Blame NEWS

Packit Service 087331
2020-10-28  Mimi Zohar <zohar@linux.ibm.com>
Packit Service 087331
Packit Service 087331
	version 1.3.2:
Packit Service 087331
	* Bugfixes: importing keys
Packit Service 087331
	* NEW: Docker based travis distro testing
Packit Service 087331
	* Travis bugfixes, code cleanup, software version update,
Packit Service 087331
	  and script removal
Packit Service 087331
	* Initial travis testing
Packit Service 087331
Packit Service 087331
2020-08-11  Mimi Zohar <zohar@linux.ibm.com>
Packit Service 087331
Packit Service 087331
	version 1.3.1:
Packit Service 087331
	* "--pcrs" support for per crypto algorithm
Packit Service 087331
	* Drop/rename "ima_measurement" options
Packit Service 087331
	* Moved this summary from "Changelog" to "NEWS", removing
Packit Service 087331
	  requirement for GNU empty files
Packit Service 087331
	* Distro build fixes
Packit Service 087331
Packit Service 087331
2020-07-21  Mimi Zohar <zohar@linux.ibm.com>
Packit Service 087331
Packit Service 087331
	version 1.3 new features:
Packit Service 087331
	* NEW ima-evm-utils regression test infrastructure with two initial
Packit Service 087331
	  tests:
Packit Service 087331
	  - ima_hash.test: calculate/verify different crypto hash algorithms
Packit Service 087331
	  - sign_verify.test: EVM and IMA sign/verify signature tests
Packit Service 087331
	* TPM 2.0 support
Packit Service 087331
	  - Calculate the new per TPM 2.0 bank template data digest
Packit Service 087331
	  - Support original padding the SHA1 template data digest
Packit Service 087331
	  - Compare ALL the re-calculated TPM 2.0 bank PCRs against the
Packit Service 087331
	    TPM 2.0 bank PCR values
Packit Service 087331
	  - Calculate the per TPM bank "boot_aggregate" values, including
Packit Service 087331
	    PCRs 8 & 9 in calculation
Packit Service 087331
	  - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS
Packit Service 087331
	  - boot_aggregate.test: compare the calculated "boot_aggregate"
Packit Service 087331
	    values with the "boot_aggregate" value included in the IMA
Packit Service 087331
	    measurement.
Packit Service 087331
	* TPM 1.2 support
Packit Service 087331
	  - Additionally support reading the TPM 1.2 PCRs from a supplied file
Packit Service 087331
	    ("--pcrs" option)
Packit Service 087331
	* Based on original IMA LTP and standalone version support
Packit Service 087331
	  - Calculate the TPM 1.2 "boot_aggregate" based on the exported
Packit Service 087331
	    TPM 1.2 BIOS event log.
Packit Service 087331
	  - In addition to verifying the IMA measurement list against the
Packit Service 087331
	    the TPM PCRs, verify the IMA template data digest against the
Packit Service 087331
	    template data.  (Based on LTP "--verify" option.)
Packit Service 087331
	  - Ignore file measurement violations while verifying the IMA
Packit Service 087331
	    measurment list. (Based on LTP "--validate" option.)
Packit Service 087331
	  - Verify the file data signature included in the measurement list
Packit Service 087331
	    based on the file hash also included in the measurement list
Packit Service 087331
	    (--verify-sig)
Packit Service 087331
	  - Support original "ima" template (mixed templates not supported)
Packit Service 087331
	* Support "sm3" crypto name
Packit Service 087331
Packit Service 087331
	Bug fixes and code cleanup:
Packit Service 087331
	* Don't exit with -1 on failure, exit with 125
Packit Service 087331
	* On signature verification failure, include pathname.
Packit Service 087331
	* Provide minimal hash_info.h file in case one doesn't exist, needed
Packit Service 087331
	  by the ima-evm-utils regression tests.
