crypto-policies-scripts-20210917.c9d86d1-150400.3.6.1<>,pĉe\p9|!lQ ڧ7R6I2L}dfC zP-d v 3RE"4)QFۈR鐡K Jp/sA~U>o!8ndBiC{ J:ɧ3OxSJ$24+}.uy {+e*lZIy?b7C@?@d+ 8 _( >_88 8 d8 D8 |8 8888   (89T:F0G08H18I28X2Y2\28]38^7 b9c:ed:e:f:l:u; 8v; w> 8x>8y?z??@7@@@D@T@X@\@b@Ccrypto-policies-scripts20210917.c9d86d1150400.3.6.1Tool to switch between crypto policiesThis package provides a tool update-crypto-policies, which applies the policies provided by the crypto-policies package. These can be either the pre-built policies from the base package or custom policies defined in simple policy definition files. The package also provides a tool fips-mode-setup, which can be used to enable or disable the system FIPS mode.e\h01-ch3b4`SUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/Productivity/Networking/Securityhttps://gitlab.com/redhat-crypto/fedora-crypto-policieslinuxnoarch2%WS,[<@IBIT sS !S^)#r+37Zrp:AA큤A큤A큤A큤A큤A큤A큤큤eYeYaDTeZeZeZeZaDTeZaDTeZeZeZeZaDTaDTeZaDTeZeZeZeZeZeZaDTaDTaDTaDTeZaDTeZeZeZeZeZeZeZeZeZeZeZeZaDTaDTaDTaDTaDTaDTaDTaDTaDTaDTaDTeZeZeZ55ff95cb963e896c5ce6fe3fb9e2334a507561e38d6a27b7ad8266b57b5057442eb9d218b87eba5d06c7bc1aefa8f257041bd7af9794af1a41e052a4a822961b6addb83218c406dc7f789cd90b7f230feac4938419570cff45d9f0ae00710dd3453eeb5922feb9fc65c701183572621680366d544009bb9ea15e374a9024ffecc0ca3ad76147ae22d520bafc50f01ca71084a10d865330dd836ccf53130e09eb9d86f5c7b39e3f5cccc995689848bb2673becd15689273efdfe7f07974c83504401e0a6bac35a9f506f80475c7b1bbbb909cfc732c157b660d26c7bb7111e07ca30473aa31d8442ebd0b9710f018d8ad3a5b4d069cce03b906719689b79305a2d7b15c861c5d55ca4414f6d7bbb81df6f5a39696b969df374c1a3ed0b7acd1acf1f16f90176e57ded3c8ae43e19f099422411aefb1c42e1d6ee8765545421af9a0954d29274503da1b1c9428e326938d3c1dede8ee699db9a684c1a152eca953c80146332bb7795438787d4c05b099d0d0dceb0aeaab1d2dd544aaa4a8c961a10fb780dae62ad275c76855277255693573603b125e8fd316c217ba99969df98cb2e1f4ff636b6a8d49e4a98e07b80c108df123a4776a844dd0920b5225576908a8171caeb8f30f640fdc9db92c0b0ae5d91990d8421ae9b27f10e9104e50a7e7fdf892eca5a5def49e0050313758a15794cfab65529e905688de7135075dcffac88de0ee1b846a66619953d1c335e3b0df858421505ab2bd604eb9d846f2c43f28c2e24b58783a580fcd31e2cd5bd59f520540ab1b0e489fc04cf863998eea1ab270384e11867a2d932f49a9eaa785c435314c51257ec25963eeb76198ac02a2b604380985c865e148d6091dc11fb82b99c2730706b25414c7c7a45b08b0ede858b1d69f11eda1f83630d53543b4c901ca7c9cc15139eb05990eaa4fbf50a27daa7a3b3fd79089d6a2e89382ab730165db06aeb6e2b56f538df8d40a15f86a6a0468b333af6ccc0402a2f7882b081a135aee91fc591a2f0f5b67fdc12141a8f64cbbf344b4b687ba4f7113224d252f4b90b9338a3486e29fba350e9a70c7ab52169f48528e05152a7bede134b49a8457f053ebd3d652ab0b4c4be4945683d401825c03e720b2c4bfa4a41f7010649824cbe14d08641969a3ce59e882de65c8da1b7e51f4e1738c769fcddf018c379699bb5f1a23d97ea7c8e3d5337c29463758f04c4306783ef91b75a28083aa095cf3759f7813070245dbec10174fb169e08e862bdd5e8bb2c50998