From d3478ae6b5a4aba22d6d25013b339fe42511ed49 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 2 Aug 2021 10:47:51 +0200 Subject: [PATCH] Disable GOST cryptography by default Also tighten timestamp adjustment when not bootstrapping. Resolves: #1945292 Signed-off-by: Daiki Ueno --- gnutls.spec | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/gnutls.spec b/gnutls.spec index 7a3fc6b..eb777b4 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,6 +1,6 @@ # This spec file has been automatically updated Version: 3.7.2 -Release: 3%{?dist} +Release: 4%{?dist} Patch1: gnutls-3.6.7-no-now-guile.patch Patch2: gnutls-3.2.7-rpath.patch Patch3: gnutls-3.7.2-config-allowlisting.patch @@ -15,6 +15,7 @@ Patch4: gnutls-3.7.2-key-share-ecdhx.patch %bcond_without fips %endif %bcond_with tpm12 +%bcond_with gost Summary: A TLS protocol implementation Name: gnutls @@ -165,7 +166,10 @@ rm -f lib/minitasn1/*.c lib/minitasn1/*.h echo "SYSTEM=NORMAL" >> tests/system.prio %if !%{with bootstrap} -touch doc/stamp* doc/*.texi doc/*.info doc/*.html doc/manpages/stamp_mans +touch doc/*.texi +touch doc/*.info doc/*.html +# stamp files should have a newer timestamp than the artifacts +touch doc/stamp* doc/manpages/stamp_mans %endif # Note that we explicitly enable SHA1, as SHA1 deprecation is handled @@ -189,6 +193,11 @@ export GUILD %configure \ %if %{with fips} --enable-fips140-mode \ +%endif +%if %{with gost} + --enable-gost \ +%else + --disable-gost \ %endif --enable-sha1-support \ --disable-static \ @@ -301,6 +310,10 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null %endif %changelog +* Mon Aug 2 2021 Daiki Ueno - 3.7.2-4 +- Disable GOST cryptography by default (#1945292) +- Tighten timestamp adjustment when not bootstrapping (#1975482) + * Mon Jun 28 2021 Daiki Ueno - 3.7.2-3 - Enable allowlisting configuration mode (#1975421)