From 209406ce373ac4723c6ceb4515cef923fb33e281 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 28 Mar 2024 09:58:36 +0000 Subject: [PATCH] import CS crypto-policies-20240202-1.git283706d.el9 --- .crypto-policies.metadata | 2 +- .gitignore | 2 +- SPECS/crypto-policies.spec | 38 ++++++++++++++++++++++++++++++++++---- 3 files changed, 36 insertions(+), 6 deletions(-) diff --git a/.crypto-policies.metadata b/.crypto-policies.metadata index ae21469..cb7bb96 100644 --- a/.crypto-policies.metadata +++ b/.crypto-policies.metadata @@ -1 +1 @@ -ebca51d3017ee207680f9ae109e49ed78e8f479b SOURCES/crypto-policies-git94f0e2c.tar.gz +61d1e62750bb43415038892681dd29637832ee4d SOURCES/crypto-policies-git283706d.tar.gz diff --git a/.gitignore b/.gitignore index e8cc4c7..6b5168f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/crypto-policies-git94f0e2c.tar.gz +SOURCES/crypto-policies-git283706d.tar.gz diff --git a/SPECS/crypto-policies.spec b/SPECS/crypto-policies.spec index 5ffc825..4980042 100644 --- a/SPECS/crypto-policies.spec +++ b/SPECS/crypto-policies.spec @@ -1,5 +1,5 @@ -%global git_date 20230731 -%global git_commit 94f0e2c4f7ebf2b1513b405d11227bae79ffe070 +%global git_date 20240202 +%global git_commit 283706dbc258f4ac0b19b3291bc18f9b691b222f %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %global _python_bytecompile_extra 0 @@ -31,18 +31,21 @@ Version: %{git_date} Release: 1.git%{git_commit_hash}%{?dist} Summary: System-wide crypto policies -License: LGPLv2+ +License: LGPL-2.1-or-later URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies # For RHEL-9 we use the upstream branch rhel9. Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz +%if 0%{?rhel} >= 10 +ExclusiveArch: %{java_arches} noarch +%endif BuildArch: noarch BuildRequires: asciidoc BuildRequires: libxslt BuildRequires: openssl BuildRequires: nss-tools BuildRequires: gnutls-utils >= 3.6.0 -BuildRequires: java-1.8.0-openjdk-devel +BuildRequires: java-devel BuildRequires: bind BuildRequires: perl-interpreter BuildRequires: perl-generators @@ -238,6 +241,33 @@ end %{_mandir}/man8/fips-finish-install.8* %changelog +* Fri Feb 02 2024 Alexander Sosedkin - 20240202-1.git283706d +- fips-finish-install: make sure ostree is detected in chroot +- fips-mode-setup: make sure ostree is detected in chroot +- fips-finish-install: Create/remove /etc/system-fips on ostree systems +- java: disable ChaCha20-Poly1305 where applicable + +* Mon Nov 13 2023 Clemens Lang - 20231113-1.gite9247c2 +- fips-mode-setup: Fix test for empty /boot (RHEL-11350) +- fips-mode-setup: Avoid 'boot=UUID=' if /boot == / (RHEL-11350) + +* Thu Nov 09 2023 Clemens Lang - 20231109-1.git0ceff7f +- Restore support for scoped ssh_etm directives (RHEL-15925) +- Print matches in syntax deprecation warnings (RHEL-15925) + +* Wed Nov 08 2023 Clemens Lang - 20231108-1.git994ae09 +- turn ssh_etm into an etm@SSH tri-state (RHEL-15925) +- fips-mode-setup: increase chroot-friendliness (RHEL-11350) +- fips-mode-setup: Fix usage with --no-bootcfg (RHEL-11350) + +* Mon Oct 16 2023 Alexander Sosedkin - 20231016-1.git77ceb0b +- openssl: fix SHA1 and NO-ENFORCE-EMS interaction +- bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx + +* Wed Sep 20 2023 Alexander Sosedkin - 20230920-1.git8dcf74d +- OSPP subpolicy: tighten beyond reason for OSPP 4.3 +- fips-mode-setup: more thorough --disable, still unsupported + * Mon Jul 31 2023 Alexander Sosedkin - 20230731-1.git94f0e2c - krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones - FIPS: enforce EMS in FIPS mode