- nss: Skip the NSS policy check if the mozilla-nss-tools package
  is not installed. This avoids adding more dependencies in ring0.
  * Add crypto-policies-nss.patch [bsc#1211301]

- Update to version 20230920.570ea89:
  * fips-mode-setup: more thorough --disable, still unsupported
  * FIPS:OSPP: tighten beyond reason for OSPP 4.3
  * krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
  * openssl: implement relaxing EMS in FIPS (NO-ENFORCE-EMS)
  * gnutls: prepare for tls-session-hash option coming
  * nss: prepare for TLS-REQUIRE-EMS option coming
  * NO-ENFORCE-EMS: add subpolicy
  * FIPS: set __ems = ENFORCE
  * cryptopolicies: add enums and __ems tri-state
  * docs: replace `FIPS 140-2` with just `FIPS 140`
  * .gitlab-ci: remove forcing OPENSSH_MIN_RSA_SIZE
  * cryptopolicies: add comments on dunder options
  * nss: retire NSS_OLD and replace with NSS_LAX 3.80 check
  * BSI: start a BSI TR 02102 policy [jsc#PED-4933]
  * Rebase patches:
    - crypto-policies-policygenerators.patch
    - crypto-policies-revert-rh-allow-sha1-signatures.patch
    - crypto-policies-FIPS.patch

- Conditionally recommend the crypto-policies-scripts package
  when python is not installed in the system [bsc#1215201]

- Tests: Fix pylint versioning for TW and fix the parsing of the
  policygenerators to account for the commented lines correctly.
  * Add crypto-policies-pylint.patch

• Files Changed
• Browse Source