rpms
/
aide
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix verbose option 

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
This commit is contained in:
Radovan Sroka 2024-02-12 18:20:57 +01:00
parent 772571371f
commit a003ad04cf
11 changed files with 41 additions and 1603 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
View File

@ -1,58 +0,0 @@
From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= <dkopecek@redhat.com>
Date: Wed, 20 Feb 2019 12:00:56 +0100
Subject: [PATCH] Use LDADD for adding curl library to the linker command
---
Makefile.am | 2 +-
configure.ac | 5 +++--
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 4b05d7a..1541d56 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -55,7 +55,7 @@ if USE_CURL
aide_SOURCES += include/fopen.h src/fopen.c
endif
-aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@
+aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@
AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
AM_CPPFLAGS = -I$(top_srcdir) \
-I$(top_srcdir)/include \
diff --git a/configure.ac b/configure.ac
index 3598ebe..0418c59 100644
--- a/configure.ac
+++ b/configure.ac
@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then
compoptionstring="${compoptionstring}WITH_ZLIB\\n"
fi
+CURLLIB=
if test x$with_curl = xyes; then
AC_PATH_PROG(curlconfig, "curl-config")
if test "_$curlconfig" != _ ; then
CURL_CFLAGS=`$curlconfig --cflags`
- CURL_LIBS=`$curlconfig --libs`
+ CURLLIB=`$curlconfig --libs`
else
AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])
fi
AC_CHECK_HEADERS(curl/curl.h,,
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])])
CFLAGS="$CFLAGS $CURL_CFLAGS"
- LDFLAGS="$LDFLAGS $CURL_LIBS"
AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes,
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]
)
AC_DEFINE(WITH_CURL,1,[use curl])
compoptionstring="${compoptionstring}WITH_CURL\\n"
fi
+AC_SUBST(CURLLIB)
AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes)
AC_ARG_WITH(mhash,
--
2.20.1

17
aide-0.16-crash-elf.patch
View File

@ -1,17 +0,0 @@
--- ./src/do_md.c 2018-03-19 05:10:19.994957024 -0400
+++ ./src/do_md.c 2018-03-19 05:19:05.829957024 -0400
@@ -135,8 +135,13 @@
continue;
while (!bingo && (data = elf_getdata (scn, data)) != NULL) {
- int maxndx = data->d_size / shdr.sh_entsize;
+ int maxndx;
int ndx;
+
+ if (shdr.sh_entsize != 0)
+ maxndx = data->d_size / shdr.sh_entsize;
+ else
+ continue;
for (ndx = 0; ndx < maxndx; ++ndx) {
(void) gelf_getdyn (data, ndx, &dyn);

