diff --git a/crypto-policies.spec b/crypto-policies.spec index 7a8c6bf..64e6393 100644 --- a/crypto-policies.spec +++ b/crypto-policies.spec @@ -1,5 +1,5 @@ -%global git_date 20200610 -%global git_commit 7f9d4740ab57287dffac13490bc82bf3f5f1b014 +%global git_date 20200625 +%global git_commit b298a9e107b7e9699b36879eca031d1900ded1c4 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})} %global _python_bytecompile_extra 0 @@ -90,7 +90,7 @@ touch %{buildroot}%{_sysconfdir}/crypto-policies/state/current touch %{buildroot}%{_sysconfdir}/crypto-policies/state/CURRENT.pol # Create back-end configs for mounting with read-only /etc/ -for d in LEGACY DEFAULT NEXT FUTURE FIPS ; do +for d in LEGACY DEFAULT FUTURE FIPS ; do mkdir -p -m 755 %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d for f in %{buildroot}%{_datarootdir}/crypto-policies/$d/* ; do ln $f %{buildroot}%{_datarootdir}/crypto-policies/back-ends/$d/$(basename $f .txt).config @@ -169,7 +169,6 @@ end %{_mandir}/man7/crypto-policies.7* %{_datarootdir}/crypto-policies/LEGACY %{_datarootdir}/crypto-policies/DEFAULT -%{_datarootdir}/crypto-policies/NEXT %{_datarootdir}/crypto-policies/FUTURE %{_datarootdir}/crypto-policies/FIPS %{_datarootdir}/crypto-policies/EMPTY @@ -192,6 +191,17 @@ end %{_mandir}/man8/fips-finish-install.8* %changelog +* Thu Jun 25 2020 Tomáš Mráz - 20200625-1.gitb298a9e +- DEFAULT policy: Drop DH < 2048 bits, TLS 1.0, 1.1, SHA-1 +- make the NEXT policy just an alias for DEFAULT as they are now identical +- policies: introduce sha1_in_dnssec value for BIND +- add SHA1 and FEDORA32 policy modules to provide backwards compatibility + they can be applied as DEFAULT:SHA1 or DEFAULT:FEDORA32 +- avoid duplicates of list items in resulting policy + +* Wed Jun 24 2020 Tomáš Mráz - 20200619-1.git781bbd4 +- gnutls: enable DSA signatures in LEGACY + * Wed Jun 10 2020 Tomáš Mráz - 20200610-1.git7f9d474 - openssh server: new format of configuration to be loaded by config include - fallback to FIPS policy instead of the default-config in FIPS mode