Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
* Avoid deprecated ciphersuites in test suite (Closes: #907008) FTBFS, tests were broken by gnutls28 3.5.8-5+deb9u4.
diff -Nru mod-gnutls-0.8.2/debian/changelog mod-gnutls-0.8.2/debian/changelog --- mod-gnutls-0.8.2/debian/changelog 2017-03-12 13:37:18.000000000 +0200 +++ mod-gnutls-0.8.2/debian/changelog 2020-01-11 12:27:37.000000000 +0200 @@ -1,3 +1,10 @@ +mod-gnutls (0.8.2-3+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Avoid deprecated ciphersuites in test suite (Closes: #907008) + + -- Adrian Bunk <b...@debian.org> Sat, 11 Jan 2020 12:27:37 +0200 + mod-gnutls (0.8.2-3) unstable; urgency=medium [ Thomas Klute ] diff -Nru mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch --- mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch 1970-01-01 02:00:00.000000000 +0200 +++ mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch 2020-01-11 12:26:05.000000000 +0200 @@ -0,0 +1,38 @@ +From: Sunil Mohan Adapa <su...@medhas.org> +Date: Tue, 18 Sep 2018 09:41:47 -0700 +Subject: Fix test 16-view-status by changing priority string + +From gnutls 3.5.19 release notes: + +"The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default +priority strings. They are not necessary for compatibility or other purpose and +provide no advantage over their SHA1 counter-parts, as they all depend on the +legacy TLS CBC block mode." + +Pick a new priority string such that the cipher suite matches the default +negotiated by gnutls 3.5.19 server and client without explicitly setting a +priority string. +--- + test/tests/16_view-status/gnutls-cli.args | 2 +- + test/tests/16_view-status/output | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/tests/16_view-status/gnutls-cli.args b/test/tests/16_view-status/gnutls-cli.args +index aca8ac0..470925b 100644 +--- a/test/tests/16_view-status/gnutls-cli.args ++++ b/test/tests/16_view-status/gnutls-cli.args +@@ -1,2 +1,2 @@ + --x509cafile=authority/x509.pem +---priority=NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA256:+RSA:+COMP-NULL:+SIGN-RSA-SHA256 ++--priority=NONE:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-SECP256R1:+AES-256-GCM:+AEAD:+COMP-NULL:+SIGN-RSA-SHA1 +diff --git a/test/tests/16_view-status/output b/test/tests/16_view-status/output +index 7786244..8bfb45a 100644 +--- a/test/tests/16_view-status/output ++++ b/test/tests/16_view-status/output +@@ -1,5 +1,5 @@ + <dt>Using TLS:</dt><dd>yes</dd> +-<dt>Current TLS session:</dt><dd>(TLS1.2)-(RSA)-(AES-128-CBC)-(SHA256)</dd> ++<dt>Current TLS session:</dt><dd>(TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)</dd> + </dl> + </body></html> + - Peer has closed the GnuTLS connection diff -Nru mod-gnutls-0.8.2/debian/patches/series mod-gnutls-0.8.2/debian/patches/series --- mod-gnutls-0.8.2/debian/patches/series 2017-03-12 13:35:37.000000000 +0200 +++ mod-gnutls-0.8.2/debian/patches/series 2020-01-11 12:26:12.000000000 +0200 @@ -6,3 +6,4 @@ 0006-Test-suite-Do-not-explicitly-set-the-mutex-type-to-d.patch 0007-Do-not-treat-warnings-about-deprecated-declarations-.patch 0008-Wait-for-OCSP-server-to-become-available.patch +0001-Fix-test-16-view-status-by-changing-priority-string.patch