From c78ee41234a6b4bd0dd64febd62dfa6edecbfb6c1c846751a05dcc9ca2a381f7 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Thu, 21 Jan 2021 14:53:23 +0000 Subject: [PATCH] Accepting request 865444 from home:pmonrealgonzalez:branches:security:tls - Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option - Fix the man pages generation - Add crypto-policies-asciidoc.patch - Test only supported modules - Add crypto-policies-test_supported_modules_only.patch - Add crypto-policies-typos.patch to fix some typos OBS-URL: https://build.opensuse.org/request/show/865444 OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=2 --- README.SUSE | 2 + ...policies-test_supported_modules_only.patch | 13 +++++ crypto-policies-typos.patch | 48 +++++++++++++++++++ crypto-policies.changes | 27 +++++++++++ crypto-policies.spec | 25 +++++----- fedora-crypto-policies-master.tar.gz | 4 +- 6 files changed, 105 insertions(+), 14 deletions(-) create mode 100644 README.SUSE create mode 100644 crypto-policies-test_supported_modules_only.patch create mode 100644 crypto-policies-typos.patch diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..fee7848 --- /dev/null +++ b/README.SUSE @@ -0,0 +1,2 @@ +Currently only OpenSSL, GnuTLS, and NSS policies are supported. +The rest of the modules ignore the policy settings for the time being. diff --git a/crypto-policies-test_supported_modules_only.patch b/crypto-policies-test_supported_modules_only.patch new file mode 100644 index 0000000..9e25a9f --- /dev/null +++ b/crypto-policies-test_supported_modules_only.patch @@ -0,0 +1,13 @@ +Index: fedora-crypto-policies-master/Makefile +=================================================================== +--- fedora-crypto-policies-master.orig/Makefile ++++ fedora-crypto-policies-master/Makefile +@@ -45,8 +45,6 @@ check: + tests/openssl.pl + tests/gnutls.pl + tests/nss.py +- tests/java.pl +- tests/krb5.py + top_srcdir=. tests/update-crypto-policies.sh + + test: check runpylint diff --git a/crypto-policies-typos.patch b/crypto-policies-typos.patch new file mode 100644 index 0000000..1cf79ea --- /dev/null +++ b/crypto-policies-typos.patch @@ -0,0 +1,48 @@ +From: Hideki Yamane +Date: Sun, 25 Aug 2019 04:08:35 +0900 +Subject: fix typos + +--- + crypto-policies.7.txt | 2 +- + fips-finish-install | 2 +- + fips-finish-install.8.txt | 2 +- + +Index: fedora-crypto-policies-master/crypto-policies.7.txt +=================================================================== +--- fedora-crypto-policies-master.orig/crypto-policies.7.txt ++++ fedora-crypto-policies-master/crypto-policies.7.txt +@@ -236,7 +236,7 @@ To completely override a list value in a + sign. Combining 'list-items' with and without signs in a single list value assignment is + not allowed however an existing list value can be modified in multiple further assignments. + +-Non-list key values in the policy module files are simply overriden. ++Non-list key values in the policy module files are simply overridden. + + The keys marked as *Optional* can be omitted in the policy definition + files. In that case, the values will be derived from the base +Index: fedora-crypto-policies-master/fips-finish-install +=================================================================== +--- fedora-crypto-policies-master.orig/fips-finish-install ++++ fedora-crypto-policies-master/fips-finish-install +@@ -12,7 +12,7 @@ if test -f /run/ostree-booted; then + fi + + if test x"$1" != x--complete ; then +- echo "Complete the instalation of FIPS modules." ++ echo "Complete the installation of FIPS modules." + echo "usage: $0 --complete" + exit 2 + fi +Index: fedora-crypto-policies-master/fips-finish-install.8.txt +=================================================================== +--- fedora-crypto-policies-master.orig/fips-finish-install.8.txt ++++ fedora-crypto-policies-master/fips-finish-install.8.txt +@@ -21,7 +21,7 @@ fips-finish-install(8) + + NAME + ---- +-fips-finish-install - complete the instalation of FIPS modules. ++fips-finish-install - complete the installation of FIPS modules. + + + SYNOPSIS diff --git a/crypto-policies.changes b/crypto-policies.changes index 5185a74..97d1f04 100644 --- a/crypto-policies.changes +++ b/crypto-policies.