- Fix bz 590561 aide does not detect the change of SElinux context

- Fix bz 590566 aide reports a changed file when it has not been changed
2010-05-15 17:17:08 +00:00 · 2010-05-15 17:17:08 +00:00 · 4dc073ba8d
commit 4dc073ba8d
parent 9fd72a59c7
3 changed files with 58 additions and 1 deletions
--- a/aide-0.14-perms.patch
+++ b/aide-0.14-perms.patch
@ -0,0 +1,14 @@
+diff -urp aide-0.14.orig/src/gen_list.c aide-0.14/src/gen_list.c
+--- aide-0.14.orig/src/gen_list.c	2010-05-15 10:32:49.000000000 -0400
+++ aide-0.14/src/gen_list.c	2010-05-15 13:10:08.000000000 -0400
+@@ -1007,7 +1007,9 @@ void strip_dbline(db_line* line,DB_ATTR_
+   if(!(attr&DB_LINKNAME)){
+     checked_free(line->linkname);
+   }
+-  /* permissions are always needed for summarize_changes, hence it is never stripped */
+  if(!(attr&DB_PERM)){
+    line->perm=0;
+  }
+   if(!(attr&DB_UID)){
+     line->uid=0;
+   }
--- a/aide-0.14-selinux.patch
+++ b/aide-0.14-selinux.patch
@ -0,0 +1,35 @@
+diff -urp aide-0.14.orig/include/compare_db.h aide-0.14/include/compare_db.h
+--- aide-0.14.orig/include/compare_db.h	2010-05-15 10:15:23.000000000 -0400
+++ aide-0.14/include/compare_db.h	2010-05-15 10:16:05.000000000 -0400
+@@ -48,6 +48,6 @@ void init_rxlst(list* rxlst);
+  * compare_dbline()
+  * Return RETOK if same RETFAIL if not
+  */
+-int compare_dbline(db_line* old,db_line* new,DB_ATTR_TYPE ignorelist);
+DB_ATTR_TYPE compare_dbline(db_line* old,db_line* new,DB_ATTR_TYPE ignorelist);
+ 
+ #endif
+diff -urp aide-0.14.orig/src/aide.c aide-0.14/src/aide.c
+--- aide-0.14.orig/src/aide.c	2010-05-15 10:15:23.000000000 -0400
+++ aide-0.14/src/aide.c	2010-05-15 10:17:32.000000000 -0400
+@@ -246,7 +246,7 @@ void setdefaults_before_config()
+   char* urlstr=INITIALERRORSTO;
+   url_t* u=NULL;
+   char* s=(char*)malloc(sizeof(char)*MAXHOSTNAMELEN+1);
+-  unsigned long long p;
+  DB_ATTR_TYPE p;
+ 
+   /*
+     Set up the hostname
+diff -urp aide-0.14.orig/src/compare_db.c aide-0.14/src/compare_db.c
+--- aide-0.14.orig/src/compare_db.c	2010-05-15 10:15:23.000000000 -0400
+++ aide-0.14/src/compare_db.c	2010-05-15 10:16:42.000000000 -0400
+@@ -275,7 +275,7 @@ static int compare_str(const char *s1, c
+   - ignorelist kertoo mitä ei saa vertailla
+ */
+ 
+-int compare_dbline(db_line* l1,db_line* l2,DB_ATTR_TYPE ignorelist)
+DB_ATTR_TYPE compare_dbline(db_line* l1,db_line* l2,DB_ATTR_TYPE ignorelist)
+ {
+ 
+ #define easy_compare(a,b) \
--- a/aide.spec
+++ b/aide.spec
@ -4,7 +4,7 @@
 Summary: Intrusion detection environment
 Name: aide
 Version: 0.14
-Release: 2%{?dist}
+Release: 3%{?dist}
 URL: http://sourceforge.net/projects/aide
 License: GPLv2+
 Group: Applications/System
@ -16,6 +16,8 @@ Source3: aide.logrotate
 Patch1: aide-0.14-man.patch
 Patch2: aide-0.13.1-libgrypt-init.patch
 Patch3: aide-0.14-abort.patch
+Patch4: aide-0.14-selinux.patch
+Patch5: aide-0.14-perms.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
 BuildRequires: mktemp 
 BuildRequires: prelink elfutils-libelf-devel
@ -40,6 +42,8 @@ checker and intrusion detection program.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
+%patch5 -p1

 %build
 %configure --with-config_file=%{_sysconfdir}/aide.conf \
@ -85,6 +89,10 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Sat May 15 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-3
+- Fix bz 590561 aide does not detect the change of SElinux context
+- Fix bz 590566 aide reports a changed file when it has not been changed
+
 * Wed Apr 28 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-2
 - Fix bz 574764 by replacing abort calls with exit
 - Apply libgcrypt init patch