Revisions of ima-evm-utils
- Update to version 1.5 * CI changes: * New: UML kernel testing environment * Support for running specific test(s) * Update distros * Update software release versions * New features: * Signing fs-verity signatures * Reading TPM 2.0 PCRs via sysfs interface * New tests: * Missing IMA mmapped file measurements * Overlapping IMA policy rules * EVM portable signatures * fs-verity file measurements in the IMA measurement list * Build and library changes: * OpenSSL 3.0 version related changes * New configuration options: --disable-engine, --enable-sigv1 * Deprecate IMA signature v1 format * Misc bug fixes and code cleanup: * memory leaks, bounds checking, use after free * Fix and update test output * Add missing sanity checks * Documentation: * Store the sourceforge ima-evm-utils wiki for historical purposes. - Upstream bumped soname to 4.0.0 - Add BuildRequires: e2fsprogs util-linux (required by tests, which are mandatory) - /usr/sbin to PATH (0001-fsverity.test-Add-usr-sbin-into-PATH.patch, sent to upstream ML) (forwarded request 1070704 from pevik)
- switch to use https urls
- Update to version 1.2.1 (included changes of unreleased v1.2) version 1.2 new features: * Generate EVM signatures based on the specified hash algorithm * include "security.apparmor" in EVM signature * Add support for writing & verifying "user.xxxx" xattrs for testing * Support Strebog/Gost hash functions * Add OpenSSL engine support * Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures * Support verifying multiple signatures at once * Support new template "buf" field and warn about other unknown fields * Improve OpenSSL error reporting * Support reading TPM 2.0 PCRs using tsspcrread Bug fixes and code cleanup: * Update manpage stylesheet detection * Fix xattr.h include file * On error when reading TPM PCRs, don't log gargabe * Properly return keyid string to calc_keyid_v1/v2 callers, caused by limiting keyid output to verbose mode * Fix hash buffer overflow caused by EVM support for larger hashes, defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts". * Linked with libcrypto instead of OpenSSL * Updated Autotools, replacing INCLUDES with AM_CPPFLAGS * Include new "hash-info.gen" in tar * Log the hash algorithm, not just the hash value * Fixed memory leaks in: EV_MD_CTX, init_public_keys * Fixed other warnings/bugs discovered by clang, coverity * Remove indirect calls in verify_hash() to improve code readability * Don't fallback to using sha1 * Namespace some too generic object names * Make functions/arrays static if possible (forwarded request 719901 from pevik)
- ima-evm-utils-xattr.patch: xattr.h is now libattr.h
- Update to version 1.1 * Support the new openssl 1.1 api * Support for validating multiple pcrs * Verify the measurement list signature based on the list digest * Verify the "ima-sig" measurement list using multiple keys * Fixed parsing the measurement template data field length * Portable & immutable EVM signatures (new format) * Multiple fixes that have been lingering in the next branch. Some are for experimental features that are not yet supported in the kernel. - Drop ima-evm-utils-openssl1.patch (not needed any more as IMA got backward compatible support for openssl 1.1). (forwarded request 587829 from pevik)
- ima-evm-utils-openssl1.patch: allow building against openssl 1.1 (bsc#1066947)
- added openssl-devel dependency to ima-evm-utils-devel. otherwise the ima header can't be included if the openssl headers are missing (forwarded request 535941 from mgerstner)
- No need to remove .a files which don't exist. - Drop extraneous ldconfig call on preun. - Update RPM groups and descriptions. (forwarded request 534000 from jengelh)
- Add ima-evm-utils to SLES. (FATE#321603)
Automatic submission by obs-autosubmit
- ima-evm-utils-fix-docbook-xsl-directory.patch: fixed the nwalsh docbook directory again
update (forwarded request 347178 from posophe)
1
Displaying revisions 1 - 20 of 23