Control: tags 950300 + patch
Control: tags 950300 + pending
Control: tags 950301 + patch
Control: tags 950301 + pending
Dear maintainer,
I've prepared an NMU for mod-gnutls (versioned as 0.9.0-1.1) and
uploaded it to DELAYED/15. Please feel free to tell me if I should
cancel it.
My main interest is fixing #950300 in buster and stretch afterwards,
upstream release 0.10.0 would be a superset of my changes.
cu
Adrian
diff -Nru mod-gnutls-0.9.0/debian/changelog mod-gnutls-0.9.0/debian/changelog
--- mod-gnutls-0.9.0/debian/changelog 2019-02-08 23:27:06.000000000 +0200
+++ mod-gnutls-0.9.0/debian/changelog 2020-02-08 23:14:39.000000000 +0200
@@ -1,3 +1,13 @@
+mod-gnutls (0.9.0-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Backported patches to fix test failures with the
+ apache CVE-2019-10092 fix. (Closes: #950300)
+ * Disable a test that fails with GnuTLS >= 3.6.11. (Closes: #950301)
+ * Backported a fix for a possible segfault on failed TLS handshake.
+
+ -- Adrian Bunk <b...@debian.org> Sat, 08 Feb 2020 23:14:39 +0200
+
mod-gnutls (0.9.0-1) unstable; urgency=medium
[ Fiona Klute ]
diff -Nru mod-gnutls-0.9.0/debian/patches/0001-Fix-possible-segfault-NULL-pointer-dereference-on-fa.patch mod-gnutls-0.9.0/debian/patches/0001-Fix-possible-segfault-NULL-pointer-dereference-on-fa.patch
--- mod-gnutls-0.9.0/debian/patches/0001-Fix-possible-segfault-NULL-pointer-dereference-on-fa.patch 1970-01-01 02:00:00.000000000 +0200
+++ mod-gnutls-0.9.0/debian/patches/0001-Fix-possible-segfault-NULL-pointer-dereference-on-fa.patch 2020-02-08 17:20:28.000000000 +0200
@@ -0,0 +1,40 @@
+From dcec2098a29e43d93efe6b0b6150e35ef198a1eb Mon Sep 17 00:00:00 2001
+From: Fiona Klute <fiona.kl...@gmx.de>
+Date: Thu, 28 Nov 2019 10:42:46 +0100
+Subject: Fix possible segfault (NULL pointer dereference) on failed TLS
+ handshake
+
+Calling ssl_var_lookup() after a failed handshake could lead to GnuTLS
+session information functions being called on a NULL session pointer,
+leading to segfault. I observed this in a case where mod_http2 was
+trying to check the negotiated TLS version after the client rejected
+the server certificate.
+---
+ src/mod_gnutls.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
+index d6edffc..b667a9c 100644
+--- a/src/mod_gnutls.c
++++ b/src/mod_gnutls.c
+@@ -2,7 +2,7 @@
+ * Copyright 2004-2005 Paul Querna
+ * Copyright 2008, 2014 Nikos Mavrogiannopoulos
+ * Copyright 2011 Dash Shendy
+- * Copyright 2015-2018 Fiona Klute
++ * Copyright 2015-2019 Fiona Klute
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+@@ -178,7 +178,7 @@ char* ssl_var_lookup(apr_pool_t *p, server_rec *s __attribute__((unused)),
+ mgs_handle_t *ctxt = get_effective_gnutls_ctxt(c);
+
+ /* TLS parameters are empty if there is no session */
+- if (ctxt == NULL || ctxt->c == NULL)
++ if (ctxt == NULL || ctxt->c == NULL || ctxt->session == NULL)
+ return NULL;
+
+ if (strcmp(var, "SSL_PROTOCOL") == 0)
+--
+2.20.1
+
diff -Nru mod-gnutls-0.9.0/debian/patches/0001-Test-suite-ignore-Content-Length-header.patch mod-gnutls-0.9.0/debian/patches/0001-Test-suite-ignore-Content-Length-header.patch
--- mod-gnutls-0.9.0/debian/patches/0001-Test-suite-ignore-Content-Length-header.patch 1970-01-01 02:00:00.000000000 +0200
+++ mod-gnutls-0.9.0/debian/patches/0001-Test-suite-ignore-Content-Length-header.patch 2020-02-08 17:20:44.000000000 +0200
@@ -0,0 +1,291 @@
+From 20a20dfab4f9b854228ae1999b912dcab7f8c260 Mon Sep 17 00:00:00 2001
+From: Krista Karppinen <krista.celes...@gmail.com>
+Date: Fri, 1 Nov 2019 23:07:20 +0200
+Subject: Test suite: ignore "Content-Length" header
+
+Do not check the returned "Content-Length" header value when running the
+tests, as long as it's valid. This will allow for more flexibility in
+matching the content in the future.
