Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

crypto-policies-20190527-1.git0b3add8.fc30 RPM for noarch

From Fedora 30 updates for armhfp / Packages / c

Name: crypto-policies Distribution: Fedora Project
Version: 20190527 Vendor: Fedora Project
Release: 1.git0b3add8.fc30 Build date: Mon May 27 14:45:55 2019
Group: Unspecified Build host: buildvm-ppc64le-22.ppc.fedoraproject.org
Size: 68793 Source RPM: crypto-policies-20190527-1.git0b3add8.fc30.src.rpm
Packager: Fedora Project
Url: https://gitlab.com/redhat-crypto/fedora-crypto-policies
Summary: Systemwide crypto policies
This package provides a tool update-crypto-policies, which sets
the policy applicable for the various cryptographic back-ends, such as
SSL/TLS libraries. The policy set by the tool will be the default policy
used by these back-ends unless the application user configures them otherwise.

The package also provides a tool fips-mode-setup, which can be used
to enable or disable the system FIPS mode.

Provides

Requires

License

LGPLv2+

Changelog

* Mon May 27 2019 Tomáš Mráz <tmraz@redhat.com> - 20190211-1.git0b3add8
  - libreswan: coalesce proposals to avoid IKE packet fragmentation
  - openssh: add missing curve25519-sha256 to the key exchange list
  - nss: map X25519 to CURVE25519
  - do not fail in the Java test if the EMPTY policy is not really empty
* Mon Feb 11 2019 Tomáš Mráz <tmraz@redhat.com> - 20190211-2.gite3eacfc
  - add crypto-policies.7 manual page
  - Java: Fix FIPS and FUTURE policy to allow RSA certificates in TLS
  - cleanup duplicate and incorrect information from update-crypto-policies.8
    manual page
  - update-crypto-policies: Fix endless loop
  - update-crypto-policies: Add warning about the need of system restart
  - FUTURE: Add mistakenly ommitted EDDSA-ED25519 signature algorithm
  - openssh: Add missing SHA2 variants of RSA certificates to the policy
  - return exit code 2 when printing usage from all the tools
  - update-crypto-policies: add --no-reload option for testing
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20181122-2.git70769d9
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Nov 22 2018 Tomáš Mráz <tmraz@redhat.com> - 20181122-1.git70769d9
  - update-crypto-policies: fix error on multiple matches in local.d
* Tue Nov 20 2018 Tomáš Mráz <tmraz@redhat.com> - 20181120-1.gitd2b3bc4
  - Print warning when update-crypto-policies --set is used in the FIPS mode
  - Java: Add 3DES and RC4 to legacy algorithms in LEGACY policy
  - OpenSSL: Properly disable non AEAD and AES128 ciphersuites in FUTURE
  - libreswan: Add chacha20_poly1305 to all policies and drop ikev1 from LEGACY
* Fri Oct 26 2018 Tomáš Mráz <tmraz@redhat.com> - 20181026-1.gitd42aaa6
  - Fix regression in discovery of additional configuration
  - NSS: add DSA keyword to LEGACY policy
  - GnuTLS: Add 3DES and RC4 to LEGACY policy
* Tue Sep 25 2018 Tomáš Mráz <tmraz@redhat.com> - 20180925-1.git71ca85f
  - Use Recommends instead of Requires for grubby
  - Revert setting of HostKeyAlgorithms for ssh client for now
* Fri Sep 21 2018 Tomáš Mráz <tmraz@redhat.com> - 20180921-2.git391ed9f
  - Fix requires for grubby
* Fri Sep 21 2018 Tomáš Mráz <tmraz@redhat.com> - 20180921-1.git391ed9f
  - OpenSSH: Generate policy for sign algorithms
  - Enable >= 255 bits EC curves in FUTURE policy
  - OpenSSH: Add group1 key exchanges in LEGACY policy
  - NSS: Add SHA224 to hash lists
  - Print warning when update-crypto-policies --set FIPS is used
  - fips-mode-setup: Kernel boot options are now modified with grubby
* Thu Aug 02 2018 Tomáš Mráz <tmraz@redhat.com> - 20180802-1.git1626592
  - Introduce NEXT policy
* Mon Jul 30 2018 Tomáš Mráz <tmraz@redhat.com> - 20180730-1.git9d9f21d
  - Add OpenSSL configuration file include support
