import crypto-policies-20221215-1.git9a18988.el9_2.1

1 year ago · 7bd1abccc0
parent 1df7dc82c8
commit 7bd1abccc0
3 changed files with 18 additions and 9 deletions
--- a/.crypto-policies.metadata
+++ b/.crypto-policies.metadata
@ -1 +1 @@
-fbe5c6bd87287dd2059da06f83ce4363ed898773 SOURCES/crypto-policies-git9a18988.tar.gz
+8fe9be3f275cc392417de1c44d15fe4269b609c2 SOURCES/crypto-policies-git03b28b3.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/crypto-policies-git9a18988.tar.gz
+SOURCES/crypto-policies-git03b28b3.tar.gz
--- a/SPECS/crypto-policies.spec
+++ b/SPECS/crypto-policies.spec
@ -1,5 +1,4 @@
-%global git_date 20221215
-%global git_commit 9a189880a1cda3c0bbedab06d405c0a724c0a2f7
+%global git_commit 03b28b32c3dd992c251b9a05352f1234582c18e4
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}

 %global _python_bytecompile_extra 0
@ -27,19 +26,20 @@
 %endif

 Name:           crypto-policies
-Version:        %{git_date}
-Release:        1.git%{git_commit_hash}%{?dist}
+Version:        20221215
+Release:        1.git9a18988%{?dist}.1
 Summary:        System-wide crypto policies

 License:        LGPLv2+
 URL:            https://gitlab.com/redhat-crypto/fedora-crypto-policies
-# For RHEL-9 we use the upstream branch rhel9.
+# For RHEL-9.2 we use the upstream branch rhel9.2 and are freezing version at 20221215-1.git9a18988.
 Source0:        https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz

 BuildArch: noarch
 BuildRequires: asciidoc
 BuildRequires: libxslt
 BuildRequires: openssl
+BuildRequires: nss-tools
 BuildRequires: gnutls-utils >= 3.6.0
 BuildRequires: java-1.8.0-openjdk-devel
 BuildRequires: bind
@ -52,10 +52,10 @@ BuildRequires: python3-pytest
 BuildRequires: make

 Conflicts: openssl < 1:3.0.1-10
-Conflicts: nss < 3.44.0
+Conflicts: nss < 3.90.0
 Conflicts: libreswan < 3.28
 Conflicts: openssh < 8.7p1-24
-Conflicts: gnutls < 3.7.2-3
+Conflicts: gnutls < 3.7.6-21.el9_2

 %description
 This package provides pre-built configuration files with
@ -190,6 +190,7 @@ end
 %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/krb5.config
 %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libreswan.config
 %ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/libssh.config
+%ghost %config(missingok,noreplace) %verify(not mode) %{_sysconfdir}/crypto-policies/back-ends/openssl_fips.config
 # %verify(not mode) comes from the fact
 # these turn into symlinks and back to regular files at will, see bz1898986

@ -219,6 +220,14 @@ end
 %{_mandir}/man8/fips-finish-install.8*

 %changelog
+* Wed Aug 02 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988.1
+- FIPS: enforce EMS in FIPS mode
+- NO-ENFORCE-EMS: add subpolicy to undo the EMS enforcement in FIPS mode
+- nss: implement EMS enforcement in FIPS mode
+- openssl: implement EMS enforcement in FIPS mode
+- gnutls: implement EMS enforcement in FIPS mode
+- docs: replace `FIPS 140-2` with just `FIPS 140`
+
 * Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
 - bind: expand the list of disableable algorithms