153
aide-0.16-crypto-disable-haval-and-others.patch
View File

@ -1,153 +0,0 @@
diff -up ./include/md.h.crypto ./include/md.h
--- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200
+++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200
@@ -149,6 +149,7 @@ int init_md(struct md_container*);
int update_md(struct md_container*,void*,ssize_t);
int close_md(struct md_container*);
void md2line(struct md_container*,struct db_line*);
+DB_ATTR_TYPE get_available_crypto();
#endif /*_MD_H_INCLUDED*/
diff -up ./src/aide.c.crypto ./src/aide.c
--- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200
+++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200
@@ -349,7 +349,7 @@ static void setdefaults_before_config()
conf->db_attrs = 0;
#if defined(WITH_MHASH) || defined(WITH_GCRYPT)
- conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512;
+ conf->db_attrs |= get_available_crypto();
#ifdef WITH_MHASH
conf->db_attrs |= DB_GOST;
#ifdef HAVE_MHASH_WHIRLPOOL
diff -up ./src/md.c.crypto ./src/md.c
--- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200
+++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200
@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) {
return r;
}
+const char * hash_gcrypt2str(int i) {
+ char * r = "?";
+#ifdef WITH_GCRYPT
+ switch (i) {
+ case GCRY_MD_MD5: {
+ r = "MD5";
+ break;
+ }
+ case GCRY_MD_SHA1: {
+ r = "SHA1";
+ break;
+ }
+ case GCRY_MD_RMD160: {
+ r = "RMD160";
+ break;
+ }
+ case GCRY_MD_TIGER: {
+ r = "TIGER";
+ break;
+ }
+ case GCRY_MD_HAVAL: {
+ r = "HAVAL";
+ break;
+ }
+ case GCRY_MD_SHA256: {
+ r = "SHA256";
+ break;
+ }
+ case GCRY_MD_SHA512: {
+ r = "SHA512";
+ break;
+ }
+ case GCRY_MD_CRC32: {
+ r = "CRC32";
+ break;
+ }
+ default:
+ break;
+ }
+#endif
+ return r;
+}
+
DB_ATTR_TYPE hash_mhash2attr(int i) {
DB_ATTR_TYPE r=0;
#ifdef WITH_MHASH
@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) {
Initialise md_container according it's todo_attr field
*/
+DB_ATTR_TYPE get_available_crypto() {
+
+ DB_ATTR_TYPE ret = 0;
+
+/*
+ * This function is usually called before config processing
+ * and default verbose level is 5
+ */
+#define lvl 255
+
+ error(lvl, "get_available_crypto called\n");
+
+#ifdef WITH_GCRYPT
+
+ /*
+ * some initialization for FIPS
+ */
+ gcry_check_version(NULL);
+ error(lvl, "Found algos:");
+
+ for(int i=0;i<=HASH_GCRYPT_COUNT;i++) {
+
+ if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 )
+ continue;
+
+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) {
+ ret |= hash_gcrypt2attr(i);
+ error(lvl, " %s", hash_gcrypt2str(i));
+ }
+ }
+ error(lvl, "\n");
+
+#endif
+
+ error(lvl, "get_available_crypto_returned with %lld\n", ret);
+ return ret;
+}
+
int init_md(struct md_container* md) {
int i;
@@ -201,18 +282,27 @@ int init_md(struct md_container* md) {
}
#endif
#ifdef WITH_GCRYPT
- if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
error(0,"gcrypt_md_open failed\n");
exit(IO_ERROR);
}
for(i=0;i<=HASH_GCRYPT_COUNT;i++) {
+
+
if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) {
- DB_ATTR_TYPE h=hash_gcrypt2attr(i);
- error(255,"inserting %llu\n",h);
+
+ DB_ATTR_TYPE h=hash_gcrypt2attr(i);
+
+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) {
+ error(0,"Algo %s is not available\n", hash_gcrypt2str(i));
+ exit(-1);
+ }
+
+ error(255,"inserting %llu\n",h);
if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){
md->calc_attr|=h;
} else {
- error(0,"gcry_md_enable %i failed",i);
+ error(0,"gcry_md_enable %i failed\n",i);
md->todo_attr&=~h;
}
}

103
aide-0.16b1-fipsfix.patch
View File

@ -1,103 +0,0 @@
diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c
--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200
+++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200
@@ -511,9 +511,28 @@ int main(int argc,char**argv)
#endif
umask(0177);
init_sighandler();
-
setdefaults_before_config();
+#if WITH_GCRYPT
+ error(255,"Gcrypt library initialization\n");
+ /*
+ * Initialize libgcrypt as per
+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
+ *
+ *
+ */
+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0);
+ gcry_control(GCRYCTL_INIT_SECMEM, 1);
+
+ if(!gcry_check_version(GCRYPT_VERSION)) {
+ error(0,"libgcrypt version mismatch\n");
+ exit(VERSION_MISMATCH_ERROR);
+ }
+
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+#endif /* WITH_GCRYPT */
+
+
if(read_param(argc,argv)==RETFAIL){
error(0, _("Invalid argument\n") );
exit(INVALID_ARGUMENT_ERROR);
@@ -646,6 +665,9 @@ int main(int argc,char**argv)
}
#endif
}
+#ifdef WITH_GCRYPT
+ gcry_control(GCRYCTL_TERM_SECMEM, 0);
+#endif /* WITH_GCRYPT */
return RETOK;
}
const char* aide_key_3=CONFHMACKEY_03;
diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c
--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200
+++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200
@@ -201,14 +201,7 @@ int init_md(struct md_container* md) {
}
#endif
#ifdef WITH_GCRYPT
- error(255,"Gcrypt library initialization\n");
- if(!gcry_check_version(GCRYPT_VERSION)) {
- error(0,"libgcrypt version mismatch\n");
- exit(VERSION_MISMATCH_ERROR);
- }
- gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){
error(0,"gcrypt_md_open failed\n");
exit(IO_ERROR);
}
@@ -299,7 +292,7 @@ int close_md(struct md_container* md) {
/*. There might be more hashes in the library. Add those here.. */
- gcry_md_reset(md->mdh);
+ gcry_md_close(md->mdh);
#endif
#ifdef WITH_MHASH
diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c
--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200
+++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200
@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s)
return(AIDE_SYSLOG_FACILITY);
}
-/* We need these dummy stubs to fool the linker into believing that
- we do not need them at link time */
-
-void* dlopen(char*filename,int flag)
-{
- return NULL;
-}
-
-void* dlsym(void*handle,char*symbol)
-{
- return NULL;
-}
-
-void* dlclose(void*handle)
-{
- return NULL;
-}
-
-const char* dlerror(void)
-{
- return NULL;
-}
-
const char* aide_key_2=CONFHMACKEY_02;
const char* db_key_2=DBHMACKEY_02;

