10 changed files with 1014 additions and 331 deletions
--- a/SOURCES/aide-0.16-CVE-2025-54389-part2.patch
+++ b/SOURCES/aide-0.16-CVE-2025-54389-part2.patch
@ -1,220 +0,0 @@
 diff -up aide-0.16/src/db_disk.c.orig aide-0.16/src/db_disk.c
 --- aide-0.16/src/db_disk.c.orig	2025-08-21 09:58:21.271581589 +0200
 +++ aide-0.16/src/db_disk.c	2025-08-21 10:01:26.310573141 +0200
@@ -139,7 +139,11 @@ void add_child (db_line * fil)
 	int i;
 	struct seltree *new_r;
 -	error (255, "Adding child %s\n", fil->filename);
 +	{
 +	char *fname_safe = stresc(fil->filename);
 +	error (255, "Adding child %s\n", fname_safe);
 +	free(fname_safe);
 +	}
 	new_r = get_seltree_node (r, fil->filename);
 	if (new_r != NULL) {
@@ -182,9 +186,13 @@ static int get_file_status(char *filenam
     if(sres == -1){
         char* er = strerror(errno);
         if (er == NULL) {
 -            error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename, errno);
 +            char *filename_safe = stresc(filename);
 +            error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename_safe, errno);
 +            free(filename_safe);
         } else {
 -            error(0,"get_file_status: lstat() failed for %s: %s\n", filename, er);
 +            char *filename_safe = stresc(filename);
 +            error(0,"get_file_status: lstat() failed for %s: %s\n", filename_safe, er);
 +            free(filename_safe);
         }
     }
     return sres;
@@ -220,7 +228,11 @@ db_line *db_readline_disk ()
 			error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
 			if (fil != NULL) {
 -				error (240, "%s attr=%llu\n", fil->filename, fil->attr);
 +				{
 +				char *fname_safe = stresc(fil->filename);
 +				error (240, "%s attr=%llu\n", fname_safe, fil->attr);
 +				free(fname_safe);
 +				}
 				return fil;
 			}
         }
@@ -269,7 +281,11 @@ recursion:
 			error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
 			if (fil != NULL) {
 -				error (240, "%s attr=%llu\n", fil->filename, fil->attr);
 +				{
 +				char *fname_safe = stresc(fil->filename);
 +				error (240, "%s attr=%llu\n", fname_safe, fil->attr);
 +				free(fname_safe);
 +				}
 			} else {
 				/*
 				   Something went wrong during read process -> 
 diff -up aide-0.16/src/gen_list.c.orig aide-0.16/src/gen_list.c
 --- aide-0.16/src/gen_list.c.orig	2025-08-21 09:58:21.273581610 +0200
 +++ aide-0.16/src/gen_list.c	2025-08-21 10:04:29.190502666 +0200
@@ -37,6 +37,7 @@
 #include "list.h"
 #include "gen_list.h"
 #include "seltree.h"
 +#include "util.h"
 #include "db.h"
 #include "db_config.h"
 #include "commandconf.h"
@@ -993,16 +994,28 @@ int check_rxtree(char* filename,seltree*
   if(conf->limit!=NULL) {
       retval=pcre_exec(conf->limit_crx, NULL, filename, strlen(filename), 0, PCRE_PARTIAL_SOFT, NULL, 0);
       if (retval >= 0) {
 -          error(220, "check_rxtree: %s does match limit: %s\n", filename, conf->limit);
 +          char *fname_safe = stresc(filename);
 +          char *limit_safe = conf->limit?stresc(conf->limit):NULL;
 +          error(220, "check_rxtree: %s does match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
 +          free(fname_safe);
 +          free(limit_safe);
       } else if (retval == PCRE_ERROR_PARTIAL) {
 -          error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", filename, conf->limit);
 +          char *fname_safe = stresc(filename);
 +          char *limit_safe = conf->limit?stresc(conf->limit):NULL;
 +          error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
           if(S_ISDIR(perm) && get_seltree_node(tree,filename)==NULL){
 -              error(220, "check_rxtree: creating new seltree node for '%s'\n", filename);
 +              error(220, "check_rxtree: creating new seltree node for '%s'\n", fname_safe);
               new_seltree_node(tree,filename,0,NULL);
           }
 +          free(fname_safe);
 +          free(limit_safe);
           return -1;
       } else {
 -          error(220, "check_rxtree: %s does NOT match limit: %s\n", filename, conf->limit);
 +          char *fname_safe = stresc(filename);
 +          char *limit_safe = conf->limit?stresc(conf->limit):NULL;
 +          error(220, "check_rxtree: %s does NOT match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
 +          free(fname_safe);
 +          free(limit_safe);
           return -2;
       }
   }
@@ -1039,13 +1052,25 @@ db_line* get_file_attrs(char* filename,D
   } else {
     if(fs->st_atime>cur_time){
 -      error(CLOCK_SKEW,_("%s atime in future\n"),filename);
 +      {
 +      char *fname_safe = stresc(filename);
 +      error(CLOCK_SKEW,_("%s atime in future\n"),fname_safe);
 +      free(fname_safe);
 +      }
     }
     if(fs->st_mtime>cur_time){
 -      error(CLOCK_SKEW,_("%s mtime in future\n"),filename);
 +      {
 +      char *fname_safe = stresc(filename);
 +      error(CLOCK_SKEW,_("%s mtime in future\n"),fname_safe);
 +      free(fname_safe);
 +      }
     }
     if(fs->st_ctime>cur_time){
 -      error(CLOCK_SKEW,_("%s ctime in future\n"),filename);
 +      {
 +      char *fname_safe = stresc(filename);
 +      error(CLOCK_SKEW,_("%s ctime in future\n"),fname_safe);
 +      free(fname_safe);
 +      }
     }
   }
@@ -1220,7 +1245,11 @@ void hsymlnk(db_line* line) {
       int sres;
       sres=AIDE_STAT_FUNC(line->fullpath,&fs);
       if (sres!=0 && sres!=EACCES) {
 -	error(4,"Dead symlink detected at %s\n",line->fullpath);
 +        {
