SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for evmctl-1.6-lp155.74.1.x86_64.rpm :

* Fri Jul 12 2024 Petr Vorel - Update project source URL.
* Thu Jul 11 2024 Petr Vorel - Add LicenseRef-GPL-2.0-with-openssl-exception to License: (upstream has not yet created appropriate exception in SPDX).
* Mon Jul 08 2024 Petr Vorel - Update to version 1.6 https://lore.kernel.org/linux-integrity/20240703164454.61614-1-zoharAATTlinux.ibm.com/- Upstream bumped soname to 5.0.0- Upstream changed license to GPL-2.0-or-later (evmctl), LGPL-2.0-or-later (libimaevm + devel package), and GPL-2.0-or-later WITH Linux-syscall-note exception (both) https://github.com/linux-integrity/ima-evm-utils/issues/4 (mention both GPL and LGPL and add specific license to subpackages)- Remove patch from upstream (0001-fsverity.test-Add-usr-sbin-into-PATH.patch)
* Fri Dec 15 2023 Frederic Crozat - Update download url.
* Fri Mar 10 2023 Petr Vorel - Update to version 1.5
* CI changes:
* New: UML kernel testing environment
* Support for running specific test(s)
* Update distros
* Update software release versions
* New features:
* Signing fs-verity signatures
* Reading TPM 2.0 PCRs via sysfs interface
* New tests:
* Missing IMA mmapped file measurements
* Overlapping IMA policy rules
* EVM portable signatures
* fs-verity file measurements in the IMA measurement list
* Build and library changes:
* OpenSSL 3.0 version related changes
* New configuration options: --disable-engine, --enable-sigv1
* Deprecate IMA signature v1 format
* Misc bug fixes and code cleanup:
* memory leaks, bounds checking, use after free
* Fix and update test output
* Add missing sanity checks
* Documentation:
* Store the sourceforge ima-evm-utils wiki for historical purposes.- Upstream bumped soname to 4.0.0- Add BuildRequires: e2fsprogs util-linux (required by tests, which are mandatory)- /usr/sbin to PATH (0001-fsverity.test-Add-usr-sbin-into-PATH.patch, sent to upstream ML)
* Mon Apr 25 2022 Marcus Meissner - switch to use https urls
* Fri Nov 05 2021 Petr Vorel - Update to version 1.4
* Elliptic curve support and tests
* PKCS11 support and tests
* Ability to manually specify the keyid included in the IMA xattr
* Improve IMA measurement list per TPM bank verification
* Linking with IBM TSS
* Set default hash algorithm in package configuration
* (Minimal) support and test EVM portable signatures
* CI testing:
* Refresh and include new distros
* Podman support
* GitHub Actions
* Limit \"sudo\" usage
* Misc bug fixes and code cleanup
* Fix static analysis bug reports, memory leaks
* Remove experimental code that was never upstreamed in the kernel
* Use unsigned variable, remove unused variables, etc- Upstream bumped soname to 3.0.0
* Thu Oct 29 2020 Petr Vorel - Update to version 1.3.2
* Bugfixes: importing keys
* NEW: Docker based travis distro testing
* Travis bugfixes, code cleanup, software version update, and script removal
* Initial travis testing- Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch (patch from this release)- Add make check + dependencies (getfattr => attr, xxd => vim)
* Thu Oct 01 2020 Petr Vorel - Fix missing new line in help (0001-help-Add-missing-new-line-for-ignore-violations.patch)
* Fri Aug 14 2020 Petr Vorel - Update to version 1.3.1
* \"--pcrs\" support for per crypto algorithm
* Drop/rename \"ima_measurement\" options
* Moved this summary from \"Changelog\" to \"NEWS\", removing requirement for GNU empty files
* Distro build fixes
* Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this release)
* Thu Jul 23 2020 Petr Vorel - Use %autosetup -p1
* Wed Jul 22 2020 Petr Vorel - Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500).
* Wed Jul 22 2020 Petr Vorel - Fixes from previous SR (reported by fvogt):
* Move ibmtss runtime dependency to evmctl package
* Remove dependencies to devel package (should not be needed)
* Wed Jul 22 2020 Petr Vorel - Update to version 1.3 version 1.3 new features:
* NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests
* TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank \"boot_aggregate\" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel\'s TSS - boot_aggregate.test: compare the calculated \"boot_aggregate\" values with the \"boot_aggregate\" value included in the IMA measurement.
* TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file (\"--pcrs\" option)
* Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 \"boot_aggregate\" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP \"--verify\" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP \"--validate\" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original \"ima\" template (mixed templates not supported)
* Support \"sm3\" crypto name Bug fixes and code cleanup:
* Don\'t exit with -1 on failure, exit with 125
* On signature verification failure, include pathname.
* Provide minimal hash_info.h file in case one doesn\'t exist, needed by the ima-evm-utils regression tests.
* On systems with TPM 1.2, skip \"boot_aggregate.test\" using sample logs
* Fix hash_algo type comparison mismatch
* Simplify/clean up code
* Address compiler complaints and failures
* Fix memory allocations and leaks
* Sanity check provided input files are regular files
* Revert making \"tsspcrread\" a compile build time decision.
* Limit additional messages based on log level (-v)- Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch- Upstream bumped soname to 2.0.0- Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package- Mark COPYING as %license
* Tue Jul 30 2019 Petr Vorel - Update to version 1.2.1 (included changes of unreleased v1.2) version 1.2 new features:
* Generate EVM signatures based on the specified hash algorithm
* include \"security.apparmor\" in EVM signature
* Add support for writing & verifying \"user.xxxx\" xattrs for testing
* Support Strebog/Gost hash functions
* Add OpenSSL engine support
* Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures
* Support verifying multiple signatures at once
* Support new template \"buf\" field and warn about other unknown fields
* Improve OpenSSL error reporting
* Support reading TPM 2.0 PCRs using tsspcrread Bug fixes and code cleanup:
* Update manpage stylesheet detection
* Fix xattr.h include file
* On error when reading TPM PCRs, don\'t log gargabe
* Properly return keyid string to calc_keyid_v1/v2 callers, caused by limiting keyid output to verbose mode
* Fix hash buffer overflow caused by EVM support for larger hashes, defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added \"asserts\".
* Linked with libcrypto instead of OpenSSL
* Updated Autotools, replacing INCLUDES with AM_CPPFLAGS
* Include new \"hash-info.gen\" in tar
* Log the hash algorithm, not just the hash value
* Fixed memory leaks in: EV_MD_CTX, init_public_keys
* Fixed other warnings/bugs discovered by clang, coverity
* Remove indirect calls in verify_hash() to improve code readability
* Don\'t fallback to using sha1
* Namespace some too generic object names
* Make functions/arrays static if possible- Upstream bumped soname to 1.0.0 in v1.2- Drop ima-evm-utils-xattr.patch and ima-evm-utils-fix-docbook-xsl-directory.patch (included in v1.2)
* Wed Sep 12 2018 meissnerAATTsuse.com- ima-evm-utils-xattr.patch: xattr.h is now libattr.h
* Fri Mar 16 2018 pvorelAATTsuse.cz- Update to version 1.1
* Support the new openssl 1.1 api
* Support for validating multiple pcrs
* Verify the measurement list signature based on the list digest
* Verify the \"ima-sig\" measurement list using multiple keys
* Fixed parsing the measurement template data field length
* Portable & immutable EVM signatures (new format)
* Multiple fixes that have been lingering in the next branch. Some are for experimental features that are not yet supported in the kernel.- Drop ima-evm-utils-openssl1.patch (not needed any more as IMA got backward compatible support for openssl 1.1).
* Tue Nov 21 2017 mpluskalAATTsuse.com- Small spec file cleanup with spec-cleaner
* Wed Nov 08 2017 meissnerAATTsuse.com- ima-evm-utils-openssl1.patch: allow building against openssl 1.1 (bsc#1066947)
* Mon Oct 23 2017 matthias.gerstnerAATTsuse.com- added openssl-devel dependency to ima-evm-utils-devel. otherwise the ima header can\'t be included if the openssl headers are missing
* Sat Oct 14 2017 jengelhAATTinai.de- No need to remove .a files which don\'t exist.- Drop extraneous ldconfig call on preun.- Update RPM groups and descriptions.
* Fri Oct 13 2017 matthias.gerstnerAATTsuse.com- ima-evm-utils-fix-docbook-xsl-directory.patch: adjusted to refer to the \"current\" version of stylesheet to make the build work again- adjusted spec file to apply stylesheet patch to SLE12 as well
* Mon May 08 2017 meissnerAATTsuse.com- Add ima-evm-utils to SLES. (FATE#321603)
* Tue Jan 19 2016 meissnerAATTsuse.com- ima-evm-utils-fix-docbook-xsl-directory.patch: fixed the nwalsh docbook directory again
* Wed Dec 02 2015 p.drouandAATTgmail.com- Update to version 1.0
* Recursive hashing
* Immutable EVM signatures (experimental)
* Command \'ima_clear\' to remove xattrs
* Support for passing password to the library
* Support for asking password safely from the user
* Wed Jan 21 2015 p.drouandAATTgmail.com- Update to version 0.9
* Updated README
* man page generated and added to the package
* Use additional SMACK xattrs for EVM signature generation
* Signing functions moved to libimaevm for external use (RPM)
* Fixed setting of correct hash header- Add additional requirements; asciidoc, docbook-xsl-stylesheets, libattr-devel and libxslt-tools- Remove COPYING from sources; upstream provides one now- Remove automake.patch; \"test\" directory isn\'t provided by upstream anymore- Remove ima-evm-utils-xattr.patch; libimaevm0 does link against libattr now- Split package in three subpackage
* libimaevm0: contains shared library
* -devel: contains header and examples files
* evmctl: the kernel signing tool- Add ima-evm-utils-fix-docbook-xsl-directory.patch; fix path where Make is looking for docbook.xsl
  
ICM