Accepting request 940292 from home:aplanas:branches:security

- Update to version 0.1.0+git.1639176416.fc90088:
  * Code refactor to use updated tss-esapi
- Drop add_property_tag_variant_for_maxcapbuffer.patch, included in
  the upstream crate

OBS-URL: https://build.opensuse.org/request/show/940292
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=7

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/keylime/rust-keylime.git</param>
-              <param name="changesrevision">d5a31912eb9f69ea1c8fed59811089ff7c4ccebf</param></service></servicedata>
+              <param name="changesrevision">fc90088c2ca50d7fca1a5f03c34eddc88810681a</param></service></servicedata>

add_property_tag_variant_for_maxcapbuffer.patch

@@ -1,43 +0,0 @@
-From 6dc9f3ccb0e5ce6561aeef73e9f757b4c193c3c4 Mon Sep 17 00:00:00 2001
-From: Rob Shearman <rob@graphiant.com>
-Date: Tue, 28 Sep 2021 14:22:10 +0100
-Subject: [PATCH] Add property tag variant for MaxCapBuffer
-
-As per "TCG TSS 2.0 Overview and Common Structures Specification" v0.9
-rev 03, and tpm2-tss >= 2.4.0, add a constant for
-TPM2_PT_MAX_CAP_BUFFER and a corresponding PropertyTag variant,
-MaxCapBuffer.
-
-This avoids an error for "value = 302 did not match any PropertyTag"
-that may be seen with some TPM implementations.
-
-Signed-off-by: Rob Shearman <rob@graphiant.com>
----
- tss-esapi/src/constants/property_tag.rs | 1 +
- tss-esapi/src/constants/tss.rs          | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/tss-esapi/src/constants/property_tag.rs b/tss-esapi/src/constants/property_tag.rs
-index 1849efe5..db36c6ef 100644
---- a/vendor/tss-esapi/src/constants/property_tag.rs
-+++ b/vendor/tss-esapi/src/constants/property_tag.rs
-@@ -56,6 +56,7 @@ pub enum PropertyTag {
-     VendorCommands = TPM2_PT_VENDOR_COMMANDS,
-     NvBufferMax = TPM2_PT_NV_BUFFER_MAX,
-     Modes = TPM2_PT_MODES,
-+    MaxCapBuffer = TPM2_PT_MAX_CAP_BUFFER,
-     // Variable
-     Permanent = TPM2_PT_PERMANENT,
-     StartupClear = TPM2_PT_STARTUP_CLEAR,
-diff --git a/tss-esapi/src/constants/tss.rs b/tss-esapi/src/constants/tss.rs
-index 72d1eedb..03f412e7 100644
---- a/vendor/tss-esapi/src/constants/tss.rs
-+++ b/vendor/tss-esapi/src/constants/tss.rs
-@@ -423,6 +423,7 @@ pub const TPM2_PT_LIBRARY_COMMANDS: TPM2_PT = TPM2_PT_FIXED + 42; /* number of c
- pub const TPM2_PT_VENDOR_COMMANDS: TPM2_PT = TPM2_PT_FIXED + 43; /* number of vendor commands that are implemented */
- pub const TPM2_PT_NV_BUFFER_MAX: TPM2_PT = TPM2_PT_FIXED + 44; /* the maximum data size in one NV write command */
- pub const TPM2_PT_MODES: TPM2_PT = TPM2_PT_FIXED + 45; /* a TPMA_MODES value indicating that the TPM is designed for these modes. */
-+pub const TPM2_PT_MAX_CAP_BUFFER: TPM2_PT = TPM2_PT_FIXED + 46; /* the maximum size of a TPMS_CAPABILITY_DATA structure returned in TPM2_GetCapability(). */
- pub const TPM2_PT_VAR: TPM2_PT = TPM2_PT_GROUP * 2; /* the group of variable properties returned as TPMS_TAGGED_PROPERTY. The properties in this group change because of a Protected Capability other than a firmware update. The values are not necessarily persistent across all power transitions. */
- pub const TPM2_PT_PERMANENT: TPM2_PT = TPM2_PT_VAR + 0; /* TPMA_PERMANENT */
- pub const TPM2_PT_STARTUP_CLEAR: TPM2_PT = TPM2_PT_VAR + 1; /* TPMA_STARTUP_CLEAR */

cargo_config

@@ -1,9 +1,8 @@
 [source.crates-io]
 replace-with = "vendored-sources"
 
-[source."https://github.com/puiterwijk/rust-tss-esapi.git"]
+[source."https://github.com/parallaxsecond/rust-tss-esapi.git"]
-git = "https://github.com/puiterwijk/rust-tss-esapi.git"
+git = "https://github.com/parallaxsecond/rust-tss-esapi.git"
-branch = "keylime"
 replace-with = "vendored-sources"
 
 [source.vendored-sources]

rust-keylime-0.1.0+git.1637095429.d5a3191.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9ff2e8753fdaf96f5d558f10e664f13208c88389fdd36a86a5cdd5a95ef53495
-size 99716

rust-keylime-0.1.0+git.1639176416.fc90088.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b100a419e2d552ea5ccdc4abf17b37e3fa90cf79d41d21f001f669d29340b485
+size 99852

rust-keylime.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Dec 13 15:53:39 UTC 2021 - aplanas@suse.com
+
+- Update to version 0.1.0+git.1639176416.fc90088:
+  * Code refactor to use updated tss-esapi
+- Drop add_property_tag_variant_for_maxcapbuffer.patch, included in
+  the upstream crate
+
 -------------------------------------------------------------------
 Wed Nov 24 13:48:07 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
 

rust-keylime.spec

@@ -18,7 +18,7 @@
 
 %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
 Name:           rust-keylime
-Version:        0.1.0+git.1637095429.d5a3191
+Version:        0.1.0+git.1639176416.fc90088
 Release:        0
 Summary:        Rust implementation of the keylime agent
 License:        Apache-2.0 AND MIT
@@ -30,8 +30,6 @@ Source3:        keylime_agent.service
 Source4:        keylime.xml
 # PATCH-FIX-OPENSUSE keylime.conf.diff
 Patch1:         keylime.conf.diff
-# PATCH-FIX-UPSTREAM add_property_tag_variant_for_maxcapbuffer.patch
-Patch2:         add_property_tag_variant_for_maxcapbuffer.patch
 BuildRequires:  cargo
 BuildRequires:  firewall-macros
 BuildRequires:  libarchive-devel
@@ -53,15 +51,6 @@ monitoring system.
 mkdir .cargo
 cp %{SOURCE2} .cargo/config
 
-# We patched a vendored component, we cannot use it as cargo will
-# validate the source hash.  The solution is move it out and add a
-# [patch] section in Cargo.toml
-mv vendor/tss-esapi .
-cat <<EOF >> Cargo.toml
-[patch.crates-io]
-tss-esapi = { path = "tss-esapi" }
-EOF
-
 %build
 RUSTFLAGS=%{rustflags} cargo build --release
 

vendor.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5aec49064dfd5872ddac53168ddf2a1956b122eb6a687e67bed81b9e2168f9d7
+oid sha256:4f93de890a7e1817a88878a2d63b0d5c40ffe4caf38327a60981fdd27440f336
-size 15777356
+size 15894580