d859ebc4714691cda36e2ebbcede8740657eaf6f22959f417911f8a09c9f6a484f1b287d9d37dc664264fb1f00bac5654bfd4b963f46ce7117ff97ded89791bbb3ebb64527c4a21ba4613e6df4d0ae74995a3cf07afae0128ccf5f3f1b09ec0b4992fff320d7bc016bbfa8dc8ab155ae48dac4cb4383fbdcf960041edbc7f38ca218a1ca1d3feaab30bf2885c6114fd4b6f8eecdfb2f1ea781f12bb9e4322634c078067cb90ee31b86a89f01553dc8fb887c3ce77744dd449317ff392d759473dd483eb5de0f9f2e170bb4179fcbc11d2cff24682442a530c42a7b489730b2ed63585735c6de6197b6b1b58974f121e5b0ffb8f9a53f44f536cd130b61af5f13f38acfbd7de08b16052a71e36c8e8d4ae437060521b931b8856a056ed1abd6bc3fc8160ff5be448b2f359a790e89f8d09dec737d4066f928b1bf1bf81b15be1fa2899685a56f72390a002bebdbb7d45551048411f65aaf78450587dffe287a0ef0301ee007105759a99b5e6eff652058a4cf7f42963257f8ac50a9945f75c9d46077ae445454db20cff6146d87193e8cc1755ef88e2857f429112a585d124545f2a80438bd081573e254e8c0a9d124a6e9a0d9f420a0bea63d279bd779a565f888592dc3f41d148df1786004848d111f0e87431ca0cc2b797308417ae70a0272322fa65c257f1f2b563ee6338c1daa485df5bfb1a2822b4e67c0f4a1eff6fa8a0480f3e69dd02eb151304a036ab189ab4174662b175014c4dff53987cdab85fb31cfdf96a44b34c548271da679d5fb81b477baa27d87bcb29d2ba880077b33ef73932ca13ef88581e66288c4277a610aff9afa3a354b59950fcd3d9729c215baaa0dddb9434b01f02addca6aa4a4404a8d2ad65ef53598rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootcrypto-policies-20210917.c9d86d1-150400.3.6.1.src.rpmcrypto-policies-scripts@ @@    /bin/bash/bin/sh/usr/bin/python3/usr/bin/shcrypto-policiesrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)20210917.c9d86d1-150400.3.6.13.0.4-14.6.0-14.0-15.2-14.14.3ddd-@dX@aMaM`7@`7@`6?`-@`"y@`!'`!'`3@`>`>` l` l` l__#pmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comdimstar@opensuse.orgpmonreal@suse.compmonreal@suse.compmonreal@suse.comdimstar@opensuse.orgpmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.compmonreal@suse.comvcizek@suse.com- Make the supported versions change in the update-crypto-policies(8) man page persistent [bsc#1209998]. * Add patch crypto-policies-supported.patch * Rebase patches: - crypto-policies-asciidoc.patch - crypto-policies-no-build-manpages.patch- FIPS: Adapt the fips-mode-setup script to use the pbl command from the perl-Bootloader package to replace grubby. Add a note for transactional systems. Ship the man 8 pages for fips-mode-setup and fips-finish-install [jsc#PED-5041]. * Rebase crypto-policies-FIPS.patch- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup and fips-finish-install commands, add also the man pages. * Adapt the fips-mode-setup script for SLE [jsc#PED-5041] * Rebase crypto-policies-FIPS.patch * Simplify the man pages creation: - Rebase crypto-policies-no-build-manpages.patch - Add crypto-policies-asciidoc.patch- Update the update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. [bsc#1209998]- Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch- Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version * update-crypto-policies: fix pregenerated + local.d * openssh: allow validation with pre-8.5 * .gitlab-ci.yml: run commit-range against upstream * openssh: Use the new name for PubkeyAcceptedKeyTypes * sha1_in_dnssec: deprecate * .gitlab-ci.yml: test commit ranges * FIPS:OSPP: sign = -*-SHA2-224 * scoped policies: documentation update * scoped policies: use new features to the fullest... * scoped policies: rewrite + minimal policy changes * scoped policies: rewrite preparations * nss: postponing the version check again, to 3.64 - Remove patches fixed upstream: crypto-policies-typos.patch - Rebase: crypto-policies-test_supported_modules_only.patch - Merge crypto-policies-asciidoc.patch into crypto-policies-no-build-manpages.patch- Update to version 20210225.05203d2: * Disable DTLS0.9 protocol in the DEFAULT policy. * policies/FIPS: insignificant reformatting * policygenerators/libssh: respect ssh_certs * policies/modules/OSPP: tighten to follow RHEL 8 * crypto-policies(7): drop not-reenableable comment * follow up on disabling RC4- Remove not needed scripts: fips-finish-install fips-mode-setup- Disable DTLS0.9 protocol in GnuTLS DEFAULT policy. [bsc#1180938] * The minimum DTLS protocol version in the DEFAULT and FUTURE policies is DTLS1.2. * Fixed upstream: 05203d21f6d0ea9bbdb351e4600f1e273720bb8e- Update to version 20210213.5c710c0: [bsc#1180938] * setup_directories(): perform safer creation of directories * save_config(): avoid re-opening output file for each iteration * save_config(): break after first match to avoid unnecessary stat() calls * CryptoPolicy.parse(): actually stop parsing line on syntax error * ProfileConfig.parse_string(): correctly extended subpolicies * Exclude RC4 from LEGACY * Introduce rc4_md5_in_krb5 to narrow AD_SUPPORT * code style: fix 'not in' membership testing * pylintrc: tighten up a bit * formatting: avoid long lines * formatting: use f-strings instead of format() * formatting: reformat all python code with autopep8 * nss: postponing the version check again, to 3.61 * Revert "Unfortunately we have to keep ignoring the openssh check for sk-"- Use tar_scm service, not obs_scm: With crypto-policies entering Ring0 (distro bootstrap) we want to be sure to keep the buildtime deps as low as possible. - Add python3-base BuildRequires: previously, OBS' tar service pulled this in for us.- Add a BuildIgnore for crypto-policies- Use gzip instead of xz in obscpio and sources- Do not build the manpages to avoid build cycles - Add crypto-policies-no-build-manpages.patch- Convert to use a proper git source _service: + To update, one just needs to update the commit/revision in the _service file and run `osc service dr`. + The version of the package is defined by the commit date of the revision, followed by the abbreviated git hash (The same revision used before results thus in a downgrade to 20210118, but as this is a alltime new package, this is acceptable.