Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package keylime for openSUSE:Factory checked in at 2026-02-10 21:11:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/keylime (Old) and /work/SRC/openSUSE:Factory/.keylime.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime" Tue Feb 10 21:11:38 2026 rev:52 rq:1332050 version:7.14.0+0 Changes: -------- --- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2026-01-12 10:23:55.159888517 +0100 +++ /work/SRC/openSUSE:Factory/.keylime.new.1670/keylime.changes 2026-02-10 21:11:42.233756246 +0100 @@ -1,0 +2,47 @@ +Mon Feb 09 13:47:17 UTC 2026 - [email protected] + +- Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895): + * Bump version to 7.14.0 + * verifier: Delete sessions from the DB and then from the cache + * authentication: Do not persist plaintext tokens + * crypto: Add operation to calculate the hash of a token + * Fix session management bugs and improve security + * authorization: Add documentation explaining authorization framework + * authorization: Add unit tests + * authorization: Add metadata to routes with auth requirement + * authorization: Integrate authorization to action_handler + * authorization: Add access requirement metadata to all routes + * authorization: Add authorization provider manager + * authorization: Add pluggable authorization provider framework + * keylime_oneshot_attestation: Fix measured boot log encoding + * tenant: Log the API version used to communicate with the agent + * tenant: Negotiate API version with the registrar + * scripts: Do not take TPM ownership + * scripts: Remove verifier key parameters from keylime_oneshot_attestation + * /verify/evidence: Return error 400 if no policy is provided + * tpm: handle policies provided as empty strings + * /verify/evidence: Require a policy for TPM evidence type + * ima: Fix deserialization of empty runtime policy + * scripts: Fix keylime_oneshot_attestation for API v2.5 + * [Automatic] Update Keylime base image 2026-02-03 + * tpm_engine: Fix evidence_class filtering for ima_log + * tpm_engine: Move _add_error() calls to self.attestation + * tpm_engine: Validate that available_subjects is a dict + * verifier: Add missing identity controller and fix routing mixup + * templates: Remove unused agent options, fixed incorrect ones + * templates: Add missing options to the templates + * templates: Fix values to be TOML compatible + * tests: Add unit tests for negotiate_version + * verifier: Only check for version downgrade after first attestation + * docs: Fix documentation regarding behavior of /verify/evidence + * docs: Update v2.5 doc with new agent /version behavior + * tenant, verifier: Implement API version negotiation + * Introduce new API version v2.5 + * Fix HTTP 500 error when accessing attestations for agents with no records + * Remove @Controller.require_json_api from GET attestations endpoints + * mba: Fix linting warnings on measured boot code + * CI: Update e2e test plan with new tests + * CI: Switch code coverage measurement to Fedora43 + * workflows: Separate upstream test suite from e2e coverage + +------------------------------------------------------------------- Old: ---- keylime-7.13.0+55.tar.xz New: ---- keylime-7.14.0+0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ keylime.spec ++++++ --- /var/tmp/diff_new_pack.bFDJEl/_old 2026-02-10 21:11:42.969787088 +0100 +++ /var/tmp/diff_new_pack.bFDJEl/_new 2026-02-10 21:11:42.969787088 +0100 @@ -31,7 +31,7 @@ %endif %{?sle15_python_module_pythons} Name: keylime -Version: 7.13.0+55 +Version: 7.14.0+0 Release: 0 Summary: Open source TPM software for Bootstrapping and Maintaining Trust License: Apache-2.0 AND MIT AND BSD-3-Clause ++++++ _service ++++++ --- /var/tmp/diff_new_pack.bFDJEl/_old 2026-02-10 21:11:43.017789099 +0100 +++ /var/tmp/diff_new_pack.bFDJEl/_new 2026-02-10 21:11:43.021789267 +0100 @@ -4,7 +4,7 @@ <!-- <param name="versionformat">@PARENT_TAG@</param> --> <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param> <param name="scm">git</param> - <param name="revision">v7.13.0</param> + <param name="revision">v7.14.0</param> <param name="revision">master</param> <param name="match-tag">*</param> <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.bFDJEl/_old 2026-02-10 21:11:43.065791111 +0100 +++ /var/tmp/diff_new_pack.bFDJEl/_new 2026-02-10 21:11:43.069791278 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/keylime/keylime.git</param> - <param name="changesrevision">af531bdbd127dbe2595ffcc80bdd9b447b09e705</param></service></servicedata> + <param name="changesrevision">fc5f04c145beb9c57b12862fd22e8d3bf47fb501</param></service></servicedata> (No newline at EOF) ++++++ keylime-7.13.0+55.tar.xz -> keylime-7.14.0+0.tar.xz ++++++ /work/SRC/openSUSE:Factory/keylime/keylime-7.13.0+55.tar.xz /work/SRC/openSUSE:Factory/.keylime.new.1670/keylime-7.14.0+0.tar.xz differ: char 15, line 1 ++++++ keylime.obsinfo ++++++ --- /var/tmp/diff_new_pack.bFDJEl/_old 2026-02-10 21:11:43.133793960 +0100 +++ /var/tmp/diff_new_pack.bFDJEl/_new 2026-02-10 21:11:43.137794128 +0100 @@ -1,5 +1,5 @@ name: keylime -version: 7.13.0+55 -mtime: 1767609804 -commit: af531bdbd127dbe2595ffcc80bdd9b447b09e705 +version: 7.14.0+0 +mtime: 1770414231 +commit: fc5f04c145beb9c57b12862fd22e8d3bf47fb501
