From 83639ff9de5e482aa43597f5a7b32d942ffd28f4 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Feb 02 2021 06:13:01 +0000
Subject: import ima-evm-utils-1.3.2-11.el8


---

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d2a7790
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/ima-evm-utils-1.3.2.tar.gz
diff --git a/.ima-evm-utils.metadata b/.ima-evm-utils.metadata
new file mode 100644
index 0000000..ac55e46
--- /dev/null
+++ b/.ima-evm-utils.metadata
@@ -0,0 +1 @@
+034d163533ae5f9c06001b375ec7e5a1b09a3853 SOURCES/ima-evm-utils-1.3.2.tar.gz
diff --git a/SOURCES/0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch b/SOURCES/0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
new file mode 100644
index 0000000..663ddc6
--- /dev/null
+++ b/SOURCES/0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
@@ -0,0 +1,38 @@
+From ea10a33d26572eebde59565179f622b6fb240d04 Mon Sep 17 00:00:00 2001
+From: Patrick Uiterwijk <patrick@puiterwijk.org>
+Date: Wed, 6 Jan 2021 10:43:34 +0100
+Subject: [PATCH] Fix sign_hash not observing the hashalgo argument
+
+This fixes sign_hash not using the correct algorithm for creating the
+signature, by ensuring it uses the passed in variable value.
+
+Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
+---
+ src/libimaevm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index fa6c27858d0f..72d5e67f6fdd 100644
+--- a/src/libimaevm.c
++++ b/src/libimaevm.c
+@@ -916,7 +916,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
+ 		return -1;
+ 	}
+ 
+-	log_info("hash(%s): ", imaevm_params.hash_algo);
++	log_info("hash(%s): ", algo);
+ 	log_dump(hash, size);
+ 
+ 	pkey = read_priv_pkey(keyfile, imaevm_params.keypass);
+@@ -942,7 +942,7 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
+ 	if (!EVP_PKEY_sign_init(ctx))
+ 		goto err;
+ 	st = "EVP_get_digestbyname";
+-	if (!(md = EVP_get_digestbyname(imaevm_params.hash_algo)))
++	if (!(md = EVP_get_digestbyname(algo)))
+ 		goto err;
+ 	st = "EVP_PKEY_CTX_set_signature_md";
+ 	if (!EVP_PKEY_CTX_set_signature_md(ctx, md))
+-- 
+2.29.2
+
diff --git a/SPECS/ima-evm-utils.spec b/SPECS/ima-evm-utils.spec
new file mode 100644
index 0000000..de82f2e
--- /dev/null
+++ b/SPECS/ima-evm-utils.spec
@@ -0,0 +1,165 @@
+Name:    ima-evm-utils
+Version: 1.3.2
+Release: 11%{?dist}
+Summary: IMA/EVM support utilities
+License: GPLv2
+Url:     http://linux-ima.sourceforge.net/
+Source:  http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz
+
+Patch0: 0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch
+
+BuildRequires: asciidoc
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc
+BuildRequires: keyutils-libs-devel
+BuildRequires: libtool
+BuildRequires: libxslt
+BuildRequires: openssl-devel
+BuildRequires: tpm2-tss-devel
+
+Requires: tpm2-tss
+
+%description
+The Trusted Computing Group(TCG) run-time Integrity Measurement Architecture
+(IMA) maintains a list of hash values of executables and other sensitive
+system files, as they are read or executed. These are stored in the file
+systems extended attributes. The Extended Verification Module (EVM) prevents
+unauthorized changes to these extended attributes on the file system.
+ima-evm-utils is used to prepare the file system for these extended attributes.
+
+%package devel
+Summary: Development files for %{name}
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+This package provides the header files for %{name}
+
+%prep
+%autosetup -p1
+
+%build
+autoreconf -vif
+%configure --disable-static
+%make_build
+
+%install
+%make_install
+find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete
+
+%ldconfig_scriptlets
+
+%files
+%license COPYING
+%doc NEWS README AUTHORS
+%{_bindir}/*
+# if you need to bump the soname version, coordinate with dependent packages
+%{_libdir}/libimaevm.so.2
+%{_libdir}/libimaevm.so.2.0.0
+%{_mandir}/man1/*
+
+%files devel
+%{_pkgdocdir}/*.sh
+%{_includedir}/*
+%{_libdir}/libimaevm.so
+
+%changelog
+* Mon Jan 25 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-11
+- Bump release number for yet another rebuild
+
+* Mon Jan 25 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-10
+- Add patch for fixing hash algorithm used through libimaevm
+
+* Fri Jan 15 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-9
+- Add tpm2-tss as a runtime dependency
+
+* Sun Jan 10 2021 Michal Domonkos <mdomonko@redhat.com> - 1.3.2-8
+- Bump release number for yet another couple of rebuilds
+
+* Wed Jan 06 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-4
+- Bump release number for yet another build for solving wrong target usage
+
+* Wed Jan 06 2021 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-3
+- Bump release number for another build, handling build issues
+
+* Tue Dec 01 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-2
+- Bump release number for forcing a new build
+
+* Mon Nov 09 2020 Bruno Meneguele <bmeneg@redhat.com> - 1.3.2-1
+- Rebase to upstream v1.3.2 version
+- Sync specfile with Fedora's version
+
+* Thu Mar 28 2019 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.1-5
+- Add patch to correctly handle key description on keyring during importation
+
+* Mon Oct 29 2018 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.1-4
+- Solve a single memory leak not handled by the last patch
+
+* Thu Oct 25 2018 Bruno E. O. Meneguele <bmeneg@redhat.com> - 1.1-3
+- Solve memory leaks pointed by covscan tool
+- Add optimization flag O2 during compilation to satisfy annocheck tool
+
+* Fri Mar 02 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.1-2
+- Remove libtool files
+- Run ldconfig scriptlets after un/installing
+- Add -devel subpackage to handle include files and examples
+- Disable any static file in the package
+
+* Fri Feb 16 2018 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.1-1
+- New upstream release
+- Support for OpenSSL 1.1 was added directly to the source code in upstream,
+  thus removing specific patch for it
+- Docbook xsl stylesheet updated to a local path
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Fri Feb 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.0-4
+- Switch to %%ldconfig_scriptlets
+
+* Fri Dec 01 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-3
+- Add OpenSSL 1.1 API support for the package, avoiding the need of
+  compat-openssl10-devel package
+
+* Mon Nov 20 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-2
+- Adjusted docbook xsl path to match the correct stylesheet
+- Remove only *.la files, considering there aren't any *.a files
+
+* Tue Sep 05 2017 Bruno E. O. Meneguele <brdeoliv@redhat.com> - 1.0-1
+- New upstream release
+- Add OpenSSL 1.0 compatibility package, due to issues with OpenSSL 1.1
+- Remove libtool files
+- Run ldconfig after un/installation to update *.so files
+- Add -devel subpackage to handle include files and examples
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Jan 26 2016 Lubomir Rintel <lkundrak@v3.sk> - 0.9-3
+- Fix FTBFS
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Oct 31 2014 Avesh Agarwal <avagarwa@redhat.com> - 0.9-1
+- New upstream release
+- Applied a patch to fix man page issues.
+- Updated spec file
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Aug 27 2013 Vivek Goyal <vgoyal@redhat.com> - 0.6-1
+- Initial package