94479c
%global git_date 20200312
94479c
%global git_commit 3ae59d25388d9ed8d95bbe7a1a188b2715b697f6
50a08b
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
Nikos Mavrogiannopoulos 41e494
6dbae8
%global _python_bytecompile_extra 0
6dbae8
Nikos Mavrogiannopoulos 41e494
Name:           crypto-policies
Nikos Mavrogiannopoulos 92d1b1
Version:        %{git_date}
50b37f
Release:        1.git%{git_commit_hash}%{?dist}
973adf
Summary:        System-wide crypto policies
Nikos Mavrogiannopoulos 41e494
Nikos Mavrogiannopoulos 41e494
License:        LGPLv2+
Nikos Mavrogiannopoulos b7bb9c
URL:            https://gitlab.com/redhat-crypto/fedora-crypto-policies
50a08b
Source0:        https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
622dcb
Nikos Mavrogiannopoulos 41e494
BuildArch: noarch
Nikos Mavrogiannopoulos 41e494
BuildRequires: asciidoc
Nikos Mavrogiannopoulos 41e494
BuildRequires: libxslt
Nikos Mavrogiannopoulos 560b11
BuildRequires: openssl
Nikos Mavrogiannopoulos be145b
BuildRequires: gnutls-utils >= 3.6.0
Nikos Mavrogiannopoulos f52e3b
BuildRequires: java-1.8.0-openjdk-devel
Nikos Mavrogiannopoulos 3668ec
BuildRequires: bind
9460d0
BuildRequires: perl-interpreter
Nikos Mavrogiannopoulos a58d94
BuildRequires: perl-generators
Nikos Mavrogiannopoulos a58d94
BuildRequires: perl(File::pushd), perl(File::Temp), perl(File::Copy)
fed628
BuildRequires: perl(File::Which)
41c993
BuildRequires: python3-devel
50b37f
BuildRequires: python3-pylint
Nikos Mavrogiannopoulos a58d94
a705dd
# used by update-crypto-policies
Petr Šabata 470eef
Requires: coreutils
Petr Šabata 470eef
Requires: grep
Petr Šabata 470eef
Requires: sed
Igor Gnatenko a5ab3d
Requires(post): coreutils
Igor Gnatenko a5ab3d
Requires(post): grep
Igor Gnatenko a5ab3d
Requires(post): sed
ba5b3f
Conflicts: nss < 3.44.0
ba5b3f
Conflicts: libreswan < 3.28
50b37f
Conflicts: openssh < 8.2p1
50b37f
Conflicts: gnutls < 3.6.11
6c323f
Andrew Jeddeloh df572f
# Most users want this, the split is mostly for Fedora CoreOS
Andrew Jeddeloh df572f
Recommends: crypto-policies-scripts
Andrew Jeddeloh df572f
6c323f
# Self-obsolete to install both subpackages after split.
6c323f
# Remove in F32.
6c323f
Obsoletes: %{name} < 20190211-3.gite3eacfc
Nikos Mavrogiannopoulos fce648
Nikos Mavrogiannopoulos 41e494
%description
9f15ba
This package provides pre-built configuration files with
9f15ba
cryptographic policies for various cryptographic back-ends,
9f15ba
such as SSL/TLS libraries.
Andrew Jeddeloh df572f
Andrew Jeddeloh df572f
%package scripts
9f15ba
Summary: Tool to switch between crypto policies
9f15ba
Andrew Jeddeloh df572f
%description scripts
9f15ba
This package provides a tool update-crypto-policies, which applies
9f15ba
the policies provided by the crypto-policies package. These can be
9f15ba
either the pre-built policies from the base package or custom policies
9f15ba
defined in simple policy definition files.
Nikos Mavrogiannopoulos 41e494
6c323f
%package -n fips-mode-setup
6c323f
Requires: %{name} = %{version}-%{release}
6c323f
Requires: grubby
6c323f
Requires: dracut
Andrew Jeddeloh df572f
Requires: crypto-policies-scripts
6c323f
Summary: Enable or disable system FIPS mode
6c323f
6c323f
# Self-obsolete to install both subpackages after split.
6c323f
# Remove in F32.
6c323f
Obsoletes: %{name} < 20190211-3.gite3eacfc
6c323f
6c323f
%description -n fips-mode-setup
6c323f
The package provides a tool to enable or disable the system FIPS mode.
