ID | 46216 |
Package Name | crypto-policies |
Version | 20230505 |
Release | 1.gitf69bbc2.el9sbase_901 |
Epoch | |
Source | git+https://gitlab.com/redhat/centos-stream/rpms/crypto-policies.git#2b21b5d6000f23f9f06faf0c23dd477e7f6f2cb6 |
Summary |
Description |
Built by | tdawson |
State |
complete
|
Volume |
DEFAULT |
Started | Wed, 14 Jun 2023 20:52:00 UTC |
Completed | Wed, 14 Jun 2023 20:59:22 UTC |
Task | build (isa9s-packages-baseline-el9sbase, /redhat/centos-stream/rpms/crypto-policies.git:2b21b5d6000f23f9f06faf0c23dd477e7f6f2cb6) |
Extra | {'source': {'original_url': 'git+https://gitlab.com/redhat/centos-stream/rpms/crypto-policies.git#2b21b5d6000f23f9f06faf0c23dd477e7f6f2cb6'}} |
Tags |
|
RPMs |
src | |
|
crypto-policies-20230505-1.gitf69bbc2.el9sbase_901.src.rpm (info) (download) |
noarch |
|
crypto-policies-20230505-1.gitf69bbc2.el9sbase_901.noarch.rpm (info) (download)
|
|
crypto-policies-scripts-20230505-1.gitf69bbc2.el9sbase_901.noarch.rpm (info) (download)
|
|
Logs |
|
Changelog |
* Fri May 05 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230505-1.gitf69bbc2
- openssl: set Groups explicitly
- openssl: add support for Brainpool curves
* Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
- bind: expand the list of disableable algorithms
* Mon Oct 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221003-1.git04dee29
- openssh: rename RSAMinSize option to RequiredRSASize
* Mon Aug 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220815-1.git0fbe86f
- openssh: add RSAMinSize option following min_rsa_size
* Wed Apr 27 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220427-1.gitb2323a1
- bind: control ED25519/ED448
* Mon Apr 04 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220404-1.git845c0c1
- DEFAULT: drop DNSSEC SHA-1 exception
- openssh: add support for sntrup761x25519-sha512@openssh.com
* Wed Feb 23 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220223-1.git5203b41
- openssl: allow SHA-1 signatures with rh-allow-sha1-signatures in LEGACY
- update AD-SUPPORT, move RC4 enctype enabling to AD-SUPPORT-LEGACY
- fips-mode-setup: catch more inconsistencies, clarify --check
* Thu Feb 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220203-1.gitf03e75e
- gnutls: enable SHAKE, needed for Ed448
- fips-mode-setup: improve handling FIPS plus subpolicies
- FIPS: disable SHA-1 HMAC
- FIPS: disable CBC ciphers except in Kerberos
* Tue Feb 01 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220201-1.git636a91d
- openssl: revert to SECLEVEL=2 in LEGACY
- openssl: add newlines at the end of the output
* Mon Nov 15 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20211115-1.git70de135
- OSPP: relax -ECDSA-SHA2-512, -FFDHE-*
- fips-mode-setup, fips-finish-install: call zipl more often (s390x-specific)
* Wed Sep 22 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210922-1.git6fb269b
- openssl: fix disabling ChaCha20
- update for pylint 2.11
* Tue Sep 14 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210914-1.git97d08ef
- gnutls: reorder ECDSA-SECPMMMR1-SHANNN together with ECDSA-SHANNN
- fix several issues with update-crypto-policies --check
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 20210707-2.git29f6c0b
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 07 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210707-1.git29f6c0b
- gnutls: explicitly enable ECDSA-SECPNNNR1-SHANNN
- packaging: adapt to the RHEL-9 %check-time testing tools availability
* Mon Jun 28 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210628-1.gitdd7d273
- implement scoped policies, e.g., cipher@SSH = ...
- implement algorithm globbing, e.g., cipher@SSH = -*-CBC
- deprecate derived properties:
tls_cipher, ssh_cipher, ssh_group, ike_protocol, sha1_in_dnssec
- deprecate unscoped form of protocol property
- openssl: set MinProtocol / MaxProtocol separately for TLS and DTLS
- openssh: use PubkeyAcceptedAlgorithms instead of PubkeyAcceptedKeyTypes
- libssh: respect ssh_certs
- restrict FIPS:OSPP further
- improve Python 3.10 compatibility
- update documentation
- expand upstream test coverage
- FUTURE: disable CBC ciphers for all backends but krb5
- openssl: LEGACY must have SECLEVEL=1, enabling SHA1
- disable DHE-DSS in LEGACY
- bump LEGACY key size requirements from 1023 to 1024
- add javasystem backend
- *ssh: condition ecdh-sha2-nistp384 on SECP384R1
- set %verify(not mode) for backend sometimes-symlinks-sometimes-not
- gnutls: use allowlisting
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 20210218-3.git2246c55
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
|