[Bug 1190231] New: [TRACKERBUG] Enforce crypto-policies in TW
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Bug ID: 1190231 Summary: [TRACKERBUG] Enforce crypto-policies in TW Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: pmonrealgonzalez@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Bug to track most of the changes required to have enfornced crypto-policies in Tumbleweed. The inclusion of crypto-policies affects the following packages directly: openssl-1_1, gnutls and mozilla-nss. See also: * Documentation for crypto-policies: https://en.opensuse.org/SDB:Crypto-policies * Update process: https://confluence.suse.com/display/packaging/crypto-policies * [jsc#SLE-20287] 4C - Centralized Crypto Compliance Configuration * [jsc#SLE-15832] 4C - Centralized Crypto Compliance Configuration Other packages that needed adaption, mostly in their testsuites: * xmlsec1 * python-M2Crypto * python-Twisted * python-distlib * python-requests-toolbelt * python-gevent * spamassassing * nodejs10, nodejs14 * glib-networking * vncviewer, tigervnc * java-11-openjdk * gnome-calculator * apparmor -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1180938 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsikes@suse.com, | |meissner@suse.com, | |pmonrealgonzalez@suse.com, | |vcizek@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |pmonrealgonzalez@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1183082 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1186385 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1180051 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1171565 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1183786 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1183597 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 https://bugzilla.suse.com/show_bug.cgi?id=1190231#c1 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hpj@suse.com Flags| |needinfo?(hpj@suse.com) --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- Hi, @Hans Petter Jansson. I'm not sure if you are the right person to ask about this but if not, please, let me know who can we ask here. We would like to have enforced crypto-policies in SLE-15-SP4:GA as soon as possible but it should first go to Factory. We have it implemented for openssl-1_1 and gnutls but not yet for mozilla-nss. We have a pending sr for this change here: https://build.opensuse.org/request/show/877791 Looking at the NSS code, it looks like its ready to have the crypto-policies working since version 3.31. Do you think we could have this change sometime soon? Please, let me know if you need me to open a bug report for this change and if you plan on having an updated NSS version in SLE-15-SP4:GA. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 https://bugzilla.suse.com/show_bug.cgi?id=1190231#c2 --- Comment #2 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- (In reply to Pedro Monreal Gonzalez from comment #0)
Other packages that needed adaption, mostly in their testsuites: * xmlsec1 * python-M2Crypto * python-Twisted * python-distlib * python-requests-toolbelt * python-gevent * spamassassing * nodejs10, nodejs14 * glib-networking * vncviewer, tigervnc * java-11-openjdk * gnome-calculator * apparmor
Also: * libsoup * cockpit * chrony -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190231 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com