Bug#995448: marked as done (ruby-httpclient: uses stale copy of CA certificates)

Fri, 24 Dec 2021 07:51:22 -0800 

Your message dated Fri, 24 Dec 2021 15:47:23 +0000
with message-id <e1n0mmx-000dxc...@fasolo.debian.org>
and subject line Bug#995448: fixed in ruby-httpclient 2.8.3-3+deb10u1
has caused the Debian Bug report #995448,
regarding ruby-httpclient: uses stale copy of CA certificates
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
995448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: apt-listbugs
Version: 0.1.35
Severity: grave
Justification: renders package unusable

Dear Maintainer,

The old Let's Encrypt root certificate expired recently. Let's Encrypt
has moved on from that certificate a long time ago, and in principle
only old devices who don't get their CA store updated should be
affected.

https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/

However, apt-listbugs fails due to a expired certificate, while curl and
my web browser can access the BTS just fine:

----------------8<----------------8<----------------8<-----------------
~$ apt-listbugs list apt-listbugs
Retrieving bug reports... 0% Fail
Error retrieving bug reports from the server with the following error message:
E: SSL_connect returned=1 errno=0 state=error: certificate verify failed 
(certificate has expired)
It could be because your network is down, or because of broken proxy servers, 
or the BTS server itself is down. Check network configuration and try again
Retry downloading bug information? [Y/n] n
Continue the installation anyway? [y/N] n
E: Exiting with error
~[1]$ curl -I https://bugs.debian.org/src:apt-listbugs
HTTP/2 302
date: Fri, 01 Oct 2021 12:12:14 GMT
server: Apache
x-content-type-options: nosniff
x-frame-options: sameorigin
referrer-policy: no-referrer
x-xss-protection: 1
permissions-policy: interest-cohort=()
strict-transport-security: max-age=15552000
location: https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=apt-listbugs
content-type: text/html; charset=iso-8859-1
----------------8<----------------8<----------------8<-----------------

I can also reproduce this on a clean unstable system.


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (500, 
'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to 
C.UTF-8), LANGUAGE=C.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt-listbugs depends on:
ii  apt             2.3.9
ii  ruby            1:2.7+2
pn  ruby-debian     <none>
pn  ruby-gettext    <none>
ii  ruby-soap4r     2.0.5-5
pn  ruby-unicode    <none>
pn  ruby-xmlparser  <none>

Versions of packages apt-listbugs recommends:
ii  ruby-httpclient  2.8.3-3

Versions of packages apt-listbugs suggests:
ii  chromium [www-browser]  93.0.4577.82-1
ii  firefox [www-browser]   92.0-1
ii  reportbug               11.0.0
ii  sensible-utils          0.0.17
ii  w3m [www-browser]       0.5.3+git20210102-6
ii  xdg-utils               1.1.3-4.1

-- no debconf information

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: ruby-httpclient
Source-Version: 2.8.3-3+deb10u1
Done: Antonio Terceiro <terce...@debian.org>

We believe that the bug you reported is fixed in the latest version of
ruby-httpclient, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 995...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <terce...@debian.org> (supplier of updated ruby-httpclient 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 10 Oct 2021 09:24:03 -0300
Source: ruby-httpclient
Architecture: source
Version: 2.8.3-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Closes: 995448
Changes:
 ruby-httpclient (2.8.3-3+deb10u1) buster; urgency=medium
 .
   * Add simple autopkgtest to check a basic SSL connection
   * Add patch to use the system certificate store (Closes: #995448)
   * debian/rules: remove embedded CA certificate store
   * Add dependency on ca-certificates
Checksums-Sha1:
 d33058c6633241a12d5d03a2dfdd15dfb4655be1 2180 
ruby-httpclient_2.8.3-3+deb10u1.dsc
 0fefd8937cbf60f8ee469fead7c0249d9099b069 22792 
ruby-httpclient_2.8.3-3+deb10u1.debian.tar.xz
 2fce7d3691126084b0f669b3186aff395a60e884 9246 
ruby-httpclient_2.8.3-3+deb10u1_amd64.buildinfo
Checksums-Sha256:
 2b9b601648d8ce356b31f5ea4b8b54453e0266242f1ea44220565ba0c4d55e2d 2180 
ruby-httpclient_2.8.3-3+deb10u1.dsc
 c312c31a70f31a0245a6a748cc2641db1670cf3ecd66b3cf615fb1936e0c28f3 22792 
ruby-httpclient_2.8.3-3+deb10u1.debian.tar.xz
 a4bc6db6877fe98fa4223f3179f70378a23107ac93d5066f3ea55dcba06d16bb 9246 
ruby-httpclient_2.8.3-3+deb10u1_amd64.buildinfo
Files:
 9047110e1f7c7e24dad344938837204f 2180 ruby optional 
ruby-httpclient_2.8.3-3+deb10u1.dsc
 25c9385fe66f29533e9c1619f101fad6 22792 ruby optional 
ruby-httpclient_2.8.3-3+deb10u1.debian.tar.xz
 5ed6bb517f48d77931f9eb435227d382 9246 ruby optional 
ruby-httpclient_2.8.3-3+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEst7mYDbECCn80PEM/A2xu81GC94FAmGs1HcACgkQ/A2xu81G
C95CKw//UEVflvYuR4mHmNG9SFf3Ue2aoQ2vTY6C7N7xjuwYbvXs7B57ycsBwcZZ
SzwrPAaQMR6hAkagg0sXPx0PTUfMeKLn16sSD/M+Uq3RhvOm0LAgGPVjIcZ11ug6
3DMuCcbz9cCfCK/71n38rPq6bR07KDaIeWJCdBLOWAFy9pwBstO6QjIswnTbbigY
cOs/c//rGM0ClC4svxiw6rpkeIB06UcV8Psc+JdDXXBF/JAaX+VDaNbnsfbrYq+z
+mWCK8v6qOihH20VfI3at0l8Gtblx8oXvAdZYNr7wqm1oX8hto9irjkDWGzeZY1A
zZ5Lwk48qXydCm3t2iSlPFBfkAmJbz9KHYHPdrk8iRsOlM91kO/nof6kGaEOn9Hn
0Y7MKkhDJNtFt11vEkRvKOz5FUod1zAX6oZKUhDZ0rIhNGiWp07cDqveD18SdWpO
bZBsQAUPSM8PZGUNJfxHPDm6OkKpd5klTuYMvfSJ3b6e+fELJCy55Ixc7qOsz2a0
3c0jUbIClRsewHPofwE+s0cYeEdMo8GuSmicbuvTWroO+Fcp/RHuqMMaNS3JTfl9
wN+AdmiDFDHDOFov9TyDQMqE9mccp4U39g8MNsJnmk1fpvCSFRgYkZCcH5ee9UP+
h7aUEzsyNkBj09VfBqCCVhZQTNuZy4QrDmEv1kr1/JAbpWTpW/Y=
=80cr
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to