Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1034459: unblock: curl/7.88.1-9
3 views
Skip to first unread message
Sergio Durigan Junior
Apr 15, 2023, 6:40:04 PM4/15/23
to
Package: release.debian.org
Control: affects -1 + src:curl
X-Debbugs-Cc: cu...@packages.debian.org
User: release.d...@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: samu...@debian.org
Severity: normal
Please unblock curl/7.88.1-9.
[ Reason ]
Changes that affect the resulting binaries:
[ Sergio Durigan Junior ]
* d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch:
Don't prepend "nss" when opening libnssckbi.so. (Closes: #1034359)
[ Samuel Henrique ]
* d/p/fix-unix-domain-socket.patch: Import upstream patch to fix --unix
(closes: #1033963)
The first change is an important fix to address a regression introduced
by the previous
"Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch".
Unfortunately, it is currently not possible for users of NSS-enabled
libcurl to fetch data from HTTPS URIs. With this one-liner fix, the
previous behaviour is restored while at the same time keeping the
benefits of being able to dynamically load libnss-pem.
The second change is a backport of an upstream patch to fix the use of
UNIX domain sockets (via --unix) in HTTPS scenarios. An important fix
for those who rely on these features.
Changes that don't affect the resulting binaries:
[ Samuel Henrique ]
* Update list of tests that fail on IPv6-only envs and don't skip them on
autopkgtest
This change updates (and reduces) the list of tests to be skipped on
IPv6-only environments. This should increase our test coverage in
debci.
[ Impact ]
With this update, users who rely on the NSS-enabled libcurl will be able
to fetch data from HTTPS URIs again.
[ Tests ]
All build tests passed.
[ Risks ]
After some extensive tests, I believe I covered all scenarios where an
NSS-enabled libcurl could be used. Unfortunately, the patch to make
libcurl able to find and load libnss-pem is still a bit hack-ish, so
there's always the possibility of a problem creeping in. I'm confident
that the chance of such regression happening is unlikely, though.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I understand that the release team is probably very busy these days, and
appreciate all the work you have done. If it is not too much
inconvenience for you, it would be great to have this version of curl
unblocked in the near future, in order to address the NSS regression.
Thank you in advance.
unblock curl/7.88.1-9
--
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/
Control: affects -1 + src:curl
X-Debbugs-Cc: cu...@packages.debian.org
User: release.d...@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: samu...@debian.org
Severity: normal
Please unblock curl/7.88.1-9.
[ Reason ]
Changes that affect the resulting binaries:
[ Sergio Durigan Junior ]
* d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch:
Don't prepend "nss" when opening libnssckbi.so. (Closes: #1034359)
[ Samuel Henrique ]
* d/p/fix-unix-domain-socket.patch: Import upstream patch to fix --unix
(closes: #1033963)
The first change is an important fix to address a regression introduced
by the previous
"Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch".
Unfortunately, it is currently not possible for users of NSS-enabled
libcurl to fetch data from HTTPS URIs. With this one-liner fix, the
previous behaviour is restored while at the same time keeping the
benefits of being able to dynamically load libnss-pem.
The second change is a backport of an upstream patch to fix the use of
UNIX domain sockets (via --unix) in HTTPS scenarios. An important fix
for those who rely on these features.
Changes that don't affect the resulting binaries:
[ Samuel Henrique ]
* Update list of tests that fail on IPv6-only envs and don't skip them on
autopkgtest
This change updates (and reduces) the list of tests to be skipped on
IPv6-only environments. This should increase our test coverage in
debci.
[ Impact ]
With this update, users who rely on the NSS-enabled libcurl will be able
to fetch data from HTTPS URIs again.
[ Tests ]
All build tests passed.
[ Risks ]
After some extensive tests, I believe I covered all scenarios where an
NSS-enabled libcurl could be used. Unfortunately, the patch to make
libcurl able to find and load libnss-pem is still a bit hack-ish, so
there's always the possibility of a problem creeping in. I'm confident
that the chance of such regression happening is unlikely, though.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I understand that the release team is probably very busy these days, and
appreciate all the work you have done. If it is not too much
inconvenience for you, it would be great to have this version of curl
unblocked in the near future, in order to address the NSS regression.
Thank you in advance.
unblock curl/7.88.1-9
--
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/
0 new messages