* Fri Sep 24 2021 pmonreal@suse.com - Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch * Fri Sep 24 2021 pmonreal@suse.com - Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version * update-crypto-policies: fix pregenerated + local.d * openssh: allow validation with pre-8.5 * .gitlab-ci.yml: run commit-range against upstream * openssh: Use the new name for PubkeyAcceptedKeyTypes * sha1_in_dnssec: deprecate * .gitlab-ci.yml: test commit ranges * FIPS:OSPP: sign = -*-SHA2-224 * scoped policies: documentation update * scoped policies: use new features to the fullest... * scoped policies: rewrite + minimal policy changes * scoped policies: rewrite preparations * nss: postponing the version check again, to 3.64 - Remove patches fixed upstream: crypto-policies-typos.patch - Rebase: crypto-policies-test_supported_modules_only.patch - Merge crypto-policies-asciidoc.patch into crypto-policies-no-build-manpages.patch * Thu Feb 25 2021 pmonreal@suse.com - Update to version 20210225.05203d2: * Disable DTLS0.9 protocol in the DEFAULT policy. * policies/FIPS: insignificant reformatting * policygenerators/libssh: respect ssh_certs * policies/modules/OSPP: tighten to follow RHEL 8 * crypto-policies(7): drop not-reenableable comment * follow up on disabling RC4 * Thu Feb 25 2021 pmonreal@suse.com - Remove not needed scripts: fips-finish-install fips-mode-setup * Wed Feb 24 2021 pmonreal@suse.com - Disable DTLS0.9 protocol in GnuTLS DEFAULT policy. [bsc#1180938] * The minimum DTLS protocol version in the DEFAULT and FUTURE policies is DTLS1.2. * Fixed upstream: 05203d21f6d0ea9bbdb351e4600f1e273720bb8e * Wed Feb 17 2021 pmonreal@suse.com - Update to version 20210213.5c710c0: [bsc#1180938] * setup_directories(): perform safer creation of directories * save_config(): avoid re-opening output file for each iteration * save_config(): break after first match to avoid unnecessary stat() calls * CryptoPolicy.parse(): actually stop parsing line on syntax error * ProfileConfig.parse_string(): correctly extended subpolicies * Exclude RC4 from LEGACY * Introduce rc4_md5_in_krb5 to narrow AD_SUPPORT * code style: fix 'not in' membership testing * pylintrc: tighten up a bit * formatting: avoid long lines * formatting: use f-strings instead of format() * formatting: reformat all python code with autopep8 * nss: postponing the version check again, to 3.61 * Revert "Unfortunately we have to keep ignoring the openssh check for sk-" * Tue Feb 9 2021 dimstar@opensuse.org - Use tar_scm service, not obs_scm: With crypto-policies entering Ring0 (distro bootstrap) we want to be sure to keep the buildtime deps as low as possible. - Add python3-base BuildRequires: previously, OBS' tar service pulled this in for us. * Mon Feb 8 2021 pmonreal@suse.com - Add a BuildIgnore for crypto-policies * Mon Feb 8 2021 pmonreal@suse.com - Use gzip instead of xz in obscpio and sources * Fri Feb 5 2021 pmonreal@suse.com - Do not build the manpages to avoid build cycles - Add crypto-policies-no-build-manpages.patch * Tue Feb 2 2021 dimstar@opensuse.org - Convert to use a proper git source _service: + To update, one just needs to update the commit/revision in the _service file and run `osc service dr`. + The version of the package is defined by the commit date of the revision, followed by the abbreviated git hash (The same revision used before results thus in a downgrade to 20210118, but as this is a alltime new package, this is acceptable. * Tue Feb 2 2021 pmonreal@suse.com - Update to git version 20210127 * Bump Python requirement to 3.6 * Output sigalgs required by nss >=3.59 * Do not require bind during build * Break build cycles with openssl and gnutls * Thu Jan 21 2021 pmonreal@suse.com - Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option * Thu Jan 21 2021 pmonreal@suse.com - Fix the man pages generation - Add crypto-policies-asciidoc.patch * Thu Jan 21 2021 pmonreal@suse.com - Test only supported modules - Add crypto-policies-test_supported_modules_only.patch * Tue Dec 22 2020 pmonreal@suse.com - Add crypto-policies-typos.patch to fix some typos * Thu Nov 12 2020 vcizek@suse.com - Initial packaging, git version 20200918 (jsc#SLE-15832)