Nikos Mavrogiannopoulos 41e494
Nikos Mavrogiannopoulos 41e494
%prep
50a08b
%setup -q -n fedora-crypto-policies-%{git_commit_hash}-%{git_commit}
Nikos Mavrogiannopoulos 41e494
Nikos Mavrogiannopoulos 41e494
%build
6c323f
%make_build
Nikos Mavrogiannopoulos 41e494
Nikos Mavrogiannopoulos 41e494
%install
Nikos Mavrogiannopoulos a58d94
mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/
925a45
mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/
Nikos Mavrogiannopoulos 143743
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/
c3eb4f
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/state/
Nikos Mavrogiannopoulos 88d0a4
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/local.d/
a30fb1
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/
a30fb1
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/crypto-policies/policies/modules/
Nikos Mavrogiannopoulos 41e494
mkdir -p -m 755 %{buildroot}%{_bindir}
Nikos Mavrogiannopoulos a58d94
250161
make DESTDIR=%{buildroot} DIR=%{_datarootdir}/crypto-policies MANDIR=%{_mandir} %{?_smp_mflags} install
35b850
install -p -m 644 default-config %{buildroot}%{_sysconfdir}/crypto-policies/config
50b37f
touch %{buildroot}%{_sysconfdir}/crypto-policies/state/current
50b37f
touch %{buildroot}%{_sysconfdir}/crypto-policies/state/CURRENT.pol
Nikos Mavrogiannopoulos 41e494
925a45
# Create back-end configs for mounting with read-only /etc/
fe6bfc
for d in LEGACY DEFAULT NEXT FUTURE FIPS ; do
925a45
    mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d
fe6bfc
    for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do
925a45
        ln $f %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d/$(basename $f .txt).config
fe6bfc
    done
fe6bfc
done
fe6bfc
db8cb6
for f in %{buildroot}%{_datarootdir}/crypto-policies/DEFAULT/* ; do
db8cb6
    ln -sf %{_datarootdir}/crypto-policies/DEFAULT/$(basename $f) %{buildroot}%{_sysconfdir}/crypto-policies/back-ends/$(basename $f .txt).config
db8cb6
done
db8cb6
6dbae8
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/crypto-policies/python
6dbae8
Nikos Mavrogiannopoulos 560b11
%check
Nikos Mavrogiannopoulos 560b11
make check %{?_smp_mflags}
Nikos Mavrogiannopoulos 560b11
Andrew Jeddeloh df572f
%posttrans scripts
6dbae8
%{_bindir}/update-crypto-policies --no-check >/dev/null 2>/dev/null || :
Nikos Mavrogiannopoulos de1cba
Nikos Mavrogiannopoulos de1cba
Nikos Mavrogiannopoulos 41e494
%files
Nikos Mavrogiannopoulos c34e5a
Nikos Mavrogiannopoulos 41e494
%dir %{_sysconfdir}/crypto-policies/
Nikos Mavrogiannopoulos a58d94
%dir %{_sysconfdir}/crypto-policies/back-ends/
c3eb4f
%dir %{_sysconfdir}/crypto-policies/state/
Nikos Mavrogiannopoulos 88d0a4
%dir %{_sysconfdir}/crypto-policies/local.d/
a30fb1
%dir %{_sysconfdir}/crypto-policies/policies/
a30fb1
%dir %{_sysconfdir}/crypto-policies/policies/modules/
Nikos Mavrogiannopoulos a58d94
%dir %{_datarootdir}/crypto-policies/
Nikos Mavrogiannopoulos c34e5a
Nikos Mavrogiannopoulos c34e5a
%config(noreplace) %{_sysconfdir}/crypto-policies/config
Nikos Mavrogiannopoulos c34e5a
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/gnutls.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/openssl.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/openssh.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/opensshserver.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/nss.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/bind.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/java.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/krb5.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
db8cb6
%config(noreplace) %{_sysconfdir}/crypto-policies/back-ends/libssh.config
Nikos Mavrogiannopoulos 143743
50b37f
%ghost %{_sysconfdir}/crypto-policies/state/current
50b37f
%ghost %{_sysconfdir}/crypto-policies/state/CURRENT.pol
50b37f
ae5787
%{_mandir}/man7/crypto-policies.7*
a30fb1
%{_datarootdir}/crypto-policies/LEGACY
a30fb1
%{_datarootdir}/crypto-policies/DEFAULT
a30fb1
%{_datarootdir}/crypto-policies/NEXT
a30fb1
%{_datarootdir}/crypto-policies/FUTURE
a30fb1
%{_datarootdir}/crypto-policies/FIPS
a30fb1
%{_datarootdir}/crypto-policies/EMPTY
925a45
%{_datarootdir}/crypto-policies/back-ends
Nikos Mavrogiannopoulos a58d94
%{_datarootdir}/crypto-policies/default-config
Nikos Mavrogiannopoulos a58d94
%{_datarootdir}/crypto-policies/reload-cmds.sh
a30fb1
%{_datarootdir}/crypto-policies/policies
Nikos Mavrogiannopoulos 41e494
06e911
%license COPYING.LESSER
Nikos Mavrogiannopoulos 41e494
Andrew Jeddeloh df572f
%files scripts
Andrew Jeddeloh df572f
%{_bindir}/update-crypto-policies
Andrew Jeddeloh df572f
%{_mandir}/man8/update-crypto-policies.8*
Andrew Jeddeloh df572f
%{_datarootdir}/crypto-policies/python
Andrew Jeddeloh df572f
6c323f
%files -n fips-mode-setup
6c323f
%{_bindir}/fips-mode-setup
6c323f
%{_bindir}/fips-finish-install
6c323f
%{_mandir}/man8/fips-mode-setup.8*
6c323f
%{_mandir}/man8/fips-finish-install.8*
6c323f
Nikos Mavrogiannopoulos 41e494
%changelog
94479c
* Thu Mar 12 2020 Tomáš Mráz <tmraz@redhat.com> - 20200312-1.git3ae59d2
50b37f
- custom crypto policies: enable completely overriding contents of the list
50b37f
  value
50b37f
- added ECDHE-ONLY.pmod policy module example
50b37f
- openssh: make LEGACY policy to prefer strong public key algorithms
50b37f
- openssh: support FIDO/U2F (with the exception of FIPS policy)
50b37f
- gnutls: add support for GOST ciphers
50b37f
- various python code cleanups
50b37f
- update-crypto-policies: dump the current policy to
50b37f
  /etc/crypto-policies/state/CURRENT.pol
50b37f
a9c5a2
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20191128-5.gitcd267a5
a9c5a2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
a9c5a2
db8cb6
* Tue Jan 14 2020 Tomáš Mráz <tmraz@redhat.com> - 20191128-4.gitcd267a5
db8cb6
- the base package must ship the DEFAULT policy config symlinks in case
db8cb6
  the scripts package is not installed via the weak dependency
db8cb6
Andrew Jeddeloh df572f
* Tue Jan 07 2020 Andrew Jeddeloh <ajeddelo@redhat.com> 20191128-3.gitcd267a5
db8cb6
- split scripts into their own subpackage. See
db8cb6
  https://github.com/coreos/fedora-coreos-tracker/issues/280 for more details.
Andrew Jeddeloh df572f
925a45
* Mon Dec 16 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-2.gitcd267a5
925a45
- move the pre-built .config files to /usr/share/crypto-policies/back-ends
925a45
b7ce8f
* Thu Nov 28 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-1.gitcd267a5
b7ce8f
- add FIPS subpolicy for OSPP
b7ce8f
- fips-mode-setup: do not reload daemons when changing policy
b7ce8f
- fips-mode-setup: gracefully handle OSTree-based systems
b7ce8f
- gnutls: use new configuration file format
b7ce8f
973adf
* Tue Oct 29 2019 Tomáš Mráz <tmraz@redhat.com> - 20191002-1.gitc93dc99
973adf
- update-crypto-policies: fix handling of list operations in policy modules
973adf
- update-crypto-policies: fix updating of the current policy marker
973adf
- fips-mode-setup: fixes related to containers and non-root execution
973adf
c3eb4f
* Tue Sep 24 2019 Tomáš Mráz <tmraz@redhat.com> - 20190816-4.gitbb9bf99
c3eb4f
- add the /etc/crypto-policies/state directory
c3eb4f
fe6bfc
* Tue Sep 10 2019 Tomáš Mráz <tmraz@redhat.com> - 20190816-3.gitbb9bf99
fe6bfc
- make it possible to use fips-mode-setup --check without dracut
fe6bfc
- add .config symlinks so a crypto policy can be set with read-only
fe6bfc
  /etc by bind-mounting /usr/share/crypto-policies/<policy> to
fe6bfc
  /etc/crypto-policies/back-ends
fe6bfc
6dbae8
* Mon Aug 19 2019 Tomáš Mráz <tmraz@redhat.com> - 20190816-2.gitbb9bf99
6dbae8
- run the update-crypto-policies in posttrans
6dbae8
- the current config should work fine with OpenSSL >= 7.9p1
6dbae8
- fix the python bytecompilation
6dbae8
a30fb1
* Fri Aug 16 2019 Tomáš Mráz <tmraz@redhat.com> - 20190816-1.gitbb9bf99
a30fb1
- custom crypto policies support
a30fb1
- openssh: Support new configuration option CASignatureAlgorithms
a30fb1
- libssh: Add libssh as supported backend
a30fb1
- multiple fixes in fips-mode-setup, BLS support
a30fb1
e08f71
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20190527-2.git0b3add8
e08f71
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
e08f71
ba5b3f
* Mon May 27 2019 Tomáš Mráz <tmraz@redhat.com> - 20190211-1.git0b3add8
ba5b3f
- libreswan: coalesce proposals to avoid IKE packet fragmentation
ba5b3f
- openssh: add missing curve25519-sha256 to the key exchange list
ba5b3f
- nss: map X25519 to CURVE25519
ba5b3f
9dcc9e
* Thu Apr 25 2019 Tomáš Mráz <tmraz@redhat.com> - 20190211-4.gite3eacfc
9dcc9e
- do not fail in the Java test if the EMPTY policy is not really empty
9dcc9e
6c323f
* Thu Mar  7 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 20190211-3.gite3eacfc
6c323f
- Split out fips-mode-setup into separate subpackage
6c323f
4906e5
* Mon Feb 11 2019 Tomáš Mráz <tmraz@redhat.com> - 20190211-2.gite3eacfc
1d049a
- add crypto-policies.7 manual page
1d049a
- Java: Fix FIPS and FUTURE policy to allow RSA certificates in TLS
1d049a
- cleanup duplicate and incorrect information from update-crypto-policies.8
1d049a
  manual page
1d049a
- update-crypto-policies: Fix endless loop
1d049a
- update-crypto-policies: Add warning about the need of system restart
1d049a
- FUTURE: Add mistakenly ommitted EDDSA-ED25519 signature algorithm
1d049a
- openssh: Add missing SHA2 variants of RSA certificates to the policy
1d049a
- return exit code 2 when printing usage from all the tools
1d049a
- update-crypto-policies: add --no-reload option for testing
1d049a
415c46
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20181122-2.git70769d9
415c46
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
415c46
cfe352
* Thu Nov 22 2018 Tomáš Mráz <tmraz@redhat.com> - 20181122-1.git70769d9
cfe352
- update-crypto-policies: fix error on multiple matches in local.d
cfe352
14271e
* Tue Nov 20 2018 Tomáš Mráz <tmraz@redhat.com> - 20181120-1.gitd2b3bc4
14271e
- Print warning when update-crypto-policies --set is used in the FIPS mode
14271e
- Java: Add 3DES and RC4 to legacy algorithms in LEGACY policy
14271e
- OpenSSL: Properly disable non AEAD and AES128 ciphersuites in FUTURE
14271e
- libreswan: Add chacha20_poly1305 to all policies and drop ikev1 from LEGACY
14271e
42be7f
* Fri Oct 26 2018 Tomáš Mráz <tmraz@redhat.com> - 20181026-1.gitd42aaa6
42be7f
- Fix regression in discovery of additional configuration
42be7f
- NSS: add DSA keyword to LEGACY policy
42be7f
- GnuTLS: Add 3DES and RC4 to LEGACY policy
42be7f
d3b823
* Tue Sep 25 2018 Tomáš Mráz <tmraz@redhat.com> - 20180925-1.git71ca85f
d3b823
- Use Recommends instead of Requires for grubby
d3b823
- Revert setting of HostKeyAlgorithms for ssh client for now
d3b823
2486d1
* Fri Sep 21 2018 Tomáš Mráz <tmraz@redhat.com> - 20180921-2.git391ed9f
2486d1
- Fix requires for grubby
2486d1
a705dd
* Fri Sep 21 2018 Tomáš Mráz <tmraz@redhat.com> - 20180921-1.git391ed9f
a705dd
- OpenSSH: Generate policy for sign algorithms
a705dd
- Enable >= 255 bits EC curves in FUTURE policy
a705dd
- OpenSSH: Add group1 key exchanges in LEGACY policy
a705dd
- NSS: Add SHA224 to hash lists
a705dd
- Print warning when update-crypto-policies --set FIPS is used
a705dd
- fips-mode-setup: Kernel boot options are now modified with grubby
a705dd
0104bf
* Thu Aug  2 2018 Tomáš Mráz <tmraz@redhat.com> - 20180802-1.git1626592
0104bf
- Introduce NEXT policy
0104bf
35b850
* Mon Jul 30 2018 Tomáš Mráz <tmraz@redhat.com> - 20180730-1.git9d9f21d
35b850
- Add OpenSSL configuration file include support
35b850
fed628
* Tue Jul 24 2018 Tomáš Mráz <tmraz@redhat.com> - 20180723-1.gitdb825c0
fed628
- Initial FIPS mode setup support
fed628
- NSS: Add tests for the generated policy
fed628
- Enable TLS-1.3 if available in the respective TLS library
fed628
- Enable SHA1 in certificates in LEGACY policy
fed628
- Disable CAMELLIA
fed628
- libreswan: Multiple bug fixes in policies
fed628
76e290
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20180425-6.git6ad4018
76e290
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
76e290
c2cc47
* Fri May 18 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-5.git6ad4018
c2cc47
- Fix patch0
c2cc47
a05ee5
* Fri May 18 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-4.git6ad4018
a05ee5
- Remove Requires: systemd
622dcb
- Add Patch to silence warnings from reload-cmds
a05ee5
01aa75
* Thu May 17 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-3.git6ad4018
01aa75
- Requires: systemd should be added too
01aa75
fc7c7b
* Thu May 17 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-2.git6ad4018
fc7c7b
- Add Requires(post): systemd to fix:
fc7c7b
  crypto-policies/reload-cmds.sh: line 1: systemctl: command not found
fc7c7b
cc57da
* Wed Apr 25 2018 Tomáš Mráz <tmraz@redhat.com> - 20180425-1.git6ad4018
cc57da
- Restart/reload only enabled services
cc57da
- Do not enable PSK ciphersuites by default in gnutls and openssl
cc57da
- krb5: fix when more than 2048 bits keys are required
cc57da
- Fix discovery of additional configurations #1564595
cc57da
- Fix incorrect ciphersuite setup for libreswan
cc57da
Nikos Mavrogiannopoulos d67712
* Tue Mar  6 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20180306-1.gitaea6928
Nikos Mavrogiannopoulos d67712
- Updated policy to reduce DH parameter size on DEFAULT level, taking into
Nikos Mavrogiannopoulos d67712
  account feedback in #1549242,1#534532.
Nikos Mavrogiannopoulos d67712
- Renamed openssh-server.config to opensshserver.config to reduce conflicts
Nikos Mavrogiannopoulos d67712
  when local.d/ appending is used.
Nikos Mavrogiannopoulos d67712
Nikos Mavrogiannopoulos 77729e
* Tue Feb 27 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20180227-1.git0ce1729
Nikos Mavrogiannopoulos 77729e
- Updated to include policies for libreswan
Nikos Mavrogiannopoulos 77729e
Nikos Mavrogiannopoulos 2556da
* Mon Feb 12 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20180112-1.git386e3fe
Nikos Mavrogiannopoulos 2556da
- Updated to apply the settings as in StrongCryptoSettings project. The restriction
Nikos Mavrogiannopoulos 2556da
  to TLS1.2, is not yet applied as we have no method to impose that in openssl.
