Revisions of crypto-policies
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1154669
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 31)
- Update to version 20240201.9f501f3: * .gitlab-ci.yml: install sequoia-policy-config * java: disable ChaCha20-Poly1305 where applicable * fips-mode-setup: make sure ostree is detected in chroot * fips-finish-install: make sure ostree is detected in chroot * TEST-PQ: enable X25519-KYBER768 / P384-KYBER768 for openssl * TEST-PQ: add a no-op subpolicy * update-crypto-policies: Keep mid-sentence upper case * fips-mode-setup: Write error messages to stderr * fips-mode-setup: Fix some shellcheck warnings * fips-mode-setup: Fix test for empty /boot * fips-mode-setup: Avoid 'boot=UUID=' if /boot == / * Update man pages * Rebase patches: - crypto-policies-FIPS.patch - crypto-policies-revert-rh-allow-sha1-signatures.patch - Update to version 20231108.adb5572b: * Print matches in syntax deprecation warnings * Restore support for scoped ssh_etm directives * fips-mode-setup: Fix usage with --no-bootcfg * turn ssh_etm into an etm@SSH tri-state * fips-mode-setup: increase chroot-friendliness * bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx * pylintrc: use-implicit-booleaness-not-comparison-to-*
buildservice-autocommit
accepted
request 1143233
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 30)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1143066
from
Dirk Mueller (dirkmueller)
(revision 29)
- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros: we only need python3-base here, we don't need the python macros as no module is being built
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1143007
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 28)
Revert the previous change
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1142851
from
Dirk Mueller (dirkmueller)
(revision 27)
- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros: we only need python3-base here, we don't need the python macros as no module is being built
buildservice-autocommit
accepted
request 1116021
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 26)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1115821
from
Daniel Garcia (dgarcia)
(revision 25)
- Remove dependency on /usr/bin/python3, making scripts to depends on the real python3 binary, not the link. bsc#1212476
buildservice-autocommit
accepted
request 1114288
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 24)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1114283
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 23)
Update to latest version and update jira tracking number from jsc#PED-4578 to jsc#PED-5041
buildservice-autocommit
accepted
request 1108785
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 22)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1108344
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 21)
- Tests: Fix pylint versioning for TW and fix the parsing of the policygenerators to account for the commented lines correctly. * Add crypto-policies-pylint.patch * Rebase crypto-policies-policygenerators.patch - FIPS: Adapt the fips-mode-setup script to use the pbl command from the perl-Bootloader package to replace grubby. Add a note for transactional systems [jsc#PED-4578]. * Rebase crypto-policies-FIPS.patch
buildservice-autocommit
accepted
request 1099073
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 20)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1099072
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 19)
- Update to version 20230614.5f3458e: * policies: impose old OpenSSL groups order for all back-ends * Rebase patches: - crypto-policies-revert-rh-allow-sha1-signatures.patch - crypto-policies-supported.patch
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1098705
from
Marcus Meissner (msmeissn)
(revision 18)
- BSI.pol: Added a new BSI policy for BSI TR 02102* (jsc#PED-4933) derived from NEXT.pol
buildservice-autocommit
accepted
request 1089055
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 17)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1089054
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 16)
- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup and fips-finish-install commands, add also the man pages. The required FIPS modules are left to be installed by the user. * Rebase crypto-policies-FIPS.patch - Revert a breaking change that introduces the config option rh-allow-sha1-signatures that is unkown to OpenSSL and fails on startup. We will consider adding this option to openssl. * https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/97fe4494 * Add crypto-policies-revert-rh-allow-sha1-signatures.patch * Skip not needed LibreswanGenerator and SequoiaGenerator:
Martin Pluskal (pluskalm)
accepted
request 1086482
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 15)
- Update the update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. [bsc#1209998] * Add crypto-policies-supported.patch - Update to version 20230420.3d08ae7: * openssl, alg_lists: add brainpool support * openssl: set Groups explicitly * codespell: ignore aNULL * rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960 * sequoia: add separate rpm-sequoia backend * crypto-policies.7: state upfront that FUTURE is not so interoperable * Makefile: update for asciidoc 10 * Skip the LibreswanGenerator and SequoiaGenerator: - Add crypto-policies-policygenerators.patch * Remove crypto-policies-test_supported_modules_only.patch * Rebase crypto-policies-no-build-manpages.patch - Update to version 20221214.a4c31a3: * bind: expand the list of disableable algorithms * libssh: Add support for openssh fido keys * .gitlab-ci.yml: install krb5-devel for krb5-config * sequoia: check using sequoia-policy-config-check * sequoia: introduce new back-end * Makefile: support overriding asciidoc executable name * openssh: make none and auto explicit and different * openssh: autodetect and allow forcing RequiredRSASize presence/name * openssh: remove _pre_8_5_ssh * pylintrc: update * Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..." * disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 921336
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 14)
- Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch - Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version
Richard Brown (RBrownSUSE)
accepted
request 875109
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 13)
initialized devel package after accepting 875109
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 875107
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 12)
To be evaluated in Staging:O
Displaying revisions 1 - 20 of 31