{"affected":[{"ecosystem_specific":{"binaries":[{"rust-keylime":"0.2.6+13-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"rust-keylime","purl":"pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.6+13-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rust-keylime fixes the following issues:\n\n- Update vendored crates (CVE-2024-43806, bsc#1229952, bsc#1230029)\n  * rustix 0.37.25\n  * rustix 0.38.34\n  * shlex  1.3.0\n\n- Update to version 0.2.6+13:\n  * Enable test functional/iak-idevid-persisted-and-protected\n  * build(deps): bump uuid from 1.7.0 to 1.10.0\n  * build(deps): bump openssl from 0.10.64 to 0.10.66\n  * keylime-agent/src/revocation: Fix comment indentation\n  * keylime/crypto: Fix indentation of documentation comment\n  * build(deps): bump thiserror from 1.0.59 to 1.0.63\n  * build(deps): bump serde_json from 1.0.116 to 1.0.120\n  * dependabot: Extend to also monitor workflow actions\n  * ci: Disable Packit CI on CentOS Stream 9\n  * ci: use CODECOV_TOKEN when submitting coverage data\n  * revocation: Use into() for unfallible transformation\n  * secure_mount: Fix possible infinite loop\n  * error: Rename enum variants to avoid clippy warning\n\n- Update to version 0.2.6~0:\n  * Bump version to 0.2.6\n  * build(deps): bump libc from 0.2.153 to 0.2.155\n  * build(deps): bump serde from 1.0.196 to 1.0.203\n  * rpm/fedora: Update rust macro usage\n  * config: Support hostnames in registrar_ip option\n  * added use of persisted IAK and IDevID and authorisation values\n  * config changes\n  * Adding /agent/info API to agent\n  * Fix leftover 'unnecessary qualification' warnings on tests\n\n- Update to version 0.2.5~4:\n  * Fix 'unnecessary qualification' warnings\n  * fix IAK template to match IDevID\n  * rpm: fix COPR RPMs build for centos-stream-10\n  * Build COPR RPMs for centos-stream-10\n\n- Update to version 0.2.5~0:\n  * Bump version to 0.2.5\n  * cargo: Relax required version for pest crate\n  * build(deps): bump log from 0.4.20 to 0.4.21\n  * build(deps): bump thiserror from 1.0.56 to 1.0.59\n\n- actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650)\n\n- Update to version 0.2.4~39:\n  * build(deps): bump openssl from 0.10.63 to 0.10.64\n  * build(deps): bump h2 from 0.3.24 to 0.3.26\n  * build(deps): bump serde_json from 1.0.107 to 1.0.116\n  * build(deps): bump actix-web from 4.4.1 to 4.5.1\n  * crypto: Enable TLS 1.3\n  * build(deps): bump tempfile from 3.9.0 to 3.10.1\n  * build(deps): bump mio from 0.8.4 to 0.8.11\n  * enable hex values to be used for tpm_ownerpassword\n  * config: Support IPv6 with or without brackets\n  * keylime: Implement a simple IP parser to remove brackets\n  * crypto: Implement CertificateBuilder to generate certificates\n  * tests: Fix coverage download by supporting arbitrary URL\n  * cargo: Add testing feature to keylime library\n  * Set X509 SAN with local DNSname/IP/IPv6\n  * Include newest Node20 versions for Github actions\n  * tpm: Add unit test for uncovered public functions\n  * crypto: Implement ECC key generation support\n  * crypto: Add test for match_cert_to_template()\n  * Fix minor typo, format and remove end whitespaces\n  * crypto: Make error types less specific\n  * tests/run.sh: Run tarpaulin with a single thread\n  * payloads: Remove explicit drop of channel transmitter\n  * crypto: Move to keylime library\n  * crypto: Add specific type for every possible error\n  * tpm: Rename origin of error as source in structures\n  * list_parser: Add source for error for backtrace\n  * algorithms: Make errors more specific\n  * typo fix for default path to measured boot log file\n  * README: remove mentions of libarchive as a dependency\n  * Dockerfile.wolfi: Update clang to version 17\n  * docker: Remove libarchive as a dependency\n  * rpm: Remove libarchive from dependencies\n  * cargo: Replace compress-tools with zip crate\n  * cargo: Bump ahash to version 0.8.7\n  * build(deps): bump serde from 1.0.195 to 1.0.196\n  * build(deps): bump libc from 0.2.152 to 0.2.153\n  * build(deps): bump reqwest from 0.11.23 to 0.11.24\n  * docker: Install configuration file in the correct path\n  * config: Make IAK/IDevID disabled by default\n\n- Update to version 0.2.4+git.1706692574.a744517:\n  * Bump version to 0.2.4\n  * build(deps): bump uuid from 1.4.1 to 1.7.0\n  * keylime-agent.conf: Allow setting event logs paths\n  * Mutable log paths: allow IMA and MBA log paths to be overridden by keylime configuration.