From aac88311596f0ff31a33591c52c836fbdb42ae36cc554709d8e5dccc78c12c9b Mon Sep 17 00:00:00 2001 From: Alberto Planas Dominguez Date: Tue, 30 Apr 2024 13:43:16 +0000 Subject: [PATCH 1/2] Accepting request 1171003 from home:aplanas:branches:security - actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650) - Update to version 0.2.4~39: * build(deps): bump openssl from 0.10.63 to 0.10.64 * build(deps): bump h2 from 0.3.24 to 0.3.26 * build(deps): bump serde_json from 1.0.107 to 1.0.116 * build(deps): bump actix-web from 4.4.1 to 4.5.1 * crypto: Enable TLS 1.3 * build(deps): bump tempfile from 3.9.0 to 3.10.1 * build(deps): bump mio from 0.8.4 to 0.8.11 * enable hex values to be used for tpm_ownerpassword * config: Support IPv6 with or without brackets * keylime: Implement a simple IP parser to remove brackets * crypto: Implement CertificateBuilder to generate certificates * tests: Fix coverage download by supporting arbitrary URL * cargo: Add testing feature to keylime library * Set X509 SAN with local DNSname/IP/IPv6 * Include newest Node20 versions for Github actions * tpm: Add unit test for uncovered public functions * crypto: Implement ECC key generation support * crypto: Add test for match_cert_to_template() * Fix minor typo, format and remove end whitespaces * crypto: Make error types less specific * tests/run.sh: Run tarpaulin with a single thread * payloads: Remove explicit drop of channel transmitter * crypto: Move to keylime library * crypto: Add specific type for every possible error * tpm: Rename origin of error as source in structures * list_parser: Add source for error for backtrace * algorithms: Make errors more specific * typo fix for default path to measured boot log file * README: remove mentions of libarchive as a dependency * Dockerfile.wolfi: Update clang to version 17 * docker: Remove libarchive as a dependency * rpm: Remove libarchive from dependencies * cargo: Replace compress-tools with zip crate * cargo: Bump ahash to version 0.8.7 * build(deps): bump serde from 1.0.195 to 1.0.196 * build(deps): bump libc from 0.2.152 to 0.2.153 * build(deps): bump reqwest from 0.11.23 to 0.11.24 * docker: Install configuration file in the correct path * config: Make IAK/IDevID disabled by default OBS-URL: https://build.opensuse.org/request/show/1171003 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=67 --- _service | 3 ++- _servicedata | 2 +- rust-keylime-0.2.4~0.tar.zst | 3 --- rust-keylime-0.2.4~39.tar.zst | 3 +++ rust-keylime.changes | 45 +++++++++++++++++++++++++++++++++++ rust-keylime.obsinfo | 6 ++--- rust-keylime.spec | 2 +- vendor.tar.xz | 4 ++-- 8 files changed, 57 insertions(+), 11 deletions(-) delete mode 100644 rust-keylime-0.2.4~0.tar.zst create mode 100644 rust-keylime-0.2.4~39.tar.zst diff --git a/_service b/_service index a195a5d..450e79c 100644 --- a/_service +++ b/_service @@ -3,7 +3,8 @@ https://github.com/keylime/rust-keylime.git @PARENT_TAG@~@TAG_OFFSET@ git - v0.2.4 + + master * v(\d+\.\d+\.\d+) \1 diff --git a/_servicedata b/_servicedata index ffc1499..8a6b5a3 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/keylime/rust-keylime.git - a744517f8cf77241e907e0e644bf26400fa2c255 \ No newline at end of file + 547f1a8125c186586f474bd434c3a6a53a1ff82f \ No newline at end of file diff --git a/rust-keylime-0.2.4~0.tar.zst b/rust-keylime-0.2.4~0.tar.zst deleted file mode 100644 index 6d0cb50..0000000 --- a/rust-keylime-0.2.4~0.tar.zst +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4a089bbe1afb460c0b12f556fd95d4892ffd98ac2a962783e0f7c7faf7e8eaff -size 169754 diff --git a/rust-keylime-0.2.4~39.tar.zst b/rust-keylime-0.2.4~39.tar.zst new file mode 100644 index 0000000..b7ec3f2 --- /dev/null +++ b/rust-keylime-0.2.4~39.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:875fc25e508b04b26eb2af7ed40e6b326a94184d4e0387abce1923f83b4f296d +size 177136 diff --git a/rust-keylime.changes b/rust-keylime.changes index 7ecbdeb..fd20488 100644 --- a/rust-keylime.changes +++ b/rust-keylime.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Tue Apr 30 07:52:30 UTC 2024 - aplanas@suse.com + +- actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650) +- Update to version 0.2.4~39: + * build(deps): bump openssl from 0.10.63 to 0.10.64 + * build(deps): bump h2 from 0.3.24 to 0.3.26 + * build(deps): bump serde_json from 1.0.107 to 1.0.116 + * build(deps): bump actix-web from 4.4.1 to 4.5.1 + * crypto: Enable TLS 1.3 + * build(deps): bump tempfile from 3.9.0 to 3.10.1 + * build(deps): bump mio from 0.8.4 to 0.8.11 + * enable hex values to be used for tpm_ownerpassword + * config: Support IPv6 with or without brackets + * keylime: Implement a simple IP parser to remove brackets + * crypto: Implement CertificateBuilder to generate certificates + * tests: Fix coverage download by supporting arbitrary URL + * cargo: Add testing feature to keylime library + * Set X509 SAN with local DNSname/IP/IPv6 + * Include newest Node20 versions for Github actions + * tpm: Add unit test for uncovered public functions + * crypto: Implement ECC key generation support + * crypto: Add test for match_cert_to_template() + * Fix minor typo, format and remove end whitespaces + * crypto: Make error types less specific + * tests/run.sh: Run tarpaulin with a single thread + * payloads: Remove explicit drop of channel transmitter + * crypto: Move to keylime library + * crypto: Add specific type for every possible error + * tpm: Rename origin of error as source in structures + * list_parser: Add source for error for backtrace + * algorithms: Make errors more specific + * typo fix for default path to measured boot log file + * README: remove mentions of libarchive as a dependency + * Dockerfile.wolfi: Update clang to version 17 + * docker: Remove libarchive as a dependency + * rpm: Remove libarchive from dependencies + * cargo: Replace compress-tools with zip crate + * cargo: Bump ahash to version 0.8.7 + * build(deps): bump serde from 1.0.195 to 1.0.196 + * build(deps): bump libc from 0.2.152 to 0.2.153 + * build(deps): bump reqwest from 0.11.23 to 0.11.24 + * docker: Install configuration file in the correct path + * config: Make IAK/IDevID disabled by default + ------------------------------------------------------------------- Wed Jan 31 09:22:00 UTC 2024 - aplanas@suse.com diff --git a/rust-keylime.obsinfo b/rust-keylime.obsinfo index 26b67d8..b5a056c 100644 --- a/rust-keylime.obsinfo +++ b/rust-keylime.obsinfo @@ -1,4 +1,4 @@ name: rust-keylime -version: 0.2.4~0 -mtime: 1706692574 -commit: a744517f8cf77241e907e0e644bf26400fa2c255 +version: 0.2.4~39 +mtime: 1714410441 +commit: 547f1a8125c186586f474bd434c3a6a53a1ff82f diff --git a/rust-keylime.spec b/rust-keylime.spec index 080b2b9..7b8fa9d 100644 --- a/rust-keylime.spec +++ b/rust-keylime.spec @@ -25,7 +25,7 @@ %define _config_norepl %config(noreplace) %endif Name: rust-keylime -Version: 0.2.4~0 +Version: 0.2.4~39 Release: 0 Summary: Rust implementation of the keylime agent License: (Apache-2.0 OR MIT) AND BSD-3-Clause AND (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND BSD-3-Clause AND ISC AND MIT diff --git a/vendor.tar.xz b/vendor.tar.xz index 0c967f2..f732b06 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6e2c709feed1c51af142ad0601cce4bfd587f2cbbcf0092ee8ad47cc7b193d2e -size 34712428 +oid sha256:ac1a5247d523eb3fec570c71e02b74e1f51f7006fec897c4db5fbf81402f8fbd +size 30506564 From 322aa96b3555fab79a16b1354374ee969bf8435c6d61634181f6b9b4b4fc7e45 Mon Sep 17 00:00:00 2001 From: Alberto Planas Dominguez Date: Thu, 2 May 2024 07:48:12 +0000 Subject: [PATCH 2/2] Accepting request 1171248 from home:aplanas:branches:security - Update to version 0.2.5~0: * Bump version to 0.2.5 * cargo: Relax required version for pest crate * build(deps): bump log from 0.4.20 to 0.4.21 * build(deps): bump thiserror from 1.0.56 to 1.0.59 OBS-URL: https://build.opensuse.org/request/show/1171248 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=68 --- _service | 4 ++-- _servicedata | 2 +- rust-keylime-0.2.4~39.tar.zst | 3 --- rust-keylime-0.2.5~0.tar.zst | 3 +++ rust-keylime.changes | 9 +++++++++ rust-keylime.obsinfo | 6 +++--- rust-keylime.spec | 2 +- vendor.tar.xz | 4 ++-- 8 files changed, 21 insertions(+), 12 deletions(-) delete mode 100644 rust-keylime-0.2.4~39.tar.zst create mode 100644 rust-keylime-0.2.5~0.tar.zst diff --git a/_service b/_service index 450e79c..f1b3f6c 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/keylime/rust-keylime.git @PARENT_TAG@~@TAG_OFFSET@ git - - master + v0.2.5 + * v(\d+\.\d+\.\d+) \1 diff --git a/_servicedata b/_servicedata index 8a6b5a3..a234524 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/keylime/rust-keylime.git - 547f1a8125c186586f474bd434c3a6a53a1ff82f \ No newline at end of file + be501ec981dc4bcd499cba3946c054ffddfdfa1f \ No newline at end of file diff --git a/rust-keylime-0.2.4~39.tar.zst b/rust-keylime-0.2.4~39.tar.zst deleted file mode 100644 index b7ec3f2..0000000 --- a/rust-keylime-0.2.4~39.tar.zst +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:875fc25e508b04b26eb2af7ed40e6b326a94184d4e0387abce1923f83b4f296d -size 177136 diff --git a/rust-keylime-0.2.5~0.tar.zst b/rust-keylime-0.2.5~0.tar.zst new file mode 100644 index 0000000..879e8c2 --- /dev/null +++ b/rust-keylime-0.2.5~0.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:05ff682d1367dab943413b43742e71bdde38d780d003cf673ae64dab0be753e6 +size 177119 diff --git a/rust-keylime.changes b/rust-keylime.changes index fd20488..6ce7b0d 100644 --- a/rust-keylime.changes +++ b/rust-keylime.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu May 02 07:31:40 UTC 2024 - aplanas@suse.com + +- Update to version 0.2.5~0: + * Bump version to 0.2.5 + * cargo: Relax required version for pest crate + * build(deps): bump log from 0.4.20 to 0.4.21 + * build(deps): bump thiserror from 1.0.56 to 1.0.59 + ------------------------------------------------------------------- Tue Apr 30 07:52:30 UTC 2024 - aplanas@suse.com diff --git a/rust-keylime.obsinfo b/rust-keylime.obsinfo index b5a056c..85840c1 100644 --- a/rust-keylime.obsinfo +++ b/rust-keylime.obsinfo @@ -1,4 +1,4 @@ name: rust-keylime -version: 0.2.4~39 -mtime: 1714410441 -commit: 547f1a8125c186586f474bd434c3a6a53a1ff82f +version: 0.2.5~0 +mtime: 1714493059 +commit: be501ec981dc4bcd499cba3946c054ffddfdfa1f diff --git a/rust-keylime.spec b/rust-keylime.spec index 7b8fa9d..1e7b75b 100644 --- a/rust-keylime.spec +++ b/rust-keylime.spec @@ -25,7 +25,7 @@ %define _config_norepl %config(noreplace) %endif Name: rust-keylime -Version: 0.2.4~39 +Version: 0.2.5~0 Release: 0 Summary: Rust implementation of the keylime agent License: (Apache-2.0 OR MIT) AND BSD-3-Clause AND (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND BSD-3-Clause AND ISC AND MIT diff --git a/vendor.tar.xz b/vendor.tar.xz index f732b06..fdd7879 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ac1a5247d523eb3fec570c71e02b74e1f51f7006fec897c4db5fbf81402f8fbd -size 30506564 +oid sha256:23a10d244ba485531630e4044b20399fac3154c4e3f2e178e561f2d9c7dad906 +size 30491800