Disable GOST cryptography by default

Also tighten timestamp adjustment when not bootstrapping. Resolves: #1945292 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2021-08-02 10:47:51 +02:00 · 2021-08-02 10:47:51 +02:00 · d3478ae6b5
commit d3478ae6b5
parent 484128d379
1 changed files with 15 additions and 2 deletions
--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,6 +1,6 @@
 # This spec file has been automatically updated
 Version:	3.7.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
 Patch2:	gnutls-3.2.7-rpath.patch
 Patch3:	gnutls-3.7.2-config-allowlisting.patch
@ -15,6 +15,7 @@ Patch4:	gnutls-3.7.2-key-share-ecdhx.patch
 %bcond_without fips
 %endif
 %bcond_with tpm12
+%bcond_with gost

 Summary: A TLS protocol implementation
 Name: gnutls
@ -165,7 +166,10 @@ rm -f lib/minitasn1/*.c lib/minitasn1/*.h
 echo "SYSTEM=NORMAL" >> tests/system.prio

 %if !%{with bootstrap}
-touch doc/stamp* doc/*.texi doc/*.info doc/*.html doc/manpages/stamp_mans
+touch doc/*.texi
+touch doc/*.info doc/*.html 
+# stamp files should have a newer timestamp than the artifacts
+touch doc/stamp* doc/manpages/stamp_mans
 %endif

 # Note that we explicitly enable SHA1, as SHA1 deprecation is handled
@ -189,6 +193,11 @@ export GUILD
 %configure \
 %if %{with fips}
           --enable-fips140-mode \
+%endif
+%if %{with gost}
+    	   --enable-gost \
+%else
+	   --disable-gost \
 %endif
 	   --enable-sha1-support \
           --disable-static \
@ -301,6 +310,10 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %endif

 %changelog
+* Mon Aug  2 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-4
+- Disable GOST cryptography by default (#1945292)
+- Tighten timestamp adjustment when not bootstrapping (#1975482)
+
 * Mon Jun 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-3
 - Enable allowlisting configuration mode (#1975421)