Commit Graph

8 Commits

Author SHA256 Message Date
c840e031b3 Accepting request 1099072 from home:pmonrealgonzalez:branches:security:tls
- Update to version 20230614.5f3458e:
  * policies: impose old OpenSSL groups order for all back-ends
  * Rebase patches:
    - crypto-policies-revert-rh-allow-sha1-signatures.patch
    - crypto-policies-supported.patch

OBS-URL: https://build.opensuse.org/request/show/1099072
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=19
2023-07-17 10:01:21 +00:00
Martin Pluskal
4ac1e9ad7b Accepting request 1086482 from home:pmonrealgonzalez:branches:security:tls
- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
  * Add crypto-policies-supported.patch

- Update to version 20230420.3d08ae7:
  * openssl, alg_lists: add brainpool support
  * openssl: set Groups explicitly
  * codespell: ignore aNULL
  * rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960
  * sequoia: add separate rpm-sequoia backend
  * crypto-policies.7: state upfront that FUTURE is not so interoperable
  * Makefile: update for asciidoc 10
  * Skip the LibreswanGenerator and SequoiaGenerator:
    - Add crypto-policies-policygenerators.patch
  * Remove crypto-policies-test_supported_modules_only.patch
  * Rebase crypto-policies-no-build-manpages.patch

- Update to version 20221214.a4c31a3:
  * bind: expand the list of disableable algorithms
  * libssh: Add support for openssh fido keys
  * .gitlab-ci.yml: install krb5-devel for krb5-config
  * sequoia: check using sequoia-policy-config-check
  * sequoia: introduce new back-end
  * Makefile: support overriding asciidoc executable name
  * openssh: make none and auto explicit and different
  * openssh: autodetect and allow forcing RequiredRSASize presence/name
  * openssh: remove _pre_8_5_ssh
  * pylintrc: update
  * Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..."
  * disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...

OBS-URL: https://build.opensuse.org/request/show/1086482
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=15
2023-05-14 10:09:24 +00:00
64434f6b7a Accepting request 921336 from home:pmonrealgonzalez:branches:security:tls
- Remove the scripts and documentation regarding
  fips-finish-install and test-fips-setup
  * Add crypto-policies-FIPS.patch

- Update to version 20210917.c9d86d1:
  * openssl: fix disabling ChaCha20
  * pacify pylint 2.11: use format strings
  * pacify pylint 2.11: specify explicit encoding
  * fix minor things found by new pylint
  * update-crypto-policies: --check against regenerated
  * update-crypto-policies: fix --check's walking order
  * policygenerators/gnutls: revert disabling DTLS0.9...
  * policygenerators/java: add javasystem backend
  * LEGACY: bump 1023 key size to 1024
  * cryptopolicies: fix 'and' in deprecation warnings
  * *ssh: condition ecdh-sha2-nistp384 on SECP384R1
  * nss: hopefully the last fix for nss sigalgs check
  * cryptopolicies: Python 3.10 compatibility
  * nss: postponing check + testing at least something
  * Rename 'policy modules' to 'subpolicies'
  * validation.rules: fix a missing word in error
  * cryptopolicies: raise errors right after warnings
  * update-crypto-policies: capitalize warnings
  * cryptopolicies: syntax-precheck scope errors
  * .gitlab-ci.yml, Makefile: enable codespell
  * all: fix several typos
  * docs: don't leave zero TLS/DTLS protocols on
  * openssl: separate TLS/DTLS MinProtocol/MaxProtocol
  * alg_lists: order protocols new-to-old for consistency
  * alg_lists: max_{d,}tls_version

OBS-URL: https://build.opensuse.org/request/show/921336
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=14
2021-09-27 08:09:29 +00:00
14fe68fa46 Accepting request 875107 from home:pmonrealgonzalez:branches:security:tls
To be evaluated in Staging:O

OBS-URL: https://build.opensuse.org/request/show/875107
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=12
2021-02-25 12:26:13 +00:00
cd0fe31e45 Accepting request 873431 from home:pmonrealgonzalez:branches:security:tls
- Update to version 20210213.5c710c0: [bsc#1180938]
  * setup_directories(): perform safer creation of directories
  * save_config(): avoid re-opening output file for each iteration
  * save_config(): break after first match to avoid unnecessary stat() calls
  * CryptoPolicy.parse(): actually stop parsing line on syntax error
  * ProfileConfig.parse_string(): correctly extended subpolicies
  * Exclude RC4 from LEGACY
  * Introduce rc4_md5_in_krb5 to narrow AD_SUPPORT
  * code style: fix 'not in' membership testing
  * pylintrc: tighten up a bit
  * formatting: avoid long lines
  * formatting: use f-strings instead of format()
  * formatting: reformat all python code with autopep8
  * nss: postponing the version check again, to 3.61
  * Revert "Unfortunately we have to keep ignoring the openssh check for sk-"

OBS-URL: https://build.opensuse.org/request/show/873431
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=11
2021-02-18 15:02:02 +00:00
ee902fbb42 Accepting request 870817 from home:dimstar:Factory
- Use tar_scm service, not obs_scm: With crypto-policies entering
  Ring0 (distro bootstrap) we want to be sure to keep the buildtime
  deps as low as possible.
- Add python3-base BuildRequires: previously, OBS' tar service
  pulled this in for us.

- Add a BuildIgnore for crypto-policies

OBS-URL: https://build.opensuse.org/request/show/870817
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=10
2021-02-10 11:03:59 +00:00
6a038c8b4b Accepting request 870258 from home:pmonrealgonzalez:branches:security:tls
- Use gzip instead of xz in obscpio and sources

- Do not build the manpages to avoid build cycles
- Add crypto-policies-no-build-manpages.patch

OBS-URL: https://build.opensuse.org/request/show/870258
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=8
2021-02-08 11:33:22 +00:00
45bd4ac122 Accepting request 868718 from home:dimstar:Factory
Let's use a real _service file.

NOTE: the version is a small downgrade, but that's because I use %cd (aka commit date) as version identifier.
in the _service file I used the same commit date, so in fact this is the same source.


- Convert to use a proper git source _service:
  + To update, one just needs to update the commit/revision in the
    _service file and run `osc service dr`.
  + The version of the package is defined by the commit date of the
    revision, followed by the abbreviated git hash (The same
    revision used before results thus in a downgrade to 20210118,
    but as this is a alltime new package, this is acceptable.

OBS-URL: https://build.opensuse.org/request/show/868718
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=7
2021-02-02 17:53:21 +00:00