 +        char *fp_safe = stresc(line->fullpath);
 +        error(4,"Dead symlink detected at %s\n",fp_safe);
 +        free(fp_safe);
 +        }
       }
       if(!(line->attr&DB_RDEV))
 	fs.st_rdev=0;
 diff -up aide-0.16/src/util.c.orig aide-0.16/src/util.c
 --- aide-0.16/src/util.c.orig	2025-08-21 09:58:21.272581600 +0200
 +++ aide-0.16/src/util.c	2025-08-21 10:07:50.157894133 +0200
@@ -104,9 +104,11 @@ url_t* parse_url(char* val)
       r+=2;
       for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
       if(r[0]=='\0'){
 -	error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
 +        char *t_safe = stresc(t);
 +        error(0,"Invalid file-URL,no path after hostname: file:%s\n",t_safe);
 +        free(t_safe);
         free(hostname);
 -	return NULL;
 +        return NULL;
       }
       u->value=strdup(r);
       r[0]='\0';
@@ -118,9 +120,11 @@ url_t* parse_url(char* val)
 	free(hostname);
 	break;
       } else {
 -	error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
 -	free(hostname);
 -	return NULL;
 +        char *value_safe = stresc(u->value);
 +        error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,value_safe);
 +        free(value_safe);
 +        free(hostname);
 +        return NULL;
       }
       break;
@@ -150,6 +154,43 @@ url_t* parse_url(char* val)
   return u;
 }
 +static size_t escape_str(const char *unescaped_str, char *str, size_t s) {
 +    size_t n = 0;
 +    size_t i = 0;
 +    char c;
 +    while (i < s && (c = unescaped_str[i])) {
 +        if ((c >= 0 && (c < 0x1f || c == 0x7f)) ||
 +            (c == '\\' && isdigit(unescaped_str[i+1])
 +                       && isdigit(unescaped_str[i+2])
 +                       && isdigit(unescaped_str[i+3]))) {
 +            if (str) { snprintf(&str[n], 5, "\\%03o", c); }
 +            n += 4;
 +        } else {
 +            if (str) { str[n] = c; }
 +            n++;
 +        }
 +        i++;
 +    }
 +    if (str) { str[n] = '\0'; }
 +    n++;
 +    return n;
 +}
 +
 +char *strnesc(const char *unescaped_str, size_t s) {
 +    int n = escape_str(unescaped_str, NULL, s);
 +    char *str = malloc(n);
 +    if (str == NULL) {
 +        error(0, "malloc: failed to allocate %d bytes of memory\n", n);
 +        exit(1);
 +    }
 +    escape_str(unescaped_str, str, s);
 +    return str;
 +}
 +
 +char *stresc(const char *unescaped_str) {
 +    return strnesc(unescaped_str, strlen(unescaped_str));
 +}
 +
 /* Returns 1 if the string contains unsafe characters, 0 otherwise.  */
 int contains_unsafe (const char *s)
 {
--- a/SOURCES/aide-0.16-CVE-2025-54389.patch
+++ b/SOURCES/aide-0.16-CVE-2025-54389.patch
@ -584,6 +584,213 @@ index c17828d3e8b732096e00253f21623339f2168ccf..41e216527a9b05b90f1b601a61279fd4
     if (forced_attrs) {
         error (2,_("Forced attributes: %s\n"),report_attrs(forced_attrs));
     }
 diff --git a/src/db_disk.c b/src/db_disk.c
 index 6161af38010633cbc2c4519a76e997c992439562..11f0d1c348a097a4175640e0f554979f7c74f7c1 100644
 --- a/src/db_disk.c
 +++ b/src/db_disk.c
@@ -117,181 +117,197 @@ static char *name_construct (const char *s)
 {
 	char *ret;
 	int len2 = strlen (r->path);
 	int len = len2 + strlen (s) + 2 + conf->root_prefix_length;
 	if (r->path[len2 - 1] != '/') {
 		len++;
 	}
 	ret = (char *) malloc (len);
 	ret[0] = (char) 0;
 	strcpy(ret, conf->root_prefix);
 	strcat (ret, r->path);
 	if (r->path[len2 - 1] != '/') {
 		strcat (ret, "/");
 	}
 	strcat (ret, s);
 	return ret;
 }
 void add_child (db_line * fil)
 {
 	int i;
 	struct seltree *new_r;
 -	error (255, "Adding child %s\n", fil->filename);
 +    {
 +    char *fname_safe = stresc(fil->filename);
 +    error (255, "Adding child %s\n", fname_safe);
 +    free(fname_safe);
 +    }
 	new_r = get_seltree_node (r, fil->filename);
 	if (new_r != NULL) {
 		if (S_ISDIR (fil->perm_o)) {
 			;
 		} else {
 			new_r->checked |= NODE_CHECKED;
 			new_r->checked |= NODE_TRAVERSE;
 		}
 		return;
 	}
 	new_r = malloc (sizeof (seltree));
 	new_r->attr = 0;
 	i = strlen (fil->filename);
 	new_r->path = malloc (i + 1);
 	strncpy(new_r->path, fil->filename, i+1);
 	new_r->childs = NULL;
 	new_r->sel_rx_lst = NULL;
 	new_r->neg_rx_lst = NULL;
 	new_r->equ_rx_lst = NULL;
 	new_r->parent = r;
 	new_r->checked = 0;
 	new_r->new_data = NULL;
 	new_r->old_data = NULL;
 	if (S_ISDIR (fil->perm_o)) {
 		;
 	} else {
 		new_r->checked |= NODE_CHECKED;
 		new_r->checked |= NODE_TRAVERSE;
 	}
 	r->childs = list_sorted_insert (r->childs, new_r, compare_node_by_path);
 }
 static int get_file_status(char *filename, struct AIDE_STAT_TYPE *fs) {
     int sres = 0;
     sres = AIDE_LSTAT_FUNC(filename,fs);
     if(sres == -1){
         char* er = strerror(errno);
         if (er == NULL) {
 -            error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename, errno);
 +            char *filename_safe = stresc(filename);
 +            error(0,"get_file_status: lstat() failed for %s. strerror() failed for %i\n", filename_safe, errno);
 +            free(filename_safe);
         } else {
 -            error(0,"get_file_status: lstat() failed for %s: %s\n", filename, er);
 +            char *filename_safe = stresc(filename);
 +            error(0,"get_file_status: lstat() failed for %s: %s\n", filename_safe, er);
 +            free(filename_safe);
         }
     }
     return sres;
 }
 /*
   It might be a good idea to make this non recursive.
   Now implemented with goto-statement. Yeah, it's ugly and easy.
