From fiona.klute at gmx.de Fri Nov 29 19:29:20 2019 From: fiona.klute at gmx.de (Fiona Klute) Date: Fri, 29 Nov 2019 19:29:20 +0100 Subject: [mod_gnutls-devel] Bugfix release: mod_gnutls 0.9.1 Message-ID: <1ae2c10c-7346-7b7d-80a0-f2dfda3d29e5@gmx.de> Hi everyone, I have just uploaded a new source archive and matching signature to https://mod.gnutls.org/downloads/ as well as the signed mod_gnutls/0.9.1 tag to the git repositories [1, 2]. Bugfixes: * Fix possible segfault (NULL pointer dereference) on failed TLS handshake. Calling ssl_var_lookup() after a failed handshake could lead to GnuTLS session information functions being called on a NULL session pointer, leading to segfault. * Remove URLs from expected error responses in the test suite. Apache HTTPD removed request URLs from canned error messages to prevent misleading text/links being displayed via crafted links (CVE-2019-10092). Adjust the expected error responses in our tests so they can pass again. Other changes: * Test suite: Ignore "Content-Length" header of responses. Thanks to Krista Karppinen! * Add a section about module dependencies on socache to the handbook * Restructure the manpage build and move it to section 5 (config files) * Test suite: Restructure certificate directories Regards, Fiona [1] https://mod.gnutls.org/git/mod_gnutls [2] https://github.com/airtower-luna/mod_gnutls.git -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: