Your message dated Sat, 15 Apr 2023 19:34:26 +0000 with message-id <[email protected]> and subject line Bug#1034359: fixed in curl 7.88.1-9 has caused the Debian Bug report #1034359, regarding Regression finding system certificates to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1034359: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libcurl3-nss Version: 7.88.1-5 Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "'
--- End Message ---
--- Begin Message ---Source: curl Source-Version: 7.88.1-9 Done: Samuel Henrique <[email protected]> We believe that the bug you reported is fixed in the latest version of curl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Samuel Henrique <[email protected]> (supplier of updated curl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Apr 2023 20:03:44 +0100 Source: curl Built-For-Profiles: nocheck Architecture: source Version: 7.88.1-9 Distribution: unstable Urgency: medium Maintainer: Alessandro Ghedini <[email protected]> Changed-By: Samuel Henrique <[email protected]> Closes: 1033963 1034359 Changes: curl (7.88.1-9) unstable; urgency=medium . [ Sergio Durigan Junior ] * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Don't prepend "nss" when opening libnssckbi.so. (Closes: #1034359) . [ Samuel Henrique ] * Update list of tests that fail on IPv6-only envs and don't skip them on autopkgtest * d/p/fix-unix-domain-socket.patch: Import upstream patch to fix --unix (closes: #1033963) Checksums-Sha1: f5049702838faa228f6f30a5e6c21682ff699a11 3159 curl_7.88.1-9.dsc 90cf9ff224534f1b541d176f027ae5400cc378d0 47920 curl_7.88.1-9.debian.tar.xz 817f82405e180e8dba25b9227e18288693fba590 11041 curl_7.88.1-9_amd64.buildinfo Checksums-Sha256: ea17267b98b453fa7f0629f62a0302cbc56385701c9d31ecc50bfa7fb2425a9d 3159 curl_7.88.1-9.dsc b1bac4b0deb1488f2b0d39f8bf990067080a5abfc7efaf938cec1267e0333030 47920 curl_7.88.1-9.debian.tar.xz ed03e67f81b77e3c107171f56f227249e7926b07d339e8d1c2ccd8dd00a84a11 11041 curl_7.88.1-9_amd64.buildinfo Files: f5362ee4bcda81de5897ff1c15714152 3159 web optional curl_7.88.1-9.dsc cdd8b56720576330b0d04efee7afae1c 47920 web optional curl_7.88.1-9.debian.tar.xz 01eac7ac0e87aa68164b65a2b4933747 11041 web optional curl_7.88.1-9_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmQ69gsACgkQu6n6rcz7 RweeuxAAvWPLzTKUd7cRqxXSv4a6V/LqKbpVz2wOYrpDVYo0XqBYRBsY1z783qlo YII4vGRaspgDeYHqO3nORPVM6qgtWBDMn5gElWDVyfvRWeHLTxtL0Rv15qaeQUfE IghLSEd4oNKyfq+WW7LL4E8me3zsKt1FtYVjTdVRr19POPqgzxtGFBNN0w25e6L5 Im11tl/cmLacDuGbyzxpjvCohwQf3aibmD0dNvY9nuWAVHXadZ6weFKDM6KObomT E3NLtnLJp7qRDVa1CW3o20ux11eajdMBp3UU6GjhRXj/TP3HVcKsTxpNEgxdKn5t OuoPn0DbRLJkTCYz2DGcGFqJiBqmHFMdgG1U3lZOUN5KrqvuJiP8N3M/r4asn3BT ljUiumxhZfX1MHDMeAGBSgZGywXtbGcWICf040Jfsc7wHwkbzRR1+YfndTUbSpjy oBk2EKOmAJmYSD93ZEPzUs8G2NOM9NIWhZjQNnz+YljIB5PesfUgArol63Oajp7u xvksM3HUdalIVZyPRWmhvJJwBVxL3I6SdQL2nsWl/vN17v9dOEOzRq9mFLvdD4M8 lzzEvIR/4kJuooeMUuYWi51DWgSvicH9xGmdqKHQ16cHpKsVePRnt8qwwtgdDRQF Ip8M/gyuyZhE383uDbX0pRTK+CsAHkMLIxHNVTM/4AtLh54wtRU= =2w0K -----END PGP SIGNATURE-----
--- End Message ---