 */
 db_line *db_readline_disk ()
 {
 	db_line *fil = NULL;
 	DB_ATTR_TYPE attr;
 	char *fullname;
 	int add = 0;
 	struct AIDE_STAT_TYPE fs;
 	/* root needs special handling */
 	if (!root_handled) {
 		root_handled = 1;
 		fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
 		strcpy(fullname, conf->root_prefix);
 		strcat (fullname, "/");
 		if (!get_file_status(fullname, &fs)) {
 		add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
 		error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
 					 conf->tree, attr);
 		if (add > 0) {
 			fil = get_file_attrs (fullname, attr, &fs);
 			error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
 			if (fil != NULL) {
 -				error (240, "%s attr=%llu\n", fil->filename, fil->attr);
 +                            {
 +                            char *fname_safe = stresc(fil->filename);
 +                            error (240, "%s attr=%llu\n", fname_safe, fil->attr);
 +                            free(fname_safe);
 +                            }
 				return fil;
 			}
         }
 		}
 		free (fullname);
 	}
 recursion:
 	next_in_dir ();
 	if (in_this ()) {
 		/*
 		   Let's check if we have '.' or '..' entry.
 		   If have, just skipit.
 		   If don't do the 'normal' thing.
 		 */
 		if (strcmp (entp->d_name, ".") == 0 || strcmp (entp->d_name, "..") == 0) {
 			goto recursion;						// return db_readline_disk(db);
 		}
 		/*
 		   Now we know that we actually can do something.
 		 */
 		fullname = name_construct (entp->d_name);
 		/*
 		   Now we have a filename, which we must remember to free if it is
 		   not used. 
 		   Next thing is to see if we want to do something with it.
 		   If not call, db_readline_disk again...
 		 */
 		if (get_file_status(fullname, &fs)) {
 		    free (fullname);
 		    goto recursion;
 		}
 		add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
 		error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
 					 conf->tree, attr);
 		if (add > 0) {
 			fil = get_file_attrs (fullname, attr, &fs);
 			error (240, "%s attr=%llu\n", &fullname[conf->root_prefix_length], attr);
 			if (fil != NULL) {
 -				error (240, "%s attr=%llu\n", fil->filename, fil->attr);
 +                            {
 +                            char *fname_safe = stresc(fil->filename);
 +                            error (240, "%s attr=%llu\n", fname_safe, fil->attr);
 +                            free(fname_safe);
 +                            }
 			} else {
 				/*
 				   Something went wrong during read process -> 
 				   Let's try next one.
 				 */
 				free (fullname);
 				goto recursion;					// return db_readline_disk(db);
 			}
 			if (add == 1) {
 				/*
 				   add_children -> if dir, then add to children list.
 				 */
 				/* If ee are adding a file that is not a dir */
 				/* add_child can make the determination and mark the tree
 				   accordingly
 				 */
 				add_child (fil);
 			} else if (add == 2) {
 				/*
 				   Don't add to children list.
 				 */
 				/*
 				   Should we do something?
 diff --git a/src/db_sql.c b/src/db_sql.c
 index 154579070ccacb6e9b6b8393b989eb50c843e71d..09a32504c317607150174d2bec0fcddf47992995 100644
 --- a/src/db_sql.c
@ -1051,3 +1258,405 @@ index 77d2e15f5f9cdba5168a92feaf2f97128e705f36..4a648b6f5ff14edd553a3f8d94b11717
     }
 }
 #endif
 diff --git a/src/gen_list.c b/src/gen_list.c
 index ab257811485831b1db1b027a94b5c0447a92f923..5b4a93eef28e1930a52e8156df661ca999035f54 100644
 --- a/src/gen_list.c
 +++ b/src/gen_list.c
@@ -16,50 +16,51 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 #include "aide.h"
 #include <string.h>
 #include <assert.h>
 #include <stdlib.h>
 #include <dirent.h>
 #include <unistd.h>
 #include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <errno.h>
 #include <time.h>
 #include <pcre.h>
 #include "report.h"
 #include "list.h"
 #include "gen_list.h"
 #include "seltree.h"
 #include "db.h"
 +#include "util.h"
 #include "db_config.h"
 #include "commandconf.h"
 #include "report.h"
 /*for locale support*/
 #include "locale-aide.h"
 /*for locale support*/
 #define CLOCK_SKEW 5
 #ifdef WITH_MHASH
 #include <mhash.h>
 #endif
 #include "md.h"
 #include "do_md.h"
 void hsymlnk(db_line* line);
 void fs2db_line(struct AIDE_STAT_TYPE* fs,db_line* line);
 void calc_md(struct AIDE_STAT_TYPE* old_fs,db_line* line);
 void no_hash(db_line* line);
 static DB_ATTR_TYPE get_special_report_group(char* group) {
     DB_ATTR_TYPE attr = get_groupval(group);
     return attr==DB_ATTR_UNDEF?0:attr;
 }
@@ -971,103 +972,127 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db,
   }
 }
 int check_rxtree(char* filename,seltree* tree,DB_ATTR_TYPE* attr, mode_t perm)
 {
   int retval=0;
   char * tmp=NULL;
   char * parentname=NULL;
   seltree* pnode=NULL;
   parentname=strdup(filename);
   tmp=strrchr(parentname,'/');
   if(tmp!=parentname){
     *tmp='\0';
   }else {
     if(parentname[1]!='\0'){
       /* we are in the root dir */
       parentname[1]='\0';
     }
   }
   if(conf->limit!=NULL) {
       retval=pcre_exec(conf->limit_crx, NULL, filename, strlen(filename), 0, PCRE_PARTIAL_SOFT, NULL, 0);
       if (retval >= 0) {
 -          error(220, "check_rxtree: %s does match limit: %s\n", filename, conf->limit);
 +          char *fname_safe = stresc(filename);
 +          char *limit_safe = conf->limit?stresc(conf->limit):NULL;
 +          error(220, "check_rxtree: %s does match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
 +          free(fname_safe);
 +          free(limit_safe);
       } else if (retval == PCRE_ERROR_PARTIAL) {
 -          error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", filename, conf->limit);
 +          char *fname_safe = stresc(filename);
 +          char *limit_safe = conf->limit?stresc(conf->limit):NULL;
 +          error(220, "check_rxtree: %s does PARTIAL match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
           if(S_ISDIR(perm) && get_seltree_node(tree,filename)==NULL){
 -              error(220, "check_rxtree: creating new seltree node for '%s'\n", filename);
 +              error(220, "check_rxtree: creating new seltree node for '%s'\n", fname_safe);
               new_seltree_node(tree,filename,0,NULL);
           }
 +          free(fname_safe);
 +          free(limit_safe);
           return -1;
       } else {
 -          error(220, "check_rxtree: %s does NOT match limit: %s\n", filename, conf->limit);
 +          char *fname_safe = stresc(filename);
 +          char *limit_safe = conf->limit?stresc(conf->limit):NULL;
 +          error(220, "check_rxtree: %s does NOT match limit: %s\n", fname_safe, limit_safe?limit_safe:"");
 +          free(fname_safe);
 +          free(limit_safe);
           return -2;
       }
   }
   pnode=get_seltree_node(tree,parentname);
   *attr=0;
   retval=check_node_for_match(pnode,filename, perm, 0,attr);
   free(parentname);
   return retval;
 }
 db_line* get_file_attrs(char* filename,DB_ATTR_TYPE attr, struct AIDE_STAT_TYPE *fs)
 {
   db_line* line=NULL;
   time_t cur_time;
   if(!(attr&DB_RDEV))
     fs->st_rdev=0;
   /*
     Get current time for future time notification.
    */
   cur_time=time(NULL);
   if (cur_time==(time_t)-1) {
     char* er=strerror(errno);
     if (er==NULL) {
       error(0,_("Can not get current time. strerror failed for %i\n"),errno);
     } else {
       error(0,_("Can not get current time with reason %s\n"),er);
     }
   } else {
     if(fs->st_atime>cur_time){
 -      error(CLOCK_SKEW,_("%s atime in future\n"),filename);
 +      {
 +      char *fname_safe = stresc(filename);
 +      error(CLOCK_SKEW,_("%s atime in future\n"),fname_safe);
 +      free(fname_safe);
 +      }
     }
     if(fs->st_mtime>cur_time){
 -      error(CLOCK_SKEW,_("%s mtime in future\n"),filename);
 +      {
 +      char *fname_safe = stresc(filename);
 +      error(CLOCK_SKEW,_("%s mtime in future\n"),fname_safe);
 +      free(fname_safe);
 +      }
     }
     if(fs->st_ctime>cur_time){
 -      error(CLOCK_SKEW,_("%s ctime in future\n"),filename);
 +      {
 +      char *fname_safe = stresc(filename);
 +      error(CLOCK_SKEW,_("%s ctime in future\n"),fname_safe);
 +      free(fname_safe);
 +      }
     }
   }
   /*
     Malloc if we have something to store..
   */
   line=(db_line*)malloc(sizeof(db_line));
   memset(line,0,sizeof(db_line));
   /*
     We want filename
   */
   line->attr=attr|DB_FILENAME;
   /*
     Just copy some needed fields.
   */
   line->fullpath=filename;
   line->filename=&filename[conf->root_prefix_length];
   line->perm_o=fs->st_mode;
   line->size_o=fs->st_size;
@@ -1198,51 +1223,55 @@ void populate_tree(seltree* tree)
                         initdbwarningprinted=1;
                     }
                 }
             }
     }
     if(conf->action&DO_INIT) {
         write_tree(tree);
     }
 }
 void hsymlnk(db_line* line) {
   if((S_ISLNK(line->perm_o))){
     int len=0;
 #ifdef WITH_ACL   
     if(conf->no_acl_on_symlinks!=1) {
       line->attr&=(~DB_ACL);
     }
 #endif   
     if(conf->warn_dead_symlinks==1) {
       struct AIDE_STAT_TYPE fs;
       int sres;
       sres=AIDE_STAT_FUNC(line->fullpath,&fs);
       if (sres!=0 && sres!=EACCES) {
 -	error(4,"Dead symlink detected at %s\n",line->fullpath);
 +  {
 +  char *fp_safe = stresc(line->fullpath);
 +  error(4,"Dead symlink detected at %s\n",fp_safe);
 +  free(fp_safe);
 +  }
       }
       if(!(line->attr&DB_RDEV))
 	fs.st_rdev=0;
     }
     /*
       Is this valid?? 
       No, We should do this elsewhere.
     */
     line->linkname=(char*)malloc(_POSIX_PATH_MAX+1);
     if(line->linkname==NULL){
       error(0,_("malloc failed in hsymlnk()\n"));
       abort();
     }
     /*
       Remember to nullify the buffer, because man page says
       readlink  places the contents of the symbolic link path in
       the buffer buf, which has size bufsiz.  readlink does  not
       append  a NUL character to buf.  It will truncate the con-
       tents (to a length of  bufsiz  characters),  in  case  the
       buffer is too small to hold all of the contents.
