Update from upstream (SHAKE, FIPS changes):

- gnutls: enable SHAKE, needed for Ed448
- fips-mode-setup: improve handling FIPS plus subpolicies
- FIPS: disable SHA-1 HMAC
- FIPS: disable CBC ciphers except in Kerberos

Resolves: bz2005021
Resolves: bz2026657
Resolves: bz2006843
Resolves: bz2006844
This commit is contained in:
Alexander Sosedkin 2022-02-03 18:49:27 +01:00
parent b0d95fe7a8
commit e69bea495b
2 changed files with 10 additions and 4 deletions

View File

@ -1,5 +1,5 @@
%global git_date 20220201 %global git_date 20220203
%global git_commit 636a91d934f7cf2dc64f5e5c046416c683a6b7f9 %global git_commit f03e75eb11e7583cd8b68c49d6d0e2aa87d28e54
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
%global _python_bytecompile_extra 0 %global _python_bytecompile_extra 0
@ -186,7 +186,13 @@ end
%{_mandir}/man8/fips-finish-install.8* %{_mandir}/man8/fips-finish-install.8*
%changelog %changelog
* Tue Feb 01 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20220201-1.git636a91d * Tue Feb 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220203-1.gitf03e75e
- gnutls: enable SHAKE, needed for Ed448
- fips-mode-setup: improve handling FIPS plus subpolicies
- FIPS: disable SHA-1 HMAC
- FIPS: disable CBC ciphers except in Kerberos
* Tue Feb 01 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220201-1.git636a91d
- openssl: revert to SECLEVEL=2 in LEGACY - openssl: revert to SECLEVEL=2 in LEGACY
- openssl: add newlines at the end of the output - openssl: add newlines at the end of the output

View File

@ -1 +1 @@
SHA512 (crypto-policies-git636a91d.tar.gz) = 3f4ba8ab52a59ed0d4996f7e59b6bb81050b560448e887ca35c7fb10e92aa5c9ca60758b98ad32e58197304442d22855fdad501ef56de4e310ce87d8e8de4ae8 SHA512 (crypto-policies-gitf03e75e.tar.gz) = 72c68d7f1941f45c251cc1aae47e45be2e3d23e1067cf98d87c6a14d15dbcce22c7970ad05a4fb298361ccf7d6d904f286191d7ac39be847bee8237b088c62cd