Disable GOST cryptography by default

Also tighten timestamp adjustment when not bootstrapping.

Resolves: #1945292
Signed-off-by: Daiki Ueno <dueno@redhat.com>

gnutls.spec

@@ -1,6 +1,6 @@
 # This spec file has been automatically updated
 Version:	3.7.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
 Patch2:	gnutls-3.2.7-rpath.patch
 Patch3:	gnutls-3.7.2-config-allowlisting.patch
@@ -15,6 +15,7 @@ Patch4:	gnutls-3.7.2-key-share-ecdhx.patch
 %bcond_without fips
 %endif
 %bcond_with tpm12
+%bcond_with gost
 
 Summary: A TLS protocol implementation
 Name: gnutls
@@ -165,7 +166,10 @@ rm -f lib/minitasn1/*.c lib/minitasn1/*.h
 echo "SYSTEM=NORMAL" >> tests/system.prio
 
 %if !%{with bootstrap}
-touch doc/stamp* doc/*.texi doc/*.info doc/*.html doc/manpages/stamp_mans
+touch doc/*.texi
+touch doc/*.info doc/*.html 
+# stamp files should have a newer timestamp than the artifacts
+touch doc/stamp* doc/manpages/stamp_mans
 %endif
 
 # Note that we explicitly enable SHA1, as SHA1 deprecation is handled
@@ -189,6 +193,11 @@ export GUILD
 %configure \
 %if %{with fips}
            --enable-fips140-mode \
+%endif
+%if %{with gost}
+    	   --enable-gost \
+%else
+	   --disable-gost \
 %endif
 	   --enable-sha1-support \
            --disable-static \
@@ -301,6 +310,10 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %endif
 
 %changelog
+* Mon Aug  2 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-4
+- Disable GOST cryptography by default (#1945292)
+- Tighten timestamp adjustment when not bootstrapping (#1975482)
+
 * Mon Jun 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-3
 - Enable allowlisting configuration mode (#1975421)