crypto-policies-scripts-20210917.c9d86d1-150400.3.8.1<>,JLgdϭY p9ؿ[0l폜Q); N65X$ ,.ǦiL'3]']:$h&I蔶~}v _X;9 C!0hRž?e%7[X #CV]:.A`EȝeLkm5tl/딒Psf#jfFC{V')t.ӋE+.ƶMjTވW/۶쪠r 'Ze>C@?@d+ 8 _( >_88 8 d8 D8 |8 8888   (89T:F0G08H18I28X2Y2\28]38^7 b9c:ed:e:f:l:u; 8v; w> 8x>8y?z??@7@@@D@T@X@\@b@Ccrypto-policies-scripts20210917.c9d86d1150400.3.8.1Tool to switch between crypto policiesThis package provides a tool update-crypto-policies, which applies the policies provided by the crypto-policies package. These can be either the pre-built policies from the base package or custom policies defined in simple policy definition files. The package also provides a tool fips-mode-setup, which can be used to enable or disable the system FIPS mode.gLGPL-2.1-or-laterhttps://www.suse.com/Productivity/Networking/Securityhttps://gitlab.com/redhat-crypto/fedora-crypto-policieslinuxnoarch2%WS,[<@IBIT sS !S^)#r+37Zrp:AA큤A큤A큤A큤A큤A큤A큤큤g`>` l` l` l__#pmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comdimstar@opensuse.orgpmonreal@suse.compmonreal@suse.compmonreal@suse.comdimstar@opensuse.orgpmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comvcizek@suse.com- Make the supported versions change in the update-crypto-policies(8) man page persistent [bsc#1209998]. * Add patch crypto-policies-supported.patch * Rebase patches: - crypto-policies-asciidoc.patch - crypto-policies-no-build-manpages.patch- FIPS: Adapt the fips-mode-setup script to use the pbl command from the perl-Bootloader package to replace grubby. Add a note for transactional systems. Ship the man 8 pages for fips-mode-setup and fips-finish-install [jsc#PED-5041]. * Rebase crypto-policies-FIPS.patch- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup and fips-finish-install commands, add also the man pages. * Adapt the fips-mode-setup script for SLE [jsc#PED-5041] * Rebase crypto-policies-FIPS.patch * Simplify the man pages creation: - Rebase crypto-policies-no-build-manpages.patch - Add crypto-policies-asciidoc.patch- Update the update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. [bsc#1209998]- Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch- Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version * update-crypto-policies: fix pregenerated + local.d * openssh: allow validation with pre-8.5 * .gitlab-ci.yml: run commit-range against upstream * openssh: Use the new name for PubkeyAcceptedKeyTypes * sha1_in_dnssec: deprecate * .gitlab-ci.yml: test commit ranges * FIPS:OSPP: sign = -*-SHA2-224 * scoped policies: documentation update * scoped policies: use new features to the fullest... * scoped policies: rewrite + minimal policy changes * scoped policies: rewrite preparations * nss: postponing the version check again, to 3.64 - Remove patches fixed upstream: crypto-policies-typos.patch - Rebase: crypto-policies-test_supported_modules_only.patch - Merge crypto-policies-asciidoc.patch into crypto-policies-no-build-manpages.patch- Update to version 20210225.05203d2: * Disable DTLS0.9 protocol in the DEFAULT policy. * policies/FIPS: insignificant reformatting * policygenerators/libssh: respect ssh_certs * policies/modules/OSPP: tighten to follow RHEL 8 * crypto-policies(7): drop not-reenableable comment * follow up on disabling RC4- Remove not needed scripts: fips-finish-install fips-mode-setup- Disable DTLS0.9 protocol in GnuTLS DEFAULT policy. [bsc#1180938] * The minimum DTLS protocol version in the DEFAULT and FUTURE policies is DTLS1.2. * Fixed upstream: 05203d21f6d0ea9bbdb351e4600f1e273720bb8e- Update to version 20210213.5c710c0: [bsc#1180938] * setup_directories(): perform safer creation of directories * save_config(): avoid re-opening output file for each iteration * save_config(): break after first match to avoid unnecessary stat() calls * CryptoPolicy.parse(): actually stop parsing line on syntax error * ProfileConfig.parse_string(): correctly extended subpolicies * Exclude RC4 from LEGACY * Introduce rc4_md5_in_krb5 to narrow AD_SUPPORT * code style: fix 'not in' membership testing * pylintrc: tighten up a bit * formatting: avoid long lines * formatting: use f-strings instead of format() * formatting: reformat all python code with autopep8 * nss: postponing the version check again, to 3.61 * Revert "Unfortunately we have to keep ignoring the openssh check for sk-"- Use tar_scm service, not obs_scm: With crypto-policies entering Ring0 (distro bootstrap) we want to be sure to keep the buildtime deps as low as possible. - Add python3-base BuildRequires: previously, OBS' tar service pulled this in for us.- Add a BuildIgnore for crypto-policies- Use gzip instead of xz in obscpio and sources- Do not build the manpages to avoid build cycles - Add crypto-policies-no-build-manpages.patch- Convert to use a proper git source _service: + To update, one just needs to update the commit/revision in the _service file and run `osc service dr`. + The version of the package is defined by the commit date of the revision, followed by the abbreviated git hash (The same revision used before results thus in a downgrade to 20210118, but as this is a alltime new package, this is acceptable.- Update to git version 20210127 * Bump Python requirement to 3.6 * Output sigalgs required by nss >=3.59 * Do not require bind during build * Break build cycles with openssl and gnutls- Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option- Fix the man pages generation - Add crypto-policies-asciidoc.patch- Test only supported modules - Add crypto-policies-test_supported_modules_only.patch- Add crypto-policies-typos.patch to fix some typos- Initial packaging, git version 20200918 (jsc#SLE-15832)h01-ch4c 1732012578  !"#$%&'()*+,-./01234567820210917.c9d86d1-150400.3.8.1  fips-finish-installfips-mode-setupupdate-crypto-policiespython__pycache__build-crypto-policies.cpython-36.pycupdate-crypto-policies.cpython-36.pycbuild-crypto-policies.pycryptopolicies__init__.py__pycache____init__.cpython-36.pycalg_lists.cpython-36.pyccryptopolicies.cpython-36.pycalg_lists.pycryptopolicies.pyvalidation__init__.py__pycache____init__.cpython-36.pycalg_lists.cpython-36.pycgeneral.cpython-36.pycrules.cpython-36.pycscope.cpython-36.pycalg_lists.pygeneral.pyrules.pyscope.pypolicygenerators__init__.py__pycache____init__.cpython-36.pycbind.cpython-36.pycconfiggenerator.cpython-36.pycgnutls.cpython-36.pycjava.cpython-36.pyckrb5.cpython-36.pyclibreswan.cpython-36.pyclibssh.cpython-36.pycnss.cpython-36.pycopenssh.cpython-36.pycopenssl.cpython-36.pycbind.pyconfiggenerator.pygnutls.pyjava.pykrb5.pylibreswan.pylibssh.pynss.pyopenssh.pyopenssl.pyupdate-crypto-policies.pyfips-finish-install.8.gzfips-mode-setup.8.gzupdate-crypto-policies.8.gz/usr/bin//usr/share/crypto-policies//usr/share/crypto-policies/python//usr/share/crypto-policies/python/__pycache__//usr/share/crypto-policies/python/cryptopolicies//usr/share/crypto-policies/python/cryptopolicies/__pycache__//usr/share/crypto-policies/python/cryptopolicies/validation//usr/share/crypto-policies/python/cryptopolicies/validation/__pycache__//usr/share/crypto-policies/python/policygenerators//usr/share/crypto-policies/python/policygenerators/__pycache__//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:36476/SUSE_SLE-15-SP4_Update/195f4c3480d26389a4fa7f7dea5c4ed0-crypto-policies.SUSE_SLE-15-SP4_Updatedrpmxz5noarch-suse-linuxBourne-Again shell script, ASCII text executablea /usr/bin/sh script, ASCII text executabledirectorypython 3.6 byte-compiledPython script, UTF-8 Unicode text executablePython script, ASCII text executabletroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)RRRRRgh7YC/usr/bin/update-crypto-policies --no-check >/dev/null 2>/dev/null || :/bin/shperl-Bootloaderutf-8428e80292e8d47036d49c13937414ae4060ea5a960049b2680ab5e504248f322?7zXZ !t/]"k%8*6l"3ג_ib}k5+ =Vs~d {SG}K( t~l7Sce؏VM[:7?bqMTmF#[d1Pu` 'T; qšm<=^vɶ I㰀eNOyP2 B9ylM`(xG1de6_˹WeMl(m俨8t%´[7DbYO cGjkedD#.e momH6t4Ț3\W Dvw٬\zd'7Wc|oViF4{DF[H{ŀ`d oP`\LK\s2H$&4/ީ:B~Z_$rC^o=6[8E"c% 53D!zC'd0Oxu?e R}Yz6!-`fNڨ1ۆM(d *7@CRE'qJ WأB¥;&ȞQDD—+,Y1,-[&jPSÅ4:YVYda p~R}WISVGQA!M@8> 2Yd*唬Zٚ~T֒ _|c(~DtZܗ;5ZQgz#=g]F[ f|f/}On87ZJan{n@@k8m3F.޲׼( ƪ1-"&d)[ņzt5]Nv`?w}> 5MIEK2Sq48 .y"Wc o 7G0 ذ 8\gE*m gF3h薲1P0_Sk['~S,\YHDWP9`"Xtd