[ol9_baseos_latest] crypto-policies-scripts-20240828-2.git626aa59.el9_5.noarch

Name:	crypto-policies-scripts
Version:	20240828
Release:	2.git626aa59.el9_5
Architecture:	noarch
Group:	Unspecified
Size:	249386
License:	LGPL-2.1-or-later
RPM:	crypto-policies-scripts-20240828-2.git626aa59.el9_5.noarch.rpm
Source RPM:	crypto-policies-20240828-2.git626aa59.el9_5.src.rpm
Build Date:	Wed Nov 13 2024
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://gitlab.com/redhat-crypto/fedora-crypto-policies
Summary:	Tool to switch between crypto policies
Description:	This package provides a tool update-crypto-policies, which applies the policies provided by the crypto-policies package. These can be either the pre-built policies from the base package or custom policies defined in simple policy definition files. The package also provides a tool fips-mode-setup, which can be used to enable or disable the system FIPS mode.

Changelog (Show File list) (Show related packages)

Tue Sep 17 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240828-2.git626aa59
```
- release bump
```
Wed Aug 28 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240828-1.git626aa59
```
- fips-mode-setup: small Argon2 detection fix
```
Thu Aug 22 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240822-1.gitbaf3e06
```
- fips-mode-setup: block if LUKS devices using Argon2 are detected
```

Thu Aug 15 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240815-1.gite217f03

- java: start controlling / disable DTLSv1.0
- java: disable anon ciphersuites, tying them to NULL
- java: respect more key size restrictions
- java: specify jdk.tls.namedGroups system property
- java: make hash, mac and sign more orthogonal
- fips-mode-setup: add another scary "unsupported"
- fips-mode-setup: flashy ticking warning upon use
- java: use and include jdk.disabled.namedCurves
- ec_min_size: introduce and use in java, default to 256
- java: stop specifying jdk.tls.namedGroups in javasystem
- fips-setup-helper: add a libexec helper for anaconda
- fips-mode-setup: force --no-bootcfg when UKI is detected

Mon Mar 04 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240304-1.gitb1c706d

- packaging: remove perl build-dependency, it's not needed anymore
- packaging: use newly introduced SKIP_LINTING=1
- packaging: drop stale workarounds

Fri Feb 02 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240202-1.git283706d

- fips-finish-install: make sure ostree is detected in chroot
- fips-mode-setup: make sure ostree is detected in chroot
- fips-finish-install: Create/remove /etc/system-fips on ostree systems
- java: disable ChaCha20-Poly1305 where applicable

Mon Nov 13 2023 Clemens Lang <cllang@redhat.com> - 20231113-1.gite9247c2

- fips-mode-setup: Fix test for empty /boot (RHEL-11350)
- fips-mode-setup: Avoid 'boot=UUID=' if /boot == / (RHEL-11350)

Thu Nov 09 2023 Clemens Lang <cllang@redhat.com> - 20231109-1.git0ceff7f

- Restore support for scoped ssh_etm directives (RHEL-15925)
- Print matches in syntax deprecation warnings (RHEL-15925)

Wed Nov 08 2023 Clemens Lang <cllang@redhat.com> - 20231108-1.git994ae09

- turn ssh_etm into an etm@SSH tri-state (RHEL-15925)
- fips-mode-setup: increase chroot-friendliness (RHEL-11350)
- fips-mode-setup: Fix usage with --no-bootcfg (RHEL-11350)

Mon Oct 16 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20231016-1.git77ceb0b

- openssl: fix SHA1 and NO-ENFORCE-EMS interaction
- bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx