--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package mod-gnutls/0.8.2-3+deb9u1
- From: Adrian Bunk <bunk@debian.org>
- Date: Sat, 11 Jan 2020 12:34:27 +0200
- Message-id: <157873886792.28867.10919055068254398610.reportbug@localhost>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
* Avoid deprecated ciphersuites in test suite (Closes: #907008)
FTBFS, tests were broken by gnutls28 3.5.8-5+deb9u4.
diff -Nru mod-gnutls-0.8.2/debian/changelog mod-gnutls-0.8.2/debian/changelog
--- mod-gnutls-0.8.2/debian/changelog 2017-03-12 13:37:18.000000000 +0200
+++ mod-gnutls-0.8.2/debian/changelog 2020-01-11 12:27:37.000000000 +0200
@@ -1,3 +1,10 @@
+mod-gnutls (0.8.2-3+deb9u1) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Avoid deprecated ciphersuites in test suite (Closes: #907008)
+
+ -- Adrian Bunk <bunk@debian.org> Sat, 11 Jan 2020 12:27:37 +0200
+
mod-gnutls (0.8.2-3) unstable; urgency=medium
[ Thomas Klute ]
diff -Nru mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch
--- mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch 1970-01-01 02:00:00.000000000 +0200
+++ mod-gnutls-0.8.2/debian/patches/0001-Fix-test-16-view-status-by-changing-priority-string.patch 2020-01-11 12:26:05.000000000 +0200
@@ -0,0 +1,38 @@
+From: Sunil Mohan Adapa <sunil@medhas.org>
+Date: Tue, 18 Sep 2018 09:41:47 -0700
+Subject: Fix test 16-view-status by changing priority string
+
+From gnutls 3.5.19 release notes:
+
+"The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default
+priority strings. They are not necessary for compatibility or other purpose and
+provide no advantage over their SHA1 counter-parts, as they all depend on the
+legacy TLS CBC block mode."
+
+Pick a new priority string such that the cipher suite matches the default
+negotiated by gnutls 3.5.19 server and client without explicitly setting a
+priority string.
+---
+ test/tests/16_view-status/gnutls-cli.args | 2 +-
+ test/tests/16_view-status/output | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/test/tests/16_view-status/gnutls-cli.args b/test/tests/16_view-status/gnutls-cli.args
+index aca8ac0..470925b 100644
+--- a/test/tests/16_view-status/gnutls-cli.args
++++ b/test/tests/16_view-status/gnutls-cli.args
+@@ -1,2 +1,2 @@
+ --x509cafile=authority/x509.pem
+---priority=NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA256:+RSA:+COMP-NULL:+SIGN-RSA-SHA256
++--priority=NONE:+VERS-TLS1.2:+ECDHE-RSA:+CURVE-SECP256R1:+AES-256-GCM:+AEAD:+COMP-NULL:+SIGN-RSA-SHA1
+diff --git a/test/tests/16_view-status/output b/test/tests/16_view-status/output
+index 7786244..8bfb45a 100644
+--- a/test/tests/16_view-status/output
++++ b/test/tests/16_view-status/output
+@@ -1,5 +1,5 @@
+ <dt>Using TLS:</dt><dd>yes</dd>
+-<dt>Current TLS session:</dt><dd>(TLS1.2)-(RSA)-(AES-128-CBC)-(SHA256)</dd>
++<dt>Current TLS session:</dt><dd>(TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)</dd>
+ </dl>
+ </body></html>
+ - Peer has closed the GnuTLS connection
diff -Nru mod-gnutls-0.8.2/debian/patches/series mod-gnutls-0.8.2/debian/patches/series
--- mod-gnutls-0.8.2/debian/patches/series 2017-03-12 13:35:37.000000000 +0200
+++ mod-gnutls-0.8.2/debian/patches/series 2020-01-11 12:26:12.000000000 +0200
@@ -6,3 +6,4 @@
0006-Test-suite-Do-not-explicitly-set-the-mutex-type-to-d.patch
0007-Do-not-treat-warnings-about-deprecated-declarations-.patch
0008-Wait-for-OCSP-server-to-become-available.patch
+0001-Fix-test-16-view-status-by-changing-priority-string.patch
--- End Message ---