Compare commits
No commits in common. "c9-beta" and "c8" have entirely different histories.
@ -1,58 +0,0 @@
|
||||
From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= <dkopecek@redhat.com>
|
||||
Date: Wed, 20 Feb 2019 12:00:56 +0100
|
||||
Subject: [PATCH] Use LDADD for adding curl library to the linker command
|
||||
|
||||
---
|
||||
Makefile.am | 2 +-
|
||||
configure.ac | 5 +++--
|
||||
2 files changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 4b05d7a..1541d56 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -55,7 +55,7 @@ if USE_CURL
|
||||
aide_SOURCES += include/fopen.h src/fopen.c
|
||||
endif
|
||||
|
||||
-aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@
|
||||
+aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@
|
||||
AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g
|
||||
AM_CPPFLAGS = -I$(top_srcdir) \
|
||||
-I$(top_srcdir)/include \
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 3598ebe..0418c59 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then
|
||||
compoptionstring="${compoptionstring}WITH_ZLIB\\n"
|
||||
fi
|
||||
|
||||
+CURLLIB=
|
||||
if test x$with_curl = xyes; then
|
||||
AC_PATH_PROG(curlconfig, "curl-config")
|
||||
if test "_$curlconfig" != _ ; then
|
||||
CURL_CFLAGS=`$curlconfig --cflags`
|
||||
- CURL_LIBS=`$curlconfig --libs`
|
||||
+ CURLLIB=`$curlconfig --libs`
|
||||
else
|
||||
AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])
|
||||
fi
|
||||
AC_CHECK_HEADERS(curl/curl.h,,
|
||||
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])])
|
||||
CFLAGS="$CFLAGS $CURL_CFLAGS"
|
||||
- LDFLAGS="$LDFLAGS $CURL_LIBS"
|
||||
AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes,
|
||||
[AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]
|
||||
)
|
||||
AC_DEFINE(WITH_CURL,1,[use curl])
|
||||
compoptionstring="${compoptionstring}WITH_CURL\\n"
|
||||
fi
|
||||
+AC_SUBST(CURLLIB)
|
||||
AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes)
|
||||
|
||||
AC_ARG_WITH(mhash,
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,51 +0,0 @@
|
||||
diff --color -ru a/configure.ac b/configure.ac
|
||||
--- a/configure.ac 2021-05-20 09:31:11.686987129 +0200
|
||||
+++ b/configure.ac 2021-05-20 09:39:43.369967457 +0200
|
||||
@@ -784,11 +784,11 @@
|
||||
[if test "x$withval" = "xmd5" ;then
|
||||
CONFIGHMACTYPE="MHASH_MD5"
|
||||
else if test "x$withval" = "xsha1" ;then
|
||||
- CONFIGHMACTYPE="MHASH_SHA1"
|
||||
+ CONFIGHMACTYPE="MHASH_SHA1"
|
||||
else if test "x$withval" = "xsha256" ;then
|
||||
- CONFIGHMACTYPE="MHASH_SHA256"
|
||||
+ CONFIGHMACTYPE="MHASH_SHA256"
|
||||
else if test "x$withval" = "xsha512" ;then
|
||||
- CONFIGHMACTYPE="MHASH_SHA512"
|
||||
+ CONFIGHMACTYPE="MHASH_SHA512"
|
||||
else
|
||||
echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512"
|
||||
exit 1
|
||||
@@ -799,7 +799,6 @@
|
||||
AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])],
|
||||
[
|
||||
AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,MHASH_MD5,[hash type for config file check])]
|
||||
-,
|
||||
)
|
||||
|
||||
AC_ARG_WITH([confighmackey],
|
||||
@@ -846,18 +845,18 @@
|
||||
|
||||
AC_ARG_WITH([dbhmactype],
|
||||
AC_HELP_STRING([--with-dbhmactype=TYPE],
|
||||
- [Hash type to use for checking db. Valid values are md5 and sha1.]),
|
||||
+ [Hash type to use for checking db. Valid values are md5, sha1, sha256 and sha512.]),
|
||||
[if test "x$withval" = "xmd5" ;then
|
||||
DBHMACTYPE="MHASH_MD5"
|
||||
else if test "x$withval" = "xsha1" ;then
|
||||
- DBHMACTYPE="MHASH_SHA1"
|
||||
+ DBHMACTYPE="MHASH_SHA1"
|
||||
else if test "x$withval" = "xsha256" ;then
|
||||
- CONFIGHMACTYPE="MHASH_SHA256"
|
||||
+ DBHMACTYPE="MHASH_SHA256"
|
||||
else if test "x$withval" = "xsha512" ;then
|
||||
- CONFIGHMACTYPE="MHASH_SHA512"
|
||||
+ DBHMACTYPE="MHASH_SHA512"
|
||||
else
|
||||
- echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
|
||||
- exit 1
|
||||
+ echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
|
||||
+ exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
@ -1,11 +0,0 @@
|
||||
diff -up aide-0.16/src/commandconf.c.rhcase03736158 aide-0.16/src/commandconf.c
|
||||
--- aide-0.16/src/commandconf.c.rhcase03736158 2024-03-01 11:06:35.305712992 +0100
|
||||
+++ aide-0.16/src/commandconf.c 2024-03-01 11:08:07.726499878 +0100
|
||||
@@ -306,6 +306,7 @@ int db_input_wrapper(char* buf, int max_
|
||||
retval=0;
|
||||
buf[0]='\0';
|
||||
}else {
|
||||
+ buf[0]='\0';
|
||||
if((retval=gzread(*db_gzp,buf,max_size))<0){
|
||||
error(0,_("gzread() failed: gzerr=%s!\n"),gzerror(*db_gzp,&err));
|
||||
retval=0;
|
@ -1,171 +0,0 @@
|
||||
Only in b: config.log
|
||||
diff --color -ru a/contrib/sshaide.sh b/contrib/sshaide.sh
|
||||
--- a/contrib/sshaide.sh 2016-07-25 22:56:55.000000000 +0200
|
||||
+++ b/contrib/sshaide.sh 2021-05-20 11:11:24.112542472 +0200
|
||||
@@ -260,7 +260,7 @@
|
||||
_randword=`grep -n . ${_wordlist} | grep "^${_linenum}:" | cut -d: -f2`
|
||||
|
||||
# If $_randword has anything other than lower-case chars, try again
|
||||
- (echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1 >> /dev/null \
|
||||
+ ({ echo ${_randword} | LC_ALL=C grep '[^a-z]' 2>&1; } >> /dev/null \
|
||||
&& gen_rand_word ) || \
|
||||
|
||||
# Return the word
|
||||
diff --color -ru a/src/commandconf.c b/src/commandconf.c
|
||||
--- a/src/commandconf.c 2021-05-20 10:37:53.842382143 +0200
|
||||
+++ b/src/commandconf.c 2021-05-25 14:16:43.278526146 +0200
|
||||
@@ -313,7 +313,7 @@
|
||||
} else {
|
||||
/* gzread returns 0 even if uncompressed bytes were read*/
|
||||
error(240,"nread=%d,strlen(buf)=%lu,errno=%s,gzerr=%s\n",
|
||||
- retval,(unsigned long)strnlen((char*)buf, max_size),
|
||||
+ retval,(unsigned long)strnlen((char*)buf, retval),
|
||||
strerror(errno),gzerror(*db_gzp,&err));
|
||||
if(retval==0){
|
||||
retval=strnlen((char*)buf, max_size);
|
||||
@@ -836,6 +836,11 @@
|
||||
}
|
||||
break;
|
||||
}
|
||||
+ default: {
|
||||
+ error(0,"Unsupported dbtype.\n");
|
||||
+ free(u);
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
free(val);
|
||||
@@ -900,7 +905,7 @@
|
||||
} else {
|
||||
error_init(u,0);
|
||||
}
|
||||
-
|
||||
+ free(u->value);
|
||||
free(u);
|
||||
}
|
||||
|
||||
diff --color -ru a/src/db_disk.c b/src/db_disk.c
|
||||
--- a/src/db_disk.c 2021-05-20 10:37:53.842382143 +0200
|
||||
+++ b/src/db_disk.c 2021-05-20 12:37:00.081493364 +0200
|
||||
@@ -125,10 +125,10 @@
|
||||
|
||||
ret = (char *) malloc (len);
|
||||
ret[0] = (char) 0;
|
||||
- strncpy(ret, conf->root_prefix, conf->root_prefix_length+1);
|
||||
- strncat (ret, r->path, len2);
|
||||
+ strcpy(ret, conf->root_prefix);
|
||||
+ strcat (ret, r->path);
|
||||
if (r->path[len2 - 1] != '/') {
|
||||
- strncat (ret, "/", 1);
|
||||
+ strcat (ret, "/");
|
||||
}
|
||||
strcat (ret, s);
|
||||
return ret;
|
||||
@@ -207,8 +207,8 @@
|
||||
if (!root_handled) {
|
||||
root_handled = 1;
|
||||
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
|
||||
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
|
||||
- strncat (fullname, "/", 1);
|
||||
+ strcpy(fullname, conf->root_prefix);
|
||||
+ strcat (fullname, "/");
|
||||
if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
|
||||
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
|
||||
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
|
||||
@@ -346,8 +346,8 @@
|
||||
error (255, "r->childs %p, r->parent %p,r->checked %i\n",
|
||||
r->childs, r->parent, r->checked);
|
||||
fullname=malloc((conf->root_prefix_length+strlen(r->path)+1)*sizeof(char));
|
||||
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
|
||||
- strncat(fullname, r->path, strlen(r->path));
|
||||
+ strcpy(fullname, conf->root_prefix);
|
||||
+ strcat(fullname, r->path);
|
||||
dirh=open_dir(fullname);
|
||||
if (! dirh) {
|
||||
|
||||
@@ -441,8 +441,8 @@
|
||||
|
||||
|
||||
char* fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
|
||||
- strncpy(fullname, conf->root_prefix, conf->root_prefix_length+1);
|
||||
- strncat (fullname, "/", 1);
|
||||
+ strcpy(fullname, conf->root_prefix);
|
||||
+ strcat (fullname, "/");
|
||||
dirh=open_dir(fullname);
|
||||
free(fullname);
|
||||
|
||||
diff --color -ru a/src/error.c b/src/error.c
|
||||
--- a/src/error.c 2021-05-20 10:37:53.836382037 +0200
|
||||
+++ b/src/error.c 2021-05-21 11:49:09.781313097 +0200
|
||||
@@ -125,7 +125,7 @@
|
||||
fh=be_init(0,url,0);
|
||||
if(fh!=NULL) {
|
||||
conf->report_fd=list_append(conf->report_fd,(void*)fh);
|
||||
- conf->report_url=list_append(conf->report_url,(void*)url);
|
||||
+ conf->report_url=list_append(conf->report_url,(void*)strdup(url));
|
||||
return RETOK;
|
||||
}
|
||||
|
||||
diff --color -ru a/src/util.c b/src/util.c
|
||||
--- a/src/util.c 2021-05-20 10:37:53.843382160 +0200
|
||||
+++ b/src/util.c 2021-05-25 11:04:39.507278771 +0200
|
||||
@@ -105,13 +105,15 @@
|
||||
for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++);
|
||||
if(r[0]=='\0'){
|
||||
error(0,"Invalid file-URL,no path after hostname: file:%s\n",t);
|
||||
+ free(u);
|
||||
+ free(val_copy);
|
||||
free(hostname);
|
||||
return NULL;
|
||||
}
|
||||
u->value=strdup(r);
|
||||
r[0]='\0';
|
||||
if(gethostname(hostname,MAXHOSTNAMELEN)==-1){
|
||||
- strncpy(hostname,"localhost", 10);
|
||||
+ strncpy(hostname,"localhost",MAXHOSTNAMELEN);
|
||||
}
|
||||
|
||||
if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){
|
||||
@@ -119,6 +121,9 @@
|
||||
break;
|
||||
} else {
|
||||
error(0,"Invalid file-URL, cannot use hostname other than localhost or %s: file:%s\n",hostname,u->value);
|
||||
+ free(u->value);
|
||||
+ free(u);
|
||||
+ free(val_copy);
|
||||
free(hostname);
|
||||
return NULL;
|
||||
}
|
||||
@@ -229,6 +234,10 @@
|
||||
int i=0;
|
||||
|
||||
pc=(char*)malloc(sizeof(char)*11);
|
||||
+ if (!pc) {
|
||||
+ error(0, "Memory allocation failed.\n");
|
||||
+ return NULL;
|
||||
+ }
|
||||
for(i=0;i<10;i++){
|
||||
pc[i]='-';
|
||||
}
|
||||
@@ -369,14 +378,17 @@
|
||||
|
||||
if (path != NULL) {
|
||||
if (path[0] == '~') {
|
||||
- if((homedir=getenv("HOME")) != NULL) {
|
||||
+ if ((homedir=getenv("HOME")) != NULL) {
|
||||
path_len = strlen(path+sizeof(char));
|
||||
homedir_len = strlen(homedir);
|
||||
full_len = homedir_len+path_len;
|
||||
full = malloc(sizeof(char) * (full_len+1));
|
||||
- strncpy(full, homedir, homedir_len);
|
||||
- strncpy(full+homedir_len, path+sizeof(char), path_len);
|
||||
- full[full_len] = '\0';
|
||||
+ if (!full) {
|
||||
+ error(0, "Memory allocation failed.\n");
|
||||
+ return path;
|
||||
+ }
|
||||
+ strcpy(full, homedir);
|
||||
+ strcat(full, path+sizeof(char));
|
||||
free(path);
|
||||
/* Don't free(homedir); because it is not safe on some platforms */
|
||||
path = full;
