From ebd9848d2a59d846170cc6e6ff0907fddc6792cf Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 26 Jul 2017 02:40:24 +0000 Subject: [PATCH 01/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 44e908e..39ea484 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 2%{?dist} +Release: 3%{?dist} URL: http://sourceforge.net/projects/%{name} License: GPLv2+ Group: Applications/System @@ -78,6 +78,9 @@ install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide %changelog +* Wed Jul 26 2017 Fedora Release Engineering - 0.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Wed Apr 05 2017 Radovan Sroka - 0.16-2 - fixed upstream link From ea9c1c9ba05ff0b86352e61d5a56df7ecbcb884f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 2 Aug 2017 17:26:55 +0000 Subject: [PATCH 02/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 39ea484..cca2171 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 3%{?dist} +Release: 4%{?dist} URL: http://sourceforge.net/projects/%{name} License: GPLv2+ Group: Applications/System @@ -78,6 +78,9 @@ install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide %changelog +* Wed Aug 02 2017 Fedora Release Engineering - 0.16-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Wed Jul 26 2017 Fedora Release Engineering - 0.16-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From b037feba451307f69cd5e1827c98b22ec4408c7d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 7 Feb 2018 02:00:09 +0000 Subject: [PATCH 03/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index cca2171..4681c42 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 4%{?dist} +Release: 5%{?dist} URL: http://sourceforge.net/projects/%{name} License: GPLv2+ Group: Applications/System @@ -78,6 +78,9 @@ install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide %changelog +* Wed Feb 07 2018 Fedora Release Engineering - 0.16-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Wed Aug 02 2017 Fedora Release Engineering - 0.16-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From d000c4ffe9a4518d0bd520f251ae00644e36595c Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Tue, 20 Feb 2018 17:02:01 +0100 Subject: [PATCH 04/58] fix FTBFS Signed-off-by: Igor Gnatenko --- aide.spec | 99 ++++++++++++++++++++++++++----------------------------- 1 file changed, 46 insertions(+), 53 deletions(-) diff --git a/aide.spec b/aide.spec index 4681c42..70cfe3c 100644 --- a/aide.spec +++ b/aide.spec @@ -1,82 +1,75 @@ -Summary: Intrusion detection environment -Name: aide -Version: 0.16 -Release: 5%{?dist} -URL: http://sourceforge.net/projects/%{name} -License: GPLv2+ -Group: Applications/System +Summary: Intrusion detection environment +Name: aide +Version: 0.16 +Release: 5%{?dist} +URL: http://sourceforge.net/projects/aide +License: GPLv2+ -Source0: https://sourceforge.net/projects/%{name}/files/aide/%{version}/%{name}-%{version}.tar.gz -Source1: aide.conf -Source2: README.quickstart -Source3: aide.logrotate - - -BuildRequires: mktemp -BuildRequires: elfutils-libelf-devel -Buildrequires: zlib-devel libgcrypt-devel -Buildrequires: flex bison -Buildrequires: libattr-devel e2fsprogs-devel -Buildrequires: libacl-devel libselinux-devel -Buildrequires: audit-libs-devel >= 1.2.8-2 +Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz +Source1: aide.conf +Source2: README.quickstart +Source3: aide.logrotate +BuildRequires: gcc +BuildRequires: make +BuildRequires: bison flex +BuildRequires: pcre-devel +BuildRequires: libgpg-error-devel libgcrypt-devel +BuildRequires: zlib-devel +BuildRequires: libcurl-devel +BuildRequires: libacl-devel +BuildRequires: pkgconfig(libselinux) +BuildRequires: libattr-devel +BuildRequires: e2fsprogs-devel +Buildrequires: audit-libs-devel # Customize the database file location in the man page. Patch1: aide-0.16rc1-man.patch # fix aide in FIPS mode Patch2: aide-0.16b1-fipsfix.patch - %description AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. - %prep -%setup -q -%patch1 -p1 -b .man -%patch2 -p1 -b .fipsfix - +%autosetup -p1 +cp -a %{S:2} . %build -%configure --with-config_file=%{_sysconfdir}/aide.conf \ - --with-zlib \ - --disable-static \ - --with-posix-acl \ - --with-selinux \ - --with-xattr \ - --with-e2fsattrs \ - --with-audit - - -make - +%configure \ + --disable-static \ + --with-config_file=%{_sysconfdir}/aide.conf \ + --with-gcrypt \ + --with-zlib \ + --with-curl \ + --with-posix-acl \ + --with-selinux \ + --with-xattr \ + --with-e2fsattrs \ + --with-audit +%make_build %install -rm -rf $RPM_BUILD_ROOT -make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/aide -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} -install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir} -mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide -install -p %{SOURCE2} README.quickstart -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d -install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide - +%make_install bindir=%{_sbindir} +install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{S:1} +install -Dpm0644 %{S:3} %{buildroot}%{_sysconfdir}/logrotate.d/aide +mkdir -p %{buildroot}%{_localstatedir}/log/aide +mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %files -%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/ +%license COPYING +%doc AUTHORS ChangeLog NEWS README doc/manual.html contrib/ %doc README.quickstart -%attr(0755,root,root) %{_sbindir}/aide -%{_mandir}/man1/* -%{_mandir}/man5/* +%{_sbindir}/aide +%{_mandir}/man1/*.1* +%{_mandir}/man5/*.5* %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf %config(noreplace) %{_sysconfdir}/logrotate.d/aide %dir %attr(0700,root,root) %{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide - %changelog * Wed Feb 07 2018 Fedora Release Engineering - 0.16-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From d99ec07631897faf5e4b70403ceac6759e9d0567 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Tue, 20 Feb 2018 17:07:48 +0100 Subject: [PATCH 05/58] rebuild Signed-off-by: Igor Gnatenko --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 70cfe3c..8f53c8f 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 5%{?dist} +Release: 6%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -71,6 +71,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Tue Feb 20 2018 Igor Gnatenko - 0.16-6 +- Rebuild + * Wed Feb 07 2018 Fedora Release Engineering - 0.16-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From 1d3e00e10ebcb18c142626b8da881d089ce23f27 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 12 Jul 2018 20:04:04 +0000 Subject: [PATCH 06/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 8f53c8f..b83b175 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 6%{?dist} +Release: 7%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -71,6 +71,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Thu Jul 12 2018 Fedora Release Engineering - 0.16-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Tue Feb 20 2018 Igor Gnatenko - 0.16-6 - Rebuild From 1056316ebd62dc07e1edd2aed461bfd6190bbfc9 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Tue, 31 Jul 2018 10:38:25 +0200 Subject: [PATCH 07/58] Rebuild with fixed binutils --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index b83b175..ad5d8f7 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 7%{?dist} +Release: 8%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -71,6 +71,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Tue Jul 31 2018 Florian Weimer - 0.16-8 +- Rebuild with fixed binutils + * Thu Jul 12 2018 Fedora Release Engineering - 0.16-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 264113e1f4355be25e6129f3ffeb322b00d2c53a Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 31 Jan 2019 13:05:29 +0000 Subject: [PATCH 08/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index ad5d8f7..397e1bb 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 8%{?dist} +Release: 9%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -71,6 +71,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Thu Jan 31 2019 Fedora Release Engineering - 0.16-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Tue Jul 31 2018 Florian Weimer - 0.16-8 - Rebuild with fixed binutils From b919234a9d10c16cec07e41b88ad89dc246bb279 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= Date: Wed, 20 Feb 2019 12:19:22 +0100 Subject: [PATCH 09/58] Fix building with curl Resolves: rhbz#1674637 --- ...ding-curl-library-to-the-linker-comm.patch | 58 +++++++++++++++++++ aide.spec | 12 +++- 2 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch diff --git a/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch b/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch new file mode 100644 index 0000000..0c4fc17 --- /dev/null +++ b/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch @@ -0,0 +1,58 @@ +From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= +Date: Wed, 20 Feb 2019 12:00:56 +0100 +Subject: [PATCH] Use LDADD for adding curl library to the linker command + +--- + Makefile.am | 2 +- + configure.ac | 5 +++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 4b05d7a..1541d56 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -55,7 +55,7 @@ if USE_CURL + aide_SOURCES += include/fopen.h src/fopen.c + endif + +-aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ ++aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@ + AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g + AM_CPPFLAGS = -I$(top_srcdir) \ + -I$(top_srcdir)/include \ +diff --git a/configure.ac b/configure.ac +index 3598ebe..0418c59 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then + compoptionstring="${compoptionstring}WITH_ZLIB\\n" + fi + ++CURLLIB= + if test x$with_curl = xyes; then + AC_PATH_PROG(curlconfig, "curl-config") + if test "_$curlconfig" != _ ; then + CURL_CFLAGS=`$curlconfig --cflags` +- CURL_LIBS=`$curlconfig --libs` ++ CURLLIB=`$curlconfig --libs` + else + AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.]) + fi + AC_CHECK_HEADERS(curl/curl.h,, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) + CFLAGS="$CFLAGS $CURL_CFLAGS" +- LDFLAGS="$LDFLAGS $CURL_LIBS" + AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] + ) + AC_DEFINE(WITH_CURL,1,[use curl]) + compoptionstring="${compoptionstring}WITH_CURL\\n" + fi ++AC_SUBST(CURLLIB) + AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes) + + AC_ARG_WITH(mhash, +-- +2.20.1 + diff --git a/aide.spec b/aide.spec index 397e1bb..5ea67b9 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 9%{?dist} +Release: 10%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -22,12 +22,15 @@ BuildRequires: libacl-devel BuildRequires: pkgconfig(libselinux) BuildRequires: libattr-devel BuildRequires: e2fsprogs-devel -Buildrequires: audit-libs-devel +BuildRequires: audit-libs-devel +BuildRequires: autoconf automake libtool # Customize the database file location in the man page. Patch1: aide-0.16rc1-man.patch # fix aide in FIPS mode Patch2: aide-0.16b1-fipsfix.patch +# Bug 1674637 - aide: FTBFS in Fedora rawhide/f30 +Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch %description AIDE (Advanced Intrusion Detection Environment) is a file integrity @@ -38,6 +41,7 @@ checker and intrusion detection program. cp -a %{S:2} . %build +autoreconf -ivf %configure \ --disable-static \ --with-config_file=%{_sysconfdir}/aide.conf \ @@ -71,6 +75,10 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Feb 20 2019 Daniel Kopecek - 0.16-10 +- Fix building with curl + Resolves: rhbz#1674637 + * Thu Jan 31 2019 Fedora Release Engineering - 0.16-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 01fb10fd3a58cf1310edd3e88c8a7be39f8c5c71 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jul 2019 17:39:58 +0000 Subject: [PATCH 10/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 5ea67b9..e7209d9 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 10%{?dist} +Release: 11%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -75,6 +75,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jul 24 2019 Fedora Release Engineering - 0.16-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Wed Feb 20 2019 Daniel Kopecek - 0.16-10 - Fix building with curl Resolves: rhbz#1674637 From 8998ee351b7d8dd5474441949fa3ca33dc31e537 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 31 Jul 2019 14:30:19 +0200 Subject: [PATCH 11/58] Backport some patches Resolves: rhbz#1717140 --- aide-0.15-syslog-format.patch | 496 ++++++++++++++ aide-0.16-crash-elf.patch | 17 + ...0.16-crypto-disable-haval-and-others.patch | 153 +++++ aide.spec | 14 +- coverity.patch | 642 ++++++++++++++++++ coverity2.patch | 31 + 6 files changed, 1350 insertions(+), 3 deletions(-) create mode 100644 aide-0.15-syslog-format.patch create mode 100644 aide-0.16-crash-elf.patch create mode 100644 aide-0.16-crypto-disable-haval-and-others.patch create mode 100644 coverity.patch create mode 100644 coverity2.patch diff --git a/aide-0.15-syslog-format.patch b/aide-0.15-syslog-format.patch new file mode 100644 index 0000000..0361434 --- /dev/null +++ b/aide-0.15-syslog-format.patch @@ -0,0 +1,496 @@ +diff -up ./doc/aide.conf.5.in.syslog_format ./doc/aide.conf.5.in +--- ./doc/aide.conf.5.in.syslog_format 2016-07-25 22:58:12.000000000 +0200 ++++ ./doc/aide.conf.5.in 2018-09-27 19:09:09.697371212 +0200 +@@ -57,6 +57,25 @@ inclusive. This parameter can only be gi + occurrence is used. If \-\-verbose or \-V is used then the value from that + is used. The default is 5. If verbosity is 20 then additional report + output is written when doing \-\-check, \-\-update or \-\-compare. ++.IP "syslog_format" ++Valid values are yes,true,no and false. This option enables new syslog format ++which is suitable for logging. Every change is logged as one simple line. This option ++changes verbose level to 0 and prints everything that was changed. It is suggested ++to use this option with "report_url=syslog:...". Default value is "false/no". ++Maximum size of message is 1KB which is limitation of syslog call. If message is ++greater than limit, message will be truncated. ++Option summarize_changes has no impact for this format. ++.nf ++.eo ++ ++Output always starts with: ++"AIDE found differences between database and filesystem!!" ++And it is followed by summary: ++summary;total_number_of_files=1000;added_files=0;removed_files=0;changed_files=1 ++And finally there are logs about changes: ++dir=/usr/sbin;Mtime_old=0000-00-00 00:00:00;Mtime_new=0000-00-00 00:00:00;... ++.ec ++.fi + .IP "report_url" + The url that the output is written to. There can be multiple instances + of this parameter. Output is written to all of them. The default is +diff -up ./include/db_config.h.syslog_format ./include/db_config.h +--- ./include/db_config.h.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/db_config.h 2018-09-27 19:09:09.697371212 +0200 +@@ -311,6 +311,7 @@ typedef struct db_config { + FILE* db_out; + + int config_check; ++ int syslog_format; + + struct md_container *mdc_in; + struct md_container *mdc_out; +diff -up ./src/aide.c.syslog_format ./src/aide.c +--- ./src/aide.c.syslog_format 2018-09-27 19:09:09.695371197 +0200 ++++ ./src/aide.c 2018-09-27 19:09:09.698371220 +0200 +@@ -283,6 +283,7 @@ static void setdefaults_before_config() + } + + /* Setting some defaults */ ++ conf->syslog_format=0; + conf->report_db=0; + conf->tree=NULL; + conf->config_check=0; +@@ -495,6 +496,10 @@ static void setdefaults_after_config() + if(conf->verbose_level==-1){ + conf->verbose_level=5; + } ++ if(conf->syslog_format==1){ ++ conf->verbose_level=0; ++ } ++ + } + + +diff -up ./src/compare_db.c.syslog_format ./src/compare_db.c +--- ./src/compare_db.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/compare_db.c 2018-09-27 19:09:09.698371220 +0200 +@@ -110,7 +110,7 @@ const DB_ATTR_TYPE details_attributes[] + #endif + }; + +-const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") ++const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") + #ifdef WITH_MHASH + , _("CRC32"), _("HAVAL"), _("GOST"), _("CRC32B"), _("WHIRLPOOL") + #endif +@@ -269,12 +269,19 @@ static int xattrs2array(xattrs_type* xat + if ((len == xattrs->ents[num - 1].vsz) || ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) { + length = 8 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); + (*values)[num]=malloc(length *sizeof(char)); +- snprintf((*values)[num], length , "[%.