Packit Service 087331
	* On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs
Packit Service 087331
	* Fix hash_algo type comparison mismatch
Packit Service 087331
	* Simplify/clean up code
Packit Service 087331
	* Address compiler complaints and failures
Packit Service 087331
	* Fix memory allocations and leaks
Packit Service 087331
	* Sanity check provided input files are regular files
Packit Service 087331
	* Revert making "tsspcrread" a compile build time decision.
Packit Service 087331
	* Limit additional messages based on log level (-v)
Packit Service 087331
Packit Service 087331
2019-07-30  Mimi Zohar <zohar@linux.ibm.com>
Packit Service 087331
Packit Service 087331
	version 1.2.1 Bug fixes:
Packit Service 087331
	* When verifying multiple file signatures, return correct status
Packit Service 087331
	* Don't automatically use keys from x509 certs if user supplied "--rsa"
Packit Service 087331
	* Fix verifying DIGSIG_VERSION_1 signatures
Packit Service 087331
	* autoconf, openssl fixes
Packit Service 087331
Packit Service 087331
Packit Service 087331
2019-07-24  Mimi Zohar <zohar@linux.ibm.com>
Packit Service 087331
Packit Service 087331
	version 1.2 new features:
Packit Service 087331
	* Generate EVM signatures based on the specified hash algorithm
Packit Service 087331
	* include "security.apparmor" in EVM signature
Packit Service 087331
	* Add support for writing & verifying "user.xxxx" xattrs for testing
Packit Service 087331
	* Support Strebog/Gost hash functions
Packit Service 087331
	* Add OpenSSL engine support
Packit Service 087331
	* Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures
Packit Service 087331
	* Support verifying multiple signatures at once
Packit Service 087331
	* Support new template "buf" field and warn about other unknown fields
Packit Service 087331
	* Improve OpenSSL error reporting
Packit Service 087331
	* Support reading TPM 2.0 PCRs using tsspcrread
Packit Service 087331
Packit Service 087331
	Bug fixes and code cleanup:
Packit Service 087331
	* Update manpage stylesheet detection
Packit Service 087331
	* Fix xattr.h include file
Packit Service 087331
	* On error when reading TPM PCRs, don't log gargabe
Packit Service 087331
	* Properly return keyid string to calc_keyid_v1/v2 callers, caused by
Packit Service 087331
	  limiting keyid output to verbose mode
Packit Service 087331
	* Fix hash buffer overflow caused by EVM support for larger hashes,
Packit Service 087331
	  defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts".
Packit Service 087331
	* Linked with libcrypto instead of OpenSSL
Packit Service 087331
	* Updated Autotools, replacing INCLUDES with AM_CPPFLAGS
Packit Service 087331
	* Include new "hash-info.gen" in tar
Packit Service 087331
	* Log the hash algorithm, not just the hash value
Packit Service 087331
	* Fixed memory leaks in: EV_MD_CTX, init_public_keys
Packit Service 087331
	* Fixed other warnings/bugs discovered by clang, coverity
Packit Service 087331
	* Remove indirect calls in verify_hash() to improve code readability
Packit Service 087331
	* Don't fallback to using sha1
Packit Service 087331
	* Namespace some too generic object names
Packit Service 087331
	* Make functions/arrays static if possible
Packit Service 087331
Packit Service 087331
Packit Service 087331
2018-01-28  Mimi Zohar <zohar@us.ibm.com>
Packit Service 087331
Packit Service 087331
	version 1.1
Packit Service 087331
	* Support the new openssl 1.1 api
Packit Service 087331
	* Support for validating multiple pcrs
Packit Service 087331
	* Verify the measurement list signature based on the list digest
Packit Service 087331
	* Verify the "ima-sig" measurement list using multiple keys
Packit Service 087331
	* Fixed parsing the measurement template data field length
Packit Service 087331
	* Portable & immutable EVM signatures (new format)
Packit Service 087331
	* Multiple fixes that have been lingering in the next branch. Some
Packit Service 087331
	  are for experimental features that are not yet supported in the
Packit Service 087331
	  kernel.
Packit Service 087331
Packit Service 087331
2014-07-30  Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
Packit Service 087331
Packit Service 087331
	version 1.0
Packit Service 087331
	* Recursive hashing
Packit Service 087331
	* Immutable EVM signatures (experimental)
Packit Service 087331
	* Command 'ima_clear' to remove xattrs
Packit Service 087331
	* Support for passing password to the library
Packit Service 087331
	* Support for asking password safely from the user
Packit Service 087331
Packit Service 087331
2014-09-23  Dmitry Kasatkin <d.kasatkin@samsung.com>
Packit Service 087331
Packit Service 087331
	version 0.9
Packit Service 087331
	* Updated README
Packit Service 087331
	* man page generated and added to the package
Packit Service 087331
	* Use additional SMACK xattrs for EVM signature generation
Packit Service 087331
	* Signing functions moved to libimaevm for external use (RPM)
Packit Service 087331
	* Fixed setting of correct hash header
Packit Service 087331
Packit Service 087331
2014-05-05  Dmitry Kasatkin <d.kasatkin@samsung.com>
Packit Service 087331
Packit Service 087331
	version 0.8
Packit Service 087331
	* Symbilic names for keyrings
Packit Service 087331
	* Hash list signing
Packit Service 087331
	* License text fix for using OpenSSL
Packit Service 087331
	* Help output fix
Packit Service 087331
Packit Service 087331
2014-02-17  Dmitry Kasatkin <d.kasatkin@samsung.com>
Packit Service 087331
Packit Service 087331
	version 0.7
Packit Service 087331
	* Fix symbolic links related bugs
Packit Service 087331
	* Provide recursive fixing
Packit Service 087331
	* Provide recursive signing
Packit Service 087331
	* Move IMA verification to the library (first for LTP use)
Packit Service 087331
	* Support for target architecture data size
Packit Service 087331
	* Remove obsolete module signing code
Packit Service 087331
	* Code cleanup
Packit Service 087331
Packit Service 087331
2013-08-28  Dmitry Kasatkin <d.kasatkin@samsung.com>
Packit Service 087331
Packit Service 087331
	version 0.6
Packit Service 087331
	* support for asymmetric crypto keys and new signature format (v2)
Packit Service 087331
	* fixes to set correct hash algo for digital signature v1
Packit Service 087331
	* uuid support for EVM
Packit Service 087331
	* signature verification support
Packit Service 087331
	* test scripts removed
Packit Service 087331
	* README updates
Packit Service 087331
Packit Service 087331
2012-05-18  Dmitry Kasatkin  <dmitry.kasatkin@intel.com>
Packit Service 087331
Packit Service 087331
	version 0.3
Packit Service 087331
	* llistxattr returns 0 if there are no xattrs and it is valid
Packit Service 087331
	* Added entry type to directory hash calculation
Packit Service 087331
	* inline block variable renamed
Packit Service 087331
	* Remove forced tag creation
Packit Service 087331
	* Use libexec for programs and scripts
Packit Service 087331
	* Some files updated
Packit Service 087331
	* Do not search for algorithm as it is known
Packit Service 087331
	* Refactored to remove redundant hash initialization code
Packit Service 087331
	* Added hash calculation for special files
Packit Service 087331
Packit Service 087331
2012-04-05  Dmitry Kasatkin  <dmitry.kasatkin@intel.com>
Packit Service 087331
Packit Service 087331
	version 0.2
Packit Service 087331
	* added RPM & TAR building makefile rules
Packit Service 087331
	* renamed evm-utils to ima-evm-utils
Packit Service 087331
	* added command options description
Packit Service 087331
	* updated error handling
Packit Service 087331
	* refactored redundant code
Packit Service 087331
Packit Service 087331
2012-04-02  Dmitry Kasatkin  <dmitry.kasatkin@intel.com>
Packit Service 087331
Packit Service 087331
	version 0.1.0
Packit Service 087331
	* Fully functional version for lastest 3.x kernels
Packit Service 087331
Packit Service 087331
2011-08-24  Dmitry Kasatkin  <dmitry.kasatkin@intel.com>
Packit Service 087331
Packit Service 087331
	version 0.1
Packit Service 087331
	* Initial public version.
Packit Service 087331