diff options
author | Marc Kleine-Budde <mkl@pengutronix.de> | 2016-08-15 15:39:52 +0200 |
---|---|---|
committer | Marc Kleine-Budde <mkl@pengutronix.de> | 2016-08-15 15:39:52 +0200 |
commit | f479488c6664d3d14ae1efd52cd2a6a53e605ab2 (patch) | |
tree | 28fff9c6c5ea95e7c057c18ab81d8e89014f081e /patches/ima-evm-utils-1.0 | |
parent | cc6f68cd8cc5f1b1ade50c7a8a5aa5715ae7a7e1 (diff) | |
download | ptxdist-f479488c6664d3d14ae1efd52cd2a6a53e605ab2.tar.gz ptxdist-f479488c6664d3d14ae1efd52cd2a6a53e605ab2.tar.xz |
ima-evm-utils: update patches
- fix compilation on older distributions
- add error propagation
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Diffstat (limited to 'patches/ima-evm-utils-1.0')
9 files changed, 318 insertions, 34 deletions
diff --git a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch b/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch index 1eee4f1bf..8a562b3e0 100644 --- a/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch +++ b/patches/ima-evm-utils-1.0/0004-evmctl-find-add-missing-error-handling-and-propagate.patch @@ -8,18 +8,18 @@ function, so that evmctl properly fails on errors. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> --- - src/evmctl.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) + src/evmctl.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 19f5f3bc87b0..6606e4958080 100644 +index 19f5f3bc87b0..a5355f6c0ee1 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -1097,13 +1097,20 @@ static int find(const char *path, int dts, find_cb_t func) } while ((de = readdir(dir))) { -+ int err; ++ int err = 0; + if (!strcmp(de->d_name, "..") || !strcmp(de->d_name, ".")) continue; @@ -38,3 +38,19 @@ index 19f5f3bc87b0..6606e4958080 100644 } if (chdir("..")) { +@@ -1112,8 +1119,13 @@ static int find(const char *path, int dts, find_cb_t func) + return -1; + } + +- if (dts & DIR_MASK) +- func(path); ++ if (dts & DIR_MASK) { ++ int err; ++ ++ err = func(path); ++ if (err) ++ return -1; ++ } + + closedir(dir); + diff --git a/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch b/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch new file mode 100644 index 000000000..7d229d3e2 --- /dev/null +++ b/patches/ima-evm-utils-1.0/0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch @@ -0,0 +1,27 @@ +From: Marc Kleine-Budde <mkl@pengutronix.de> +Date: Fri, 11 Mar 2016 09:49:44 +0100 +Subject: [PATCH] evmctl: add fallback definitions for XATTR_NAME_IMA + +This fixes compilation on old distributions. + +Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> +--- + src/evmctl.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/evmctl.c b/src/evmctl.c +index a5355f6c0ee1..f120bf96b69d 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -62,6 +62,11 @@ + #include <openssl/err.h> + #include <openssl/rsa.h> + ++#ifndef XATTR_NAME_IMA ++#define XATTR_IMA_SUFFIX "ima" ++#define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX ++#endif ++ + #define USE_FPRINTF + + #include "imaevm.h" diff --git a/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch b/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch new file mode 100644 index 000000000..a5de62dcc --- /dev/null +++ b/patches/ima-evm-utils-1.0/0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch @@ -0,0 +1,73 @@ +From: Marc Kleine-Budde <mkl@pengutronix.de> +Date: Sat, 26 Mar 2016 22:58:07 +0100 +Subject: [PATCH] evmctl, libimaevm: use EVP_MAX_MD_SIZE for hash size instead + of open coding it + +Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> +--- + src/evmctl.c | 10 +++++----- + src/libimaevm.c | 2 +- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/evmctl.c b/src/evmctl.c +index f120bf96b69d..559e4cbf9176 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -446,7 +446,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + + static int sign_evm(const char *file, const char *key) + { +- unsigned char hash[20]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned char sig[1024]; + int len, err; + +@@ -481,7 +481,7 @@ static int sign_evm(const char *file, const char *key) + + static int hash_ima(const char *file) + { +- unsigned char hash[66]; /* MAX hash size + 2 */ ++ unsigned char hash[EVP_MAX_MD_SIZE + 2]; /* MAX hash size + 2 */ + int len, err, offset; + int algo = get_hash_algo(params.hash_algo); + +@@ -519,7 +519,7 @@ static int hash_ima(const char *file) + + static int sign_ima(const char *file, const char *key) + { +- unsigned char hash[64]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned char sig[1024]; + int len, err; + +@@ -699,7 +699,7 @@ static int cmd_sign_evm(struct command *cmd) + + static int verify_evm(const char *file) + { +- unsigned char hash[20]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned char sig[1024]; + int len; + +@@ -982,7 +982,7 @@ out: + + static int hmac_evm(const char *file, const char *key) + { +- unsigned char hash[20]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + unsigned char sig[1024]; + int len, err; + +diff --git a/src/libimaevm.c b/src/libimaevm.c +index 575f0535fe07..32638e79ffdc 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -517,7 +517,7 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig + + int ima_verify_signature(const char *file, unsigned char *sig, int siglen) + { +- unsigned char hash[64]; ++ unsigned char hash[EVP_MAX_MD_SIZE]; + int hashlen, sig_hash_algo; + + if (sig[0] != 0x03) { diff --git a/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch b/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch new file mode 100644 index 000000000..290d8adc7 --- /dev/null +++ b/patches/ima-evm-utils-1.0/0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch @@ -0,0 +1,31 @@ +From: Marc Kleine-Budde <mkl@pengutronix.de> +Date: Sat, 26 Mar 2016 22:58:53 +0100 +Subject: [PATCH] libimaevm: use SHA_DIGEST_LENGTH instead of open coding it + +Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> +--- + src/libimaevm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libimaevm.c b/src/libimaevm.c +index 32638e79ffdc..1c5da965468c 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -370,7 +370,7 @@ int verify_hash_v1(const unsigned char *hash, int size, unsigned char *sig, int + SHA_CTX ctx; + unsigned char out[1024]; + RSA *key; +- unsigned char sighash[20]; ++ unsigned char sighash[SHA_DIGEST_LENGTH]; + struct signature_hdr *hdr = (struct signature_hdr *)sig; + + log_info("hash: "); +@@ -652,7 +652,7 @@ int sign_hash_v1(const char *hashalgo, const unsigned char *hash, int size, cons + unsigned char pub[1024]; + RSA *key; + char name[20]; +- unsigned char sighash[20]; ++ unsigned char sighash[SHA_DIGEST_LENGTH]; + struct signature_hdr *hdr; + uint16_t *blen; + diff --git a/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch b/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch new file mode 100644 index 000000000..8165ed86d --- /dev/null +++ b/patches/ima-evm-utils-1.0/0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch @@ -0,0 +1,133 @@ +From: Steffen Trumtrar <s.trumtrar@pengutronix.de> +Date: Tue, 8 Mar 2016 13:46:14 +0100 +Subject: [PATCH] evmctl: add parameter -e to set evm hash algo + +The paramter -a sets the hash algorithm only for IMA. To not break +anything, add a new parameter -e to be able to change the hash for +EVM, too. + +Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> +--- + src/evmctl.c | 27 +++++++++++++++++++++++---- + src/imaevm.h | 1 + + src/libimaevm.c | 1 + + 3 files changed, 25 insertions(+), 4 deletions(-) + +diff --git a/src/evmctl.c b/src/evmctl.c +index 559e4cbf9176..d7352d87ef71 100644 +--- a/src/evmctl.c ++++ b/src/evmctl.c +@@ -319,6 +319,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + char uuid[16]; + struct h_misc_64 hmac_misc; + int hmac_size; ++ const EVP_MD *md; + + if (lstat(file, &st)) { + log_err("Failed to stat: %s\n", file); +@@ -350,7 +351,13 @@ static int calc_evm_hash(const char *file, unsigned char *hash) + return -1; + } + +- err = EVP_DigestInit(&ctx, EVP_sha1()); ++ md = EVP_get_digestbyname(params.evm_hash_algo); ++ if (!md) { ++ log_err("EVP_get_digestbyname() failed\n"); ++ return 1; ++ } ++ ++ err = EVP_DigestInit(&ctx, md); + if (!err) { + log_err("EVP_DigestInit() failed\n"); + return 1; +@@ -454,7 +461,7 @@ static int sign_evm(const char *file, const char *key) + if (len <= 1) + return len; + +- len = sign_hash("sha1", hash, len, key, NULL, sig + 1); ++ len = sign_hash(params.evm_hash_algo, hash, len, key, NULL, sig + 1); + if (len <= 1) + return len; + +@@ -860,6 +867,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h + ssize_t list_size; + struct h_misc_64 hmac_misc; + int hmac_size; ++ const EVP_MD *md; + + key = file2bin(keyfile, NULL, &keylen); + if (!key) { +@@ -905,7 +913,13 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h + goto out; + } + +- err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), EVP_sha1()); ++ md = EVP_get_digestbyname(params.evm_hash_algo); ++ if (!md) { ++ log_err("EVP_get_digestbyname() failed\n"); ++ return 1; ++ } ++ ++ err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), md); + if (err) { + log_err("HMAC_Init() failed\n"); + goto out; +@@ -1464,6 +1478,7 @@ static void usage(void) + printf( + "\n" + " -a, --hashalgo sha1 (default), sha224, sha256, sha384, sha512\n" ++ " -e, --evmhashalgo sha1 (default), sha224, sha256, sha384, sha512\n" + " -s, --imasig make IMA signature\n" + " -d, --imahash make IMA hash\n" + " -f, --sigfile store IMA signature in .sig file instead of xattr\n" +@@ -1508,6 +1523,7 @@ static struct option opts[] = { + {"imasig", 0, 0, 's'}, + {"imahash", 0, 0, 'd'}, + {"hashalgo", 1, 0, 'a'}, ++ {"evmhashalgo", 1, 0, 'e'}, + {"pass", 2, 0, 'p'}, + {"sigfile", 0, 0, 'f'}, + {"uuid", 2, 0, 'u'}, +@@ -1565,7 +1581,7 @@ int main(int argc, char *argv[]) + g_argc = argc; + + while (1) { +- c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:ri", opts, &lind); ++ c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind); + if (c == -1) + break; + +@@ -1591,6 +1607,9 @@ int main(int argc, char *argv[]) + case 'a': + params.hash_algo = optarg; + break; ++ case 'e': ++ params.evm_hash_algo = optarg; ++ break; + case 'p': + if (optarg) + params.keypass = optarg; +diff --git a/src/imaevm.h b/src/imaevm.h +index 711596c3f3fa..ef7858b8faa0 100644 +--- a/src/imaevm.h ++++ b/src/imaevm.h +@@ -178,6 +178,7 @@ struct libevm_params { + int verbose; + int x509; + const char *hash_algo; ++ const char *evm_hash_algo; + const char *keyfile; + const char *keypass; + }; +diff --git a/src/libimaevm.c b/src/libimaevm.c +index 1c5da965468c..595908395514 100644 +--- a/src/libimaevm.c ++++ b/src/libimaevm.c +@@ -129,6 +129,7 @@ struct libevm_params params = { + .verbose = LOG_INFO - 1, + .x509 = 1, + .hash_algo = "sha1", ++ .evm_hash_algo = "sha1", + }; + + static void __attribute__ ((constructor)) libinit(void); diff --git a/patches/ima-evm-utils-1.0/0005-evmctl-add-support-for-offline-image-preparation.patch b/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch index b31e750ff..3467e1ec2 100644 --- a/patches/ima-evm-utils-1.0/0005-evmctl-add-support-for-offline-image-preparation.patch +++ b/patches/ima-evm-utils-1.0/0009-evmctl-add-support-for-offline-image-preparation.patch @@ -37,18 +37,18 @@ Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 3 files changed, 74 insertions(+), 9 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c -index 6606e4958080..d66e6b06ad23 