From 6c2f661b1a7afdce242000d0f17929150fcc105a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 24 Aug 2022 18:57:38 +0900
Subject: [PATCH] Disable certificate compression support by default

It turnd out that it will introduce an RFC compliance issue:
https://gitlab.com/gnutls/gnutls/-/issues/1397
This disables the feature by not linking to any compression library.

Related: #2097327
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 gnutls.spec | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gnutls.spec b/gnutls.spec
index 4414974..5919123 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -48,6 +48,7 @@ Patch: gnutls-3.7.6-gmp-static.patch
 %bcond_with tpm12
 %bcond_without tpm2
 %bcond_with gost
+%bcond_with certificate_compression
 %bcond_without tests
 
 Summary: A TLS protocol implementation
@@ -284,6 +285,9 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
            --enable-libdane \
 %else
            --disable-libdane \
+%endif
+%if %{with certificate_compression}
+	   --without-zlib --without-brotli --without-zstd \
 %endif
            --disable-rpath \
            --with-default-priority-string="@SYSTEM"
@@ -388,6 +392,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %changelog
 * Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-8
 - Bundle GMP to privatize memory functions
+- Disable certificate compression support by default
 
 * Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-7
 - Update gnutls-3.7.6-cpuid-fixes.patch