+---
+ test/runtests | 5 +++--
+ test/tests/00_basic/output | 1 -
+ test/tests/01_serverwide_priorities/output | 1 -
+ test/tests/03_cachetimeout_in_vhost/output | 1 -
+ test/tests/04_basic_nosni/output | 1 -
+ test/tests/06_verify_sni_a/output | 1 -
+ test/tests/07_verify_sni_b/output | 1 -
+ test/tests/08_verify_no_sni_fallback_to_first_vhost/output | 1 -
+ test/tests/10_basic_client_verification/output | 1 -
+ test/tests/14_resume_session/output | 1 -
+ test/tests/15_basic_msva/output | 1 -
+ test/tests/19_TLS_reverse_proxy/output | 1 -
+ test/tests/20_TLS_reverse_proxy_client_auth/output | 1 -
+ test/tests/21_TLS_reverse_proxy_wrong_cert/output | 1 -
+ test/tests/22_TLS_reverse_proxy_crl_revoke/output | 1 -
+ test/tests/23_TLS_reverse_proxy_mismatched_priorities/output | 1 -
+ test/tests/24_pkcs11_cert/output | 1 -
+ test/tests/27_OCSP_server/output | 1 -
+ test/tests/29_force_handshake_vhost/output | 1 -
+ test/tests/30_ip_based_vhosts/output | 1 -
+ test/tests/31_vhost_SNI_serveralias_match/output | 1 -
+ test/tests/32_vhost_SNI_serveralias_mismatch/output | 1 -
+ test/tests/33_vhost_SNI_serveralias_missinghost/output | 1 -
+ test/tests/34_TLS_reverse_proxy_h2/output | 1 -
+ 24 files changed, 3 insertions(+), 25 deletions(-)
+
+diff --git a/test/runtests b/test/runtests
+index 1c4ffdf..291755e 100755
+--- a/test/runtests
++++ b/test/runtests
+@@ -49,8 +49,8 @@ function stop_msva()
+
+ # Compare expected/actual outputs, filtering out headers from actual
+ # output that are expected to change between runs or builds (currently
+-# "Date" and "Server"). The headers must be excluded in the expected
+-# output.
++# "Date", "Server" and "Content-Length"). The headers must be excluded
++# in the expected output.
+ #
+ # Parameters:
+ # $1: path to expected output
+@@ -63,6 +63,7 @@ function diff_output_filter_headers()
+ diff $3 -u "${expected}" <( cat "${actual}" | \
+ grep -v -P '^Date:\s.*GMT\s?$' | \
+ grep -v -P '^Server:\sApache' | \
++ grep -v -P '^Content-Length:\s\d+\s?$' | \
+ tail -n "$(wc -l < ${expected})" )
+ }
+
+diff --git a/test/tests/00_basic/output b/test/tests/00_basic/output
+index 6259290..341d60e 100644
+--- a/test/tests/00_basic/output
++++ b/test/tests/00_basic/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/01_serverwide_priorities/output b/test/tests/01_serverwide_priorities/output
+index 6259290..341d60e 100644
+--- a/test/tests/01_serverwide_priorities/output
++++ b/test/tests/01_serverwide_priorities/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/03_cachetimeout_in_vhost/output b/test/tests/03_cachetimeout_in_vhost/output
+index 6259290..341d60e 100644
+--- a/test/tests/03_cachetimeout_in_vhost/output
++++ b/test/tests/03_cachetimeout_in_vhost/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/04_basic_nosni/output b/test/tests/04_basic_nosni/output
+index 6259290..341d60e 100644
+--- a/test/tests/04_basic_nosni/output
++++ b/test/tests/04_basic_nosni/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/06_verify_sni_a/output b/test/tests/06_verify_sni_a/output
+index 6259290..341d60e 100644
+--- a/test/tests/06_verify_sni_a/output
++++ b/test/tests/06_verify_sni_a/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/07_verify_sni_b/output b/test/tests/07_verify_sni_b/output
+index 6259290..341d60e 100644
+--- a/test/tests/07_verify_sni_b/output
++++ b/test/tests/07_verify_sni_b/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/08_verify_no_sni_fallback_to_first_vhost/output b/test/tests/08_verify_no_sni_fallback_to_first_vhost/output
+index 6259290..341d60e 100644
+--- a/test/tests/08_verify_no_sni_fallback_to_first_vhost/output
