From 3d7459d10a72a7f583dd8c1d0be009c346d863b8 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sat, 17 Dec 2022 15:55:33 +0900
Subject: build: disable TLS heartbeat extension by default

The heartbeat extension in TLS (RFC 6520) is not widely used given
other implementations dropped support for it. This makes it disabled
by default, though the users are able to enable it back with the
--enable-heartbeat-support configure option.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 NEWS        | 6 ++++++
 m4/hooks.m4 | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index b769566ba3..cc5a064843 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,12 @@ and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
    priority modifier have been added to allow disabling of the
    status_request TLS extension in the client side.
 
+** libgnutls: TLS heartbeat is disabled by default.
+   The heartbeat extension in TLS (RFC 6520) is not widely used given
+   other implementations dropped support for it. To enable back
+   support for it, supply --enable-heartbeat-support to configure
+   script.
+
 ** minitasn1: Upgraded to libtasn1 version 4.19.
 
 ** API and ABI modifications:
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index f3cdaa8586..10e23afc54 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -232,11 +232,11 @@ LIBTASN1_MINIMUM=4.9
   fi
   AM_CONDITIONAL(ENABLE_ALPN, test "$ac_enable_alpn" != "no")
 
-  ac_enable_heartbeat=yes
+  ac_enable_heartbeat=no
   AC_MSG_CHECKING([whether to enable TLS heartbeat support])
   AC_ARG_ENABLE(heartbeat-support,
-    AS_HELP_STRING([--disable-heartbeat-support],
-                   [disable support for the heartbeat extension]),
+    AS_HELP_STRING([--enable-heartbeat-support],
+                   [enable support for the heartbeat extension]),
     ac_enable_heartbeat=$enableval)
   if test x$ac_enable_heartbeat != xno; then
    AC_MSG_RESULT(yes)
-- 
cgit v1.2.1


From ad1231aab95d5340cbe7f7f986a195f43f53e8a8 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 19 Dec 2022 18:40:37 +0900
Subject: .gitlab-ci.yml: ensure libtasn1-tools is installed

With recent DNF, removing libtasn1-devel causes libtasn1-tools to be
removed.  Manually reinstall it in that case.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7d4b6805b6..39f41aebd2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -345,6 +345,7 @@ fedora-minimal/build:
     - fedora/bootstrap
   script:
     - dnf remove -y libunistring-devel libtasn1-devel libidn-devel
+    - dnf install -y libtasn1-tools
     - dash ./configure --cache-file $CCACHE_FILE --with-included-libtasn1
       --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests
       --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication
-- 
cgit v1.2.1