Bug#948653: stretch-pu: package mod-gnutls/0.8.2-3+deb9u1

Adrian Bunk Sat, 11 Jan 2020 02:36:54 -0800

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu


  * Avoid deprecated ciphersuites in test suite (Closes: #907008)

FTBFS, tests were broken by gnutls28 3.5.8-5+deb9u4.

diff -Nru mod-gnutls-0.8.2/debian/changelog mod-gnutls-0.8.2/debian/changelog
--- mod-gnutls-0.8.2/debian/changelog   2017-03-12 13:37:18.000000000 +0200
+++ mod-gnutls-0.8.2/debian/changelog   2020-01-11 12:27:37.000000000 +0200
@@ -1,3 +1,10 @@
+mod-gnutls (0.8.2-3+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Avoid deprecated ciphersuites in test suite (Closes: #907008)
+
+ -- Adrian Bunk <b...@debian.org>  Sat, 11 Jan 2020 12:27:37 +0200
+
 mod-gnutls (0.8.2-3) unstable; urgency=medium
 
   [ Thomas Klute ]
diff -Nru 
mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch
 
mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch
--- 
mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch
      1970-01-01 02:00:00.000000000 +0200
+++ 
mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch
      2020-01-11 12:26:05.000000000 +0200
@@ -0,0 +1,38 @@
+From: Sunil Mohan Adapa <su...@medhas.org>
+Date: Tue, 18 Sep 2018 09:41:47 -0700
+Subject: Fix test 16-view-status by changing priority string
+
+From gnutls 3.5.19 release notes:
+
+"The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the 
default
+priority strings. They are not necessary for compatibility or other purpose and
+provide no advantage over their SHA1 counter-parts, as they all depend on the
+legacy TLS CBC block mode."
+
+Pick a new priority string such that the cipher suite matches the default
+negotiated by gnutls 3.5.19 server and client without explicitly setting a
+priority string.
+---
+ test/tests/16_view-status/gnutls-cli.args | 2 +-
+ test/tests/16_view-status/output          | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/test/tests/16_view-status/gnutls-cli.args 
b/test/tests/16_view-status/gnutls-cli.args
+index aca8ac0..470925b 100644
+--- a/test/tests/16_view-status/gnutls-cli.args
++++ b/test/tests/16_view-status/gnutls-cli.args
+@@ -1,2 +1,2 @@
+ --x509cafile=authority/x509.pem
+---priority=NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA256:+RSA:+COMP-NULL:+SIGN-RSA-SHA256
++--priority=NONE:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-SECP256R1:+AES-256-GCM:+AEAD:+COMP-NULL:+SIGN-RSA-SHA1
+diff --git a/test/tests/16_view-status/output 
b/test/tests/16_view-status/output
+index 7786244..8bfb45a 100644
+--- a/test/tests/16_view-status/output
++++ b/test/tests/16_view-status/output
+@@ -1,5 +1,5 @@
+ <dt>Using TLS:</dt><dd>yes</dd>
+-<dt>Current TLS session:</dt><dd>(TLS1.2)-(RSA)-(AES-128-CBC)-(SHA256)</dd>
++<dt>Current TLS 
session:</dt><dd>(TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)</dd>
+ </dl>
+ </body></html>
+ - Peer has closed the GnuTLS connection
diff -Nru mod-gnutls-0.8.2/debian/patches/series 
mod-gnutls-0.8.2/debian/patches/series
--- mod-gnutls-0.8.2/debian/patches/series      2017-03-12 13:35:37.000000000 
+0200
+++ mod-gnutls-0.8.2/debian/patches/series      2020-01-11 12:26:12.000000000 
+0200
@@ -6,3 +6,4 @@
 0006-Test-suite-Do-not-explicitly-set-the-mutex-type-to-d.patch
 0007-Do-not-treat-warnings-about-deprecated-declarations-.patch
 0008-Wait-for-OCSP-server-to-become-available.patch
+0001-Fix-test-16-view-status-by-changing-priority-string.patch

Bug#948653: stretch-pu: package mod-gnutls/0.8.2-3+deb9u1

Reply via email to