rpms/git
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Use default, collision-detecting SHA1 implementation

Browse Source 
Upstream changed the default SHA1 implementation in 2.13.0 to one which
detects collisions¹.  It may be slightly slower than BLK_SHA1 in some
cases, but the added safety it provides in the face of the SHAttered²
attack should be worth the cost.

We overrode the default SHA1 implementation in b796934 (Update to
git-1.6.5.rc2 - Enable Linus' block-sha1 implementation.)  The main
reason was to avoid linking against openssl's libcrypto for most
binaries, which saved a measurable amount of space.  Using the new
DC_SHA1 default provides the same benefit.

¹ https://github.com/git/git/commit/e6b07da278
² https://shattered.io/
This commit is contained in:
Todd Zullinger 2017-05-17 19:14:52 -04:00
parent 96b2923f07
commit e15c234c87
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
git.spec
View File

@ -70,7 +70,7 @@
Name: git Name: git
Version: 2.13.0 Version: 2.13.0
Release: 1%{?dist} Release: 2%{?dist}
Summary: Fast Version Control System Summary: Fast Version Control System
License: GPLv2 License: GPLv2
Group: Development/Tools Group: Development/Tools
@ -420,7 +420,6 @@ cat << \EOF > config.mak
V = 1 V = 1
CFLAGS = %{optflags} CFLAGS = %{optflags}
LDFLAGS = %{__global_ldflags} LDFLAGS = %{__global_ldflags}
BLK_SHA1 = 1
NEEDS_CRYPTO_WITH_SSL = 1 NEEDS_CRYPTO_WITH_SSL = 1
USE_LIBPCRE = 1 USE_LIBPCRE = 1
ETC_GITCONFIG = %{_sysconfdir}/gitconfig ETC_GITCONFIG = %{_sysconfdir}/gitconfig
@ -784,6 +783,9 @@ rm -rf %{buildroot}
# No files for you! # No files for you!
%changelog %changelog
* Wed May 17 2017 Todd Zullinger <tmz@pobox.com> - 2.13.0-2
- Use default, collision-detecting SHA1 implementation
* Tue May 09 2017 Todd Zullinger <tmz@pobox.com> - 2.13.0-1 * Tue May 09 2017 Todd Zullinger <tmz@pobox.com> - 2.13.0-1
- Update to 2.13.0 (resolves CVE-2017-8386) - Update to 2.13.0 (resolves CVE-2017-8386)