[mod_gnutls-devel] Bugfix release: mod_gnutls 0.9.1

Fiona Klute fiona.klute at gmx.de
Fri Nov 29 19:29:20 CET 2019

Hi everyone,

I have just uploaded a new source archive and matching signature to
https://mod.gnutls.org/downloads/ as well as the signed mod_gnutls/0.9.1
tag to the git repositories [1, 2].


* Fix possible segfault (NULL pointer dereference) on failed TLS
handshake. Calling ssl_var_lookup() after a failed handshake could lead
to GnuTLS session information functions being called on a NULL session
pointer, leading to segfault.

* Remove URLs from expected error responses in the test suite. Apache
HTTPD removed request URLs from canned error messages to prevent
misleading text/links being displayed via crafted links
(CVE-2019-10092). Adjust the expected error responses in our tests so
they can pass again.

Other changes:

* Test suite: Ignore "Content-Length" header of responses. Thanks to
Krista Karppinen!

* Add a section about module dependencies on socache to the handbook

* Restructure the manpage build and move it to section 5 (config files)

* Test suite: Restructure certificate directories


[1] https://mod.gnutls.org/git/mod_gnutls
[2] https://github.com/airtower-luna/mod_gnutls.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/mod_gnutls-devel/attachments/20191129/e8303b36/attachment-0001.sig>

More information about the mod_gnutls-devel mailing list