ima-evm-utils/ima-evm-utils.changes

-------------------------------------------------------------------
Fri Dec 15 10:55:12 UTC 2023 - Frederic Crozat <fcrozat@suse.com>

- Update download url.

-------------------------------------------------------------------
Fri Mar 10 07:53:03 UTC 2023 - Petr Vorel <pvorel@suse.cz>

- Update to version 1.5
	* CI changes:
	  * New: UML kernel testing environment
	  * Support for running specific test(s)
	  * Update distros
	  * Update software release versions
	* New features:
	  * Signing fs-verity signatures
	  * Reading TPM 2.0 PCRs via sysfs interface
	* New tests:
	  * Missing IMA mmapped file measurements
	  * Overlapping IMA policy rules
	  * EVM portable signatures
	  * fs-verity file measurements in the IMA measurement list
	* Build and library changes:
	  * OpenSSL 3.0 version related changes
	  * New configuration options: --disable-engine, --enable-sigv1
	  * Deprecate IMA signature v1 format
	* Misc bug fixes and code cleanup:
	  * memory leaks, bounds checking, use after free
	  * Fix and update test output
	  * Add missing sanity checks
	* Documentation:
	  * Store the sourceforge ima-evm-utils wiki for historical
	    purposes.
- Upstream bumped soname to 4.0.0
- Add BuildRequires: e2fsprogs util-linux (required by tests, which are mandatory)
- /usr/sbin to PATH (0001-fsverity.test-Add-usr-sbin-into-PATH.patch, sent to upstream ML)

-------------------------------------------------------------------
Mon Apr 25 11:32:18 UTC 2022 - Marcus Meissner <meissner@suse.com>

- switch to use https urls

-------------------------------------------------------------------
Fri Nov  5 08:16:40 UTC 2021 - Petr Vorel <pvorel@suse.cz>

- Update to version 1.4
	* Elliptic curve support and tests
	* PKCS11 support and tests
	* Ability to manually specify the keyid included in the IMA xattr
	* Improve IMA measurement list per TPM bank verification
	* Linking with IBM TSS
	* Set default hash algorithm in package configuration
	* (Minimal) support and test EVM portable signatures
	* CI testing:
	  * Refresh and include new distros
	  * Podman support
	  * GitHub Actions
	  * Limit "sudo" usage
	* Misc bug fixes and code cleanup
	  * Fix static analysis bug reports, memory leaks
	  * Remove experimental code that was never upstreamed in the kernel
	  * Use unsigned variable, remove unused variables, etc
- Upstream bumped soname to 3.0.0

-------------------------------------------------------------------
Thu Oct 29 06:12:46 UTC 2020 - Petr Vorel <pvorel@suse.cz>

- Update to version 1.3.2
	* Bugfixes: importing keys
	* NEW: Docker based travis distro testing
	* Travis bugfixes, code cleanup, software version update,
	  and script removal
	* Initial travis testing
- Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch
  (patch from this release)
- Add make check + dependencies (getfattr => attr, xxd => vim)

-------------------------------------------------------------------
Thu Oct  1 13:42:17 UTC 2020 - Petr Vorel <pvorel@suse.cz>

- Fix missing new line in help
  (0001-help-Add-missing-new-line-for-ignore-violations.patch)

-------------------------------------------------------------------
Fri Aug 14 14:50:08 UTC 2020 - Petr Vorel <pvorel@suse.cz>

- Update to version 1.3.1
	* "--pcrs" support for per crypto algorithm
	* Drop/rename "ima_measurement" options
	* Moved this summary from "Changelog" to "NEWS", removing
	  requirement for GNU empty files
	* Distro build fixes

  * Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this
    release)

-------------------------------------------------------------------
Thu Jul 23 07:15:19 UTC 2020 - Petr Vorel <pvorel@suse.cz>

- Use %autosetup -p1

-------------------------------------------------------------------
Wed Jul 22 12:10:45 UTC 2020 - Petr Vorel <pvorel@suse.cz>

- Remove suse_version check for tpm2-0-tss-devel as the package is available
  for back as far as SLE 12 SP2 and respective openSUSE versions (also check
  was wrong, should have been 1500).