- Update to git version 20210127 * Bump Python requirement to 3.6 * Output sigalgs required by nss >=3.59 * Do not require bind during build * Break build cycles with openssl and gnutls- Update to git version 20210118 * Output sigalgs required by nss >=3.59 * Bump Python requirement to 3.6 * Kerberos 5: Fix policy generator to account for macs * Add AES-192 support (non-TLS scenarios) * Add documentation of the --check option- Fix the man pages generation - Add crypto-policies-asciidoc.patch- Test only supported modules - Add crypto-policies-test_supported_modules_only.patch- Add crypto-policies-typos.patch to fix some typos- Initial packaging, git version 20200918 (jsc#SLE-15832)h01-ch3b 1696500060  !"#$%&'()*+,-./01234567820210917.c9d86d1-150400.3.6.1  fips-finish-installfips-mode-setupupdate-crypto-policiespython__pycache__build-crypto-policies.cpython-36.pycupdate-crypto-policies.cpython-36.pycbuild-crypto-policies.pycryptopolicies__init__.py__pycache____init__.cpython-36.pycalg_lists.cpython-36.pyccryptopolicies.cpython-36.pycalg_lists.pycryptopolicies.pyvalidation__init__.py__pycache____init__.cpython-36.pycalg_lists.cpython-36.pycgeneral.cpython-36.pycrules.cpython-36.pycscope.cpython-36.pycalg_lists.pygeneral.pyrules.pyscope.pypolicygenerators__init__.py__pycache____init__.cpython-36.pycbind.cpython-36.pycconfiggenerator.cpython-36.pycgnutls.cpython-36.pycjava.cpython-36.pyckrb5.cpython-36.pyclibreswan.cpython-36.pyclibssh.cpython-36.pycnss.cpython-36.pycopenssh.cpython-36.pycopenssl.cpython-36.pycbind.pyconfiggenerator.pygnutls.pyjava.pykrb5.pylibreswan.pylibssh.pynss.pyopenssh.pyopenssl.pyupdate-crypto-policies.pyfips-finish-install.8.gzfips-mode-setup.8.gzupdate-crypto-policies.8.gz/usr/bin//usr/share/crypto-policies//usr/share/crypto-policies/python//usr/share/crypto-policies/python/__pycache__//usr/share/crypto-policies/python/cryptopolicies//usr/share/crypto-policies/python/cryptopolicies/__pycache__//usr/share/crypto-policies/python/cryptopolicies/validation//usr/share/crypto-policies/python/cryptopolicies/validation/__pycache__//usr/share/crypto-policies/python/policygenerators//usr/share/crypto-policies/python/policygenerators/__pycache__//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:30937/SUSE_SLE-15-SP4_Update/93e35fbdf460cdfa166e312155552fc7-crypto-policies.SUSE_SLE-15-SP4_Updatedrpmxz5noarch-suse-linuxBourne-Again shell script, ASCII text executablea /usr/bin/sh script, ASCII text executabledirectorypython 3.6 byte-compiledPython script, UTF-8 Unicode text executablePython script, ASCII text executabletroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)RRRRRljU.h$?m/usr/bin/update-crypto-policies --no-check >/dev/null 2>/dev/null || :/bin/shperl-Bootloaderutf-8eb7ceab8a8d70034f4e78e796eb15ed380646744dfe5fda893cfe1d240745b41?7zXZ !t/R+q]"k%8*6l"3ג_ib}k5+ =Vs~d *7MFg(˱i"4P@?r;SE:E91w'x1;}?z{tmW;ŊN`Q ?i]R `\0'd::Y޺ὡuJsv АޘߤF wQC8So3yr}őCsW/S M/GQ4r|,-Sҿ#!T_nƧqsX]*YC6VCBK@ NvMxV0>oBŸĘBZ<ݥU4"PO覠To]*㻃G2/CV3r%28Qk[6LEIeohcr T-0ʂZf &cŘ@~&f&IcaL}.} 7`o^\߁fҚwM=sDE[~Jy:L<[f8r*d'^ |X{7F{x\cjLit2JE9͗F&* $ժ4<(yQaJ*\$پe@&-rO;E%]j7 6i'T:*eX5!'R} 'u4Ȧ?ReJ.Ǥ/I$#ܖ .scLG,m36DZ8!ҕBR[-(ζgPN 6Q_SxRY=T :'ݪ7dxpp`y7ͺU{D~1SOp+$Adbym@$_шNbiwLv%H pɄNC`}[:M"h6 7~BH2h+z*F="aƎ2 pFɺ۝lfQgZD4tGfiOQRn?~ x;n#Ke3 qeMLFE M:k)}LflDCM8tHvNP: nqdnP:{fa[:/U7@[Y*.ٔtC4_ġh^ M?؍y]O }鐳4Fw?TS,Tl6{ Z⼺QXC&܎t2ᮩb-85&3؂[$ G V: Pux'K1nʟ` C9xѕF6>@>2q;R=KVd.Ns n,>;םBǼ~&_@(f)7beT,DDBLBxR8oh'mBX񞕹O`=Mcʤc֠!@Bw1á,>~LLq{dgEwhX֛_.EyԩxH^rK[Eafq鈓dR>H?!8\gܔ'͗; xv-V@A%B"l ȿͮ95N,^Kjt̆?e+L4ڵV6zLYĉEdLJyNUDX[3vv'gqu|-Mqu|Ȍ~dd˸Y&#Gygzݹ&F \@D){$w!'T@$:nxޅ8Y/tװ=uzFo#BYf0岶! ; *tT׍wo@Ӎ=nX&6De &<"@5@ܖ>d_D盽 6PSd%9(ƇKIIB2B9)逢5+i$=u~:7װԯ>b#8Uk.yvCIcđVWFD ^#SĮ/s7(^7a35 +,An=QzT1fnWʱ}@\P5;He5NTkݷ8$:4Y!ƄrL꠭< DZ6^põ( Ֆ+?ܻp#k~&')G~lMPYȂB{EAP#5ia1T 扙mj _k@٩xuQE/&Xs JG"7fMʐuFcoXvW9pcrhWNc=/yP$"w95q]cUnpՌg4;_sZq?y0!df9Xv PP[83w|z+n5H׺l i [ %`ȵK$JakSQR%U?f9ll6=V҉"~.;O ΨEleS , p4T^I-".Ma!1tסgJq#YJPTȑm?P\;,RXEiC;幝%NZᣨQĶ-o_"ihGrᷣb&YA d-5 [oɾӼU̮5iAo@kWE/6QYp+&G (w\IDcjoT{nTCTfnB9uy^+؛4|ܦ>ο  uuc05+ʷim?Bp&AȌ qpG6a*Hd2-,ZT~("J&tW%&Q9]M%{Lˈ>+S Ȱ\JuYk3DUI]Y`U |epD-G;\u1 )PNbgzQyFj6MA(F)UE$i}L_SoBfOXZxicacAxu-4TB o .&1b8ph>2;fSF˱ Cp2MnCB`m\㓿=06/ή16JO~T)PT]0 \=ƼQ-($iG^bV˴{KR`QgƵ5!x⮞A=)V.ϥ4ru8-CnBHo,YPT;H@w7u]4xwm廟*s bHd.L*kq$AV"\tNW 42V#Zl=`?Tlٯs*2)M Ϯw㶴nc'E&f^>my;4늬URc{A`z C a: /LlP[ {,Vy#LQ˷5`ff} x(>9T+J7%~AkNҢF4 id;[s8`׷')j՘9Oa[NjP'zR`bc^ ]~IEes覱k݌Hcŵ>y=ZUVu]OZ,@jb}#2ۙ=^~qL1-h܃á_Npls=;r89M8I;&Nt`o~>%sδu0 $2#&iSXՙ/l&$KKpSFF1v]hpCZh|#F0/duxWAь e#M/瓛fW=[oyZ2x~qս`kSA݉?bl gsYP^ W8i’r}"s v@'_hA<8LwB&z< k>U^)fXIHu`?=UX%q\M 4O#?s$ 볧׼Er¸{T}O8zUkꈨ =5^ 7[CJ k%|\&_qzUJ|;}晹I1\`\!/ EI[pcf?|p%d/72xN erH_jpKUU”?bh\#2Dm \@{/A%V{Y%aTL f\}5VdV!]]AbiERen)s͇!kT !r.:#(Va&FU`5L:Hڃpɯ4{ۻ" ƕRJ} ұYrCMka].[w 6 ڂ zV@7E;ig6g?0XŌ+|'?ošltzXGqVOEc@Zt#|&|{znTg1EX-C'((Ⱥg„Buvpʞ\'Eüc($]~w!rxV|C:&qIvsg̐4-VTp=LoZͽ>GSyы=(X Y1Ӂ<@)#~"W;G/yD5752Qe՜M3tpEP˨TdGκ)GRgQ[QP6!aM}a_f{!P&*…[ra`AVS~Fx[BG3iKcCzwT lVǘ}F78r;;67x w5DFOmQLyf;A. :&J+svȉ),+"5;®hĞ[?ɢ북R7ئ9SYn$6֜/b{ xG %QQƗ/4|wiOrKLﴒkL4My)NEsdU[yaTDX\Ĉq/n\= =M~2nlR6T^.T~R-4FlXs<b1|8u}BMz˘/o*sA'TxFF, 4ԷlgOD Y@;,mJeoBaao'̀)jy]ys\fcEh} K#fzCq5&Faeև7Iee5b`_+77u 5Nxt\EmGdMF@90ɮ{ ' r]/cȐD\'H G0x.{|@XX]pf0ұ=}=*]zQZn¶ZY!SL*%ځ ^~Y39[T]G':-cqbdpJĚ,i;UG&w/==%BYBqgn1=d" RXJOB{hܩJ?L12(vjw(iHb" c}[1gW 5iٺ߫rl/6|`_Kp;lk:)wb2~WƓPJ :pP&tREK{yRA% 2+2J//*%Z1>чJoC*gǔ2#gn_Q8T-qnH9ӋB` QpƒXؖaXIaiG'|RX2*k|T\2ښT jYqIEqt;яNEjCr%aO_aOndD% &Poޚ&p6_"` puz_ES}t&ne-)K+YtwH[(l%' H< =?03[ekQSj>]KK%퐢~Ay)Y a!A !2ʢ[nAȾϚ* .oը].Jp5= \\9$XL>+aRO{a1Dc@'!*55IN܅dM<<[uSJZiք狐l4u?( "`-Yß2H2ߣYHhQTX&nHYOtlu6z>V*D}gE8=\ntwMb!\GdVw6_b_*h:ҁ H3:Ĉ]7;e  lπ8~G+TnUnH)QSlzt}Sc=pY5xI1D\f@TZO pM~c