import crypto-policies-20200629-1.git806b5d3.el8

2020-07-14 01:12:35 +00:00 · 2020-07-14 01:12:35 +00:00 · 33f90e1694
commit 33f90e1694
parent 1d2a0511f1
3 changed files with 41 additions and 34 deletions
--- a/.crypto-policies.metadata
+++ b/.crypto-policies.metadata
@ -1 +1 @@
-2834b0c37f4c14cfeebb650da7565d2f3830c9c9 SOURCES/crypto-policies-git63fc906.tar.gz
+b17e88d01d90c55feb4dd5f5e8faf8e96d3a8069 SOURCES/crypto-policies-git806b5d3.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/crypto-policies-git63fc906.tar.gz
+SOURCES/crypto-policies-git806b5d3.tar.gz
--- a/SPECS/crypto-policies.spec
+++ b/SPECS/crypto-policies.spec
@ -1,12 +1,12 @@
-%global git_date 20200527
-%global git_commit 63fc906fb32cd699f9bc0a48f9c3b9d0fa7310dd
+%global git_date 20200629
+%global git_commit 806b5d33a0cac789fd07da2d2a7c25767b8533a7
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}

 %global _python_bytecompile_extra 0

 Name:           crypto-policies
 Version:        %{git_date}
-Release:        4.git%{git_commit_hash}%{?dist}
+Release:        1.git%{git_commit_hash}%{?dist}
 Summary:        System-wide crypto policies

 License:        LGPLv2+
@ -27,16 +27,10 @@ BuildRequires: perl(File::pushd), perl(File::Temp), perl(File::Copy)
 BuildRequires: perl(File::Which)
 BuildRequires: python3-devel

-# used by update-crypto-policies
-Requires: coreutils
-Requires: grep
-Requires: sed
-Requires(post): coreutils
-Requires(post): grep
-Requires(post): sed
 Conflicts: nss < 3.44.0
 Conflicts: libreswan < 3.28
 Conflicts: openssh < 8.0p1-5
+Conflicts: gnutls < 3.6.12
 # Most users want this, the split is mostly for minimal images
 Recommends: crypto-policies-scripts

@ -102,14 +96,15 @@ make check %{?_smp_mflags}

 %post -p <lua>
 if not posix.access("%{_sysconfdir}/crypto-policies/config") then
-    local f = io.open("/proc/sys/crypto/fips_enabled", "r")
-    if f then
    local policy = "DEFAULT"
-        if f:read() == "1" then
+    local cf = io.open("/proc/sys/crypto/fips_enabled", "r")
+    if cf then
+        if cf:read() == "1" then
            policy = "FIPS"
        end
-        f:close()
-        local cf = io.open("%{_sysconfdir}/crypto-policies/config", "w")
+        cf:close()
+    end
+    cf = io.open("%{_sysconfdir}/crypto-policies/config", "w")
    if cf then
        cf:write(policy.."\n")
        cf:close()
@ -127,7 +122,6 @@ if not posix.access("%{_sysconfdir}/crypto-policies/config") then
        posix.symlink(policypath.."/"..fn, cfgfn)
    end
 end
-end

 %posttrans scripts
 %{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :
@ -185,6 +179,19 @@ end
 %{_mandir}/man8/fips-finish-install.8*

 %changelog
+* Wed Jul  1 2020 Tomáš Mráz <tmraz@redhat.com> - 20200629-1.git806b5d3
+- disallow X448/ED448 in FIPS policy with gnutls >= 3.6.12
+- add AD-SUPPORT policy module
+
+* Wed Jun 10 2020 Tomáš Mráz <tmraz@redhat.com> - 20200610-1.git0ac8b1f
+- fallback to FIPS policy instead of the default-config in FIPS mode
+- java: Document properly how to override the crypto policy
+- krb5: No support for 3des anymore
+- reorder the signature algorithms to follow the order in default openssl list
+
+* Tue Jun  9 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-5.gitb234a47
+- make the post script work in environments where /proc/sys is not available
+
 * Fri May 29 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-4.gitb234a47
 - automatically set up FIPS policy in FIPS mode on first install