-------------------------------------------------------------------
Wed Jul 22 11:35:42 UTC 2020 - Petr Vorel <pvorel@suse.cz>

- Fixes from previous SR (reported by fvogt):
  * Move ibmtss runtime dependency to evmctl package
  * Remove dependencies to devel package (should not be needed)

-------------------------------------------------------------------
Wed Jul 22 08:23:08 UTC 2020 - Petr Vorel <pvorel@suse.cz>

- Update to version 1.3
	version 1.3 new features:
	* NEW ima-evm-utils regression test infrastructure with two initial
	  tests:
	  - ima_hash.test: calculate/verify different crypto hash algorithms
	  - sign_verify.test: EVM and IMA sign/verify signature tests
	* TPM 2.0 support
	  - Calculate the new per TPM 2.0 bank template data digest
	  - Support original padding the SHA1 template data digest
	  - Compare ALL the re-calculated TPM 2.0 bank PCRs against the
	    TPM 2.0 bank PCR values
	  - Calculate the per TPM bank "boot_aggregate" values, including
	    PCRs 8 & 9 in calculation
	  - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS
	  - boot_aggregate.test: compare the calculated "boot_aggregate"
	    values with the "boot_aggregate" value included in the IMA
	    measurement.
	* TPM 1.2 support
	  - Additionally support reading the TPM 1.2 PCRs from a supplied file
	    ("--pcrs" option)
	* Based on original IMA LTP and standalone version support
	  - Calculate the TPM 1.2 "boot_aggregate" based on the exported
	    TPM 1.2 BIOS event log.
	  - In addition to verifying the IMA measurement list against the
	    the TPM PCRs, verify the IMA template data digest against the
	    template data.  (Based on LTP "--verify" option.)
	  - Ignore file measurement violations while verifying the IMA
	    measurment list. (Based on LTP "--validate" option.)
	  - Verify the file data signature included in the measurement list
	    based on the file hash also included in the measurement list
	    (--verify-sig)
	  - Support original "ima" template (mixed templates not supported)
	* Support "sm3" crypto name

	Bug fixes and code cleanup:
	* Don't exit with -1 on failure, exit with 125
	* On signature verification failure, include pathname.
	* Provide minimal hash_info.h file in case one doesn't exist, needed
	  by the ima-evm-utils regression tests.
	* On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs
	* Fix hash_algo type comparison mismatch
	* Simplify/clean up code
	* Address compiler complaints and failures
	* Fix memory allocations and leaks
	* Sanity check provided input files are regular files
	* Revert making "tsspcrread" a compile build time decision.
	* Limit additional messages based on log level (-v)

- Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch
- Upstream bumped soname to 2.0.0
- Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss
  as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd;
  better to use libtss2-esys and libtss2-rc than require tsspcrread binary in
  runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same
  logic as runtime dependency for devel package
- Mark COPYING as %license

-------------------------------------------------------------------
Tue Jul 30 21:55:31 UTC 2019 - Petr Vorel <pvorel@suse.cz>

- Update to version 1.2.1 (included changes of unreleased v1.2)
	version 1.2 new features:
	* Generate EVM signatures based on the specified hash algorithm
	* include "security.apparmor" in EVM signature
	* Add support for writing & verifying "user.xxxx" xattrs for testing
	* Support Strebog/Gost hash functions
	* Add OpenSSL engine support
	* Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures
	* Support verifying multiple signatures at once
	* Support new template "buf" field and warn about other unknown fields
	* Improve OpenSSL error reporting
	* Support reading TPM 2.0 PCRs using tsspcrread

	Bug fixes and code cleanup:
	* Update manpage stylesheet detection
	* Fix xattr.h include file
	* On error when reading TPM PCRs, don't log gargabe
	* Properly return keyid string to calc_keyid_v1/v2 callers, caused by
	  limiting keyid output to verbose mode
	* Fix hash buffer overflow caused by EVM support for larger hashes,
	  defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts".
	* Linked with libcrypto instead of OpenSSL
	* Updated Autotools, replacing INCLUDES with AM_CPPFLAGS
	* Include new "hash-info.gen" in tar
	* Log the hash algorithm, not just the hash value
	* Fixed memory leaks in: EV_MD_CTX, init_public_keys
	* Fixed other warnings/bugs discovered by clang, coverity
	* Remove indirect calls in verify_hash() to improve code readability
	* Don't fallback to using sha1
	* Namespace some too generic object names
	* Make functions/arrays static if possible

- Upstream bumped soname to 1.0.0 in v1.2
- Drop ima-evm-utils-xattr.patch and ima-evm-utils-fix-docbook-xsl-directory.patch (included in v1.2)