     */
     memset(line->linkname,0,_POSIX_PATH_MAX+1);
 diff --git a/src/util.c b/src/util.c
 index 21c75a2f176270f47f480c8143984e8a00ce8780..7e3da74a6acbf6e656b833591972be06fb1ae0f1 100644
 --- a/src/util.c
 +++ b/src/util.c
@@ -82,101 +82,142 @@ url_t* parse_url(char* val)
   if(r[0]!='\0'){
     r[0]='\0';
     r++;
   }
   u->type=url_unknown;
   for(i=0;i<url_ntypes;i++){
     if(strcmp(val_copy,url_name[i])==0){
       u->type=url_value[i];
       break;
     }
   }
   switch (u->type) {
   case url_file : {
     if(r[0]=='/'&&(r+1)[0]=='/'&&(r+2)[0]=='/'){
       u->value=strdup(r+2);
       break;
     }
     if(r[0]=='/'&&(r+1)[0]=='/'&&(r+2)[0]!='/'){
       char*hostname=(char*)malloc(sizeof(char)*MAXHOSTNAMELEN);
       char* t=r+2;
       r+=2;
       for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
       if(r[0]=='\0'){
 -	error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
 +        char *t_safe = stresc(t);
 +        error(0,"Invalid file-URL,no path after hostname: file:%s\n",t_safe);
 +        free(t_safe);
         free(u);
         free(val_copy);
         free(hostname);
 -	return NULL;
 +        return NULL;
       }
       u->value=strdup(r);
       r[0]='\0';
       if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
         strncpy(hostname,"localhost",MAXHOSTNAMELEN);
       }
       if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
 	free(hostname);
 	break;
       } else {
 -	error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
 +        char *value_safe = stresc(u->value);
 +        error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,value_safe);
 +        free(value_safe);
         free(u->value);
         free(u);
         free(val_copy);
 -	free(hostname);
 -	return NULL;
 +        free(hostname);
 +        return NULL;
       }
       break;
     }
     u->value=strdup(r);
     break;
   }
   case url_https :
   case url_http :
   case url_ftp : {
     u->value=strdup(val);
     break;
   }
   case url_unknown : {
     error(0,"Unknown URL-type:%s\n",val_copy);
     break;
   }
   default : {
     u->value=strdup(r);
     break;
   }
   }
   free(val_copy);
   return u;
 }
 +static size_t escape_str(const char *unescaped_str, char *str, size_t s) {
 +    size_t n = 0;
 +    size_t i = 0;
 +    char c;
 +    while (i < s && (c = unescaped_str[i])) {
 +        if ((c >= 0 && (c < 0x1f || c == 0x7f)) ||
 +            (c == '\\' && isdigit(unescaped_str[i+1])
 +                       && isdigit(unescaped_str[i+2])
 +                       && isdigit(unescaped_str[i+3]))) {
 +            if (str) { snprintf(&str[n], 5, "\\%03o", c); }
 +            n += 4;
 +        } else {
 +            if (str) { str[n] = c; }
 +            n++;
 +        }
 +        i++;
 +    }
 +    if (str) { str[n] = '\0'; }
 +    n++;
 +    return n;
 +}
 +
 +char *strnesc(const char *unescaped_str, size_t s) {
 +    int n = escape_str(unescaped_str, NULL, s);
 +    char *str = malloc(n);
 +    if (str == NULL) {
 +        error(0, "malloc: failed to allocate %d bytes of memory\n", n);
 +        exit(1);
 +    }
 +    escape_str(unescaped_str, str, s);
 +    return str;
 +}
 +
 +char *stresc(const char *unescaped_str) {
 +    return strnesc(unescaped_str, strlen(unescaped_str));
 +}
 +
 /* Returns 1 if the string contains unsafe characters, 0 otherwise.  */
 int contains_unsafe (const char *s)
 {
   for (; *s; s++)
     if (strchr (URL_UNSAFE,(int) *s)||!ISPRINT((int)*s))
       return 1;
   return 0;
 }
 /* Decodes the forms %xy in a URL to the character the hexadecimal
    code of which is xy.  xy are hexadecimal digits from
    [0123456789ABCDEF] (case-insensitive).  If x or y are not
    hex-digits or `%' precedes `\0', the sequence is inserted
    literally.  */
 void decode_string (char* s)
 {
   char *p = s;
   for (; *s; s++, p++)
     {
       if (*s != '%')
         *p = *s;
       else
         {
--- a/SOURCES/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
+++ b/SOURCES/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
@ -0,0 +1,58 @@
 From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= <dkopecek@redhat.com>
 Date: Wed, 20 Feb 2019 12:00:56 +0100
 Subject: [PATCH] Use LDADD for adding curl library to the linker command
 ---
 Makefile.am  | 2 +-
 configure.ac | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)
 diff --git a/Makefile.am b/Makefile.am
 index 4b05d7a..1541d56 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -55,7 +55,7 @@ if USE_CURL
 aide_SOURCES += include/fopen.h src/fopen.c
 endif
 -aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@
 +aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@
 AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
 AM_CPPFLAGS = -I$(top_srcdir) \
 			  -I$(top_srcdir)/include \
 diff --git a/configure.ac b/configure.ac
 index 3598ebe..0418c59 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then
   compoptionstring="${compoptionstring}WITH_ZLIB\\n"
 fi
 +CURLLIB=
 if test x$with_curl = xyes; then
 	AC_PATH_PROG(curlconfig, "curl-config")
 	if test "_$curlconfig" != _ ; then
 		CURL_CFLAGS=`$curlconfig --cflags`
 -		CURL_LIBS=`$curlconfig --libs`
 +		CURLLIB=`$curlconfig --libs`
 	else
 		AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])
 	fi
   AC_CHECK_HEADERS(curl/curl.h,,
  	[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])])
   CFLAGS="$CFLAGS $CURL_CFLAGS"
 -  LDFLAGS="$LDFLAGS $CURL_LIBS"
   AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes,
  	[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]
 )
   AC_DEFINE(WITH_CURL,1,[use curl])
 	compoptionstring="${compoptionstring}WITH_CURL\\n"
 fi
 +AC_SUBST(CURLLIB)
 AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes)
 AC_ARG_WITH(mhash,
 -- 
 2.20.1
--- a/SOURCES/aide-configure.patch
+++ b/SOURCES/aide-configure.patch
@ -0,0 +1,51 @@
 diff --color -ru a/configure.ac b/configure.ac
 --- a/configure.ac	2021-05-20 09:31:11.686987129 +0200
 +++ b/configure.ac	2021-05-20 09:39:43.369967457 +0200
@@ -784,11 +784,11 @@
 	[if test "x$withval" = "xmd5" ;then
 	   CONFIGHMACTYPE="MHASH_MD5"
 	else if test "x$withval" = "xsha1" ;then
 -	      CONFIGHMACTYPE="MHASH_SHA1"
 +	   CONFIGHMACTYPE="MHASH_SHA1"
 	else if test "x$withval" = "xsha256" ;then
 -	      CONFIGHMACTYPE="MHASH_SHA256"
 +	   CONFIGHMACTYPE="MHASH_SHA256"
 	else if test "x$withval" = "xsha512" ;then
 -	      CONFIGHMACTYPE="MHASH_SHA512"
 +	   CONFIGHMACTYPE="MHASH_SHA512"
         else 
 	   echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512"
 	   exit 1
@@ -799,7 +799,6 @@
 	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])],
 	[
 	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,MHASH_MD5,[hash type for config file check])]
 -,
 )
 AC_ARG_WITH([confighmackey],
@@ -846,18 +845,18 @@
 AC_ARG_WITH([dbhmactype],
 	AC_HELP_STRING([--with-dbhmactype=TYPE],
 -		[Hash type to use for checking db. Valid values are md5 and sha1.]),
 +		[Hash type to use for checking db. Valid values are md5, sha1, sha256 and sha512.]),
 	[if test "x$withval" = "xmd5" ;then