Nikos Mavrogiannopoulos 2556da
  https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
Nikos Mavrogiannopoulos 2556da
b38bcc
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 20171115-3.git921600e
b38bcc
- Escape macros in %%changelog
b38bcc
529fed
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20171115-2.git921600e
529fed
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
529fed
Nikos Mavrogiannopoulos 8dca9a
* Wed Nov 15 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20171115-1.git921600e
Nikos Mavrogiannopoulos 8dca9a
- Updated openssh policies for new openssh without rc4
Nikos Mavrogiannopoulos 8dca9a
- Removed policies for compat-gnutls28
Nikos Mavrogiannopoulos 8dca9a
Nikos Mavrogiannopoulos be145b
* Wed Aug 23 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170823-1.git8d18c27
Nikos Mavrogiannopoulos be145b
- Updated gnutls policies for 3.6.0
Nikos Mavrogiannopoulos be145b
Nikos Mavrogiannopoulos e4abbf
* Wed Aug 16 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170816-1.git2618a6c
Nikos Mavrogiannopoulos e4abbf
- Updated to latest upstream
Nikos Mavrogiannopoulos e4abbf
- Restarts openssh server on policy update
Nikos Mavrogiannopoulos e4abbf
Nikos Mavrogiannopoulos 20ca56
* Wed Aug  2 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170802-1.git9300620
Nikos Mavrogiannopoulos 20ca56
- Updated to latest upstream
Nikos Mavrogiannopoulos 20ca56
- Reloads openssh server on policy update
Nikos Mavrogiannopoulos 20ca56
18cc30
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20170606-4.git7c32281
18cc30
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
18cc30
Igor Gnatenko a5ab3d
* Tue Jul 25 2017 Igor Gnatenko <ignatenko@redhat.com> - 20170606-3.git7c32281
Igor Gnatenko a5ab3d
- Restore Requires(post)
Igor Gnatenko a5ab3d
Nikos Mavrogiannopoulos fc1d6f
* Mon Jul 24 2017 Troy Dawson <tdawson@redhat.com> 20170606-2.git7c32281
Nikos Mavrogiannopoulos fc1d6f
- perl dependency renamed to perl-interpreter <ppisar@redhat.com>
Nikos Mavrogiannopoulos fc1d6f
- remove useless Requires(post) <ignatenko@redhat.com>
Nikos Mavrogiannopoulos fc1d6f
- Fix path of libdir in generate-policies.pl (#1474442) <tdawson@redhat.com>
Nikos Mavrogiannopoulos fc1d6f
Nikos Mavrogiannopoulos 855fe2
* Tue Jun  6 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170606-1.git7c32281
Nikos Mavrogiannopoulos 855fe2
- Updated to latest upstream
Nikos Mavrogiannopoulos 855fe2
- Allows gnutls applications in LEGACY mode, to use certificates of 768-bits
Nikos Mavrogiannopoulos 855fe2
Nikos Mavrogiannopoulos 4b072f
* Wed May 31 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170531-1.gitce0df7b
Nikos Mavrogiannopoulos 4b072f
- Updated to latest upstream
Nikos Mavrogiannopoulos 4b072f
- Added new kerberos key types
Nikos Mavrogiannopoulos 4b072f
42c016
* Sat Apr 01 2017 Björn Esser <besser82@fedoraproject.org> - 20170330-3.git55b66da
42c016
- Add Requires for update-crypto-policies in %%post
42c016
Petr Šabata 470eef
* Fri Mar 31 2017 Petr Šabata <contyk@redhat.com> - 20170330-2.git55b66da
Petr Šabata 470eef
- update-crypto-policies uses gred and sed, require them
Petr Šabata 470eef
Nikos Mavrogiannopoulos fc43c5
* Thu Mar 30 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170330-1-git55b66da
Nikos Mavrogiannopoulos fc43c5
- GnuTLS policies include RC4 in legacy mode (#1437213)
Nikos Mavrogiannopoulos fc43c5
Nikos Mavrogiannopoulos 683373
* Fri Feb 17 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160214-2-gitf3018dd
Nikos Mavrogiannopoulos 683373
- Added openssh file
Nikos Mavrogiannopoulos 683373
Nikos Mavrogiannopoulos 3668ec
* Tue Feb 14 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160214-1-gitf3018dd
Nikos Mavrogiannopoulos 3668ec
- Updated policies for BIND to address #1421875
Nikos Mavrogiannopoulos 3668ec
c91915
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20161111-2.gita2363ce
c91915
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
c91915
Nikos Mavrogiannopoulos 21e59f
* Fri Nov 11 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20161111-1-gita2363ce
Nikos Mavrogiannopoulos 21e59f
- Include OpenJDK documentation.
Nikos Mavrogiannopoulos 21e59f
Nikos Mavrogiannopoulos 99b4bd
* Tue Sep 27 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160926-2-git08b5501
Nikos Mavrogiannopoulos 99b4bd
- Improved messages on error.
