Hello community,
here is the log from the commit of package ima-evm-utils for openSUSE:Factory
checked in at 2020-07-26 16:17:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ima-evm-utils (Old)
and /work/SRC/openSUSE:Factory/.ima-evm-utils.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ima-evm-utils"
Sun Jul 26 16:17:30 2020 rev:16 rq:822318 version:1.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/ima-evm-utils/ima-evm-utils.changes
2019-08-14 11:36:09.616709883 +0200
+++ /work/SRC/openSUSE:Factory/.ima-evm-utils.new.3592/ima-evm-utils.changes
2020-07-26 16:18:48.968778668 +0200
@@ -1,0 +2,79 @@
+Thu Jul 23 07:15:19 UTC 2020 - Petr Vorel <pvo...@suse.cz>
+
+- Use %autosetup -p1
+
+-------------------------------------------------------------------
+Wed Jul 22 12:10:45 UTC 2020 - Petr Vorel <pvo...@suse.cz>
+
+- Remove suse_version check for tpm2-0-tss-devel as the package is available
+ for back as far as SLE 12 SP2 and respective openSUSE versions (also check
+ was wrong, should have been 1500).
+
+-------------------------------------------------------------------
+Wed Jul 22 11:35:42 UTC 2020 - Petr Vorel <pvo...@suse.cz>
+
+- Fixes from previous SR (reported by fvogt):
+ * Move ibmtss runtime dependency to evmctl package
+ * Remove dependencies to devel package (should not be needed)
+
+-------------------------------------------------------------------
+Wed Jul 22 08:23:08 UTC 2020 - Petr Vorel <pvo...@suse.cz>
+
+- Update to version 1.3
+ version 1.3 new features:
+ * NEW ima-evm-utils regression test infrastructure with two initial
+ tests:
+ - ima_hash.test: calculate/verify different crypto hash algorithms
+ - sign_verify.test: EVM and IMA sign/verify signature tests
+ * TPM 2.0 support
+ - Calculate the new per TPM 2.0 bank template data digest
+ - Support original padding the SHA1 template data digest
+ - Compare ALL the re-calculated TPM 2.0 bank PCRs against the
+ TPM 2.0 bank PCR values
+ - Calculate the per TPM bank "boot_aggregate" values, including
+ PCRs 8 & 9 in calculation
+ - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS
+ - boot_aggregate.test: compare the calculated "boot_aggregate"
+ values with the "boot_aggregate" value included in the IMA
+ measurement.
+ * TPM 1.2 support
+ - Additionally support reading the TPM 1.2 PCRs from a supplied file
+ ("--pcrs" option)
+ * Based on original IMA LTP and standalone version support
+ - Calculate the TPM 1.2 "boot_aggregate" based on the exported
+ TPM 1.2 BIOS event log.
+ - In addition to verifying the IMA measurement list against the
+ the TPM PCRs, verify the IMA template data digest against the
+ template data. (Based on LTP "--verify" option.)
+ - Ignore file measurement violations while verifying the IMA
+ measurment list. (Based on LTP "--validate" option.)
+ - Verify the file data signature included in the measurement list
+ based on the file hash also included in the measurement list
+ (--verify-sig)
+ - Support original "ima" template (mixed templates not supported)
+ * Support "sm3" crypto name
+
+ Bug fixes and code cleanup:
+ * Don't exit with -1 on failure, exit with 125
+ * On signature verification failure, include pathname.
+ * Provide minimal hash_info.h file in case one doesn't exist, needed
+ by the ima-evm-utils regression tests.
+ * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs
+ * Fix hash_algo type comparison mismatch
+ * Simplify/clean up code
+ * Address compiler complaints and failures
+ * Fix memory allocations and leaks
+ * Sanity check provided input files are regular files
+ * Revert making "tsspcrread" a compile build time decision.