*zd] %s = %s", width, num, xattrs->ents[num - 1].key, val); ++ ++ char * fmt = "[%.*zd] %s = %s"; ++ if (conf->syslog_format) fmt = "[%.*zd]%s=%s"; // its smaller so it has to be enough space allocated. ++ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); ++ + } else { + val = encode_base64(xattrs->ents[num - 1].val, xattrs->ents[num - 1].vsz); + length = 10 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); + (*values)[num]=malloc( length *sizeof(char)); +- snprintf((*values)[num], length , "[%.*zd] %s <=> %s", width, num, xattrs->ents[num - 1].key, val); ++ ++ char * fmt = "[%.*zd] %s <=> %s"; ++ if (conf->syslog_format) fmt = "[%.*zd]%s<=>%s"; // its smaller so it has to be enough space allocated. ++ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); + free(val); + } + } +@@ -302,6 +309,26 @@ static int acl2array(acl_type* acl, char + } + if (acl->acl_a || acl->acl_d) { + int j, k, i; ++ if (conf->syslog_format) { ++ *values = malloc(2 * sizeof(char*)); ++ ++ char *A, *D = ""; ++ ++ if (acl->acl_a) { A = acl->acl_a; } ++ if (acl->acl_d) { D = acl->acl_d; } ++ ++ (*values)[0] = (char*) malloc(strlen(A) + 3); // "A:" and \0 ++ snprintf((*values)[0], strlen(A) + 3, "A:%s", A); ++ ++ (*values)[1] = (char*) malloc(strlen(D) + 3); // "D:" and \0 ++ snprintf((*values)[1], strlen(D) + 3, "D:%s", D); ++ ++ i = 0; while ( (*values)[0][i] ) { if ( (*values)[0][i]=='\n') { (*values)[0][i] = ' '; } i++; } ++ i = 0; while ( (*values)[1][i] ) { if ( (*values)[1][i]=='\n') { (*values)[1][i] = ' '; } i++; } ++ ++ return 2; ++ } ++ + if (acl->acl_a) { i = 0; while (acl->acl_a[i]) { if (acl->acl_a[i++]=='\n') { n++; } } } + if (acl->acl_d) { i = 0; while (acl->acl_d[i]) { if (acl->acl_d[i++]=='\n') { n++; } } } + *values = malloc(n * sizeof(char*)); +@@ -338,25 +365,25 @@ static char* e2fsattrs2string(unsigned l + + static char* get_file_type_string(mode_t mode) { + switch (mode & S_IFMT) { +- case S_IFREG: return _("File"); +- case S_IFDIR: return _("Directory"); ++ case S_IFREG: return conf->syslog_format ? "file" : _("File"); ++ case S_IFDIR: return conf->syslog_format ? "dir" : _("Directory"); + #ifdef S_IFIFO +- case S_IFIFO: return _("FIFO"); ++ case S_IFIFO: return conf->syslog_format ? "fifo" : _("FIFO"); + #endif +- case S_IFLNK: return _("Link"); +- case S_IFBLK: return _("Block device"); +- case S_IFCHR: return _("Character device"); ++ case S_IFLNK: return conf->syslog_format ? "link" : _("Link"); ++ case S_IFBLK: return conf->syslog_format ? "blockd" : _("Block device"); ++ case S_IFCHR: return conf->syslog_format ? "chard" : _("Character device"); + #ifdef S_IFSOCK +- case S_IFSOCK: return _("Socket"); ++ case S_IFSOCK: return conf->syslog_format ? "socket" : _("Socket"); + #endif + #ifdef S_IFDOOR +- case S_IFDOOR: return _("Door"); ++ case S_IFDOOR: return conf->syslog_format ? "door" : _("Door"); + #endif + #ifdef S_IFPORT +- case S_IFPORT: return _("Port"); ++ case S_IFPORT: return conf->syslog_format ? "port" : _("Port"); + #endif + case 0: return NULL; +- default: return _("Unknown file type"); ++ default: return conf->syslog_format ? "unknown" : _("Unknown file type"); + } + } + +@@ -554,6 +581,51 @@ static void print_dbline_attributes(db_l + } + } + ++ ++static void print_dbline_attributes_syslog(db_line* oline, db_line* nline, DB_ATTR_TYPE ++ changed_attrs, DB_ATTR_TYPE force_attrs) { ++ char **ovalue, **nvalue; ++ int onumber, nnumber, i, j; ++ int length = sizeof(details_attributes)/sizeof(DB_ATTR_TYPE); ++ DB_ATTR_TYPE attrs; ++ char *file_type = get_file_type_string((nline==NULL?oline:nline)->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s", (nline==NULL?oline:nline)->filename); ++ attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs); ++ for (j=0; j < length; ++j) { ++ if (details_attributes[j]&attrs) { ++ onumber=get_attribute_values(details_attributes[j], oline, &ovalue); ++ nnumber=get_attribute_values(details_attributes[j], nline, &nvalue); ++ ++ if (details_attributes[j] == DB_ACL || details_attributes[j] == DB_XATTRS) { ++ ++ error(0, ";%s_old=|", details_string[j]); ++ ++ for (i = 0 ; i < onumber ; i++) { ++ error(0, "%s|", ovalue[i]); ++ } ++ ++ error(0, ";%s_new=|", details_string[j]); ++ ++ for (i = 0 ; i < nnumber ; i++) { ++ error(0, "%s|", nvalue[i]); ++ } ++ ++ } else { ++ ++ error(0, ";%s_old=%s;%s_new=%s", details_string[j], *ovalue, details_string[j], *nvalue); ++ ++ } ++ ++ for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL; ++ for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL; ++ } ++ } ++ error(0, "\n"); ++} ++ + static void print_attributes_added_node(db_line* line) { + print_dbline_attributes(NULL, line, 0, line->attr); + } +@@ -562,6 +634,26 @@ static void print_attributes_removed_nod + print_dbline_attributes(line, NULL, 0, line->attr); + } + ++static void print_attributes_added_node_syslog(db_line* line) { ++ ++ char *file_type = get_file_type_string(line->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s; added\n", line->filename); ++ ++} ++ ++static void print_attributes_removed_node_syslog(db_line* line) { ++ ++ char *file_type = get_file_type_string(line->perm); ++ if (file_type) { ++ error(0,"%s=", file_type); ++ } ++ error(0,"%s; removed\n", line->filename); ++ ++} ++ + static void terse_report(seltree* node) { + list* r=NULL; + if ((node->checked&(DB_OLD|DB_NEW)) != 0) { +@@ -626,6 +718,26 @@ static void print_report_details(seltree + } + } + ++static void print_syslog_format(seltree* node) { ++ list* r=NULL; ++ ++ if (node->checked&NODE_CHANGED) { ++ print_dbline_attributes_syslog(node->old_data, node->new_data, node->changed_attrs, forced_attrs); ++ } ++ ++ if (node->checked&NODE_ADDED) { ++ print_attributes_added_node_syslog(node->new_data); ++ } ++ ++ if (node->checked&NODE_REMOVED) { ++ print_attributes_removed_node_syslog(node->old_data); ++ } ++ ++ for(r=node->childs;r;r=r->next){ ++ print_syslog_format((seltree*)r->data); ++ } ++} ++ + static void print_report_header() { + char *time; + int first = 1; +@@ -747,39 +859,53 @@ int gen_report(seltree* node) { + send_audit_report(); + #endif + if ((nadd|nrem|nchg) > 0 || conf->report_quiet == 0) { +- print_report_header(); +- if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { +- if (conf->grouped) { +- if (nadd) { +- error(2,(char*)report_top_format,_("Added entries")); +- print_report_list(node, NODE_ADDED); +- } +- if (nrem) { +- error(2,(char*)report_top_format,_("Removed entries")); +- print_report_list(node, NODE_REMOVED); +- } +- if (nchg) { +- error(2,(char*)report_top_format,_("Changed entries")); +- print_report_list(node, NODE_CHANGED); +- } +- } else if (nadd || nrem || nchg) { +- if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } +- else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } +- else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } +- else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } +- else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } +- else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } +- else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } +- print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); +- } +- if (nadd || nrem || nchg) { +- error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); +- print_report_details(node); +- } +- } +- print_report_databases(); +- conf->end_time=time(&(conf->end_time)); +- print_report_footer(); ++ ++ if (!conf->syslog_format) { ++ print_report_header(); ++ } ++ ++ if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { ++ if (!conf->syslog_format && conf->grouped) { ++ if (nadd) { ++ error(2,(char*)report_top_format,_("Added entries")); ++ print_report_list(node, NODE_ADDED); ++ } ++ if (nrem) { ++ error(2,(char*)report_top_format,_("Removed entries")); ++ print_report_list(node, NODE_REMOVED); ++ } ++ if (nchg) { ++ error(2,(char*)report_top_format,_("Changed entries")); ++ print_report_list(node, NODE_CHANGED); ++ } ++ } else if (!conf->syslog_format && ( nadd || nrem || nchg ) ) { ++ if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } ++ else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } ++ else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } ++ else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } ++ else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } ++ else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } ++ else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } ++ print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); ++ } ++ if (nadd || nrem || nchg) { ++ if (!conf->syslog_format) { ++ error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); ++ print_report_details(node); ++ } else { ++ /* Syslog Format */ ++ error(0, "AIDE found differences between database and filesystem!!\n"); ++ error(0, "summary;total_number_of_files=%ld;added_files=%ld;" ++ "removed_files=%ld;changed_files=%ld\n",ntotal,nadd,nrem,nchg); ++ print_syslog_format(node); ++ } ++ } ++ } ++ if (!conf->syslog_format) { ++ print_report_databases(); ++ conf->end_time=time(&(conf->end_time)); ++ print_report_footer(); ++ } + } + + return conf->action&(DO_COMPARE|DO_DIFF) ? (nadd!=0)*1+(nrem!=0)*2+(nchg!=0)*4 : 0; +diff -up ./src/conf_lex.l.syslog_format ./src/conf_lex.l +--- ./src/conf_lex.l.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/conf_lex.l 2018-09-27 19:09:09.698371220 +0200 +@@ -401,6 +401,12 @@ int var_in_conflval=0; + return (TROOT_PREFIX); + } + ++^[\t\ ]*"syslog_format"{E} { ++ error(230,"%li:syslog_format =\n",conf_lineno); ++ BEGIN CONFVALHUNT; ++ return (SYSLOG_FORMAT); ++} ++ + ^[\t\ ]*"recstop"{E} { + error(230,"%li:recstop =\n",conf_lineno); + BEGIN CONFVALHUNT; +diff -up ./src/conf_yacc.y.syslog_format ./src/conf_yacc.y +--- ./src/conf_yacc.y.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/conf_yacc.y 2018-09-27 19:09:09.699371228 +0200 +@@ -89,6 +89,7 @@ extern long conf_lineno; + %token TREPORT_URL + %token TGZIPDBOUT + %token TROOT_PREFIX ++%token SYSLOG_FORMAT + %token TUMASK + %token TTRUE + %token TFALSE +@@ -160,7 +161,7 @@ line : rule | equrule | negrule | define + | ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt + | groupdef | db_in | db_out | db_new | db_attrs | verbose | report_detailed_init | config_version + | database_add_metadata | report | gzipdbout | root_prefix | report_base16 | report_quiet +- | report_ignore_e2fsattrs | recursion_stopper | warn_dead_symlinks | grouped ++ | report_ignore_e2fsattrs | syslogformat | recursion_stopper | warn_dead_symlinks | grouped + | summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt + | TEOF { + newlinelastinconfig=1; +@@ -408,6 +409,15 @@ conf->gzip_dbout=0; + #endif + } ; + ++syslogformat : SYSLOG_FORMAT TTRUE { ++conf->syslog_format=1; ++} | ++ SYSLOG_FORMAT TFALSE { ++conf->syslog_format=0; ++} ; ++ ++ ++ + recursion_stopper : TRECSTOP TSTRING { + /* FIXME implement me */ + +diff -up ./src/error.c.syslog_format ./src/error.c +--- ./src/error.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/error.c 2018-09-27 19:13:40.312416750 +0200 +@@ -38,6 +38,9 @@ + /*for locale support*/ + #include "util.h" + ++#define MAX_BUFFER_SIZE 1024 ++static char syslog_buffer[MAX_BUFFER_SIZE+1]; ++ + int cmp_url(url_t* url1,url_t* url2){ + + return ((url1->type==url2->type)&&(strcmp(url1->value,url2->value)==0)); +@@ -48,7 +51,9 @@ int error_init(url_t* url,int initial) + { + list* r=NULL; + FILE* fh=NULL; +- int sfac; ++ int sfac; ++ ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); + + if (url->type==url_database) { + conf->report_db++; +@@ -163,13 +168,24 @@ void error(int errorlevel,char* error_ms + } + #ifdef HAVE_SYSLOG + if(conf->initial_report_url->type==url_syslog){ +-#ifdef HAVE_VSYSLOG +- vsyslog(SYSLOG_PRIORITY,error_msg,ap); +-#else +- char buf[1024]; +- vsnprintf(buf,1024,error_msg,ap); +- syslog(SYSLOG_PRIORITY,"%s",buf); +-#endif ++ ++ char buff[MAX_BUFFER_SIZE+1]; ++ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); ++ size_t buff_len = strlen(buff); ++ ++ char result_buff[MAX_BUFFER_SIZE+1]; ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); ++#pragma GCC diagnostic pop ++ ++ if(buff[buff_len-1] == '\n'){ ++ syslog(SYSLOG_PRIORITY,"%s",result_buff); ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); ++ } else { ++ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); ++ } ++ + va_end(ap); + return; + } +@@ -181,17 +197,25 @@ void error(int errorlevel,char* error_ms + + #ifdef HAVE_SYSLOG + if (conf->report_syslog!=0) { +-#ifdef HAVE_VSYSLOG +- va_start(ap,error_msg); +- vsyslog(SYSLOG_PRIORITY,error_msg,ap); +- va_end(ap); +-#else +- char buf[1024]; +- va_start(ap,error_msg); +- vsnprintf(buf,1024,error_msg,ap); ++ va_start(ap, error_msg); ++ ++ char buff[MAX_BUFFER_SIZE+1]; ++ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); ++ size_t buff_len = strlen(buff); ++ ++ char result_buff[MAX_BUFFER_SIZE+1]; ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-truncation" ++ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); ++#pragma GCC diagnostic pop ++ ++ if(buff[buff_len-1] == '\n'){ ++ syslog(SYSLOG_PRIORITY,"%s",result_buff); ++ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); ++ } else { ++ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); ++ } + va_end(ap); +- syslog(SYSLOG_PRIORITY,"%s",buf); +-#endif + } + #endif + diff --git a/aide-0.16-crash-elf.patch b/aide-0.16-crash-elf.patch new file mode 100644 index 0000000..5aa3472 --- /dev/null +++ b/aide-0.16-crash-elf.patch @@ -0,0 +1,17 @@ +--- ./src/do_md.c 2018-03-19 05:10:19.994957024 -0400 ++++ ./src/do_md.c 2018-03-19 05:19:05.829957024 -0400 +@@ -135,8 +135,13 @@ + continue; + + while (!bingo && (data = elf_getdata (scn, data)) != NULL) { +- int maxndx = data->d_size / shdr.sh_entsize; ++ int maxndx; + int ndx; ++ ++ if (shdr.sh_entsize != 0) ++ maxndx = data->d_size / shdr.sh_entsize; ++ else ++ continue; + + for (ndx = 0; ndx < maxndx; ++ndx) { + (void) gelf_getdyn (data, ndx, &dyn); diff --git a/aide-0.16-crypto-disable-haval-and-others.patch b/aide-0.16-crypto-disable-haval-and-others.patch new file mode 100644 index 0000000..a066fd9 --- /dev/null +++ b/aide-0.16-crypto-disable-haval-and-others.patch @@ -0,0 +1,153 @@ +diff -up ./include/md.h.crypto ./include/md.h +--- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200 +@@ -149,6 +149,7 @@ int init_md(struct md_container*); + int update_md(struct md_container*,void*,ssize_t); + int close_md(struct md_container*); + void md2line(struct md_container*,struct db_line*); ++DB_ATTR_TYPE get_available_crypto(); + + + #endif /*_MD_H_INCLUDED*/ +diff -up ./src/aide.c.crypto ./src/aide.c +--- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200 ++++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200 +@@ -349,7 +349,7 @@ static void setdefaults_before_config() + + conf->db_attrs = 0; + #if defined(WITH_MHASH) || defined(WITH_GCRYPT) +- conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512; ++ conf->db_attrs |= get_available_crypto(); + #ifdef WITH_MHASH + conf->db_attrs |= DB_GOST; + #ifdef HAVE_MHASH_WHIRLPOOL +diff -up ./src/md.c.crypto ./src/md.c +--- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200 ++++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200 +@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { + return r; + } + ++const char * hash_gcrypt2str(int i) { ++ char * r = "?"; ++#ifdef WITH_GCRYPT ++ switch (i) { ++ case GCRY_MD_MD5: { ++ r = "MD5"; ++ break; ++ } ++ case GCRY_MD_SHA1: { ++ r = "SHA1"; ++ break; ++ } ++ case GCRY_MD_RMD160: { ++ r = "RMD160"; ++ break; ++ } ++ case GCRY_MD_TIGER: { ++ r = "TIGER"; ++ break; ++ } ++ case GCRY_MD_HAVAL: { ++ r = "HAVAL"; ++ break; ++ } ++ case GCRY_MD_SHA256: { ++ r = "SHA256"; ++ break; ++ } ++ case GCRY_MD_SHA512: { ++ r = "SHA512"; ++ break; ++ } ++ case GCRY_MD_CRC32: { ++ r = "CRC32"; ++ break; ++ } ++ default: ++ break; ++ } ++#endif ++ return r; ++} ++ + DB_ATTR_TYPE hash_mhash2attr(int i) { + DB_ATTR_TYPE r=0; + #ifdef WITH_MHASH +@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { + Initialise md_container according it's todo_attr field + */ + ++DB_ATTR_TYPE get_available_crypto() { ++ ++ DB_ATTR_TYPE ret = 0; ++ ++/* ++ * This function is usually called before config processing ++ * and default verbose level is 5 ++ */ ++#define lvl 255 ++ ++ error(lvl, "get_available_crypto called\n"); ++ ++#ifdef WITH_GCRYPT ++ ++ /* ++ * some initialization for FIPS ++ */ ++ gcry_check_version(NULL); ++ error(lvl, "Found algos:"); ++ ++ for(int i=0;i<=HASH_GCRYPT_COUNT;i++) { ++ ++ if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 ) ++ continue; ++ ++ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) { ++ ret |= hash_gcrypt2attr(i); ++ error(lvl, " %s", hash_gcrypt2str(i)); ++ } ++ } ++ error(lvl, "\n"); ++ ++#endif ++ ++ error(lvl, "get_available_crypto_returned with %lld\n", ret); ++ return ret; ++} ++ + int init_md(struct md_container* md) { + + int i; +@@ -201,18 +282,27 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } + for(i=0;i<=HASH_GCRYPT_COUNT;i++) { ++ ++ + if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) { +- DB_ATTR_TYPE h=hash_gcrypt2attr(i); +- error(255,"inserting %llu\n",h); ++ ++ DB_ATTR_TYPE h=hash_gcrypt2attr(i); ++ ++ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) { ++ error(0,"Algo %s is not available\n", hash_gcrypt2str(i)); ++ exit(-1); ++ } ++ ++ error(255,"inserting %llu\n",h); + if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ + md->calc_attr|=h; + } else { +- error(0,"gcry_md_enable %i failed",i); ++ error(0,"gcry_md_enable %i failed\n",i); + md->todo_attr&=~h; + } + } diff --git a/aide.spec b/aide.spec index e7209d9..1294ccc 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 11%{?dist} +Release: 12%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -32,6 +32,11 @@ Patch2: aide-0.16b1-fipsfix.patch # Bug 1674637 - aide: FTBFS in Fedora rawhide/f30 Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch +Patch4: aide-0.15-syslog-format.patch +Patch5: aide-0.16-crypto-disable-haval-and-others.patch +Patch6: coverity.patch +Patch7: aide-0.16-crash-elf.patch + %description AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. @@ -75,6 +80,10 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jul 31 2019 Radovan Sroka - 0.16-12 +- backport some patches + Resolves: rhbz#1717140 + * Wed Jul 24 2019 Fedora Release Engineering - 0.16-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild @@ -109,7 +118,7 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide * Tue Apr 04 2017 Radovan Sroka - 0.16-1 - rebase to stable v0.16 - specfile cleanup -- make doc readable +- make doc readable resolves: #1421355 - make aide binary runable for any user resolves: #1421351 @@ -298,4 +307,3 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide * Sun Sep 07 2003 Michael Schwendt - 0:0.9-0.fdr.0.1.20030902 - Initial package version. - diff --git a/coverity.patch b/coverity.patch new file mode 100644 index 0000000..21535d6 --- /dev/null +++ b/coverity.patch @@ -0,0 +1,642 @@ +diff -up ./include/be.h.coverity ./include/be.h +--- ./include/be.h.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./include/be.h 2018-10-10 19:27:18.680632681 +0200 +@@ -22,6 +22,6 @@ + #define _BE_H_INCLUDED + #include "db_config.h" + +-FILE* be_init(int inout,url_t* u,int iszipped); ++void* be_init(int inout,url_t* u,int iszipped); + + #endif /* _BE_H_INCLUDED */ +diff -up ./include/db_config.h.coverity ./include/db_config.h +--- ./include/db_config.h.coverity 2018-10-10 19:27:18.672632611 +0200 ++++ ./include/db_config.h 2018-10-10 19:27:18.681632689 +0200 +@@ -376,7 +376,7 @@ typedef struct db_config { + #endif + + url_t* initial_report_url; +- FILE* initial_report_fd; ++ void* initial_report_fd; + + /* report_url is a list of url_t*s */ + list* report_url; +diff -up ./src/aide.c.coverity ./src/aide.c +--- ./src/aide.c.coverity 2018-10-10 19:27:18.678632663 +0200 ++++ ./src/aide.c 2018-10-10 19:27:18.681632689 +0200 +@@ -278,7 +278,7 @@ static void setdefaults_before_config() + error(0,_("Couldn't get hostname")); + free(s); + } else { +- s=(char*)realloc((void*)s,strlen(s)+1); ++ // s=(char*)realloc((void*)s,strlen(s)+1); + do_define("HOSTNAME",s); + } + +@@ -506,8 +506,6 @@ static void setdefaults_after_config() + int main(int argc,char**argv) + { + int errorno=0; +- byte* dig=NULL; +- char* digstr=NULL; + + #ifdef USE_LOCALE + setlocale(LC_ALL,""); +@@ -544,6 +542,10 @@ int main(int argc,char**argv) + } + + errorno=commandconf('C',conf->config_file); ++ if (errorno==RETFAIL){ ++ error(0,_("Configuration error\n")); ++ exit(INVALID_CONFIGURELINE_ERROR); ++ } + + errorno=commandconf('D',""); + if (errorno==RETFAIL){ +@@ -594,6 +596,9 @@ int main(int argc,char**argv) + } + } + #ifdef WITH_MHASH ++ byte* dig=NULL; ++ char* digstr=NULL; ++ + if(conf->config_check&&FORCECONFIGMD){ + error(0,"Can't give config checksum when compiled with --enable-forced_configmd\n"); + exit(INVALID_ARGUMENT_ERROR); +diff -up ./src/base64.c.coverity ./src/base64.c +--- ./src/base64.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/base64.c 2018-10-10 19:27:18.681632689 +0200 +@@ -209,6 +209,7 @@ byte* decode_base64(char* src,size_t ssi + case FAIL: + error(3, "decode_base64: Illegal character: %c\n", *inb); + error(230, "decode_base64: Illegal line:\n%s\n", src); ++ free(outbuf); + return NULL; + break; + case SKIP: +@@ -260,7 +261,7 @@ size_t length_base64(char* src,size_t ss + int l; + int left; + size_t pos; +- unsigned long triple; ++ //unsigned long triple; + + error(235, "decode base64\n"); + /* Exit on empty input */ +@@ -273,7 +274,7 @@ size_t length_base64(char* src,size_t ss + inb = src; + + l = 0; +- triple = 0; ++ //triple = 0; + pos=0; + left = ssize; + /* +@@ -293,7 +294,7 @@ size_t length_base64(char* src,size_t ss + case SKIP: + break; + default: +- triple = triple<<6 | (0x3f & i); ++ //triple = triple<<6 | (0x3f & i); + l++; + break; + } +@@ -302,10 +303,10 @@ size_t length_base64(char* src,size_t ss + switch(l) + { + case 2: +- triple = triple>>4; ++ //triple = triple>>4; + break; + case 3: +- triple = triple>>2; ++ //triple = triple>>2; + break; + default: + break; +@@ -314,7 +315,7 @@ size_t length_base64(char* src,size_t ss + { + pos++; + } +- triple = 0; ++ //triple = 0; + l = 0; + } + inb++; +diff -up ./src/be.c.coverity ./src/be.c +--- ./src/be.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/be.c 2018-10-10 19:27:18.681632689 +0200 +@@ -117,9 +117,9 @@ static char* get_first_value(char** in){ + + #endif + +-FILE* be_init(int inout,url_t* u,int iszipped) ++void* be_init(int inout,url_t* u,int iszipped) + { +- FILE* fh=NULL; ++ void* fh=NULL; + long a=0; + char* err=NULL; + int fd; +diff -up ./src/commandconf.c.coverity ./src/commandconf.c +--- ./src/commandconf.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/commandconf.c 2018-10-10 19:27:18.682632698 +0200 +@@ -106,7 +106,7 @@ int commandconf(const char mode,const ch + rv=0; + } else { + +- rv=access(config,R_OK); ++ if (config != NULL) rv=access(config,R_OK); + if(rv==-1){ + error(0,_("Cannot access config file: %s: %s\n"),config,strerror(errno)); + } +@@ -166,14 +166,11 @@ int commandconf(const char mode,const ch + int conf_input_wrapper(char* buf, int max_size, FILE* in) + { + int retval=0; +- int c=0; +- char* tmp=NULL; +- void* key=NULL; +- int keylen=0; + + /* FIXME Add support for gzipped config. :) */ + #ifdef WITH_MHASH + /* Read a character at a time until we are doing md */ ++ int c=0; + if(conf->do_configmd){ + retval=fread(buf,1,max_size,in); + }else { +@@ -185,6 +182,9 @@ int conf_input_wrapper(char* buf, int ma + #endif + + #ifdef WITH_MHASH ++ char* tmp=NULL; ++ void* key=NULL; ++ int keylen=0; + if(conf->do_configmd||conf->config_check){ + if(((conf->do_configmd==1)&&conf->config_check)||!conf->confmd){ + if(conf->do_configmd==1){ +@@ -276,6 +276,9 @@ int db_input_wrapper(char* buf, int max_ + #endif + break; + } ++ default: { ++ return 0; ++ } + } + + #ifdef WITH_CURL +@@ -651,7 +654,6 @@ int handle_endif(int doit,int allow_else + case 0 : { + conferror("@@endif or @@else expected"); + return -1; +- count=0; + } + + default : { +@@ -816,6 +818,7 @@ void do_dbdef(int dbtype,char* val) + if(u==NULL||u->type==url_unknown||u->type==url_stdout + ||u->type==url_stderr) { + error(0,_("Unsupported input URL-type:%s\n"),val); ++ free(u); + } + else { + *conf_db_url=u; +@@ -825,6 +828,7 @@ void do_dbdef(int dbtype,char* val) + case DB_WRITE: { + if(u==NULL||u->type==url_unknown||u->type==url_stdin){ + error(0,_("Unsupported output URL-type:%s\n"),val); ++ free(u); + } + else{ + conf->db_out_url=u; +@@ -848,6 +852,7 @@ void do_dbindef(char* val) + if(u==NULL||u->type==url_unknown||u->type==url_stdout + ||u->type==url_stderr) { + error(0,_("Unsupported input URL-type:%s\n"),val); ++ free(u); + } + else { + conf->db_in_url=u; +@@ -869,6 +874,7 @@ void do_dboutdef(char* val) + * both input and output urls */ + if(u==NULL||u->type==url_unknown||u->type==url_stdin){ + error(0,_("Unsupported output URL-type:%s\n"),val); ++ free(u); + } + else{ + conf->db_out_url=u; +@@ -894,7 +900,8 @@ void do_repurldef(char* val) + } else { + error_init(u,0); + } +- ++ ++ free(u); + } + + void do_verbdef(char* val) +@@ -984,7 +991,7 @@ void do_report_ignore_e2fsattrs(char* va + break; + } + } +- *val++; ++ (*val)++; + } + } + #endif +diff -up ./src/compare_db.c.coverity ./src/compare_db.c +--- ./src/compare_db.c.coverity 2018-10-10 19:27:18.673632619 +0200 ++++ ./src/compare_db.c 2018-10-10 19:27:18.682632698 +0200 +@@ -312,7 +312,7 @@ static int acl2array(acl_type* acl, char + if (conf->syslog_format) { + *values = malloc(2 * sizeof(char*)); + +- char *A, *D = ""; ++ char *A= "", *D = ""; + + if (acl->acl_a) { A = acl->acl_a; } + if (acl->acl_d) { D = acl->acl_d; } +diff -up ./src/conf_lex.l.coverity ./src/conf_lex.l +--- ./src/conf_lex.l.coverity 2018-10-10 19:27:18.673632619 +0200 ++++ ./src/conf_lex.l 2018-10-10 19:27:18.682632698 +0200 +@@ -133,7 +133,7 @@ int var_in_conflval=0; + [\ \t]*\n { + conf_lineno++; + return (TNEWLINE); +- BEGIN 0; ++// BEGIN 0; + } + + \+ { +diff -up ./src/db.c.coverity ./src/db.c +--- ./src/db.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/db.c 2018-10-10 19:27:18.683632707 +0200 +@@ -27,6 +27,7 @@ + #include "db_file.h" + #include "db_disk.h" + #include "md.h" ++#include "fopen.h" + + #ifdef WITH_PSQL + #include "db_sql.h" +@@ -269,6 +270,9 @@ db_line* db_readline(int db){ + db_order=&(conf->db_new_order); + break; + } ++ default: { ++ return NULL; ++ } + } + + switch (db_url->type) { +@@ -368,7 +372,7 @@ db_line* db_char2line(char** ss,int db){ + + int i; + db_line* line=(db_line*)malloc(sizeof(db_line)*1); +- int* db_osize=0; ++ int* db_osize=NULL; + DB_FIELD** db_order=NULL; + + switch (db) { +@@ -382,6 +386,10 @@ db_line* db_char2line(char** ss,int db){ + db_order=&(conf->db_new_order); + break; + } ++ default: { ++ free(line); ++ return NULL; ++ } + } + + +@@ -601,7 +609,9 @@ db_line* db_char2line(char** ss,int db){ + size_t vsz = 0; + + tval = strtok(NULL, ","); +- line->xattrs->ents[num].key = db_readchar(strdup(tval)); ++ char * tmp = strdup(tval); ++ line->xattrs->ents[num].key = db_readchar(tmp); ++ free(tmp); + tval = strtok(NULL, ","); + val = base64tobyte(tval, strlen(tval), &vsz); + line->xattrs->ents[num].val = val; +@@ -648,6 +658,8 @@ db_line* db_char2line(char** ss,int db){ + + default : { + error(0,_("Not implemented in db_char2line %i \n"),(*db_order)[i]); ++ free_db_line(line); ++ free(line); + return NULL; + } + +@@ -826,7 +838,7 @@ void db_close() { + case url_ftp: + { + if (conf->db_out!=NULL) { +- url_fclose(conf->db_out); ++ url_fclose((URL_FILE*)conf->db_out); + } + break; + } +diff -up ./src/db_disk.c.coverity ./src/db_disk.c +--- ./src/db_disk.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/db_disk.c 2018-10-10 19:28:00.108995089 +0200 +@@ -79,9 +79,15 @@ static DIR *open_dir(char* path) { + + static void next_in_dir (void) + { ++ + #ifdef HAVE_READDIR_R +- if (dirh != NULL) ++ if (dirh != NULL) { ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + rdres = AIDE_READDIR_R_FUNC (dirh, entp, resp); ++#pragma GCC diagnostic pop ++ } ++ + #else + #ifdef HAVE_READDIR + if (dirh != NULL) { +diff -up ./src/db_file.c.coverity ./src/db_file.c +--- ./src/db_file.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/db_file.c 2018-10-10 19:27:18.683632707 +0200 +@@ -171,7 +171,7 @@ int dofprintf( const char* s,...) + int db_file_read_spec(int db){ + + int i=0; +- int* db_osize=0; ++ int* db_osize=NULL; + DB_FIELD** db_order=NULL; + + switch (db) { +@@ -187,6 +187,9 @@ int db_file_read_spec(int db){ + db_lineno=&db_new_lineno; + break; + } ++ default: { ++ return RETFAIL; ++ } + } + + *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD)); +@@ -198,13 +201,10 @@ int db_file_read_spec(int db){ + int l; + + +- /* Yes... we do not check if realloc returns nonnull */ +- +- *db_order=(DB_FIELD*) +- realloc((void*)*db_order, ++ void * tmp = realloc((void*)*db_order, + ((*db_osize)+1)*sizeof(DB_FIELD)); +- +- if(*db_order==NULL){ ++ if (tmp != NULL) *db_order=(DB_FIELD*) tmp; ++ else { + return RETFAIL; + } + +@@ -291,8 +291,8 @@ char** db_readline_file(int db){ + int* domd=NULL; + #ifdef WITH_MHASH + MHASH* md=NULL; +-#endif + char** oldmdstr=NULL; ++#endif + int* db_osize=0; + DB_FIELD** db_order=NULL; + FILE** db_filep=NULL; +@@ -302,9 +302,9 @@ char** db_readline_file(int db){ + case DB_OLD: { + #ifdef WITH_MHASH + md=&(conf->dboldmd); ++ oldmdstr=&(conf->old_dboldmdstr); + #endif + domd=&(conf->do_dboldmd); +- oldmdstr=&(conf->old_dboldmdstr); + + db_osize=&(conf->db_in_size); + db_order=&(conf->db_in_order); +@@ -316,9 +316,9 @@ char** db_readline_file(int db){ + case DB_NEW: { + #ifdef WITH_MHASH + md=&(conf->dbnewmd); ++ oldmdstr=&(conf->old_dbnewmdstr); + #endif + domd=&(conf->do_dbnewmd); +- oldmdstr=&(conf->old_dbnewmdstr); + + db_osize=&(conf->db_new_size); + db_order=&(conf->db_new_order); +@@ -328,7 +328,9 @@ char** db_readline_file(int db){ + break; + } + } +- ++ ++ if (db_osize == NULL) return NULL; ++ + if (*db_osize==0) { + db_buff(db,*db_filep); + +@@ -737,8 +739,6 @@ int db_writespec_file(db_config* dbconf) + int i=0; + int j=0; + int retval=1; +- void*key=NULL; +- int keylen=0; + struct tm* st; + time_t tim=time(&tim); + st=localtime(&tim); +@@ -750,6 +750,8 @@ int db_writespec_file(db_config* dbconf) + + #ifdef WITH_MHASH + /* From hereon everything must MD'd before write to db */ ++ void*key=NULL; ++ int keylen=0; + if((key=get_db_key())!=NULL){ + keylen=get_db_key_len(); + dbconf->do_dbnewmd=1; +diff -up ./src/do_md.c.coverity ./src/do_md.c +--- ./src/do_md.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/do_md.c 2018-10-10 19:27:18.683632707 +0200 +@@ -202,7 +202,6 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + and we don't read from a pipe :) + */ + struct AIDE_STAT_TYPE fs; +- int sres=0; + int stat_diff,filedes; + #ifdef WITH_PRELINK + pid_t pid; +@@ -237,7 +236,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + return; + } + +- sres=AIDE_FSTAT_FUNC(filedes,&fs); ++ AIDE_FSTAT_FUNC(filedes,&fs); + if(!