testing/crypto-policies
SHA256
7
0
Fork 0
forked from pool/crypto-policies
Code Pull Requests Activity

Factory #1

Merged
dgarcia merged 15 commits from factory into main 2025-10-08 12:55:29 +02:00
Conversation 0 Commits 15 Files Changed 19 +574 -447
dgarcia commented 2025-10-06 14:26:33 +02:00
Owner
Copy Link
No description provided.
dgarcia added 15 commits 2025-10-06 14:26:33 +02:00
Accepting request 1154669 from home:pmonrealgonzalez:branches:security:tls 61d6cd0906 
- Update to version 20240201.9f501f3:
  * .gitlab-ci.yml: install sequoia-policy-config
  * java: disable ChaCha20-Poly1305 where applicable
  * fips-mode-setup: make sure ostree is detected in chroot
  * fips-finish-install: make sure ostree is detected in chroot
  * TEST-PQ: enable X25519-KYBER768 / P384-KYBER768 for openssl
  * TEST-PQ: add a no-op subpolicy
  * update-crypto-policies: Keep mid-sentence upper case
  * fips-mode-setup: Write error messages to stderr
  * fips-mode-setup: Fix some shellcheck warnings
  * fips-mode-setup: Fix test for empty /boot
  * fips-mode-setup: Avoid 'boot=UUID=' if /boot == /
  * Update man pages
  * Rebase patches:
    - crypto-policies-FIPS.patch
    - crypto-policies-revert-rh-allow-sha1-signatures.patch

- Update to version 20231108.adb5572b:
  * Print matches in syntax deprecation warnings
  * Restore support for scoped ssh_etm directives
  * fips-mode-setup: Fix usage with --no-bootcfg
  * turn ssh_etm into an etm@SSH tri-state
  * fips-mode-setup: increase chroot-friendliness
  * bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx
  * pylintrc: use-implicit-booleaness-not-comparison-to-*

OBS-URL: https://build.opensuse.org/request/show/1154669
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=31
Accepting request 1245664 from home:pmonrealgonzalez:branches:security:tls a82b210eff 
- Remove dangling symlink for the libreswan config [bsc#1236858]
- Remove also sequoia config and generator files

- Update to version 20250124.4d262e7:
  * openssl: stricter enabling of Ciphersuites
  * openssl: make use of -CBC and -AESGCM keywords
  * openssl: add TLS 1.3 Brainpool identifiers
  * fix warning on using experimental key_exchanges
  * update-crypto-policies: don't output FIPS warning in fips mode
  * openssh: map mlkem768x25519-sha256 to KEM-ECDH & MLKEM768-X25519 & SHA2-256
  * openssh, libssh: refactor kx maps to use tuples
  * alg_lists: mark MLKEM768/SNTRUP kex experimental
  * nss: revert enabling mlkem768secp256r1
  * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber
  * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
  * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768
  * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768
  * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256
  * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384...
  * python/update-crypto-policies: pacify pylint
  * fips-mode-setup: tolerate fips dracut module presence w/o FIPS
  * fips-mode-setup: small Argon2 detection fix
  * SHA1: add __openssl_block_sha1_signatures = 0
  * fips-mode-setup: block if LUKS devices using Argon2 are detected
  * update-crypto-policies: skip warning on --set=FIPS if bootc
  * fips-setup-helper: skip warning, BTW
  * fips-mode-setup: force --no-bootcfg when UKI is detected
  * fips-setup-helper: add a libexec helper for anaconda
  * fips-crypto-policy-overlay: automount FIPS policy
  * openssh: make dss no longer enableble, support is dropped

OBS-URL: https://build.opensuse.org/request/show/1245664
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=32
Accepting request 1245722 from home:pmonrealgonzalez:branches:security:tls 9c7dcb10f0 
OBS-URL: https://build.opensuse.org/request/show/1245722
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=33
- Enable SHA1 sigver in the DEFAULT policy. 663edb6cd9 
* Add crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=34
- Update to version 20250124.4d262e7: [bsc#1239009] afd2ac0d9c 
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=35
- Fix fips-mode-setup in EFI or Secure Boot mode. [bsc#1227637] 1515971d29 
* Rebase crypto-policies-FIPS.patch

- Update to version 20250124.4d262e7: [bsc#1239009, bsc#1236165]

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=36
- Allow sshd in FIPS mode when using the DEFAULT policy [bsc#1227370] 06c618d49b 
* Add crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=37
- Remove not needed fips bind mount service 433658502e 
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=38
Accepting request 1255022 from security:tls b42aba04ee 
OBS-URL: https://build.opensuse.org/request/show/1255022
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=9
- Relax the nss version requirement since the mlkem768secp256r1 352cf77373 
enablement has been reverted.

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=40
Accepting request 1256440 from security:tls 72b4b4e50c 
OBS-URL: https://build.opensuse.org/request/show/1256440
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=10
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=42 0a2c75c4df
Accepting request 1270054 from security:tls f024afda29 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1270054
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=11
- Allow openssl to load when using the DEFAULT policy, and also c8ef763331 
other policies, in FIPS mode. [bsc#1243830, bsc#1242233]
  * Add crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=44
Accepting request 1289229 from security:tls 141d5df3e4 
OBS-URL: https://build.opensuse.org/request/show/1289229
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=12
dgarcia merged commit 52a4bfb73e into main 2025-10-08 12:55:29 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
new/Approved
new/New Repository
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm adrianSuSE autogits-devel dgarcia dirkmueller gitea_test yudaike
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: testing/crypto-policies#1
Delete Branch "factory"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?