* Tue Jul 24 2018 Tomáš Mráz <tmraz@redhat.com> - 20180723-1.gitdb825c0
  - Initial FIPS mode setup support
  - NSS: Add tests for the generated policy
  - Enable TLS-1.3 if available in the respective TLS library
  - Enable SHA1 in certificates in LEGACY policy
  - Disable CAMELLIA
  - libreswan: Multiple bug fixes in policies
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20180425-6.git6ad4018
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri May 18 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-5.git6ad4018
  - Fix patch0
* Fri May 18 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-4.git6ad4018
  - Remove Requires: systemd
  - Add Patch to silence warnings from reload-cmds
* Thu May 17 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-3.git6ad4018
  - Requires: systemd should be added too
* Thu May 17 2018 Björn Esser <besser82@fedoraproject.org> - 20180425-2.git6ad4018
  - Add Requires(post): systemd to fix:
    crypto-policies/reload-cmds.sh: line 1: systemctl: command not found
* Wed Apr 25 2018 Tomáš Mráz <tmraz@redhat.com> - 20180425-1.git6ad4018
  - Restart/reload only enabled services
  - Do not enable PSK ciphersuites by default in gnutls and openssl
  - krb5: fix when more than 2048 bits keys are required
  - Fix discovery of additional configurations #1564595
  - Fix incorrect ciphersuite setup for libreswan
* Tue Mar 06 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20180306-1.gitaea6928
  - Updated policy to reduce DH parameter size on DEFAULT level, taking into
    account feedback in #1549242,1#534532.
  - Renamed openssh-server.config to opensshserver.config to reduce conflicts
    when local.d/ appending is used.
* Tue Feb 27 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20180227-1.git0ce1729
  - Updated to include policies for libreswan
* Mon Feb 12 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20180112-1.git386e3fe
  - Updated to apply the settings as in StrongCryptoSettings project. The restriction
    to TLS1.2, is not yet applied as we have no method to impose that in openssl.
    https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 20171115-3.git921600e
  - Escape macros in %changelog
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20171115-2.git921600e
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Nov 15 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20171115-1.git921600e
  - Updated openssh policies for new openssh without rc4
  - Removed policies for compat-gnutls28
* Wed Aug 23 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170823-1.git8d18c27
  - Updated gnutls policies for 3.6.0
* Wed Aug 16 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170816-1.git2618a6c
  - Updated to latest upstream
  - Restarts openssh server on policy update
* Wed Aug 02 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170802-1.git9300620
  - Updated to latest upstream
  - Reloads openssh server on policy update
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20170606-4.git7c32281
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Jul 25 2017 Igor Gnatenko <ignatenko@redhat.com> - 20170606-3.git7c32281
  - Restore Requires(post)
* Mon Jul 24 2017 Troy Dawson <tdawson@redhat.com> 20170606-2.git7c32281
  - perl dependency renamed to perl-interpreter <ppisar@redhat.com>
  - remove useless Requires(post) <ignatenko@redhat.com>
  - Fix path of libdir in generate-policies.pl (#1474442) <tdawson@redhat.com>
* Tue Jun 06 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170606-1.git7c32281
  - Updated to latest upstream
  - Allows gnutls applications in LEGACY mode, to use certificates of 768-bits
* Wed May 31 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170531-1.gitce0df7b
  - Updated to latest upstream
  - Added new kerberos key types

Files

/etc/crypto-policies
/etc/crypto-policies/back-ends
/etc/crypto-policies/back-ends/bind.config
/etc/crypto-policies/back-ends/gnutls.config
/etc/crypto-policies/back-ends/java.config
/etc/crypto-policies/back-ends/krb5.config
/etc/crypto-policies/back-ends/libreswan.config
/etc/crypto-policies/back-ends/nss.config
/etc/crypto-policies/back-ends/openjdk.config
/etc/crypto-policies/back-ends/openssh.config
/etc/crypto-policies/back-ends/opensshserver.config
/etc/crypto-policies/back-ends/openssl.config
/etc/crypto-policies/back-ends/opensslcnf.config
/etc/crypto-policies/config
/etc/crypto-policies/local.d
/usr/bin/fips-finish-install
/usr/bin/fips-mode-setup
/usr/bin/update-crypto-policies
/usr/share/crypto-policies
/usr/share/crypto-policies/DEFAULT/bind.txt
/usr/share/crypto-policies/DEFAULT/gnutls.txt
/usr/share/crypto-policies/DEFAULT/java.txt
/usr/share/crypto-policies/DEFAULT/krb5.txt
/usr/share/crypto-policies/DEFAULT/libreswan.txt
/usr/share/crypto-policies/DEFAULT/nss.txt
/usr/share/crypto-policies/DEFAULT/openssh.txt
/usr/share/crypto-policies/DEFAULT/opensshserver.txt
/usr/share/crypto-policies/DEFAULT/openssl.txt
/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
/usr/share/crypto-policies/EMPTY/bind.txt
/usr/share/crypto-policies/EMPTY/gnutls.txt
/usr/share/crypto-policies/EMPTY/java.txt
/usr/share/crypto-policies/EMPTY/krb5.txt
/usr/share/crypto-policies/EMPTY/libreswan.txt
/usr/share/crypto-policies/EMPTY/nss.txt
/usr/share/crypto-policies/EMPTY/openssh.txt
/usr/share/crypto-policies/EMPTY/opensshserver.txt
/usr/share/crypto-policies/EMPTY/openssl.txt
/usr/share/crypto-policies/EMPTY/opensslcnf.txt
/usr/share/crypto-policies/FIPS/bind.txt
/usr/share/crypto-policies/FIPS/gnutls.txt
/usr/share/crypto-policies/FIPS/java.txt
/usr/share/crypto-policies/FIPS/krb5.txt
/usr/share/crypto-policies/FIPS/libreswan.txt
/usr/share/crypto-policies/FIPS/nss.txt
/usr/share/crypto-policies/FIPS/openssh.txt
/usr/share/crypto-policies/FIPS/opensshserver.txt
/usr/share/crypto-policies/FIPS/openssl.txt
/usr/share/crypto-policies/FIPS/opensslcnf.txt
/usr/share/crypto-policies/FUTURE/bind.txt
/usr/share/crypto-policies/FUTURE/gnutls.txt
/usr/share/crypto-policies/FUTURE/java.txt
/usr/share/crypto-policies/FUTURE/krb5.txt
/usr/share/crypto-policies/FUTURE/libreswan.txt
/usr/share/crypto-policies/FUTURE/nss.txt
/usr/share/crypto-policies/FUTURE/openssh.txt
/usr/share/crypto-policies/FUTURE/opensshserver.txt
/usr/share/crypto-policies/FUTURE/openssl.txt
/usr/share/crypto-policies/FUTURE/opensslcnf.txt
/usr/share/crypto-policies/LEGACY/bind.txt
/usr/share/crypto-policies/LEGACY/gnutls.txt
/usr/share/crypto-policies/LEGACY/java.txt
/usr/share/crypto-policies/LEGACY/krb5.txt
/usr/share/crypto-policies/LEGACY/libreswan.txt
/usr/share/crypto-policies/LEGACY/nss.txt
/usr/share/crypto-policies/LEGACY/openssh.txt
/usr/share/crypto-policies/LEGACY/opensshserver.txt
/usr/share/crypto-policies/LEGACY/openssl.txt
/usr/share/crypto-policies/LEGACY/opensslcnf.txt
/usr/share/crypto-policies/NEXT/bind.txt
/usr/share/crypto-policies/NEXT/gnutls.txt
/usr/share/crypto-policies/NEXT/java.txt
/usr/share/crypto-policies/NEXT/krb5.txt
/usr/share/crypto-policies/NEXT/libreswan.txt
/usr/share/crypto-policies/NEXT/nss.txt
/usr/share/crypto-policies/NEXT/openssh.txt
/usr/share/crypto-policies/NEXT/opensshserver.txt
/usr/share/crypto-policies/NEXT/openssl.txt
/usr/share/crypto-policies/NEXT/opensslcnf.txt
/usr/share/crypto-policies/default-config
/usr/share/crypto-policies/reload-cmds.sh
/usr/share/licenses/crypto-policies
/usr/share/licenses/crypto-policies/COPYING.LESSER
/usr/share/man/man7/crypto-policies.7.gz
/usr/share/man/man8/fips-finish-install.8.gz
/usr/share/man/man8/fips-mode-setup.8.gz
/usr/share/man/man8/update-crypto-policies.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jul 10 08:11:53 2020