Accepting request 875107 from home:pmonrealgonzalez:branches:security:tls

To be evaluated in Staging:O OBS-URL: https://build.opensuse.org/request/show/875107 OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=12
2021-02-25 12:26:13 +00:00 · 2021-02-25 12:26:13 +00:00 · 14fe68fa46
commit 14fe68fa46
parent cd0fe31e45
8 changed files with 33 additions and 27 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="scm">git</param>
    <param name="versionformat">%cd.%h</param>
    <param name="changesgenerate">enable</param>
-    <param name="revision">5c710c0cd17d9cb1954d3084c718791fc31bbcfe</param>
+    <param name="revision">05203d21f6d0ea9bbdb351e4600f1e273720bb8e</param>
  </service>
  <service name="recompress" mode="disabled">
    <param name="file">*.tar</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://gitlab.com/redhat-crypto/fedora-crypto-policies.git</param>
-              <param name="changesrevision">5c710c0cd17d9cb1954d3084c718791fc31bbcfe</param></service></servicedata>
+              <param name="changesrevision">05203d21f6d0ea9bbdb351e4600f1e273720bb8e</param></service></servicedata>
--- a/crypto-policies.changes
+++ b/crypto-policies.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Feb 25 12:05:39 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to version 20210225.05203d2:
+  * Disable DTLS0.9 protocol in the DEFAULT policy.
+  * policies/FIPS: insignificant reformatting
+  * policygenerators/libssh: respect ssh_certs
+  * policies/modules/OSPP: tighten to follow RHEL 8
+  * crypto-policies(7): drop not-reenableable comment
+  * follow up on disabling RC4
+
+-------------------------------------------------------------------
+Thu Feb 25 11:59:44 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Remove not needed scripts: fips-finish-install fips-mode-setup
+
+-------------------------------------------------------------------
+Wed Feb 24 16:22:08 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Disable DTLS0.9 protocol in GnuTLS DEFAULT policy. [bsc#1180938]
+  * The minimum DTLS protocol version in the DEFAULT and FUTURE
+    policies is DTLS1.2.
+  * Fixed upstream: 05203d21f6d0ea9bbdb351e4600f1e273720bb8e
+
 -------------------------------------------------------------------
 Wed Feb 17 12:36:05 UTC 2021 - Pedro Monreal <pmonreal@suse.com>

--- a/crypto-policies.spec
+++ b/crypto-policies.spec
@ -18,7 +18,7 @@

 %global _python_bytecompile_extra 0
 Name:           crypto-policies
-Version:        20210213.5c710c0
+Version:        20210225.05203d2
 Release:        0
 Summary:        System-wide crypto policies
 License:        LGPL-2.1-or-later
@ -27,9 +27,7 @@ URL:            https://gitlab.com/redhat-crypto/fedora-%{name}
 Source0:        fedora-%{name}-%{version}.tar.gz
 Source1:        README.SUSE
 Source2:        crypto-policies.7.gz
-Source3:        fips-mode-setup.8.gz
-Source4:        fips-finish-install.8.gz
-Source5:        update-crypto-policies.8.gz
+Source3:        update-crypto-policies.8.gz
 Patch0:         crypto-policies-asciidoc.patch
 Patch1:         crypto-policies-typos.patch
 Patch2:         crypto-policies-test_supported_modules_only.patch
@ -62,8 +60,6 @@ such as SSL/TLS libraries.
 %package scripts
 Summary:        Tool to switch between crypto policies
 Requires:       %{name} = %{version}-%{release}
-Recommends:     grubby
-Provides:       fips-mode-setup = %{version}-%{release}

 %description scripts
 This package provides a tool update-crypto-policies, which applies
@ -71,9 +67,6 @@ the policies provided by the crypto-policies package. These can be
 either the pre-built policies from the base package or custom policies
 defined in simple policy definition files.

-The package also provides a tool fips-mode-setup, which can be used
-to enable or disable the system FIPS mode.
-
 %prep
 %autosetup -p1 -n fedora-%{name}-%{version}

@ -97,10 +90,10 @@ mkdir -p -m 755 %{buildroot}%{_mandir}/
 mkdir -p -m 755 %{buildroot}%{_mandir}/man7/
 mkdir -p -m 755 %{buildroot}%{_mandir}/man8/
 cp %{SOURCE2} %{buildroot}%{_mandir}/man7/
-cp %{SOURCE3} %{SOURCE4} %{SOURCE5} %{buildroot}%{_mandir}/man8/
+cp %{SOURCE3} %{buildroot}%{_mandir}/man8/

 # Install the executable files
-install -p -m 755 update-crypto-policies fips-finish-install fips-mode-setup %{buildroot}%{_bindir}/
+install -p -m 755 update-crypto-policies %{buildroot}%{_bindir}/

 install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config
 touch %{buildroot}%{_sysconfdir}/crypto-policies/state/current
@ -207,9 +200,4 @@ end
 %{_mandir}/man8/update-crypto-policies.8%{?ext_man}
 %{_datarootdir}/crypto-policies/python

-%{_bindir}/fips-mode-setup
-%{_bindir}/fips-finish-install
-%{_mandir}/man8/fips-mode-setup.8%{?ext_man}
-%{_mandir}/man8/fips-finish-install.8%{?ext_man}
-
 %changelog
--- a/fedora-crypto-policies-20210213.5c710c0.tar.gz
+++ b/fedora-crypto-policies-20210213.5c710c0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:86e8073b832f6050cbf07c0d1a658bf5bbd400b2352f796c80092263812cd480
-size 57622
--- a/fedora-crypto-policies-20210225.05203d2.tar.gz
+++ b/fedora-crypto-policies-20210225.05203d2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:773522be2bf98a7e88bc684d33c846b337d170cf33001dc2b20eee35c82c8030
+size 58094
--- a/fips-finish-install.8.gz
+++ b/fips-finish-install.8.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0df0d2341bf1c34847e7a9ed44ece1b6484e2f1daeb3134f16a89914a6a1cfdc
-size 881
--- a/fips-mode-setup.8.gz
+++ b/fips-mode-setup.8.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de5a21524d5f6ddb030d5349c6bfb0b850ce2360d4f00bd23aaf8a0d9ad9a09d
-size 1124