8 changed files with 395 additions and 105 deletions
--- a/SOURCES/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
+++ b/SOURCES/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
@ -0,0 +1,58 @@
+From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= <dkopecek@redhat.com>
+Date: Wed, 20 Feb 2019 12:00:56 +0100
+Subject: [PATCH] Use LDADD for adding curl library to the linker command
+
+---
+ Makefile.am  | 2 +-
+ configure.ac | 5 +++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 4b05d7a..1541d56 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -55,7 +55,7 @@ if USE_CURL
+ aide_SOURCES += include/fopen.h src/fopen.c
+ endif
+ 
+-aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@
+aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@
+ AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
+ AM_CPPFLAGS = -I$(top_srcdir) \
+ 			  -I$(top_srcdir)/include \
+diff --git a/configure.ac b/configure.ac
+index 3598ebe..0418c59 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then
+   compoptionstring="${compoptionstring}WITH_ZLIB\\n"
+ fi
+ 
+CURLLIB=
+ if test x$with_curl = xyes; then
+ 	AC_PATH_PROG(curlconfig, "curl-config")
+ 	if test "_$curlconfig" != _ ; then
+ 		CURL_CFLAGS=`$curlconfig --cflags`
+-		CURL_LIBS=`$curlconfig --libs`
+		CURLLIB=`$curlconfig --libs`
+ 	else
+ 		AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])
+ 	fi
+   AC_CHECK_HEADERS(curl/curl.h,,
+  	[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])])
+   CFLAGS="$CFLAGS $CURL_CFLAGS"
+-  LDFLAGS="$LDFLAGS $CURL_LIBS"
+   AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes,
+  	[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]
+ )
+   AC_DEFINE(WITH_CURL,1,[use curl])
+ 	compoptionstring="${compoptionstring}WITH_CURL\\n"
+ fi
+AC_SUBST(CURLLIB)
+ AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes)
+ 
+ AC_ARG_WITH(mhash,
+-- 
+2.20.1
+
--- a/SOURCES/aide-configure.patch
+++ b/SOURCES/aide-configure.patch
@ -0,0 +1,51 @@
+diff --color -ru a/configure.ac b/configure.ac
+--- a/configure.ac	2021-05-20 09:31:11.686987129 +0200
+++ b/configure.ac	2021-05-20 09:39:43.369967457 +0200
+@@ -784,11 +784,11 @@
+ 	[if test "x$withval" = "xmd5" ;then
+ 	   CONFIGHMACTYPE="MHASH_MD5"
+ 	else if test "x$withval" = "xsha1" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA1"
+	   CONFIGHMACTYPE="MHASH_SHA1"
+ 	else if test "x$withval" = "xsha256" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA256"
+	   CONFIGHMACTYPE="MHASH_SHA256"
+ 	else if test "x$withval" = "xsha512" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA512"
+	   CONFIGHMACTYPE="MHASH_SHA512"
+         else 
+ 	   echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512"
+ 	   exit 1
+@@ -799,7 +799,6 @@
+ 	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])],
+ 	[
+ 	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,MHASH_MD5,[hash type for config file check])]
+-,
+ )
+ 
+ AC_ARG_WITH([confighmackey],
+@@ -846,18 +845,18 @@
+ 
+ AC_ARG_WITH([dbhmactype],
+ 	AC_HELP_STRING([--with-dbhmactype=TYPE],
+-		[Hash type to use for checking db. Valid values are md5 and sha1.]),
+		[Hash type to use for checking db. Valid values are md5, sha1, sha256 and sha512.]),
+ 	[if test "x$withval" = "xmd5" ;then
+ 	   DBHMACTYPE="MHASH_MD5"
+ 	else if test "x$withval" = "xsha1" ;then
+-	      DBHMACTYPE="MHASH_SHA1"
+	   DBHMACTYPE="MHASH_SHA1"
+ 	else if test "x$withval" = "xsha256" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA256"
