do not use sha1 and md5 by default
This commit is contained in:
		
							parent
							
								
									b43ff98e62
								
							
						
					
					
						commit
						d550a7a774
					
				
							
								
								
									
										51
									
								
								aide-configure.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								aide-configure.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,51 @@ | |||||||
|  | diff --color -ru a/configure.ac b/configure.ac
 | ||||||
|  | --- a/configure.ac	2021-05-20 09:31:11.686987129 +0200
 | ||||||
|  | +++ b/configure.ac	2021-05-20 09:39:43.369967457 +0200
 | ||||||
|  | @@ -784,11 +784,11 @@
 | ||||||
|  |  	[if test "x$withval" = "xmd5" ;then | ||||||
|  |  	   CONFIGHMACTYPE="MHASH_MD5" | ||||||
|  |  	else if test "x$withval" = "xsha1" ;then | ||||||
|  | -	      CONFIGHMACTYPE="MHASH_SHA1"
 | ||||||
|  | +	   CONFIGHMACTYPE="MHASH_SHA1"
 | ||||||
|  |  	else if test "x$withval" = "xsha256" ;then | ||||||
|  | -	      CONFIGHMACTYPE="MHASH_SHA256"
 | ||||||
|  | +	   CONFIGHMACTYPE="MHASH_SHA256"
 | ||||||
|  |  	else if test "x$withval" = "xsha512" ;then | ||||||
|  | -	      CONFIGHMACTYPE="MHASH_SHA512"
 | ||||||
|  | +	   CONFIGHMACTYPE="MHASH_SHA512"
 | ||||||
|  |          else  | ||||||
|  |  	   echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512" | ||||||
|  |  	   exit 1 | ||||||
|  | @@ -799,7 +799,6 @@
 | ||||||
|  |  	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])], | ||||||
|  |  	[ | ||||||
|  |  	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,MHASH_MD5,[hash type for config file check])] | ||||||
|  | -,
 | ||||||
|  |  ) | ||||||
|  |   | ||||||
|  |  AC_ARG_WITH([confighmackey], | ||||||
|  | @@ -846,18 +845,18 @@
 | ||||||
|  |   | ||||||
|  |  AC_ARG_WITH([dbhmactype], | ||||||
|  |  	AC_HELP_STRING([--with-dbhmactype=TYPE], | ||||||
|  | -		[Hash type to use for checking db. Valid values are md5 and sha1.]),
 | ||||||
|  | +		[Hash type to use for checking db. Valid values are md5, sha1, sha256 and sha512.]),
 | ||||||
|  |  	[if test "x$withval" = "xmd5" ;then | ||||||
|  |  	   DBHMACTYPE="MHASH_MD5" | ||||||
|  |  	else if test "x$withval" = "xsha1" ;then | ||||||
|  | -	      DBHMACTYPE="MHASH_SHA1"
 | ||||||
|  | +	   DBHMACTYPE="MHASH_SHA1"
 | ||||||
|  |  	else if test "x$withval" = "xsha256" ;then | ||||||
|  | -	      CONFIGHMACTYPE="MHASH_SHA256"
 | ||||||
|  | +	   DBHMACTYPE="MHASH_SHA256"
 | ||||||
|  |  	else if test "x$withval" = "xsha512" ;then | ||||||
|  | -	      CONFIGHMACTYPE="MHASH_SHA512"
 | ||||||
|  | +	   DBHMACTYPE="MHASH_SHA512"
 | ||||||
|  |          else  | ||||||
|  | -	      echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
 | ||||||
|  | -	      exit 1
 | ||||||
|  | +	   echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
 | ||||||
|  | +	   exit 1
 | ||||||
|  |  	fi | ||||||
|  |  	fi | ||||||
|  |  	fi | ||||||
							
								
								
									
										10
									
								
								aide.spec
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								aide.spec
									
									
									
									
									
								
							| @ -36,6 +36,7 @@ Patch4: aide-0.15-syslog-format.patch | |||||||
| Patch5: aide-0.16-crypto-disable-haval-and-others.patch | Patch5: aide-0.16-crypto-disable-haval-and-others.patch | ||||||
| Patch6: coverity.patch | Patch6: coverity.patch | ||||||
| Patch7: aide-0.16-crash-elf.patch | Patch7: aide-0.16-crash-elf.patch | ||||||
|  | Patch8: aide-configure.patch | ||||||
| 
 | 
 | ||||||
| %description | %description | ||||||
| AIDE (Advanced Intrusion Detection Environment) is a file integrity | AIDE (Advanced Intrusion Detection Environment) is a file integrity | ||||||
| @ -57,7 +58,9 @@ autoreconf -ivf | |||||||
|   --with-selinux \ |   --with-selinux \ | ||||||
|   --with-xattr \ |   --with-xattr \ | ||||||
|   --with-e2fsattrs \ |   --with-e2fsattrs \ | ||||||
|   --with-audit |   --with-audit \ | ||||||
|  |   --with-confighmactype=sha512 \ | ||||||
|  |   --with-dbhmactype=sha512 | ||||||
| %make_build | %make_build | ||||||
| 
 | 
 | ||||||
| %install | %install | ||||||
| @ -80,6 +83,11 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide | |||||||
| %dir %attr(0700,root,root) %{_localstatedir}/log/aide | %dir %attr(0700,root,root) %{_localstatedir}/log/aide | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Thu May 20 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19 | ||||||
|  | - fix configuration option with-dbhmactype | ||||||
|  | - do not use sha1 and md5 by default | ||||||
|  |   Resolves: rhbz#1935457 | ||||||
|  | 
 | ||||||
| * Mon May 10 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19 | * Mon May 10 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19 | ||||||
| - use gating and config file from rhel-8.5 | - use gating and config file from rhel-8.5 | ||||||
| - remove check of periodically changing files | - remove check of periodically changing files | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user