import UBI crypto-policies-20230731-1.git94f0e2c.el9_3.1
This commit is contained in:
parent
19188a581d
commit
aef30ae6dd
|
@ -1 +1 @@
|
||||||
8fe9be3f275cc392417de1c44d15fe4269b609c2 SOURCES/crypto-policies-git03b28b3.tar.gz
|
7b2c7705996b7c988b1fa4852da8e14656326979 SOURCES/crypto-policies-gitb972148.tar.gz
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
SOURCES/crypto-policies-git03b28b3.tar.gz
|
SOURCES/crypto-policies-gitb972148.tar.gz
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
%global git_commit 03b28b32c3dd992c251b9a05352f1234582c18e4
|
%global git_commit b972148fd57556f86921a85c960b8808a8a09291
|
||||||
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
||||||
|
|
||||||
%global _python_bytecompile_extra 0
|
%global _python_bytecompile_extra 0
|
||||||
|
@ -26,13 +26,13 @@
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: crypto-policies
|
Name: crypto-policies
|
||||||
Version: 20221215
|
Version: 20230731
|
||||||
Release: 1.git9a18988%{?dist}.1
|
Release: 1.git94f0e2c%{?dist}.1
|
||||||
Summary: System-wide crypto policies
|
Summary: System-wide crypto policies
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
|
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
|
||||||
# For RHEL-9.2 we use the upstream branch rhel9.2 and are freezing version at 20221215-1.git9a18988.
|
# For RHEL-9.3 we use the upstream branch rhel9.3 and are freezing version at 20230731-1.git94f0e2c.
|
||||||
Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
|
Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
@ -41,7 +41,7 @@ BuildRequires: libxslt
|
||||||
BuildRequires: openssl
|
BuildRequires: openssl
|
||||||
BuildRequires: nss-tools
|
BuildRequires: nss-tools
|
||||||
BuildRequires: gnutls-utils >= 3.6.0
|
BuildRequires: gnutls-utils >= 3.6.0
|
||||||
BuildRequires: java-1.8.0-openjdk-devel
|
BuildRequires: java-devel
|
||||||
BuildRequires: bind
|
BuildRequires: bind
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
BuildRequires: perl-generators
|
BuildRequires: perl-generators
|
||||||
|
@ -55,7 +55,11 @@ Conflicts: openssl < 1:3.0.1-10
|
||||||
Conflicts: nss < 3.90.0
|
Conflicts: nss < 3.90.0
|
||||||
Conflicts: libreswan < 3.28
|
Conflicts: libreswan < 3.28
|
||||||
Conflicts: openssh < 8.7p1-24
|
Conflicts: openssh < 8.7p1-24
|
||||||
Conflicts: gnutls < 3.7.6-21.el9_2
|
%if 0%{?rhel} == 10
|
||||||
|
Conflicts: gnutls < 3.7.2-3
|
||||||
|
%else
|
||||||
|
Conflicts: gnutls < 3.7.6-22
|
||||||
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package provides pre-built configuration files with
|
This package provides pre-built configuration files with
|
||||||
|
@ -86,6 +90,18 @@ sed -i \
|
||||||
"s/MIN_RSA_DEFAULT = .*/MIN_RSA_DEFAULT = '%{MIN_RSA_NAME}'/" \
|
"s/MIN_RSA_DEFAULT = .*/MIN_RSA_DEFAULT = '%{MIN_RSA_NAME}'/" \
|
||||||
python/policygenerators/openssh.py
|
python/policygenerators/openssh.py
|
||||||
grep "MIN_RSA_DEFAULT = '%{MIN_RSA_NAME}'" python/policygenerators/openssh.py
|
grep "MIN_RSA_DEFAULT = '%{MIN_RSA_NAME}'" python/policygenerators/openssh.py
|
||||||
|
|
||||||
|
%if 0%{?rhel} == 10
|
||||||
|
# currently ELN 3.90-1 doesn't carry the TLS-REQUIRE-EMS patch
|
||||||
|
sed -i "s/'NSS_NO_TLS_REQUIRE_EMS', '0'/'NSS_NO_TLS_REQUIRE_EMS', '1'/" \
|
||||||
|
python/policygenerators/nss.py tests/nss.py
|
||||||
|
sed -i "s/:TLS-REQUIRE-EMS:/:/" tests/outputs/*FIPS*.txt
|
||||||
|
# currently ELN/RHEL gnutls do not carry the tls-session-hash patch
|
||||||
|
sed -i "s/'GNUTLS_NO_TLS_SESSION_HASH', '0'/'GNUTLS_NO_TLS_SESSION_HASH', '1'/" \
|
||||||
|
python/policygenerators/gnutls.py
|
||||||
|
sed -i "/^tls-session-hash =/d" tests/outputs/*FIPS*.txt
|
||||||
|
%endif
|
||||||
|
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
@ -129,6 +145,7 @@ done
|
||||||
%else
|
%else
|
||||||
[ "%{MIN_RSA_NAME}" == "RequiredRSASize" ] || exit 7
|
[ "%{MIN_RSA_NAME}" == "RequiredRSASize" ] || exit 7
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
make ON_RHEL9=1 test
|
make ON_RHEL9=1 test
|
||||||
|
|
||||||
%post -p <lua>
|
%post -p <lua>
|
||||||
|
@ -220,14 +237,25 @@ end
|
||||||
%{_mandir}/man8/fips-finish-install.8*
|
%{_mandir}/man8/fips-finish-install.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Aug 02 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988.1
|
* Wed Sep 20 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c.1
|
||||||
|
- OSPP subpolicy: tighten beyond reason for OSPP 4.3
|
||||||
|
|
||||||
|
* Mon Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c
|
||||||
|
- krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
|
||||||
- FIPS: enforce EMS in FIPS mode
|
- FIPS: enforce EMS in FIPS mode
|
||||||
- NO-ENFORCE-EMS: add subpolicy to undo the EMS enforcement in FIPS mode
|
- NO-ENFORCE-EMS: add subpolicy to undo the EMS enforcement in FIPS mode
|
||||||
- nss: implement EMS enforcement in FIPS mode
|
- nss: implement EMS enforcement in FIPS mode (disabled in ELN)
|
||||||
- openssl: implement EMS enforcement in FIPS mode
|
- openssl: implement EMS enforcement in FIPS mode
|
||||||
- gnutls: implement EMS enforcement in FIPS mode
|
- gnutls: implement EMS enforcement in FIPS mode (disabled in ELN)
|
||||||
- docs: replace `FIPS 140-2` with just `FIPS 140`
|
- docs: replace `FIPS 140-2` with just `FIPS 140`
|
||||||
|
|
||||||
|
* Wed Jun 14 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230614-1.git027799d
|
||||||
|
- policies: restore group order to old OpenSSL default order
|
||||||
|
|
||||||
|
* Fri May 05 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230505-1.gitf69bbc2
|
||||||
|
- openssl: set Groups explicitly
|
||||||
|
- openssl: add support for Brainpool curves
|
||||||
|
|
||||||
* Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
|
* Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
|
||||||
- bind: expand the list of disableable algorithms
|
- bind: expand the list of disableable algorithms
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue