Projects
openEuler:Mainline
crypto-policies
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:crypto-policies.spec
Changed
@@ -4,7 +4,7 @@ Name: crypto-policies Version: %{git_date} -Release: 2.git%{git_commit_hash} +Release: 4.git%{git_commit_hash} Summary: Crypto policies package for Fedora License: LGPLv2+ @@ -17,6 +17,9 @@ Patch0: backport-rewrite-test-nss-pl-in-python.patch Patch1: backport-policygenerators-nss-output-sigalgs-nss-3-59.patch Patch2: crypto-policies-tests-outputs-NEXT-nss-output-sigalgs-nss-3-59.patch +Patch3: backport-Describe-some-of-the-quirks-of-the-back-end-config-g.patch +Patch4: backport-Makefile-support-overriding-asciidoc-executable-name.patch +Patch5: backport-Makefile-update-for-asciidoc-10.patch BuildArch: noarch BuildRequires: asciidoc @@ -148,6 +151,13 @@ %license COPYING.LESSER %changelog +* Mon Feb 27 2023 yixiangzhike <yixiangzhike007@163.com> - 20200619-4.git781bbd4 +- Makefile support overriding asciidoc executable name +- update Makefile for asciidoc 10 + +* Thu Oct 20 2022 yixiangzhike <yixiangzhike007@163.com> - 20200619-3.git781bbd4 +- backport upstream patch to add more notes for crypto-policies exceptions + * Fri Jan 7 2022 yixiangzhike <yixiangzhike007@163.com> - 20200619-2.git781bbd4 - add new algorithms in nss's config file to support nss >= 3.59 (ECDSA RSA-PSS RSA-PKCS)
View file
_service:tar_scm:backport-Describe-some-of-the-quirks-of-the-back-end-config-g.patch
Added
@@ -0,0 +1,56 @@ +From c40cedee6e5225dc72e590f9ff0282d876a2e5d5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tmraz@fedoraproject.org> +Date: Thu, 2 Jul 2020 15:40:01 +0200 +Subject: PATCH Describe some of the quirks of the back-end config + generators. + +--- + crypto-policies.7.txt | 25 ++++++++++++++++++++++++- + 1 file changed, 24 insertions(+), 1 deletion(-) + +diff --git a/crypto-policies.7.txt b/crypto-policies.7.txt +index 0971935..2b583b8 100644 +--- a/crypto-policies.7.txt ++++ b/crypto-policies.7.txt +@@ -277,7 +277,7 @@ COMMANDS + NOTES + ----- + +-*Exceptions:* ++*Exceptions* + + * *Go-language* applications do not yet follow the system-wide policy. + * *GnuPG-2* application does not follow the system-wide policy. +@@ -323,6 +323,29 @@ of individual applications: + * all *ECC* curves incompatible with *TLS 1.3*, including secp256k1 + * *IKEv1* + ++*Notable irregularities in the individual configuration generators* ++ ++* *OpenSSL*: The minimum length of the keys and some other parameters ++are enforced by the @SECLEVEL value which does not provide a fine ++granularity. The list of *TLS* ciphers is not generated as an exact list ++but by subtracting from all the supported ciphers for the enabled key ++exchange methods. For that reason there is no way to disable a random cipher. ++In particular all *AES-128* ciphers are disabled if the *AES-128-GCM* is not ++present in the list; all *AES-256* ciphers are disabled if the *AES-256-GCM* ++is not present. The *CBC* ciphers are disabled if there isn't *HMAC-SHA1* ++in the hmac list and *AES-256-CBC* in the cipher list. To disable the *CCM* ++ciphers both *AES-128-CCM* and *AES-256-CCM* must not be present in the cipher ++list. ++ ++* *GnuTLS*: The minimum length of the keys and some other parameters ++are enforced by min-verification-profile setting in the *GnuTLS* configuration ++file which does not provide fine granularity. ++ ++* *OpenSSH*: *DH* group 1 is always disabled on server even if the policy ++allows 1024 bit *DH* groups in general. The OpenSSH configuration option ++HostKeyAlgorithms is set only for the *SSH* server as otherwise the ++handling of the existing known hosts entries would be broken on client. ++ + HISTORY + ------- + +-- +2.33.0 +
View file
_service:tar_scm:backport-Makefile-support-overriding-asciidoc-executable-name.patch
Added
@@ -0,0 +1,36 @@ +From 66c30b1e2de5fd37d610463a8fb6e70f6164fecc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> +Date: Mon, 7 Nov 2022 16:56:43 +0100 +Subject: PATCH Makefile: support overriding asciidoc executable name + +Support `ASCIIDOC` override to specify another name for the asciidoc +executable. On Gentoo, only `asciidoc` is installed and there is no +`asciidoc.py`. Furthermore, this makes it possible to easily use +asciidoctor in place of asciidoc. +--- + Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index 0d93587..f99dc6d 100644 +--- a/Makefile ++++ b/Makefile +@@ -10,5 +10,6 @@ SCRIPTS=update-crypto-policies fips-finish-install fips-mode-setup + NUM_PROCS = $$(getconf _NPROCESSORS_ONLN) + PYVERSION = -3 ++ASCIIDOC?=asciidoc.py + + all: build + +@@ -109,7 +110,7 @@ clean: + rm -rf output + + %: %.txt +- asciidoc.py -v -d manpage -b docbook $< ++ $(ASCIIDOC) -v -d manpage -b docbook $< + xsltproc --nonet -o $@ /usr/share/asciidoc/docbook-xsl/manpage.xsl $@.xml + + dist: +-- +2.27.0 +
View file
_service:tar_scm:backport-Makefile-update-for-asciidoc-10.patch
Added
@@ -0,0 +1,38 @@ +From 8c7de0471c1de088ff3c332590ea91a71d4273c0 Mon Sep 17 00:00:00 2001 +From: Alexander Sosedkin <asosedkin@redhat.com> +Date: Mon, 20 Feb 2023 11:39:28 +0100 +Subject: PATCH Makefile: update for asciidoc 10 + +--- + Makefile | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index f99dc6d..e99ca19 100644 +--- a/Makefile ++++ b/Makefile +@@ -10,6 +10,11 @@ SCRIPTS=update-crypto-policies fips-finish-install fips-mode-setup + NUM_PROCS = $$(getconf _NPROCESSORS_ONLN) + PYVERSION = -3 +-ASCIIDOC?=asciidoc.py ++ASCIIDOC?=asciidoc ++ifneq ("$(wildcard /usr/lib/python*/*/asciidoc/resources/docbook-xsl/manpage.xsl)","") ++MANPAGEXSL?=$(wildcard /usr/lib/python*/*/asciidoc/resources/docbook-xsl/manpage.xsl) ++else ++MANPAGEXSL?=/usr/share/asciidoc/docbook-xsl/manpage.xsl ++endif + + all: build + +@@ -111,7 +116,7 @@ clean: + + %: %.txt + $(ASCIIDOC) -v -d manpage -b docbook $< +- xsltproc --nonet -o $@ /usr/share/asciidoc/docbook-xsl/manpage.xsl $@.xml ++ xsltproc --nonet -o $@ ${MANPAGEXSL} $@.xml + + dist: + rm -rf crypto-policies && git clone . crypto-policies && rm -rf crypto-policies/.git/ && tar -czf crypto-policies-git$(VERSION).tar.gz crypto-policies && rm -rf crypto-policies +-- +2.27.0 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/crypto-policies.git</param> - <param name="revision">c813320b042c2069375be37cf4b2fb10b1a72b31</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2