++++ b/test/tests/08_verify_no_sni_fallback_to_first_vhost/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/10_basic_client_verification/output b/test/tests/10_basic_client_verification/output
+index 6259290..341d60e 100644
+--- a/test/tests/10_basic_client_verification/output
++++ b/test/tests/10_basic_client_verification/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/14_resume_session/output b/test/tests/14_resume_session/output
+index 6259290..341d60e 100644
+--- a/test/tests/14_resume_session/output
++++ b/test/tests/14_resume_session/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/15_basic_msva/output b/test/tests/15_basic_msva/output
+index 6259290..341d60e 100644
+--- a/test/tests/15_basic_msva/output
++++ b/test/tests/15_basic_msva/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/19_TLS_reverse_proxy/output b/test/tests/19_TLS_reverse_proxy/output
+index c346200..f7c4e4e 100644
+--- a/test/tests/19_TLS_reverse_proxy/output
++++ b/test/tests/19_TLS_reverse_proxy/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Content-Type: text/plain
+ Connection: close
+
+diff --git a/test/tests/20_TLS_reverse_proxy_client_auth/output b/test/tests/20_TLS_reverse_proxy_client_auth/output
+index c346200..f7c4e4e 100644
+--- a/test/tests/20_TLS_reverse_proxy_client_auth/output
++++ b/test/tests/20_TLS_reverse_proxy_client_auth/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Content-Type: text/plain
+ Connection: close
+
+diff --git a/test/tests/21_TLS_reverse_proxy_wrong_cert/output b/test/tests/21_TLS_reverse_proxy_wrong_cert/output
+index 1c9cc06..8c2419d 100644
+--- a/test/tests/21_TLS_reverse_proxy_wrong_cert/output
++++ b/test/tests/21_TLS_reverse_proxy_wrong_cert/output
+@@ -1,5 +1,4 @@
+ HTTP/1.1 502 Proxy Error
+-Content-Length: 341
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+diff --git a/test/tests/22_TLS_reverse_proxy_crl_revoke/output b/test/tests/22_TLS_reverse_proxy_crl_revoke/output
+index 1c9cc06..8c2419d 100644
+--- a/test/tests/22_TLS_reverse_proxy_crl_revoke/output
++++ b/test/tests/22_TLS_reverse_proxy_crl_revoke/output
+@@ -1,5 +1,4 @@
+ HTTP/1.1 502 Proxy Error
+-Content-Length: 341
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+diff --git a/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output b/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output
+index 1c9cc06..8c2419d 100644
+--- a/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output
++++ b/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output
+@@ -1,5 +1,4 @@
+ HTTP/1.1 502 Proxy Error
+-Content-Length: 341
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+diff --git a/test/tests/24_pkcs11_cert/output b/test/tests/24_pkcs11_cert/output
+index 6259290..341d60e 100644
+--- a/test/tests/24_pkcs11_cert/output
++++ b/test/tests/24_pkcs11_cert/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/27_OCSP_server/output b/test/tests/27_OCSP_server/output
+index 6259290..341d60e 100644
+--- a/test/tests/27_OCSP_server/output
++++ b/test/tests/27_OCSP_server/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/29_force_handshake_vhost/output b/test/tests/29_force_handshake_vhost/output
+index c14b0e5..a09e295 100644
+--- a/test/tests/29_force_handshake_vhost/output
++++ b/test/tests/29_force_handshake_vhost/output
+@@ -1,5 +1,4 @@
+ HTTP/1.1 421 Misdirected Request
+-Content-Length: 322
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+diff --git a/test/tests/30_ip_based_vhosts/output b/test/tests/30_ip_based_vhosts/output
+index 6259290..341d60e 100644
+--- a/test/tests/30_ip_based_vhosts/output
++++ b/test/tests/30_ip_based_vhosts/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/31_vhost_SNI_serveralias_match/output b/test/tests/31_vhost_SNI_serveralias_match/output
