509 lines
22 KiB
Plaintext
509 lines
22 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Jun 30 08:01:55 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Allow openssl to load when using the DEFAULT policy, and also
|
|
other policies, in FIPS mode. [bsc#1243830, bsc#1242233]
|
|
* Add crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 9 12:32:47 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 27 10:37:18 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Relax the nss version requirement since the mlkem768secp256r1
|
|
enablement has been reverted.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 18 13:45:44 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Allow sshd in FIPS mode when using the DEFAULT policy [bsc#1227370]
|
|
* Add crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 11 12:40:44 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Enable SHA1 sigver in the DEFAULT policy.
|
|
* Add crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 28 13:18:00 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Fix fips-mode-setup in EFI or Secure Boot mode. [bsc#1227637]
|
|
* Rebase crypto-policies-FIPS.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 12 11:45:57 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Remove dangling symlink for the libreswan config [bsc#1236858]
|
|
- Remove also sequoia config and generator files
|
|
- Remove not needed fips bind mount service
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 04 10:18:07 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20250124.4d262e7: [bsc#1239009, bsc#1236165]
|
|
* openssl: stricter enabling of Ciphersuites
|
|
* openssl: make use of -CBC and -AESGCM keywords
|
|
* openssl: add TLS 1.3 Brainpool identifiers
|
|
* fix warning on using experimental key_exchanges
|
|
* update-crypto-policies: don't output FIPS warning in fips mode
|
|
* openssh: map mlkem768x25519-sha256 to KEM-ECDH & MLKEM768-X25519 & SHA2-256
|
|
* openssh, libssh: refactor kx maps to use tuples
|
|
* alg_lists: mark MLKEM768/SNTRUP kex experimental
|
|
* nss: revert enabling mlkem768secp256r1
|
|
* nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber
|
|
* gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
|
|
* openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768
|
|
* openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768
|
|
* openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256
|
|
* openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384...
|
|
* python/update-crypto-policies: pacify pylint
|
|
* fips-mode-setup: tolerate fips dracut module presence w/o FIPS
|
|
* fips-mode-setup: small Argon2 detection fix
|
|
* SHA1: add __openssl_block_sha1_signatures = 0
|
|
* fips-mode-setup: block if LUKS devices using Argon2 are detected
|
|
* update-crypto-policies: skip warning on --set=FIPS if bootc
|
|
* fips-setup-helper: skip warning, BTW
|
|
* fips-mode-setup: force --no-bootcfg when UKI is detected
|
|
* fips-setup-helper: add a libexec helper for anaconda
|
|
* fips-crypto-policy-overlay: automount FIPS policy
|
|
* openssh: make dss no longer enableble, support is dropped
|
|
* gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768
|
|
* DEFAULT: switch to rh-allow-sha1-signatures = no...
|
|
* java: drop unused javasystem backend
|
|
* java: stop specifying jdk.tls.namedGroups in javasystem
|
|
* ec_min_size: introduce and use in java, default to 256
|
|
* java: use and include jdk.disabled.namedCurves
|
|
* BSI: Update BSI policy for new 2024 minimum recommendations
|
|
* fips-mode-setup: flashy ticking warning upon use
|
|
* fips-mode-setup: add another scary "unsupported"
|
|
* CONTRIBUTING.md: add a small section on updating policies
|
|
* CONTRIBUTING.md: remove trailing punctuation from headers
|
|
* BSI: switch to 3072 minimum RSA key size
|
|
* java: make hash, mac and sign more orthogonal
|
|
* java: specify jdk.tls.namedGroups system property
|
|
* java: respect more key size restrictions
|
|
* java: disable anon ciphersuites, tying them to NULL...
