Update from upstream (TEST-PQ, nss pkcs12/smime, ...)
- reintroduce TEST-PQ (ML-DSA/ML-KEM) in a crypto-policies-pq-preview subpackage - LEGACY: enable 192-bit ciphers for nss pkcs12/smime - LEGACY: drop cipher@pkcs12 = SEED-CBC - fips-mode-setup: tolerate fips dracut module presence w/o FIPS - nss: be stricter with new purposes Resolves: RHEL-58241 Resolves: RHEL-59104 Resolves: RHEL-59625 Resolves: RHEL-61275
This commit is contained in:
parent
0e572a2e61
commit
db441e40e1
@ -1,5 +1,5 @@
|
|||||||
%global git_date 20240828
|
%global git_date 20241010
|
||||||
%global git_commit d2491114dd40d7e6a1e35c418cb48019004bd1b4
|
%global git_commit 7a71364675f3ffd2b328cabfe4362de0ee0e149d
|
||||||
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
|
||||||
|
|
||||||
%global _python_bytecompile_extra 0
|
%global _python_bytecompile_extra 0
|
||||||
@ -55,6 +55,21 @@ defined in simple policy definition files.
|
|||||||
The package also provides a tool fips-mode-setup, which can be used
|
The package also provides a tool fips-mode-setup, which can be used
|
||||||
to enable or disable the system FIPS mode.
|
to enable or disable the system FIPS mode.
|
||||||
|
|
||||||
|
%package pq-preview
|
||||||
|
Summary: Post-quantum crypto-policies [Technology Preview]
|
||||||
|
Requires: %{name} = %{version}-%{release}
|
||||||
|
Requires: liboqs
|
||||||
|
Requires: oqsprovider
|
||||||
|
|
||||||
|
%description pq-preview
|
||||||
|
This package TEST-PQ subpolicy policy with postquantum algorithms enabled.
|
||||||
|
It also depends on liboqs and oqs-provider to ensure they're installed.
|
||||||
|
|
||||||
|
This package is part of a Technology Preview.
|
||||||
|
Technology Preview features are not fully supported,
|
||||||
|
may not be functionally complete,
|
||||||
|
and are not suitable for deployment in production.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit}
|
%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit}
|
||||||
%autopatch -p1
|
%autopatch -p1
|
||||||
@ -202,7 +217,18 @@ exit 0
|
|||||||
%{_datarootdir}/crypto-policies/default-config
|
%{_datarootdir}/crypto-policies/default-config
|
||||||
%{_datarootdir}/crypto-policies/default-fips-config
|
%{_datarootdir}/crypto-policies/default-fips-config
|
||||||
%{_datarootdir}/crypto-policies/reload-cmds.sh
|
%{_datarootdir}/crypto-policies/reload-cmds.sh
|
||||||
%{_datarootdir}/crypto-policies/policies
|
%dir %{_datarootdir}/crypto-policies/policies
|
||||||
|
%{_datarootdir}/crypto-policies/policies/DEFAULT.pol
|
||||||
|
%{_datarootdir}/crypto-policies/policies/EMPTY.pol
|
||||||
|
%{_datarootdir}/crypto-policies/policies/FIPS.pol
|
||||||
|
%{_datarootdir}/crypto-policies/policies/FUTURE.pol
|
||||||
|
%{_datarootdir}/crypto-policies/policies/LEGACY.pol
|
||||||
|
%dir %{_datarootdir}/crypto-policies/policies/modules
|
||||||
|
%{_datarootdir}/crypto-policies/policies/modules/AD-SUPPORT.pmod
|
||||||
|
%{_datarootdir}/crypto-policies/policies/modules/ECDHE-ONLY.pmod
|
||||||
|
%{_datarootdir}/crypto-policies/policies/modules/NO-ENFORCE-EMS.pmod
|
||||||
|
%{_datarootdir}/crypto-policies/policies/modules/OSPP.pmod
|
||||||
|
# but not TEST-PQ
|
||||||
|
|
||||||
%{_libexecdir}/fips-setup-helper
|
%{_libexecdir}/fips-setup-helper
|
||||||
%{_libexecdir}/fips-crypto-policy-overlay
|
%{_libexecdir}/fips-crypto-policy-overlay
|
||||||
@ -220,7 +246,18 @@ exit 0
|
|||||||
%{_mandir}/man8/fips-mode-setup.8*
|
%{_mandir}/man8/fips-mode-setup.8*
|
||||||
%{_mandir}/man8/fips-finish-install.8*
|
%{_mandir}/man8/fips-finish-install.8*
|
||||||
|
|
||||||
|
%files pq-preview
|
||||||
|
%{_datarootdir}/crypto-policies/policies/modules/TEST-PQ.pmod
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 10 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241010-1.git7a71364
|
||||||
|
- reintroduce TEST-PQ (ML-DSA/ML-KEM) in a crypto-policies-pq-preview subpackage
|
||||||
|
- LEGACY: enable 192-bit ciphers for nss pkcs12/smime
|
||||||
|
- LEGACY: drop cipher@pkcs12 = SEED-CBC
|
||||||
|
- fips-mode-setup: tolerate fips dracut module presence w/o FIPS
|
||||||
|
- nss: be stricter with new purposes
|
||||||
|
|
||||||
* Wed Aug 28 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240828-1.gitd249111
|
* Wed Aug 28 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240828-1.gitd249111
|
||||||
- fips-mode-setup: small Argon2 detection fix
|
- fips-mode-setup: small Argon2 detection fix
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (crypto-policies-gitd249111.tar.gz) = ec645097947af08b261fbf432e3877d4caee04edbd562fefb38831178240093a14be29de88737ddf6056308253304c0dddfa269d92b4e13705745110d1538f73
|
SHA512 (crypto-policies-git7a71364.tar.gz) = ff03803ae77a7e7a55f929583ebc4a8d92b601ff8450e9d8670021862f50695bb51b72d320548f80e533708114e44ef82823d22c8122eab3a071f880d84d0715
|
||||||
|
Loading…
Reference in New Issue
Block a user