Your message dated Sat, 22 Feb 2020 15:34:40 +0000
with message-id <[email protected]>
and subject line Bug#948441: fixed in curl 7.68.0-1
has caused the Debian Bug report #948441,
regarding Forced to use argument with cUrl to be able to take into account
ca-certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
948441: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948441
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: curl
Version: 7.64.0-4
Uname: Linux d2c5e376a123 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u5
(2017-09-19) x86_64 GNU/Linux
The cUrl into buster are compiled without the "--with-ca-bundle" option
which permit to use custom ca-certificates. Here is the diff between
stretch and buster:
--- curl-conf-stretch.txt 2020-01-08 17:45:41.425819210 +0100
+++ curl-conf-buster.txt 2020-01-08 17:47:46.665051373 +0100
@@ -9,8 +9,7 @@
'--disable-silent-rules'
'--libdir=/usr/lib/'`dpkg-architecture
-qDEB_HOST_MULTIARCH`
-'--libexecdir=/usr/lib/'`dpkg-architecture
--qDEB_HOST_MULTIARCH`
+'--runstatedir=/run'
'--disable-maintainer-mode'
'--disable-dependency-tracking'
'--disable-symbol-hiding'
@@ -18,17 +17,16 @@
'--enable-threaded-resolver'
'--with-lber-lib=lber'
'--with-gssapi=/usr'
+'--with-libssh2'
'--with-nghttp2'
'--includedir=/usr/include/'`dpkg-architecture
-qDEB_HOST_MULTIARCH`
'--with-zsh-functions-dir=/usr/share/zsh/vendor-completions'
'--with-ca-path=/etc/ssl/certs'
-'--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt'
'build_alias='`dpkg-architecture
-qDEB_BUILD_GNU_TYPE`
'CFLAGS=-g
-O2
--fdebug-prefix-map=/build/curl-jN7SFf/curl-7.52.1=.
-fstack-protector-strong
-Wformat
-Werror=format-security'
As you can see, the "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt"
as been removed from buster. Then, adding a new certificate, executing
update-ca-certificates as no effect... neither curl itself, neither using
curl through python. The workaround for setuptools is to use these envars
(cf https://github.com/pypa/setuptools/issues/1630 ):
- CURL_CA_BUNDLE
- REQUESTS_CA_BUNDLE
- SSL_CERT_FILE
It's easy to see the differences by using docker (debian:stretch-slim
debian:buster-slim). You can try these commands:
apt-get update && apt-get install -y curl libcurl4-openssl-dev &&
curl-config --configure
--
Perron Nicolas
PGP KeyID: 80A84BAB
<http://keys.gnupg.net/pks/lookup?op=get&search=0x04AF6C5A80A84BAB>
Keybase: kelindil_fr
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.68.0-1
Done: Alessandro Ghedini <[email protected]>
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Feb 2020 14:37:19 +0000
Source: curl
Architecture: source
Version: 7.68.0-1
Distribution: unstable
Urgency: medium
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Closes: 948441
Changes:
curl (7.68.0-1) unstable; urgency=medium
.
* New upstream release
* Bump Standards-Version to 4.5.0 (no changes needed)
* Update symbols files
* Configure default CA file with OpenSSL again (Closes: #948441)
Checksums-Sha1:
1a6a2333790ae9dc938b3ed66470c97b0a596edd 2646 curl_7.68.0-1.dsc
a7cae167ad44e81337d904877be4d6afcdb4da8c 4096350 curl_7.68.0.orig.tar.gz
2289b8f76d700ad5f4b5ee69b1e708e9c9c50906 29304 curl_7.68.0-1.debian.tar.xz
86f97fac1db0af348d772a7c05cf8d4608b1afe0 11181 curl_7.68.0-1_amd64.buildinfo
Checksums-Sha256:
cdf08a9a1b11246cf051125280f8a039a9e357631ccf2a06dc50bb66f46f284e 2646
curl_7.68.0-1.dsc
1dd7604e418b0b9a9077f62f763f6684c1b092a7bc17e3f354b8ad5c964d7358 4096350
curl_7.68.0.orig.tar.gz
fb8f6cd5ce44422a75de12330fdca0e0ce56e81ed89faa7ee24b71a8ba8dd42e 29304
curl_7.68.0-1.debian.tar.xz
c51cfa1828c0ad70c3f9c71feac01a95659010688ad4c1b60bd0f5ddb64cc9a8 11181
curl_7.68.0-1_amd64.buildinfo
Files:
8a0af025fa3b01343b80819d6dfbf32d 2646 web optional curl_7.68.0-1.dsc
f68d6f716ff06d357f476ea4ea57a3d6 4096350 web optional curl_7.68.0.orig.tar.gz
77d313cfdd6873a8661374a6c6550f96 29304 web optional curl_7.68.0-1.debian.tar.xz
8145a3e469bba55a0517f3abcecf7db9 11181 web optional
curl_7.68.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEBsId305pBx+F583DbwzL4CFiRygFAl5RRI8RHGdoZWRvQGRl
Ymlhbi5vcmcACgkQbwzL4CFiRygTGQ//WLyTSZH128tQpFLR8yqKLIvZG6fkFaZO
hYo5PtcpruMo3WM3tQpa809GEITx/eIGlJQgzLBtHVH+TclsTQsFTWI2H//CbP+f
kYBky8CS9lDTv9z9/4NOyNh9UBYPufz2sPmFIueugjMf5AgSyUipgyuumTxzqmXz
DW6Ljf8lsdN6FHZkY52tk7O8fugI30vc5kwxZXe5LtP/cB3mB3Z4s3lD2+kxf9+c
1Y0TBPrLZC0KJP8BLNxGYjaQQvJhkUEwxQ1ztLTn/tQD7Fr6c+84sAl4wuqcxEsJ
VJhEerAwnrgfSfiPpbfNmhAoFOcxQOIR96aohxOnLZpwFWgnd4b2MtICXog7yHEW
ZM+TY+pAeJMAiGHkZ1lMSP7DwDDbWf6x+QjLElXbkcMVtiHqhVie48X9nIo0XDz7
/y751bZzFiWau8U+zX4l3GKeatxMzGMFNA65lL3E6XSXleaGaJwQgSf7aRgsw6YG
or35o8T12RPC7eeUMQlrdKzQY9FJ+6DcbLVYlkKoJCF0VYbTNHXnaWBfq0N4CdAQ
JNgufOPInU0yw/xNcmhEsP1KoecUDEDsmtaKeAUXRQRxx5aBsAeXjVdzr09c2LUq
eGWl82cqjH6zcnz9LvOxAU8Licf8e5GkPlZ0oq4q99Zcpvg7XOTVznrIynk+sXIe
ja9llBTFPbA=
=7Ro2
-----END PGP SIGNATURE-----
--- End Message ---