|
|
* java: start controlling / disable DTLSv1.0
|
|
* nss: wire KYBER768 to XYBER768D00
|
|
* nss: unconditionally load p11-kit-proxy.so
|
|
* gnutls: make DTLS0.9 controllable again
|
|
* gnutls: retire GNUTLS_NO_TLS_SESSION_HASH
|
|
* openssh: remove OPENSSH_MIN_RSA_SIZE / OPENSSH_MIN_RSA_SIZE_FORCE
|
|
* gnutls: remove extraneous newline
|
|
* sequoia: move away from subprocess.getstatusoutput
|
|
* python/cryptopolicies/cryptopolicies.py: add trailing commas
|
|
* python, tests: rename MalformedLine to MalformedLineError
|
|
* Makefile: introduce SKIP_LINTING flag for packagers to use
|
|
* Makefile: run ruff
|
|
* tests: use pathlib
|
|
* tests: run(check=True) + CalledProcessError where convenient
|
|
* tests: use subprocess.run
|
|
* tests/krb5.py: check all generated policies
|
|
* tests: print to stderr on error paths
|
|
* tests/nss.py: also use encoding='utf-8'
|
|
* tests/nss.py: also use removesuffix
|
|
* tests/nss.py: skip creating tempfiles
|
|
* tests/java.pl -> tests/java.py
|
|
* tests/gnutls.pl -> tests/gnutls.py
|
|
* tests/openssl.pl -> tests/openssl.py
|
|
* tests/verify-output.pl: remove
|
|
* libreswan: do not use up pfs= / ikev2= keywords for default behaviour
|
|
* Rebase patches:
|
|
- crypto-policies-no-build-manpages.patch
|
|
- crypto-policies-policygenerators.patch
|
|
- crypto-policies-supported.patch
|
|
- crypto-policies-nss.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 06 12:27:56 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20241010.5930b9a:
|
|
* LEGACY: enable 192-bit ciphers for nss pkcs12/smime
|
|
* nss: be stricter with new purposes
|
|
* nss: rewrite backend for 3.101
|
|
* cryptopolicies: parent scopes for dumping purposes
|
|
* policygenerators: move scoping inside generators
|
|
* TEST-PQ: disable pure Kyber768
|
|
* nss: wire XYBER768D00 to X25519-KYBER768
|
|
* TEST-PQ: update
|
|
* TEST-PQ: also enable sntrup761x25519-sha512@openssh.com
|
|
* TEST-PQ, alg_lists, openssl: enable more experimental `sign` values
|
|
* TEST-PQ, python: add more groups, mark experimental
|
|
* openssl: mark liboqsprovider groups optional with ?
|
|
* Remove patches:
|
|
- crypto-policies-revert-rh-allow-sha1-signatures.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 06 10:29:11 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20240201.9f501f3:
|
|
* .gitlab-ci.yml: install sequoia-policy-config
|
|
* java: disable ChaCha20-Poly1305 where applicable
|
|
* fips-mode-setup: make sure ostree is detected in chroot
|
|
* fips-finish-install: make sure ostree is detected in chroot
|
|
* TEST-PQ: enable X25519-KYBER768 / P384-KYBER768 for openssl
|
|
* TEST-PQ: add a no-op subpolicy
|
|
* update-crypto-policies: Keep mid-sentence upper case
|
|
* fips-mode-setup: Write error messages to stderr
|
|
* fips-mode-setup: Fix some shellcheck warnings
|
|
* fips-mode-setup: Fix test for empty /boot
|
|
* fips-mode-setup: Avoid 'boot=UUID=' if /boot == /
|
|
* Update man pages
|
|
* Rebase patches:
|
|
- crypto-policies-FIPS.patch
|
|
- crypto-policies-revert-rh-allow-sha1-signatures.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 02 08:34:40 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20231108.adb5572b:
|
|
* Print matches in syntax deprecation warnings
|
|
* Restore support for scoped ssh_etm directives
|
|
* fips-mode-setup: Fix usage with --no-bootcfg
|
|
* turn ssh_etm into an etm@SSH tri-state
|
|
* fips-mode-setup: increase chroot-friendliness
|
|
* bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx
|
|
* pylintrc: use-implicit-booleaness-not-comparison-to-*
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 30 18:36:34 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
|
|
we only need python3-base here, we don't need the python
|
|
macros as no module is being built
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 5 12:35:57 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
|
|
|
|
- Remove dependency on /usr/bin/python3, making scripts to depends on
|
|
the real python3 binary, not the link. bsc#1212476
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 27 10:54:17 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- nss: Skip the NSS policy check if the mozilla-nss-tools package
|
|
is not installed. This avoids adding more dependencies in ring0.
