[mod_gnutls-devel] Bugfix release: mod_gnutls 0.9.1
Fiona Klute
fiona.klute at gmx.de
Fri Nov 29 19:29:20 CET 2019
Hi everyone,
I have just uploaded a new source archive and matching signature to
https://mod.gnutls.org/downloads/ as well as the signed mod_gnutls/0.9.1
tag to the git repositories [1, 2].
Bugfixes:
* Fix possible segfault (NULL pointer dereference) on failed TLS
handshake. Calling ssl_var_lookup() after a failed handshake could lead
to GnuTLS session information functions being called on a NULL session
pointer, leading to segfault.
* Remove URLs from expected error responses in the test suite. Apache
HTTPD removed request URLs from canned error messages to prevent
misleading text/links being displayed via crafted links
(CVE-2019-10092). Adjust the expected error responses in our tests so
they can pass again.
Other changes:
* Test suite: Ignore "Content-Length" header of responses. Thanks to
Krista Karppinen!
* Add a section about module dependencies on socache to the handbook
* Restructure the manpage build and move it to section 5 (config files)
* Test suite: Restructure certificate directories
Regards,
Fiona
[1] https://mod.gnutls.org/git/mod_gnutls
[2] https://github.com/airtower-luna/mod_gnutls.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/mod_gnutls-devel/attachments/20191129/e8303b36/attachment-0001.sig>
More information about the mod_gnutls-devel
mailing list