(line->attr&DB_RDEV)) + fs.st_rdev=0; + +@@ -331,7 +330,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_ + } + #endif + #endif /* not HAVE_MMAP */ +- buf=malloc(READ_BLOCK_SIZE); ++// buf=malloc(READ_BLOCK_SIZE); + #if READ_BLOCK_SIZE>SSIZE_MAX + #error "READ_BLOCK_SIZE" is too large. Max value is SSIZE_MAX, and current is READ_BLOCK_SIZE + #endif +diff -up ./src/gen_list.c.coverity ./src/gen_list.c +--- ./src/gen_list.c.coverity 2016-07-25 22:56:55.000000000 +0200 ++++ ./src/gen_list.c 2018-10-10 19:27:18.684632716 +0200 +@@ -843,15 +843,15 @@ static void add_file_to_tree(seltree* tr + DB_ATTR_TYPE localignorelist=0; + DB_ATTR_TYPE ignored_added_attrs, ignored_removed_attrs, ignored_changed_attrs; + ++ if(file==NULL){ ++ error(0, "add_file_to_tree was called with NULL db_line\n"); ++ } ++ + node=get_seltree_node(tree,file->filename); + + if(!node){ + node=new_seltree_node(tree,file->filename,0,NULL); + } +- +- if(file==NULL){ +- error(0, "add_file_to_tree was called with NULL db_line\n"); +- } + + /* add note to this node which db has modified it */ + node->checked|=db; +diff -up ./src/md.c.coverity ./src/md.c +--- ./src/md.c.coverity 2018-10-10 19:27:18.679632672 +0200 ++++ ./src/md.c 2018-10-10 19:27:18.684632716 +0200 +@@ -36,8 +36,8 @@ + */ + + DB_ATTR_TYPE hash_gcrypt2attr(int i) { +- DB_ATTR_TYPE r=0; + #ifdef WITH_GCRYPT ++ DB_ATTR_TYPE r=0; + switch (i) { + case GCRY_MD_MD5: { + r=DB_MD5; +@@ -74,13 +74,15 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { + default: + break; + } +-#endif + return r; ++#else /* !WITH_GCRYPT */ ++ return 0; ++#endif + } + + const char * hash_gcrypt2str(int i) { +- char * r = "?"; + #ifdef WITH_GCRYPT ++ char * r = "?"; + switch (i) { + case GCRY_MD_MD5: { + r = "MD5"; +@@ -117,13 +119,17 @@ const char * hash_gcrypt2str(int i) { + default: + break; + } +-#endif + return r; ++#else /* !WITH_GCRYPT */ ++ return "?"; ++#endif + } + ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wunused-parameter" + DB_ATTR_TYPE hash_mhash2attr(int i) { +- DB_ATTR_TYPE r=0; + #ifdef WITH_MHASH ++ DB_ATTR_TYPE r=0; + switch (i) { + case MHASH_CRC32: { + r=DB_CRC32; +@@ -198,10 +204,15 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { + default: + break; + } +-#endif ++ + return r; ++#else /*!WITH_MHASH */ ++ return 0; ++#endif + } + ++#pragma GCC diagnostic pop ++ + /* + Initialise md_container according it's todo_attr field + */ +@@ -317,7 +328,6 @@ int init_md(struct md_container* md) { + */ + + int update_md(struct md_container* md,void* data,ssize_t size) { +- int i; + + error(255,"update_md called\n"); + +@@ -328,6 +338,7 @@ int update_md(struct md_container* md,vo + #endif + + #ifdef WITH_MHASH ++ int i; + + for(i=0;i<=HASH_MHASH_COUNT;i++) { + if (md->mhash_mdh[i]!=MHASH_FAILED) { +@@ -348,7 +359,6 @@ int update_md(struct md_container* md,vo + */ + + int close_md(struct md_container* md) { +- int i; + #ifdef _PARAMETER_CHECK_ + if (md==NULL) { + return RETFAIL; +@@ -356,6 +366,7 @@ int close_md(struct md_container* md) { + #endif + error(255,"close_md called \n"); + #ifdef WITH_MHASH ++ int i; + for(i=0;i<=HASH_MHASH_COUNT;i++) { + if (md->mhash_mdh[i]!=MHASH_FAILED) { + mhash (md->mhash_mdh[i], NULL, 0); +diff -up ./src/util.c.coverity ./src/util.c +--- ./src/util.c.coverity 2018-10-10 19:27:18.670632593 +0200 ++++ ./src/util.c 2018-10-10 19:27:18.684632716 +0200 +@@ -105,13 +105,15 @@ url_t* parse_url(char* val) + for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++); + if(r[0]=='\0'){ + error(0,"Invalid file-URL,no path after hostname: file:%s\n",t); ++ free(hostname); + return NULL; + } + u->value=strdup(r); + r[0]='\0'; + if(gethostname(hostname,MAXHOSTNAMELEN)==-1){ +- strncpy(hostname,"localhost", 10); ++ strncpy(hostname,"localhost", 10); + } ++ + if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){ + free(hostname); + break; +@@ -120,7 +122,7 @@ url_t* parse_url(char* val) + free(hostname); + return NULL; + } +- free(hostname); ++ + break; + } + u->value=strdup(r); diff --git a/coverity2.patch b/coverity2.patch new file mode 100644 index 0000000..5052ba3 --- /dev/null +++ b/coverity2.patch @@ -0,0 +1,31 @@ +diff --up ./src/compare_db.c ./src/compare_db.c +--- ./src/compare_db.c ++++ ./src/compare_db.c +@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s); + } else { + *values = malloc(1 * sizeof (char*)); + if (DB_FTYPE&attr) { +- easy_string(get_file_type_string(line->perm)) ++ char *file_type = get_file_type_string(line->perm); ++ if (!file_type) { ++ error(2,"%s: ", file_type); ++ } ++ easy_string(file_type) + } else if (DB_LINKNAME&attr) { + easy_string(line->linkname) + easy_number((DB_SIZE|DB_SIZEG),size,"%li") +diff -up ./src/db_file.c ./src/db_file.c +--- ./src/db_file.c ++++ ./src/db_file.c +@@ -194,6 +194,10 @@ int db_file_read_spec(int db){ + + *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD)); + ++ if (*db_order == NULL){ ++ error(1,"malloc for *db_order failed in %s", __func__); ++ } ++ + while ((i=db_scan())!=TNEWLINE){ + switch (i) { + + From 2aa28975592f4dbe8f69337afd85236f4ac84bfc Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 11:19:48 +0000 Subject: [PATCH 12/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 1294ccc..014166c 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 12%{?dist} +Release: 13%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 0.16-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Wed Jul 31 2019 Radovan Sroka - 0.16-12 - backport some patches Resolves: rhbz#1717140 From 063fd0ec37b2cca8f7e361e594e1519a01dd4ec7 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 24 Jun 2020 11:53:32 +0200 Subject: [PATCH 13/58] AIDE breaks when setting report_ignore_e2fsattrs Resolves: rhbz#1850276 Signed-off-by: Radovan Sroka --- aide.spec | 6 +++++- coverity.patch | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/aide.spec b/aide.spec index 014166c..e2f4c76 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 13%{?dist} +Release: 14%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,10 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jun 24 2020 Radovan Sroka 0.16-14 +- AIDE breaks when setting report_ignore_e2fsattrs + Resolves: rhbz#1850276 + * Tue Jan 28 2020 Fedora Release Engineering - 0.16-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/coverity.patch b/coverity.patch index 21535d6..9b981be 100644 --- a/coverity.patch +++ b/coverity.patch @@ -241,7 +241,7 @@ diff -up ./src/commandconf.c.coverity ./src/commandconf.c } } - *val++; -+ (*val)++; ++ val++; } } #endif From 300f8f187a92d6ecf85b2406e8f4f03623a309ba Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 27 Jul 2020 11:50:41 +0000 Subject: [PATCH 14/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index e2f4c76..175d044 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 14%{?dist} +Release: 15%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Mon Jul 27 2020 Fedora Release Engineering - 0.16-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jun 24 2020 Radovan Sroka 0.16-14 - AIDE breaks when setting report_ignore_e2fsattrs Resolves: rhbz#1850276 From 894a715ceaa3f8b3602d2644295a4287274a8718 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 31 Jul 2020 23:52:02 +0000 Subject: [PATCH 15/58] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 175d044..75b05e4 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 15%{?dist} +Release: 16%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,10 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Fri Jul 31 2020 Fedora Release Engineering - 0.16-16 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Mon Jul 27 2020 Fedora Release Engineering - 0.16-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 0ddcbdc00e9ecd5575db63416675c72c567ecbe9 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 25 Jan 2021 23:54:23 +0000 Subject: [PATCH 16/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 75b05e4..7b1d837 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 16%{?dist} +Release: 17%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Mon Jan 25 2021 Fedora Release Engineering - 0.16-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Fri Jul 31 2020 Fedora Release Engineering - 0.16-16 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 3e791cb9ee2ce6746d0c9b7e99dad68e604de12f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 12:26:29 +0000 Subject: [PATCH 17/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 262fe302ed14dc46c8ac3633188fdb10d99ac88d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 17:21:48 +0000 Subject: [PATCH 18/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 7b1d837..6538c70 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 17%{?dist} +Release: 18%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jul 21 2021 Fedora Release Engineering - 0.16-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Mon Jan 25 2021 Fedora Release Engineering - 0.16-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From be7632bd590ffd7373dccb7ba8db59416633bdf6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jan 2022 21:02:08 +0000 Subject: [PATCH 19/58] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 6538c70..7c7f91e 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 18%{?dist} +Release: 19%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jan 19 2022 Fedora Release Engineering - 0.16-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Wed Jul 21 2021 Fedora Release Engineering - 0.16-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 3a3995cf3c52e18b1145151ff08ce066498b7bc9 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 20 Jul 2022 20:33:16 +0000 Subject: [PATCH 20/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 7c7f91e..51f91d3 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 19%{?dist} +Release: 20%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -80,6 +80,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jul 20 2022 Fedora Release Engineering - 0.16-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Wed Jan 19 2022 Fedora Release Engineering - 0.16-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 2681d69152546903b15b938d184a1f9796b284f7 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Fri, 25 Nov 2022 11:51:57 +0100 Subject: [PATCH 21/58] Apply upstream patches to port configure to C99 Related to: --- aide-configure-c99-1.patch | 1121 ++++++++++++++++++++++++++++++++++++ aide-configure-c99-2.patch | 30 + aide-configure-c99-3.patch | 60 ++ aide.spec | 8 +- 4 files changed, 1218 insertions(+), 1 deletion(-) create mode 100644 aide-configure-c99-1.patch create mode 100644 aide-configure-c99-2.patch create mode 100644 aide-configure-c99-3.patch diff --git a/aide-configure-c99-1.patch b/aide-configure-c99-1.patch new file mode 100644 index 0000000..9f20949 --- /dev/null +++ b/aide-configure-c99-1.patch @@ -0,0 +1,1121 @@ +commit 909e656b8aca9a243f21b40dda3585f8d1ad809b +Author: Hannes von Haugwitz +Date: Sat Sep 28 07:48:31 2019 +0200 + + Remove C99 compliant snprintf implementation + + No longer needed as AIDE requires a C99 compatible compiler now + +diff --git a/Makefile.am b/Makefile.am +index 1541d5687b68f9ff..e6799e8f7c00016a 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -45,7 +45,6 @@ aide_SOURCES = src/aide.c include/aide.h \ + include/list.h src/list.c \ + include/locale-aide.h \ + include/md.h src/md.c \ +- src/snprintf.c \ + include/seltree.h \ + include/symboltable.h src/symboltable.c \ + include/types.h \ +diff --git a/configure.ac b/configure.ac +index 0418c59ead5c3ed6..cafe16e95ed68c9f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -275,48 +275,6 @@ AS_IF([test "x$with_mmap" != xno], + AC_CHECK_FUNCS(fcntl ftruncate posix_fadvise asprintf snprintf \ + vasprintf vsnprintf va_copy __va_copy) + +-AC_CACHE_CHECK(for ISO C99 compliant snprintf,ac_cv_func_snprintf_c99, +- [AC_TRY_RUN([ +-#include +- +-int main() +-{ +- char buf[] = {0, 0, 0, 0}; +- +- snprintf(buf, 3, "ABC"); +- exit ((buf[2] != 0) || (snprintf(NULL, 0, "%d", 100) != 3)); +-}],ac_cv_func_snprintf_c99=yes,ac_cv_func_snprintf_c99=no,ac_cv_func_snprintf_c99=no)]) +-if test $ac_cv_func_snprintf_c99 = yes; then +- AC_DEFINE(HAVE_C99_SNPRINTF,1,[snprintf is ISO C99 compliant]) +-fi +-AC_CACHE_CHECK(for ISO C99 compliant vsnprintf,ac_cv_func_vsnprintf_c99, +- [AC_TRY_RUN([ +-#include +-#include +- +-int doit(char *buf, int len, const char *s, ...) +-{ +- va_list ap; +- int r; +- +- va_start(ap, s); +- r = vsnprintf(buf, len, s, ap); +- va_end(ap); +- +- return r; +-} +- +-int main() +-{ +- char buf[] = {0, 0, 0, 0}; +- +- doit(buf, 3, "ABC"); +- exit ((buf[2] != 0) || (doit(NULL, 0, "%d", 100) != 3)); +-}],ac_cv_func_vsnprintf_c99=yes,ac_cv_func_vsnprintf_c99=no,ac_cv_func_vsnprintf_c99=no)]) +-if test $ac_cv_func_vsnprintf_c99 = yes; then +- AC_DEFINE(HAVE_C99_VSNPRINTF,1,[vsnprintf is ISO C99 compliant]) +-fi +- + # Linux has the O_NOATIME flag, sometimes + AC_CACHE_CHECK([for open/O_NOATIME], db_cv_open_o_noatime, [ + echo "test for working open/O_NOATIME" > __o_noatime_file +diff --git a/include/aide.h b/include/aide.h +index 8e07195829157472..45d7f275b27870bd 100644 +--- a/include/aide.h ++++ b/include/aide.h +@@ -46,16 +46,6 @@ + __result; })) + #endif + +-#if !defined HAVE_VSNPRINTF || !defined HAVE_C99_VSNPRINTF +-#define vsnprintf rsync_vsnprintf +-int vsnprintf(char *str, size_t count, const char *fmt, va_list args); +-#endif +- +-#if !defined HAVE_SNPRINTF || !defined HAVE_C99_VSNPRINTF +-#define snprintf rsync_snprintf +-int snprintf(char *str,size_t count,const char *fmt,...); +-#endif +- + #ifndef O_NOATIME + #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) + #define O_NOATIME 01000000 +diff --git a/src/snprintf.c b/src/snprintf.c +deleted file mode 100644 +index d2072fb3cb60d1f2..0000000000000000 +--- a/src/snprintf.c ++++ /dev/null +@@ -1,1021 +0,0 @@ +-/* +- * NOTE: If you change this file, please merge it into rsync, samba, etc. +- */ +- +-/* +- * Copyright Patrick Powell 1995 +- * This code is based on code written by Patrick Powell (papowell@astart.com) +- * It may be used for any purpose as long as this notice remains intact +- * on all source code distributions +- */ +- +-/************************************************************** +- * Original: +- * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 +- * A bombproof version of doprnt (dopr) included. +- * Sigh. This sort of thing is always nasty do deal with. Note that +- * the version here does not include floating point... +- * +- * snprintf() is used instead of sprintf() as it does limit checks +- * for string length. This covers a nasty loophole. +- * +- * The other functions are there to prevent NULL pointers from +- * causing nast effects. +- * +- * More Recently: +- * Brandon Long 9/15/96 for mutt 0.43 +- * This was ugly. It is still ugly. I opted out of floating point +- * numbers, but the formatter understands just about everything +- * from the normal C string format, at least as far as I can tell from +- * the Solaris 2.5 printf(3S) man page. +- * +- * Brandon Long 10/22/97 for mutt 0.87.1 +- * Ok, added some minimal floating point support, which means this +- * probably requires libm on most operating systems. Don't yet +- * support the exponent (e,E) and sigfig (g,G). Also, fmtint() +- * was pretty badly broken, it just wasn't being exercised in ways +- * which showed it, so that's been fixed. Also, formated the code +- * to mutt conventions, and removed dead code left over from the +- * original. Also, there is now a builtin-test, just compile with: +- * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm +- * and run snprintf for results. +- * +- * Thomas Roessler 01/27/98 for mutt 0.89i +- * The PGP code was using unsigned hexadecimal formats. +- * Unfortunately, unsigned formats simply didn't work. +- * +- * Michael Elkins 03/05/98 for mutt 0.90.8 +- * The original code assumed that both snprintf() and vsnprintf() were +- * missing. Some systems only have snprintf() but not vsnprintf(), so +- * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF. +- * +- * Andrew Tridgell (tridge@samba.org) Oct 1998 +- * fixed handling of %.0f +- * added test for HAVE_LONG_DOUBLE +- * +- * tridge@samba.org, idra@samba.org, April 2001 +- * got rid of fcvt code (twas buggy and made testing harder) +- * added C99 semantics +- * +- * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0 +- * actually print args for %g and %e +- * +- * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0 +- * Since includes.h isn't included here, VA_COPY has to be defined here. I don't +- * see any include file that is guaranteed to be here, so I'm defining it +- * locally. Fixes AIX and Solaris builds. +- * +- * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13 +- * put the ifdef for HAVE_VA_COPY in one place rather than in lots of +- * functions +- * +- * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4 +- * Fix usage of va_list passed as an arg. Use __va_copy before using it +- * when it exists. +- * +- * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14 +- * Fix incorrect zpadlen handling in fmtfp. +- * Thanks to Ollie Oldham for spotting it. +- * few mods to make it easier to compile the tests. +- * addedd