From 515c99856ef52bbf680e6dd6c338acfb8d088614 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Wed, 24 Jul 2019 07:24:43 -0400 Subject: [PATCH] ima-evm-utils: Release version 1.2 Updated both the release and library (ABI change) versions. See the "Changelog" for a short list of the new features, bug fixes, and code cleanup. Signed-off-by: Mimi Zohar --- ChangeLog | 35 +++++++++++++++++++++++++++++++++++ configure.ac | 2 +- packaging/ima-evm-utils.spec | 2 +- src/Makefile.am | 2 +- 4 files changed, 38 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9efc348..72aebd9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,38 @@ + +2019-07-24 Mimi Zohar + + version 1.2 new features: + * Generate EVM signatures based on the specified hash algorithm + * include "security.apparmor" in EVM signature + * Add support for writing & verifying "user.xxxx" xattrs for testing + * Support Strebog/Gost hash functions + * Add OpenSSL engine support + * Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures + * Support verifying multiple signatures at once + * Support new template "buf" field and warn about other unknown fields + * Improve OpenSSL error reporting + * Support reading TPM 2.0 PCRs using tsspcrread + + Bug fixes and code cleanup: + * Update manpage stylesheet detection + * Fix xattr.h include file + * On error when reading TPM PCRs, don't log gargabe + * Properly return keyid string to calc_keyid_v1/v2 callers, caused by + limiting keyid output to verbose mode + * Fix hash buffer overflow caused by EVM support for larger hashes, + defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts". + * Linked with libcrypto instead of OpenSSL + * Updated Autotools, replacing INCLUDES with AM_CPPFLAGS + * Include new "hash-info.gen" in tar + * Log the hash algorithm, not just the hash value + * Fixed memory leaks in: EV_MD_CTX, init_public_keys + * Fixed other warnings/bugs discovered by clang, coverity + * Remove indirect calls in verify_hash() to improve code readability + * Don't fallback to using sha1 + * Namespace some too generic object names + * Make functions/arrays static if possible + + 2018-01-28 Mimi Zohar version 1.1 diff --git a/configure.ac b/configure.ac index 3fc63b3..eedf90e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # autoconf script AC_PREREQ([2.65]) -AC_INIT(ima-evm-utils, 1.1, zohar@linux.vnet.ibm.com) +AC_INIT(ima-evm-utils, 1.2, zohar@linux.ibm.com) AM_INIT_AUTOMAKE AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/packaging/ima-evm-utils.spec b/packaging/ima-evm-utils.spec index 63388d2..2db6790 100644 --- a/packaging/ima-evm-utils.spec +++ b/packaging/ima-evm-utils.spec @@ -1,5 +1,5 @@ Name: ima-evm-utils -Version: 1.1 +Version: 1.2 Release: 1%{?dist} Summary: ima-evm-utils - IMA/EVM control utility Group: System/Libraries diff --git a/src/Makefile.am b/src/Makefile.am index 9c037e2..b794c50 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,7 +4,7 @@ libimaevm_la_SOURCES = libimaevm.c libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS) # current[:revision[:age]] # result: [current-age].age.revision -libimaevm_la_LDFLAGS = -version-info 0:0:0 +libimaevm_la_LDFLAGS = -version-info 1:0:0 libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS) include_HEADERS = imaevm.h