 	   DBHMACTYPE="MHASH_MD5"
 	else if test "x$withval" = "xsha1" ;then
 -	      DBHMACTYPE="MHASH_SHA1"
 +	   DBHMACTYPE="MHASH_SHA1"
 	else if test "x$withval" = "xsha256" ;then
 -	      CONFIGHMACTYPE="MHASH_SHA256"
 +	   DBHMACTYPE="MHASH_SHA256"
 	else if test "x$withval" = "xsha512" ;then
 -	      CONFIGHMACTYPE="MHASH_SHA512"
 +	   DBHMACTYPE="MHASH_SHA512"
         else 
 -	      echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
 -	      exit 1
 +	   echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
 +	   exit 1
 	fi
 	fi
 	fi
--- a/SOURCES/aide-db-problem.patch
+++ b/SOURCES/aide-db-problem.patch
@ -0,0 +1,11 @@
 diff -up aide-0.16/src/commandconf.c.rhcase03736158 aide-0.16/src/commandconf.c
 --- aide-0.16/src/commandconf.c.rhcase03736158	2024-03-01 11:06:35.305712992 +0100
 +++ aide-0.16/src/commandconf.c	2024-03-01 11:08:07.726499878 +0100
@@ -306,6 +306,7 @@ int db_input_wrapper(char* buf, int max_
       retval=0;
       buf[0]='\0';
     }else {
 +      buf[0]='\0';
       if((retval=gzread(*db_gzp,buf,max_size))<0){
 	error(0,_("gzread() failed: gzerr=%s!\n"),gzerror(*db_gzp,&err));
 	retval=0;
--- a/SOURCES/aide-static-analysis.patch
+++ b/SOURCES/aide-static-analysis.patch
@ -0,0 +1,171 @@
 Only in b: config.log
 diff --color -ru a/contrib/sshaide.sh b/contrib/sshaide.sh
 --- a/contrib/sshaide.sh	2016-07-25 22:56:55.000000000 +0200
 +++ b/contrib/sshaide.sh	2021-05-20 11:11:24.112542472 +0200
@@ -260,7 +260,7 @@
     _randword=`grep -n . ${_wordlist} | grep "^${_linenum}:" | cut -d: -f2`
     # If $_randword has anything other than lower-case chars, try again
 -    (echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1 >> /dev/null \
 +    ({ echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1; } >> /dev/null \
             && gen_rand_word ) || \
     # Return the word
 diff --color -ru a/src/commandconf.c b/src/commandconf.c
 --- a/src/commandconf.c	2021-05-20 10:37:53.842382143 +0200
 +++ b/src/commandconf.c	2021-05-25 14:16:43.278526146 +0200
@@ -313,7 +313,7 @@
       } else {
 	/* gzread returns 0 even if uncompressed bytes were read*/
 	error(240,"nread=%d,strlen(buf)=%lu,errno=%s,gzerr=%s\n",
 -              retval,(unsigned long)strnlen((char*)buf, max_size),
 +              retval,(unsigned long)strnlen((char*)buf, retval),
               strerror(errno),gzerror(*db_gzp,&err));
 	if(retval==0){
 	  retval=strnlen((char*)buf, max_size);
@@ -836,6 +836,11 @@
       }
       break;
     }
 +    default: {
 +      error(0,"Unsupported dbtype.\n");
 +      free(u);
 +      break;
 +    }
     }
   }
   free(val);
@@ -900,7 +905,7 @@
   } else {
     error_init(u,0);
   }
 -
 +  free(u->value);
   free(u);  
 }
 diff --color -ru a/src/db_disk.c b/src/db_disk.c
 --- a/src/db_disk.c	2021-05-20 10:37:53.842382143 +0200
 +++ b/src/db_disk.c	2021-05-20 12:37:00.081493364 +0200
@@ -125,10 +125,10 @@
 	ret = (char *) malloc (len);
 	ret[0] = (char) 0;
 -	strncpy(ret, conf->root_prefix, conf->root_prefix_length+1);
 -	strncat (ret, r->path, len2);
 +	strcpy(ret, conf->root_prefix);
 +	strcat (ret, r->path);
 	if (r->path[len2 - 1] != '/') {
 -		strncat (ret, "/", 1);
 +		strcat (ret, "/");
 	}
 	strcat (ret, s);
 	return ret;
@@ -207,8 +207,8 @@
 	if (!root_handled) {
 		root_handled = 1;
 		fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
 -		strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
 -		strncat (fullname, "/", 1);
 +		strcpy(fullname, conf->root_prefix);
 +		strcat (fullname, "/");
 		if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
 		add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
 		error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
@@ -346,8 +346,8 @@
 				error (255, "r->childs %p, r->parent %p,r->checked %i\n",
 							 r->childs, r->parent, r->checked);
 				fullname=malloc((conf->root_prefix_length+strlen(r->path)+1)*sizeof(char));
 -				strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
 -				strncat(fullname, r->path, strlen(r->path));
 +				strcpy(fullname, conf->root_prefix);
 +				strcat(fullname, r->path);
 				dirh=open_dir(fullname);
 				if (! dirh) {
@@ -441,8 +441,8 @@
 	char* fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
 -	strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
 -	strncat (fullname, "/", 1);
 +	strcpy(fullname, conf->root_prefix);
 +	strcat (fullname, "/");
 	dirh=open_dir(fullname);
 	free(fullname);
 diff --color -ru a/src/error.c b/src/error.c
 --- a/src/error.c	2021-05-20 10:37:53.836382037 +0200
 +++ b/src/error.c	2021-05-21 11:49:09.781313097 +0200
@@ -125,7 +125,7 @@
   fh=be_init(0,url,0);
   if(fh!=NULL) {
     conf->report_fd=list_append(conf->report_fd,(void*)fh);
 -    conf->report_url=list_append(conf->report_url,(void*)url);
 +    conf->report_url=list_append(conf->report_url,(void*)strdup(url));
     return RETOK;
   }
 diff --color -ru a/src/util.c b/src/util.c
 --- a/src/util.c	2021-05-20 10:37:53.843382160 +0200
 +++ b/src/util.c	2021-05-25 11:04:39.507278771 +0200
@@ -105,13 +105,15 @@
       for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
       if(r[0]=='\0'){
 	error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
 +        free(u);
 +        free(val_copy);
         free(hostname);
 	return NULL;
       }
       u->value=strdup(r);
       r[0]='\0';
       if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
 -        strncpy(hostname,"localhost", 10);
 +        strncpy(hostname,"localhost",MAXHOSTNAMELEN);
       }
       if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
@@ -119,6 +121,9 @@
 	break;
       } else {
 	error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
 +        free(u->value);
 +        free(u);
 +        free(val_copy);
 	free(hostname);
 	return NULL;
       }
@@ -229,6 +234,10 @@
   int i=0;
   pc=(char*)malloc(sizeof(char)*11);
 +  if (!pc) {
 +    error(0, "Memory allocation failed.\n");
 +    return NULL;
 +  }
   for(i=0;i<10;i++){
     pc[i]='-';
   }
@@ -369,14 +378,17 @@
     if (path != NULL) {
         if (path[0] == '~') {
 -            if((homedir=getenv("HOME")) != NULL) {
 +            if ((homedir=getenv("HOME")) != NULL) {
                 path_len = strlen(path+sizeof(char));
                 homedir_len = strlen(homedir);
                 full_len = homedir_len+path_len;
                 full = malloc(sizeof(char) * (full_len+1));
 -                strncpy(full, homedir, homedir_len);
 -                strncpy(full+homedir_len, path+sizeof(char), path_len);
 -                full[full_len] = '\0';
 +                if (!full) {
 +                    error(0, "Memory allocation failed.\n");
 +                    return path;
 +                }
 +                strcpy(full, homedir);
 +                strcat(full, path+sizeof(char));
                 free(path);
                 /* Don't free(homedir); because it is not safe on some platforms */
                 path = full;
--- a/SOURCES/aide.conf
+++ b/SOURCES/aide.conf
@ -93,6 +93,7 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 # Admins dot files constantly change, just check perms