15
aide-0.16rc1-man.patch
View File

@ -1,15 +0,0 @@
diff -up ./doc/aide.1.in.orig ./doc/aide.1.in
--- ./doc/aide.1.in.orig 2016-07-12 16:10:01.724595895 +0200
+++ ./doc/aide.1.in 2016-07-12 16:06:21.968639822 +0200
@@ -103,9 +103,9 @@ echo <encoded_checksum> | base64 \-d | h
.SH FILES
.IP \fB@sysconfdir@/aide.conf\fR
Default aide configuration file.
-.IP \fB@sysconfdir@/aide.db\fR
+.IP \fB@localstatedir@/lib/aide/aide.db\fR
Default aide database.
-.IP \fB@sysconfdir@/aide.db.new\fR
+.IP \fB@localstatedir@/lib/aide/aide.db.new\fR
Default aide output database.
.SH SEE ALSO
.BR aide.conf (5)

1121
aide-configure-c99-1.patch
View File

File diff suppressed because it is too large Load Diff

30
aide-configure-c99-2.patch
View File

@ -1,30 +0,0 @@
This is no longer relevant upstream as of this commit:
commit ab12f8919f0f7beff0b8db974e98285ede6a285d
Author: Hannes von Haugwitz <hannes@vonhaugwitz.com>
Date: Sun Sep 22 07:26:28 2019 +0200
Use AC_SYS_LARGEFILE for large-file support
- closes #16
- require C99 compatible compiler
- stop using readdir_r in favor of readdir
- remove unused 'size_o member in db_line struct
- '--disable-largefile' now disables LFS
diff --git a/configure.ac b/configure.ac
index cafe16e95ed68c9f..144d55a9146548c0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -574,9 +574,10 @@ AC_CACHE_CHECK([for LFS ino_t],ac_cv_ino_type,[
AC_TRY_RUN([
#include <unistd.h>
#include <stdio.h>
+#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
-main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }],
+int main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }],
ac_cv_ino_type=ino64_t,ac_cv_ino_type=ino_t,ac_cv_ino_type=cross)])
AIDE_INO_TYPE=$ac_cv_ino_type

60
aide-configure-c99-3.patch
View File

@ -1,60 +0,0 @@
Mostly equivalent to this upstream commit:
commit 601113f8a57c8f195af09bb2f14123449fa6bded
Author: Sam James <sam@gentoo.org>
Date: Fri Nov 18 00:04:53 2022 +0000
Fix configure.ac compatibility with Clang 16
Clang 16 makes -Wimplicit-function-declaration and -Wimplicit-int errors by default.
Unfortunately, this can lead to misconfiguration or miscompilation of software as configure
tests may then return the wrong result.
We also fix -Wstrict-prototypes while here as it's easy to do and it prepares
us for C23.
For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2],
or the (new) c-std-porting mailing list [3].
[0] https://lwn.net/Articles/913505/
[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
[2] https://wiki.gentoo.org/wiki/Modern_C_porting
[3] hosted at lists.linux.dev.
Bug: https://bugs.gentoo.org/881707
Signed-off-by: Sam James <sam@gentoo.org>
diff --git a/configure.ac b/configure.ac
index 144d55a9146548c0..e74911535ddd015f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -279,7 +279,10 @@ AC_CHECK_FUNCS(fcntl ftruncate posix_fadvise asprintf snprintf \
AC_CACHE_CHECK([for open/O_NOATIME], db_cv_open_o_noatime, [
echo "test for working open/O_NOATIME" > __o_noatime_file
AC_TRY_RUN([
+#include <stdlib.h>
#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
#include <fcntl.h>
#ifndef O_NOATIME
#if defined(__linux__) && (defined(__i386__) || defined(__PPC__))
@@ -288,12 +291,15 @@ AC_TRY_RUN([
#define O_NOATIME 0
#endif
#endif
-main() {
+int main() {
int c, fd = open("__o_noatime_file", O_RDONLY | O_NOATIME, 0);
exit ((!O_NOATIME) || (fd == -1) || (read(fd, &c, 1) != 1));
}], [db_cv_open_o_noatime=yes], [db_cv_open_o_noatime=no],
AC_TRY_LINK([
-#include <sys/types.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
#include <fcntl.h>
#ifndef O_NOATIME
#if defined(__linux__) && (defined(__i386__) || defined(__PPC__))

