apt-listbugs
HTTP/2 302
date: Fri, 01 Oct 2021 12:12:14 GMT
server: Apache
x-content-type-options: nosniff
x-frame-options: sameorigin
referrer-policy: no-referrer
x-xss-protection: 1
permissions-policy: interest-cohort=()
strict-transport-security: max-age=15552000
location: https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=apt-listbugs
content-type: text/html; charset=iso-8859-1
----------------8<----------------8<----------------8<-----------------
I can also reproduce this on a clean unstable system.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (500,
'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to
C.UTF-8), LANGUAGE=C.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apt-listbugs depends on:
ii apt 2.3.9
ii ruby 1:2.7+2
pn ruby-debian <none>
pn ruby-gettext <none>
ii ruby-soap4r 2.0.5-5
pn ruby-unicode <none>
pn ruby-xmlparser <none>
Versions of packages apt-listbugs recommends:
ii ruby-httpclient 2.8.3-3
Versions of packages apt-listbugs suggests:
ii chromium [www-browser] 93.0.4577.82-1
ii firefox [www-browser] 92.0-1
ii reportbug 11.0.0
ii sensible-utils 0.0.17
ii w3m [www-browser] 0.5.3+git20210102-6
ii xdg-utils 1.1.3-4.1
-- no debconf information
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: ruby-httpclient
Source-Version: 2.8.3-4
Done: Antonio Terceiro <terce...@debian.org>
We believe that the bug you reported is fixed in the latest version of
ruby-httpclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 995...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <terce...@debian.org> (supplier of updated ruby-httpclient
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 Oct 2021 17:55:58 -0300
Source: ruby-httpclient
Architecture: source
Version: 2.8.3-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Closes: 995448
Changes:
ruby-httpclient (2.8.3-4) unstable; urgency=medium
.
* Team upload
.
[ Debian Janitor ]
* Remove constraints unnecessary since buster
.
[ Antonio Terceiro ]
* Add simple autopkgtest to check a basic SSL connection
* Add patch to use the system certificate store (Closes: #995448)
* debian/rules: remove embedded CA certificate store
* Add dependency on ca-certificates
* Depends: drop `| ruby-interpreter`
Checksums-Sha1:
2b3f7679641deef98ec50933f4969a7443682717 2094 ruby-httpclient_2.8.3-4.dsc
b0eb1a5d67eec3f377215a5ed6c99b279f1a65b9 23944
ruby-httpclient_2.8.3-4.debian.tar.xz
ad9623eeaf7d744b425239509c06544e3a6e7ea4 12479
ruby-httpclient_2.8.3-4_source.buildinfo
Checksums-Sha256:
b1508335816090badbf3795b9f9e65154365208410543a24c683616a8b00a24b 2094
ruby-httpclient_2.8.3-4.dsc
fd58a7bf5532bee69b55ab912eb1cfa8d1bdd9dc275467e4f24fee67457b357f 23944
ruby-httpclient_2.8.3-4.debian.tar.xz
1c77d037940c159731652bae3b1a36d71a9c04d5e7616f9a2c934c01ae773d3d 12479
ruby-httpclient_2.8.3-4_source.buildinfo
Files:
78514d363af98b1343b396d09dabd97d 2094 ruby optional ruby-httpclient_2.8.3-4.dsc
6947b048ba25aa2e42adbd919f99d669 23944 ruby optional
ruby-httpclient_2.8.3-4.debian.tar.xz
73c1404e8f5e45084136a6477e0ba958 12479 ruby optional
ruby-httpclient_2.8.3-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmFeDYIACgkQ/A2xu81G
C94HVxAA2AB9cvHwRy3VKPKmd/nJx1EvWWRfJbGJjAvS+nepXFRKmufQEwzTCe/D
xC8dlZO5eVaR8R6w3Eay+tC02mIFNAAcfTvjHkw8smibVB2SAajH1OGdyZ+PDBy4
iogtpmrVeMvLeO9Ty2tTMUhZ7O16/FMQXMxyYtuo23N3kkYX2hgBv3dqrMlf4zPz
8YESRi7J0MCwr1MTG1AegIzdQRoklrMsh0y25JMIkTsHn77wZHm+a8APSW/75rxF
9y/AdYb+ALICUVSeznY/oA1WzCgcZ+aMC8MwsZYov2OadeiA8HaqLqK889aMEVW8
g0Cj2lxj41vkTEolrFcWUhF00xcvOOaAJjEBqYgsWEWn3mlkfhsVciQV14N5aRDx
25vgWwteuHIZ/S8BjUGoSIjaD0n4H1lA9jjewQ9ZTUuJ+nBXyUOTF8GA9WHf3qHs
1ZH3vQPG18Hh72bPGdwGRbaKZwZUmdanJLt4DdNxW2iidchAHE4aiFVQUQyqo/MJ
KdHlHcYgHzK5tfBYo3x5EErlrg9kKZtVPodDtvrvTeG0eJqQFJX2srZIORG8520y
QWbXMbP2ms29p6eAPFULZk0KFGK9aFNiPDKV8WrnowF9ZAaFn8EID15DDHGDOGUj
EIe/T7PbS4IB+kxRkzRSS5aQytxj3UZg/gOGvDJRSLawsmsBAAw=
=Vpae
-----END PGP SIGNATURE-----
--- End Message ---
