From 1803accc3ff8a4e347f9a93e68b14ed9cbbb56f7 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Fri, 24 Feb 2023 12:34:00 -0500 Subject: [PATCH] Release version 1.5 New to this release is CI support for testing new kernel integrity features not yet upstreamed and bugfixes, or functionality not enabled by distros in a User Mode Linux (UML) environment. Testing in a UML environment also allows saving CI build artifacts, such as private keys, needed for creating and loading public keys onto the trusted kernel keyrings. These public keys may be used for code - file data and metadata - signature verification. See the NEWS file for a short summary of changes and the git history for details. Signed-off-by: Mimi Zohar --- NEWS | 33 +++++++++++++++++++++++++++++++-- configure.ac | 2 +- packaging/ima-evm-utils.spec | 2 +- src/Makefile.am | 2 +- 4 files changed, 34 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index ea3a3b5..06ac132 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,32 @@ +2023-2-24 Mimi Zohar + + version 1.5: + + * CI changes: + * New: UML kernel testing environment + * Support for running specific test(s) + * Update distros + * Update software release versions + * New features: + * Signing fs-verity signatures + * Reading TPM 2.0 PCRs via sysfs interface + * New tests: + * Missing IMA mmapped file measurements + * Overlapping IMA policy rules + * EVM portable signatures + * fs-verity file measurements in the IMA measurement list + * Build and library changes: + * OpenSSL 3.0 version related changes + * New configuration options: --disable-engine, --enable-sigv1 + * Deprecate IMA signature v1 format + * Misc bug fixes and code cleanup: + * memory leaks, bounds checking, use after free + * Fix and update test output + * Add missing sanity checks + * Documentation: + * Store the sourceforge ima-evm-utils wiki for historical + purposes. + 2021-10-22 Mimi Zohar version 1.4: @@ -64,7 +93,7 @@ the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA - measurment list. (Based on LTP "--validate" option.) + measurement list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) @@ -213,7 +242,7 @@ 2012-04-02 Dmitry Kasatkin version 0.1.0 - * Fully functional version for lastest 3.x kernels + * Fully functional version for latest 3.x kernels 2011-08-24 Dmitry Kasatkin diff --git a/configure.ac b/configure.ac index bc664fa..365aacf 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # autoconf script AC_PREREQ([2.65]) -AC_INIT(ima-evm-utils, 1.4, zohar@linux.ibm.com) +AC_INIT(ima-evm-utils, 1.5, zohar@linux.ibm.com) AM_INIT_AUTOMAKE([foreign]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec index 3dce7a1..7e40fa6 100644 --- a/packaging/ima-evm-utils.spec +++ b/packaging/ima-evm-utils.spec @@ -1,5 +1,5 @@ Name: ima-evm-utils -Version: 1.4 +Version: 1.5 Release: 1%{?dist} Summary: ima-evm-utils - IMA/EVM control utility Group: System/Libraries diff --git a/src/Makefile.am b/src/Makefile.am index 0527a7b..3bf742f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,7 +4,7 @@ libimaevm_la_SOURCES = libimaevm.c libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) # current[:revision[:age]] # result: [current-age].age.revision -libimaevm_la_LDFLAGS = -version-info 3:0:0 +libimaevm_la_LDFLAGS = -version-info 4:0:0 libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS) if CONFIG_SIGV1