Overview Repositories Revisions Requests Users Attributes Meta

Revisions of crypto-policies

Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1154669 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 31) 
- Update to version 20240201.9f501f3:
  * .gitlab-ci.yml: install sequoia-policy-config
  * java: disable ChaCha20-Poly1305 where applicable
  * fips-mode-setup: make sure ostree is detected in chroot
  * fips-finish-install: make sure ostree is detected in chroot
  * TEST-PQ: enable X25519-KYBER768 / P384-KYBER768 for openssl
  * TEST-PQ: add a no-op subpolicy
  * update-crypto-policies: Keep mid-sentence upper case
  * fips-mode-setup: Write error messages to stderr
  * fips-mode-setup: Fix some shellcheck warnings
  * fips-mode-setup: Fix test for empty /boot
  * fips-mode-setup: Avoid 'boot=UUID=' if /boot == /
  * Update man pages
  * Rebase patches:
    - crypto-policies-FIPS.patch
    - crypto-policies-revert-rh-allow-sha1-signatures.patch

- Update to version 20231108.adb5572b:
  * Print matches in syntax deprecation warnings
  * Restore support for scoped ssh_etm directives
  * fips-mode-setup: Fix usage with --no-bootcfg
  * turn ssh_etm into an etm@SSH tri-state
  * fips-mode-setup: increase chroot-friendliness
  * bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx
  * pylintrc: use-implicit-booleaness-not-comparison-to-*
buildservice-autocommit accepted request 1143233 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 30) 
baserev update by copy to link target
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1143066 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 29) 
- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
  we only need python3-base here, we don't need the python
  macros as no module is being built
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1142851 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 27) 
- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
  we only need python3-base here, we don't need the python
  macros as no module is being built
buildservice-autocommit accepted request 1116021 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 26) 
baserev update by copy to link target
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1115821 from Daniel Garcia's avatar Daniel Garcia (dgarcia) (revision 25) 
- Remove dependency on /usr/bin/python3, making scripts to depends on
  the real python3 binary, not the link. bsc#1212476
buildservice-autocommit accepted request 1114288 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 24) 
baserev update by copy to link target
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1114283 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 23) 
Update to latest version and update jira tracking number from jsc#PED-4578 to jsc#PED-5041
buildservice-autocommit accepted request 1108785 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 22) 
baserev update by copy to link target
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1108344 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 21) 
- Tests: Fix pylint versioning for TW and fix the parsing of the
  policygenerators to account for the commented lines correctly.
  * Add crypto-policies-pylint.patch
  * Rebase crypto-policies-policygenerators.patch

- FIPS: Adapt the fips-mode-setup script to use the pbl command
  from the perl-Bootloader package to replace grubby. Add a note
  for transactional systems [jsc#PED-4578].
  * Rebase crypto-policies-FIPS.patch
buildservice-autocommit accepted request 1099073 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 20) 
baserev update by copy to link target
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1099072 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 19) 
- Update to version 20230614.5f3458e:
  * policies: impose old OpenSSL groups order for all back-ends
  * Rebase patches:
    - crypto-policies-revert-rh-allow-sha1-signatures.patch
    - crypto-policies-supported.patch
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1098705 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 18) 
- BSI.pol: Added a new BSI policy for BSI TR 02102* (jsc#PED-4933)
  derived from NEXT.pol
buildservice-autocommit accepted request 1089055 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 17) 
baserev update by copy to link target
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 1089054 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 16) 
- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
  and fips-finish-install commands, add also the man pages. The
  required FIPS modules are left to be installed by the user.
  * Rebase crypto-policies-FIPS.patch

- Revert a breaking change that introduces the config option
  rh-allow-sha1-signatures that is unkown to OpenSSL and fails
  on startup. We will consider adding this option to openssl.
  * https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/97fe4494
  * Add crypto-policies-revert-rh-allow-sha1-signatures.patch

  * Skip not needed LibreswanGenerator and SequoiaGenerator:
Martin Pluskal's avatar Martin Pluskal (pluskalm) accepted request 1086482 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 15) 
- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
  * Add crypto-policies-supported.patch

- Update to version 20230420.3d08ae7:
  * openssl, alg_lists: add brainpool support
  * openssl: set Groups explicitly
  * codespell: ignore aNULL
  * rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960
  * sequoia: add separate rpm-sequoia backend
  * crypto-policies.7: state upfront that FUTURE is not so interoperable
  * Makefile: update for asciidoc 10
  * Skip the LibreswanGenerator and SequoiaGenerator:
    - Add crypto-policies-policygenerators.patch
  * Remove crypto-policies-test_supported_modules_only.patch
  * Rebase crypto-policies-no-build-manpages.patch

- Update to version 20221214.a4c31a3:
  * bind: expand the list of disableable algorithms
  * libssh: Add support for openssh fido keys
  * .gitlab-ci.yml: install krb5-devel for krb5-config
  * sequoia: check using sequoia-policy-config-check
  * sequoia: introduce new back-end
  * Makefile: support overriding asciidoc executable name
  * openssh: make none and auto explicit and different
  * openssh: autodetect and allow forcing RequiredRSASize presence/name
  * openssh: remove _pre_8_5_ssh
  * pylintrc: update
  * Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..."
  * disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...
Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) accepted request 921336 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 14) 
- Remove the scripts and documentation regarding
  fips-finish-install and test-fips-setup
  * Add crypto-policies-FIPS.patch

- Update to version 20210917.c9d86d1:
  * openssl: fix disabling ChaCha20
  * pacify pylint 2.11: use format strings
  * pacify pylint 2.11: specify explicit encoding
  * fix minor things found by new pylint
  * update-crypto-policies: --check against regenerated
  * update-crypto-policies: fix --check's walking order
  * policygenerators/gnutls: revert disabling DTLS0.9...
  * policygenerators/java: add javasystem backend
  * LEGACY: bump 1023 key size to 1024
  * cryptopolicies: fix 'and' in deprecation warnings
  * *ssh: condition ecdh-sha2-nistp384 on SECP384R1
  * nss: hopefully the last fix for nss sigalgs check
  * cryptopolicies: Python 3.10 compatibility
  * nss: postponing check + testing at least something
  * Rename 'policy modules' to 'subpolicies'
  * validation.rules: fix a missing word in error
  * cryptopolicies: raise errors right after warnings
  * update-crypto-policies: capitalize warnings
  * cryptopolicies: syntax-precheck scope errors
  * .gitlab-ci.yml, Makefile: enable codespell
  * all: fix several typos
  * docs: don't leave zero TLS/DTLS protocols on
  * openssl: separate TLS/DTLS MinProtocol/MaxProtocol
  * alg_lists: order protocols new-to-old for consistency
  * alg_lists: max_{d,}tls_version
Richard Brown's avatar Richard Brown (RBrownSUSE) accepted request 875109 from Pedro Monreal Gonzalez's avatar Pedro Monreal Gonzalez (pmonrealgonzalez) (revision 13) 
initialized devel package after accepting 875109
Displaying revisions 1 - 20 of 31
openSUSE Build Service is sponsored by
Places