 /root/\..* PERMS
 !/root/.xauth*
 # Otherwise get all of /root.
 /root   CONTENT_EX
@ -126,8 +127,6 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/subuid$     CONTENT_EX
 /etc/security/opasswd$ CONTENT_EX
 /etc/skel        CONTENT_EX
 /etc/subuid$     CONTENT_EX
 /etc/subgid$     CONTENT_EX
 /etc/sssd        CONTENT_EX
 /etc/machine-id$ CONTENT_EX
 /etc/swid        CONTENT_EX
@ -136,10 +135,7 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/tmux.conf$  CONTENT_EX
 /etc/xattr.conf$ CONTENT_EX
 # networking
 /etc/hosts.allow$   CONTENT_EX
 /etc/hosts.deny$    CONTENT_EX
 /etc/firewalld      CONTENT_EX
 !/etc/NetworkManager/system-connections
 /etc/NetworkManager CONTENT_EX
@ -237,10 +233,8 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 #### Daemons ####
 # cron jobs
 /var/spool/at CONTENT
 /etc/at.allow$ CONTENT
 /etc/at.deny$ CONTENT
 /var/spool/anacron CONTENT
 /etc/anacrontab$ CONTENT_EX
 /etc/cron.allow$ CONTENT_EX
 /etc/cron.deny$ CONTENT_EX
@ -296,22 +290,15 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/usbguard CONTENT_EX
 # Ignore some files
 !/boot/grub2/grubenv$
 !/etc/mtab$
 !/etc/.*~
 # Now everything else
 /etc    PERMS
 # With AIDE's default verbosity level of 5, these would give lots of
 # warnings upon tree traversal. It might change with future version.
 #
 #=/lost\+found    DIR
 #=/home           DIR
 # Ditto /var/log/sa reason...
 !/var/log/and-httpd
 # Admins dot files constantly change, just check perms
 /root/\..* PERMS
 !/root/.xauth*
--- a/SOURCES/coverity2.patch
+++ b/SOURCES/coverity2.patch
@ -1,31 +0,0 @@
 diff --up ./src/compare_db.c ./src/compare_db.c
 --- ./src/compare_db.c
 +++ ./src/compare_db.c
@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s);
     } else {
         *values = malloc(1 * sizeof (char*));
         if (DB_FTYPE&attr) {
 -            easy_string(get_file_type_string(line->perm))
 +            char *file_type = get_file_type_string(line->perm);
 +            if (!file_type) {
 +                error(2,"%s: ", file_type);
 +            }
 +            easy_string(file_type)
         } else if (DB_LINKNAME&attr) {
             easy_string(line->linkname)
         easy_number((DB_SIZE|DB_SIZEG),size,"%li")
 diff -up ./src/db_file.c ./src/db_file.c
 --- ./src/db_file.c
 +++ ./src/db_file.c
@@ -194,6 +194,10 @@ int db_file_read_spec(int db){
   *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
 +  if (*db_order == NULL){
 +    error(1,"malloc for *db_order failed in %s", __func__);
 +  }
 +
   while ((i=db_scan())!=TNEWLINE){
     switch (i) {
--- a/SOURCES/rootPrefix.patch
+++ b/SOURCES/rootPrefix.patch
@ -0,0 +1,21 @@
 diff -Naur aide-0.16.orig/src/db_disk.c aide-0.16/src/db_disk.c
 --- aide-0.16.orig/src/db_disk.c	2024-03-11 16:45:06.594013966 -0400
 +++ aide-0.16/src/db_disk.c	2024-03-11 16:45:06.584013966 -0400
@@ -209,7 +209,7 @@
 		fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
 		strcpy(fullname, conf->root_prefix);
 		strcat (fullname, "/");
 -		if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
 +		if (!get_file_status(fullname, &fs)) {
 		add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
 		error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
 					 conf->tree, attr);
@@ -255,7 +255,7 @@
 		   If not call, db_readline_disk again...
 		 */
 -		if (get_file_status(&fullname[conf->root_prefix_length], &fs)) {
 +		if (get_file_status(fullname, &fs)) {
 		    free (fullname);
 		    goto recursion;
 		}
--- a/SPECS/aide.spec
+++ b/SPECS/aide.spec
@ -1,9 +1,11 @@
 Summary:        Intrusion detection environment
 Name:           aide
 Version:        0.16
-Release:        15%{?dist}.2
+Release:        105%{?dist}
 URL:            http://sourceforge.net/projects/aide
 License:        GPLv2+
 Source0:        %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
 Source1:        aide.conf
 Source2:        README.quickstart
@ -20,29 +22,26 @@ BuildRequires:  libacl-devel
 BuildRequires:  pkgconfig(libselinux)
 BuildRequires:  libattr-devel
 BuildRequires:  e2fsprogs-devel
-Buildrequires:  audit-libs-devel
+BuildRequires:  audit-libs-devel
-
+BuildRequires:  autoconf automake libtool
 Requires: libgcrypt >= 1.8.5
 # Customize the database file location in the man page.
 Patch1: aide-0.16rc1-man.patch
 # fix aide in FIPS mode
 Patch2: aide-0.16b1-fipsfix.patch
 # Bug 1674637 - aide: FTBFS in Fedora rawhide/f30
 Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
-Patch3: aide-0.15-syslog-format.patch
+Patch4: aide-0.15-syslog-format.patch
-Patch4: aide-0.16-crypto-disable-haval-and-others.patch
+Patch5: aide-0.16-crypto-disable-haval-and-others.patch
-Patch5: coverity.patch
+Patch6: coverity.patch
-Patch6: aide-0.16-crash-elf.patch
+Patch7: aide-0.16-crash-elf.patch
-
+Patch8: aide-configure.patch
-# 1676487 - Null pointer dereference fix spotted by coverity
+Patch9: aide-static-analysis.patch
-Patch7: coverity2.patch
+Patch10: aide-0.16-CVE-2021-45417.patch
-
+Patch11: aide-db-problem.patch
-# 2041957 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
+Patch12: rootPrefix.patch
-Patch8: aide-0.16-CVE-2021-45417.patch
+Patch13: aide-0.16-CVE-2025-54389.patch
 # CVE-2025-54389 aide: improper output neutralization enables bypassing
 Patch9: aide-0.16-CVE-2025-54389.patch
 Patch10: aide-0.16-CVE-2025-54389-part2.patch
 %description
 AIDE (Advanced Intrusion Detection Environment) is a file integrity
@ -50,10 +49,10 @@ checker and intrusion detection program.
 %prep
 %autosetup -p1
 cp -a %{S:2} .
 %build
 autoreconf -ivf
 %configure  \
  --disable-static \
  --with-config_file=%{_sysconfdir}/aide.conf \
@ -64,8 +63,9 @@ cp -a %{S:2} .
  --with-selinux \
  --with-xattr \
  --with-e2fsattrs \
-  --with-audit
+  --with-audit \
-
+  --with-confighmactype=sha512 \
  --with-dbhmactype=sha512
 %make_build
 %install
@ -88,61 +88,87 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
 %dir %attr(0700,root,root) %{_localstatedir}/log/aide
 %changelog
-* Thu Aug 21 2025 Attila Lakatos <alakatos@redhat.com> - 0.16.15.2
+* Wed Aug 20 2025 Attila Lakatos <alakatos@redhat.com> - 0.16-105
 RHEL 9.7 ERRATUM
 - CVE-2025-54389 aide: improper output neutralization enables bypassing
-  resolves: RHEL-109907
+Resolves: RHEL-109912
-* Tue Jan 25 2022 Radovan Sroka <rsroka@redhat.com> - 0.16.15
+* Wed Jan 15 2025 Radovan Sroka <rsroka@redhat.com> - 0.16-103
- backported fix for CVE-2021-45417
+RHEL 9.6.0 ERRATUM
-  resolves: rhbz#2041957
+- /boot/grub2/grubenv's timestamp is getting modified continuously due to "boot_success" implementation
 Resolves: RHEL-4331
-* Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> = 0.16.14
+* Fri May 17 2024 Radovan Sroka <rsroka@redhat.com> - 0.16-102
- strict require for libgcrypt
+RHEL 9.5.0 ERRATUM
-  resolves: rhbz#1852407
+- aide fails with "Not enough parameters in db:15384. Trying to continue." unexpectedly
 Resolves: RHEL-27606
 - AIDE fails when using root_prefix option
 Resolves: RHEL-28882
-* Tue May 19 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-13
+* Mon Jan 24 2022 Radovan Sroka <rsroka@redhat.com> - 0.16-100
- RHEL 8.3
+- backport fix for CVE-2021-45417
- minor edit of aide.conf to make it consistent
+  Resolves: rhbz#2041950
  resolves: rhbz#1740754
-* Mon Apr 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-12
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-21
- RHEL 8.3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- minor edit of aide.conf
+  Related: rhbz#1991688
  resolves: rhbz#1740754
 - do not generate false warnings when report_ignore_e2fsattrs is specified in aide.conf
  resolves: rhbz#1806323
-* Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
+* Thu May 27 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-20
- rebuild
+- fix configuration option with-dbhmactype
- minor edit of aide.conf
+- do not use sha1 and md5 by default
  Resolves: rhbz#1935457
 - fix important static analysis issues
  Resolves: rhbz#1938676
-* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-10
+* Mon May 10 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19
- respin
+- use gating and config file from rhel-8.5
- minor edit of aide.conf
+- remove check of periodically changing files
  Resolves: rhbz#1957656
 - config cleanup
  Resolves: rhbz#1957654
-* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-9
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-18
- Null pointer dereference fix spotted by coverity
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
  resolves: rhbz#1676487
 - aide.conf needs updates for RHEL 8
  resolves: rhbz#1708015
-* Tue Oct 09 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-8
+* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-17
- fixed wrong line wrapping of messages in the syslog format
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
  resolves: rhbz#1628153
 - fixed coverity issues
  resolves: rhbz#1602441
 - fixed crash when processing .dynamic section
  resolves: rhbz#1597250
-* Wed Aug 29 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-7
+* Fri Jul 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-16
- fixed crypto problem with libgcrypt (fips)
+- Second attempt - Rebuilt for
- resolves: rhbz#1623045
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-* Wed Aug 22 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-6
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-15
- ported syslog format from rhel7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-  resolves: rhbz#1584136
+
- fixed crypto problem with libgcrypt
+* Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> 0.16-14
-  resolves: rhbz#1584120
+- AIDE breaks when setting report_ignore_e2fsattrs
  Resolves: rhbz#1850276
 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Wed Jul 31 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-12
 - backport some patches
  Resolves: rhbz#1717140
 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Wed Feb 20 2019 Daniel Kopecek <dkopecek@redhat.com> - 0.16-10
 - Fix building with curl
  Resolves: rhbz#1674637
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 0.16-8
 - Rebuild with fixed binutils
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.16-6
 - Rebuild
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild