Auto sync2gitlab import of ima-evm-utils-1.3.2-12.el8.src.rpm

2022-05-26 09:49:12 -04:00 · 2022-05-26 09:49:12 -04:00 · b878aae4bd
commit b878aae4bd
parent 47db567852
9 changed files with 363 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+/ima-evm-utils-1.1.tar.gz
+/ima-evm-utils-1.3.2.tar.gz
--- a/0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
+++ b/0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
@ -0,0 +1,38 @@
+From ea10a33d26572eebde59565179f622b6fb240d04 Mon Sep 17 00:00:00 2001
+From: Patrick Uiterwijk <patrick@puiterwijk.org>
+Date: Wed, 6 Jan 2021 10:43:34 +0100
+Subject: [PATCH] Fix sign_hash not observing the hashalgo argument
+
+This fixes sign_hash not using the correct algorithm for creating the
+signature, by ensuring it uses the passed in variable value.
+
+Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
+---
+ src/libimaevm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index fa6c27858d0f..72d5e67f6fdd 100644
+--- a/src/libimaevm.c
+++ b/src/libimaevm.c
+@@ -916,7 +916,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
+ 		return -1;
+ 	}
+ 
+-	log_info("hash(%s): ", imaevm_params.hash_algo);
+	log_info("hash(%s): ", algo);
+ 	log_dump(hash, size);
+ 
+ 	pkey = read_priv_pkey(keyfile, imaevm_params.keypass);
+@@ -942,7 +942,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
+ 	if (!EVP_PKEY_sign_init(ctx))
+ 		goto err;
+ 	st = "EVP_get_digestbyname";
+-	if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
+	if (!(md = EVP_get_digestbyname(algo)))
+ 		goto err;
+ 	st = "EVP_PKEY_CTX_set_signature_md";
+ 	if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
+-- 
+2.29.2
+
--- a/1
+++ b/1
@ -1 +0,0 @@
- 
--- a/annocheck-opt-flag.patch
+++ b/annocheck-opt-flag.patch
@ -0,0 +1,19 @@
+diff --git a/configure.ac b/configure.ac
+index 6822f39..34e4a81 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -36,9 +36,9 @@ AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You n
+ #debug support - yes for a while
+ PKG_ARG_ENABLE(debug, "yes", DEBUG, [Enable Debug support])
+ if test $pkg_cv_enable_debug = yes; then
+-	CFLAGS="$CFLAGS -g -O1 -Wall -Wstrict-prototypes -pipe"
+	CFLAGS="$CFLAGS -g -O2 -Wall -Wstrict-prototypes -pipe"
+ else
+-	CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
+	CFLAGS="$CFLAGS -O2 -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer"
+ fi
+ 
+ # for gcov
+-- 
+2.14.4
+
--- a/covscan-memory-leaks.patch
+++ b/covscan-memory-leaks.patch
@ -0,0 +1,45 @@
+diff --git a/src/evmctl.c b/src/evmctl.c
+index 2ffee78..b80a1c9 100644
+--- a/src/evmctl.c
+++ b/src/evmctl.c
+@@ -1716,7 +1716,7 @@ static char *get_password(void)
+ 
+ 	if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) {
+ 		perror("tcsetattr");
+-		return NULL;
+		goto get_pwd_err;
+ 	}
+ 
+ 	printf("PEM password: ");
+@@ -1725,10 +1725,14 @@ static char *get_password(void)
+ 	/* restore terminal */
+ 	if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) {
+ 		perror("tcsetattr");
+-		return NULL;
+		goto get_pwd_err;
+ 	}
+ 
+	free(password);
+ 	return pwd;
+get_pwd_err:
+	free(password);
+	return NULL;
+ }
+ 
+ int main(int argc, char *argv[])
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index 6fa0ed4..39582f2 100644
+--- a/src/libimaevm.c
+++ b/src/libimaevm.c
+@@ -466,6 +466,8 @@ void init_public_keys(const char *keyfiles)
+ 		entry->next = public_keys;
+ 		public_keys = entry;
+ 	}
+
+	free(tmp_keyfiles);
+ }
+ 
+ int verify_hash_v2(const char *file, const unsigned char *hash, int size,
+-- 
+2.14.4
+
--- a/docbook-xsl-path.patch
+++ b/docbook-xsl-path.patch
@ -0,0 +1,12 @@
+diff -urNp ima-evm-utils-1.0-orig/Makefile.am ima-evm-utils-1.0/Makefile.am
+--- ima-evm-utils-1.0-orig/Makefile.am	2015-07-30 15:28:53.000000000 -0300
+++ ima-evm-utils-1.0/Makefile.am	2017-11-20 16:20:04.245591165 -0200
+@@ -24,7 +24,7 @@ rpm: $(tarname)
+ 	rpmbuild -ba --nodeps $(SPEC)
+ 
+ # requires asciidoc, xslproc, docbook-xsl
+-MANPAGE_DOCBOOK_XSL = /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl
+MANPAGE_DOCBOOK_XSL = /usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl
+ 
+ evmctl.1.html: README
+ 	@asciidoc -o $@ $<
--- a/ima-evm-utils.spec
+++ b/ima-evm-utils.spec
@ -0,0 +1,208 @@
+%global compat_soversion 0
+
+Name:    ima-evm-utils
+Version: 1.3.2
+Release: 12%{?dist}
+Summary: IMA/EVM support utilities
+License: GPLv2
+Url:     http://linux-ima.sourceforge.net/
+Source:  http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
+Source10: ima-evm-utils-1.1.tar.gz
+
+Patch0: 0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
+# compat patches
+Patch1: docbook-xsl-path.patch
+Patch2: covscan-memory-leaks.patch
+Patch3: annocheck-opt-flag.patch
+Patch4: libimaevm-keydesc-import.patch
+
+BuildRequires: asciidoc
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc
+BuildRequires: keyutils-libs-devel
+BuildRequires: libtool
+BuildRequires: libxslt
+BuildRequires: openssl-devel
+BuildRequires: tpm2-tss-devel
+# compat requirement
+BuildRequires: libattr-devel
+
+#Requires: tpm2-tss
+
+%description
+The Trusted Computing Group(TCG) run-time Integrity Measurement Architecture
+(IMA) maintains a list of hash values of executables and other sensitive
+system files, as they are read or executed. These are stored in the file
+systems extended attributes. The Extended Verification Module (EVM) prevents
+unauthorized changes to these extended attributes on the file system.
+ima-evm-utils is used to prepare the file system for these extended attributes.
+
+%package devel
+Summary: Development files for %{name}
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+This package provides the header files for %{name}
+
+%package -n %{name}%{compat_soversion}
+Summary: Compatibility package of %{name}
+
+%description -n %{name}%{compat_soversion}
+This package provides the libimaevm.so.%{compat_soversion} relative to %{name}-1.1
+
+%prep
+%setup -q
+%patch0 -p1
+mkdir compat/
+tar -zxf %{SOURCE10} --strip-components=1 -C compat/
+cd compat/
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+
+%build
+# build compat version of the package
+pushd compat/
+autoreconf -vif
+%configure --disable-static
+%make_build
+popd
+
+autoreconf -vif
+%configure --disable-static
+%make_build
+
+%install
+%make_install
+find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete
+# install compat libs
+pushd compat/src/.libs/
+install -p libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0
+ln -s -f %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}
+popd
+
+%ldconfig_scriptlets
+
+%files
+%license COPYING
+%doc NEWS README AUTHORS
+%{_bindir}/*
+# if you need to bump the soname version, coordinate with dependent packages
+%{_libdir}/libimaevm.so.2
+%{_libdir}/libimaevm.so.2.0.0
+%{_mandir}/man1/*
+
+%files devel
+%{_pkgdocdir}/*.sh
+%{_includedir}/*
+%{_libdir}/libimaevm.so
+
+%files -n %{name}%{compat_soversion}
+%{_libdir}/libimaevm.so.%{compat_soversion}
+%{_libdir}/libimaevm.so.%{compat_soversion}.0.0
+
+%changelog
+* Thu Feb 18 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-12
+- Add compat subpackage for keeping the API stability in userspace
+
+* Mon Jan 25 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-11
+- Bump release number for yet another rebuild
+
+* Mon Jan 25 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-10
+- Add patch for fixing hash algorithm used through libimaevm
+
+* Fri Jan 15 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-9
+- Add tpm2-tss as a runtime dependency
+
+* Sun Jan 10 2021 Michal Domonkos <mdomonko@redhat.com> - 1.3.2-8
+- Bump release number for yet another couple of rebuilds
+
+* Wed Jan 06 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-4
+- Bump release number for yet another build for solving wrong target usage
+
+* Wed Jan 06 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-3
+- Bump release number for another build, handling build issues
+
+* Tue Dec 01 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-2