|
@ -93,7 +93,6 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
|
||||
|
||||
# Admins dot files constantly change, just check perms
|
||||
/root/\..* PERMS
|
||||
!/root/.xauth*
|
||||
# Otherwise get all of /root.
|
||||
/root CONTENT_EX
|
||||
|
||||
@ -127,6 +126,8 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
|
||||
/etc/subuid$ CONTENT_EX
|
||||
/etc/security/opasswd$ CONTENT_EX
|
||||
/etc/skel CONTENT_EX
|
||||
/etc/subuid$ CONTENT_EX
|
||||
/etc/subgid$ CONTENT_EX
|
||||
/etc/sssd CONTENT_EX
|
||||
/etc/machine-id$ CONTENT_EX
|
||||
/etc/swid CONTENT_EX
|
||||
@ -135,7 +136,10 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
|
||||
/etc/tmux.conf$ CONTENT_EX
|
||||
/etc/xattr.conf$ CONTENT_EX
|
||||
|
||||
|
||||
# networking
|
||||
/etc/hosts.allow$ CONTENT_EX
|
||||
/etc/hosts.deny$ CONTENT_EX
|
||||
/etc/firewalld CONTENT_EX
|
||||
!/etc/NetworkManager/system-connections
|
||||
/etc/NetworkManager CONTENT_EX
|
||||
@ -233,8 +237,10 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
|
||||
#### Daemons ####
|
||||
|
||||
# cron jobs
|
||||
/var/spool/at CONTENT
|
||||
/etc/at.allow$ CONTENT
|
||||
/etc/at.deny$ CONTENT
|
||||
/var/spool/anacron CONTENT
|
||||
/etc/anacrontab$ CONTENT_EX
|
||||
/etc/cron.allow$ CONTENT_EX
|
||||
/etc/cron.deny$ CONTENT_EX
|
||||
@ -296,8 +302,16 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha512
|
||||
# Now everything else
|
||||
/etc PERMS
|
||||
|
||||
|
||||
# With AIDE's default verbosity level of 5, these would give lots of
|
||||
# warnings upon tree traversal. It might change with future version.
|
||||
#
|
||||
#=/lost\+found DIR
|
||||
#=/home DIR
|
||||
|
||||
# Ditto /var/log/sa reason...
|
||||
!/var/log/and-httpd
|
||||
|
||||
# Admins dot files constantly change, just check perms
|
||||
/root/\..* PERMS
|
||||
!/root/.xauth*
|
||||
|
31
SOURCES/coverity2.patch
Normal file
31
SOURCES/coverity2.patch
Normal file
@ -0,0 +1,31 @@
|
||||
diff --up ./src/compare_db.c ./src/compare_db.c
|
||||
--- ./src/compare_db.c
|
||||
+++ ./src/compare_db.c
|
||||
@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s);
|
||||
} else {
|
||||
*values = malloc(1 * sizeof (char*));
|
||||
if (DB_FTYPE&attr) {
|
||||
- easy_string(get_file_type_string(line->perm))
|
||||
+ char *file_type = get_file_type_string(line->perm);
|
||||
+ if (!file_type) {
|
||||
+ error(2,"%s: ", file_type);
|
||||
+ }
|
||||
+ easy_string(file_type)
|
||||
} else if (DB_LINKNAME&attr) {
|
||||
easy_string(line->linkname)
|
||||
easy_number((DB_SIZE|DB_SIZEG),size,"%li")
|
||||
diff -up ./src/db_file.c ./src/db_file.c
|
||||
--- ./src/db_file.c
|
||||
+++ ./src/db_file.c
|
||||
@@ -194,6 +194,10 @@ int db_file_read_spec(int db){
|
||||
|
||||
*db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD));
|
||||
|
||||
+ if (*db_order == NULL){
|
||||
+ error(1,"malloc for *db_order failed in %s", __func__);
|
||||
+ }
|
||||
+
|
||||
while ((i=db_scan())!=TNEWLINE){
|
||||
switch (i) {
|
||||
|
||||
|
@ -1,21 +0,0 @@
|
||||
diff -Naur aide-0.16.orig/src/db_disk.c aide-0.16/src/db_disk.c
|
||||
--- aide-0.16.orig/src/db_disk.c 2024-03-11 16:45:06.594013966 -0400
|
||||
+++ aide-0.16/src/db_disk.c 2024-03-11 16:45:06.584013966 -0400
|
||||
@@ -209,7 +209,7 @@
|
||||
fullname=malloc((conf->root_prefix_length+2)*sizeof(char));
|
||||
strcpy(fullname, conf->root_prefix);
|
||||
strcat (fullname, "/");
|
||||
- if (!get_file_status(&fullname[conf->root_prefix_length], &fs)) {
|
||||
+ if (!get_file_status(fullname, &fs)) {
|
||||
add = check_rxtree (&fullname[conf->root_prefix_length], conf->tree, &attr, fs.st_mode);
|
||||
error (240, "%s match=%d, tree=%p, attr=%llu\n", &fullname[conf->root_prefix_length], add,
|
||||
conf->tree, attr);
|
||||
@@ -255,7 +255,7 @@
|
||||
If not call, db_readline_disk again...
