From bfb91ad7af06761dbbe0c164104805e159187157 Mon Sep 17 00:00:00 2001 From: Alexander Sosedkin Date: Mon, 16 Feb 2026 14:34:55 +0100 Subject: [PATCH] Update from upstream (more SSH ML-KEM kexes) - FIPS: allow NIST hybrid kexes for openssh - libssh: enable NIST ML-KEM hybrids - libssh: add mlkem768x25519-sha256 Resolves: RHEL-133522 Resolves: RHEL-148560 --- crypto-policies.spec | 12 +++++++++--- sources | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto-policies.spec b/crypto-policies.spec index fef9cab..c8b268f 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -1,5 +1,5 @@ -%global git_date 20251127 -%global git_commit 27c2902362478a2b125ce1a320e72a1dcb8edf72 +%global git_date 20260216 +%global git_commit 0e54016de30f669e13d6fcf16a25e655301c34b4 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %global _python_bytecompile_extra 0 @@ -32,8 +32,9 @@ BuildRequires: systemd-rpm-macros Conflicts: openssl-libs < 1:3.5 Conflicts: nss < 3.112 Conflicts: libreswan < 4.12 -Conflicts: openssh < 9.9p1-16 +Conflicts: openssh < 9.9p1-19 Conflicts: gnutls < 3.8.10 +Conflicts: libssh < 0.12 # TODO: remove sometime later (once there's no viable upgrade path from 10.0) Provides: crypto-policies-pq-preview = %{version}-%{release} @@ -241,6 +242,11 @@ exit 0 %{_datarootdir}/crypto-policies/python %changelog +* Mon Feb 16 2026 Alexander Sosedkin - 20260216-1.git0e54016 +- FIPS: allow NIST hybrid kexes for openssh +- libssh: enable NIST ML-KEM hybrids +- libssh: add mlkem768x25519-sha256 + * Thu Nov 27 2025 Alexander Sosedkin - 20251127-1.git27c2902 - FUTURE: disable kex other than KEM-ECDH diff --git a/sources b/sources index f59be39..d87f158 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crypto-policies-git27c2902.tar.gz) = f8b1c26d552450f8867423d081f6bdbe432b8208ad59f0e8f385bac8a2ec10a6f230fa9bb44dca27cf7474fa85fdcc035026786788b751b48a5bf17163e55484 +SHA512 (crypto-policies-git0e54016.tar.gz) = 6d5bc45a152827a24d04f1a01634229df731f4a51e68398d90a6d3bda5e815467d5422cf680edf19c42106795b96244723f37de415890c0c8a8abd15465ce59d