import OL keylime-7.12.1-11.el10_1.3

2025-12-22 06:18:40 +00:00 · 2025-12-22 06:18:40 +00:00 · 31ffcecac3
commit 31ffcecac3
parent 1bbfd75e55
3 changed files with 2306 additions and 1 deletions
--- a/0013-Add-shared-memory-infrastructure-for-multiprocess-co.patch
+++ b/0013-Add-shared-memory-infrastructure-for-multiprocess-co.patch
--- a/0014-Fix-registrar-duplicate-UUID-vulnerability.patch
+++ b/0014-Fix-registrar-duplicate-UUID-vulnerability.patch
--- a/keylime.spec
+++ b/keylime.spec
@ -14,7 +14,7 @@

 Name:    keylime
 Version: 7.12.1
-Release: 11%{?dist}.2
+Release: 11%{?dist}.3
 Summary: Open source TPM software for Bootstrapping and Maintaining Trust

 URL:            https://github.com/keylime/keylime
@ -53,6 +53,13 @@ Patch: 0011-fix-malformed-certs-workaround.patch
 # Backported from https://github.com/keylime/keylime/pull/1795
 Patch: 0012-keylime-policy-avoid-opening-dev-stdout.patch

+# CVE-2025-13609
+# Backports from:
+# - https://github.com/keylime/keylime/pull/1817/commits/1024e19d
+# - https://github.com/keylime/keylime/pull/1825
+Patch: 0013-Add-shared-memory-infrastructure-for-multiprocess-co.patch
+Patch: 0014-Fix-registrar-duplicate-UUID-vulnerability.patch
+
 # Main program: Apache-2.0
 # Icons: MIT
 License: Apache-2.0 AND MIT
@ -470,6 +477,9 @@ fi

 %changelog
 ## START: Generated by rpmautospec
+* Thu Dec 11 2025 Sergio Correia <scorreia@redhat.com> - 7.12.1-15
+- Registrar allows identity takeover via duplicate UUID registration
+
 * Mon Sep 15 2025 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 7.12.1-14
 - Properly fix malformed TPM certificates workaround