+index 6259290..341d60e 100644
+--- a/test/tests/31_vhost_SNI_serveralias_match/output
++++ b/test/tests/31_vhost_SNI_serveralias_match/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Connection: close
+ Content-Type: text/plain
+
+diff --git a/test/tests/32_vhost_SNI_serveralias_mismatch/output b/test/tests/32_vhost_SNI_serveralias_mismatch/output
+index c14b0e5..a09e295 100644
+--- a/test/tests/32_vhost_SNI_serveralias_mismatch/output
++++ b/test/tests/32_vhost_SNI_serveralias_mismatch/output
+@@ -1,5 +1,4 @@
+ HTTP/1.1 421 Misdirected Request
+-Content-Length: 322
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+diff --git a/test/tests/33_vhost_SNI_serveralias_missinghost/output b/test/tests/33_vhost_SNI_serveralias_missinghost/output
+index c14b0e5..a09e295 100644
+--- a/test/tests/33_vhost_SNI_serveralias_missinghost/output
++++ b/test/tests/33_vhost_SNI_serveralias_missinghost/output
+@@ -1,5 +1,4 @@
+ HTTP/1.1 421 Misdirected Request
+-Content-Length: 322
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+diff --git a/test/tests/34_TLS_reverse_proxy_h2/output b/test/tests/34_TLS_reverse_proxy_h2/output
+index c346200..f7c4e4e 100644
+--- a/test/tests/34_TLS_reverse_proxy_h2/output
++++ b/test/tests/34_TLS_reverse_proxy_h2/output
+@@ -1,5 +1,4 @@
+ Accept-Ranges: bytes
+-Content-Length: 5
+ Content-Type: text/plain
+ Connection: close
+
+--
+2.20.1
+
diff -Nru mod-gnutls-0.9.0/debian/patches/0001-Test-suite-Remove-URLs-from-expected-error-responses.patch mod-gnutls-0.9.0/debian/patches/0001-Test-suite-Remove-URLs-from-expected-error-responses.patch
--- mod-gnutls-0.9.0/debian/patches/0001-Test-suite-Remove-URLs-from-expected-error-responses.patch 1970-01-01 02:00:00.000000000 +0200
+++ mod-gnutls-0.9.0/debian/patches/0001-Test-suite-Remove-URLs-from-expected-error-responses.patch 2020-02-08 17:20:52.000000000 +0200
@@ -0,0 +1,94 @@
+From a55742a9e3ea3d5ab8151f0c54e196187b203b7b Mon Sep 17 00:00:00 2001
+From: Fiona Klute <fiona.kl...@gmx.de>
+Date: Fri, 1 Nov 2019 19:17:57 +0100
+Subject: Test suite: Remove URLs from expected error responses
+
+Apache HTTPD removed request URLs from canned error messages to
+prevent misleading text/links being displayed via crafted links
+(CVE-2019-10092). Adjust the expected error responses in our tests so
+they can pass again.
+---
+ test/tests/18_client_verification_wrong_cert/output | 6 +++---
+ test/tests/21_TLS_reverse_proxy_wrong_cert/output | 5 ++---
+ test/tests/22_TLS_reverse_proxy_crl_revoke/output | 5 ++---
+ .../tests/23_TLS_reverse_proxy_mismatched_priorities/output | 5 ++---
+ 4 files changed, 9 insertions(+), 12 deletions(-)
+
+diff --git a/test/tests/18_client_verification_wrong_cert/output b/test/tests/18_client_verification_wrong_cert/output
+index 766e7b6..2a89afe 100644
+--- a/test/tests/18_client_verification_wrong_cert/output
++++ b/test/tests/18_client_verification_wrong_cert/output
+@@ -1,7 +1,7 @@
++<html><head>
++<title>403 Forbidden</title>
+ </head><body>
+ <h1>Forbidden</h1>
+-<p>You don't have permission to access /test.txt
+-on this server.<br />
+-</p>
++<p>You don't have permission to access this resource.</p>
+ </body></html>
+ - Peer has closed the GnuTLS connection
+diff --git a/test/tests/21_TLS_reverse_proxy_wrong_cert/output b/test/tests/21_TLS_reverse_proxy_wrong_cert/output
+index f60e6f6..1c9cc06 100644
+--- a/test/tests/21_TLS_reverse_proxy_wrong_cert/output
++++ b/test/tests/21_TLS_reverse_proxy_wrong_cert/output
+@@ -1,5 +1,5 @@
+ HTTP/1.1 502 Proxy Error
+-Content-Length: 407
++Content-Length: 341
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+@@ -10,7 +10,6 @@ Content-Type: text/html; charset=iso-8859-1
+ <h1>Proxy Error</h1>
+ <p>The proxy server received an invalid
+ response from an upstream server.<br />
+-The proxy server could not handle the request <em><a href="/proxy/test.txt">GET /proxy/test.txt</a></em>.<p>
+-Reason: <strong>Error reading from remote server</strong></p></p>
++The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p>
+ </body></html>
+ - Peer has closed the GnuTLS connection
+diff --git a/test/tests/22_TLS_reverse_proxy_crl_revoke/output b/test/tests/22_TLS_reverse_proxy_crl_revoke/output
+index f60e6f6..1c9cc06 100644
+--- a/test/tests/22_TLS_reverse_proxy_crl_revoke/output
++++ b/test/tests/22_TLS_reverse_proxy_crl_revoke/output
+@@ -1,5 +1,5 @@
+ HTTP/1.1 502 Proxy Error
+-Content-Length: 407
++Content-Length: 341
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+@@ -10,7 +10,6 @@ Content-Type: text/html; charset=iso-8859-1
+ <h1>Proxy Error</h1>
+ <p>The proxy server received an invalid
+ response from an upstream server.<br />
+-The proxy server could not handle the request <em><a href="/proxy/test.txt">GET /proxy/test.txt</a></em>.<p>
+-Reason: <strong>Error reading from remote server</strong></p></p>
++The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p>
+ </body></html>
+ - Peer has closed the GnuTLS connection
+diff --git a/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output b/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output
+index f60e6f6..1c9cc06 100644
+--- a/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output
++++ b/test/tests/23_TLS_reverse_proxy_mismatched_priorities/output
+@@ -1,5 +1,5 @@
+ HTTP/1.1 502 Proxy Error
+-Content-Length: 407
++Content-Length: 341
+ Connection: close
+ Content-Type: text/html; charset=iso-8859-1
+
+@@ -10,7 +10,6 @@ Content-Type: text/html; charset=iso-8859-1
+ <h1>Proxy Error</h1>
+ <p>The proxy server received an invalid
+ response from an upstream server.<br />
+-The proxy server could not handle the request <em><a href="/proxy/test.txt">GET /proxy/test.txt</a></em>.<p>
+-Reason: <strong>Error reading from remote server</strong></p></p>
++The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p>
+ </body></html>
+ - Peer has closed the GnuTLS connection
+--
+2.20.1
+
diff -Nru mod-gnutls-0.9.0/debian/patches/disable-test16.patch mod-gnutls-0.9.0/debian/patches/disable-test16.patch
--- mod-gnutls-0.9.0/debian/patches/disable-test16.patch 1970-01-01 02:00:00.000000000 +0200
+++ mod-gnutls-0.9.0/debian/patches/disable-test16.patch 2020-02-08 23:14:39.000000000 +0200
@@ -0,0 +1,15 @@
+Description: Disable a test that fails with GnuTLS >= 3.6.11
+ A proper fix is in upstream release 0.10.0.
+Bug-Debian: https://bugs.debian.org/950301
+
+--- mod-gnutls-0.9.0.orig/test/Makefile.am
++++ mod-gnutls-0.9.0/test/Makefile.am
+@@ -18,7 +18,7 @@ dist_check_SCRIPTS = test-00_basic.bash
+ if USE_MSVA
+ dist_check_SCRIPTS += test-15_basic_msva.bash
+ endif
+-dist_check_SCRIPTS += test-16_view-status.bash \
++dist_check_SCRIPTS += \
+ test-17_cgi_vars_large_cert.bash \
+ test-18_client_verification_wrong_cert.bash \
+ test-19_TLS_reverse_proxy.bash \
diff -Nru mod-gnutls-0.9.0/debian/patches/series mod-gnutls-0.9.0/debian/patches/series
--- mod-gnutls-0.9.0/debian/patches/series 2019-02-08 23:25:17.000000000 +0200
+++ mod-gnutls-0.9.0/debian/patches/series 2020-02-08 23:14:39.000000000 +0200
@@ -1 +1,5 @@
0001-Never-build-PDF-documentation.patch
+0001-Fix-possible-segfault-NULL-pointer-dereference-on-fa.patch
+0001-Test-suite-Remove-URLs-from-expected-error-responses.patch
+0001-Test-suite-ignore-Content-Length-header.patch
+disable-test16.patch
