evmctl-1.4-150400.3.2.1<>,@e$Vp9| 6ݶD*vV bAN~AP4L{TZ;|B?L7k*'eTu)SEş{q<ѠdRZi%Ac )aSa!.KOQW_#]adMHʄlHLDg4J`>A-?-d    2 )J\ r    R T\fp(G8P9:B)F)#G)8H)@I)HX)LY)XZ)[)\)])^)b)c*kd*e*f*l*u+v+w,Tx,\y,dz,,,,,Cevmctl1.4150400.3.2.1IMA/EVM signing utilityThe evmctl utility can be used for producing and verifying digital signatures, which are used by Linux kernel integrity subsystem (IMA/EVM). It can be also used to import keys into the kernel keyring.e$Vh04-ch2a 7SUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/System/Kernelhttp://sourceforge.net/projects/linux-ima/linuxx86_64X߁큤e$Re$Rfcced7ff640eaf1aa4afa47f98fcfa6ecfc7c36d21ac0ce5e680aacaca5ddc7d3a89b5a3c22e2ae5040f76148f9d4861c93a0d4364b87aacbf7eff9e794a3910rootrootrootrootima-evm-utils-1.4-150400.3.2.1.src.rpmevmctlevmctl(x86-64)ima-evm-utils@@@@@@@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcrypto.so.1.1()(64bit)libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)libimaevm.so.3()(64bit)libkeyutils.so.1()(64bit)libkeyutils.so.1(KEYUTILS_0.3)(64bit)libtss2-esys.so.0()(64bit)libtss2-rc.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3a__u_6|_{_*@_*@_*@]@1@[ZZ@ZYY@YY]V%@V^@Tpvorel@suse.czpvorel@suse.czpvorel@suse.czpvorel@suse.czpvorel@suse.czpvorel@suse.czpvorel@suse.czpvorel@suse.czpvorel@suse.czmeissner@suse.compvorel@suse.czmpluskal@suse.commeissner@suse.commatthias.gerstner@suse.comjengelh@inai.dematthias.gerstner@suse.commeissner@suse.commeissner@suse.comp.drouand@gmail.comp.drouand@gmail.com- Update to version 1.4 * Elliptic curve support and tests * PKCS11 support and tests * Ability to manually specify the keyid included in the IMA xattr * Improve IMA measurement list per TPM bank verification * Linking with IBM TSS * Set default hash algorithm in package configuration * (Minimal) support and test EVM portable signatures * CI testing: * Refresh and include new distros * Podman support * GitHub Actions * Limit "sudo" usage * Misc bug fixes and code cleanup * Fix static analysis bug reports, memory leaks * Remove experimental code that was never upstreamed in the kernel * Use unsigned variable, remove unused variables, etc - Upstream bumped soname to 3.0.0- Update to version 1.3.2 * Bugfixes: importing keys * NEW: Docker based travis distro testing * Travis bugfixes, code cleanup, software version update, and script removal * Initial travis testing - Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch (patch from this release) - Add make check + dependencies (getfattr => attr, xxd => vim)- Fix missing new line in help (0001-help-Add-missing-new-line-for-ignore-violations.patch)- Update to version 1.3.1 * "--pcrs" support for per crypto algorithm * Drop/rename "ima_measurement" options * Moved this summary from "Changelog" to "NEWS", removing requirement for GNU empty files * Distro build fixes * Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this release)- Use %autosetup -p1- Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500).- Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed)- Update to version 1.3 version 1.3 new features: * NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests * TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank "boot_aggregate" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS - boot_aggregate.test: compare the calculated "boot_aggregate" values with the "boot_aggregate" value included in the IMA measurement. * TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file ("--pcrs" option) * Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 "boot_aggregate" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original "ima" template (mixed templates not supported) * Support "sm3" crypto name Bug fixes and code cleanup: * Don't exit with -1 on failure, exit with 125 * On signature verification failure, include pathname. * Provide minimal hash_info.h file in case one doesn't exist, needed by the ima-evm-utils regression tests. * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs * Fix hash_algo type comparison mismatch * Simplify/clean up code * Address compiler complaints and failures * Fix memory allocations and leaks * Sanity check provided input files are regular files * Revert making "tsspcrread" a compile build time decision. * Limit additional messages based on log level (-v) - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch - Upstream bumped soname to 2.0.0 - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package - Mark COPYING as %license- Update to version 1.2.1 (included changes of unreleased v1.2) version 1.2 new features: * Generate EVM signatures based on the specified hash algorithm * include "security.apparmor" in EVM signature * Add support for writing & verifying "user.xxxx" xattrs for testing * Support Strebog/Gost hash functions * Add OpenSSL engine support * Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures * Support verifying multiple signatures at once * Support new template "buf" field and warn about other unknown fields * Improve OpenSSL error reporting * Support reading TPM 2.0 PCRs using tsspcrread Bug fixes and code cleanup: * Update manpage stylesheet detection * Fix xattr.h include file * On error when reading TPM PCRs, don't log gargabe * Properly return keyid string to calc_keyid_v1/v2 callers, caused by limiting keyid output to verbose mode * Fix hash buffer overflow caused by EVM support for larger hashes, defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts". * Linked with libcrypto instead of OpenSSL * Updated Autotools, replacing INCLUDES with AM_CPPFLAGS * Include new "hash-info.gen" in tar * Log the hash algorithm, not just the hash value * Fixed memory leaks in: EV_MD_CTX, init_public_keys * Fixed other warnings/bugs discovered by clang, coverity * Remove indirect calls in verify_hash() to improve code readability * Don't fallback to using sha1 * Namespace some too generic object names * Make functions/arrays static if possible - Upstream bumped soname to 1.0.0 in v1.2 - Drop ima-evm-utils-xattr.patch and ima-evm-utils-fix-docbook-xsl-directory.patch (included in v1.2)- ima-evm-utils-xattr.patch: xattr.h is now libattr.h- Update to version 1.1 * Support the new openssl 1.1 api * Support for validating multiple pcrs * Verify the measurement list signature based on the list digest * Verify the "ima-sig" measurement list using multiple keys * Fixed parsing the measurement template data field length * Portable & immutable EVM signatures (new format) * Multiple fixes that have been lingering in the next branch. Some are for experimental features that are not yet supported in the kernel. - Drop ima-evm-utils-openssl1.patch (not needed any more as IMA got backward compatible support for openssl 1.1).