keylime/keylime v6.3.0

on GitHub

What's Changed

The following security advisories are fixed by this release:

• GHSA-2m39-75g9-ff5r
• GHSA-wj36-qcfg-5j52
• GHSA-87gh-qc28-j9mm
• GHSA-9r9r-f8xc-m875
• GHSA-6xx7-m45w-76m2
• GHSA-fchm-5w2v-qfm8

Other Changes

• agent: drop openstack uuid option by @THS-on in #799
• config: private_key must set to -private.pem not -public.pem by @THS-on in #806
• config, tpm_main: explicitly handle YAML load errors by @THS-on in #807
• Remove the SHA1 requirement for IMA by @THS-on in #803
• ima_emulator: specify sys.argv as the named parameter argv in main() by @sergio-correia in #809
• Enable functional testing with Packit CI by @kkaarreell in #811
• json: do not make sqlalchemy a hard requirement by @sergio-correia in #813
• Add generator for measured boot refence state for example policy by @THS-on in #808
• db: only set length on Text type if supported by @THS-on in #815
• Various code improvements for mostly the agent by @THS-on in #818
• Remove leftovers of TPM 1.2 support by @axelsimon in #819
• ima_ast: fix handling ToMToU errors by @THS-on in #822
• ima_emulator: fix IMA hash validation and add more options by @THS-on in #823
• Allow graceful shutdown of the verifier by @THS-on in #825
• Drop dataclasses module usage by @aplanas in #827
• tests: fix stdout formatting for agent and verifier by @THS-on in #828
• Mitigations against event type manipulation in UEFI eventlog by @THS-on in #816
• Support multiple configuration files by @aplanas in #829
• tenant: fix reactivate command by @THS-on in #833
• Enable new test in Packit CI by @kkaarreell in #834
• ci: disable DeprecationWarning from pylint in tox by @THS-on in #836
• Fix test branch reference in packit.yaml by @kkaarreell in #838
• ca: support back old cyptography API by @aplanas in #839
• Various fixes and improvements to the web components by @THS-on in #837
• verifier: do not call finish() twice by @THS-on in #842
• tpm_main: close file descriptor for aik handle by @THS-on in #843
• Explicitly set permissions on new keylime.conf files installed by @mpeters in #844
• tenant, web_util: ensure that the content type is actually application/json by @THS-on in #845
• Improve revocation notifier IP description in keylime.conf by @kkaarreell in #847
• Adding Nuvoton certificate for a new post 2020 TPM device. by @galmasi in #850
• verifier: use json.loads(..) instead of ast.literal_eval(..) by @THS-on in #846
• Fix #849 - SHA256 for IMA allowlist v1 by @maugustosilva in #851
• Security improvements to Keylime by @THS-on in #854

New Contributors

• @kkaarreell made their first contribution in #811

Full Changelog: v6.2.1...v6.3.0