Drop support for GNUTLS_NO_EXPLICIT_INIT envvar

Also expand documentation of gnutls_{hash,hmac}_copy, mentioning that
those do not always work.

Resolves: #1999639
Signed-off-by: Daiki Ueno <dueno@redhat.com>

gnutls-3.7.2-doc-hash-copy.patch

@@ -0,0 +1,44 @@
+From 7b68571f43b68085ba9f36afb1e3e97b3ba8d2d5 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 22 Dec 2021 08:16:27 +0100
+Subject: [PATCH 2/2] Update documentation of gnutls_{hash,hmac}_copy
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ doc/functions/gnutls_hash_copy | 4 +++-
+ doc/functions/gnutls_hmac_copy | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/doc/functions/gnutls_hash_copy b/doc/functions/gnutls_hash_copy
+index 600c0e7..aac7d5d 100644
+--- a/doc/functions/gnutls_hash_copy
++++ b/doc/functions/gnutls_hash_copy
+@@ -8,7 +8,9 @@
+ This function will create a copy of Message Digest context, containing all
+ its current state. Copying contexts for Message Digests registered using
+ @code{gnutls_crypto_register_digest()}  is not supported and will always result in
+-an error.
++an error. In addition to that, some of the Message Digest implementations do
++not support this operation. Applications should check the return value and
++provide a proper fallback.
+ 
+ @strong{Returns:} new Message Digest context or NULL in case of an error.
+ 
+diff --git a/doc/functions/gnutls_hmac_copy b/doc/functions/gnutls_hmac_copy
+index a219b21..93b20d5 100644
+--- a/doc/functions/gnutls_hmac_copy
++++ b/doc/functions/gnutls_hmac_copy
+@@ -8,7 +8,9 @@
+ This function will create a copy of MAC context, containing all its current
+ state. Copying contexts for MACs registered using
+ @code{gnutls_crypto_register_mac()}  is not supported and will always result in an
+-error.
++error. In addition to that, some of the MAC implementations do not support
++this operation. Applications should check the return value and provide a
++proper fallback.
+ 
+ @strong{Returns:} new MAC context or NULL in case of an error.
+ 
+-- 
+2.31.1
+

gnutls-3.7.2-no-explicit-init.patch

@@ -0,0 +1,32 @@
+From 36a92d984020df16296784a7ad613c9693469d23 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 21 Dec 2021 16:28:09 +0100
+Subject: [PATCH 1/2] Remove GNUTLS_NO_EXPLICIT_INIT compatibility
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ lib/global.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/lib/global.c b/lib/global.c
+index 3731418..1384045 100644
+--- a/lib/global.c
++++ b/lib/global.c
+@@ -500,14 +500,6 @@ static void _CONSTRUCTOR lib_init(void)
+ 			return;
+ 	}
+ 
+-	e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT");
+-	if (e != NULL) {
+-		_gnutls_debug_log("GNUTLS_NO_EXPLICIT_INIT is deprecated; use GNUTLS_NO_IMPLICIT_INIT\n");
+-		ret = atoi(e);
+-		if (ret == 1)
+-			return;
+-	}
+-
+ 	ret = _gnutls_global_init(1);
+ 	if (ret < 0) {
+ 		fprintf(stderr, "Error in GnuTLS initialization: %s\n", gnutls_strerror(ret));
+-- 
+2.31.1
+

gnutls.spec

@@ -8,6 +8,8 @@ Patch4:	gnutls-3.7.2-key-share-ecdhx.patch
 Patch5:	gnutls-3.7.2-enable-intel-cet.patch
 Patch6: gnutls-3.7.2-libopts-covscan.patch
 Patch7: gnutls-3.7.2-config-allowlisting-race.patch
+Patch8: gnutls-3.7.2-no-explicit-init.patch
+Patch9: gnutls-3.7.2-doc-hash-copy.patch
 %bcond_with bootstrap
 %bcond_without dane
 %if 0%{?rhel}
@@ -323,6 +325,12 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %endif
 
 %changelog
+* Wed Dec 22 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-9
+- Drop support for GNUTLS_NO_EXPLICIT_INIT envvar in favor of
+  GNUTLS_NO_IMPLICIT_INIT (#1999639)
+- Expand documentation of gnutls_{hash,hmac}_copy, mentioning that
+  those do not always work (#1999639)
+
 * Tue Dec 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-9
 - Fix race condition when resolving SYSTEM priority in allowlisting mode (#2012249)