Your message dated Sun, 05 Dec 2021 21:03:39 +0000
with message-id <e1mtyfb-00018q...@fasolo.debian.org>
and subject line Bug#995448: fixed in ruby-httpclient 2.8.3-3+deb11u1
has caused the Debian Bug report #995448,
regarding ruby-httpclient: uses stale copy of CA certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
995448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apt-listbugs
Version: 0.1.35
Severity: grave
Justification: renders package unusable
Dear Maintainer,
The old Let's Encrypt root certificate expired recently. Let's Encrypt
has moved on from that certificate a long time ago, and in principle
only old devices who don't get their CA store updated should be
affected.
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
However, apt-listbugs fails due to a expired certificate, while curl and
my web browser can access the BTS just fine:
----------------8<----------------8<----------------8<-----------------
~$ apt-listbugs list apt-listbugs
Retrieving bug reports... 0% Fail
Error retrieving bug reports from the server with the following error message:
E: SSL_connect returned=1 errno=0 state=error: certificate verify failed
(certificate has expired)
It could be because your network is down, or because of broken proxy servers,
or the BTS server itself is down. Check network configuration and try again
Retry downloading bug information? [Y/n] n
Continue the installation anyway? [y/N] n
E: Exiting with error
~[1]$ curl -I https://bugs.debian.org/src:apt-listbugs
HTTP/2 302
date: Fri, 01 Oct 2021 12:12:14 GMT
server: Apache
x-content-type-options: nosniff
x-frame-options: sameorigin
referrer-policy: no-referrer
x-xss-protection: 1
permissions-policy: interest-cohort=()
strict-transport-security: max-age=15552000
location: https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=apt-listbugs
content-type: text/html; charset=iso-8859-1
----------------8<----------------8<----------------8<-----------------
I can also reproduce this on a clean unstable system.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (500,
'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to
C.UTF-8), LANGUAGE=C.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apt-listbugs depends on:
ii apt 2.3.9
ii ruby 1:2.7+2
pn ruby-debian <none>
pn ruby-gettext <none>
ii ruby-soap4r 2.0.5-5
pn ruby-unicode <none>
pn ruby-xmlparser <none>
Versions of packages apt-listbugs recommends:
ii ruby-httpclient 2.8.3-3
Versions of packages apt-listbugs suggests:
ii chromium [www-browser] 93.0.4577.82-1
ii firefox [www-browser] 92.0-1
ii reportbug 11.0.0
ii sensible-utils 0.0.17
ii w3m [www-browser] 0.5.3+git20210102-6
ii xdg-utils 1.1.3-4.1
-- no debconf information
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: ruby-httpclient
Source-Version: 2.8.3-3+deb11u1
Done: Antonio Terceiro <terce...@debian.org>
We believe that the bug you reported is fixed in the latest version of
ruby-httpclient, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 995...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Antonio Terceiro <terce...@debian.org> (supplier of updated ruby-httpclient
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Oct 2021 09:24:03 -0300
Source: ruby-httpclient
Architecture: source
Version: 2.8.3-3+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Closes: 995448
Changes:
ruby-httpclient (2.8.3-3+deb11u1) bullseye; urgency=medium
.
* Add simple autopkgtest to check a basic SSL connection
* Add patch to use the system certificate store (Closes: #995448)
* debian/rules: remove embedded CA certificate store
* Add dependency on ca-certificates
Checksums-Sha1:
8df810c10f21e2267138cf7c57f2ada682f7ac5f 2180
ruby-httpclient_2.8.3-3+deb11u1.dsc
f3be49b0101a2ebd6888191644b8532418e2713c 22780
ruby-httpclient_2.8.3-3+deb11u1.debian.tar.xz
0f1508d089e816baace29ec27ce0e158ed86fc4a 9330
ruby-httpclient_2.8.3-3+deb11u1_amd64.buildinfo
Checksums-Sha256:
5adc880c6514d68a5b861d5a8ef3ad4c5c67e51322dba42b2b5cda204d54da66 2180
ruby-httpclient_2.8.3-3+deb11u1.dsc
64de6d0e54c75b29ec13ee7852c44392b5adeb26287a5d3039e7c147d61e3d20 22780
ruby-httpclient_2.8.3-3+deb11u1.debian.tar.xz
2eb050dabd6abca5b0ebb32142bd291355a4d4223b2af5f1d44577a1b043d98f 9330
ruby-httpclient_2.8.3-3+deb11u1_amd64.buildinfo
Files:
dee5372c78401a0bc47b25f1eed01e19 2180 ruby optional
ruby-httpclient_2.8.3-3+deb11u1.dsc
cb232bb6ca48e2aa60dae68c627e8cef 22780 ruby optional
ruby-httpclient_2.8.3-3+deb11u1.debian.tar.xz
7023b71e22a09605499af7556542a562 9330 ruby optional
ruby-httpclient_2.8.3-3+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmGs1WEACgkQ/A2xu81G
C95axw//aVldeyTf0Vl694bEUevvfvG5DIm6Yi91lU1dWSWTwhskL7MIxwsZfzY1
VPbaJp1tnrLVsn7a3NJ8tcCkO+dYWGGBTb7Qu/nLUvoKf3qfc0e7owZfroTnnA9i
/dvC7d8FysTOIOptE+aWbyHf8MC5lCwgtSNr9NnZnqvZyQV4k8OL4u0l+ubTrgjk
6V4qosKyW9Z/ASMW0kZQNwXA1WImeyMf4Dv2ebcIfXa7Iyok4R4YTyrUZs6WHNgx
C3ekMN3MZozZxg+4bzj9ZPFymUzgi74tRNdB6wYm8AEYHIk+4+KwsW+KdDFFpHBa
qeOmuQPLPstf3UWhdEH+hIpG8xTYF5uggoaIVgfUknt1BwwAsPuOMEyiNPJB53eK
H1mHSgGgM9cXaLqlhR8oDm+XbV5vJ1kasbBTBEEfC2XzRS21R8olwkoCNzpJRh3q
lDNhpCItpvoCf04E1I7rHbwj1qRgOSVfpD0xV/QGoB607QIJzgW1/SWbd7+3LtFa
zjzPhF80fvTTsfVr2S/rxlEIUt+fYUom364tXsa6O6XwUp0EljMwpHlljzmctCHL
kQ3wP5s5m9jvARTX/0OIN5Tj5dgYrUdhani/ZleCneYQmBhE12E0pKHKyAMDoefR
8kJ4b5443mavk6kJJt/6oRAy2VsFUQ6gW0eSmH77qJtIljxdk4k=
=U6Kc
-----END PGP SIGNATURE-----
--- End Message ---
