diff --git a/.gitignore b/.gitignore index d2a7790..632761a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +SOURCES/ima-evm-utils-1.1.tar.gz SOURCES/ima-evm-utils-1.3.2.tar.gz diff --git a/.ima-evm-utils.metadata b/.ima-evm-utils.metadata index ac55e46..e6ea46f 100644 --- a/.ima-evm-utils.metadata +++ b/.ima-evm-utils.metadata @@ -1 +1,2 @@ +58705b3544ae6e650042374dba535c0b3837b8fc SOURCES/ima-evm-utils-1.1.tar.gz 034d163533ae5f9c06001b375ec7e5a1b09a3853 SOURCES/ima-evm-utils-1.3.2.tar.gz diff --git a/SOURCES/annocheck-opt-flag.patch b/SOURCES/annocheck-opt-flag.patch new file mode 100644 index 0000000..2ddf993 --- /dev/null +++ b/SOURCES/annocheck-opt-flag.patch @@ -0,0 +1,19 @@ +diff --git a/configure.ac b/configure.ac +index 6822f39..34e4a81 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -36,9 +36,9 @@ AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You n + #debug support - yes for a while + PKG_ARG_ENABLE(debug, "yes", DEBUG, [Enable Debug support]) + if test $pkg_cv_enable_debug = yes; then +- CFLAGS="$CFLAGS -g -O1 -Wall -Wstrict-prototypes -pipe" ++ CFLAGS="$CFLAGS -g -O2 -Wall -Wstrict-prototypes -pipe" + else +- CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer" ++ CFLAGS="$CFLAGS -O2 -Wall -Wstrict-prototypes -pipe -fomit-frame-pointer" + fi + + # for gcov +-- +2.14.4 + diff --git a/SOURCES/covscan-memory-leaks.patch b/SOURCES/covscan-memory-leaks.patch new file mode 100644 index 0000000..25d6950 --- /dev/null +++ b/SOURCES/covscan-memory-leaks.patch @@ -0,0 +1,45 @@ +diff --git a/src/evmctl.c b/src/evmctl.c +index 2ffee78..b80a1c9 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -1716,7 +1716,7 @@ static char *get_password(void) + + if (tcsetattr(fileno(stdin), TCSANOW, &tmp_flags) != 0) { + perror("tcsetattr"); +- return NULL; ++ goto get_pwd_err; + } + + printf("PEM password: "); +@@ -1725,10 +1725,14 @@ static char *get_password(void) + /* restore terminal */ + if (tcsetattr(fileno(stdin), TCSANOW, &flags) != 0) { + perror("tcsetattr"); +- return NULL; ++ goto get_pwd_err; + } + ++ free(password); + return pwd; ++get_pwd_err: ++ free(password); ++ return NULL; + } + + int main(int argc, char *argv[]) +diff --git a/src/libimaevm.c b/src/libimaevm.c +index 6fa0ed4..39582f2 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -466,6 +466,8 @@ void init_public_keys(const char *keyfiles) + entry->next = public_keys; + public_keys = entry; + } ++ ++ free(tmp_keyfiles); + } + + int verify_hash_v2(const char *file, const unsigned char *hash, int size, +-- +2.14.4 + diff --git a/SOURCES/docbook-xsl-path.patch b/SOURCES/docbook-xsl-path.patch new file mode 100644 index 0000000..e4ee8e5 --- /dev/null +++ b/SOURCES/docbook-xsl-path.patch @@ -0,0 +1,12 @@ +diff -urNp ima-evm-utils-1.0-orig/Makefile.am ima-evm-utils-1.0/Makefile.am +--- ima-evm-utils-1.0-orig/Makefile.am 2015-07-30 15:28:53.000000000 -0300 ++++ ima-evm-utils-1.0/Makefile.am 2017-11-20 16:20:04.245591165 -0200 +@@ -24,7 +24,7 @@ rpm: $(tarname) + rpmbuild -ba --nodeps $(SPEC) + + # requires asciidoc, xslproc, docbook-xsl +-MANPAGE_DOCBOOK_XSL = /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl ++MANPAGE_DOCBOOK_XSL = /usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl + + evmctl.1.html: README + @asciidoc -o $@ $< diff --git a/SOURCES/libimaevm-keydesc-import.patch b/SOURCES/libimaevm-keydesc-import.patch new file mode 100644 index 0000000..fb20ebc --- /dev/null +++ b/SOURCES/libimaevm-keydesc-import.patch @@ -0,0 +1,37 @@ +diff --git a/src/libimaevm.c b/src/libimaevm.c +index 6fa0ed4..b6f9b9f 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -672,12 +672,11 @@ void calc_keyid_v1(uint8_t *keyid, char *str, const unsigned char *pkey, int len + memcpy(keyid, sha1 + 12, 8); + log_debug("keyid: "); + log_debug_dump(keyid, 8); ++ id = __be64_to_cpup((__be64 *) keyid); ++ sprintf(str, "%llX", (unsigned long long)id); + +- if (params.verbose > LOG_INFO) { +- id = __be64_to_cpup((__be64 *) keyid); +- sprintf(str, "%llX", (unsigned long long)id); ++ if (params.verbose > LOG_INFO) + log_info("keyid-v1: %s\n", str); +- } + } + + void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key) +@@ -694,11 +693,10 @@ void calc_keyid_v2(uint32_t *keyid, char *str, RSA *key) + memcpy(keyid, sha1 + 16, 4); + log_debug("keyid: "); + log_debug_dump(keyid, 4); ++ sprintf(str, "%x", __be32_to_cpup(keyid)); + +- if (params.verbose > LOG_INFO) { +- sprintf(str, "%x", __be32_to_cpup(keyid)); ++ if (params.verbose > LOG_INFO) + log_info("keyid: %s\n", str); +- } + + free(pkey); + } +-- +2.19.1 + diff --git a/SPECS/ima-evm-utils.spec b/SPECS/ima-evm-utils.spec index de82f2e..af59d3b 100644 --- a/SPECS/ima-evm-utils.spec +++ b/SPECS/ima-evm-utils.spec @@ -1,12 +1,20 @@ +%global compat_soversion 0 + Name: ima-evm-utils Version: 1.3.2 -Release: 11%{?dist} +Release: 12%{?dist} Summary: IMA/EVM support utilities License: GPLv2 Url: http://linux-ima.sourceforge.net/ Source: http://sourceforge.net/projects/linux-ima/files/ima-evm-utils/%{name}-%{version}.tar.gz +Source10: ima-evm-utils-1.1.tar.gz Patch0: 0001-Fix-sign_hash-not-observing-the-hashalgo-argument.patch +# compat patches +Patch1: docbook-xsl-path.patch +Patch2: covscan-memory-leaks.patch +Patch3: annocheck-opt-flag.patch +Patch4: libimaevm-keydesc-import.patch BuildRequires: asciidoc BuildRequires: autoconf @@ -17,8 +25,10 @@ BuildRequires: libtool BuildRequires: libxslt BuildRequires: openssl-devel BuildRequires: tpm2-tss-devel +# compat requirement +BuildRequires: libattr-devel -Requires: tpm2-tss +#Requires: tpm2-tss %description The Trusted Computing Group(TCG) run-time Integrity Measurement Architecture @@ -35,10 +45,31 @@ Requires: %{name} = %{version}-%{release} %description devel This package provides the header files for %{name} +%package -n %{name}%{compat_soversion} +Summary: Compatibility package of %{name} + +%description -n %{name}%{compat_soversion} +This package provides the libimaevm.so.%{compat_soversion} relative to %{name}-1.1 + %prep -%autosetup -p1 +%setup -q +%patch0 -p1 +mkdir compat/ +tar -zxf %{SOURCE10} --strip-components=1 -C compat/ +cd compat/ +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %build +# build compat version of the package +pushd compat/ +autoreconf -vif +%configure --disable-static +%make_build +popd + autoreconf -vif %configure --disable-static %make_build @@ -46,6 +77,11 @@ autoreconf -vif %install %make_install find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete +# install compat libs +pushd compat/src/.libs/ +install -p libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0 +ln -s -f %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion}.0.0 %{buildroot}%{_libdir}/libimaevm.so.%{compat_soversion} +popd %ldconfig_scriptlets @@ -63,7 +99,14 @@ find %{buildroot}%{_libdir} -type f -name "*.la" -print -delete %{_includedir}/* %{_libdir}/libimaevm.so +%files -n %{name}%{compat_soversion} +%{_libdir}/libimaevm.so.%{compat_soversion} +%{_libdir}/libimaevm.so.%{compat_soversion}.0.0 + %changelog +* Thu Feb 18 2021 Bruno Meneguele - 1.3.2-12 +- Add compat subpackage for keeping the API stability in userspace + * Mon Jan 25 2021 Bruno Meneguele - 1.3.2-11 - Bump release number for yet another rebuild