diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b487032 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ima-evm-utils-1.1.tar.gz diff --git a/.ima-evm-utils.metadata b/.ima-evm-utils.metadata new file mode 100644 index 0000000..821fb5f --- /dev/null +++ b/.ima-evm-utils.metadata @@ -0,0 +1 @@ +58705b3544ae6e650042374dba535c0b3837b8fc SOURCES/ima-evm-utils-1.1.tar.gz diff --git a/SOURCES/annocheck-opt-flag.patch b/SOURCES/annocheck-opt-flag.patch new file mode 100644 index 0000000..2ddf993 --- /dev/null +++ b/SOURCES/annocheck-opt-flag.patch @@ -0,0 +1,19 @@ +diff --git a/configure.ac b/configure.ac +index 6822f39..34e4a81 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -36,9 +36,9 @@ AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You n + #debug support - yes for a while + PKG_ARG_ENABLE(debug, "yes", DEBUG, [Enable Debug support]) + if test $pkg_cv_enable_debug = yes; then +- CFLAGS="$CFLAGS -g -O1 -Wall -Wstrict-prototypes -pipe" ++ CFLAGS="$CFLAGS -g -O2 -Wall -Wstrict-prototypes -pipe" + else +- CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer" ++ CFLAGS="$CFLAGS -O2 -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer" + fi + + # for gcov +-- +2.14.4 + diff --git a/SOURCES/covscan-memory-leaks.patch b/SOURCES/covscan-memory-leaks.patch new file mode 100644 index 0000000..25d6950 --- /dev/null +++ b/SOURCES/covscan-memory-leaks.patch @@ -0,0 +1,45 @@ +diff --git a/src/evmctl.c b/src/evmctl.c +index 2ffee78..b80a1c9 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -1716,7 +1716,7 @@ static char *get_password(void) + + if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) { + perror("tcsetattr"); +- return NULL; ++ goto get_pwd_err; + } + + printf("PEM password: "); +@@ -1725,10 +1725,14 @@ static char *get_password(void) + /* restore terminal */ + if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) { + perror("tcsetattr"); +- return NULL; ++ goto get_pwd_err; + } + ++ free(password); + return pwd; ++get_pwd_err: ++ free(password); ++ return NULL; + } + + int main(int argc, char *argv[]) +diff --git a/src/libimaevm.c b/src/libimaevm.c +index 6fa0ed4..39582f2 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -466,6 +466,8 @@ void init_public_keys(const char *keyfiles) + entry->next = public_keys; + public_keys = entry; + } ++ ++ free(tmp_keyfiles); + } + + int verify_hash_v2(const char *file, const unsigned char *hash, int size, +-- +2.14.4 + diff --git a/SOURCES/docbook-xsl-path.patch b/SOURCES/docbook-xsl-path.patch new file mode 100644 index 0000000..e4ee8e5 --- /dev/null +++ b/SOURCES/docbook-xsl-path.patch @@ -0,0 +1,12 @@ +diff -urNp ima-evm-utils-1.0-orig/Makefile.am ima-evm-utils-1.0/Makefile.am +--- ima-evm-utils-1.0-orig/Makefile.am 2015-07-30 15:28:53.000000000 -0300 ++++ ima-evm-utils-1.0/Makefile.am 2017-11-20 16:20:04.245591165 -0200 +@@ -24,7 +24,7 @@ rpm: $(tarname) + rpmbuild -ba --nodeps $(SPEC) + + # requires asciidoc, xslproc, docbook-xsl +-MANPAGE_DOCBOOK_XSL = /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl ++MANPAGE_DOCBOOK_XSL = /usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl + + evmctl.1.html: README + @asciidoc -o $@ $< diff --git a/SPECS/ima-evm-utils.spec b/SPECS/ima-evm-utils.spec new file mode 100644 index 0000000..161a362 --- /dev/null +++ b/SPECS/ima-evm-utils.spec @@ -0,0 +1,129 @@ +Summary: IMA/EVM support utilities +Name: ima-evm-utils +Version: 1.1 +Release: 4%{?dist} +License: GPLv2 +Url: http://linux-ima.sourceforge.net/ +Source: http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz +BuildRequires: autoconf automake libtool m4 asciidoc libxslt +BuildRequires: openssl-devel libattr-devel keyutils-libs-devel +Patch1: docbook-xsl-path.patch +Patch2: covscan-memory-leaks.patch +Patch3: annocheck-opt-flag.patch + +%description +The Trusted Computing Group(TCG) run-time Integrity Measurement Architecture +(IMA) maintains a list of hash values of executables and other sensitive +system files, as they are read or executed. These are stored in the file +systems extended attributes. The Extended Verification Module (EVM) prevents +unauthorized changes to these extended attributes on the file system. +ima-evm-utils is used to prepare the file system for these extended attributes. + +%package devel +Summary: Development files for %{name} + +%description devel +This package provides the header files for %{name} + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +mkdir -p m4 +autoreconf -f -i +%configure --disable-static +make %{?_smp_mflags} + +%install +make DESTDIR=%{buildroot} install +find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete + +%ldconfig_scriptlets + +%files devel +%{_pkgdocdir}/*.sh +%{_includedir}/* +%{_libdir}/libimaevm.so + +%files +%doc ChangeLog README AUTHORS +%license COPYING +%{_bindir}/* +%{_libdir}/libimaevm.so.* +%{_mandir}/man1/* + +%changelog +* Mon Oct 29 2018 Bruno E. O. Meneguele - 1.1-4 +- Solve a single memory leak not handled by the last patch + +* Thu Oct 25 2018 Bruno E. O. Meneguele - 1.1-3 +- Solve memory leaks pointed by covscan tool +- Add optimization flag O2 during compilation to satisfy annocheck tool + +* Fri Mar 02 2018 Bruno E. O. Meneguele - 1.1-2 +- Remove libtool files +- Run ldconfig scriptlets after un/installing +- Add -devel subpackage to handle include files and examples +- Disable any static file in the package + +* Fri Feb 16 2018 Bruno E. O. Meneguele - 1.1-1 +- New upstream release +- Support for OpenSSL 1.1 was added directly to the source code in upstream, + thus removing specific patch for it +- Docbook xsl stylesheet updated to a local path + +* Wed Feb 07 2018 Fedora Release Engineering - 1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 02 2018 Igor Gnatenko - 1.0-4 +- Switch to %%ldconfig_scriptlets + +* Fri Dec 01 2017 Bruno E. O. Meneguele - 1.0-3 +- Add OpenSSL 1.1 API support for the package, avoiding the need of + compat-openssl10-devel package + +* Mon Nov 20 2017 Bruno E. O. Meneguele - 1.0-2 +- Adjusted docbook xsl path to match the correct stylesheet +- Remove only *.la files, considering there aren't any *.a files + +* Tue Sep 05 2017 Bruno E. O. Meneguele - 1.0-1 +- New upstream release +- Add OpenSSL 1.0 compatibility package, due to issues with OpenSSL 1.1 +- Remove libtool files +- Run ldconfig after un/installation to update *.so files +- Add -devel subpackage to handle include files and examples + +* Wed Aug 02 2017 Fedora Release Engineering - 0.9-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 0.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 26 2016 Lubomir Rintel - 0.9-3 +- Fix FTBFS + +* Wed Jun 17 2015 Fedora Release Engineering - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Oct 31 2014 Avesh Agarwal - 0.9-1 +- New upstream release +- Applied a patch to fix man page issues. +- Updated spec file + +* Sat Aug 16 2014 Fedora Release Engineering - 0.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Aug 27 2013 Vivek Goyal - 0.6-1 +- Initial package