ima-evm-utils-devel-1.4-150600.7.3 >  A f< O ? S^4/g.j2I7)^ۀAHnz/jÿ鈦0'zc/DG e\IuoymeXEO7躥Ph!+:׍WB:iʞ(i8/ߎ(M qw+7Hl,S+n˜mQR-'AYDMW{KH \-{Fs{"(8NgϹI^i!mFJ.yHPOY[7>@S_OPتdV$>uI_^1%Py\ALʺm|RR%co;*Gzzsv1,ʔl_\wva4gL2@RG|: lCrRp2nC#{Y.#إ(4j*cL7ac45369603aafb223f7b07ad94067d5f58637e0d2712272529476227daca577c10b89b0769b66446eb3f98cd3bfb77b2783d019;܉f< O ? 3 /f<gpP/ xP7MGpz䡧[R pw5/ݴ*Pڎ z:k< :!TDUUmK]Jw>k$"p,%٫OV% x\Z1] @˜-ۜg&G70S?f}KO#t: 7.G;@ۥ-住( Qo,sk} yn4yܟl Y 6]ALMoQ v5vwi BPqXDw*^a=y(/Uv7z=KSv"mɲ%a1hKou* T(}%qGZoȎ56L.ZV EU Xߏ{uj\h,+MPAC”1}4}٘l@]3Y4$`ʟj%&>p;+t?+dd % _  "Bms|     8`x@(a8h9:F(-G(DH(\I(tX(|Y(\(](^)b){c*$d*e*f*l*u*v*z+++++`Cima-evm-utils-devel1.4150600.7.3Development files for the IMA/EVM control utility libraryThis package contains the header files and the utilities for ima-evm-utils.fLGPL-2.1-or-laterhttps://www.suse.com/Development/Libraries/C and C++http://sourceforge.net/projects/linux-ima/linuxaarch64uQAf attr, xxd => vim)- Fix missing new line in help (0001-help-Add-missing-new-line-for-ignore-violations.patch)- Update to version 1.3.1 * "--pcrs" support for per crypto algorithm * Drop/rename "ima_measurement" options * Moved this summary from "Changelog" to "NEWS", removing requirement for GNU empty files * Distro build fixes * Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this release)- Use %autosetup -p1- Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500).- Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed)- Update to version 1.3 version 1.3 new features: * NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests * TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank "boot_aggregate" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS - boot_aggregate.test: compare the calculated "boot_aggregate" values with the "boot_aggregate" value included in the IMA measurement. * TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file ("--pcrs" option) * Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 "boot_aggregate" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original "ima" template (mixed templates not supported) * Support "sm3" crypto name Bug fixes and code cleanup: * Don't exit with -1 on failure, exit with 125 * On signature verification failure, include pathname. * Provide minimal hash_info.h file in case one doesn't exist, needed by the ima-evm-utils regression tests. * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs * Fix hash_algo type comparison mismatch * Simplify/clean up code * Address compiler complaints and failures * Fix memory allocations and leaks * Sanity check provided input files are regular files * Revert making "tsspcrread" a compile build time decision. * Limit additional messages based on log level (-v) - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch - Upstream bumped soname to 2.0.0 - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package - Mark COPYING as %license- Update to version 1.2.1 (included changes of unreleased v1.2) version 1.2 new features: * Generate EVM signatures based on the specified hash algorithm * include "security.apparmor" in EVM signature * Add support for writing & verifying "user.xxxx" xattrs for testing * Support Strebog/Gost hash functions * Add OpenSSL engine support * Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures * Support verifying multiple signatures at once * Support new template "buf" field and warn about other unknown fields * Improve OpenSSL error reporting * Support reading TPM 2.0 PCRs using tsspcrread Bug fixes and code cleanup: * Update manpage stylesheet detection * Fix xattr.h include file * On error when reading TPM PCRs, don't log gargabe * Properly return keyid string to calc_keyid_v1/v2 callers, caused by limiting keyid output to verbose mode * Fix hash buffer overflow caused by EVM support for larger hashes, defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts". * Linked with libcrypto instead of OpenSSL * Updated Autotools, replacing INCLUDES with AM_CPPFLAGS * Include new "hash-info.gen" in tar * Log the hash algorithm, not just the hash value * Fixed memory leaks in: EV_MD_CTX, init_public_keys * Fixed other warnings/bugs discovered by clang, coverity * Remove indirect calls in verify_hash() to improve code readability * Don't fallback to using sha1 * Namespace some too generic object names * Make functions/arrays static if possible - Upstream bumped soname to 1.0.0 in v1.2 - Drop ima-evm-utils-xattr.patch and ima-evm-utils-fix-docbook-xsl-directory.patch (included in v1.2)- ima-evm-utils-xattr.patch: xattr.h is now libattr.h- Update to version 1.1 * Support the new openssl 1.1 api * Support for validating multiple pcrs * Verify the measurement list signature based on the list digest * Verify the "ima-sig" measurement list using multiple keys * Fixed parsing the measurement template data field length * Portable & immutable EVM signatures (new format) * Multiple fixes that have been lingering in the next branch. Some are for experimental features that are not yet supported in the kernel. - Drop ima-evm-utils-openssl1.patch (not needed any more as IMA got backward compatible support for openssl 1.1).- Small spec file cleanup with spec-cleaner- ima-evm-utils-openssl1.patch: allow building against openssl 1.1 (bsc#1066947)- added openssl-devel dependency to ima-evm-utils-devel. otherwise the ima header can't be included if the openssl headers are missing- No need to remove .a files which don't exist. - Drop extraneous ldconfig call on preun. - Update RPM groups and descriptions.- ima-evm-utils-fix-docbook-xsl-directory.patch: adjusted to refer to the "current" version of stylesheet to make the build work again - adjusted spec file to apply stylesheet patch to SLE12 as well- Add ima-evm-utils to SLES. (FATE#321603)- ima-evm-utils-fix-docbook-xsl-directory.patch: fixed the nwalsh docbook directory again- Update to version 1.0 * Recursive hashing * Immutable EVM signatures (experimental) * Command 'ima_clear' to remove xattrs * Support for passing password to the library * Support for asking password safely from the user- Update to version 0.9 * Updated README * man page generated and added to the package * Use additional SMACK xattrs for EVM signature generation * Signing functions moved to libimaevm for external use (RPM) * Fixed setting of correct hash header - Add additional requirements; asciidoc, docbook-xsl-stylesheets, libattr-devel and libxslt-tools - Remove COPYING from sources; upstream provides one now - Remove automake.patch; "test" directory isn't provided by upstream anymore - Remove ima-evm-utils-xattr.patch; libimaevm0 does link against libattr now - Split package in three subpackage * libimaevm0: contains shared library * -devel: contains header and examples files * evmctl: the kernel signing tool - Add ima-evm-utils-fix-docbook-xsl-directory.patch; fix path where Make is looking for docbook.xslh02-armsrv3 17152606571.4-150600.7.31.4-150600.7.3imaevm.hlibimaevm.soima-evm-utils-develima-gen-local-ca.shima-genkey-self.shima-genkey.sh/usr/include//usr/lib64//usr/share/doc/packages//usr/share/doc/packages/ima-evm-utils-devel/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:SLE-15-SP6:GA/standard/e4274af5541b1fc937ac62b987e371a5-ima-evm-utilscpioxz5aarch64-suse-linuxC source, ASCII textdirectoryPOSIX shell script, ASCII text executable.l{59NjtQutf-81993b1138f06ef2616b815b6b23fc0784b124c9520e6ae8dcbef1e73f4d33889?P7zXZ !t/& O] crv(vX0kU ~?kD_bk =I[(Ct;\㯜V.Β*Ωl?_z?3PX^d;VS"[왿MA?^Sh1qGS,=@ظwV0rꊗMEKX<̭_rali9-]Bs!z46fm^W.lMƝ=p"gt/H>0^Eh*7 =d}5Sq 4;Hܞad(]GR"AHݪjs\_O 2C=y5=]4uqH_:44#\eەyz]~U]G2b1>1L5E=h"`TE. fbuFTѸ`0Nγ/JRj;u+!H9‚NݲXk@>4C `4`."N{0< GJ>gMQJ*kkP4@Li4㪺^JTU5] }R>懀OA>s[O,V܎2oZ,|uvi zycqfoÜ- Y5 -/1Uˇ-Ր&__i]kcPZMV1}KIoo.|wy(^k(_Tɜ0r٫K໤2q6J<ۀЃ]sqD*v:V MrK ir?W:4#q#Ay>q"xFG'U/H[~+p:VWM[W|R6T[5v+u! m)vǸ0ϻ k*Ƚ(S]z'0uR/X_&(kOroVkra=ksJUU ̪Ig픚TA.Z\C}/(W Q}pr OٰBanEq4^) P^,~Cf:;zٓJYY$9D_4D53^<_ !w8z|+?[S ׬J?.Lxe8:MSs)Ꮎ#G̦wqۚ{n;"T B0{+dk-'{ R4 3Zh/bWR<=~gο$\hYa|8dM/z:'r"[v0BPĨ "`n˓[)j=}.m#guW"d#e1{#%tp:E*`V;y9nY& $TlAY] nq}cjIP;Tr,*M!$۠f fJȉK8+'"6h8ն^<.n((3k xA^GȁyE=?lrA4j'p0}6a7"Pg`83)Jq>=-EP8bXgkc'%aLz0WH97- YW0_Q>QR^%ǀK L2[,=]=5~<2IrRi#﶐ b V ).ydRWLF'iz3҇~5}(d_z\ˠ@6Nc}z"JuXE@.l;~yK?*Q b|cXT#t3"zaʴ8qN7ZݓXib€5g7+dW>'i [P%e=&iOa~> F&,qmxpf2Am %eY'EabZ{+m+ nee?_/j<~w8\U"!^kR 9>.f=*[eB*<TE|Obm( 47{C*|Д*[$u[,^O*vضB4$'ZA&;~)7`+,*=cC}tH/ipc1@Ez.pC2^ܐXZk?2aF> PLYw]eBlWy'+0\cO1 *.KA j=яλC u?7bc΂꺤ڌnOny{2ǩv?ļU )?lZ(L_N؁)pOH;хiXa^ZCоF 9h.M !؎?TT |*̲#̆/o鄋ޣ'ݓhܷU4ZlTMe$ott P/ RP1sPL~2f.L^s{m(x2߽ Px!f}EÌz/a7ɧ2My]X{BjC600=nL.%Mͷ8 YZ