Thank you. @Samuel Henrique, since you wear both hats, will this make Lunar as well?
Le sam. 15 avr. 2023 à 21:39, Debian Bug Tracking System <ow...@bugs.debian.org> a écrit : > > This is an automatic notification regarding your Bug report > which was filed against the libcurl3-nss package: > > #1034359: Regression finding system certificates > > It has been closed by Debian FTP Masters <ftpmas...@ftp-master.debian.org> > (reply to Samuel Henrique <samuel...@debian.org>). > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Debian FTP Masters > <ftpmas...@ftp-master.debian.org> (reply to Samuel Henrique > <samuel...@debian.org>) by > replying to this email. > > > -- > 1034359: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > > > ---------- Forwarded message ---------- > From: Debian FTP Masters <ftpmas...@ftp-master.debian.org> > To: 1034359-cl...@bugs.debian.org > Cc: > Bcc: > Date: Sat, 15 Apr 2023 19:34:26 +0000 > Subject: Bug#1034359: fixed in curl 7.88.1-9 > Source: curl > Source-Version: 7.88.1-9 > Done: Samuel Henrique <samuel...@debian.org> > > We believe that the bug you reported is fixed in the latest version of > curl, which is due to be installed in the Debian FTP archive. > > A summary of the changes between this version and the previous one is > attached. > > Thank you for reporting the bug, which will now be closed. If you > have further comments please address them to 1034...@bugs.debian.org, > and the maintainer will reopen the bug report if appropriate. > > Debian distribution maintenance software > pp. > Samuel Henrique <samuel...@debian.org> (supplier of updated curl package) > > (This message was generated automatically at their request; if you > believe that there is a problem with it please contact the archive > administrators by mailing ftpmas...@ftp-master.debian.org) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Format: 1.8 > Date: Sat, 15 Apr 2023 20:03:44 +0100 > Source: curl > Built-For-Profiles: nocheck > Architecture: source > Version: 7.88.1-9 > Distribution: unstable > Urgency: medium > Maintainer: Alessandro Ghedini <gh...@debian.org> > Changed-By: Samuel Henrique <samuel...@debian.org> > Closes: 1033963 1034359 > Changes: > curl (7.88.1-9) unstable; urgency=medium > . > [ Sergio Durigan Junior ] > * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: > Don't prepend "nss" when opening libnssckbi.so. (Closes: #1034359) > . > [ Samuel Henrique ] > * Update list of tests that fail on IPv6-only envs and don't skip them on > autopkgtest > * d/p/fix-unix-domain-socket.patch: Import upstream patch to fix --unix > (closes: #1033963) > Checksums-Sha1: > f5049702838faa228f6f30a5e6c21682ff699a11 3159 curl_7.88.1-9.dsc > 90cf9ff224534f1b541d176f027ae5400cc378d0 47920 curl_7.88.1-9.debian.tar.xz > 817f82405e180e8dba25b9227e18288693fba590 11041 curl_7.88.1-9_amd64.buildinfo > Checksums-Sha256: > ea17267b98b453fa7f0629f62a0302cbc56385701c9d31ecc50bfa7fb2425a9d 3159 > curl_7.88.1-9.dsc > b1bac4b0deb1488f2b0d39f8bf990067080a5abfc7efaf938cec1267e0333030 47920 > curl_7.88.1-9.debian.tar.xz > ed03e67f81b77e3c107171f56f227249e7926b07d339e8d1c2ccd8dd00a84a11 11041 > curl_7.88.1-9_amd64.buildinfo > Files: > f5362ee4bcda81de5897ff1c15714152 3159 web optional curl_7.88.1-9.dsc > cdd8b56720576330b0d04efee7afae1c 47920 web optional > curl_7.88.1-9.debian.tar.xz > 01eac7ac0e87aa68164b65a2b4933747 11041 web optional > curl_7.88.1-9_amd64.buildinfo > > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmQ69gsACgkQu6n6rcz7 > RweeuxAAvWPLzTKUd7cRqxXSv4a6V/LqKbpVz2wOYrpDVYo0XqBYRBsY1z783qlo > YII4vGRaspgDeYHqO3nORPVM6qgtWBDMn5gElWDVyfvRWeHLTxtL0Rv15qaeQUfE > IghLSEd4oNKyfq+WW7LL4E8me3zsKt1FtYVjTdVRr19POPqgzxtGFBNN0w25e6L5 > Im11tl/cmLacDuGbyzxpjvCohwQf3aibmD0dNvY9nuWAVHXadZ6weFKDM6KObomT > E3NLtnLJp7qRDVa1CW3o20ux11eajdMBp3UU6GjhRXj/TP3HVcKsTxpNEgxdKn5t > OuoPn0DbRLJkTCYz2DGcGFqJiBqmHFMdgG1U3lZOUN5KrqvuJiP8N3M/r4asn3BT > ljUiumxhZfX1MHDMeAGBSgZGywXtbGcWICf040Jfsc7wHwkbzRR1+YfndTUbSpjy > oBk2EKOmAJmYSD93ZEPzUs8G2NOM9NIWhZjQNnz+YljIB5PesfUgArol63Oajp7u > xvksM3HUdalIVZyPRWmhvJJwBVxL3I6SdQL2nsWl/vN17v9dOEOzRq9mFLvdD4M8 > lzzEvIR/4kJuooeMUuYWi51DWgSvicH9xGmdqKHQ16cHpKsVePRnt8qwwtgdDRQF > Ip8M/gyuyZhE383uDbX0pRTK+CsAHkMLIxHNVTM/4AtLh54wtRU= > =2w0K > -----END PGP SIGNATURE----- > > > ---------- Forwarded message ---------- > From: Gabriel <g2p.c...@gmail.com> > To: sub...@bugs.debian.org > Cc: > Bcc: > Date: Thu, 13 Apr 2023 16:39:25 +0200 > Subject: Regression finding system certificates > Package: libcurl3-nss > Version: 7.88.1-5 > > Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with > nss looks for loadable libraries: > > curl (7.88.1-4) unstable; urgency=medium > > * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: > Prepend "/nss/" before the library name. > > Before the change to the load path, curl could find > /lib/x86_64-linux-gnu/libnssckbi.so but not > /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the > reverse. > > libnssckbi.so is enough to get a trust root (the mozilla certificate > store is compiled inside that library), whereas libnsspem.so > (1.0.8+1-1) isn't. > This makes it impossible to connect to https servers by default for > programs that use curl with NSS. > > Here is a way to test the regression: > debbisect -v --cache=./cache \ > > --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace > \ > 20230306T145638Z 20230306T203828Z \ > 'chroot "$1" bash -exuc " > git clone --depth 1 https://github.com/alexcrichton/curl-rust.git > cd curl-rust > time cargo fetch > time cargo build --offline --example https > strace -efile target/debug/examples/https >/dev/null > "'
