import UBI crypto-policies-20221215-1.git9a18988.el9_2.1

This commit is contained in:
eabdullin 2023-09-12 09:52:29 +00:00
parent f662715b60
commit 19188a581d
3 changed files with 18 additions and 9 deletions

View File

@ -1 +1 @@
fbe5c6bd87287dd2059da06f83ce4363ed898773 SOURCES/crypto-policies-git9a18988.tar.gz 8fe9be3f275cc392417de1c44d15fe4269b609c2 SOURCES/crypto-policies-git03b28b3.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/crypto-policies-git9a18988.tar.gz SOURCES/crypto-policies-git03b28b3.tar.gz

View File

@ -1,5 +1,4 @@
%global git_date 20221215 %global git_commit 03b28b32c3dd992c251b9a05352f1234582c18e4
%global git_commit 9a189880a1cda3c0bbedab06d405c0a724c0a2f7
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
%global _python_bytecompile_extra 0 %global _python_bytecompile_extra 0
@ -27,19 +26,20 @@
%endif %endif
Name: crypto-policies Name: crypto-policies
Version: %{git_date} Version: 20221215
Release: 1.git%{git_commit_hash}%{?dist} Release: 1.git9a18988%{?dist}.1
Summary: System-wide crypto policies Summary: System-wide crypto policies
License: LGPLv2+ License: LGPLv2+
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
# For RHEL-9 we use the upstream branch rhel9. # For RHEL-9.2 we use the upstream branch rhel9.2 and are freezing version at 20221215-1.git9a18988.
Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
BuildArch: noarch BuildArch: noarch
BuildRequires: asciidoc BuildRequires: asciidoc
BuildRequires: libxslt BuildRequires: libxslt
BuildRequires: openssl BuildRequires: openssl
BuildRequires: nss-tools
BuildRequires: gnutls-utils >= 3.6.0 BuildRequires: gnutls-utils >= 3.6.0
BuildRequires: java-1.8.0-openjdk-devel BuildRequires: java-1.8.0-openjdk-devel
BuildRequires: bind BuildRequires: bind
@ -52,10 +52,10 @@ BuildRequires: python3-pytest
BuildRequires: make BuildRequires: make
Conflicts: openssl < 1:3.0.1-10 Conflicts: openssl < 1:3.0.1-10
Conflicts: nss < 3.44.0 Conflicts: nss < 3.90.0
Conflicts: libreswan < 3.28 Conflicts: libreswan < 3.28
Conflicts: openssh < 8.7p1-24 Conflicts: openssh < 8.7p1-24
Conflicts: gnutls < 3.7.2-3 Conflicts: gnutls < 3.7.6-21.el9_2
%description %description
This package provides pre-built configuration files with This package provides pre-built configuration files with
@ -190,6 +190,7 @@ end
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config
%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssl_fips.config
# %verify(not mode) comes from the fact # %verify(not mode) comes from the fact
# these turn into symlinks and back to regular files at will, see bz1898986 # these turn into symlinks and back to regular files at will, see bz1898986
@ -219,6 +220,14 @@ end
%{_mandir}/man8/fips-finish-install.8* %{_mandir}/man8/fips-finish-install.8*
%changelog %changelog
* Wed Aug 02 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988.1
- FIPS: enforce EMS in FIPS mode
- NO-ENFORCE-EMS: add subpolicy to undo the EMS enforcement in FIPS mode
- nss: implement EMS enforcement in FIPS mode
- openssl: implement EMS enforcement in FIPS mode
- gnutls: implement EMS enforcement in FIPS mode
- docs: replace `FIPS 140-2` with just `FIPS 140`
* Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988 * Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
- bind: expand the list of disableable algorithms - bind: expand the list of disableable algorithms