|
|
* Add crypto-policies-nss.patch [bsc#1211301]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 22 10:27:53 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20230920.570ea89:
|
|
* fips-mode-setup: more thorough --disable, still unsupported
|
|
* FIPS:OSPP: tighten beyond reason for OSPP 4.3
|
|
* krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
|
|
* openssl: implement relaxing EMS in FIPS (NO-ENFORCE-EMS)
|
|
* gnutls: prepare for tls-session-hash option coming
|
|
* nss: prepare for TLS-REQUIRE-EMS option coming
|
|
* NO-ENFORCE-EMS: add subpolicy
|
|
* FIPS: set __ems = ENFORCE
|
|
* cryptopolicies: add enums and __ems tri-state
|
|
* docs: replace `FIPS 140-2` with just `FIPS 140`
|
|
* .gitlab-ci: remove forcing OPENSSH_MIN_RSA_SIZE
|
|
* cryptopolicies: add comments on dunder options
|
|
* nss: retire NSS_OLD and replace with NSS_LAX 3.80 check
|
|
* BSI: start a BSI TR 02102 policy [jsc#PED-4933]
|
|
* Rebase patches:
|
|
- crypto-policies-policygenerators.patch
|
|
- crypto-policies-revert-rh-allow-sha1-signatures.patch
|
|
- crypto-policies-FIPS.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 15 11:23:06 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Conditionally recommend the crypto-policies-scripts package
|
|
when python is not installed in the system [bsc#1215201]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 31 12:17:44 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Tests: Fix pylint versioning for TW and fix the parsing of the
|
|
policygenerators to account for the commented lines correctly.
|
|
* Add crypto-policies-pylint.patch
|
|
* Rebase crypto-policies-policygenerators.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 1 12:23:33 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- FIPS: Adapt the fips-mode-setup script to use the pbl command
|
|
from the perl-Bootloader package to replace grubby. Add a note
|
|
for transactional systems [jsc#PED-5041].
|
|
* Rebase crypto-policies-FIPS.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 14 14:59:06 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
|
|
|
- BSI.pol: Added a new BSI policy for BSI TR 02102* (jsc#PED-4933)
|
|
derived from NEXT.pol
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 13 06:36:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20230614.5f3458e:
|
|
* policies: impose old OpenSSL groups order for all back-ends
|
|
* Rebase patches:
|
|
- crypto-policies-revert-rh-allow-sha1-signatures.patch
|
|
- crypto-policies-supported.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 25 11:28:12 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
|
|
and fips-finish-install commands, add also the man pages. The
|
|
required FIPS modules are left to be installed by the user.
|
|
* Rebase crypto-policies-FIPS.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 24 20:04:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Revert a breaking change that introduces the config option
|
|
rh-allow-sha1-signatures that is unkown to OpenSSL and fails
|
|
on startup. We will consider adding this option to openssl.
|
|
* https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/97fe4494
|
|
* Add crypto-policies-revert-rh-allow-sha1-signatures.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 8 09:45:45 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update the update-crypto-policies(8) man pages and README.SUSE
|
|
to mention the supported back-end policies. [bsc#1209998]
|
|
* Add crypto-policies-supported.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 08 06:32:49 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20230420.3d08ae7:
|
|
* openssl, alg_lists: add brainpool support
|
|
* openssl: set Groups explicitly
|
|
* codespell: ignore aNULL
|
|
* rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960
|
|
* sequoia: add separate rpm-sequoia backend
|
|
* crypto-policies.7: state upfront that FUTURE is not so interoperable
|
|
* Makefile: update for asciidoc 10
|
|
* Skip not needed LibreswanGenerator and SequoiaGenerator:
|
|
- Add crypto-policies-policygenerators.patch
|
|
* Remove crypto-policies-test_supported_modules_only.patch
|
|
* Rebase crypto-policies-no-build-manpages.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 20 09:25:22 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20221214.a4c31a3:
|
|
* bind: expand the list of disableable algorithms
|
|
* libssh: Add support for openssh fido keys
|
|
* .gitlab-ci.yml: install krb5-devel for krb5-config
|
|
* sequoia: check using sequoia-policy-config-check
|
|
* sequoia: introduce new back-end
|
|
* Makefile: support overriding asciidoc executable name
|
|
* openssh: make none and auto explicit and different
|
|
* openssh: autodetect and allow forcing RequiredRSASize presence/name
|
|
* openssh: remove _pre_8_5_ssh
|
|
* pylintrc: update
|
|
* Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..."
|
|
* disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...
|
|
* Makefile: exclude built manpages from codespell
|
|
* add openssh HostbasedAcceptedAlgorithms
|
|
* openssh: add RSAMinSize option following min_rsa_size
|
|
* Revert ".gitlab-ci.yml: skip pylint (bz2069837)"
|
|
* docs: add customization recommendation
|
|
* tests/java: fix java.security.disableSystemPropertiesFile=true
|
|
* policies: add FEDORA38 and TEST-FEDORA39
|
|
* bind: control ED25519/ED448
|
|
* openssl: disable SHA-1 signatures in FUTURE/NO-SHA1
|
|
* .gitlab-ci.yml: skip pylint (bz2069837)
|
|
* openssh: add support for sntrup761x25519-sha512@openssh.com
|
|
* fips-mode-setup: fix one unrelated check to intended state
|
|
* fips-mode-setup, fips-finish-install: abandon /etc/system-fips
|
|
* Makefile: fix alt-policy test of LEGACY:AD-SUPPORT
|
|
* fips-mode-setup: catch more inconsistencies, clarify --check
|
|
* fips-mode-setup: improve handling FIPS plus subpolicies
|
|
* .gitlab-ci.yml: use rawhide so that we get gnutls 3.7.3
|
|
* gnutls: enable SHAKE, needed for Ed448
|
|
* gnutls: use allowlisting
|
|
* openssl: add newlines at the end of the output
|
|
* FIPS:OSPP: relax -ECDSA-SHA2-512, -FFDHE-*
|
|
* fips-mode-setup, fips-finish-install: call zipl more often
|
|
* Add crypto-policies-rpmlintrc file to avoid files-duplicate,
|
|
zero-length and non-conffile-in-etc warnings.
|
|
* Rebase patches:
|
|
- crypto-policies-FIPS.patch
|
|
- crypto-policies-no-build-manpages.patch
|
|
* Update README.SUSE
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 24 11:30:21 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Remove the scripts and documentation regarding
|
|
fips-finish-install and test-fips-setup
|
|
* Add crypto-policies-FIPS.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 24 09:34:03 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20210917.c9d86d1:
|
|
* openssl: fix disabling ChaCha20
|
|
* pacify pylint 2.11: use format strings
|
|
* pacify pylint 2.11: specify explicit encoding
|
|
* fix minor things found by new pylint
|
|
* update-crypto-policies: --check against regenerated
|
|
* update-crypto-policies: fix --check's walking order
|
|
* policygenerators/gnutls: revert disabling DTLS0.9...
|
|
* policygenerators/java: add javasystem backend
|
|
* LEGACY: bump 1023 key size to 1024
|
|
* cryptopolicies: fix 'and' in deprecation warnings
|
|
* *ssh: condition ecdh-sha2-nistp384 on SECP384R1
|
|
* nss: hopefully the last fix for nss sigalgs check
|
|
* cryptopolicies: Python 3.10 compatibility
|
|
* nss: postponing check + testing at least something
|
|
* Rename 'policy modules' to 'subpolicies'
|
|
* validation.rules: fix a missing word in error
|
|
* cryptopolicies: raise errors right after warnings
|
|
* update-crypto-policies: capitalize warnings
|
|
* cryptopolicies: syntax-precheck scope errors
|
|
* .gitlab-ci.yml, Makefile: enable codespell
|
|
* all: fix several typos
|
|
* docs: don't leave zero TLS/DTLS protocols on
|
|
* openssl: separate TLS/DTLS MinProtocol/MaxProtocol
|
|
* alg_lists: order protocols new-to-old for consistency
|
|
* alg_lists: max_{d,}tls_version
|
|
* update-crypto-policies: fix pregenerated + local.d
|
|
* openssh: allow validation with pre-8.5
|
|
* .gitlab-ci.yml: run commit-range against upstream
|
|
* openssh: Use the new name for PubkeyAcceptedKeyTypes
|
|
* sha1_in_dnssec: deprecate
|
|
* .gitlab-ci.yml: test commit ranges
|
|
* FIPS:OSPP: sign = -*-SHA2-224
|
|
* scoped policies: documentation update
|
|
* scoped policies: use new features to the fullest...
