Package: libgnutls30 Version: 3.7.0-3 Severity: critical Justification: breaks unrelated software
Dear Maintainer, I updated gnutls to 3.7.0-3 this morning, then apt was unable to connect to the Debian mirror https://debian.ethz.ch/debian/: $ sudo apt update Ign:1 https://debian.ethz.ch/debian sid InRelease Err:2 https://debian.ethz.ch/debian sid Release Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 129.132.53.171 443] Reading package lists... Done E: The repository 'https://debian.ethz.ch/debian sid Release' no longer has a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Using the gnutls client directly gives: $ gnutls-cli debian.ethz.ch -p 443 Processed 126 CA certificate(s). Resolving 'debian.ethz.ch:443'... Connecting to '129.132.53.171:443'... - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `CN=plattenberg.ethz.ch', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x03303e4ec324a9667915ae5fb3383255b202, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-11-17 13:03:43 UTC', expires `2021-02-15 13:03:43 UTC', pin-sha256="7qwNrAIqODvrEwByZ0mAMpm2PROcvYK/BNpYTBzSzfA=" Public Key ID: sha1:3c05692d0390a10e4e7cc1a4881c82288b0f6d83 sha256:eeac0dac022a383beb1300726749803299b63d139cbd82bf04da584c1cd2cdf0 Public Key PIN: pin-sha256:7qwNrAIqODvrEwByZ0mAMpm2PROcvYK/BNpYTBzSzfA= - Certificate[1] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Certificate[2] info: - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=" - Status: The certificate is NOT trusted. The certificate issuer is unknown. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. Reverting to libgnutls30 3.6.15-4 seems to fix the problem. Best, Jonathan -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-4-amd64 (SMP w/12 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgnutls30 depends on: ii libc6 2.31-5 ii libgmp10 2:6.2.1+dfsg-1 ii libhogweed6 3.6-2 ii libidn2-0 2.3.0-4 ii libnettle8 3.6-2 ii libp11-kit0 0.23.21-2 ii libtasn1-6 4.16.0-2 ii libunistring2 0.9.10-4 libgnutls30 recommends no packages. Versions of packages libgnutls30 suggests: ii gnutls-bin 3.6.15-4 -- no debconf information