\n  * workflows: Update checkout action to version 4\n  * build(deps): bump serde from 1.0.188 to 1.0.195\n  * build(deps): bump pest_derive from 2.7.0 to 2.7.6\n  * build(deps): bump openssl from 0.10.62 to 0.10.63\n  * build(deps): bump config from 0.13.3 to 0.13.4\n  * build(deps): bump base64 from 0.21.4 to 0.21.7\n  * build(deps): bump tempfile from 3.8.0 to 3.9.0\n  * build(deps): bump pest from 2.7.0 to 2.7.6\n  * build(deps): bump actix-web from 4.4.0 to 4.4.1\n  * build(deps): bump reqwest from 0.11.22 to 0.11.23\n  * build(deps): bump h2 from 0.3.17 to 0.3.24\n  * build(deps): bump shlex from 1.1.0 to 1.3.0\n  * cargo: Bump tss-esapi to version 7.4.0\n  * workflows: Fix keylime-bot token usage\n  * tpm: Add error context for every possible error\n  * tpm: Add AlgorithmError to TpmError\n  * detect idevid template from certificates\n  * build(deps): bump wiremock from 0.5.18 to 0.5.22\n  * build(deps): bump thiserror from 1.0.48 to 1.0.56\n  * Make use of workspace dependencies\n  * build(deps): bump openssl from 0.10.57 to 0.10.62\n  * packit: Bump Fedora version used for code coverage\n\n- Update to version 0.2.3+git.1701075380.a5dc985:\n  * build(deps): bump actix-rt from 2.8.0 to 2.9.0\n  * Bump version to 0.2.3\n  * build(deps): bump reqwest from 0.11.20 to 0.11.22\n  * Bump configuration version and fix enable_iak_idevid\n  * Enable test functional/iak-idevid-register-with-certificates\n  * Update packit plan with new tests\n  * Add certificates and certificate checking for IDevID and IAK keys (#669)\n\n- Update to version 0.2.2+git.1697658634.9c7c6fa:\n  * build(deps): bump rustix from 0.37.11 to 0.37.25\n  * build(deps): bump tempfile from 3.6.0 to 3.8.0\n  * build(deps): bump base64 from 0.21.0 to 0.21.4\n  * build(deps): bump serde_json from 1.0.96 to 1.0.107\n  * build(deps): bump openssl from 0.10.55 to 0.10.57\n  * cargo: Bump serde to version 1.0.188\n  * tests: Fix tarpaulin issues with dropped -v option\n  * build(deps): bump signal-hook from 0.3.15 to 0.3.17\n  * build(deps): bump actix-web from 4.3.1 to 4.4.0\n  * build(deps): bump thiserror from 1.0.40 to 1.0.48\n  * Remove private_in_public\n  * Initial PR to add support for IDevID and IAK\n  * build(deps): bump uuid from 1.3.1 to 1.4.1\n  * build(deps): bump log from 0.4.17 to 0.4.20\n  * build(deps): bump reqwest from 0.11.16 to 0.11.20\n  * Do not use too specific version on cargo audit workflow\n  * Add workflow to run cargo-audit security audit\n  * README: update dependencies for Debian and Ubuntu\n  * Use latest versions of checkout/upload-artifacts\n  * docker: Add 'keylime' system user\n  * Use \"currently\" for swtpm emulator warning (#632)\n  * Update container workflow actions versions\n  * Build container image and push to quay.io\n  * README: update requirements\n\n- Update to version 0.2.2+git.1689256829.3d2b627:\n  * Bump version to 0.2.2\n  * build(deps): bump tempfile from 3.5.0 to 3.6.0\n  * removing SIGINT stop signals from Dockerfiles and systemd service, as well as adding SIGTERM to IMA emulator as shutdown signal\n\n- Update to version 0.2.1+git.1689167094.67ce0cf:\n  * cargo: Bump serde to version 1.0.166\n  * build(deps): bump libc from 0.2.142 to 0.2.147\n  * adding release Dockerfiles in 3 flavours: fedora, distroless and wolfi\n  * hash: add more configurable hash algorithm for public key digest\n  * cargo: Update clap to version 4.3.11\n  * cargo: Bump tokio crate version to 1.28.2\n  * Add an example of IMA policy\n  * main: Gracefully shutdown on SIGTERM or SIGINT\n  * cargo: Bump proc-macro2 crate version\n  * revocation: Parse revocation actions flexibly\n  * crypto: Add unit tests for x509 functions\n  * crypto: Make internal functions private\n  * config: Add unit test for the list to files mapping\n  * config: Make trusted_client_ca to accept lists\n  * lib: Implement parser for lists from config file\n  * build(deps): bump openssl from 0.10.48 to 0.10.55\n  * Add secure mount sanity test to packit testing.\n  * [packit] Do not let COPR project expire\n\n- Recommends the IMA Policy subpackage only if SELinux is configured\n\n- Update to version 0.2.1+git.1685699835.3c9d17c:\n  * Remove MOUNT_SECURE bool\n  * rpm: Remove unused directory and add dependency for mount\n  * keylime-agent/src: update API version to 2.1 to consistent with https://github.com/keylime/keylime/blob/master/docs/rest_apis.rst\n  * docker/fedora/keylime_rust.Dockerfile: add the logic of cloning and compiling rust-keylime\n  * [tests] Update test coverage task name regexp\n  * [tests] Simply coverage file URL parsing\n\n","id":"SUSE-SU-2025:20057-1","modified":"2025-02-03T08:57:24Z","published":"2025-02-03T08:57:24Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520057-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223234"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229952"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230029"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32650"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-43806"}],"related":["CVE-2024-32650","CVE-2024-43806"],"summary":"Security update for rust-keylime","upstream":["CVE-2024-32650","CVE-2024-43806"]}