+ * Limit additional messages based on log level (-v)
+
+- Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch
+- Upstream bumped soname to 2.0.0
+- Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss
+ as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd;
+ better to use libtss2-esys and libtss2-rc than require tsspcrread binary in
+ runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same
+ logic as runtime dependency for devel package
+- Mark COPYING as %license
+
+-------------------------------------------------------------------
Old:
----
ima-evm-utils-1.2.1.tar.gz
New:
----
0001-pcr_tss-Fix-compilation-for-old-compilers.patch
ima-evm-utils-1.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ima-evm-utils.spec ++++++
--- /var/tmp/diff_new_pack.WlU8U5/_old 2020-07-26 16:18:50.328779939 +0200
+++ /var/tmp/diff_new_pack.WlU8U5/_new 2020-07-26 16:18:50.332779943 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ima-evm-utils
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,16 +16,17 @@
#
-%define sover 1
+%define sover 2
%define libname libimaevm%{sover}
Name: ima-evm-utils
-Version: 1.2.1
+Version: 1.3
Release: 0
Summary: IMA/EVM control utility
License: LGPL-2.1-or-later
Group: System/Base
-Url: http://sourceforge.net/projects/linux-ima/
+URL: http://sourceforge.net/projects/linux-ima/
Source0:
http://downloads.sourceforge.net/project/linux-ima/ima-evm-utils/%{name}-%{version}.tar.gz
+Patch1: 0001-pcr_tss-Fix-compilation-for-old-compilers.patch
BuildRequires: asciidoc
BuildRequires: autoconf
BuildRequires: automake
@@ -36,6 +37,7 @@
BuildRequires: libxslt-tools
BuildRequires: openssl-devel
BuildRequires: pkgconfig
+BuildRequires: tpm2-0-tss-devel
%description
This package provides the control utility for IMA/EVM (Integrity
@@ -70,7 +72,7 @@
used to import keys into the kernel keyring.
%prep
-%setup -q
+%autosetup -p1
%build
autoreconf -fiv
@@ -93,7 +95,8 @@
%{_libdir}/libimaevm.so
%files -n %{libname}
-%doc README COPYING NEWS AUTHORS
+%doc README NEWS AUTHORS
+%license COPYING
%{_libdir}/libimaevm.so.%{sover}*
%files -n evmctl
++++++ 0001-pcr_tss-Fix-compilation-for-old-compilers.patch ++++++
>From 8e98b5bbf2127131f968a5d864f86e8443505639 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvo...@suse.cz>
Date: Wed, 22 Jul 2020 12:06:28 +0200
Subject: [PATCH ima-evm-utils v2] pcr_tss: Fix compilation for old compilers
Cc: Mimi Zohar <zo...@linux.vnet.ibm.com>
pcr_tss.c: In function 'pcr_selections_match':
pcr_tss.c:73:2: error: 'for' loop initial declarations are only allowed in C99
mode
for (int i = 0; i < a->count; i++) {
^
pcr_tss.c:73:2: note: use option -std=c99 or -std=gnu99 to compile your code
pcr_tss.c:78:3: error: 'for' loop initial declarations are only allowed in C99
mode
for (int j = 0; j < a->pcrSelections[i].sizeofSelect; j++) {
^
Fixes: 03f99ea ("ima-evm-utils: Add support for Intel TSS2 for PCR
reading")
Signed-off-by: Petr Vorel <pvo...@suse.cz>
[ upstream status:
https://lore.kernel.org/linux-integrity/20200722105202.32507-1-pvo...@suse.cz/T/#u
]
---
src/pcr_tss.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/pcr_tss.c b/src/pcr_tss.c
index 11b247b..feb1ff7 100644
--- a/src/pcr_tss.c
+++ b/src/pcr_tss.c
@@ -68,14 +68,17 @@ int tpm2_pcr_supported(void)
static int pcr_selections_match(TPML_PCR_SELECTION *a, TPML_PCR_SELECTION *b)
{
+ int i, j;
+
if (a->count != b->count)
return 0;
- for (int i = 0; i < a->count; i++) {
+
+ for (i = 0; i < a->count; i++) {
if (a->pcrSelections[i].hash != b->pcrSelections[i].hash)
return 0;
if (a->pcrSelections[i].sizeofSelect !=
b->pcrSelections[i].sizeofSelect)
return 0;
- for (int j = 0; j < a->pcrSelections[i].sizeofSelect; j++) {
+ for (j = 0; j < a->pcrSelections[i].sizeofSelect; j++) {
if (a->pcrSelections[i].pcrSelect[j] !=
b->pcrSelections[i].pcrSelect[j])
return 0;
}
--
2.27.0
++++++ ima-evm-utils-1.2.1.tar.gz -> ima-evm-utils-1.3.tar.gz ++++++
++++ 3022 lines of diff (skipped)