Nikos Mavrogiannopoulos 99b4bd
Nikos Mavrogiannopoulos 71aaf1
* Mon Sep 26 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160926-1-git08b5501
Nikos Mavrogiannopoulos 71aaf1
- Added support for openssh client policy
Nikos Mavrogiannopoulos 71aaf1
Nikos Mavrogiannopoulos 24eee0
* Wed Sep 21 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160921-1-git75b9b04
Nikos Mavrogiannopoulos 24eee0
- Updated with latest upstream.
Nikos Mavrogiannopoulos 24eee0
Nikos Mavrogiannopoulos 88d0a4
* Thu Jul 21 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160718-2-gitdb5ca59
Nikos Mavrogiannopoulos 88d0a4
- Added support for administrator overrides in generated policies in local.d
Nikos Mavrogiannopoulos 88d0a4
Nikos Mavrogiannopoulos ef4add
* Thu Jul 21 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160718-1-git340cb69
Nikos Mavrogiannopoulos ef4add
- Fixed NSS policy generation to include allowed hash algorithms
Nikos Mavrogiannopoulos ef4add
Nikos Mavrogiannopoulos a58d94
* Wed Jul 20 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160718-1-gitcaa4a8d
Nikos Mavrogiannopoulos a58d94
- Updated to new version with auto-generated policies
Nikos Mavrogiannopoulos a58d94
Nikos Mavrogiannopoulos f52e3b
* Mon May 16 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20160516-1-git8f69c35
Nikos Mavrogiannopoulos f52e3b
- Generate policies for NSS
Nikos Mavrogiannopoulos f52e3b
- OpenJDK policies were updated for opendjk 8
Nikos Mavrogiannopoulos f52e3b
09c0d7
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 20151104-2.gitf1cba5f
09c0d7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
09c0d7
Nikos Mavrogiannopoulos c8c36e
* Wed Nov  4 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20151104-1-gitcf1cba5f
Nikos Mavrogiannopoulos c8c36e
- Generate policies for compat-gnutls28 (#1277790)
Nikos Mavrogiannopoulos c8c36e
Nikos Mavrogiannopoulos 143743
* Fri Oct 23 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20151005-2-gitc8452f8
b38bcc
- Generated files are put in a %%ghost directive
Nikos Mavrogiannopoulos 143743
Nikos Mavrogiannopoulos 3e19a4
* Mon Oct  5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20151005-1-gitc8452f8
Nikos Mavrogiannopoulos 3e19a4
- Updated policies from upstream
Nikos Mavrogiannopoulos 3e19a4
- Added support for the generation of libkrb5 policy
Nikos Mavrogiannopoulos 3e19a4
- Added support for the generation of openjdk policy
Nikos Mavrogiannopoulos 3e19a4
820f1e
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 20150518-2.gitffe885e
820f1e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
820f1e
Nikos Mavrogiannopoulos bd4065
* Mon May 18 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20150518-1-gitffe885e
Nikos Mavrogiannopoulos bd4065
- Updated policies to remove SSL 3.0 and RC4 (#1220679)
Nikos Mavrogiannopoulos bd4065
Nikos Mavrogiannopoulos 560b11
* Fri Mar  6 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20150305-3-git2eeb03b
Nikos Mavrogiannopoulos 560b11
- Added make check
Nikos Mavrogiannopoulos 560b11
Nikos Mavrogiannopoulos 578217
* Fri Mar  6 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20150305-2-git44afaa1
Nikos Mavrogiannopoulos 578217
- Removed support for SECLEVEL (#1199274)
Nikos Mavrogiannopoulos 578217
Nikos Mavrogiannopoulos 2ab32a
* Thu Mar  5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20150305-1-git098a8a6
Nikos Mavrogiannopoulos 2ab32a
- Include AEAD ciphersuites in gnutls (#1198979)
Nikos Mavrogiannopoulos 2ab32a
135b39
* Sun Jan 25 2015 Peter Robinson <pbrobinson@fedoraproject.org> 20150115-3-git9ef7493
135b39
- Bump release so lastest git snapshot is newer NVR
135b39
Nikos Mavrogiannopoulos 350475
* Thu Jan 15 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20150115-2-git9ef7493
Nikos Mavrogiannopoulos c04d98
- Updated to newest upstream version.
