Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package keylime for openSUSE:Factory checked
in at 2024-06-17 19:27:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
and /work/SRC/openSUSE:Factory/.keylime.new.19518 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime"
Mon Jun 17 19:27:04 2024 rev:45 rq:1180845 version:7.11.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2024-03-17
22:10:52.929154011 +0100
+++ /work/SRC/openSUSE:Factory/.keylime.new.19518/keylime.changes
2024-06-17 19:27:20.893544562 +0200
@@ -1,0 +2,21 @@
+Fri Jun 14 08:04:48 UTC 2024 - apla...@suse.com
+
+- Update to version v7.11.0:
+ * "Monthly" Release (7.11.0)
+ * template mapping change for persisted idevids
+ * add config options for the persisted idevid and iak handles and passwords
+ * templates: Restore the default values
+ * templates: Add version 2.3
+ * convert_config: Use the latest default value for --default
+ * Add new /verify/identity API
+ * PSS padding fix - salt length changed to byte length of digest from length
of signature
+ * sign_runtime_policy: Display error message if non-EC key is provided
+ * packit: enable /regression/CVE-2023-3674 (suggested by Karel Srot)
+ * Fix durable attestation in absence of mb_policy
+ * tests: Fix coverage download by supporting new webdrives
+ * templates: verifier: Add require_allow_list_signatures to config file
+ * runtime policy: Raise error on missing key if signature required
+ * runtime policy: Raise error on unsigned policy if signature required
+ * dsse: Remove unused type: ignore comment (mypy)
+
+-------------------------------------------------------------------
Old:
----
keylime-v7.10.0.tar.xz
New:
----
keylime-v7.11.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.SgYxro/_old 2024-06-17 19:27:22.293595551 +0200
+++ /var/tmp/diff_new_pack.SgYxro/_new 2024-06-17 19:27:22.297595696 +0200
@@ -26,7 +26,7 @@
%define _config_norepl %config(noreplace)
%endif
Name: keylime
-Version: 7.10.0
+Version: 7.11.0
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining
Trust
License: Apache-2.0 AND MIT AND BSD-3-Clause
++++++ _service ++++++
--- /var/tmp/diff_new_pack.SgYxro/_old 2024-06-17 19:27:22.345597444 +0200
+++ /var/tmp/diff_new_pack.SgYxro/_new 2024-06-17 19:27:22.349597590 +0200
@@ -1,7 +1,7 @@
<services>
<service name="tar_scm" mode="manual">
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">refs/tags/v7.10.0</param>
+ <param name="revision">refs/tags/v7.11.0</param>
<param name="url">https://github.com/keylime/keylime.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.SgYxro/_old 2024-06-17 19:27:22.369598319 +0200
+++ /var/tmp/diff_new_pack.SgYxro/_new 2024-06-17 19:27:22.373598464 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/keylime/keylime.git</param>
- <param
name="changesrevision">a5a671f71ce5ed425bc2afa7e81f87fe682936f3</param></service></servicedata>
+ <param
name="changesrevision">31db17cd1413780e3f4f9b9673c024bc8096b897</param></service></servicedata>
(No newline at EOF)
++++++ keylime-v7.10.0.tar.xz -> keylime-v7.11.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/keylime/keylime-v7.10.0.tar.xz
/work/SRC/openSUSE:Factory/.keylime.new.19518/keylime-v7.11.0.tar.xz differ:
char 16, line 1
++++++ registrar.conf.diff ++++++
--- /var/tmp/diff_new_pack.SgYxro/_old 2024-06-17 19:27:22.441600941 +0200
+++ /var/tmp/diff_new_pack.SgYxro/_new 2024-06-17 19:27:22.445601086 +0200
@@ -1,7 +1,9 @@
---- config/registrar.conf.ORIG 2024-01-31 09:54:18.487372896 +0100
-+++ config/registrar.conf 2024-01-31 09:54:40.910700043 +0100
+diff --git a/config/registrar.conf b/config/registrar.conf
+index 19f7cb1..3492453 100644
+--- a/config/registrar.conf
++++ b/config/registrar.conf
@@ -5,7 +5,8 @@
- version = 2.2
+ version = 2.3
# The binding address and port for the registrar server
-ip = "127.0.0.1"
++++++ tenant.conf.diff ++++++
--- /var/tmp/diff_new_pack.SgYxro/_old 2024-06-17 19:27:22.461601670 +0200
+++ /var/tmp/diff_new_pack.SgYxro/_new 2024-06-17 19:27:22.465601815 +0200
@@ -1,6 +1,8 @@
---- config/tenant.conf.ORIG 2024-01-31 09:54:23.807371427 +0100
-+++ config/tenant.conf 2024-01-31 09:55:09.827358730 +0100
-@@ -106,7 +106,8 @@
+diff --git a/config/tenant.conf b/config/tenant.conf
+index ead02b8..1b3d921 100644
+--- a/config/tenant.conf
++++ b/config/tenant.conf
+@@ -106,7 +106,8 @@ request_timeout = 60
# might provide a signed list of EK public key hashes. Then you could write
# an ek_check_script that checks the signature of the allowlist and then
# compares the hash of the given EK with the allowlist.
++++++ verifier.conf.diff ++++++
--- /var/tmp/diff_new_pack.SgYxro/_old 2024-06-17 19:27:22.497602980 +0200
+++ /var/tmp/diff_new_pack.SgYxro/_new 2024-06-17 19:27:22.501603126 +0200
@@ -1,6 +1,8 @@
---- config/verifier.conf.ORIG 2024-01-31 09:54:29.240703257 +0100
-+++ config/verifier.conf 2024-01-31 09:55:21.884022063 +0100
-@@ -8,7 +8,8 @@
+diff --git a/config/verifier.conf b/config/verifier.conf
+index 9f65039..4e6191d 100644
+--- a/config/verifier.conf
++++ b/config/verifier.conf
+@@ -8,7 +8,8 @@ version = 2.3
uuid = default
# The binding address and port for the verifier server
@@ -10,7 +12,7 @@
port = 8881
# The address and port of registrar server that the verifier communicates with
-@@ -242,7 +243,8 @@
+@@ -245,7 +246,8 @@ require_allow_list_signatures = False
enabled_revocation_notifications = ['agent']
# The binding address and port of the revocation notifier service via ZeroMQ.