+	   DBHMACTYPE="MHASH_SHA256"
+ 	else if test "x$withval" = "xsha512" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA512"
+	   DBHMACTYPE="MHASH_SHA512"
+         else 
+-	      echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
+-	      exit 1
+	   echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
+	   exit 1
+ 	fi
+ 	fi
+ 	fi
--- a/SOURCES/aide-db-problem.patch
+++ b/SOURCES/aide-db-problem.patch
@ -0,0 +1,11 @@
+diff -up aide-0.16/src/commandconf.c.rhcase03736158 aide-0.16/src/commandconf.c
+--- aide-0.16/src/commandconf.c.rhcase03736158	2024-03-01 11:06:35.305712992 +0100
+++ aide-0.16/src/commandconf.c	2024-03-01 11:08:07.726499878 +0100
+@@ -306,6 +306,7 @@ int db_input_wrapper(char* buf, int max_
+       retval=0;
+       buf[0]='\0';
+     }else {
+      buf[0]='\0';
+       if((retval=gzread(*db_gzp,buf,max_size))<0){
+ 	error(0,_("gzread() failed: gzerr=%s!\n"),gzerror(*db_gzp,&err));
+ 	retval=0;
--- a/SOURCES/aide-static-analysis.patch
+++ b/SOURCES/aide-static-analysis.patch
@ -0,0 +1,171 @@
+Only in b: config.log
+diff --color -ru a/contrib/sshaide.sh b/contrib/sshaide.sh
+--- a/contrib/sshaide.sh	2016-07-25 22:56:55.000000000 +0200
+++ b/contrib/sshaide.sh	2021-05-20 11:11:24.112542472 +0200
+@@ -260,7 +260,7 @@
+     _randword=`grep -n . ${_wordlist} | grep "^${_linenum}:" | cut -d: -f2`
+  
+     # If $_randword has anything other than lower-case chars, try again
+-    (echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1 >> /dev/null \
+    ({ echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1; } >> /dev/null \
+             && gen_rand_word ) || \
+  
+     # Return the word
+diff --color -ru a/src/commandconf.c b/src/commandconf.c
+--- a/src/commandconf.c	2021-05-20 10:37:53.842382143 +0200
+++ b/src/commandconf.c	2021-05-25 14:16:43.278526146 +0200
+@@ -313,7 +313,7 @@
+       } else {
+ 	/* gzread returns 0 even if uncompressed bytes were read*/
+ 	error(240,"nread=%d,strlen(buf)=%lu,errno=%s,gzerr=%s\n",
+-              retval,(unsigned long)strnlen((char*)buf, max_size),
+              retval,(unsigned long)strnlen((char*)buf, retval),
+               strerror(errno),gzerror(*db_gzp,&err));
+ 	if(retval==0){
+ 	  retval=strnlen((char*)buf, max_size);
+@@ -836,6 +836,11 @@
+       }
+       break;
+     }
+    default: {
+      error(0,"Unsupported dbtype.\n");
+      free(u);
+      break;
+    }
+     }
+   }
+   free(val);
+@@ -900,7 +905,7 @@
+   } else {
+     error_init(u,0);
+   }
+-
+  free(u->value);
+   free(u);  
+ }
+ 
+diff --color -ru a/src/db_disk.c b/src/db_disk.c
+--- a/src/db_disk.c	2021-05-20 10:37:53.842382143 +0200
+++ b/src/db_disk.c	2021-05-20 12:37:00.081493364 +0200
+@@ -125,10 +125,10 @@
+ 
+ 	ret = (char *) malloc (len);
+ 	ret[0] = (char) 0;
+-	strncpy(ret, conf->root_prefix, conf->root_prefix_length+1);
+-	strncat (ret, r->path, len2);
+	strcpy(ret, conf->root_prefix);
+	strcat (ret, r->path);
+ 	if (r->path[len2 - 1] != '/') {
+-		strncat (ret, "/", 1);
+		strcat (ret, "/");
+ 	}
+ 	strcat (ret, s);
+ 	return ret;
+@@ -207,8 +207,8 @@
+ 	if (!root_handled) {
+ 		root_handled = 1;
+ 		fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
+-		strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
+-		strncat (fullname, "/", 1);
+		strcpy(fullname, conf->root_prefix);
+		strcat (fullname, "/");
+ 		if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+ 		add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
