Disable certificate compression support by default
It turnd out that it will introduce an RFC compliance issue: https://gitlab.com/gnutls/gnutls/-/issues/1397 This disables the feature by not linking to any compression library. Related: #2097327 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno
parent
8be21cf2c4
commit
6c2f661b1a
@ -48,6 +48,7 @@ Patch: gnutls-3.7.6-gmp-static.patch
|
|||||||
%bcond_with tpm12
|
%bcond_with tpm12
|
||||||
%bcond_without tpm2
|
%bcond_without tpm2
|
||||||
%bcond_with gost
|
%bcond_with gost
|
||||||
|
%bcond_with certificate_compression
|
||||||
%bcond_without tests
|
%bcond_without tests
|
||||||
|
|
||||||
Summary: A TLS protocol implementation
|
Summary: A TLS protocol implementation
|
||||||
@ -284,6 +285,9 @@ export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
|
|||||||
--enable-libdane \
|
--enable-libdane \
|
||||||
%else
|
%else
|
||||||
--disable-libdane \
|
--disable-libdane \
|
||||||
|
%endif
|
||||||
|
%if %{with certificate_compression}
|
||||||
|
--without-zlib --without-brotli --without-zstd \
|
||||||
%endif
|
%endif
|
||||||
--disable-rpath \
|
--disable-rpath \
|
||||||
--with-default-priority-string="@SYSTEM"
|
--with-default-priority-string="@SYSTEM"
|
||||||
@ -388,6 +392,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
|
|||||||
%changelog
|
%changelog
|
||||||
* Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-8
|
* Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-8
|
||||||
- Bundle GMP to privatize memory functions
|
- Bundle GMP to privatize memory functions
|
||||||
|
- Disable certificate compression support by default
|
||||||
|
|
||||||
* Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-7
|
* Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-7
|
||||||
- Update gnutls-3.7.6-cpuid-fixes.patch
|
- Update gnutls-3.7.6-cpuid-fixes.patch
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user