100644 +index d7352d87ef71..ec1fed395656 100644 --- a/src/evmctl.c +++ b/src/evmctl.c -@@ -314,6 +314,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) - char uuid[16]; +@@ -320,6 +320,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) struct h_misc_64 hmac_misc; int hmac_size; + const EVP_MD *md; + ino_t ino; if (lstat(file, &st)) { log_err("Failed to stat: %s\n", file); -@@ -336,9 +337,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -342,9 +343,25 @@ static int calc_evm_hash(const char *file, unsigned char *hash) } close(fd); } @@ -75,7 +75,7 @@ index 6606e4958080..d66e6b06ad23 100644 list_size = llistxattr(file, list, sizeof(list)); if (list_size < 0) { log_err("llistxattr() failed\n"); -@@ -384,7 +401,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -396,7 +413,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) struct h_misc *hmac = (struct h_misc *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -84,7 +84,7 @@ index 6606e4958080..d66e6b06ad23 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -393,7 +410,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -405,7 +422,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -93,7 +93,7 @@ index 6606e4958080..d66e6b06ad23 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -402,7 +419,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) +@@ -414,7 +431,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -102,15 +102,15 @@ index 6606e4958080..d66e6b06ad23 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -855,6 +872,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h - ssize_t list_size; +@@ -868,6 +885,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc_64 hmac_misc; int hmac_size; + const EVP_MD *md; + ino_t ino; key = file2bin(keyfile, NULL, &keylen); if (!key) { -@@ -892,10 +910,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -905,10 +923,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h close(fd); } @@ -137,7 +137,7 @@ index 6606e4958080..d66e6b06ad23 100644 log_err("llistxattr() failed: %s\n", file); goto out; } -@@ -932,7 +966,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -951,7 +985,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc *hmac = (struct h_misc *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -146,7 +146,7 @@ index 6606e4958080..d66e6b06ad23 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -941,7 +975,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -960,7 +994,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc_64 *hmac = (struct h_misc_64 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -155,7 +155,7 @@ index 6606e4958080..d66e6b06ad23 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -950,7 +984,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h +@@ -969,7 +1003,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h struct h_misc_32 *hmac = (struct h_misc_32 *)&hmac_misc; hmac_size = sizeof(*hmac); @@ -164,7 +164,7 @@ index 6606e4958080..d66e6b06ad23 100644 hmac->generation = generation; hmac->uid = st.st_uid; hmac->gid = st.st_gid; -@@ -1469,6 +1503,9 @@ static void usage(void) +@@ -1494,6 +1528,9 @@ static void usage(void) " --smack use extra SMACK xattrs for EVM\n" " --m32 force EVM hmac/signature for 32 bit target system\n" " --m64 force EVM hmac/signature for 64 bit target system\n" @@ -174,7 +174,7 @@ index 6606e4958080..d66e6b06ad23 100644 " -v increase verbosity level\n" " -h, --help display this help and exit\n" "\n"); -@@ -1507,6 +1544,7 @@ static struct option opts[] = { +@@ -1533,6 +1570,7 @@ static struct option opts[] = { {"recursive", 0, 0, 'r'}, {"m32", 0, 0, '3'}, {"m64", 0, 0, '6'}, @@ -182,16 +182,16 @@ index 6606e4958080..d66e6b06ad23 100644 {"smack", 0, 0, 256}, {"version", 0, 0, 257}, {} -@@ -1555,7 +1593,7 @@ int main(int argc, char *argv[]) +@@ -1581,7 +1619,7 @@ int main(int argc, char *argv[]) g_argc = argc; while (1) { -- c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:ri", opts, &lind); -+ c = getopt_long(argc, argv, "hvnsda:p::fu::k:t:rim", opts, &lind); +- c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:ri", opts, &lind); ++ c = getopt_long(argc, argv, "hvnsda:e:p::fu::k:t:rim", opts, &lind); if (c == -1) break; -@@ -1619,6 +1657,9 @@ int main(int argc, char *argv[]) +@@ -1648,6 +1686,9 @@ int main(int argc, char *argv[]) case '6': msize = 64; break; @@ -202,11 +202,11 @@ index 6606e4958080..d66e6b06ad23 100644 evm_config_xattrnames = evm_extra_smack_xattrs; break; diff --git a/src/imaevm.h b/src/imaevm.h -index 711596c3f3fa..84632a487074 100644 +index ef7858b8faa0..79f70974015a 100644 --- a/src/imaevm.h +++ b/src/imaevm.h -@@ -180,6 +180,7 @@ struct libevm_params { - const char *hash_algo; +@@ -181,6 +181,7 @@ struct libevm_params { + const char *evm_hash_algo; const char *keyfile; const char *keypass; + bool image_mode; @@ -214,7 +214,7 @@ index 711596c3f3fa..84632a487074 100644 struct RSA_ASN1_template { diff --git a/src/libimaevm.c b/src/libimaevm.c -index 575f0535fe07..6b81e7e2d7aa 100644 +index 595908395514..ea8e4f41488c 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -40,6 +40,7 @@ @@ -233,7 +233,7 @@ index 575f0535fe07..6b81e7e2d7aa 100644 #include <openssl/pem.h> #include <openssl/evp.h> -@@ -222,7 +224,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) +@@ -223,7 +225,28 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) } while ((de = readdir(dir))) { diff --git a/patches/ima-evm-utils-1.0/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch b/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch index 734994a31..e90c5dcf2 100644 --- a/patches/ima-evm-utils-1.0/0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch +++ b/patches/ima-evm-utils-1.0/0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch @@ -15,10 +15,10 @@ Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> 1 file changed, 3 insertions(+) diff --git a/src/libimaevm.c b/src/libimaevm.c -index 6b81e7e2d7aa..4eb37e2bf167 100644 +index ea8e4f41488c..29d50c99c733 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c -@@ -224,6 +224,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) +@@ -225,6 +225,9 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) } while ((de = readdir(dir))) { diff --git a/patches/ima-evm-utils-1.0/0007-HACK-don-t-generate-man-page.patch b/patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch index bb44e8d6c..bb44e8d6c 100644 --- a/patches/ima-evm-utils-1.0/0007-HACK-don-t-generate-man-page.patch +++ b/patches/ima-evm-utils-1.0/0011-HACK-don-t-generate-man-page.patch diff --git a/patches/ima-evm-utils-1.0/series b/patches/ima-evm-utils-1.0/series index d979204ae..fcd6547a8 100644 --- a/patches/ima-evm-utils-1.0/series +++ b/patches/ima-evm-utils-1.0/series @@ -4,7 +4,11 @@ 0002-Makefile.am-rename-INCLUDES-AM_CPPFLAGS.patch 0003-evmctl-find-add-missing-closedir-dir-on-error.patch 0004-evmctl-find-add-missing-error-handling-and-propagate.patch -0005-evmctl-add-support-for-offline-image-preparation.patch -0006-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch -0007-HACK-don-t-generate-man-page.patch -# dd0364c455ca5a28b5a5de995af71285 - git-ptx-patches magic +0005-evmctl-add-fallback-definitions-for-XATTR_NAME_IMA.patch +0006-evmctl-libimaevm-use-EVP_MAX_MD_SIZE-for-hash-size-i.patch +0007-libimaevm-use-SHA_DIGEST_LENGTH-instead-of-open-codi.patch +0008-evmctl-add-parameter-e-to-set-evm-hash-algo.patch +0009-evmctl-add-support-for-offline-image-preparation.patch +0010-evmctl-Do-not-account-.-and-.-for-directory-hash-gen.patch +0011-HACK-don-t-generate-man-page.patch +# fd0c40bbcc8fc866030c326fe29b69aa - git-ptx-patches magic |