pool/rust-keylime
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1078761 from home:aplanas:branches:security

Browse Source 
- Add CVE-2023-26964.patch to upgrade hyper crate (CVE-2023-26964,
  bsc#1210344)
- Update to version 0.2.0+git.1681223954.646cf61:
  * Allow setting measured boot log path for testing
  * build(deps): bump base64 from 0.13.1 to 0.21.0
  * build(deps): bump wiremock from 0.5.14 to 0.5.18
  * Build Fedora and CentOS packages on Copr using packit
  * build(deps): bump serde_json from 1.0.91 to 1.0.95
  * build(deps): bump actix-rt from 2.7.0 to 2.8.0
  * build(deps): bump base64 from 0.13.1 to 0.21.0
  * build(deps): bump serde from 1.0.147 to 1.0.159
  * build(deps): bump glob from 0.3.0 to 0.3.1
  * Add missing test from keylime testsuite to e2e plan
  * Fix typo in name of test for generating coverage
  * build(deps): bump thiserror from 1.0.38 to 1.0.40
  * build(deps): bump base64 from 0.13.1 to 0.21.0
  * build(deps): bump actix-web from 4.2.1 to 4.3.1
  * build(deps): bump serde from 1.0.145 to 1.0.147
  * build(deps): bump libc from 0.2.139 to 0.2.140
  * build(deps): bump futures from 0.3.25 to 0.3.27
  * build(deps): bump reqwest from 0.11.12 to 0.11.15
  * build(deps): bump config from 0.13.2 to 0.13.3
  * build(deps): bump openssl from 0.10.45 to 0.10.48
  * build(deps): bump tokio from 1.24.2 to 1.26.0
  * Cargo: Update tempfile to 3.4.0 version

OBS-URL: https://build.opensuse.org/request/show/1078761
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=46
This commit is contained in:
Alberto Planas 2023-04-12 15:20:32 +00:00 committed by Git OBS Bridge
parent 5c4b047874
commit e18b9a008b
7 changed files with 95 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2023-26964.patch Normal file
View File

@ -0,0 +1,56 @@
From 4dcb5fb4162665cad436a18e9cb6d1735203d3ac Mon Sep 17 00:00:00 2001
From: Alberto Planas <aplanas@suse.com>
Date: Wed, 12 Apr 2023 16:48:26 +0200
Subject: [PATCH] Update hyper to v0.14.25 (CVE-2023-26964)
Signed-off-by: Alberto Planas <aplanas@suse.com>
---
Cargo.lock | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index 70aeb97e..3fe2353c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -918,9 +918,9 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
[[package]]
name = "h2"
-version = "0.3.14"
+version = "0.3.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ca32592cf21ac7ccab1825cd87f6c9b3d9022c44d086172ed0966bec8af30be"
+checksum = "5be7b54589b581f624f566bf5d8eb2bab1db736c51528720b6bd36b96b55924d"
dependencies = [
"bytes",
"fnv",
@@ -1037,9 +1037,9 @@ dependencies = [
[[package]]
name = "hyper"
-version = "0.14.20"
+version = "0.14.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02c929dc5c39e335a03c405292728118860721b10190d98c2a0f0efd5baafbac"
+checksum = "cc5e554ff619822309ffd57d8734d77cd5ce6238bc956f037ea06c58238c9899"
dependencies = [
"bytes",
"futures-channel",
@@ -1162,7 +1162,7 @@ dependencies = [
name = "keylime"
version = "0.2.0"
dependencies = [
- "base64 0.21.0",
+ "base64 0.13.1",
"hex",
"log",
"openssl",
@@ -1180,7 +1180,7 @@ version = "0.2.0"
dependencies = [
"actix-rt",
"actix-web",
- "base64 0.21.0",
+ "base64 0.13.1",
"cfg-if",
"clap",
"compress-tools",

2
_servicedata
View File

@ -1,4 +1,4 @@
<servicedata> <servicedata>
<service name="tar_scm"> <service name="tar_scm">
<param name="url">https://github.com/keylime/rust-keylime.git</param> <param name="url">https://github.com/keylime/rust-keylime.git</param>
<param name="changesrevision">f7edd9a5cd49ef09e95f34a35d0829a90e9d38ff</param></service></servicedata> <param name="changesrevision">646cf6190192344c95983e3be3103861d9e22b51</param></service></servicedata>

3
rust-keylime-0.2.0+git.1677691779.f7edd9a.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:be6e0450a2ec4adfa3f037b346e43347685b2c274e2c283eff7b6323f09335b1
size 133336

3
rust-keylime-0.2.0+git.1681223954.646cf61.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cc55a4a76bd5373850d626941ab5bc22d745dc91ed2c50c76c8804a228997416
size 136052

30
rust-keylime.changes
View File

@ -1,3 +1,33 @@
-------------------------------------------------------------------
Wed Apr 12 14:52:38 UTC 2023 - aplanas@suse.com
- Add CVE-2023-26964.patch to upgrade hyper crate (CVE-2023-26964,
bsc#1210344)
- Update to version 0.2.0+git.1681223954.646cf61:
* Allow setting measured boot log path for testing
* build(deps): bump base64 from 0.13.1 to 0.21.0
* build(deps): bump wiremock from 0.5.14 to 0.5.18
* Build Fedora and CentOS packages on Copr using packit
* build(deps): bump serde_json from 1.0.91 to 1.0.95
* build(deps): bump actix-rt from 2.7.0 to 2.8.0
* build(deps): bump base64 from 0.13.1 to 0.21.0
* build(deps): bump serde from 1.0.147 to 1.0.159
* build(deps): bump glob from 0.3.0 to 0.3.1
* Add missing test from keylime testsuite to e2e plan
* Fix typo in name of test for generating coverage
* build(deps): bump thiserror from 1.0.38 to 1.0.40
* build(deps): bump base64 from 0.13.1 to 0.21.0
* build(deps): bump actix-web from 4.2.1 to 4.3.1
* build(deps): bump serde from 1.0.145 to 1.0.147
* build(deps): bump libc from 0.2.139 to 0.2.140
* build(deps): bump futures from 0.3.25 to 0.3.27
* build(deps): bump reqwest from 0.11.12 to 0.11.15
* build(deps): bump config from 0.13.2 to 0.13.3
* build(deps): bump openssl from 0.10.45 to 0.10.48
* build(deps): bump tokio from 1.24.2 to 1.26.0
* Cargo: Update tempfile to 3.4.0 version
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 15 16:46:28 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com> Wed Mar 15 16:46:28 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>

4
rust-keylime.spec
View File

@ -25,7 +25,7 @@
%define _config_norepl %config(noreplace) %define _config_norepl %config(noreplace)
%endif %endif
Name: rust-keylime Name: rust-keylime
Version: 0.2.0+git.1677691779.f7edd9a Version: 0.2.0+git.1681223954.646cf61
Release: 0 Release: 0
Summary: Rust implementation of the keylime agent Summary: Rust implementation of the keylime agent
License: Apache-2.0 AND MIT License: Apache-2.0 AND MIT
@ -41,6 +41,8 @@ Source7: ima-policy.service
Source8: README.suse Source8: README.suse
# PATCH-FIX-OPENSUSE keylime-agent.conf.diff # PATCH-FIX-OPENSUSE keylime-agent.conf.diff
Patch1: keylime-agent.conf.diff Patch1: keylime-agent.conf.diff
# PATCH-FIX-UPSTREAM CVE-2023-26964.patch https://github.com/keylime/rust-keylime/pull/560
Patch2: CVE-2023-26964.patch
BuildRequires: cargo-packaging BuildRequires: cargo-packaging
BuildRequires: clang BuildRequires: clang
BuildRequires: firewall-macros BuildRequires: firewall-macros

4
vendor.tar.xz
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:bc42dfbbdb8fbd9a7885d6fbe22b845130515e9f3fbc43f9a470b8ebce069dd3 oid sha256:540c04c5cba0ca0b67ac0adbc5bc8af3ce1fa6e9b9d9a46f9913c781180aba98
size 25892084 size 26584652