Nikos Mavrogiannopoulos c04d98
- Includes bind policies (#1179925)
Nikos Mavrogiannopoulos c04d98
Nikos Mavrogiannopoulos d1ef6b
* Tue Dec 16 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20141124-2-gitd4aa178
Nikos Mavrogiannopoulos d1ef6b
- Corrected typo in gnutls' future policy (#1173886)
Nikos Mavrogiannopoulos d1ef6b
Nikos Mavrogiannopoulos 57d553
* Mon Nov 24 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20141124-1-gitd4aa178
Nikos Mavrogiannopoulos 57d553
- re-enable SSL 3.0 (until its removal is coordinated with a Fedora change request)
Nikos Mavrogiannopoulos 57d553
Nikos Mavrogiannopoulos 9e4e7d
* Thu Nov 20 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20141120-1-git9a26a5b
Nikos Mavrogiannopoulos 9e4e7d
- disable SSL 3.0 (doesn't work in openssl)
Nikos Mavrogiannopoulos 9e4e7d
Nikos Mavrogiannopoulos b117fe
* Fri Sep 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140905-1-git4649b7d
Nikos Mavrogiannopoulos b117fe
- enforce the acceptable TLS versions in openssl
Nikos Mavrogiannopoulos b117fe
Nikos Mavrogiannopoulos be8bda
* Wed Aug 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140827-1-git4e06f1d
Nikos Mavrogiannopoulos be8bda
- fix issue with RC4 being disabled in DEFAULT settings for openssl
Nikos Mavrogiannopoulos be8bda
Nikos Mavrogiannopoulos 217f00
* Thu Aug 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140814-1-git80e1e98
Nikos Mavrogiannopoulos 217f00
- fix issue in post script run on upgrade (#1130074)
Nikos Mavrogiannopoulos 217f00
Nikos Mavrogiannopoulos f089cd
* Tue Aug 12 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140812-1-gitb914bfd
Nikos Mavrogiannopoulos f089cd
- updated crypto-policies from repository
Nikos Mavrogiannopoulos f089cd
06e911
* Fri Jul 11 2014 Tom Callaway <spot@fedoraproject.org> - 20140708-2-git3a7ae3f
06e911
- fix license handling
06e911
Nikos Mavrogiannopoulos d801ba
* Tue Jul 08 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140708-1-git3a7ae3f
Nikos Mavrogiannopoulos d801ba
- updated crypto-policies from repository
Nikos Mavrogiannopoulos d801ba
Nikos Mavrogiannopoulos 3b7744
* Fri Jun 20 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140620-1-gitdac1524
Nikos Mavrogiannopoulos 92d1b1
- updated crypto-policies from repository
Nikos Mavrogiannopoulos 92d1b1
- changed versioning
Nikos Mavrogiannopoulos 92d1b1
Nikos Mavrogiannopoulos 2be2d3
* Thu Jun 12 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-7-20140612gita2fa0c6
Nikos Mavrogiannopoulos 2be2d3
- updated crypto-policies from repository
Nikos Mavrogiannopoulos 2be2d3
663b6b
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-7.20140522gita50bad2
663b6b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
663b6b
Nikos Mavrogiannopoulos 11bdf2
* Thu May 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-6-20140522gita50bad2
Nikos Mavrogiannopoulos 11bdf2
- Require(post) coreutils (#1100335).
Nikos Mavrogiannopoulos 11bdf2
Nikos Mavrogiannopoulos fce648
* Tue May 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-5-20140522gita50bad2
Nikos Mavrogiannopoulos fce648
- Require coreutils.
Nikos Mavrogiannopoulos fce648
Nikos Mavrogiannopoulos c34e5a
* Thu May 22 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-4-20140522gita50bad2
Nikos Mavrogiannopoulos c34e5a
- Install the default configuration file.
Nikos Mavrogiannopoulos c34e5a
Nikos Mavrogiannopoulos de1cba
* Wed May 21 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-3-20140520git81364e4
Nikos Mavrogiannopoulos de1cba
- Run update-crypto-policies after installation.
Nikos Mavrogiannopoulos de1cba
Nikos Mavrogiannopoulos 41e494
* Tue May 20 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-2-20140520git81364e4
Nikos Mavrogiannopoulos 41e494
- Updated spec based on comments by Petr Lautrbach.
Nikos Mavrogiannopoulos 41e494
Nikos Mavrogiannopoulos 41e494
* Mon May 19 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9-1-20140519gitf15621a
Nikos Mavrogiannopoulos 41e494
- Initial package build
Nikos Mavrogiannopoulos 41e494