- Small spec file cleanup with spec-cleaner- ima-evm-utils-openssl1.patch: allow building against openssl 1.1 (bsc#1066947)- added openssl-devel dependency to ima-evm-utils-devel. otherwise the ima header can't be included if the openssl headers are missing- No need to remove .a files which don't exist. - Drop extraneous ldconfig call on preun. - Update RPM groups and descriptions.- ima-evm-utils-fix-docbook-xsl-directory.patch: adjusted to refer to the "current" version of stylesheet to make the build work again - adjusted spec file to apply stylesheet patch to SLE12 as well- Add ima-evm-utils to SLES. (FATE#321603)- ima-evm-utils-fix-docbook-xsl-directory.patch: fixed the nwalsh docbook directory again- Update to version 1.0 * Recursive hashing * Immutable EVM signatures (experimental) * Command 'ima_clear' to remove xattrs * Support for passing password to the library * Support for asking password safely from the user- Update to version 0.9 * Updated README * man page generated and added to the package * Use additional SMACK xattrs for EVM signature generation * Signing functions moved to libimaevm for external use (RPM) * Fixed setting of correct hash header - Add additional requirements; asciidoc, docbook-xsl-stylesheets, libattr-devel and libxslt-tools - Remove COPYING from sources; upstream provides one now - Remove automake.patch; "test" directory isn't provided by upstream anymore - Remove ima-evm-utils-xattr.patch; libimaevm0 does link against libattr now - Split package in three subpackage * libimaevm0: contains shared library * -devel: contains header and examples files * evmctl: the kernel signing tool - Add ima-evm-utils-fix-docbook-xsl-directory.patch; fix path where Make is looking for docbook.xslima-evm-utilsh04-ch2a 17102367581.4-150400.3.2.11.4-150400.3.2.11.41.4evmctlevmctl.1.gz/usr/bin//usr/share/man/man1/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:32908/SUSE_SLE-15-SP4_Update/561bf2e1cf1e0f7a0b2912744ac11c6f-ima-evm-utils.SUSE_SLE-15-SP4_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3a44f5eba6f21b7adfc8dda406e25ea426a8436d, for GNU/Linux 3.2.0, strippedtroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)R RRRRRRRR R R RRR Rl~{Au {utf-8505a006d9b73c7c02b22503264b7c8e3b86eb947f163512b99328a4ca644018b?7zXZ !t/!K-]"k%a拄]Q[By ufp_!ځ~\q*^'=ڞEyHj ί!<̍Wޯ |省?Jbitߞ Mzr%1 e"<7crlB}֬js^R 3bRE'R ZXo̙[miY:*J /WV6'B6hc\YG|\uyԉx"jvt*CQ.l|ҢSS|*x I99NaxJFjTr{wK]Y+g]?y^[$fc}%?ɟ%c%&KzfvJ >wW sk"}=:43(B!R^ wj"K0|Zen%'ՕbM}wu2iQTX:!&y FEY] IM`&xg+|Xg׺99uZvIՄA$UO@z_}Zl=Sy.}C H%oG9vdxuEeXwG:vcƴXSW#@йD%sm8c^xIizh7J@Dyݝxln8/R|/tO>>\;ml+UjhyY?LT SX">k_:>p/㞂>xYOh}hZ|5L|:t94h -uzrƥon*jEU)*8uBWE;(I)dOOɼX) 1~-G]/@hs"TNBegܣ`(p*f{,:z9١*LBfP+gw:{J_4G ?ͳ:=' ?6$('m U]1X}3ҏl -L(Mٮ)2F :pUXQn}@>rk#Z$RǞ66#e)O̊V)FbB (k)9eY+z}vGAu Œ&jYKz(Y7 &L+eTazZoQְch`Jۖ16=Tq K7b€$.j9|mNYd#;MJرYaS466|MfeXt;Ķq4~DBZ!di-pl-~9ڥ>:d@i27Α4kM~R/:p5 92D_8̏PG46MV ,Co 'vKuc{2TS>=`^d:#[-meUuyZ"U<+'d_U92\LIܜ+S ^7Ы!LqZN&4Z+ٌ9R;/ .g&*KO8P[F(1-G9n }y. }ȿ|-AΔ@tEn?q͛iK[FVs"a.#Q$j੻Y! x1(Og2śÚvo#'{1犩`hdv(:xDcy[\wc+).~ʕ!a>^xFP7CkjS+bGGo7N2 g:Iҧr[vsnvYdfA87\1r|>1*阾6<:]t Ǽ3M(AI\[C >=7q")_+4~4rփ I޵TN#WebO4>w9-$p>$ͥQhcfVW>ߪsv"a{KUp%24M8Q(Rp@.2hW:d0)c~_.d>zͰzdV p!w*T}sao6yۄ?Ü}##og#l6>ɛQ :!j_qM/g9gW޽;ibd}l?H:pPvr f@ovL~ٿ1OaAq{=>n/էrA£ C'Jʳ|: :I56(FmΆiS.|=4?:C)0W'zq ӆ~.}U ;w")yH4W[Vina.U.qnp9d_̘>@?J\]%%r|:;ݜ3+'.N> OtNqo1y4x{` CL2(L#6/D8 Mj\opm % ³VJ*YqwN7y,5[j#^17^[Z{k[- >3$ ~9D YV1{#ҾkJÒrH~40a~o|E7ewk몙(MH._{;Yü;}ayOZ;w4.L7;=&1}:M2O%.&?!d=l#qG7_^cPW]E5R`I؛j9DqQsi\Z2o`H gdvdU88`?Oru".|q?t$Z sBI9 KBF$k^M.doM0Z0iwkYZU .ή_@*rk ƙƘ=ttRε-1IJ6Z?al97DԝnnY[{\4p]aB = YZ