the "Ollie" test to the floating point ones. +- * +- * Martin Pool (mbp@samba.org) April 2003 +- * Remove NO_CONFIG_H so that the test case can be built within a source +- * tree with less trouble. +- * Remove unnecessary SAFE_FREE() definition. +- * +- * Martin Pool (mbp@samba.org) May 2003 +- * Put in a prototype for dummy_snprintf() to quiet compiler warnings. +- * +- * Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even +- * if the C library has some snprintf functions already. +- **************************************************************/ +- +-#ifndef NO_CONFIG_H +-#include "config.h" +-#else +-#define NULL 0 +-#endif +- +-#ifdef TEST_SNPRINTF /* need math library headers for testing */ +- +-/* In test mode, we pretend that this system doesn't have any snprintf +- * functions, regardless of what config.h says. */ +-# undef HAVE_SNPRINTF +-# undef HAVE_VSNPRINTF +-# undef HAVE_C99_VSNPRINTF +-# undef HAVE_ASPRINTF +-# undef HAVE_VASPRINTF +-# include +-#endif /* TEST_SNPRINTF */ +- +-#ifdef HAVE_STRING_H +-#include +-#endif +- +-#ifdef HAVE_STRINGS_H +-#include +-#endif +-#ifdef HAVE_CTYPE_H +-#include +-#endif +-#include +-#include +-#ifdef HAVE_STDLIB_H +-#include +-#endif +- +-#if defined(HAVE_SNPRINTF) && defined(HAVE_VSNPRINTF) && defined(HAVE_C99_VSNPRINTF) +-/* only include stdio.h if we are not re-defining snprintf or vsnprintf */ +-#include +- /* make the compiler happy with an empty file */ +- void dummy_snprintf(void); +- void dummy_snprintf(void) {} +-#endif /* HAVE_SNPRINTF, etc */ +- +-#ifdef HAVE_LONG_DOUBLE +-#define LDOUBLE long double +-#else +-#define LDOUBLE double +-#endif +- +-#if SIZEOF_LONG_LONG +-#define LLONG long long +-#else +-#define LLONG long +-#endif +- +-#ifndef VA_COPY +-#if defined HAVE_VA_COPY || defined va_copy +-#define VA_COPY(dest, src) va_copy(dest, src) +-#else +-#ifdef HAVE___VA_COPY +-#define VA_COPY(dest, src) __va_copy(dest, src) +-#else +-#define VA_COPY(dest, src) (dest) = (src) +-#endif +-#endif +- +-/* +- * dopr(): poor man's version of doprintf +- */ +- +-/* format read states */ +-#define DP_S_DEFAULT 0 +-#define DP_S_FLAGS 1 +-#define DP_S_MIN 2 +-#define DP_S_DOT 3 +-#define DP_S_MAX 4 +-#define DP_S_MOD 5 +-#define DP_S_CONV 6 +-#define DP_S_DONE 7 +- +-/* format flags - Bits */ +-#define DP_F_MINUS (1 << 0) +-#define DP_F_PLUS (1 << 1) +-#define DP_F_SPACE (1 << 2) +-#define DP_F_NUM (1 << 3) +-#define DP_F_ZERO (1 << 4) +-#define DP_F_UP (1 << 5) +-#define DP_F_UNSIGNED (1 << 6) +- +-/* Conversion Flags */ +-#define DP_C_SHORT 1 +-#define DP_C_LONG 2 +-#define DP_C_LDOUBLE 3 +-#define DP_C_LLONG 4 +- +-#define char_to_int(p) ((p)- '0') +-#ifndef MAX +-#define MAX(p,q) (((p) >= (q)) ? (p) : (q)) +-#endif +- +-/* yes this really must be a ||. Don't muck with this (tridge) */ +-#if !defined(HAVE_VSNPRINTF) || !defined(HAVE_C99_VSNPRINTF) +- +-static size_t dopr(char *buffer, size_t maxlen, const char *format, +- va_list args_in); +-static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, +- char *value, int flags, int min, int max); +-static void fmtint(char *buffer, size_t *currlen, size_t maxlen, +- long value, int base, int min, int max, int flags); +-static void fmtfp(char *buffer, size_t *currlen, size_t maxlen, +- LDOUBLE fvalue, int min, int max, int flags); +-static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); +- +-static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) +-{ +- char ch; +- LLONG value; +- LDOUBLE fvalue; +- char *strvalue; +- int min; +- int max; +- int state; +- int flags; +- int cflags; +- size_t currlen; +- va_list args; +- +- VA_COPY(args, args_in); +- +- state = DP_S_DEFAULT; +- currlen = flags = cflags = min = 0; +- max = -1; +- ch = *format++; +- +- while (state != DP_S_DONE) { +- if (ch == '\0') +- state = DP_S_DONE; +- +- switch(state) { +- case DP_S_DEFAULT: +- if (ch == '%') +- state = DP_S_FLAGS; +- else +- dopr_outch (buffer, &currlen, maxlen, ch); +- ch = *format++; +- break; +- case DP_S_FLAGS: +- switch (ch) { +- case '-': +- flags |= DP_F_MINUS; +- ch = *format++; +- break; +- case '+': +- flags |= DP_F_PLUS; +- ch = *format++; +- break; +- case ' ': +- flags |= DP_F_SPACE; +- ch = *format++; +- break; +- case '#': +- flags |= DP_F_NUM; +- ch = *format++; +- break; +- case '0': +- flags |= DP_F_ZERO; +- ch = *format++; +- break; +- default: +- state = DP_S_MIN; +- break; +- } +- break; +- case DP_S_MIN: +- if (isdigit((unsigned char)ch)) { +- min = 10*min + char_to_int (ch); +- ch = *format++; +- } else if (ch == '*') { +- min = va_arg (args, int); +- ch = *format++; +- state = DP_S_DOT; +- } else { +- state = DP_S_DOT; +- } +- break; +- case DP_S_DOT: +- if (ch == '.') { +- state = DP_S_MAX; +- ch = *format++; +- } else { +- state = DP_S_MOD; +- } +- break; +- case DP_S_MAX: +- if (isdigit((unsigned char)ch)) { +- if (max < 0) +- max = 0; +- max = 10*max + char_to_int (ch); +- ch = *format++; +- } else if (ch == '*') { +- max = va_arg (args, int); +- ch = *format++; +- state = DP_S_MOD; +- } else { +- state = DP_S_MOD; +- } +- break; +- case DP_S_MOD: +- switch (ch) { +- case 'h': +- cflags = DP_C_SHORT; +- ch = *format++; +- break; +- case 'l': +- cflags = DP_C_LONG; +- ch = *format++; +- if (ch == 'l') { /* It's a long long */ +- cflags = DP_C_LLONG; +- ch = *format++; +- } +- break; +- case 'L': +- cflags = DP_C_LDOUBLE; +- ch = *format++; +- break; +- default: +- break; +- } +- state = DP_S_CONV; +- break; +- case DP_S_CONV: +- switch (ch) { +- case 'd': +- case 'i': +- if (cflags == DP_C_SHORT) +- value = va_arg (args, int); +- else if (cflags == DP_C_LONG) +- value = va_arg (args, long int); +- else if (cflags == DP_C_LLONG) +- value = va_arg (args, LLONG); +- else +- value = va_arg (args, int); +- fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); +- break; +- case 'o': +- flags |= DP_F_UNSIGNED; +- if (cflags == DP_C_SHORT) +- value = va_arg (args, unsigned int); +- else if (cflags == DP_C_LONG) +- value = (long)va_arg (args, unsigned long int); +- else if (cflags == DP_C_LLONG) +- value = (long)va_arg (args, unsigned LLONG); +- else +- value = (long)va_arg (args, unsigned int); +- fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags); +- break; +- case 'u': +- flags |= DP_F_UNSIGNED; +- if (cflags == DP_C_SHORT) +- value = va_arg (args, unsigned int); +- else if (cflags == DP_C_LONG) +- value = (long)va_arg (args, unsigned long int); +- else if (cflags == DP_C_LLONG) +- value = (LLONG)va_arg (args, unsigned LLONG); +- else +- value = (long)va_arg (args, unsigned int); +- fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); +- break; +- case 'X': +- flags |= DP_F_UP; +- case 'x': +- flags |= DP_F_UNSIGNED; +- if (cflags == DP_C_SHORT) +- value = va_arg (args, unsigned int); +- else if (cflags == DP_C_LONG) +- value = (long)va_arg (args, unsigned long int); +- else if (cflags == DP_C_LLONG) +- value = (LLONG)va_arg (args, unsigned LLONG); +- else +- value = (long)va_arg (args, unsigned int); +- fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags); +- break; +- case 'f': +- if (cflags == DP_C_LDOUBLE) +- fvalue = va_arg (args, LDOUBLE); +- else +- fvalue = va_arg (args, double); +- /* um, floating point? */ +- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); +- break; +- case 'E': +- flags |= DP_F_UP; +- case 'e': +- if (cflags == DP_C_LDOUBLE) +- fvalue = va_arg (args, LDOUBLE); +- else +- fvalue = va_arg (args, double); +- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); +- break; +- case 'G': +- flags |= DP_F_UP; +- case 'g': +- if (cflags == DP_C_LDOUBLE) +- fvalue = va_arg (args, LDOUBLE); +- else +- fvalue = va_arg (args, double); +- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); +- break; +- case 'c': +- dopr_outch (buffer, &currlen, maxlen, va_arg (args, int)); +- break; +- case 's': +- strvalue = va_arg (args, char *); +- if (!strvalue) strvalue = "(NULL)"; +- if (max == -1) { +- max = strlen(strvalue); +- } +- if (min > 0 && max >= 0 && min > max) max = min; +- fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max); +- break; +- case 'p': +- strvalue = va_arg (args, void *); +- fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); +- break; +- case 'n': +- if (cflags == DP_C_SHORT) { +- short int *num; +- num = va_arg (args, short int *); +- *num = currlen; +- } else if (cflags == DP_C_LONG) { +- long int *num; +- num = va_arg (args, long int *); +- *num = (long int)currlen; +- } else if (cflags == DP_C_LLONG) { +- LLONG *num; +- num = va_arg (args, LLONG *); +- *num = (LLONG)currlen; +- } else { +- int *num; +- num = va_arg (args, int *); +- *num = currlen; +- } +- break; +- case '%': +- dopr_outch (buffer, &currlen, maxlen, ch); +- break; +- case 'w': +- /* not supported yet, treat as next char */ +- ch = *format++; +- break; +- default: +- /* Unknown, skip */ +- break; +- } +- ch = *format++; +- state = DP_S_DEFAULT; +- flags = cflags = min = 0; +- max = -1; +- break; +- case DP_S_DONE: +- break; +- default: +- /* hmm? */ +- break; /* some picky compilers need this */ +- } +- } +- if (maxlen != 0) { +- if (currlen < maxlen - 1) +- buffer[currlen] = '\0'; +- else if (maxlen > 0) +- buffer[maxlen - 1] = '\0'; +- } +- +- return currlen; +-} +- +-static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, +- char *value, int flags, int min, int max) +-{ +- int padlen, strln; /* amount to pad */ +- int cnt = 0; +- +-#ifdef DEBUG_SNPRINTF +- printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value); +-#endif +- if (value == 0) { +- value = ""; +- } +- +- for (strln = 0; value[strln]; ++strln); /* strlen */ +- padlen = min - strln; +- if (padlen < 0) +- padlen = 0; +- if (flags & DP_F_MINUS) +- padlen = -padlen; /* Left Justify */ +- +- while ((padlen > 0) && (cnt < max)) { +- dopr_outch (buffer, currlen, maxlen, ' '); +- --padlen; +- ++cnt; +- } +- while (*value && (cnt < max)) { +- dopr_outch (buffer, currlen, maxlen, *value++); +- ++cnt; +- } +- while ((padlen < 0) && (cnt < max)) { +- dopr_outch (buffer, currlen, maxlen, ' '); +- ++padlen; +- ++cnt; +- } +-} +- +-/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ +- +-static void fmtint(char *buffer, size_t *currlen, size_t maxlen, +- long value, int base, int min, int max, int flags) +-{ +- int signvalue = 0; +- unsigned long uvalue; +- char convert[20]; +- int place = 0; +- int spadlen = 0; /* amount to space pad */ +- int zpadlen = 0; /* amount to zero pad */ +- int caps = 0; +- +- if (max < 0) +- max = 0; +- +- uvalue = value; +- +- if(!(flags & DP_F_UNSIGNED)) { +- if( value < 0 ) { +- signvalue = '-'; +- uvalue = -value; +- } else { +- if (flags & DP_F_PLUS) /* Do a sign (+/i) */ +- signvalue = '+'; +- else if (flags & DP_F_SPACE) +- signvalue = ' '; +- } +- } +- +- if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ +- +- do { +- convert[place++] = +- (caps? "0123456789ABCDEF":"0123456789abcdef") +- [uvalue % (unsigned)base ]; +- uvalue = (uvalue / (unsigned)base ); +- } while(uvalue && (place < 20)); +- if (place == 20) place--; +- convert[place] = 0; +- +- zpadlen = max - place; +- spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); +- if (zpadlen < 0) zpadlen = 0; +- if (spadlen < 0) spadlen = 0; +- if (flags & DP_F_ZERO) { +- zpadlen = MAX(zpadlen, spadlen); +- spadlen = 0; +- } +- if (flags & DP_F_MINUS) +- spadlen = -spadlen; /* Left Justifty */ +- +-#ifdef DEBUG_SNPRINTF +- printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", +- zpadlen, spadlen, min, max, place); +-#endif +- +- /* Spaces */ +- while (spadlen > 0) { +- dopr_outch (buffer, currlen, maxlen, ' '); +- --spadlen; +- } +- +- /* Sign */ +- if (signvalue) +- dopr_outch (buffer, currlen, maxlen, signvalue); +- +- /* Zeros */ +- if (zpadlen > 0) { +- while (zpadlen > 0) { +- dopr_outch (buffer, currlen, maxlen, '0'); +- --zpadlen; +- } +- } +- +- /* Digits */ +- while (place > 0) +- dopr_outch (buffer, currlen, maxlen, convert[--place]); +- +- /* Left Justified spaces */ +- while (spadlen < 0) { +- dopr_outch (buffer, currlen, maxlen, ' '); +- ++spadlen; +- } +-} +- +-static LDOUBLE abs_val(LDOUBLE value) +-{ +- LDOUBLE result = value; +- +- if (value < 0) +- result = -value; +- +- return result; +-} +- +-static LDOUBLE POW10(int exp) +-{ +- LDOUBLE result = 1; +- +- while (exp) { +- result *= 10; +- exp--; +- } +- +- return result; +-} +- +-static LLONG ROUND(LDOUBLE value) +-{ +- LLONG intpart; +- +- intpart = (LLONG)value; +- value = value - intpart; +- if (value >= 0.5) intpart++; +- +- return intpart; +-} +- +-/* a replacement for modf that doesn't need the math library. Should +- be portable, but slow */ +-static double my_modf(double x0, double *iptr) +-{ +- int i; +- long l; +- double x = x0; +- double f = 1.0; +- +- for (i=0;i<100;i++) { +- l = (long)x; +- if (l <= (x+1) && l >= (x-1)) { +- if (i != 0) { +- double i2; +- double ret; +- +- ret = my_modf(x0-l*f, &i2); +- (*iptr) = l*f + i2; +- return ret; +- } +- +- (*iptr) = l; +- return x - (*iptr); +- } +- x *= 0.1; +- f *= 10.0; +- } +- +- /* yikes! the number is beyond what we can handle. What do we do? */ +- (*iptr) = 0; +- return 0; +-} +- +- +-static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, +- LDOUBLE fvalue, int min, int max, int flags) +-{ +- int signvalue = 0; +- double ufvalue; +- char iconvert[311]; +- char fconvert[311]; +- int iplace = 0; +- int fplace = 0; +- int padlen = 0; /* amount to pad */ +- int zpadlen = 0; +- int caps = 0; +- int idx; +- double intpart; +- double fracpart; +- double temp; +- +- /* +- * AIX manpage says the default is 0, but Solaris says the default +- * is 6, and sprintf on AIX defaults to 6 +- */ +- if (max < 0) +- max = 6; +- +- ufvalue = abs_val (fvalue); +- +- if (fvalue < 0) { +- signvalue = '-'; +- } else { +- if (flags & DP_F_PLUS) { /* Do a sign (+/i) */ +- signvalue = '+'; +- } else { +- if (flags & DP_F_SPACE) +- signvalue = ' '; +- } +- } +- +-#if 0 +- if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ +-#endif +- +-#if 0 +- if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */ +-#endif +- +- /* +- * Sorry, we only support 16 digits past the decimal because of our +- * conversion method +- */ +- if (max > 16) +- max = 16; +- +- /* We "cheat" by converting the fractional part to integer by +- * multiplying by a factor of 10 +- */ +- +- temp = ufvalue; +- my_modf(temp, &intpart); +- +- fracpart = ROUND((POW10(max)) * (ufvalue - intpart)); +- +- if (fracpart >= POW10(max)) { +- intpart++; +- fracpart -= POW10(max); +- } +- +- +- /* Convert integer part */ +- do { +- temp = intpart*0.1; +- my_modf(temp, &intpart); +- idx = (int) ((temp -intpart +0.05)* 10.0); +- /* idx = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */ +- /* printf ("%llf, %f, %x\n", temp, intpart, idx); */ +- iconvert[iplace++] = +- (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; +- } while (intpart && (iplace < 311)); +- if (iplace == 311) iplace--; +- iconvert[iplace] = 0; +- +- /* Convert fractional part */ +- if (fracpart) +- { +- do { +- temp = fracpart*0.1; +- my_modf(temp, &fracpart); +- idx = (int) ((temp -fracpart +0.05)* 10.0); +- /* idx = (int) ((((temp/10) -fracpart) +0.05) *10); */ +- /* printf ("%lf, %lf, %ld\n", temp, fracpart, idx ); */ +- fconvert[fplace++] = +- (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; +- } while(fracpart && (fplace < 311)); +- if (fplace == 311) fplace--; +- } +- fconvert[fplace] = 0; +- +- /* -1 for decimal point, another -1 if we are printing a sign */ +- padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); +- zpadlen = max - fplace; +- if (zpadlen < 0) zpadlen = 0; +- if (padlen < 0) +- padlen = 0; +- if (flags & DP_F_MINUS) +- padlen = -padlen; /* Left Justifty */ +- +- if ((flags & DP_F_ZERO) && (padlen > 0)) { +- if (signvalue) { +- dopr_outch (buffer, currlen, maxlen, signvalue); +- --padlen; +- signvalue = 0; +- } +- while (padlen > 0) { +- dopr_outch (buffer, currlen, maxlen, '0'); +- --padlen; +- } +- } +- while (padlen > 0) { +- dopr_outch (buffer, currlen, maxlen, ' '); +- --padlen; +- } +- if (signvalue) +- dopr_outch (buffer, currlen, maxlen, signvalue); +- +- while (iplace > 0) +- dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]); +- +-#ifdef DEBUG_SNPRINTF +- printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen); +-#endif +- +- /* +- * Decimal point. This should probably use locale to find the correct +- * char to print out. +- */ +- if (max > 0) { +- dopr_outch (buffer, currlen, maxlen, '.'); +- +- while (zpadlen > 0) { +- dopr_outch (buffer, currlen, maxlen, '0'); +- --zpadlen; +- } +- +- while (fplace > 0) +- dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]); +- } +- +- while (padlen < 0) { +- dopr_outch (buffer, currlen, maxlen, ' '); +- ++padlen; +- } +-} +- +-static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) +-{ +- if (*currlen < maxlen) { +- buffer[(*currlen)] = c; +- } +- (*currlen)++; +-} +- +- int rsync_vsnprintf (char *str, size_t count, const char *fmt, va_list args) +-{ +- return dopr(str, count, fmt, args); +-} +-#define vsnprintf rsync_vsnprintf +-#endif +- +-/* yes this really must be a ||. Don't muck with this (tridge) +- * +- * The logic for these two is that we need our own definition if the +- * OS *either* has no definition of *sprintf, or if it does have one +- * that doesn't work properly according to the autoconf test. +- */ +-#if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_VSNPRINTF) +-int rsync_snprintf(char *str,size_t count,const char *fmt,...) +-{ +- size_t ret; +- va_list ap; +- +- va_start(ap, fmt); +- ret = vsnprintf(str, count, fmt, ap); +- va_end(ap); +- return ret; +-} +-#define snprintf rsync_snprintf +-#endif +- +-#endif +- +-#ifndef HAVE_VASPRINTF +- int vasprintf(char **ptr, const char *format, va_list ap) +-{ +- int ret; +- va_list ap2; +- +- VA_COPY(ap2, ap); +- +- ret = vsnprintf(NULL, 0, format, ap2); +- if (ret <= 0) return ret; +- +- (*ptr) = (char *)malloc(ret+1); +- if (!