+ 		error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
+@@ -346,8 +346,8 @@
+ 				error (255, "r->childs %p, r->parent %p,r->checked %i\n",
+ 							 r->childs, r->parent, r->checked);
+ 				fullname=malloc((conf->root_prefix_length+strlen(r->path)+1)*sizeof(char));
+-				strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
+-				strncat(fullname, r->path, strlen(r->path));
+				strcpy(fullname, conf->root_prefix);
+				strcat(fullname, r->path);
+ 				dirh=open_dir(fullname);
+ 				if (! dirh) {
+ 
+@@ -441,8 +441,8 @@
+ 
+ 
+ 	char* fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
+-	strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
+-	strncat (fullname, "/", 1);
+	strcpy(fullname, conf->root_prefix);
+	strcat (fullname, "/");
+ 	dirh=open_dir(fullname);
+ 	free(fullname);
+ 
+diff --color -ru a/src/error.c b/src/error.c
+--- a/src/error.c	2021-05-20 10:37:53.836382037 +0200
+++ b/src/error.c	2021-05-21 11:49:09.781313097 +0200
+@@ -125,7 +125,7 @@
+   fh=be_init(0,url,0);
+   if(fh!=NULL) {
+     conf->report_fd=list_append(conf->report_fd,(void*)fh);
+-    conf->report_url=list_append(conf->report_url,(void*)url);
+    conf->report_url=list_append(conf->report_url,(void*)strdup(url));
+     return RETOK;
+   }
+   
+diff --color -ru a/src/util.c b/src/util.c
+--- a/src/util.c	2021-05-20 10:37:53.843382160 +0200
+++ b/src/util.c	2021-05-25 11:04:39.507278771 +0200
+@@ -105,13 +105,15 @@
+       for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
+       if(r[0]=='\0'){
+ 	error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
+        free(u);
+        free(val_copy);
+         free(hostname);
+ 	return NULL;
+       }
+       u->value=strdup(r);
+       r[0]='\0';
+       if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
+-        strncpy(hostname,"localhost", 10);
+        strncpy(hostname,"localhost",MAXHOSTNAMELEN);
+       }
+ 
+       if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
+@@ -119,6 +121,9 @@
+ 	break;
+       } else {
+ 	error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
+        free(u->value);
+        free(u);
+        free(val_copy);
+ 	free(hostname);
+ 	return NULL;
+       }
+@@ -229,6 +234,10 @@
+   int i=0;
+   
+   pc=(char*)malloc(sizeof(char)*11);
+  if (!pc) {
+    error(0, "Memory allocation failed.\n");
+    return NULL;
+  }
+   for(i=0;i<10;i++){
+     pc[i]='-';
+   }
+@@ -369,14 +378,17 @@
+ 
+     if (path != NULL) {
+         if (path[0] == '~') {
+-            if((homedir=getenv("HOME")) != NULL) {
+            if ((homedir=getenv("HOME")) != NULL) {
+                 path_len = strlen(path+sizeof(char));
+                 homedir_len = strlen(homedir);
+                 full_len = homedir_len+path_len;
+                 full = malloc(sizeof(char) * (full_len+1));
+-                strncpy(full, homedir, homedir_len);
+-                strncpy(full+homedir_len, path+sizeof(char), path_len);
+-                full[full_len] = '\0';
+                if (!full) {
+                    error(0, "Memory allocation failed.\n");
+                    return path;
+                }
+                strcpy(full, homedir);
+                strcat(full, path+sizeof(char));
+                 free(path);
+                 /* Don't free(homedir); because it is not safe on some platforms */
+                 path = full;
--- a/SOURCES/aide.conf
+++ b/SOURCES/aide.conf
@ -93,6 +93,7 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512

