import crypto-policies-20241106-2.git7073416.el10

2 months ago · 83c7eaca35
parent 5dce1a8cdb
commit 83c7eaca35
3 changed files with 21 additions and 12 deletions
--- a/.crypto-policies.metadata
+++ b/.crypto-policies.metadata
@ -1 +1 @@
-bf586ce8a5b85e71c528d508094b567ad926c74e SOURCES/crypto-policies-git978ac26.tar.gz
+396b36b6eeb89a6bbf532110a65e030a2a5f990d SOURCES/crypto-policies-git7073416.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/crypto-policies-git978ac26.tar.gz
+SOURCES/crypto-policies-git7073416.tar.gz
--- a/SPECS/crypto-policies.spec
+++ b/SPECS/crypto-policies.spec
@ -1,12 +1,12 @@
-%global git_date 20241105
-%global git_commit 978ac269655ae739f577a8fc78e6b672c78524f8
+%global git_date 20241106
+%global git_commit 707341621f4d484685aa51cc71d2f73e9e7141ff
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}

 %global _python_bytecompile_extra 0

 Name:           crypto-policies
 Version:        %{git_date}
-Release:        1.git%{git_commit_hash}%{?dist}
+Release:        2.git%{git_commit_hash}%{?dist}
 Summary:        System-wide crypto policies

 License:        LGPL-2.1-or-later
@ -30,10 +30,10 @@ BuildRequires: make
 BuildRequires: systemd-rpm-macros

 Conflicts: openssl-libs < 1:3.2
-Conflicts: nss < 3.101
+Conflicts: nss < 3.101.0-9
 Conflicts: libreswan < 4.12
 Conflicts: openssh < 9.9p1
-Conflicts: gnutls < 3.8.5
+Conflicts: gnutls < 3.8.8

 %description
 This package provides pre-built configuration files with
@ -82,6 +82,12 @@ sed -i "s/'NSS_NO_TLS_REQUIRE_EMS', '0'/'NSS_NO_TLS_REQUIRE_EMS', '1'/" \
 sed -i "s/:TLS-REQUIRE-EMS:/:/" tests/outputs/*FIPS*.txt
 %endif

+%if 0%{?rhel} == 11
+# currently ELN NSS doesn't support mlkem768secp256r1
+sed -i '/P256-MLKEM768/d' python/policygenerators/nss.py
+sed -i "s/:mlkem768secp256r1:/:/" tests/outputs/*:TEST-PQ-nss.txt
+%endif
+
 %make_build

 %install
@ -241,16 +247,19 @@ exit 0
 %{_mandir}/man8/update-crypto-policies.8*
 %{_datarootdir}/crypto-policies/python

-%{_bindir}/fips-mode-setup
-%{_bindir}/fips-finish-install
-%{_mandir}/man8/fips-mode-setup.8*
-%{_mandir}/man8/fips-finish-install.8*
-
 %files pq-preview
 %{_datarootdir}/crypto-policies/policies/modules/TEST-PQ.pmod


 %changelog
+* Wed Nov 06 2024 Clemens Lang <cllang@redhat.com> - 20241106-2.git7073416
+- fips-mode-setup: Remove
+  Resolves: RHEL-65652
+
+* Wed Nov 06 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241106-1.git1bdaba3
+- gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
+- nss: add mlkem768x25519 and mlkem768secp256r1
+
 * Tue Nov 05 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20241105-1.git978ac26
 - gnutls: `allow-rsa-pkcs1-encrypt = false` everywhere but in LEGACY