|
||||
*/
|
||||
|
||||
- if (get_file_status(&fullname[conf->root_prefix_length], &fs)) {
|
||||
+ if (get_file_status(fullname, &fs)) {
|
||||
free (fullname);
|
||||
goto recursion;
|
||||
}
|
141
SPECS/aide.spec
141
SPECS/aide.spec
@ -1,11 +1,9 @@
|
||||
Summary: Intrusion detection environment
|
||||
Name: aide
|
||||
Version: 0.16
|
||||
Release: 102%{?dist}
|
||||
Release: 14%{?dist}.1
|
||||
URL: http://sourceforge.net/projects/aide
|
||||
License: GPLv2+
|
||||
|
||||
|
||||
Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: aide.conf
|
||||
Source2: README.quickstart
|
||||
@ -22,25 +20,25 @@ BuildRequires: libacl-devel
|
||||
BuildRequires: pkgconfig(libselinux)
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: e2fsprogs-devel
|
||||
BuildRequires: audit-libs-devel
|
||||
BuildRequires: autoconf automake libtool
|
||||
Buildrequires: audit-libs-devel
|
||||
|
||||
Requires: libgcrypt >= 1.8.5
|
||||
|
||||
# Customize the database file location in the man page.
|
||||
Patch1: aide-0.16rc1-man.patch
|
||||
# fix aide in FIPS mode
|
||||
Patch2: aide-0.16b1-fipsfix.patch
|
||||
# Bug 1674637 - aide: FTBFS in Fedora rawhide/f30
|
||||
Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch
|
||||
|
||||
Patch4: aide-0.15-syslog-format.patch
|
||||
Patch5: aide-0.16-crypto-disable-haval-and-others.patch
|
||||
Patch6: coverity.patch
|
||||
Patch7: aide-0.16-crash-elf.patch
|
||||
Patch8: aide-configure.patch
|
||||
Patch9: aide-static-analysis.patch
|
||||
Patch10: aide-0.16-CVE-2021-45417.patch
|
||||
Patch11: aide-db-problem.patch
|
||||
Patch12: rootPrefix.patch
|
||||
Patch3: aide-0.15-syslog-format.patch
|
||||
Patch4: aide-0.16-crypto-disable-haval-and-others.patch
|
||||
Patch5: coverity.patch
|
||||
Patch6: aide-0.16-crash-elf.patch
|
||||
|
||||
# 1676487 - Null pointer dereference fix spotted by coverity
|
||||
Patch7: coverity2.patch
|
||||
|
||||
# 2041956 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
|
||||
Patch8: aide-0.16-CVE-2021-45417.patch
|
||||
|
||||
%description
|
||||
AIDE (Advanced Intrusion Detection Environment) is a file integrity
|
||||
@ -48,10 +46,10 @@ checker and intrusion detection program.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
|
||||
cp -a %{S:2} .