*ptr) return -1; +- +- VA_COPY(ap2, ap); +- +- ret = vsnprintf(*ptr, ret+1, format, ap2); +- +- return ret; +-} +-#endif +- +- +-#ifndef HAVE_ASPRINTF +- int asprintf(char **ptr, const char *format, ...) +-{ +- va_list ap; +- int ret; +- +- *ptr = NULL; +- va_start(ap, format); +- ret = vasprintf(ptr, format, ap); +- va_end(ap); +- +- return ret; +-} +-#endif +- +-#ifdef TEST_SNPRINTF +- +- int sprintf(char *str,const char *fmt,...); +- +- int main (void) +-{ +- char buf1[1024]; +- char buf2[1024]; +- char *fp_fmt[] = { +- "%1.1f", +- "%-1.5f", +- "%1.5f", +- "%123.9f", +- "%10.5f", +- "% 10.5f", +- "%+22.9f", +- "%+4.9f", +- "%01.3f", +- "%4f", +- "%3.1f", +- "%3.2f", +- "%.0f", +- "%f", +- "-16.16f", +- NULL +- }; +- double fp_nums[] = { 6442452944.1234, -1.5, 134.21, 91340.2, 341.1234, 203.9, 0.96, 0.996, +- 0.9996, 1.996, 4.136, 5.030201, 0.00205, +- /* END LIST */ 0}; +- char *int_fmt[] = { +- "%-1.5d", +- "%1.5d", +- "%123.9d", +- "%5.5d", +- "%10.5d", +- "% 10.5d", +- "%+22.33d", +- "%01.3d", +- "%4d", +- "%d", +- NULL +- }; +- long int_nums[] = { -1, 134, 91340, 341, 0203, 0}; +- char *str_fmt[] = { +- "10.5s", +- "5.10s", +- "10.1s", +- "0.10s", +- "10.0s", +- "1.10s", +- "%s", +- "%.1s", +- "%.10s", +- "%10s", +- NULL +- }; +- char *str_vals[] = {"hello", "a", "", "a longer string", NULL}; +- int x, y; +- int fail = 0; +- int num = 0; +- +- printf ("Testing snprintf format codes against system sprintf...\n"); +- +- for (x = 0; fp_fmt[x] ; x++) { +- for (y = 0; fp_nums[y] != 0 ; y++) { +- int l1 = snprintf(NULL, 0, fp_fmt[x], fp_nums[y]); +- int l2 = snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]); +- sprintf (buf2, fp_fmt[x], fp_nums[y]); +- if (strcmp (buf1, buf2)) { +- printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", +- fp_fmt[x], buf1, buf2); +- fail++; +- } +- if (l1 != l2) { +- printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, fp_fmt[x]); +- fail++; +- } +- num++; +- } +- } +- +- for (x = 0; int_fmt[x] ; x++) { +- for (y = 0; int_nums[y] != 0 ; y++) { +- int l1 = snprintf(NULL, 0, int_fmt[x], int_nums[y]); +- int l2 = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]); +- sprintf (buf2, int_fmt[x], int_nums[y]); +- if (strcmp (buf1, buf2)) { +- printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", +- int_fmt[x], buf1, buf2); +- fail++; +- } +- if (l1 != l2) { +- printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, int_fmt[x]); +- fail++; +- } +- num++; +- } +- } +- +- for (x = 0; str_fmt[x] ; x++) { +- for (y = 0; str_vals[y] != 0 ; y++) { +- int l1 = snprintf(NULL, 0, str_fmt[x], str_vals[y]); +- int l2 = snprintf(buf1, sizeof(buf1), str_fmt[x], str_vals[y]); +- sprintf (buf2, str_fmt[x], str_vals[y]); +- if (strcmp (buf1, buf2)) { +- printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", +- str_fmt[x], buf1, buf2); +- fail++; +- } +- if (l1 != l2) { +- printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, str_fmt[x]); +- fail++; +- } +- num++; +- } +- } +- +- printf ("%d tests failed out of %d.\n", fail, num); +- +- printf("seeing how many digits we support\n"); +- { +- double v0 = 0.12345678901234567890123456789012345678901; +- for (x=0; x<100; x++) { +- double p = pow(10, x); +- double r = v0*p; +- snprintf(buf1, sizeof(buf1), "%1.1f", r); +- sprintf(buf2, "%1.1f", r); +- if (strcmp(buf1, buf2)) { +- printf("we seem to support %d digits\n", x-1); +- break; +- } +- } +- } +- +- return 0; +-} +-#endif /* TEST_SNPRINTF */ diff --git a/aide-configure-c99-2.patch b/aide-configure-c99-2.patch new file mode 100644 index 0000000..afa6bb1 --- /dev/null +++ b/aide-configure-c99-2.patch @@ -0,0 +1,30 @@ +This is no longer relevant upstream as of this commit: + +commit ab12f8919f0f7beff0b8db974e98285ede6a285d +Author: Hannes von Haugwitz +Date: Sun Sep 22 07:26:28 2019 +0200 + + Use AC_SYS_LARGEFILE for large-file support + + - closes #16 + - require C99 compatible compiler + - stop using readdir_r in favor of readdir + - remove unused 'size_o member in db_line struct + - '--disable-largefile' now disables LFS + +diff --git a/configure.ac b/configure.ac +index cafe16e95ed68c9f..144d55a9146548c0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -574,9 +574,10 @@ AC_CACHE_CHECK([for LFS ino_t],ac_cv_ino_type,[ + AC_TRY_RUN([ + #include + #include ++#include + #include + #include +-main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }], ++int main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }], + ac_cv_ino_type=ino64_t,ac_cv_ino_type=ino_t,ac_cv_ino_type=cross)]) + AIDE_INO_TYPE=$ac_cv_ino_type + diff --git a/aide-configure-c99-3.patch b/aide-configure-c99-3.patch new file mode 100644 index 0000000..68d8a46 --- /dev/null +++ b/aide-configure-c99-3.patch @@ -0,0 +1,60 @@ +Mostly equivalent to this upstream commit: + +commit 601113f8a57c8f195af09bb2f14123449fa6bded +Author: Sam James +Date: Fri Nov 18 00:04:53 2022 +0000 + + Fix configure.ac compatibility with Clang 16 + + Clang 16 makes -Wimplicit-function-declaration and -Wimplicit-int errors by default. + + Unfortunately, this can lead to misconfiguration or miscompilation of software as configure + tests may then return the wrong result. + + We also fix -Wstrict-prototypes while here as it's easy to do and it prepares + us for C23. + + For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2], + or the (new) c-std-porting mailing list [3]. + + [0] https://lwn.net/Articles/913505/ + [1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 + [2] https://wiki.gentoo.org/wiki/Modern_C_porting + [3] hosted at lists.linux.dev. + + Bug: https://bugs.gentoo.org/881707 + Signed-off-by: Sam James + +diff --git a/configure.ac b/configure.ac +index 144d55a9146548c0..e74911535ddd015f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -279,7 +279,10 @@ AC_CHECK_FUNCS(fcntl ftruncate posix_fadvise asprintf snprintf \ + AC_CACHE_CHECK([for open/O_NOATIME], db_cv_open_o_noatime, [ + echo "test for working open/O_NOATIME" > __o_noatime_file + AC_TRY_RUN([ ++#include + #include ++#include ++#include + #include + #ifndef O_NOATIME + #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) +@@ -288,12 +291,15 @@ AC_TRY_RUN([ + #define O_NOATIME 0 + #endif + #endif +-main() { ++int main() { + int c, fd = open("__o_noatime_file", O_RDONLY | O_NOATIME, 0); + exit ((!O_NOATIME) || (fd == -1) || (read(fd, &c, 1) != 1)); + }], [db_cv_open_o_noatime=yes], [db_cv_open_o_noatime=no], + AC_TRY_LINK([ +-#include ++#include ++#include ++#include ++#include + #include + #ifndef O_NOATIME + #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) diff --git a/aide.spec b/aide.spec index 51f91d3..acff3ef 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 20%{?dist} +Release: 21%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -36,6 +36,9 @@ Patch4: aide-0.15-syslog-format.patch Patch5: aide-0.16-crypto-disable-haval-and-others.patch Patch6: coverity.patch Patch7: aide-0.16-crash-elf.patch +Patch8: aide-configure-c99-1.patch +Patch9: aide-configure-c99-2.patch +Patch10: aide-configure-c99-3.patch %description AIDE (Advanced Intrusion Detection Environment) is a file integrity @@ -80,6 +83,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Fri Nov 25 2022 Florian Weimer - 0.16-21 +- Apply upstream patches to port configure to C99 + * Wed Jul 20 2022 Fedora Release Engineering - 0.16-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 74f7f613ed9f3fc06992be62147498703336e975 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 18 Jan 2023 21:30:40 +0000 Subject: [PATCH 22/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index acff3ef..2785a7c 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 21%{?dist} +Release: 22%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ @@ -83,6 +83,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jan 18 2023 Fedora Release Engineering - 0.16-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Fri Nov 25 2022 Florian Weimer - 0.16-21 - Apply upstream patches to port configure to C99 From 9d06054a81835c015abe7ba18e13396d7d306cdd Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 13 Jun 2023 11:08:11 +0200 Subject: [PATCH 23/58] - migrated to SPDX license Signed-off-by: Radovan Sroka --- aide.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 2785a7c..4442590 100644 --- a/aide.spec +++ b/aide.spec @@ -3,7 +3,7 @@ Name: aide Version: 0.16 Release: 22%{?dist} URL: http://sourceforge.net/projects/aide -License: GPLv2+ +License: GPL-2.0-or-later Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz From 921cd675f0f731170ae871afe843e2393a44ab82 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 13 Jun 2023 11:42:24 +0200 Subject: [PATCH 24/58] - migrated to SPDX license Signed-off-by: Radovan Sroka --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 4442590..5a99e90 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.16 -Release: 22%{?dist} +Release: 23%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -83,6 +83,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Tue Jun 13 2023 Radovan Sroka - 0.16-23 +- migrated to SPDX license + * Wed Jan 18 2023 Fedora Release Engineering - 0.16-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 1f9083fa051c38a4bbbcbd3341b79933f0dc8e09 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 21 Jun 2023 13:38:09 +0200 Subject: [PATCH 25/58] Rebase to 1.18.4 - aide-0.18.4 is available Resolves: rhbz#1910486 - Please port your pcre dependency to pcre2. Pcre has been deprecated Resolves: rhbz#2128267 Signed-off-by: Radovan Sroka --- .gitignore | 1 + aide.spec | 36 +++++++++++++++++++++--------------- sources | 2 +- 3 files changed, 23 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 945a894..581f621 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ aide-0.14.tar.gz.asc /aide-0.16b1.tar.gz /aide-0.16rc1.tar.gz /aide-0.16.tar.gz +/aide-0.18.4.tar.gz diff --git a/aide.spec b/aide.spec index 5a99e90..36e2445 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide -Version: 0.16 -Release: 23%{?dist} +Version: 0.18.4 +Release: 1%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -14,7 +14,7 @@ Source3: aide.logrotate BuildRequires: gcc BuildRequires: make BuildRequires: bison flex -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: libgpg-error-devel libgcrypt-devel BuildRequires: zlib-devel BuildRequires: libcurl-devel @@ -26,19 +26,19 @@ BuildRequires: audit-libs-devel BuildRequires: autoconf automake libtool # Customize the database file location in the man page. -Patch1: aide-0.16rc1-man.patch +#Patch1: aide-0.16rc1-man.patch # fix aide in FIPS mode -Patch2: aide-0.16b1-fipsfix.patch +#Patch2: aide-0.16b1-fipsfix.patch # Bug 1674637 - aide: FTBFS in Fedora rawhide/f30 -Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch +#Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch -Patch4: aide-0.15-syslog-format.patch -Patch5: aide-0.16-crypto-disable-haval-and-others.patch -Patch6: coverity.patch -Patch7: aide-0.16-crash-elf.patch -Patch8: aide-configure-c99-1.patch -Patch9: aide-configure-c99-2.patch -Patch10: aide-configure-c99-3.patch +#Patch4: aide-0.15-syslog-format.patch +#Patch5: aide-0.16-crypto-disable-haval-and-others.patch +#Patch6: coverity.patch +#Patch7: aide-0.16-crash-elf.patch +#Patch8: aide-configure-c99-1.patch +#Patch9: aide-configure-c99-2.patch +#Patch10: aide-configure-c99-3.patch %description AIDE (Advanced Intrusion Detection Environment) is a file integrity @@ -49,7 +49,7 @@ checker and intrusion detection program. cp -a %{S:2} . %build -autoreconf -ivf +#autoreconf -ivf %configure \ --disable-static \ --with-config_file=%{_sysconfdir}/aide.conf \ @@ -72,7 +72,7 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %files %license COPYING -%doc AUTHORS ChangeLog NEWS README doc/manual.html contrib/ +%doc AUTHORS ChangeLog NEWS README contrib/ %doc README.quickstart %{_sbindir}/aide %{_mandir}/man1/*.1* @@ -83,6 +83,12 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jun 21 2023 Radovan Sroka - 0.18.4-1 +- aide-0.18.4 is available +Resolves: rhbz#1910486 +- Please port your pcre dependency to pcre2. Pcre has been deprecated +Resolves: rhbz#2128267 + * Tue Jun 13 2023 Radovan Sroka - 0.16-23 - migrated to SPDX license diff --git a/sources b/sources index abe8169..e0a437c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (aide-0.16.tar.gz) = 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7 +SHA512 (aide-0.18.4.tar.gz) = 31a17fc97ed9bda5dc4a492bcee699442cee1ea3829b1b06cf91ef9234a8b033677c281979902cbc6a8db0269c7f00499897940df07beff14cbb88b8fe6390f5 From 929cb09177aaf80c1dc17f3fb4560727ecd64b8e Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Wed, 21 Jun 2023 14:25:29 +0200 Subject: [PATCH 26/58] Updated aide.conf Signed-off-by: Radovan Sroka --- aide.conf | 5 +++-- aide.spec | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/aide.conf b/aide.conf index cd95c01..57b15b9 100644 --- a/aide.conf +++ b/aide.conf @@ -4,7 +4,7 @@ @@define LOGDIR /var/log/aide # The location of the database to be read. -database=file:@@{DBDIR}/aide.db.gz +database_in=file:@@{DBDIR}/aide.db.gz # The location of the database to be written. #database_out=sql:host:port:database:login_name:passwd:table @@ -15,7 +15,8 @@ database_out=file:@@{DBDIR}/aide.db.new.gz gzip_dbout=yes # Default. -verbose=5 +log_level=warning +report_level=changed_attributes report_url=file:@@{LOGDIR}/aide.log report_url=stdout diff --git a/aide.spec b/aide.spec index 36e2445..7e564fc 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.18.4 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later From 9d5d4a95e00c24657f465934776fde5a17e667e7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 13:01:53 +0000 Subject: [PATCH 27/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 7e564fc..6cd18d7 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.18.4 -Release: 2%{?dist} +Release: 3%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -83,6 +83,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 0.18.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Wed Jun 21 2023 Radovan Sroka - 0.18.4-1 - aide-0.18.4 is available Resolves: rhbz#1910486 From a6083587f1d280fc8d473db836836b5edcada0cb Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Tue, 24 Oct 2023 16:56:57 +0200 Subject: [PATCH 28/58] Rebase to 0.18.6 Signed-off-by: Radovan Sroka --- .gitignore | 1 + aide.