Use default, collision-detecting SHA1 implementation
Upstream changed the default SHA1 implementation in 2.13.0 to one which detects collisions. It may be slightly slower than BLK_SHA1 in some cases, but the added safety it provides in the face of the SHAttered attack should be worth the cost.
We overrode the default SHA1 implementation in b796934 (Update to git-1.6.5.rc2 - Enable Linus' block-sha1 implementation.) The main reason was to avoid linking against openssl's libcrypto for most binaries, which saved a measurable amount of space. Using the new DC_SHA1 default provides the same benefit.
sudo dnf upgrade --advisory=FEDORA-2017-3bb960e4aa
Please login to add feedback.