From 42b4dd25739fb0040ec5c3a150264c3b303a2d65 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 12:39:16 +0000 Subject: import crypto-policies-20220203-1.gitf03e75e.el9 --- diff --git a/.crypto-policies.metadata b/.crypto-policies.metadata index 8ad9cf7..1a3d4d0 100644 --- a/.crypto-policies.metadata +++ b/.crypto-policies.metadata @@ -1 +1 @@ -52473a7552b94cbc3dac07e2668ea27db6c1fc65 SOURCES/crypto-policies-git70de135.tar.gz +4d5e23d4260a9700829d7c684f82893072a85c5e SOURCES/crypto-policies-gitf03e75e.tar.gz diff --git a/.gitignore b/.gitignore index 422a19d..02ea571 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/crypto-policies-git70de135.tar.gz +SOURCES/crypto-policies-gitf03e75e.tar.gz diff --git a/SPECS/crypto-policies.spec b/SPECS/crypto-policies.spec index 0135bac..f4ac4fe 100644 --- a/SPECS/crypto-policies.spec +++ b/SPECS/crypto-policies.spec @@ -1,5 +1,5 @@ -%global git_date 20211115 -%global git_commit 70de13531a7d17db062ac980ef6a7b521782f2fd +%global git_date 20220203 +%global git_commit f03e75eb11e7583cd8b68c49d6d0e2aa87d28e54 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %global _python_bytecompile_extra 0 @@ -186,6 +186,16 @@ end %{_mandir}/man8/fips-finish-install.8* %changelog +* Tue Feb 03 2022 Alexander Sosedkin - 20220203-1.gitf03e75e +- gnutls: enable SHAKE, needed for Ed448 +- fips-mode-setup: improve handling FIPS plus subpolicies +- FIPS: disable SHA-1 HMAC +- FIPS: disable CBC ciphers except in Kerberos + +* Tue Feb 01 2022 Alexander Sosedkin - 20220201-1.git636a91d +- openssl: revert to SECLEVEL=2 in LEGACY +- openssl: add newlines at the end of the output + * Mon Nov 15 2021 Alexander Sosedkin - 20211115-1.git70de135 - OSPP: relax -ECDSA-SHA2-512, -FFDHE-* - fips-mode-setup, fips-finish-install: call zipl more often (s390x-specific)