From 360f5af681874603deaf23c2fd94fc6da916f22e Mon Sep 17 00:00:00 2001 From: Bruno Meneguele Date: Fri, 20 Aug 2021 11:02:19 -0300 Subject: [PATCH] Make SHA-256 the default hash algorithm One of the requests from the Crypto team in RHEL-9 was to drop the support for SHA1 as a strong algorithm. For ima-evm-utils it's not quite possible, since it's somewhat dependent on the underlying hardware (TPM version). However, SHA1 was still being used as the default hash algorithm, with that, make SHA256 the default instead. Also, this patch substitutes the patch to solve the memory leak added in the last release to the one accepted in upstream. Related: rhbz#1934949 Signed-off-by: Bruno Meneguele --- .gitignore | 2 ++ ima-evm-utils.spec | 9 +++++++-- sources | 3 ++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3a823df..8899b2c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ /ima-evm-utils-*.tar.gz /0001-evmctl-fix-memory-leak-with-password-variable.patch +/0001-evmctl-fix-memory-leak-in-get_password.patch +/0001-libimaevm-make-SHA-256-the-default-hash-algorithm.patch diff --git a/ima-evm-utils.spec b/ima-evm-utils.spec index 941c4dd..a9152da 100644 --- a/ima-evm-utils.spec +++ b/ima-evm-utils.spec @@ -1,11 +1,12 @@ Name: ima-evm-utils Version: 1.3.2 -Release: 6%{?dist} +Release: 7%{?dist} Summary: IMA/EVM support utilities License: GPLv2 Url: http://linux-ima.sourceforge.net/ Source: http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz -Patch0: 0001-evmctl-fix-memory-leak-with-password-variable.patch +Patch0: 0001-evmctl-fix-memory-leak-in-get_password.patch +Patch1: 0001-libimaevm-make-SHA-256-the-default-hash-algorithm.patch BuildRequires: asciidoc BuildRequires: autoconf @@ -62,6 +63,10 @@ find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete %{_libdir}/libimaevm.so %changelog +* Fri Aug 20 2021 Bruno Meneguele - 1.3.2-9 +- Use upstream accepted patch for the memory leak +- Make SHA-256 the default hash algorithm (rhbz#1934949) + * Mon Aug 09 2021 Mohan Boddu - 1.3.2-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/sources b/sources index 35d318e..492c4e4 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (0001-evmctl-fix-memory-leak-with-password-variable.patch) = 138e4a1152ae493ebb1566a9a2fbde69f67aea1a16c99c32e3ea258c35af4897d5023f622372c87315e129e2748d86c570252ef07a2667c3018118d217d04ae2 SHA512 (ima-evm-utils-1.3.2.tar.gz) = af96935f953fbec8cdd40ba1a24001fae916633df03f9dee1e96775baec0ffea21a7a13798b3e3c3f375fd493a65fe65b5357887890b46cac0c4dcca5a5b79db +SHA512 (0001-evmctl-fix-memory-leak-in-get_password.patch) = 2c3189571a19b5a1f3334934bcd318403ca766464e2e8c60387da54c0854a27646d5bc156ae9b22c795aa57f833e183697f3208c6c792e4de5e3a6fd4d8fe102 +SHA512 (0001-libimaevm-make-SHA-256-the-default-hash-algorithm.patch) = 271a9bdf8b6841afc03cae9ae5caf262c048cffdc9d3ab2388035eb3c67e4115dd9178aa211b0d0a4796b9d3bd9e08bc851db663d99dec3b7eb0897114f6c7ac