-------------------------------------------------------------------
Wed Sep 12 06:03:41 UTC 2018 - meissner@suse.com

- ima-evm-utils-xattr.patch: xattr.h is now libattr.h

-------------------------------------------------------------------
Fri Mar 16 09:23:01 UTC 2018 - pvorel@suse.cz

- Update to version 1.1
  * Support the new openssl 1.1 api
  * Support for validating multiple pcrs
  * Verify the measurement list signature based on the list digest
  * Verify the "ima-sig" measurement list using multiple keys
  * Fixed parsing the measurement template data field length
  * Portable & immutable EVM signatures (new format)
  * Multiple fixes that have been lingering in the next branch. Some
    are for experimental features that are not yet supported in the
    kernel.
- Drop ima-evm-utils-openssl1.patch (not needed any more as IMA got
  backward compatible support for openssl 1.1).

-------------------------------------------------------------------
Tue Nov 21 08:42:47 UTC 2017 - mpluskal@suse.com

- Small spec file cleanup with spec-cleaner

-------------------------------------------------------------------
Wed Nov  8 12:31:07 UTC 2017 - meissner@suse.com

- ima-evm-utils-openssl1.patch: allow building against openssl 1.1 (bsc#1066947)

-------------------------------------------------------------------
Mon Oct 23 09:25:38 UTC 2017 - matthias.gerstner@suse.com

- added openssl-devel dependency to ima-evm-utils-devel. otherwise the ima
  header can't be included if the openssl headers are missing

-------------------------------------------------------------------
Sat Oct 14 22:48:40 UTC 2017 - jengelh@inai.de

- No need to remove .a files which don't exist.
- Drop extraneous ldconfig call on preun.
- Update RPM groups and descriptions.

-------------------------------------------------------------------
Fri Oct 13 14:09:08 UTC 2017 - matthias.gerstner@suse.com

- ima-evm-utils-fix-docbook-xsl-directory.patch: adjusted to refer to the
  "current" version of stylesheet to make the build work again
- adjusted spec file to apply stylesheet patch to SLE12 as well

-------------------------------------------------------------------
Mon May  8 12:48:44 UTC 2017 - meissner@suse.com

- Add ima-evm-utils to SLES. (FATE#321603)

-------------------------------------------------------------------
Tue Jan 19 09:32:33 UTC 2016 - meissner@suse.com

- ima-evm-utils-fix-docbook-xsl-directory.patch: 
  fixed the nwalsh docbook directory again

-------------------------------------------------------------------
Wed Dec  2 13:44:58 UTC 2015 - p.drouand@gmail.com

- Update to version 1.0
  * Recursive hashing
  * Immutable EVM signatures (experimental)
  * Command 'ima_clear' to remove xattrs
  * Support for passing password to the library
  * Support for asking password safely from the user

-------------------------------------------------------------------
Wed Jan 21 17:39:08 UTC 2015 - p.drouand@gmail.com

- Update to version 0.9
  * Updated README
  * man page generated and added to the package
  * Use additional SMACK xattrs for EVM signature generation
  * Signing functions moved to libimaevm for external use (RPM)
  * Fixed setting of correct hash header
- Add additional requirements; asciidoc, docbook-xsl-stylesheets,
  libattr-devel and libxslt-tools
- Remove COPYING from sources; upstream provides one now
- Remove automake.patch; "test" directory isn't provided by upstream
  anymore
- Remove ima-evm-utils-xattr.patch; libimaevm0 does link against
  libattr now
- Split package in three subpackage
  * libimaevm0: contains shared library
  * -devel: contains header and examples files
  * evmctl: the kernel signing tool
- Add ima-evm-utils-fix-docbook-xsl-directory.patch; fix path
  where Make is looking for docbook.xsl

-------------------------------------------------------------------
Sun Oct 12 15:03:26 UTC 2014 - crrodriguez@opensuse.org

- ima-evm-utils-xattr.patch: libattr is never linked, things
 still work because glibc provides the same interface, switch
 the includes to the glibc headers and remove the build dependency.

-------------------------------------------------------------------
Tue Aug 13 08:52:35 UTC 2013 - meissner@suse.com

- Initial packaging of IMA EVM tool.
- automake.patch: fix for newer automake
- supply COPYING for LGPL-2.1+, as package only has an empty one.