|
||||
|
||||
%build
|
||||
autoreconf -ivf
|
||||
%configure \
|
||||
--disable-static \
|
||||
--with-config_file=%{_sysconfdir}/aide.conf \
|
||||
@ -62,9 +60,8 @@ autoreconf -ivf
|
||||
--with-selinux \
|
||||
--with-xattr \
|
||||
--with-e2fsattrs \
|
||||
--with-audit \
|
||||
--with-confighmactype=sha512 \
|
||||
--with-dbhmactype=sha512
|
||||
--with-audit
|
||||
|
||||
%make_build
|
||||
|
||||
%install
|
||||
@ -87,77 +84,57 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
|
||||
%dir %attr(0700,root,root) %{_localstatedir}/log/aide
|
||||
|
||||
%changelog
|
||||
* Fri May 17 2024 Radovan Sroka <rsroka@redhat.com> - 0.16-102
|
||||
RHEL 9.5.0 ERRATUM
|
||||
- aide fails with "Not enough parameters in db:15384. Trying to continue." unexpectedly
|
||||
Resolves: RHEL-27606
|
||||
- AIDE fails when using root_prefix option
|
||||
Resolves: RHEL-28882
|
||||
* Tue Jan 25 2022 Radovan Sroka <rsroka@redhat.com> - 0.16.14.1
|
||||
- backported fix for CVE-2021-45417
|
||||
resolves: rhbz#2041956
|
||||
|
||||
* Mon Jan 24 2022 Radovan Sroka <rsroka@redhat.com> - 0.16-100
|
||||
- backport fix for CVE-2021-45417
|
||||
Resolves: rhbz#2041950
|
||||
* Tue Jun 30 2020 Radovan Sroka <rsroka@redhat.com> = 0.16.14
|
||||
- strict require for libgcrypt
|
||||
resolves: rhbz#1852407
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-21
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Tue May 19 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-13
|
||||
- RHEL 8.3
|
||||
- minor edit of aide.conf to make it consistent
|
||||
resolves: rhbz#1740754
|
||||
|
||||
* Thu May 27 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-20
|
||||
- fix configuration option with-dbhmactype
|
||||
- do not use sha1 and md5 by default
|
||||
Resolves: rhbz#1935457
|
||||
- fix important static analysis issues
|
||||
Resolves: rhbz#1938676
|
||||
* Mon Apr 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.16-12
|
||||
- RHEL 8.3
|
||||
- minor edit of aide.conf
|
||||
resolves: rhbz#1740754
|
||||
- do not generate false warnings when report_ignore_e2fsattrs is specified in aide.conf
|
||||
resolves: rhbz#1806323
|
||||
|
||||
* Mon May 10 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19
|
||||
- use gating and config file from rhel-8.5
|
||||
- remove check of periodically changing files
|
||||
Resolves: rhbz#1957656
|
||||
- config cleanup
|
||||
Resolves: rhbz#1957654
|
||||
* Wed Jul 24 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-11
|
||||
- rebuild
|
||||
- minor edit of aide.conf
|
||||
|
||||
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.16-18
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-10
|
||||
- respin
|
||||
- minor edit of aide.conf
|
||||
|
||||
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-17
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
* Tue Jul 23 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-9
|
||||
- Null pointer dereference fix spotted by coverity
|
||||
resolves: rhbz#1676487
|
||||
- aide.conf needs updates for RHEL 8
|
||||
resolves: rhbz#1708015
|
||||
|
||||
* Fri Jul 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-16
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
* Tue Oct 09 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-8
|
||||
- fixed wrong line wrapping of messages in the syslog format
|
||||
resolves: rhbz#1628153
|
||||
- fixed coverity issues
|
||||
resolves: rhbz#1602441
|
||||
- fixed crash when processing .dynamic section
|
||||
resolves: rhbz#1597250
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-15
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
* Wed Aug 29 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-7
|
||||
- fixed crypto problem with libgcrypt (fips)
|
||||
- resolves: rhbz#1623045
|
||||
|
||||
* Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> 0.16-14
|
||||
- AIDE breaks when setting report_ignore_e2fsattrs
|
||||
Resolves: rhbz#1850276
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jul 31 2019 Radovan Sroka <rsroka@redhat.com> - 0.16-12
|
||||
- backport some patches
|
||||
Resolves: rhbz#1717140
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Wed Feb 20 2019 Daniel Kopecek <dkopecek@redhat.com> - 0.16-10
|
||||
- Fix building with curl
|
||||
Resolves: rhbz#1674637
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 0.16-8
|
||||
- Rebuild with fixed binutils
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.16-6
|
||||
- Rebuild
|
||||
* Wed Aug 22 2018 Radovan Sroka <rsroka@redhat.com> - 0.16-6
|
||||
- ported syslog format from rhel7
|
||||
resolves: rhbz#1584136
|
||||
- fixed crypto problem with libgcrypt
|
||||
resolves: rhbz#1584120
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
Loading…
Reference in New Issue
Block a user