Thanks, applied as 9f60cce118b1c89d7a76ef9a53fa519c932f680d.
Michael
[sent from post-receive hook]
On Fri, 22 Apr 2022 07:35:22 +0200, Christian Melki <christian.melki@t2data.com> wrote:
> Various fixes and function expansion.
> Notable additions:
> Certificate compression. RFC8879.
> More extensive x509 sanity checking configure option. RFC5280.
> https://gitlab.com/gnutls/gnutls/-/blob/master/NEWS
>
> * Remove obsoleted configure options.
> * Disable compression options.
> zstd and brotli option are misspelled (configure help vs actual option).
> They will be corrected in the next release.
> * Disable stricter x509 checking.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20220411192409.3525611-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/gnutls.make b/rules/gnutls.make
> index bc5d69cf0db9..785522c2acc2 100644
> --- a/rules/gnutls.make
> +++ b/rules/gnutls.make
> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_GNUTLS) += gnutls
> #
> # Paths and names
> #
> -GNUTLS_VERSION := 3.7.3
> -GNUTLS_MD5 := 3723d8fee66c5d45d780ca64c089ed23
> +GNUTLS_VERSION := 3.7.4
> +GNUTLS_MD5 := 4bce06332c525eae540bb237433d4225
> GNUTLS := gnutls-$(GNUTLS_VERSION)
> GNUTLS_SUFFIX := tar.xz
> GNUTLS_URL := https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/$(GNUTLS).$(GNUTLS_SUFFIX)
> @@ -53,6 +53,7 @@ GNUTLS_CONF_OPT := \
> --enable-strict-der-time \
> --enable-sha1-support \
> --disable-ssl3-support \
> + --disable-strict-x509 \
> --enable-ssl2-support \
> --enable-dtls-srtp-support \
> --enable-alpn-support \
> @@ -70,9 +71,6 @@ GNUTLS_CONF_OPT := \
> --$(call ptx/endis, PTXCONF_GNUTLS_OPENSSL)-openssl-compatibility \
> --disable-tests \
> --disable-fuzzer-target \
> - --disable-gtk-doc \
> - --disable-gtk-doc-html \
> - --disable-gtk-doc-pdf \
> --disable-nls \
> --disable-rpath \
> --disable-seccomp-tests \
> @@ -90,12 +88,15 @@ GNUTLS_CONF_OPT := \
> --with-nettle-mini \
> --without-included-libtasn1 \
> --with-included-unistring \
> + --without-libbrotli \
> --without-fips140-key \
> --without-idn \
> --without-p11-kit \
> --without-tpm2 \
> --without-tpm \
> --without-trousers-lib \
> + --without-zlib \
> + --without-libzstd \
> --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt
>
> # ----------------------------------------------------------------------------
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de