XPost: linux.debian.devel.release
This is a multi-part MIME message sent by reportbug.
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc:
riseup-vpn@packages.debian.org,
nilesh@debian.org
Control: affects -1 + src:riseup-vpn
User:
release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
The bug got introduced due to a change in the external services that riseup-vpn interacts with (riseup's servers) and failing to identify their letsencrypt certs.
Full details at Bug#1070270
[ Impact ]
The package is rendered unusable and the user will not be able to use riseup-vpn
and connect to the vpn.
[ Tests ]
Tried this on a fresh stable VM with multiple different angles.
This has also been tried on a stable user's machine and the problem is verified to have been fixed.
[ Risks ]
This is a leaf package and the changes are fairly minimal. Very low risk to stable.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Add patch to fixup client verification problems with
riseup-vpn which renders the package useless otherwise.
At the moment, the current code is unable to identify the
letsencrypt certs. Used a systempool for the same and create
a newcertpool as a fallback. Also added a Depends in d/control
for ca-certificates for the same reason.
[ Other info ]
Since this is a leaf package and the breakage is due to external services, this may be a
candidate for stable-updates suite as per
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#special-case-the-stable-updates-suite
Examples of circumstances in which the upload may qualify for such treatment are:
...
Uploads to stable-updates should target their suite name in the changelog as usual, e.g. bookworm.
Since I was confident that this should be accepted, I did a (source-only) dput/upload.
diff -Nru riseup-vpn-0.21.11+ds1/debian/changelog riseup-vpn-0.21.11+ds1/debian/changelog
--- riseup-vpn-0.21.11+ds1/debian/changelog 2023-03-09 09:51:22.000000000 +0530
+++ riseup-vpn-0.21.11+ds1/debian/changelog 2024-05-10 20:13:39.000000000 +0530
@@ -1,3 +1,15 @@
+riseup-vpn (0.21.11+ds1-5+deb12u1) bookworm; urgency=medium
+
+ * Add patch to fixup client verification problems with
+ riseup-vpn which renders the package useless otherwise.
+ At the moment, the current code is unable to identify the
+ letsencrypt certs. Used a systempool for the same and create
+ a newcertpool as a fallback. Also added a Depends in d/control
+ for ca-certificates for the same reason.
+ (Closes: #1070270)
+
+ -- Nilesh Patra <
nilesh@debian.org> Fri, 10 May 2024 20:13:39 +0530
+
riseup-vpn (0.21.11+ds1-5) unstable; urgency=medium
* Add procps, iproute2 and iptables to Depends (Closes: #1031905)
diff -Nru riseup-vpn-0.21.11+ds1/debian/control riseup-vpn-0.21.11+ds1/debian/control
--- riseup-vpn-0.21.11+ds1/debian/control 2023-03-09 09:51:22.000000000 +0530
+++ riseup-vpn-0