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Thu Jan 21 14:44:07 UTC 2021 - Pedro Monreal + +- Update to git version 20210118 + * Output sigalgs required by nss >=3.59 + * Bump Python requirement to 3.6 + * Kerberos 5: Fix policy generator to account for macs + * Add AES-192 support (non-TLS scenarios) + * Add documentation of the --check option + +------------------------------------------------------------------- +Thu Jan 21 14:42:13 UTC 2021 - Pedro Monreal + +- Fix the man pages generation +- Add crypto-policies-asciidoc.patch + +------------------------------------------------------------------- +Thu Jan 21 09:56:42 UTC 2021 - Pedro Monreal + +- Test only supported modules +- Add crypto-policies-test_supported_modules_only.patch + +------------------------------------------------------------------- +Tue Dec 22 10:50:36 UTC 2020 - Pedro Monreal + +- Add crypto-policies-typos.patch to fix some typos + ------------------------------------------------------------------- Thu Nov 12 08:20:19 UTC 2020 - Vítězslav Čížek diff --git a/crypto-policies.spec b/crypto-policies.spec index 20871d9..3f2cafd 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -16,19 +16,19 @@ # -%global git_date 20201115 -#%global git_commit 85dccc5a5b7127e54e0c82b2b5ab5f5fb6fb5490 -#%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} +%global git_date 20210118 %global _python_bytecompile_extra 0 Name: crypto-policies Version: %{git_date} -Release: 1.git%{git_commit_hash}%{?dist} +Release: 0 Summary: System-wide crypto policies License: LGPL-2.1-or-later URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies -#Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz Source0: fedora-crypto-policies-master.tar.gz +Source1: README.SUSE Patch0: crypto-policies-asciidoc.patch +Patch1: crypto-policies-typos.patch +Patch2: crypto-policies-test_supported_modules_only.patch BuildRequires: asciidoc BuildRequires: bind BuildRequires: gnutls >= 3.6.0 @@ -36,16 +36,16 @@ BuildRequires: java-devel BuildRequires: libxslt BuildRequires: openssl BuildRequires: perl -BuildRequires: python3-devel +BuildRequires: python3-devel >= 3.6 BuildRequires: perl(File::Copy) BuildRequires: perl(File::Temp) BuildRequires: perl(File::Which) -BuildRequires: perl(File::pushd) +#BuildRequires: perl(File::pushd) Recommends: crypto-policies-scripts -Conflicts: gnutls < 3.6.11 -Conflicts: libreswan < 3.28 +#Conflicts: gnutls < 3.6.11 +#Conflicts: libreswan < 3.28 Conflicts: nss < 3.44.0 -Conflicts: openssh < 8.2p1 +#Conflicts: openssh < 8.2p1 BuildArch: noarch %description @@ -69,7 +69,6 @@ The package also provides a tool fips-mode-setup, which can be used to enable or disable the system FIPS mode. %prep -#%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit} %autosetup -p1 -n fedora-crypto-policies-master %build @@ -107,6 +106,8 @@ done %py3_compile %{buildroot}%{_datadir}/crypto-policies/python +cp %{SOURCE1} %{buildroot}%{_sysconfdir}/crypto-policies + %check %make_build check @@ -143,7 +144,6 @@ end %{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || : %files - %dir %{_sysconfdir}/crypto-policies/ %dir %{_sysconfdir}/crypto-policies/back-ends/ %dir %{_sysconfdir}/crypto-policies/state/ @@ -152,6 +152,7 @@ end %dir %{_sysconfdir}/crypto-policies/policies/modules/ %dir %{_datarootdir}/crypto-policies/ +%{_sysconfdir}/crypto-policies/README.SUSE %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/config %ghost %config(missingok,noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config diff --git a/fedora-crypto-policies-master.tar.gz b/fedora-crypto-policies-master.tar.gz index d0b3b56..1d5ca08 100644 --- a/fedora-crypto-policies-master.tar.gz +++ b/fedora-crypto-policies-master.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3c9b25736802f9f0af94f213eae8f146cd7ba5cc5288fe33ab6e09c60e50ccb9 -size 54714 +oid sha256:1ca1dabb526ff35720512f6f1aa533112985e20d1521abbc1e990f8a2efdbd64 +size 55699