Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package keylime for openSUSE:Factory checked in at 2023-08-30 10:17:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/keylime (Old) and /work/SRC/openSUSE:Factory/.keylime.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime" Wed Aug 30 10:17:47 2023 rev:40 rq:1105560 version:7.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2023-08-03 17:27:17.582859179 +0200 +++ /work/SRC/openSUSE:Factory/.keylime.new.1766/keylime.changes 2023-08-30 10:18:48.288553784 +0200 @@ -1,0 +2,19 @@ +Thu Aug 24 06:55:14 UTC 2023 - apla...@suse.com + +- Update to version v7.5.0 (CVE-2023-38201, bsc#1213314): + * Monthly release (7.5.0) + * Fix for CVE-2023-38201 (Security Advisory GHSA-f4r5-q63f-gcww) + * verifier: should read parameters from verifier.conf only + * tests: Correctly configure kernel IMA + * Handle session close using a session manager + * requirements.txt: update the need sqlalchemy version to 1.3.12 and above. + * elchecking/example: add ignores for EV_PLATFORM_CONFIG_FLAGS + * tpm_cert_store: add the Alibaba Cloud vTPM EK x509 cert + * installer.sh: use the -i parameter to set the default binding and listening IP about the agent, verifier, and registrar server is 127.0.0.1 or 0.0.0.0 + * installer.sh: remove the unused command line params + * Update container build workflow actions + * mba: Manage the number of times measure boot attestation is done. + * codestyle: Fix access to possibly not available package 'rpm' (pyright) + * templates/2.0/mapping.json: fix the default registrar_port error in the verifier config + +------------------------------------------------------------------- Old: ---- keylime-v7.4.0.tar.xz New: ---- keylime-v7.5.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ keylime.spec ++++++ --- /var/tmp/diff_new_pack.ZuTTcl/_old 2023-08-30 10:18:50.672638865 +0200 +++ /var/tmp/diff_new_pack.ZuTTcl/_new 2023-08-30 10:18:50.676639007 +0200 @@ -27,7 +27,7 @@ %define _config_norepl %config(noreplace) %endif Name: keylime -Version: 7.4.0 +Version: 7.5.0 Release: 0 Summary: Open source TPM software for Bootstrapping and Maintaining Trust License: Apache-2.0 AND MIT AND BSD-3-Clause ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ZuTTcl/_old 2023-08-30 10:18:50.716640435 +0200 +++ /var/tmp/diff_new_pack.ZuTTcl/_new 2023-08-30 10:18:50.720640578 +0200 @@ -1,7 +1,7 @@ <services> <service name="tar_scm" mode="disabled"> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">refs/tags/v7.4.0</param> + <param name="revision">refs/tags/v7.5.0</param> <param name="url">https://github.com/keylime/keylime.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.ZuTTcl/_old 2023-08-30 10:18:50.736641149 +0200 +++ /var/tmp/diff_new_pack.ZuTTcl/_new 2023-08-30 10:18:50.740641292 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/keylime/keylime.git</param> - <param name="changesrevision">37809d40ced15c38daa41d578b39b12a595d1167</param></service></servicedata> + <param name="changesrevision">29657502a4b59f1ffc702043fdb375c0e02bed60</param></service></servicedata> (No newline at EOF) ++++++ keylime-v7.4.0.tar.xz -> keylime-v7.5.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/keylime/keylime-v7.4.0.tar.xz /work/SRC/openSUSE:Factory/.keylime.new.1766/keylime-v7.5.0.tar.xz differ: char 15, line 1 ++++++ registrar.conf.diff ++++++ --- /var/tmp/diff_new_pack.ZuTTcl/_old 2023-08-30 10:18:50.800643433 +0200 +++ /var/tmp/diff_new_pack.ZuTTcl/_new 2023-08-30 10:18:50.804643576 +0200 @@ -1,12 +1,12 @@ ---- registrar.conf.ORIG 2022-09-26 10:45:14.032956447 +0200 -+++ registrar.conf 2022-09-26 10:59:47.477707174 +0200 +--- config/registrar.conf.ORIG 2023-08-24 09:34:59.228880762 +0200 ++++ config/registrar.conf 2023-08-24 09:36:34.165570356 +0200 @@ -5,7 +5,8 @@ version = 2.0 - # The registrar server IP address and port --ip = 127.0.0.1 -+# ip = 127.0.0.1 -+ip = 0.0.0.0 + # The binding address and port for the registrar server +-ip = "127.0.0.1" ++# ip = "127.0.0.1" ++ip = "0.0.0.0" port = 8890 tls_port = 8891 ++++++ verifier.conf.diff ++++++ --- /var/tmp/diff_new_pack.ZuTTcl/_old 2023-08-30 10:18:50.836644718 +0200 +++ /var/tmp/diff_new_pack.ZuTTcl/_new 2023-08-30 10:18:50.840644860 +0200 @@ -1,22 +1,22 @@ ---- verifier.conf.ORIG 2023-01-23 09:36:14.684727116 +0100 -+++ verifier.conf 2023-01-23 09:45:13.585042153 +0100 +--- config/verifier.conf.ORIG 2023-08-24 09:34:59.222214093 +0200 ++++ config/verifier.conf 2023-08-24 09:37:53.332256150 +0200 @@ -8,7 +8,8 @@ uuid = default - # The verifier server IP address and port --ip = 127.0.0.1 -+# ip = 127.0.0.1 -+ip = 0.0.0.0 + # The binding address and port for the verifier server +-ip = "127.0.0.1" ++# ip = "127.0.0.1" ++ip = "0.0.0.0" port = 8881 # The address and port of registrar server that the verifier communicates with -@@ -233,7 +234,8 @@ +@@ -242,7 +243,8 @@ enabled_revocation_notifications = ['agent'] # The binding address and port of the revocation notifier service via ZeroMQ. -zmq_ip = 127.0.0.1 +# zmq_ip = 127.0.0.1 -+zmp_ip = 0.0.0.0 ++zmq_ip = 0.0.0.0 zmq_port = 8992 # Webhook url for revocation notifications.