Use default, collision-detecting SHA1 implementation

Upstream changed the default SHA1 implementation in 2.13.0 to one which detects collisions¹. It may be slightly slower than BLK_SHA1 in some cases, but the added safety it provides in the face of the SHAttered² attack should be worth the cost. We overrode the default SHA1 implementation in b796934 (Update to git-1.6.5.rc2 - Enable Linus' block-sha1 implementation.) The main reason was to avoid linking against openssl's libcrypto for most binaries, which saved a measurable amount of space. Using the new DC_SHA1 default provides the same benefit. ¹ https://github.com/git/git/commit/e6b07da278 ² https://shattered.io/
2017-05-17 19:14:52 -04:00 · 2017-05-17 19:14:52 -04:00 · e15c234c87
commit e15c234c87
parent 96b2923f07
1 changed files with 4 additions and 2 deletions
--- a/git.spec
+++ b/git.spec
@ -70,7 +70,7 @@

 Name:           git
 Version:        2.13.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Fast Version Control System
 License:        GPLv2
 Group:          Development/Tools
@ -420,7 +420,6 @@ cat << \EOF > config.mak
 V = 1
 CFLAGS = %{optflags}
 LDFLAGS = %{__global_ldflags}
-BLK_SHA1 = 1
 NEEDS_CRYPTO_WITH_SSL = 1
 USE_LIBPCRE = 1
 ETC_GITCONFIG = %{_sysconfdir}/gitconfig
@ -784,6 +783,9 @@ rm -rf %{buildroot}
 # No files for you!

 %changelog
+* Wed May 17 2017 Todd Zullinger <tmz@pobox.com> - 2.13.0-2
+- Use default, collision-detecting SHA1 implementation
+
 * Tue May 09 2017 Todd Zullinger <tmz@pobox.com> - 2.13.0-1
 - Update to 2.13.0 (resolves CVE-2017-8386)