diff options
| author | Todd Zullinger <tmz@pobox.com> | 2018-08-10 20:23:49 -0400 |
|---|---|---|
| committer | Todd Zullinger <tmz@pobox.com> | 2018-08-10 22:47:04 -0400 |
| commit | f7dfb125869d97c5113e76c623001545bb43ffc0 (patch) | |
| tree | 968f2e5f1d9f12803a6c1f2d0d40c71d164c7e96 | |
| parent | 9fada3c67561a77fa09a4dd380fb4a8a005a3208 (diff) | |
| download | cgit_EL6-f7dfb125869d97c5113e76c623001545bb43ffc0.tar.gz | |
use git's default, collision-detecting SHA1 implementation
Now that the bundled git is > 2.13.0 we can drop the BLK_SHA1 make
variable¹. The git default is now DC_SHA1 which provides collision
detection to help protect against the SHATTERED attack.
¹ As noted in bb6278b ("avoid libcrypto.so requires", 2018-06-16)
| -rw-r--r-- | cgit.spec | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -34,7 +34,7 @@ Name: cgit Version: 1.2.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A fast web interface for git License: GPLv2 @@ -113,7 +113,6 @@ cat << \EOF > git/config.mak V = 1 CFLAGS = %{optflags} LDFLAGS = %{?__global_ldflags} -BLK_SHA1 = YesPlease EOF # remove env shebang's from filter scripts @@ -174,6 +173,9 @@ make test %changelog +* Fri Aug 10 2018 Todd Zullinger <tmz@pobox.com> - 1.2.1-2 +- use git's default, collision-detecting SHA1 implementation + * Fri Aug 03 2018 Todd Zullinger <tmz@pobox.com> - 1.2.1-1 - Update to 1.2.1, fixes directory traversal vulnerability |