From e40691c1819fe2cf6ea4608d1355df0f3d1755b3 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 10 Feb 2026 06:44:01 +0000
Subject: [PATCH] import OL keylime-7.12.1-11.el9_7.4

---
 SOURCES/0016-CVE-2026-1709.patch | 20 ++++++++++++++++++++
 SPECS/keylime.spec               |  9 ++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/0016-CVE-2026-1709.patch

diff --git a/SOURCES/0016-CVE-2026-1709.patch b/SOURCES/0016-CVE-2026-1709.patch
new file mode 100644
index 0000000..b494256
--- /dev/null
+++ b/SOURCES/0016-CVE-2026-1709.patch
@@ -0,0 +1,20 @@
+diff --git a/keylime/web/base/server.py b/keylime/web/base/server.py
+index 1d9a9c2..859b23a 100644
+--- a/keylime/web/base/server.py
++++ b/keylime/web/base/server.py
+@@ -2,7 +2,6 @@ import asyncio
+ import multiprocessing
+ from abc import ABC, abstractmethod
+ from functools import wraps
+-from ssl import CERT_OPTIONAL
+ from typing import TYPE_CHECKING, Any, Callable, Optional
+
+ import tornado
+@@ -252,7 +251,6 @@ class Server(ABC):
+         self._https_port = config.getint(component, "tls_port", fallback=0)
+         self._max_upload_size = config.getint(component, "max_upload_size", fallback=104857600)
+         self._ssl_ctx = web_util.init_mtls(component)
+-        self._ssl_ctx.verify_mode = CERT_OPTIONAL
+
+     def _get(self, pattern: str, controller: type["Controller"], action: str, allow_insecure: bool = False) -> None:
+         """Creates a new route to handle incoming GET requests issued for paths which match the given
diff --git a/SPECS/keylime.spec b/SPECS/keylime.spec
index 3939a83..031abca 100644
--- a/SPECS/keylime.spec
+++ b/SPECS/keylime.spec
@@ -9,7 +9,7 @@
 
 Name:    keylime
 Version: 7.12.1
-Release: 11%{?dist}.3
+Release: 11%{?dist}.4
 Summary: Open source TPM software for Bootstrapping and Maintaining Trust
 
 URL:            https://github.com/keylime/keylime
@@ -48,6 +48,9 @@ Patch: 0013-fix-malformed-certs-workaround.patch
 Patch: 0014-Add-shared-memory-infrastructure-for-multiprocess-co.patch
 Patch: 0015-Fix-registrar-duplicate-UUID-vulnerability.patch
 
+# CVE-2026-1709
+Patch: 0016-CVE-2026-1709.patch
+
 License: ASL 2.0 and MIT
 
 BuildRequires: git-core
@@ -441,6 +444,10 @@ fi
 %license LICENSE
 
 %changelog
+* Tue Feb 03 2026 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 7.12.1-11.4
+- CVE-2026-1709: Registrar authentication bypass
+  Resolves: RHEL-145390
+
 * Fri Dec 12 2025 Sergio Correia <scorreia@redhat.com> - 7.12.1-11.3
 - Registrar allows identity takeover via duplicate UUID registration
   Resolves: RHEL-130760