+- Bump release number for forcing a new build
+
+* Mon Nov 09 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-1
+- Rebase to upstream v1.3.2 version
+- Sync specfile with Fedora's version
+
+* Thu Mar 28 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.1-5
+- Add patch to correctly handle key description on keyring during importation
+
+* Mon Oct 29 2018 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.1-4
+- Solve a single memory leak not handled by the last patch
+
+* Thu Oct 25 2018 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.1-3
+- Solve memory leaks pointed by covscan tool
+- Add optimization flag O2 during compilation to satisfy annocheck tool
+
+* Fri Mar 02 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.1-2
+- Remove libtool files
+- Run ldconfig scriptlets after un/installing
+- Add -devel subpackage to handle include files and examples
+- Disable any static file in the package
+
+* Fri Feb 16 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.1-1
+- New upstream release
+- Support for OpenSSL 1.1 was added directly to the source code in upstream,
+  thus removing specific patch for it
+- Docbook xsl stylesheet updated to a local path
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Fri Feb 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0-4
+- Switch to %%ldconfig_scriptlets
+
+* Fri Dec 01 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-3
+- Add OpenSSL 1.1 API support for the package, avoiding the need of
+  compat-openssl10-devel package
+
+* Mon Nov 20 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-2
+- Adjusted docbook xsl path to match the correct stylesheet
+- Remove only *.la files, considering there aren't any *.a files
+
+* Tue Sep 05 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-1
+- New upstream release
+- Add OpenSSL 1.0 compatibility package, due to issues with OpenSSL 1.1
+- Remove libtool files
+- Run ldconfig after un/installation to update *.so files
+- Add -devel subpackage to handle include files and examples
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Jan 26 2016 Lubomir Rintel <lkundrak@v3.sk> - 0.9-3
+- Fix FTBFS
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Oct 31 2014 Avesh Agarwal <avagarwa@redhat.com> - 0.9-1
+- New upstream release
+- Applied a patch to fix man page issues.
+- Updated spec file
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Aug 27 2013 Vivek Goyal <vgoyal@redhat.com> - 0.6-1
+- Initial package
--- a/libimaevm-keydesc-import.patch
+++ b/libimaevm-keydesc-import.patch
@ -0,0 +1,37 @@
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index 6fa0ed4..b6f9b9f 100644
+--- a/src/libimaevm.c
+++ b/src/libimaevm.c
+@@ -672,12 +672,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len
+ 	memcpy(keyid, sha1 + 12, 8);
+ 	log_debug("keyid: ");
+ 	log_debug_dump(keyid, 8);
+	id = __be64_to_cpup((__be64 *) keyid);
+	sprintf(str, "%llX", (unsigned long long)id);
+ 
+-	if (params.verbose > LOG_INFO) {
+-		id = __be64_to_cpup((__be64 *) keyid);
+-		sprintf(str, "%llX", (unsigned long long)id);
+	if (params.verbose > LOG_INFO)
+ 		log_info("keyid-v1: %s\n", str);
+-	}
+ }
+ 
+ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
+@@ -694,11 +693,10 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key)
+ 	memcpy(keyid, sha1 + 16, 4);
+ 	log_debug("keyid: ");
+ 	log_debug_dump(keyid, 4);
+	sprintf(str, "%x", __be32_to_cpup(keyid));
+ 
+-	if (params.verbose > LOG_INFO) {
+-		sprintf(str, "%x", __be32_to_cpup(keyid));
+	if (params.verbose > LOG_INFO)
+ 		log_info("keyid: %s\n", str);
+-	}
+ 
+ 	free(pkey);
+ }
+-- 
+2.19.1
+
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+SHA512 (ima-evm-utils-1.1.tar.gz) = fc7efc890812233db888eef210dc4357bee838b56fd95efd9a9e141d684b0b354670a3c053dd93a94a1402dd826074d4a83a4637c8e6c1d90ead3132354a5776
+SHA512 (ima-evm-utils-1.3.2.tar.gz) = af96935f953fbec8cdd40ba1a24001fae916633df03f9dee1e96775baec0ffea21a7a13798b3e3c3f375fd493a65fe65b5357887890b46cac0c4dcca5a5b79db