From e69bea495b800fe648ed1773d1b191b305e8d09b Mon Sep 17 00:00:00 2001 From: Alexander Sosedkin Date: Thu, 3 Feb 2022 18:49:27 +0100 Subject: [PATCH] Update from upstream (SHAKE, FIPS changes): - gnutls: enable SHAKE, needed for Ed448 - fips-mode-setup: improve handling FIPS plus subpolicies - FIPS: disable SHA-1 HMAC - FIPS: disable CBC ciphers except in Kerberos Resolves: bz2005021 Resolves: bz2026657 Resolves: bz2006843 Resolves: bz2006844 --- crypto-policies.spec | 12 +++++++++--- sources | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto-policies.spec b/crypto-policies.spec index d8dfdc4..f4ac4fe 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -1,5 +1,5 @@ -%global git_date 20220201 -%global git_commit 636a91d934f7cf2dc64f5e5c046416c683a6b7f9 +%global git_date 20220203 +%global git_commit f03e75eb11e7583cd8b68c49d6d0e2aa87d28e54 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %global _python_bytecompile_extra 0 @@ -186,7 +186,13 @@ end %{_mandir}/man8/fips-finish-install.8* %changelog -* Tue Feb 01 2021 Alexander Sosedkin - 20220201-1.git636a91d +* Tue Feb 03 2022 Alexander Sosedkin - 20220203-1.gitf03e75e +- gnutls: enable SHAKE, needed for Ed448 +- fips-mode-setup: improve handling FIPS plus subpolicies +- FIPS: disable SHA-1 HMAC +- FIPS: disable CBC ciphers except in Kerberos + +* Tue Feb 01 2022 Alexander Sosedkin - 20220201-1.git636a91d - openssl: revert to SECLEVEL=2 in LEGACY - openssl: add newlines at the end of the output diff --git a/sources b/sources index 529ee99..86187a8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crypto-policies-git636a91d.tar.gz) = 3f4ba8ab52a59ed0d4996f7e59b6bb81050b560448e887ca35c7fb10e92aa5c9ca60758b98ad32e58197304442d22855fdad501ef56de4e310ce87d8e8de4ae8 +SHA512 (crypto-policies-gitf03e75e.tar.gz) = 72c68d7f1941f45c251cc1aae47e45be2e3d23e1067cf98d87c6a14d15dbcce22c7970ad05a4fb298361ccf7d6d904f286191d7ac39be847bee8237b088c62cd