Accepting request 1298141 from security

OBS-URL: https://build.opensuse.org/request/show/1298141
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rust-keylime?expand=0&rev=29

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/keylime/rust-keylime.git</param>
-              <param name="changesrevision">7b746b08d3c0fdd866a6e47e893f426adc1eec70</param></service></servicedata>
+              <param name="changesrevision">573d1958a6343fd1882851d97e3ac06122d34438</param></service></servicedata>

keylime-agent.conf.diff

@@ -1,8 +1,8 @@
-Index: rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf
-===================================================================
---- rust-keylime-0.2.0+git.1677002906.cf6c4f0.orig/keylime-agent.conf
-+++ rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf
-@@ -19,13 +19,15 @@ version = "2.2"
+diff --git i/keylime-agent.conf w/keylime-agent.conf
+index d6e8615..75994c4 100644
+--- i/keylime-agent.conf
++++ w/keylime-agent.conf
+@@ -29,13 +29,15 @@ api_versions = "default"
  # of 'SHA256(public EK in PEM format)'.
  #
  # To override, set KEYLIME_AGENT_UUID environment variable.
@@ -20,7 +20,7 @@ Index: rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf
  port = 9002
  
  # Address and port where the verifier and tenant can connect to reach the agent.
-@@ -41,7 +43,8 @@ contact_port = 9002
+@@ -51,7 +53,8 @@ contact_port = 9002
  # To override registrar_ip, set KEYLIME_AGENT_REGISTRAR_IP environment variable.
  # To override registrar_port, set KEYLIME_AGENT_REGISTRAR_PORT environment
  # variable.
@@ -30,7 +30,7 @@ Index: rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf
  registrar_port = 8890
  
  # Enable mTLS communication between agent, verifier and tenant.
-@@ -151,7 +154,8 @@ revocation_actions_dir = "/usr/libexec/k
+@@ -161,7 +164,8 @@ revocation_actions_dir = "/usr/libexec/keylime"
  # KEYLIME_AGENT_REVOCATION_NOTIFICATION_IP environment variable.
  # To override revocation_notification_port, set
  # KEYLIME_AGENT_REVOCATION_NOTIFICATION_PORT environment variable.

rust-keylime-0.2.7+141.tar.zst

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cdad3234db3f1e6975134aeb8dc9cb0db37e0d30a175f8b671788be98222ee7e
+size 287080

rust-keylime.changes

@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Thu Aug 07 12:17:29 UTC 2025 - aplanas@suse.com
+
+- Update vendored crates (bsc#1247193, CVE-2025-58266)
+  * shlex 1.3.0
+
+- Rebase keylime-agent.conf.diff for current configuration
+
+- Drop Cargo_lock.patch patch, already present in Cargo.lock
+
+- Update to version 0.2.7+141:
+  * service: Use WantedBy=multi-user.target
+  * rpm: Add subpackage for push-attestation agent
+  * push-model: implement continuous attestation with configurable intervals
+  * Retry registration forever in the state machine
+  * Add Verifier URL to configuration
+  * Align exp.backoff to current configuration format
+  * Increase coverage of state machine (using Context)
+  * Increase coverage of struct_filler.rs
+  * Groom code (remove dead code)
+  * Fix exponential backoff (10secs, 4xx accepted)
+  * test: Add documentation test to tests/run.sh
+  * tpm: Avoid running code example during documentation tests
+  * state_machine: Always start the agent from the Unregistered state
+  * Add fixes for the URL construction
+  * Refactor evidences collection in push attestation agent
+  * push-model: refactor attestation logic into a state machine
+  * Fix body sending by allowing serializing strings (#1057)
+  * Log ResilientClient errors/response status codes (#1055)
+  * Add AK signing scheme and hash algorithm to negotiation
+  * tpm: Add method to extract signing scheme and hash algorithm from AK
+  * Allow custom content-type/accept headers
+  * Integrate exponential backoff to registration (#1052)
+  * keylime/structures: Rename ShaValues to PcrBanks
+  * Add resilient_client for exponential backoff (#1048)
+
 -------------------------------------------------------------------
 Mon Jul 14 12:56:25 UTC 2025 - aplanas@suse.com
 

rust-keylime.obsinfo

@@ -1,4 +1,4 @@
 name: rust-keylime
-version: 0.2.7+117
-mtime: 1752485269
-commit: 7b746b08d3c0fdd866a6e47e893f426adc1eec70
+version: 0.2.7+141
+mtime: 1754479734
+commit: 573d1958a6343fd1882851d97e3ac06122d34438

rust-keylime.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package rust-keylime
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
   %define _config_norepl %config(noreplace)
 %endif
 Name:           rust-keylime
-Version:        0.2.7+117
+Version:        0.2.7+141
 Release:        0
 Summary:        Rust implementation of the keylime agent
 License:        (Apache-2.0 OR MIT) AND BSD-3-Clause AND (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND BSD-3-Clause AND ISC AND MIT
@@ -41,7 +41,6 @@ Source7:        ima-policy.service
 Source8:        README.suse
 # PATCH-FIX-OPENSUSE keylime-agent.conf.diff
 Patch1:         keylime-agent.conf.diff
-Patch2:         Cargo_lock.patch
 BuildRequires:  cargo-packaging
 BuildRequires:  clang
 BuildRequires:  firewall-macros