ima-evm-utils: Release version 1.3

Updated both the release and library (ABI change) versions.  See the
"Changelog" for a list of the new features, bug fixes, and code cleanup.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

ChangeLog

@@ -1,3 +1,60 @@
+2020-07-21  Mimi Zohar <zohar@linux.ibm.com>
+
+	version 1.3 new features:
+	* NEW ima-evm-utils regression test infrastructure with two initial
+	  tests:
+	  - ima_hash.test: calculate/verify different crypto hash algorithms
+	  - sign_verify.test: EVM and IMA sign/verify signature tests
+	* TPM 2.0 support
+	  - Calculate the new per TPM 2.0 bank template data digest
+	  - Support original padding the SHA1 template data digest
+	  - Compare ALL the re-calculated TPM 2.0 bank PCRs against the
+	    TPM 2.0 bank PCR values
+	  - Calculate the per TPM bank "boot_aggregate" values, including
+	    PCRs 8 & 9 in calculation
+	  - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS
+	  - boot_aggregate.test: compare the calculated "boot_aggregate"
+	    values with the "boot_aggregate" value included in the IMA
+	    measurement.
+	* TPM 1.2 support
+	  - Additionally support reading the TPM 1.2 PCRs from a supplied file
+	    ("--pcrs" option)
+	* Based on original IMA LTP and standalone version support
+	  - Calculate the TPM 1.2 "boot_aggregate" based on the exported
+	    TPM 1.2 BIOS event log.
+	  - In addition to verifying the IMA measurement list against the
+	    the TPM PCRs, verify the IMA template data digest against the
+	    template data.  (Based on LTP "--verify" option.)
+	  - Ignore file measurement violations while verifying the IMA
+	    measurment list. (Based on LTP "--validate" option.)
+	  - Verify the file data signature included in the measurement list
+	    based on the file hash also included in the measurement list
+	    (--verify-sig)
+	  - Support original "ima" template (mixed templates not supported)
+	* Support "sm3" crypto name
+
+	Bug fixes and code cleanup:
+	* Don't exit with -1 on failure, exit with 125
+	* On signature verification failure, include pathname.
+	* Provide minimal hash_info.h file in case one doesn't exist, needed
+	  by the ima-evm-utils regression tests.
+	* On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs
+	* Fix hash_algo type comparison mismatch
+	* Simplify/clean up code
+	* Address compiler complaints and failures
+	* Fix memory allocations and leaks
+	* Sanity check provided input files are regular files
+	* Revert making "tsspcrread" a compile build time decision.
+	* Limit additional messages based on log level (-v)
+
+2019-07-30  Mimi Zohar <zohar@linux.ibm.com>
+
+	version 1.2.1 Bug fixes:
+	* When verifying multiple file signatures, return correct status
+	* Don't automatically use keys from x509 certs if user supplied "--rsa"
+	* Fix verifying DIGSIG_VERSION_1 signatures
+	* autoconf, openssl fixes
+
 
 2019-07-24  Mimi Zohar <zohar@linux.ibm.com>
 

configure.ac

@@ -1,7 +1,7 @@
 # autoconf script
 
 AC_PREREQ([2.65])
-AC_INIT(ima-evm-utils, 1.2, zohar@linux.ibm.com)
+AC_INIT(ima-evm-utils, 1.3, zohar@linux.ibm.com)
 AM_INIT_AUTOMAKE
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_MACRO_DIR([m4])

packaging/ima-evm-utils.spec

@@ -1,5 +1,5 @@
 Name:		ima-evm-utils
-Version:	1.2
+Version:	1.3
 Release:	1%{?dist}
 Summary:	ima-evm-utils - IMA/EVM control utility
 Group:		System/Libraries

src/Makefile.am

@@ -4,7 +4,7 @@ libimaevm_la_SOURCES = libimaevm.c
 libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
 # current[:revision[:age]]
 # result: [current-age].age.revision
-libimaevm_la_LDFLAGS = -version-info 1:0:0
+libimaevm_la_LDFLAGS = -version-info 2:0:0
 libimaevm_la_LIBADD =  $(LIBCRYPTO_LIBS)
 
 include_HEADERS = imaevm.h