 # Admins dot files constantly change, just check perms
 /root/\..* PERMS
+!/root/.xauth*
 # Otherwise get all of /root.
 /root   CONTENT_EX

@ -126,8 +127,6 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/subuid$     CONTENT_EX
 /etc/security/opasswd$ CONTENT_EX
 /etc/skel        CONTENT_EX
-/etc/subuid$     CONTENT_EX
-/etc/subgid$     CONTENT_EX
 /etc/sssd        CONTENT_EX
 /etc/machine-id$ CONTENT_EX
 /etc/swid        CONTENT_EX
@ -136,10 +135,7 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 /etc/tmux.conf$  CONTENT_EX
 /etc/xattr.conf$ CONTENT_EX

-
 # networking
-/etc/hosts.allow$   CONTENT_EX
-/etc/hosts.deny$    CONTENT_EX
 /etc/firewalld      CONTENT_EX
 !/etc/NetworkManager/system-connections
 /etc/NetworkManager CONTENT_EX
@ -237,10 +233,8 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 #### Daemons ####

 # cron jobs
-/var/spool/at CONTENT
 /etc/at.allow$ CONTENT
 /etc/at.deny$ CONTENT
-/var/spool/anacron CONTENT
 /etc/anacrontab$ CONTENT_EX
 /etc/cron.allow$ CONTENT_EX
 /etc/cron.deny$ CONTENT_EX
@ -302,16 +296,8 @@ DATAONLY =  p+n+u+g+s+acl+selinux+xattrs+sha512
 # Now everything else
 /etc    PERMS

-
 # With AIDE's default verbosity level of 5, these would give lots of
 # warnings upon tree traversal. It might change with future version.
 #
 #=/lost\+found    DIR
 #=/home           DIR
-
-# Ditto /var/log/sa reason...
-!/var/log/and-httpd
-
-# Admins dot files constantly change, just check perms
-/root/\..* PERMS
-!/root/.xauth*
--- a/SOURCES/coverity2.patch
+++ b/SOURCES/coverity2.patch
@ -1,31 +0,0 @@
-diff --up ./src/compare_db.c ./src/compare_db.c
--- ./src/compare_db.c
-+++ ./src/compare_db.c
-@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s);
-     } else {
-         *values = malloc(1 * sizeof (char*));
-         if (DB_FTYPE&attr) {
-            easy_string(get_file_type_string(line->perm))
-+            char *file_type = get_file_type_string(line->perm);
-+            if (!file_type) {
-+                error(2,"%s: ", file_type);
-+            }
-+            easy_string(file_type)
-         } else if (DB_LINKNAME&attr) {
-             easy_string(line->linkname)
-         easy_number((DB_SIZE|DB_SIZEG),size,"%li")
-diff -up ./src/db_file.c ./src/db_file.c
--- ./src/db_file.c
-+++ ./src/db_file.c
-@@ -194,6 +194,10 @@ int db_file_read_spec(int db){
- 
-   *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
-   
-+  if (*db_order == NULL){
-+    error(1,"malloc for *db_order failed in %s", __func__);
-+  }
-+
-   while ((i=db_scan())!=TNEWLINE){
-     switch (i) {
-       
-
--- a/SOURCES/rootPrefix.patch
+++ b/SOURCES/rootPrefix.patch
@ -0,0 +1,21 @@
+diff -Naur aide-0.16.orig/src/db_disk.c aide-0.16/src/db_disk.c
+--- aide-0.16.orig/src/db_disk.c	2024-03-11 16:45:06.594013966 -0400
+++ aide-0.16/src/db_disk.c	2024-03-11 16:45:06.584013966 -0400
+@@ -209,7 +209,7 @@
+ 		fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
+ 		strcpy(fullname, conf->root_prefix);
+ 		strcat (fullname, "/");
+-		if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+		if (!get_file_status(fullname, &fs)) {
+ 		add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
+ 		error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
+ 					 conf->tree, attr);
+@@ -255,7 +255,7 @@
+ 		   If not call, db_readline_disk again...
+ 		 */
+ 
+-		if (get_file_status(&fullname[conf->root_prefix_length], &fs)) {
+		if (get_file_status(fullname, &fs)) {
+ 		    free (fullname);
+ 		    goto recursion;
+ 		}
--- a/SPECS/aide.spec
+++ b/SPECS/aide.spec
@ -1,9 +1,11 @@
 Summary:        Intrusion detection environment
 Name:           aide
 Version:        0.16
-Release:        14%{?dist}.1
+Release:        102%{?dist}
 URL:            http://sourceforge.net/projects/aide
 License:        GPLv2+
+
+
 Source0:        %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
 Source1:        aide.conf
 Source2:        README.quickstart
@ -20,25 +22,25 @@ BuildRequires:  libacl-devel
 BuildRequires:  pkgconfig(libselinux)
 BuildRequires:  libattr-devel
 BuildRequires:  e2fsprogs-devel
-Buildrequires:  audit-libs-devel
-
-Requires: libgcrypt >= 1.8.5
+BuildRequires:  audit-libs-devel
+BuildRequires:  autoconf automake libtool

 # Customize the database file location in the man page.
 Patch1: aide-0.16rc1-man.patch
 # fix aide in FIPS mode
 Patch2: aide-0.16b1-fipsfix.patch
+# Bug 1674637 - aide: FTBFS in Fedora rawhide/f30
+Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch

-Patch3: aide-0.15-syslog-format.patch
-Patch4: aide-0.16-crypto-disable-haval-and-others.patch
-Patch5: coverity.patch
-Patch6: aide-0.16-crash-elf.patch
-
-# 1676487 - Null pointer dereference fix spotted by coverity
-Patch7: coverity2.patch
-
-# 2041956 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
-Patch8: aide-0.16-CVE-2021-45417.patch
+Patch4: aide-0.15-syslog-format.patch
+Patch5: aide-0.16-crypto-disable-haval-and-others.patch
+Patch6: coverity.patch
+Patch7: aide-0.16-crash-elf.patch
+Patch8: aide-configure.patch
+Patch9: aide-static-analysis.patch
+Patch10: aide-0.16-CVE-2021-45417.patch
+Patch11: aide-db-problem.patch
+Patch12: rootPrefix.patch

 %description
 AIDE (Advanced Intrusion Detection Environment) is a file integrity
@ -46,10 +48,10 @@ checker and intrusion detection program.

 %prep
 %autosetup -p1
-
 cp -a %{S:2} .

 %build
+autoreconf -ivf
 %configure  \
  --disable-static \
  --with-config_file=%{_sysconfdir}/aide.conf \
@ -60,8 +62,9 @@ cp -a %{S:2} .
  --with-selinux \
  --with-xattr \
  --with-e2fsattrs \
-  --with-audit
-
+  --with-audit \
+  --with-confighmactype=sha512 \
+  --with-dbhmactype=sha512
 %make_build

 %install
@ -84,57 +87,77 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
 %dir %attr(0700,root,root) %{_localstatedir}/log/aide

 %changelog
-* Tue Jan 25 2022 Radovan Sroka <rsroka@redhat.com> - 0.16.14.1
- backported fix for CVE-2021-45417
-  resolves: rhbz#2041956
+* Fri May 17 2024 Radovan Sroka <rsroka@redhat.com> - 0.16-102
+RHEL 9.5.0 ERRATUM
+- aide fails with "Not enough parameters in db:15384. Trying to continue." unexpectedly
+Resolves: RHEL-27606
+- AIDE fails when using root_prefix option
+Resolves: RHEL-28882

-* Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> = 0.16.14
- strict require for libgcrypt
-  resolves: rhbz#1852407
+* Mon Jan 24 2022 Radovan Sroka <rsroka@redhat.com> - 0.16-100
+- backport fix for CVE-2021-45417
+  Resolves: rhbz#2041950

-* Tue May 19 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-13
- RHEL 8.3
- minor edit of aide.conf to make it consistent
-  resolves: rhbz#1740754
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-21
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Mon Apr 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-12
- RHEL 8.3
- minor edit of aide.conf
-  resolves: rhbz#1740754
- do not generate false warnings when report_ignore_e2fsattrs is specified in aide.conf
-  resolves: rhbz#1806323
+* Thu May 27 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-20
+- fix configuration option with-dbhmactype
+- do not use sha1 and md5 by default
+  Resolves: rhbz#1935457
+- fix important static analysis issues
+  Resolves: rhbz#1938676

-* Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
- rebuild
- minor edit of aide.conf
+* Mon May 10 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19
+- use gating and config file from rhel-8.5
+- remove check of periodically changing files
+  Resolves: rhbz#1957656
+- config cleanup
+  Resolves: rhbz#1957654

-* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-10
- respin
- minor edit of aide.conf
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-18
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-9
- Null pointer dereference fix spotted by coverity
-  resolves: rhbz#1676487
- aide.conf needs updates for RHEL 8
-  resolves: rhbz#1708015
+* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Tue Oct 09 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-8
- fixed wrong line wrapping of messages in the syslog format
-  resolves: rhbz#1628153
- fixed coverity issues
-  resolves: rhbz#1602441
- fixed crash when processing .dynamic section
-  resolves: rhbz#1597250
+* Fri Jul 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-16
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

-* Wed Aug 29 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-7
- fixed crypto problem with libgcrypt (fips)
- resolves: rhbz#1623045
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

-* Wed Aug 22 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-6
- ported syslog format from rhel7
-  resolves: rhbz#1584136
- fixed crypto problem with libgcrypt
-  resolves: rhbz#1584120
+* Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> 0.16-14
+- AIDE breaks when setting report_ignore_e2fsattrs
+  Resolves: rhbz#1850276
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jul 31 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-12
+- backport some patches
+  Resolves: rhbz#1717140
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Feb 20 2019 Daniel Kopecek <dkopecek@redhat.com> - 0.16-10
+- Fix building with curl
+  Resolves: rhbz#1674637
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 0.16-8
+- Rebuild with fixed binutils
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.16-6
+- Rebuild

 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild