diff --git a/.keylime-agent-rust.metadata b/.keylime-agent-rust.metadata index d15dfb2..414bdcb 100644 --- a/.keylime-agent-rust.metadata +++ b/.keylime-agent-rust.metadata @@ -1,2 +1,2 @@ -ebbab25fae8f931570637acfdad264456dd70625 SOURCES/rust-keylime-0.2.2-vendor.tar.xz +65898cc04f96ee7a5bae484ecf40d63a480106ad SOURCES/rust-keylime-0.2.2-vendor.tar.xz f83bc06ae2d04673fb2ed8356bf691ec664ef9f7 SOURCES/v0.2.2.tar.gz diff --git a/SOURCES/rust-keylime-adjust-features.patch b/SOURCES/rust-keylime-adjust-features.patch index 6822950..7ca1b1e 100644 --- a/SOURCES/rust-keylime-adjust-features.patch +++ b/SOURCES/rust-keylime-adjust-features.patch @@ -1,5 +1,5 @@ ---- a/keylime-agent/Cargo.toml 2023-05-25 11:34:50.849496112 +0200 -+++ b/keylime-agent/Cargo.toml 2023-05-25 11:35:38.163793600 +0200 +--- a/keylime-agent/Cargo.toml 2025-02-07 17:53:24.436876268 +0100 ++++ b/keylime-agent/Cargo.toml 2025-02-07 17:54:06.501697761 +0100 @@ -34,11 +34,6 @@ tss-esapi = {version = "7.2.0", features = ["generate-bindings"]} thiserror = "1.0" @@ -12,24 +12,18 @@ [dev-dependencies] actix-rt = "2" -@@ -46,20 +41,6 @@ - [features] +@@ -47,12 +42,12 @@ # The features enabled by default default = [] --# this should change to dev-dependencies when we have integration testing + # this should change to dev-dependencies when we have integration testing -testing = ["wiremock"] --# Whether the agent should be compiled with support to listen for notification --# messages on ZeroMQ --# --# This feature is deprecated and will be removed on next major release ++testing = [] + # Whether the agent should be compiled with support to listen for notification + # messages on ZeroMQ + # + # This feature is deprecated and will be removed on next major release -with-zmq = ["zmq"] --# Whether the agent should be compiled with support for python revocation --# actions loaded as modules, which is the only kind supported by the python --# agent (unless the enhancement-55 is implemented). See: --# https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md --# --# This feature is deprecated and will be removed on next major release --legacy-python-actions = [] - - [package.metadata.deb] - section = "net" ++with-zmq = [] + # Whether the agent should be compiled with support for python revocation + # actions loaded as modules, which is the only kind supported by the python + # agent (unless the enhancement-55 is implemented). See: diff --git a/SOURCES/rust-keylime-fix-unnecessary-qualifications.patch b/SOURCES/rust-keylime-fix-unnecessary-qualifications.patch new file mode 100644 index 0000000..ddc8cc2 --- /dev/null +++ b/SOURCES/rust-keylime-fix-unnecessary-qualifications.patch @@ -0,0 +1,91 @@ +diff --git a/keylime-agent/src/crypto.rs b/keylime-agent/src/crypto.rs +index 8ec3449..aeebe34 100644 +--- a/keylime-agent/src/crypto.rs ++++ b/keylime-agent/src/crypto.rs +@@ -111,7 +111,7 @@ pub(crate) fn write_key_pair( + _ = file.write(&key.private_key_to_pem_pkcs8()?)?; + } else { + _ = file.write(&key.private_key_to_pem_pkcs8_passphrase( +- openssl::symm::Cipher::aes_256_cbc(), ++ Cipher::aes_256_cbc(), + pw.as_bytes(), + )?)?; + } +diff --git a/keylime-agent/src/errors_handler.rs b/keylime-agent/src/errors_handler.rs +index b0fa4c2..d3722d0 100644 +--- a/keylime-agent/src/errors_handler.rs ++++ b/keylime-agent/src/errors_handler.rs +@@ -379,7 +379,7 @@ mod tests { + let mut app = test::init_service( + App::new() + .wrap( +- middleware::ErrorHandlers::new() ++ ErrorHandlers::new() + .handler(http::StatusCode::NOT_FOUND, wrap_404), + ) + .app_data( +diff --git a/keylime-agent/src/main.rs b/keylime-agent/src/main.rs +index a17e3cb..beef809 100644 +--- a/keylime-agent/src/main.rs ++++ b/keylime-agent/src/main.rs +@@ -10,7 +10,6 @@ + overflowing_literals, + path_statements, + patterns_in_fns_without_body, +- private_in_public, + unconditional_recursion, + unused, + while_true, +diff --git a/keylime-agent/src/payloads.rs b/keylime-agent/src/payloads.rs +index e190e3a..fc58c43 100644 +--- a/keylime-agent/src/payloads.rs ++++ b/keylime-agent/src/payloads.rs +@@ -221,7 +221,7 @@ async fn run_encrypted_payload( + let action_file = unzipped.join("action_list"); + + if action_file.exists() { +- let action_data = std::fs::read_to_string(&action_file) ++ let action_data = fs::read_to_string(&action_file) + .expect("unable to read action_list"); + + action_data +diff --git a/keylime-agent/src/revocation.rs b/keylime-agent/src/revocation.rs +index 025a929..51edcea 100644 +--- a/keylime-agent/src/revocation.rs ++++ b/keylime-agent/src/revocation.rs +@@ -203,7 +203,7 @@ fn run_revocation_actions( + let action_file = unzipped.join("action_list"); + + if action_file.exists() { +- action_data = std::fs::read_to_string(&action_file) ++ action_data = fs::read_to_string(&action_file) + .expect("unable to read action_list"); + + let file_actions = parse_list(&action_data)?; +@@ -529,7 +529,7 @@ mod tests { + env!("CARGO_MANIFEST_DIR"), + "/tests/unzipped/test_ok.json" + ); +- let json_str = std::fs::read_to_string(json_file).unwrap(); //#[allow_ci] ++ let json_str = fs::read_to_string(json_file).unwrap(); //#[allow_ci] + let json = serde_json::from_str(&json_str).unwrap(); //#[allow_ci] + let actions_dir = + &Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/actions/"); +@@ -568,7 +568,7 @@ mod tests { + env!("CARGO_MANIFEST_DIR"), + "/tests/unzipped/test_err.json" + ); +- let json_str = std::fs::read_to_string(json_file).unwrap(); //#[allow_ci] ++ let json_str = fs::read_to_string(json_file).unwrap(); //#[allow_ci] + let json = serde_json::from_str(&json_str).unwrap(); //#[allow_ci] + let actions_dir = + &Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/actions/"); +@@ -603,7 +603,7 @@ mod tests { + let revocation_actions = "local_action_stand_alone.py, local_action_rev_script1.py"; + } + } +- let json_str = std::fs::read_to_string(json_file).unwrap(); //#[allow_ci] ++ let json_str = fs::read_to_string(json_file).unwrap(); //#[allow_ci] + let json = serde_json::from_str(&json_str).unwrap(); //#[allow_ci] + let actions_dir = + &Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/actions/"); diff --git a/SOURCES/rust-keylime-openssl-0.10.70.patch b/SOURCES/rust-keylime-openssl-0.10.70.patch new file mode 100644 index 0000000..60abe0a --- /dev/null +++ b/SOURCES/rust-keylime-openssl-0.10.70.patch @@ -0,0 +1,635 @@ +diff --git a/Cargo.lock b/tmp/Cargo.lock +index b91be43..6642d88 100644 +--- a/Cargo.lock ++++ b/tmp/Cargo.lock +@@ -1,6 +1,6 @@ + # This file is automatically @generated by Cargo. + # It is not intended for manual editing. +-version = 3 ++version = 4 + + [[package]] + name = "actix-codec" +@@ -8,7 +8,7 @@ version = "0.5.0" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "57a7559404a7f3573127aab53c08ce37a6c6a315c374a31070f3c91cd1b4a7fe" + dependencies = [ +- "bitflags", ++ "bitflags 1.3.2", + "bytes", + "futures-core", + "futures-sink", +@@ -32,7 +32,7 @@ dependencies = [ + "actix-utils", + "ahash 0.8.3", + "base64 0.21.0", +- "bitflags", ++ "bitflags 1.3.2", + "bytes", + "bytestring", + "derive_more", +@@ -48,7 +48,7 @@ dependencies = [ + "mime", + "percent-encoding", + "pin-project-lite", +- "rand 0.8.5", ++ "rand", + "sha1", + "smallvec", + "tokio", +@@ -206,7 +206,7 @@ version = "0.7.6" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" + dependencies = [ +- "getrandom 0.2.7", ++ "getrandom", + "once_cell", + "version_check", + ] +@@ -218,7 +218,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" + dependencies = [ + "cfg-if", +- "getrandom 0.2.7", ++ "getrandom", + "once_cell", + "version_check", + ] +@@ -281,33 +281,6 @@ dependencies = [ + "windows-sys 0.48.0", + ] + +-[[package]] +-name = "anyhow" +-version = "1.0.65" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "98161a4e3e2184da77bb14f02184cdd111e83bbbcc9979dfee3c44b9a85f5602" +- +-[[package]] +-name = "assert-json-diff" +-version = "2.0.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "47e4f2b81832e72834d7518d8487a0396a28cc408186a2e8854c0f98011faf12" +-dependencies = [ +- "serde", +- "serde_json", +-] +- +-[[package]] +-name = "async-channel" +-version = "1.7.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e14485364214912d3b19cc3435dde4df66065127f05fa0d75c712f36f12c2f28" +-dependencies = [ +- "concurrent-queue", +- "event-listener", +- "futures-core", +-] +- + [[package]] + name = "async-trait" + version = "0.1.57" +@@ -354,7 +327,7 @@ version = "0.63.0" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "36d860121800b2a9a94f9b5604b332d5cffb234ce17609ea479d723dbc9d3885" + dependencies = [ +- "bitflags", ++ "bitflags 1.3.2", + "cexpr", + "clang-sys", + "lazy_static", +@@ -382,6 +355,12 @@ version = "1.3.2" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + ++[[package]] ++name = "bitflags" ++version = "2.8.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36" ++ + [[package]] + name = "block-buffer" + version = "0.10.3" +@@ -412,12 +391,6 @@ dependencies = [ + "bytes", + ] + +-[[package]] +-name = "cache-padded" +-version = "1.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c1db59621ec70f09c5e9b597b220c7a2b43611f4710dc03ceb8748637775692c" +- + [[package]] + name = "cc" + version = "1.0.73" +@@ -509,15 +482,6 @@ dependencies = [ + "vcpkg", + ] + +-[[package]] +-name = "concurrent-queue" +-version = "1.2.4" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "af4780a44ab5696ea9e28294517f1fffb421a83a25af521333c838635509db9c" +-dependencies = [ +- "cache-padded", +-] +- + [[package]] + name = "config" + version = "0.13.3" +@@ -529,7 +493,7 @@ dependencies = [ + "nom", + "pathdiff", + "serde", +- "toml 0.5.9", ++ "toml", + ] + + [[package]] +@@ -557,25 +521,6 @@ dependencies = [ + "typenum", + ] + +-[[package]] +-name = "deadpool" +-version = "0.9.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "421fe0f90f2ab22016f32a9881be5134fdd71c65298917084b0c7477cbc3856e" +-dependencies = [ +- "async-trait", +- "deadpool-runtime", +- "num_cpus", +- "retain_mut", +- "tokio", +-] +- +-[[package]] +-name = "deadpool-runtime" +-version = "0.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "eaa37046cc0f6c3cc6090fbdbf73ef0b8ef4cfcc37f6befc0020f63e8cf121e1" +- + [[package]] + name = "derive_more" + version = "0.99.17" +@@ -668,18 +613,6 @@ dependencies = [ + "libc", + ] + +-[[package]] +-name = "error-chain" +-version = "0.10.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d9435d864e017c3c6afeac1654189b06cdb491cf2ff73dbf0d73b0f292f42ff8" +- +-[[package]] +-name = "event-listener" +-version = "2.5.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" +- + [[package]] + name = "fastrand" + version = "1.8.0" +@@ -767,21 +700,6 @@ version = "0.3.27" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "89d422fa3cbe3b40dca574ab087abb5bc98258ea57eea3fd6f1fa7162c778b91" + +-[[package]] +-name = "futures-lite" +-version = "1.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "7694489acd39452c77daa48516b894c153f192c3578d5a839b62c58099fcbf48" +-dependencies = [ +- "fastrand", +- "futures-core", +- "futures-io", +- "memchr", +- "parking", +- "pin-project-lite", +- "waker-fn", +-] +- + [[package]] + name = "futures-macro" + version = "0.3.27" +@@ -805,12 +723,6 @@ version = "0.3.27" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "fd65540d33b37b16542a0438c12e6aeead10d4ac5d05bd3f805b8f35ab592879" + +-[[package]] +-name = "futures-timer" +-version = "3.0.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "e64b03909df88034c26dc1547e8970b91f98bdb65165d6a4e9110d94263dbb2c" +- + [[package]] + name = "futures-util" + version = "0.3.27" +@@ -839,17 +751,6 @@ dependencies = [ + "version_check", + ] + +-[[package]] +-name = "getrandom" +-version = "0.1.16" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce" +-dependencies = [ +- "cfg-if", +- "libc", +- "wasi 0.9.0+wasi-snapshot-preview1", +-] +- + [[package]] + name = "getrandom" + version = "0.2.7" +@@ -858,7 +759,7 @@ checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" + dependencies = [ + "cfg-if", + "libc", +- "wasi 0.11.0+wasi-snapshot-preview1", ++ "wasi", + ] + + [[package]] +@@ -947,27 +848,6 @@ dependencies = [ + "pin-project-lite", + ] + +-[[package]] +-name = "http-types" +-version = "2.12.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6e9b187a72d63adbfba487f48095306ac823049cb504ee195541e91c7775f5ad" +-dependencies = [ +- "anyhow", +- "async-channel", +- "base64 0.13.1", +- "futures-lite", +- "http", +- "infer", +- "pin-project-lite", +- "rand 0.7.3", +- "serde", +- "serde_json", +- "serde_qs", +- "serde_urlencoded", +- "url", +-] +- + [[package]] + name = "httparse" + version = "1.8.0" +@@ -1033,12 +913,6 @@ dependencies = [ + "hashbrown", + ] + +-[[package]] +-name = "infer" +-version = "0.2.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "64e9829a50b42bb782c1df523f78d332fe371b10c661e78b7a3c34b0198e9fac" +- + [[package]] + name = "instant" + version = "0.1.12" +@@ -1141,8 +1015,6 @@ dependencies = [ + "tokio", + "tss-esapi", + "uuid", +- "wiremock", +- "zmq", + ] + + [[package]] +@@ -1253,17 +1125,6 @@ version = "2.5.0" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" + +-[[package]] +-name = "metadeps" +-version = "1.1.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "73b122901b3a675fac8cecf68dcb2f0d3036193bc861d1ac0e1c337f7d5254c2" +-dependencies = [ +- "error-chain", +- "pkg-config", +- "toml 0.2.1", +-] +- + [[package]] + name = "mime" + version = "0.3.16" +@@ -1284,7 +1145,7 @@ checksum = "57ee1c23c7c63b0c9250c339ffdc69255f110b298b901b9f6c82547b7b87caaf" + dependencies = [ + "libc", + "log", +- "wasi 0.11.0+wasi-snapshot-preview1", ++ "wasi", + "windows-sys 0.36.1", + ] + +@@ -1354,11 +1215,11 @@ checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1" + + [[package]] + name = "openssl" +-version = "0.10.55" ++version = "0.10.70" + source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "345df152bc43501c5eb9e4654ff05f794effb78d4efe3d53abc158baddc0703d" ++checksum = "61cfb4e166a8bb8c9b55c500bc2308550148ece889be90f609377e58140f42c6" + dependencies = [ +- "bitflags", ++ "bitflags 2.8.0", + "cfg-if", + "foreign-types", + "libc", +@@ -1369,20 +1230,20 @@ dependencies = [ + + [[package]] + name = "openssl-macros" +-version = "0.1.0" ++version = "0.1.1" + source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" ++checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" + dependencies = [ + "proc-macro2", + "quote", +- "syn 1.0.100", ++ "syn 2.0.25", + ] + + [[package]] + name = "openssl-sys" +-version = "0.9.90" ++version = "0.9.105" + source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "374533b0e45f3a7ced10fcaeccca020e66656bc03dac384f852e4e5a7a8104a6" ++checksum = "8b22d5b84be05a8d6947c7cb71f7c849aa0f112acd4bf51c2a7c1c988ac0a9dc" + dependencies = [ + "cc", + "libc", +@@ -1390,12 +1251,6 @@ dependencies = [ + "vcpkg", + ] + +-[[package]] +-name = "parking" +-version = "2.0.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "427c3892f9e783d91cc128285287e70a59e206ca452770ece88a76f7a3eddd72" +- + [[package]] + name = "parking_lot" + version = "0.12.1" +@@ -1602,19 +1457,6 @@ dependencies = [ + "proc-macro2", + ] + +-[[package]] +-name = "rand" +-version = "0.7.3" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" +-dependencies = [ +- "getrandom 0.1.16", +- "libc", +- "rand_chacha 0.2.2", +- "rand_core 0.5.1", +- "rand_hc", +-] +- + [[package]] + name = "rand" + version = "0.8.5" +@@ -1622,18 +1464,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" + dependencies = [ + "libc", +- "rand_chacha 0.3.1", +- "rand_core 0.6.4", +-] +- +-[[package]] +-name = "rand_chacha" +-version = "0.2.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" +-dependencies = [ +- "ppv-lite86", +- "rand_core 0.5.1", ++ "rand_chacha", ++ "rand_core", + ] + + [[package]] +@@ -1643,16 +1475,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" + dependencies = [ + "ppv-lite86", +- "rand_core 0.6.4", +-] +- +-[[package]] +-name = "rand_core" +-version = "0.5.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" +-dependencies = [ +- "getrandom 0.1.16", ++ "rand_core", + ] + + [[package]] +@@ -1661,16 +1484,7 @@ version = "0.6.4" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" + dependencies = [ +- "getrandom 0.2.7", +-] +- +-[[package]] +-name = "rand_hc" +-version = "0.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" +-dependencies = [ +- "rand_core 0.5.1", ++ "getrandom", + ] + + [[package]] +@@ -1679,7 +1493,7 @@ version = "0.2.16" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" + dependencies = [ +- "bitflags", ++ "bitflags 1.3.2", + ] + + [[package]] +@@ -1688,7 +1502,7 @@ version = "0.3.5" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" + dependencies = [ +- "bitflags", ++ "bitflags 1.3.2", + ] + + [[package]] +@@ -1742,12 +1556,6 @@ dependencies = [ + "winreg", + ] + +-[[package]] +-name = "retain_mut" +-version = "0.1.9" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "4389f1d5789befaf6029ebd9f7dac4af7f7e3d61b69d4f30e2ac02b57e7712b0" +- + [[package]] + name = "rustc-hash" + version = "1.1.0" +@@ -1778,7 +1586,7 @@ version = "0.37.11" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "85597d61f83914ddeba6a47b3b8ffe7365107221c2e557ed94426489fefb5f77" + dependencies = [ +- "bitflags", ++ "bitflags 1.3.2", + "errno", + "io-lifetimes", + "libc", +@@ -1862,17 +1670,6 @@ dependencies = [ + "serde", + ] + +-[[package]] +-name = "serde_qs" +-version = "0.8.5" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "c7715380eec75f029a4ef7de39a9200e0a63823176b759d055b613f5a87df6a6" +-dependencies = [ +- "percent-encoding", +- "serde", +- "thiserror", +-] +- + [[package]] + name = "serde_urlencoded" + version = "0.7.1" +@@ -2139,12 +1936,6 @@ dependencies = [ + "tracing", + ] + +-[[package]] +-name = "toml" +-version = "0.2.1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "736b60249cb25337bc196faa43ee12c705e426f3d55c214d73a4e7be06f92cb4" +- + [[package]] + name = "toml" + version = "0.5.9" +@@ -2268,7 +2059,6 @@ dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", +- "serde", + ] + + [[package]] +@@ -2283,7 +2073,7 @@ version = "1.3.1" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "5b55a3fef2a1e3b3a00ce878640918820d3c51081576ac657d23af9fc7928fdb" + dependencies = [ +- "getrandom 0.2.7", ++ "getrandom", + ] + + [[package]] +@@ -2298,12 +2088,6 @@ version = "0.9.4" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +-[[package]] +-name = "waker-fn" +-version = "1.1.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" +- + [[package]] + name = "want" + version = "0.3.0" +@@ -2314,12 +2098,6 @@ dependencies = [ + "try-lock", + ] + +-[[package]] +-name = "wasi" +-version = "0.9.0+wasi-snapshot-preview1" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" +- + [[package]] + name = "wasi" + version = "0.11.0+wasi-snapshot-preview1" +@@ -2562,28 +2340,6 @@ dependencies = [ + "winapi", + ] + +-[[package]] +-name = "wiremock" +-version = "0.5.18" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "bd7b0b5b253ebc0240d6aac6dd671c495c467420577bf634d3064ae7e6fa2b4c" +-dependencies = [ +- "assert-json-diff", +- "async-trait", +- "base64 0.21.0", +- "deadpool", +- "futures", +- "futures-timer", +- "http-types", +- "hyper", +- "log", +- "once_cell", +- "regex", +- "serde", +- "serde_json", +- "tokio", +-] +- + [[package]] + name = "zeroize" + version = "1.5.7" +@@ -2604,25 +2360,3 @@ dependencies = [ + "syn 1.0.100", + "synstructure", + ] +- +-[[package]] +-name = "zmq" +-version = "0.9.2" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "aad98a7a617d608cd9e1127147f630d24af07c7cd95ba1533246d96cbdd76c66" +-dependencies = [ +- "bitflags", +- "libc", +- "log", +- "zmq-sys", +-] +- +-[[package]] +-name = "zmq-sys" +-version = "0.11.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "d33a2c51dde24d5b451a2ed4b488266df221a5eaee2ee519933dc46b9a9b3648" +-dependencies = [ +- "libc", +- "metadeps", +-] diff --git a/SPECS/keylime-agent-rust.spec b/SPECS/keylime-agent-rust.spec index 22fe063..97cf7e6 100644 --- a/SPECS/keylime-agent-rust.spec +++ b/SPECS/keylime-agent-rust.spec @@ -10,7 +10,7 @@ Name: keylime-agent-rust Version: 0.2.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Rust agent for Keylime # Upstream license specification: Apache-2.0 @@ -49,6 +49,10 @@ Source0: %{url}/archive/refs/tags/v%{version}.tar.gz Source1: rust-keylime-%{version}-vendor.tar.xz # Drop dependencies and adjust the features Patch0: rust-keylime-adjust-features.patch +# Update openssl to version 0.10.70 to fix CVE-2025-24898 +Patch1: rust-keylime-openssl-0.10.70.patch +# Fix unnecessary qualification warnings +Patch2: rust-keylime-fix-unnecessary-qualifications.patch ExclusiveArch: %{rust_arches} @@ -97,6 +101,7 @@ Provides: bundled(crate(base64)) = 0.21.0 Provides: bundled(crate(bindgen)) = 0.63.0 Provides: bundled(crate(bitfield)) = 0.13.2 Provides: bundled(crate(bitflags)) = 1.3.2 +Provides: bundled(crate(bitflags)) = 2.8.0 Provides: bundled(crate(block-buffer)) = 0.10.3 Provides: bundled(crate(bytes)) = 1.2.1 Provides: bundled(crate(bytestring)) = 1.1.0 @@ -181,9 +186,9 @@ Provides: bundled(crate(num_cpus)) = 1.13.1 Provides: bundled(crate(num_threads)) = 0.1.6 Provides: bundled(crate(oid)) = 0.2.1 Provides: bundled(crate(once_cell)) = 1.15.0 -Provides: bundled(crate(openssl)) = 0.10.55 -Provides: bundled(crate(openssl-macros)) = 0.1.0 -Provides: bundled(crate(openssl-sys)) = 0.9.90 +Provides: bundled(crate(openssl)) = 0.10.70 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.105 Provides: bundled(crate(parking_lot)) = 0.12.1 Provides: bundled(crate(parking_lot_core)) = 0.9.3 Provides: bundled(crate(paste)) = 1.0.9 @@ -269,6 +274,7 @@ Provides: bundled(crate(unicode-xid)) = 0.2.4 Provides: bundled(crate(url)) = 2.3.1 Provides: bundled(crate(utf8parse)) = 0.2.1 Provides: bundled(crate(uuid)) = 1.3.1 +Provides: bundled(crate(vcpkg)) = 0.2.15 Provides: bundled(crate(version_check)) = 0.9.4 Provides: bundled(crate(want)) = 0.3.0 Provides: bundled(crate(which)) = 4.3.0 @@ -354,6 +360,9 @@ chown -R keylime:keylime %{_sysconfdir}/keylime %endif %changelog +* Fri Feb 07 2025 Anderson Toshiyuki Sasaki - 0.2.2-2 +- Update openssl crate to version 0.10.70 to fix CVE-2025-24898 + * Thu Jul 20 2023 Anderson Toshiyuki Sasaki - 0.2.2-1 - Update to upstream release 0.2.2