testing/crypto-policies
SHA256
7
0
Fork 0
forked from pool/crypto-policies
Code Pull Requests Activity

Factory #1

Merged
dgarcia merged 15 commits from factory into main 2025-10-08 12:55:29 +02:00
Conversation 0 Commits 15 Files Changed 19 +574 -447

15 Commits

Author SHA256 Message Date
Ana Guerrero
141d5df3e4 Accepting request 1289229 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1289229
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=12
 2025-07-01 09:33:55 +00:00
Pedro Monreal Gonzalez
c8ef763331 - Allow openssl to load when using the DEFAULT policy, and also 
other policies, in FIPS mode. [bsc#1243830, bsc#1242233]
  * Add crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=44
 2025-06-30 09:24:21 +00:00
Ana Guerrero
f024afda29 Accepting request 1270054 from security:tls 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1270054
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=11
 2025-04-24 15:24:51 +00:00
Pedro Monreal Gonzalez
0a2c75c4df OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=42 2025-04-09 14:39:36 +00:00
Ana Guerrero
72b4b4e50c Accepting request 1256440 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1256440
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=10
 2025-03-31 09:37:00 +00:00
Pedro Monreal Gonzalez
352cf77373 - Relax the nss version requirement since the mlkem768secp256r1 
enablement has been reverted.

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=40
 2025-03-27 10:46:22 +00:00
Ana Guerrero
b42aba04ee Accepting request 1255022 from security:tls 
OBS-URL: https://build.opensuse.org/request/show/1255022
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/crypto-policies?expand=0&rev=9
 2025-03-24 12:25:09 +00:00
Pedro Monreal Gonzalez
433658502e - Remove not needed fips bind mount service 
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=38
 2025-03-21 13:53:24 +00:00
Pedro Monreal Gonzalez
06c618d49b - Allow sshd in FIPS mode when using the DEFAULT policy [bsc#1227370] 
* Add crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=37
 2025-03-18 14:46:56 +00:00
Pedro Monreal Gonzalez
1515971d29 - Fix fips-mode-setup in EFI or Secure Boot mode. [bsc#1227637] 
* Rebase crypto-policies-FIPS.patch

- Update to version 20250124.4d262e7: [bsc#1239009, bsc#1236165]

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=36
 2025-03-13 08:17:07 +00:00
Pedro Monreal Gonzalez
afd2ac0d9c - Update to version 20250124.4d262e7: [bsc#1239009] 
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=35
 2025-03-11 17:37:42 +00:00
Pedro Monreal Gonzalez
663edb6cd9 - Enable SHA1 sigver in the DEFAULT policy. 
* Add crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=34
 2025-03-11 13:25:33 +00:00
Pedro Monreal Gonzalez
9c7dcb10f0 Accepting request 1245722 from home:pmonrealgonzalez:branches:security:tls 
OBS-URL: https://build.opensuse.org/request/show/1245722
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=33
 2025-02-13 16:19:09 +00:00
Pedro Monreal Gonzalez
a82b210eff Accepting request 1245664 from home:pmonrealgonzalez:branches:security:tls 
- Remove dangling symlink for the libreswan config [bsc#1236858]
- Remove also sequoia config and generator files

- Update to version 20250124.4d262e7:
  * openssl: stricter enabling of Ciphersuites
  * openssl: make use of -CBC and -AESGCM keywords
  * openssl: add TLS 1.3 Brainpool identifiers
  * fix warning on using experimental key_exchanges
  * update-crypto-policies: don't output FIPS warning in fips mode
  * openssh: map mlkem768x25519-sha256 to KEM-ECDH & MLKEM768-X25519 & SHA2-256
  * openssh, libssh: refactor kx maps to use tuples
  * alg_lists: mark MLKEM768/SNTRUP kex experimental
  * nss: revert enabling mlkem768secp256r1
  * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber
  * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
  * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768
  * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768
  * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256
  * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384...
  * python/update-crypto-policies: pacify pylint
  * fips-mode-setup: tolerate fips dracut module presence w/o FIPS
  * fips-mode-setup: small Argon2 detection fix
  * SHA1: add __openssl_block_sha1_signatures = 0
  * fips-mode-setup: block if LUKS devices using Argon2 are detected
  * update-crypto-policies: skip warning on --set=FIPS if bootc
  * fips-setup-helper: skip warning, BTW
  * fips-mode-setup: force --no-bootcfg when UKI is detected
  * fips-setup-helper: add a libexec helper for anaconda
  * fips-crypto-policy-overlay: automount FIPS policy
  * openssh: make dss no longer enableble, support is dropped

OBS-URL: https://build.opensuse.org/request/show/1245664
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=32
 2025-02-13 14:07:46 +00:00
Pedro Monreal Gonzalez
61d6cd0906 Accepting request 1154669 from home:pmonrealgonzalez:branches:security:tls 
- Update to version 20240201.9f501f3:
  * .gitlab-ci.yml: install sequoia-policy-config
  * java: disable ChaCha20-Poly1305 where applicable
  * fips-mode-setup: make sure ostree is detected in chroot
  * fips-finish-install: make sure ostree is detected in chroot
  * TEST-PQ: enable X25519-KYBER768 / P384-KYBER768 for openssl
  * TEST-PQ: add a no-op subpolicy
  * update-crypto-policies: Keep mid-sentence upper case
  * fips-mode-setup: Write error messages to stderr
  * fips-mode-setup: Fix some shellcheck warnings
  * fips-mode-setup: Fix test for empty /boot
  * fips-mode-setup: Avoid 'boot=UUID=' if /boot == /
  * Update man pages
  * Rebase patches:
    - crypto-policies-FIPS.patch
    - crypto-policies-revert-rh-allow-sha1-signatures.patch

- Update to version 20231108.adb5572b:
  * Print matches in syntax deprecation warnings
  * Restore support for scoped ssh_etm directives
  * fips-mode-setup: Fix usage with --no-bootcfg
  * turn ssh_etm into an etm@SSH tri-state
  * fips-mode-setup: increase chroot-friendliness
  * bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx
  * pylintrc: use-implicit-booleaness-not-comparison-to-*

OBS-URL: https://build.opensuse.org/request/show/1154669
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=31
 2024-03-07 07:48:27 +00:00