34
aide-verbose.patch Normal file
View File

@ -0,0 +1,34 @@
diff -up ./src/conf_eval.c.fix ./src/conf_eval.c
--- ./src/conf_eval.c.fix 2023-12-22 12:12:22.961141634 +0100
+++ ./src/conf_eval.c 2023-12-22 14:09:21.217786675 +0100
@@ -166,6 +166,7 @@ static DB_ATTR_TYPE eval_attribute_expre
static void set_database_attr_option(DB_ATTR_TYPE attr, int linenumber, char *filename, char* linebuf) {
char *str;
+ long num;
DB_ATTR_TYPE hashes = get_hashes(true);
if (attr&(~hashes)) {
@@ -298,8 +299,20 @@ static void eval_config_statement(config
LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_CONFIG, "set 'config_version' option to '%s'", str)
break;
case VERBOSE_OPTION:
- log_msg(LOG_LEVEL_ERROR, "%s:%d: 'verbose' option is no longer supported, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf);
- exit(INVALID_CONFIGURELINE_ERROR);
+ log_msg(LOG_LEVEL_CONFIG, "%s:%d: 'verbose' option is deprecated, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf);
+ str = eval_string_expression(statement.e, linenumber, filename, linebuf);
+ num = strtol(str, NULL, 10);
+
+ if (num < 0 && num > 255) {
+ LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_ERROR, "invalid verbose level: '%s'", str);
+ exit(INVALID_CONFIGURELINE_ERROR);
+ }
+
+ if (num >= 10) {
+ set_log_level(LOG_LEVEL_DEBUG);
+ }
+
+ free(str);
break;
case LIMIT_CMDLINE_OPTION:
/* command-line options are ignored here */

22
aide.spec
View File

@ -1,7 +1,7 @@
Summary: Intrusion detection environment
Name: aide
Version: 0.18.6
Release: 3%{?dist}
Release: 4%{?dist}
URL: http://sourceforge.net/projects/aide
License: GPL-2.0-or-later
@ -25,20 +25,7 @@ BuildRequires: e2fsprogs-devel
BuildRequires: audit-libs-devel
BuildRequires: autoconf automake libtool
# Customize the database file location in the man page.
#Patch1: aide-0.16rc1-man.patch
# fix aide in FIPS mode
#Patch2: aide-0.16b1-fipsfix.patch
# Bug 1674637 - aide: FTBFS in Fedora rawhide/f30
#Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
#Patch4: aide-0.15-syslog-format.patch
#Patch5: aide-0.16-crypto-disable-haval-and-others.patch
#Patch6: coverity.patch
#Patch7: aide-0.16-crash-elf.patch
#Patch8: aide-configure-c99-1.patch
#Patch9: aide-configure-c99-2.patch
#Patch10: aide-configure-c99-3.patch
Patch1: aide-verbose.patch
%description
AIDE (Advanced Intrusion Detection Environment) is a file integrity
@ -48,6 +35,8 @@ checker and intrusion detection program.
%autosetup -p1
cp -a %{S:2} .
%patch -R -P 1 -p1 -b .verbose
%build
#autoreconf -ivf
%configure \
@ -83,6 +72,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
%changelog
* Mon Feb 12 2024 Radovan Sroka <rsroka@redhat.com> - 0.18.6-4
- rebase to 0.18.6
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

31
coverity2.patch
View File

@ -1,31 +0,0 @@
diff --up ./src/compare_db.c ./src/compare_db.c
--- ./src/compare_db.c
+++ ./src/compare_db.c
@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s);
} else {
*values = malloc(1 * sizeof (char*));
if (DB_FTYPE&attr) {
- easy_string(get_file_type_string(line->perm))
+ char *file_type = get_file_type_string(line->perm);
+ if (!file_type) {
+ error(2,"%s: ", file_type);
+ }
+ easy_string(file_type)
} else if (DB_LINKNAME&attr) {
easy_string(line->linkname)
easy_number((DB_SIZE|DB_SIZEG),size,"%li")
diff -up ./src/db_file.c ./src/db_file.c
--- ./src/db_file.c
+++ ./src/db_file.c
@@ -194,6 +194,10 @@ int db_file_read_spec(int db){
*db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
+ if (*db_order == NULL){
+ error(1,"malloc for *db_order failed in %s", __func__);
+ }
+
while ((i=db_scan())!=TNEWLINE){
switch (i) {