diff --git a/patchinfo.20240912095030851167.269002615871826/_patchinfo b/patchinfo.20240912095030851167.269002615871826/_patchinfo new file mode 100644 index 0000000..3a8d38c --- /dev/null +++ b/patchinfo.20240912095030851167.269002615871826/_patchinfo @@ -0,0 +1,201 @@ + + + VUL-0: CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input + VUL-0: CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion + VUL-0: rust-keylime: rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27) + + + aplanas + moderate + security + Security update for rust-keylime + This update for rust-keylime fixes the following issues: + +- Update vendored crates (CVE-2024-43806, bsc#1229952, bsc#1230029) + * rustix 0.37.25 + * rustix 0.38.34 + * shlex 1.3.0 + +- Update to version 0.2.6+13: + * Enable test functional/iak-idevid-persisted-and-protected + * build(deps): bump uuid from 1.7.0 to 1.10.0 + * build(deps): bump openssl from 0.10.64 to 0.10.66 + * keylime-agent/src/revocation: Fix comment indentation + * keylime/crypto: Fix indentation of documentation comment + * build(deps): bump thiserror from 1.0.59 to 1.0.63 + * build(deps): bump serde_json from 1.0.116 to 1.0.120 + * dependabot: Extend to also monitor workflow actions + * ci: Disable Packit CI on CentOS Stream 9 + * ci: use CODECOV_TOKEN when submitting coverage data + * revocation: Use into() for unfallible transformation + * secure_mount: Fix possible infinite loop + * error: Rename enum variants to avoid clippy warning + +- Update to version 0.2.6~0: + * Bump version to 0.2.6 + * build(deps): bump libc from 0.2.153 to 0.2.155 + * build(deps): bump serde from 1.0.196 to 1.0.203 + * rpm/fedora: Update rust macro usage + * config: Support hostnames in registrar_ip option + * added use of persisted IAK and IDevID and authorisation values + * config changes + * Adding /agent/info API to agent + * Fix leftover 'unnecessary qualification' warnings on tests + +- Update to version 0.2.5~4: + * Fix 'unnecessary qualification' warnings + * fix IAK template to match IDevID + * rpm: fix COPR RPMs build for centos-stream-10 + * Build COPR RPMs for centos-stream-10 + +- Update to version 0.2.5~0: + * Bump version to 0.2.5 + * cargo: Relax required version for pest crate + * build(deps): bump log from 0.4.20 to 0.4.21 + * build(deps): bump thiserror from 1.0.56 to 1.0.59 + +- actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650) + +- Update to version 0.2.4~39: + * build(deps): bump openssl from 0.10.63 to 0.10.64 + * build(deps): bump h2 from 0.3.24 to 0.3.26 + * build(deps): bump serde_json from 1.0.107 to 1.0.116 + * build(deps): bump actix-web from 4.4.1 to 4.5.1 + * crypto: Enable TLS 1.3 + * build(deps): bump tempfile from 3.9.0 to 3.10.1 + * build(deps): bump mio from 0.8.4 to 0.8.11 + * enable hex values to be used for tpm_ownerpassword + * config: Support IPv6 with or without brackets + * keylime: Implement a simple IP parser to remove brackets + * crypto: Implement CertificateBuilder to generate certificates + * tests: Fix coverage download by supporting arbitrary URL + * cargo: Add testing feature to keylime library + * Set X509 SAN with local DNSname/IP/IPv6 + * Include newest Node20 versions for Github actions + * tpm: Add unit test for uncovered public functions + * crypto: Implement ECC key generation support + * crypto: Add test for match_cert_to_template() + * Fix minor typo, format and remove end whitespaces + * crypto: Make error types less specific + * tests/run.sh: Run tarpaulin with a single thread + * payloads: Remove explicit drop of channel transmitter + * crypto: Move to keylime library + * crypto: Add specific type for every possible error + * tpm: Rename origin of error as source in structures + * list_parser: Add source for error for backtrace + * algorithms: Make errors more specific + * typo fix for default path to measured boot log file + * README: remove mentions of libarchive as a dependency + * Dockerfile.wolfi: Update clang to version 17 + * docker: Remove libarchive as a dependency + * rpm: Remove libarchive from dependencies + * cargo: Replace compress-tools with zip crate + * cargo: Bump ahash to version 0.8.7 + * build(deps): bump serde from 1.0.195 to 1.0.196 + * build(deps): bump libc from 0.2.152 to 0.2.153 + * build(deps): bump reqwest from 0.11.23 to 0.11.24 + * docker: Install configuration file in the correct path + * config: Make IAK/IDevID disabled by default + +- Update to version 0.2.4+git.1706692574.a744517: + * Bump version to 0.2.4 + * build(deps): bump uuid from 1.4.1 to 1.7.0 + * keylime-agent.conf: Allow setting event logs paths + * Mutable log paths: allow IMA and MBA log paths to be overridden by keylime configuration. + * workflows: Update checkout action to version 4 + * build(deps): bump serde from 1.0.188 to 1.0.195 + * build(deps): bump pest_derive from 2.7.0 to 2.7.6 + * build(deps): bump openssl from 0.10.62 to 0.10.63 + * build(deps): bump config from 0.13.3 to 0.13.4 + * build(deps): bump base64 from 0.21.4 to 0.21.7 + * build(deps): bump tempfile from 3.8.0 to 3.9.0 + * build(deps): bump pest from 2.7.0 to 2.7.6 + * build(deps): bump actix-web from 4.4.0 to 4.4.1 + * build(deps): bump reqwest from 0.11.22 to 0.11.23 + * build(deps): bump h2 from 0.3.17 to 0.3.24 + * build(deps): bump shlex from 1.1.0 to 1.3.0 + * cargo: Bump tss-esapi to version 7.4.0 + * workflows: Fix keylime-bot token usage + * tpm: Add error context for every possible error + * tpm: Add AlgorithmError to TpmError + * detect idevid template from certificates + * build(deps): bump wiremock from 0.5.18 to 0.5.22 + * build(deps): bump thiserror from 1.0.48 to 1.0.56 + * Make use of workspace dependencies + * build(deps): bump openssl from 0.10.57 to 0.10.62 + * packit: Bump Fedora version used for code coverage + +- Update to version 0.2.3+git.1701075380.a5dc985: + * build(deps): bump actix-rt from 2.8.0 to 2.9.0 + * Bump version to 0.2.3 + * build(deps): bump reqwest from 0.11.20 to 0.11.22 + * Bump configuration version and fix enable_iak_idevid + * Enable test functional/iak-idevid-register-with-certificates + * Update packit plan with new tests + * Add certificates and certificate checking for IDevID and IAK keys (#669) + +- Update to version 0.2.2+git.1697658634.9c7c6fa: + * build(deps): bump rustix from 0.37.11 to 0.37.25 + * build(deps): bump tempfile from 3.6.0 to 3.8.0 + * build(deps): bump base64 from 0.21.0 to 0.21.4 + * build(deps): bump serde_json from 1.0.96 to 1.0.107 + * build(deps): bump openssl from 0.10.55 to 0.10.57 + * cargo: Bump serde to version 1.0.188 + * tests: Fix tarpaulin issues with dropped -v option + * build(deps): bump signal-hook from 0.3.15 to 0.3.17 + * build(deps): bump actix-web from 4.3.1 to 4.4.0 + * build(deps): bump thiserror from 1.0.40 to 1.0.48 + * Remove private_in_public + * Initial PR to add support for IDevID and IAK + * build(deps): bump uuid from 1.3.1 to 1.4.1 + * build(deps): bump log from 0.4.17 to 0.4.20 + * build(deps): bump reqwest from 0.11.16 to 0.11.20 + * Do not use too specific version on cargo audit workflow + * Add workflow to run cargo-audit security audit + * README: update dependencies for Debian and Ubuntu + * Use latest versions of checkout/upload-artifacts + * docker: Add 'keylime' system user + * Use "currently" for swtpm emulator warning (#632) + * Update container workflow actions versions + * Build container image and push to quay.io + * README: update requirements + +- Update to version 0.2.2+git.1689256829.3d2b627: + * Bump version to 0.2.2 + * build(deps): bump tempfile from 3.5.0 to 3.6.0 + * removing SIGINT stop signals from Dockerfiles and systemd service, as well as adding SIGTERM to IMA emulator as shutdown signal + +- Update to version 0.2.1+git.1689167094.67ce0cf: + * cargo: Bump serde to version 1.0.166 + * build(deps): bump libc from 0.2.142 to 0.2.147 + * adding release Dockerfiles in 3 flavours: fedora, distroless and wolfi + * hash: add more configurable hash algorithm for public key digest + * cargo: Update clap to version 4.3.11 + * cargo: Bump tokio crate version to 1.28.2 + * Add an example of IMA policy + * main: Gracefully shutdown on SIGTERM or SIGINT + * cargo: Bump proc-macro2 crate version + * revocation: Parse revocation actions flexibly + * crypto: Add unit tests for x509 functions + * crypto: Make internal functions private + * config: Add unit test for the list to files mapping + * config: Make trusted_client_ca to accept lists + * lib: Implement parser for lists from config file + * build(deps): bump openssl from 0.10.48 to 0.10.55 + * Add secure mount sanity test to packit testing. + * [packit] Do not let COPR project expire + +- Recommends the IMA Policy subpackage only if SELinux is configured + +- Update to version 0.2.1+git.1685699835.3c9d17c: + * Remove MOUNT_SECURE bool + * rpm: Remove unused directory and add dependency for mount + * keylime-agent/src: update API version to 2.1 to consistent with https://github.com/keylime/keylime/blob/master/docs/rest_apis.rst + * docker/fedora/keylime_rust.Dockerfile: add the logic of cloning and compiling rust-keylime + * [tests] Update test coverage task name regexp + * [tests] Simply coverage file URL parsing + + + rust-keylime + +