|
|
* scoped policies: rewrite + minimal policy changes
|
|
* scoped policies: rewrite preparations
|
|
* nss: postponing the version check again, to 3.64
|
|
- Remove patches fixed upstream: crypto-policies-typos.patch
|
|
- Rebase: crypto-policies-test_supported_modules_only.patch
|
|
- Merge crypto-policies-asciidoc.patch into
|
|
crypto-policies-no-build-manpages.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 25 12:05:39 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20210225.05203d2:
|
|
* Disable DTLS0.9 protocol in the DEFAULT policy.
|
|
* policies/FIPS: insignificant reformatting
|
|
* policygenerators/libssh: respect ssh_certs
|
|
* policies/modules/OSPP: tighten to follow RHEL 8
|
|
* crypto-policies(7): drop not-reenableable comment
|
|
* follow up on disabling RC4
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 25 11:59:44 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Remove not needed scripts: fips-finish-install fips-mode-setup
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 24 16:22:08 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Disable DTLS0.9 protocol in GnuTLS DEFAULT policy. [bsc#1180938]
|
|
* The minimum DTLS protocol version in the DEFAULT and FUTURE
|
|
policies is DTLS1.2.
|
|
* Fixed upstream: 05203d21f6d0ea9bbdb351e4600f1e273720bb8e
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 17 12:36:05 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to version 20210213.5c710c0: [bsc#1180938]
|
|
* setup_directories(): perform safer creation of directories
|
|
* save_config(): avoid re-opening output file for each iteration
|
|
* save_config(): break after first match to avoid unnecessary stat() calls
|
|
* CryptoPolicy.parse(): actually stop parsing line on syntax error
|
|
* ProfileConfig.parse_string(): correctly extended subpolicies
|
|
* Exclude RC4 from LEGACY
|
|
* Introduce rc4_md5_in_krb5 to narrow AD_SUPPORT
|
|
* code style: fix 'not in' membership testing
|
|
* pylintrc: tighten up a bit
|
|
* formatting: avoid long lines
|
|
* formatting: use f-strings instead of format()
|
|
* formatting: reformat all python code with autopep8
|
|
* nss: postponing the version check again, to 3.61
|
|
* Revert "Unfortunately we have to keep ignoring the openssh check for sk-"
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 9 10:50:47 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Use tar_scm service, not obs_scm: With crypto-policies entering
|
|
Ring0 (distro bootstrap) we want to be sure to keep the buildtime
|
|
deps as low as possible.
|
|
- Add python3-base BuildRequires: previously, OBS' tar service
|
|
pulled this in for us.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 8 11:45:38 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Add a BuildIgnore for crypto-policies
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 8 11:22:31 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Use gzip instead of xz in obscpio and sources
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 5 10:57:46 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Do not build the manpages to avoid build cycles
|
|
- Add crypto-policies-no-build-manpages.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 2 17:38:27 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Convert to use a proper git source _service:
|
|
+ To update, one just needs to update the commit/revision in the
|
|
_service file and run `osc service dr`.
|
|
+ The version of the package is defined by the commit date of the
|
|
revision, followed by the abbreviated git hash (The same
|
|
revision used before results thus in a downgrade to 20210118,
|
|
but as this is a alltime new package, this is acceptable.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 2 12:33:19 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to git version 20210127
|
|
* Bump Python requirement to 3.6
|
|
* Output sigalgs required by nss >=3.59
|
|
* Do not require bind during build
|
|
* Break build cycles with openssl and gnutls
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 21 14:44:07 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Update to git version 20210118
|
|
* Output sigalgs required by nss >=3.59
|
|
* Bump Python requirement to 3.6
|
|
* Kerberos 5: Fix policy generator to account for macs
|
|
* Add AES-192 support (non-TLS scenarios)
|
|
* Add documentation of the --check option
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 21 14:42:13 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Fix the man pages generation
|
|
- Add crypto-policies-asciidoc.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 21 09:56:42 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Test only supported modules
|
|
- Add crypto-policies-test_supported_modules_only.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 22 10:50:36 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
|
|
|
|
- Add crypto-policies-typos.patch to fix some typos
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
|
|
|
|
- Initial packaging, git version 20200918 (jsc#SLE-15832)
|