Accepting request 1075018 from security

OBS-URL: https://build.opensuse.org/request/show/1075018
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/parsec?expand=0&rev=19

664.patch

@@ -1,45 +0,0 @@
-From 63a11e5f1f4d700230293cc736c6532ff032a49d Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Thu, 2 Mar 2023 09:24:14 +0000
-Subject: [PATCH] Update tss-esapi version
-
-The tmp2-tss version on meta-security has been updated to 4.0.1
-from 3.2.0. This is not compatible with the current tss-esapi crate.
-The newer version 7.2.0 of the crate is now available which
-resolves the issue.
-
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-GuillaumeG: Drop Cargo.lock part since osc service already update it
----
- Cargo.lock           | 8 ++++----
- Cargo.toml           | 2 +-
- e2e_tests/Cargo.toml | 2 +-
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/Cargo.toml b/Cargo.toml
-index b6327dc8..87cc1a10 100644
---- a/Cargo.toml
-+++ b/Cargo.toml
-@@ -29,7 +29,7 @@ log = { version = "0.4.14", features = ["serde"] }
- cryptoki = { version = "0.3.0", optional = true, features = ["psa-crypto-conversions"] }
- picky-asn1-der = { version = "0.2.4", optional = true }
- picky-asn1 = { version = "0.3.0", optional = true }
--tss-esapi = { version = "7.1.0", optional = true }
-+tss-esapi = { version = "7.2.0", optional = true }
- bincode = "1.3.1"
- structopt = "0.3.21"
- derivative = "2.2.0"
-diff --git a/e2e_tests/Cargo.toml b/e2e_tests/Cargo.toml
-index 3302ce38..b895e84b 100644
---- a/e2e_tests/Cargo.toml
-+++ b/e2e_tests/Cargo.toml
-@@ -17,7 +17,7 @@ log = "0.4.14"
- rand = "0.7.3"
- env_logger = "0.8.3"
- stdext = "0.3.1"
--tss-esapi = { version = "7.1.0", optional = true }
-+tss-esapi = { version = "7.2.0", optional = true }
- 
- [dev-dependencies]
- ring = "0.16.20"

_service

@@ -1,10 +1,10 @@
 <services>
   <service name="cargo_vendor" mode="disabled">
     <param name="compression">xz</param>
-    <param name="srcdir">parsec-1.1.0</param>
+    <param name="srcdir">parsec-1.2.0-rc1</param>
     <param name="update">true</param>
   </service>
   <service name="cargo_audit" mode="disabled">
-     <param name="srcdir">parsec-1.1.0</param>
+     <param name="srcdir">parsec-1.2.0-rc1</param>
   </service>
 </services>

parsec-1.1.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:198ac34379ea2676696566d625ac807cfc9be7d44bdc0f68790470ffabe83693
-size 918574

parsec-1.2.0-rc1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a2de11c8cfd40b884f699f67be1dcabc1976a529885fc9837d9b059ef0785c8a
+size 922759

parsec.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Mar 27 09:55:24 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Disable jwt-svid-authenticator (SPIFFE) until fixed upstream
+  with gcc13 - https://github.com/parallaxsecond/parsec/issues/672
+
+-------------------------------------------------------------------
+Thu Mar 23 09:01:01 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update to 1.2.0-rc1
+- Drop upstream patch:
+  * 664.patch
+
 -------------------------------------------------------------------
 Wed Mar 15 07:27:47 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
 

parsec.spec

@@ -17,11 +17,11 @@
 
 
 %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
-%define archive_version 1.1.0
+%define archive_version 1.2.0-rc1
 
 %{?systemd_ordering}
 Name:           parsec
-Version:        1.1.0
+Version:        1.2.0~rc1
 Release:        0
 Summary:        Platform AbstRaction for SECurity
 License:        Apache-2.0
@@ -34,8 +34,6 @@ Source4:        config.toml
 Source5:        parsec.conf
 Source6:        system-user-parsec.conf
 Source10:       https://git.trustedfirmware.org/TS/trusted-services.git/snapshot/trusted-services-389b506.tar.gz
-# PATCH-FIX-UPSTREAM - https://github.com/parallaxsecond/parsec/pull/664
-Patch1:         664.patch
 BuildRequires:  cargo
 BuildRequires:  clang-devel
 BuildRequires:  cmake
@@ -71,16 +69,19 @@ enabling cloud-native delivery flows within the data center and at the edge.
 
 %prep
 %setup -q -a1 -a10 -n parsec-%{archive_version}
-%patch1 -p1
 rmdir trusted-services-vendor
 mv trusted-services-389b506 trusted-services-vendor
 rm -rf .cargo && mkdir .cargo
 cp %{SOURCE2} .cargo/config
 # Enable all providers
 sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
-# Features available in 1.0.0:
+# Features available in 1.2.0-rc1:
 # all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "trusted-service-provider"]
 # all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator", "jwt-svid-authenticator"]
+%if 0%{?suse_version} > 1550
+# But disable "jwt-svid-authenticator"/SPIFFE with gcc13 until build fixed upstream - https://github.com/parallaxsecond/parsec/issues/672
+sed -i -e 's#all-authenticators = \["direct-authenticator", "unix-peer-credentials-authenticator", "jwt-svid-authenticator"\]#all-authenticators = \["direct-authenticator", "unix-peer-credentials-authenticator"\]#' Cargo.toml
+%endif
 # But disable "trusted-service-provider" until we have a trusted-services package
 echo 'default = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "all-authenticators"]' >> Cargo.toml
 

vendor.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:65a690914e0071eb0244df867f94d049b839c80817d6aa2dd32b06dc2c84fa02
-size 46665220
+oid sha256:45181c399ab43b49d54e5304327dbcfbfa8c3607dfa5ce77fd675fe0ef2122e1
+size 47082872