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 581f621..2273619 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ aide-0.14.tar.gz.asc /aide-0.16rc1.tar.gz /aide-0.16.tar.gz /aide-0.18.4.tar.gz +/aide-0.18.6.tar.gz diff --git a/aide.spec b/aide.spec index 6cd18d7..86ca0e9 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide -Version: 0.18.4 -Release: 3%{?dist} +Version: 0.18.6 +Release: 1%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -83,6 +83,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Tue Oct 24 2023 Radovan Sroka - 0.18.6-1 +- rebase to 0.18.6 + * Wed Jul 19 2023 Fedora Release Engineering - 0.18.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index e0a437c..aab41a4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (aide-0.18.4.tar.gz) = 31a17fc97ed9bda5dc4a492bcee699442cee1ea3829b1b06cf91ef9234a8b033677c281979902cbc6a8db0269c7f00499897940df07beff14cbb88b8fe6390f5 +SHA512 (aide-0.18.6.tar.gz) = c0e7c366029a401bce4cf44762caecada4d4831bfc2f00ebab6cb818ba259fae5409fdfcc7386d2bc9ca91a8e8fe0eb78927205bc75513578b8a3ccd17183744 From e45ae0f104a41bfdce67200e291405a152b6a714 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 12:26:41 +0000 Subject: [PATCH 29/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 86ca0e9..778df79 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.18.6 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -83,6 +83,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 0.18.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Tue Oct 24 2023 Radovan Sroka - 0.18.6-1 - rebase to 0.18.6 From 772571371f19b0fbfbdb7435557b2d58825199c2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 22 Jan 2024 22:47:57 +0000 Subject: [PATCH 30/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 778df79..512b383 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.18.6 -Release: 2%{?dist} +Release: 3%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -83,6 +83,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Mon Jan 22 2024 Fedora Release Engineering - 0.18.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 0.18.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From a003ad04cf2504564c0497c9cce5e5aecb9d601b Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Mon, 12 Feb 2024 18:20:57 +0100 Subject: [PATCH 31/58] Fix verbose option Signed-off-by: Radovan Sroka --- ...ding-curl-library-to-the-linker-comm.patch | 58 - aide-0.16-crash-elf.patch | 17 - ...0.16-crypto-disable-haval-and-others.patch | 153 --- aide-0.16b1-fipsfix.patch | 103 -- aide-0.16rc1-man.patch | 15 - aide-configure-c99-1.patch | 1121 ----------------- aide-configure-c99-2.patch | 30 - aide-configure-c99-3.patch | 60 - aide-verbose.patch | 34 + aide.spec | 22 +- coverity2.patch | 31 - 11 files changed, 41 insertions(+), 1603 deletions(-) delete mode 100644 aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch delete mode 100644 aide-0.16-crash-elf.patch delete mode 100644 aide-0.16-crypto-disable-haval-and-others.patch delete mode 100644 aide-0.16b1-fipsfix.patch delete mode 100644 aide-0.16rc1-man.patch delete mode 100644 aide-configure-c99-1.patch delete mode 100644 aide-configure-c99-2.patch delete mode 100644 aide-configure-c99-3.patch create mode 100644 aide-verbose.patch delete mode 100644 coverity2.patch diff --git a/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch b/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch deleted file mode 100644 index 0c4fc17..0000000 --- a/aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch +++ /dev/null @@ -1,58 +0,0 @@ -From c7caa6027c92b28aa11b8da74d56357e12f56d67 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= -Date: Wed, 20 Feb 2019 12:00:56 +0100 -Subject: [PATCH] Use LDADD for adding curl library to the linker command - ---- - Makefile.am | 2 +- - configure.ac | 5 +++-- - 2 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 4b05d7a..1541d56 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -55,7 +55,7 @@ if USE_CURL - aide_SOURCES += include/fopen.h src/fopen.c - endif - --aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ -+aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CURLLIB@ - AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g - AM_CPPFLAGS = -I$(top_srcdir) \ - -I$(top_srcdir)/include \ -diff --git a/configure.ac b/configure.ac -index 3598ebe..0418c59 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -702,24 +702,25 @@ if test x$with_zlib = xyes; then - compoptionstring="${compoptionstring}WITH_ZLIB\\n" - fi - -+CURLLIB= - if test x$with_curl = xyes; then - AC_PATH_PROG(curlconfig, "curl-config") - if test "_$curlconfig" != _ ; then - CURL_CFLAGS=`$curlconfig --cflags` -- CURL_LIBS=`$curlconfig --libs` -+ CURLLIB=`$curlconfig --libs` - else - AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.]) - fi - AC_CHECK_HEADERS(curl/curl.h,, - [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) - CFLAGS="$CFLAGS $CURL_CFLAGS" -- LDFLAGS="$LDFLAGS $CURL_LIBS" - AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, - [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] - ) - AC_DEFINE(WITH_CURL,1,[use curl]) - compoptionstring="${compoptionstring}WITH_CURL\\n" - fi -+AC_SUBST(CURLLIB) - AM_CONDITIONAL(USE_CURL, test x$havecurl = xyes) - - AC_ARG_WITH(mhash, --- -2.20.1 - diff --git a/aide-0.16-crash-elf.patch b/aide-0.16-crash-elf.patch deleted file mode 100644 index 5aa3472..0000000 --- a/aide-0.16-crash-elf.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- ./src/do_md.c 2018-03-19 05:10:19.994957024 -0400 -+++ ./src/do_md.c 2018-03-19 05:19:05.829957024 -0400 -@@ -135,8 +135,13 @@ - continue; - - while (!bingo && (data = elf_getdata (scn, data)) != NULL) { -- int maxndx = data->d_size / shdr.sh_entsize; -+ int maxndx; - int ndx; -+ -+ if (shdr.sh_entsize != 0) -+ maxndx = data->d_size / shdr.sh_entsize; -+ else -+ continue; - - for (ndx = 0; ndx < maxndx; ++ndx) { - (void) gelf_getdyn (data, ndx, &dyn); diff --git a/aide-0.16-crypto-disable-haval-and-others.patch b/aide-0.16-crypto-disable-haval-and-others.patch deleted file mode 100644 index a066fd9..0000000 --- a/aide-0.16-crypto-disable-haval-and-others.patch +++ /dev/null @@ -1,153 +0,0 @@ -diff -up ./include/md.h.crypto ./include/md.h ---- ./include/md.h.crypto 2016-07-25 22:56:55.000000000 +0200 -+++ ./include/md.h 2018-08-29 15:00:30.827491299 +0200 -@@ -149,6 +149,7 @@ int init_md(struct md_container*); - int update_md(struct md_container*,void*,ssize_t); - int close_md(struct md_container*); - void md2line(struct md_container*,struct db_line*); -+DB_ATTR_TYPE get_available_crypto(); - - - #endif /*_MD_H_INCLUDED*/ -diff -up ./src/aide.c.crypto ./src/aide.c ---- ./src/aide.c.crypto 2018-08-29 15:00:30.825491309 +0200 -+++ ./src/aide.c 2018-08-29 15:00:30.827491299 +0200 -@@ -349,7 +349,7 @@ static void setdefaults_before_config() - - conf->db_attrs = 0; - #if defined(WITH_MHASH) || defined(WITH_GCRYPT) -- conf->db_attrs |= DB_MD5|DB_TIGER|DB_HAVAL|DB_CRC32|DB_SHA1|DB_RMD160|DB_SHA256|DB_SHA512; -+ conf->db_attrs |= get_available_crypto(); - #ifdef WITH_MHASH - conf->db_attrs |= DB_GOST; - #ifdef HAVE_MHASH_WHIRLPOOL -diff -up ./src/md.c.crypto ./src/md.c ---- ./src/md.c.crypto 2018-08-29 15:00:30.823491319 +0200 -+++ ./src/md.c 2018-08-29 15:02:28.013903479 +0200 -@@ -78,6 +78,49 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { - return r; - } - -+const char * hash_gcrypt2str(int i) { -+ char * r = "?"; -+#ifdef WITH_GCRYPT -+ switch (i) { -+ case GCRY_MD_MD5: { -+ r = "MD5"; -+ break; -+ } -+ case GCRY_MD_SHA1: { -+ r = "SHA1"; -+ break; -+ } -+ case GCRY_MD_RMD160: { -+ r = "RMD160"; -+ break; -+ } -+ case GCRY_MD_TIGER: { -+ r = "TIGER"; -+ break; -+ } -+ case GCRY_MD_HAVAL: { -+ r = "HAVAL"; -+ break; -+ } -+ case GCRY_MD_SHA256: { -+ r = "SHA256"; -+ break; -+ } -+ case GCRY_MD_SHA512: { -+ r = "SHA512"; -+ break; -+ } -+ case GCRY_MD_CRC32: { -+ r = "CRC32"; -+ break; -+ } -+ default: -+ break; -+ } -+#endif -+ return r; -+} -+ - DB_ATTR_TYPE hash_mhash2attr(int i) { - DB_ATTR_TYPE r=0; - #ifdef WITH_MHASH -@@ -163,6 +206,44 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { - Initialise md_container according it's todo_attr field - */ - -+DB_ATTR_TYPE get_available_crypto() { -+ -+ DB_ATTR_TYPE ret = 0; -+ -+/* -+ * This function is usually called before config processing -+ * and default verbose level is 5 -+ */ -+#define lvl 255 -+ -+ error(lvl, "get_available_crypto called\n"); -+ -+#ifdef WITH_GCRYPT -+ -+ /* -+ * some initialization for FIPS -+ */ -+ gcry_check_version(NULL); -+ error(lvl, "Found algos:"); -+ -+ for(int i=0;i<=HASH_GCRYPT_COUNT;i++) { -+ -+ if ( (hash_gcrypt2attr(i) & HASH_USE_GCRYPT) == 0 ) -+ continue; -+ -+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) == 0) { -+ ret |= hash_gcrypt2attr(i); -+ error(lvl, " %s", hash_gcrypt2str(i)); -+ } -+ } -+ error(lvl, "\n"); -+ -+#endif -+ -+ error(lvl, "get_available_crypto_returned with %lld\n", ret); -+ return ret; -+} -+ - int init_md(struct md_container* md) { - - int i; -@@ -201,18 +282,27 @@ int init_md(struct md_container* md) { - } - #endif - #ifdef WITH_GCRYPT -- if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ -+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ - error(0,"gcrypt_md_open failed\n"); - exit(IO_ERROR); - } - for(i=0;i<=HASH_GCRYPT_COUNT;i++) { -+ -+ - if (((hash_gcrypt2attr(i)&HASH_USE_GCRYPT)&md->todo_attr)!=0) { -- DB_ATTR_TYPE h=hash_gcrypt2attr(i); -- error(255,"inserting %llu\n",h); -+ -+ DB_ATTR_TYPE h=hash_gcrypt2attr(i); -+ -+ if (gcry_md_algo_info(i, GCRYCTL_TEST_ALGO, NULL, NULL) != 0) { -+ error(0,"Algo %s is not available\n", hash_gcrypt2str(i)); -+ exit(-1); -+ } -+ -+ error(255,"inserting %llu\n",h); - if(gcry_md_enable(md->mdh,i)==GPG_ERR_NO_ERROR){ - md->calc_attr|=h; - } else { -- error(0,"gcry_md_enable %i failed",i); -+ error(0,"gcry_md_enable %i failed\n",i); - md->todo_attr&=~h; - } - } diff --git a/aide-0.16b1-fipsfix.patch b/aide-0.16b1-fipsfix.patch deleted file mode 100644 index 434d74e..0000000 --- a/aide-0.16b1-fipsfix.patch +++ /dev/null @@ -1,103 +0,0 @@ -diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c ---- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200 -+++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200 -@@ -511,9 +511,28 @@ int main(int argc,char**argv) - #endif - umask(0177); - init_sighandler(); -- - setdefaults_before_config(); - -+#if WITH_GCRYPT -+ error(255,"Gcrypt library initialization\n"); -+ /* -+ * Initialize libgcrypt as per -+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html -+ * -+ * -+ */ -+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); -+ gcry_control(GCRYCTL_INIT_SECMEM, 1); -+ -+ if(!gcry_check_version(GCRYPT_VERSION)) { -+ error(0,"libgcrypt version mismatch\n"); -+ exit(VERSION_MISMATCH_ERROR); -+ } -+ -+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -+#endif /* WITH_GCRYPT */ -+ -+ - if(read_param(argc,argv)==RETFAIL){ - error(0, _("Invalid argument\n") ); - exit(INVALID_ARGUMENT_ERROR); -@@ -646,6 +665,9 @@ int main(int argc,char**argv) - } - #endif - } -+#ifdef WITH_GCRYPT -+ gcry_control(GCRYCTL_TERM_SECMEM, 0); -+#endif /* WITH_GCRYPT */ - return RETOK; - } - const char* aide_key_3=CONFHMACKEY_03; -diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c ---- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200 -+++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200 -@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { - } - #endif - #ifdef WITH_GCRYPT -- error(255,"Gcrypt library initialization\n"); -- if(!gcry_check_version(GCRYPT_VERSION)) { -- error(0,"libgcrypt version mismatch\n"); -- exit(VERSION_MISMATCH_ERROR); -- } -- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); -- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ -+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ - error(0,"gcrypt_md_open failed\n"); - exit(IO_ERROR); - } -@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { - - /*. There might be more hashes in the library. Add those here.. */ - -- gcry_md_reset(md->mdh); -+ gcry_md_close(md->mdh); - #endif - - #ifdef WITH_MHASH -diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c ---- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200 -+++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200 -@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s) - return(AIDE_SYSLOG_FACILITY); - } - --/* We need these dummy stubs to fool the linker into believing that -- we do not need them at link time */ -- --void* dlopen(char*filename,int flag) --{ -- return NULL; --} -- --void* dlsym(void*handle,char*symbol) --{ -- return NULL; --} -- --void* dlclose(void*handle) --{ -- return NULL; --} -- --const char* dlerror(void) --{ -- return NULL; --} -- - const char* aide_key_2=CONFHMACKEY_02; - const char* db_key_2=DBHMACKEY_02; diff --git a/aide-0.16rc1-man.patch b/aide-0.16rc1-man.patch deleted file mode 100644 index 4715552..0000000 --- a/aide-0.16rc1-man.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up ./doc/aide.1.in.orig ./doc/aide.1.in ---- ./doc/aide.1.in.orig 2016-07-12 16:10:01.724595895 +0200 -+++ ./doc/aide.1.in 2016-07-12 16:06:21.968639822 +0200 -@@ -103,9 +103,9 @@ echo | base64 \-d | h - .SH FILES - .IP \fB@sysconfdir@/aide.conf\fR - Default aide configuration file. --.IP \fB@sysconfdir@/aide.db\fR -+.IP \fB@localstatedir@/lib/aide/aide.db\fR - Default aide database. --.IP \fB@sysconfdir@/aide.db.new\fR -+.IP \fB@localstatedir@/lib/aide/aide.db.new\fR - Default aide output database. - .SH SEE ALSO - .BR aide.conf (5) diff --git a/aide-configure-c99-1.patch b/aide-configure-c99-1.patch deleted file mode 100644 index 9f20949..0000000 --- a/aide-configure-c99-1.patch +++ /dev/null @@ -1,1121 +0,0 @@ -commit 909e656b8aca9a243f21b40dda3585f8d1ad809b -Author: Hannes von Haugwitz -Date: Sat Sep 28 07:48:31 2019 +0200 - - Remove C99 compliant snprintf implementation - - No longer needed as AIDE requires a C99 compatible compiler now - -diff --git a/Makefile.am b/Makefile.am -index 1541d5687b68f9ff..e6799e8f7c00016a 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -45,7 +45,6 @@ aide_SOURCES = src/aide.c include/aide.h \ - include/list.h src/list.c \ - include/locale-aide.h \ - include/md.h src/md.c \ -- src/snprintf.c \ - include/seltree.h \ - include/symboltable.h src/symboltable.c \ - include/types.h \ -diff --git a/configure.ac b/configure.ac -index 0418c59ead5c3ed6..cafe16e95ed68c9f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -275,48 +275,6 @@ AS_IF([test "x$with_mmap" != xno], - AC_CHECK_FUNCS(fcntl ftruncate posix_fadvise asprintf snprintf \ - vasprintf vsnprintf va_copy __va_copy) - --AC_CACHE_CHECK(for ISO C99 compliant snprintf,ac_cv_func_snprintf_c99, -- [AC_TRY_RUN([ --#include -- --int main() --{ -- char buf[] = {0, 0, 0, 0}; -- -- snprintf(buf, 3, "ABC"); -- exit ((buf[2] != 0) || (snprintf(NULL, 0, "%d", 100) != 3)); --}],ac_cv_func_snprintf_c99=yes,ac_cv_func_snprintf_c99=no,ac_cv_func_snprintf_c99=no)]) --if test $ac_cv_func_snprintf_c99 = yes; then -- AC_DEFINE(HAVE_C99_SNPRINTF,1,[snprintf is ISO C99 compliant]) --fi --AC_CACHE_CHECK(for ISO C99 compliant vsnprintf,ac_cv_func_vsnprintf_c99, -- [AC_TRY_RUN([ --#include --#include -- --int doit(char *buf, int len, const char *s, ...) --{ -- va_list ap; -- int r; -- -- va_start(ap, s); -- r = vsnprintf(buf, len, s, ap); -- va_end(ap); -- -- return r; --} -- --int main() --{ -- char buf[] = {0, 0, 0, 0}; -- -- doit(buf, 3, "ABC"); -- exit ((buf[2] != 0) || (doit(NULL, 0, "%d", 100) != 3)); --}],ac_cv_func_vsnprintf_c99=yes,ac_cv_func_vsnprintf_c99=no,ac_cv_func_vsnprintf_c99=no)]) --if test $ac_cv_func_vsnprintf_c99 = yes; then -- AC_DEFINE(HAVE_C99_VSNPRINTF,1,[vsnprintf is ISO C99 compliant]) --fi -- - # Linux has the O_NOATIME flag, sometimes - AC_CACHE_CHECK([for open/O_NOATIME], db_cv_open_o_noatime, [ - echo "test for working open/O_NOATIME" > __o_noatime_file -diff --git a/include/aide.h b/include/aide.h -index 8e07195829157472..45d7f275b27870bd 100644 ---- a/include/aide.h -+++ b/include/aide.h -@@ -46,16 +46,6 @@ - __result; })) - #endif - --#if !defined HAVE_VSNPRINTF || !defined HAVE_C99_VSNPRINTF --#define vsnprintf rsync_vsnprintf --int vsnprintf(char *str, size_t count, const char *fmt, va_list args); --#endif -- --#if !defined HAVE_SNPRINTF || !defined HAVE_C99_VSNPRINTF --#define snprintf rsync_snprintf --int snprintf(char *str,size_t count,const char *fmt,...); --#endif -- - #ifndef O_NOATIME - #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) - #define O_NOATIME 01000000 -diff --git a/src/snprintf.c b/src/snprintf.c -deleted file mode 100644 -index d2072fb3cb60d1f2..0000000000000000 ---- a/src/snprintf.c -+++ /dev/null -@@ -1,1021 +0,0 @@ --/* -- * NOTE: If you change this file, please merge it into rsync, samba, etc. -- */ -- --/* -- * Copyright Patrick Powell 1995 -- * This code is based on code written by Patrick Powell (papowell@astart.com) -- * It may be used for any purpose as long as this notice remains intact -- * on all source code distributions -- */ -- --/************************************************************** -- * Original: -- * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 -- * A bombproof version of doprnt (dopr) included. -- * Sigh. This sort of thing is always nasty do deal with. Note that -- * the version here does not include floating point... -- * -- * snprintf() is used instead of sprintf() as it does limit checks -- * for string length. This covers a nasty loophole. -- * -- * The other functions are there to prevent NULL pointers from -- * causing nast effects. -- * -- * More Recently: -- * Brandon Long 9/15/96 for mutt 0.43 -- * This was ugly. It is still ugly. I opted out of floating point -- * numbers, but the formatter understands just about everything -- * from the normal C string format, at least as far as I can tell from -- * the Solaris 2.5 printf(3S) man page. -- * -- * Brandon Long 10/22/97 for mutt 0.87.1 -- * Ok, added some minimal floating point support, which means this -- * probably requires libm on most operating systems. Don't yet -- * support the exponent (e,E) and sigfig (g,G). Also, fmtint() -- * was pretty badly broken, it just wasn't being exercised in ways -- * which showed it, so that's been fixed. Also, formated the code -- * to mutt conventions, and removed dead code left over from the -- * original. Also, there is now a builtin-test, just compile with: -- * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm -- * and run snprintf for results. -- * -- * Thomas Roessler 01/27/98 for mutt 0.89i -- * The PGP code was using unsigned hexadecimal formats. -- * Unfortunately, unsigned formats simply didn't work. -- * -- * Michael Elkins 03/05/98 for mutt 0.90.8 -- * The original code assumed that both snprintf() and vsnprintf() were -- * missing. Some systems only have snprintf() but not vsnprintf(), so -- * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF. -- * -- * Andrew Tridgell (tridge@samba.org) Oct 1998 -- * fixed handling of %.0f -- * added test for HAVE_LONG_DOUBLE -- * -- * tridge@samba.org, idra@samba.org, April 2001 -- * got rid of fcvt code (twas buggy and made testing harder) -- * added C99 semantics -- * -- * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0 -- * actually print args for %g and %e -- * -- * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0 -- * Since includes.h isn't included here, VA_COPY has to be defined here. I don't -- * see any include file that is guaranteed to be here, so I'm defining it -- * locally. Fixes AIX and Solaris builds. -- * -- * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13 -- * put the ifdef for HAVE_VA_COPY in one place rather than in lots of -- * functions -- * -- * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4 -- * Fix usage of va_list passed as an arg. Use __va_copy before using it -- * when it exists. -- * -- * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14 -- * Fix incorrect zpadlen handling in fmtfp. -- * Thanks to Ollie Oldham for spotting it. -- * few mods to make it easier to compile the tests. -- * addedd the "Ollie" test to the floating point ones. -- * -- * Martin Pool (mbp@samba.org) April 2003 -- * Remove NO_CONFIG_H so that the test case can be built within a source -- * tree with less trouble. -- * Remove unnecessary SAFE_FREE() definition. -- * -- * Martin Pool (mbp@samba.org) May 2003 -- * Put in a prototype for dummy_snprintf() to quiet compiler warnings. -- * -- * Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even -- * if the C library has some snprintf functions already. -- **************************************************************/ -- --#ifndef NO_CONFIG_H --#include "config.h" --#else --#define NULL 0 --#endif -- --#ifdef TEST_SNPRINTF /* need math library headers for testing */ -- --/* In test mode, we pretend that this system doesn't have any snprintf -- * functions, regardless of what config.h says. */ --# undef HAVE_SNPRINTF --# undef HAVE_VSNPRINTF --# undef HAVE_C99_VSNPRINTF --# undef HAVE_ASPRINTF --# undef HAVE_VASPRINTF --# include --#endif /* TEST_SNPRINTF */ -- --#ifdef HAVE_STRING_H --#include --#endif -- --#ifdef HAVE_STRINGS_H --#include --#endif --#ifdef HAVE_CTYPE_H --#include --#endif --#include --#include --#ifdef HAVE_STDLIB_H --#include --#endif -- --#if defined(HAVE_SNPRINTF) && defined(HAVE_VSNPRINTF) && defined(HAVE_C99_VSNPRINTF) --/* only include stdio.h if we are not re-defining snprintf or vsnprintf */ --#include -- /* make the compiler happy with an empty file */ -- void dummy_snprintf(void); -- void dummy_snprintf(void) {} --#endif /* HAVE_SNPRINTF, etc */ -- --#ifdef HAVE_LONG_DOUBLE --#define LDOUBLE long double --#else --#define LDOUBLE double --#endif -- --#if SIZEOF_LONG_LONG --#define LLONG long long --#else --#define LLONG long --#endif -- --#ifndef VA_COPY --#if defined HAVE_VA_COPY || defined va_copy --#define VA_COPY(dest, src) va_copy(dest, src) --#else --#ifdef HAVE___VA_COPY --#define VA_COPY(dest, src) __va_copy(dest, src) --#else --#define VA_COPY(dest, src) (dest) = (src) --#endif --#endif -- --/* -- * dopr(): poor man's version of doprintf -- */ -- --/* format read states */ --#define DP_S_DEFAULT 0 --#define DP_S_FLAGS 1 --#define DP_S_MIN 2 --#define DP_S_DOT 3 --#define DP_S_MAX 4 --#define DP_S_MOD 5 --#define DP_S_CONV 6 --#define DP_S_DONE 7 -- --/* format flags - Bits */ --#define DP_F_MINUS (1 << 0) --#define DP_F_PLUS (1 << 1) --#define DP_F_SPACE (1 << 2) --#define DP_F_NUM (1 << 3) --#define DP_F_ZERO (1 << 4) --#define DP_F_UP (1 << 5) --#define DP_F_UNSIGNED (1 << 6) -- --/* Conversion Flags */ --#define DP_C_SHORT 1 --#define DP_C_LONG 2 --#define DP_C_LDOUBLE 3 --#define DP_C_LLONG 4 -- --#define char_to_int(p) ((p)- '0') --#ifndef MAX --#define MAX(p,q) (((p) >= (q)) ? (p) : (q)) --#endif -- --/* yes this really must be a ||. Don't muck with this (tridge) */ --#if !defined(HAVE_VSNPRINTF) || !defined(HAVE_C99_VSNPRINTF) -- --static size_t dopr(char *buffer, size_t maxlen, const char *format, -- va_list args_in); --static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, -- char *value, int flags, int min, int max); --static void fmtint(char *buffer, size_t *currlen, size_t maxlen, -- long value, int base, int min, int max, int flags); --static void fmtfp(char *buffer, size_t *currlen, size_t maxlen, -- LDOUBLE fvalue, int min, int max, int flags); --static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); -- --static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in) --{ -- char ch; -- LLONG value; -- LDOUBLE fvalue; -- char *strvalue; -- int min; -- int max; -- int state; -- int flags; -- int cflags; -- size_t currlen; -- va_list args; -- -- VA_COPY(args, args_in); -- -- state = DP_S_DEFAULT; -- currlen = flags = cflags = min = 0; -- max = -1; -- ch = *format++; -- -- while (state != DP_S_DONE) { -- if (ch == '\0') -- state = DP_S_DONE; -- -- switch(state) { -- case DP_S_DEFAULT: -- if (ch == '%') -- state = DP_S_FLAGS; -- else -- dopr_outch (buffer, &currlen, maxlen, ch); -- ch = *format++; -- break; -- case DP_S_FLAGS: -- switch (ch) { -- case '-': -- flags |= DP_F_MINUS; -- ch = *format++; -- break; -- case '+': -- flags |= DP_F_PLUS; -- ch = *format++; -- break; -- case ' ': -- flags |= DP_F_SPACE; -- ch = *format++; -- break; -- case '#': -- flags |= DP_F_NUM; -- ch = *format++; -- break; -- case '0': -- flags |= DP_F_ZERO; -- ch = *format++; -- break; -- default: -- state = DP_S_MIN; -- break; -- } -- break; -- case DP_S_MIN: -- if (isdigit((unsigned char)ch)) { -- min = 10*min + char_to_int (ch); -- ch = *format++; -- } else if (ch == '*') { -- min = va_arg (args, int); -- ch = *format++; -- state = DP_S_DOT; -- } else { -- state = DP_S_DOT; -- } -- break; -- case DP_S_DOT: -- if (ch == '.') { -- state = DP_S_MAX; -- ch = *format++; -- } else { -- state = DP_S_MOD; -- } -- break; -- case DP_S_MAX: -- if (isdigit((unsigned char)ch)) { -- if (max < 0) -- max = 0; -- max = 10*max + char_to_int (ch); -- ch = *format++; -- } else if (ch == '*') { -- max = va_arg (args, int); -- ch = *format++; -- state = DP_S_MOD; -- } else { -- state = DP_S_MOD; -- } -- break; -- case DP_S_MOD: -- switch (ch) { -- case 'h': -- cflags = DP_C_SHORT; -- ch = *format++; -- break; -- case 'l': -- cflags = DP_C_LONG; -- ch = *format++; -- if (ch == 'l') { /* It's a long long */ -- cflags = DP_C_LLONG; -- ch = *format++; -- } -- break; -- case 'L': -- cflags = DP_C_LDOUBLE; -- ch = *format++; -- break; -- default: -- break; -- } -- state = DP_S_CONV; -- break; -- case DP_S_CONV: -- switch (ch) { -- case 'd': -- case 'i': -- if (cflags == DP_C_SHORT) -- value = va_arg (args, int); -- else if (cflags == DP_C_LONG) -- value = va_arg (args, long int); -- else if (cflags == DP_C_LLONG) -- value = va_arg (args, LLONG); -- else -- value = va_arg (args, int); -- fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); -- break; -- case 'o': -- flags |= DP_F_UNSIGNED; -- if (cflags == DP_C_SHORT) -- value = va_arg (args, unsigned int); -- else if (cflags == DP_C_LONG) -- value = (long)va_arg (args, unsigned long int); -- else if (cflags == DP_C_LLONG) -- value = (long)va_arg (args, unsigned LLONG); -- else -- value = (long)va_arg (args, unsigned int); -- fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags); -- break; -- case 'u': -- flags |= DP_F_UNSIGNED; -- if (cflags == DP_C_SHORT) -- value = va_arg (args, unsigned int); -- else if (cflags == DP_C_LONG) -- value = (long)va_arg (args, unsigned long int); -- else if (cflags == DP_C_LLONG) -- value = (LLONG)va_arg (args, unsigned LLONG); -- else -- value = (long)va_arg (args, unsigned int); -- fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); -- break; -- case 'X': -- flags |= DP_F_UP; -- case 'x': -- flags |= DP_F_UNSIGNED; -- if (cflags == DP_C_SHORT) -- value = va_arg (args, unsigned int); -- else if (cflags == DP_C_LONG) -- value = (long)va_arg (args, unsigned long int); -- else if (cflags == DP_C_LLONG) -- value = (LLONG)va_arg (args, unsigned LLONG); -- else -- value = (long)va_arg (args, unsigned int); -- fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags); -- break; -- case 'f': -- if (cflags == DP_C_LDOUBLE) -- fvalue = va_arg (args, LDOUBLE); -- else -- fvalue = va_arg (args, double); -- /* um, floating point? */ -- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); -- break; -- case 'E': -- flags |= DP_F_UP; -- case 'e': -- if (cflags == DP_C_LDOUBLE) -- fvalue = va_arg (args, LDOUBLE); -- else -- fvalue = va_arg (args, double); -- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); -- break; -- case 'G': -- flags |= DP_F_UP; -- case 'g': -- if (cflags == DP_C_LDOUBLE) -- fvalue = va_arg (args, LDOUBLE); -- else -- fvalue = va_arg (args, double); -- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); -- break; -- case 'c': -- dopr_outch (buffer, &currlen, maxlen, va_arg (args, int)); -- break; -- case 's': -- strvalue = va_arg (args, char *); -- if (!strvalue) strvalue = "(NULL)"; -- if (max == -1) { -- max = strlen(strvalue); -- } -- if (min > 0 && max >= 0 && min > max) max = min; -- fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max); -- break; -- case 'p': -- strvalue = va_arg (args, void *); -- fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); -- break; -- case 'n': -- if (cflags == DP_C_SHORT) { -- short int *num; -- num = va_arg (args, short int *); -- *num = currlen; -- } else if (cflags == DP_C_LONG) { -- long int *num; -- num = va_arg (args, long int *); -- *num = (long int)currlen; -- } else if (cflags == DP_C_LLONG) { -- LLONG *num; -- num = va_arg (args, LLONG *); -- *num = (LLONG)currlen; -- } else { -- int *num; -- num = va_arg (args, int *); -- *num = currlen; -- } -- break; -- case '%': -- dopr_outch (buffer, &currlen, maxlen, ch); -- break; -- case 'w': -- /* not supported yet, treat as next char */ -- ch = *format++; -- break; -- default: -- /* Unknown, skip */ -- break; -- } -- ch = *format++; -- state = DP_S_DEFAULT; -- flags = cflags = min = 0; -- max = -1; -- break; -- case DP_S_DONE: -- break; -- default: -- /* hmm? */ -- break; /* some picky compilers need this */ -- } -- } -- if (maxlen != 0) { -- if (currlen < maxlen - 1) -- buffer[currlen] = '\0'; -- else if (maxlen > 0) -- buffer[maxlen - 1] = '\0'; -- } -- -- return currlen; --} -- --static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, -- char *value, int flags, int min, int max) --{ -- int padlen, strln; /* amount to pad */ -- int cnt = 0; -- --#ifdef DEBUG_SNPRINTF -- printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value); --#endif -- if (value == 0) { -- value = ""; -- } -- -- for (strln = 0; value[strln]; ++strln); /* strlen */ -- padlen = min - strln; -- if (padlen < 0) -- padlen = 0; -- if (flags & DP_F_MINUS) -- padlen = -padlen; /* Left Justify */ -- -- while ((padlen > 0) && (cnt < max)) { -- dopr_outch (buffer, currlen, maxlen, ' '); -- --padlen; -- ++cnt; -- } -- while (*value && (cnt < max)) { -- dopr_outch (buffer, currlen, maxlen, *value++); -- ++cnt; -- } -- while ((padlen < 0) && (cnt < max)) { -- dopr_outch (buffer, currlen, maxlen, ' '); -- ++padlen; -- ++cnt; -- } --} -- --/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ -- --static void fmtint(char *buffer, size_t *currlen, size_t maxlen, -- long value, int base, int min, int max, int flags) --{ -- int signvalue = 0; -- unsigned long uvalue; -- char convert[20]; -- int place = 0; -- int spadlen = 0; /* amount to space pad */ -- int zpadlen = 0; /* amount to zero pad */ -- int caps = 0; -- -- if (max < 0) -- max = 0; -- -- uvalue = value; -- -- if(!(flags & DP_F_UNSIGNED)) { -- if( value < 0 ) { -- signvalue = '-'; -- uvalue = -value; -- } else { -- if (flags & DP_F_PLUS) /* Do a sign (+/i) */ -- signvalue = '+'; -- else if (flags & DP_F_SPACE) -- signvalue = ' '; -- } -- } -- -- if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ -- -- do { -- convert[place++] = -- (caps? "0123456789ABCDEF":"0123456789abcdef") -- [uvalue % (unsigned)base ]; -- uvalue = (uvalue / (unsigned)base ); -- } while(uvalue && (place < 20)); -- if (place == 20) place--; -- convert[place] = 0; -- -- zpadlen = max - place; -- spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); -- if (zpadlen < 0) zpadlen = 0; -- if (spadlen < 0) spadlen = 0; -- if (flags & DP_F_ZERO) { -- zpadlen = MAX(zpadlen, spadlen); -- spadlen = 0; -- } -- if (flags & DP_F_MINUS) -- spadlen = -spadlen; /* Left Justifty */ -- --#ifdef DEBUG_SNPRINTF -- printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", -- zpadlen, spadlen, min, max, place); --#endif -- -- /* Spaces */ -- while (spadlen > 0) { -- dopr_outch (buffer, currlen, maxlen, ' '); -- --spadlen; -- } -- -- /* Sign */ -- if (signvalue) -- dopr_outch (buffer, currlen, maxlen, signvalue); -- -- /* Zeros */ -- if (zpadlen > 0) { -- while (zpadlen > 0) { -- dopr_outch (buffer, currlen, maxlen, '0'); -- --zpadlen; -- } -- } -- -- /* Digits */ -- while (place > 0) -- dopr_outch (buffer, currlen, maxlen, convert[--place]); -- -- /* Left Justified spaces */ -- while (spadlen < 0) { -- dopr_outch (buffer, currlen, maxlen, ' '); -- ++spadlen; -- } --} -- --static LDOUBLE abs_val(LDOUBLE value) --{ -- LDOUBLE result = value; -- -- if (value < 0) -- result = -value; -- -- return result; --} -- --static LDOUBLE POW10(int exp) --{ -- LDOUBLE result = 1; -- -- while (exp) { -- result *= 10; -- exp--; -- } -- -- return result; --} -- --static LLONG ROUND(LDOUBLE value) --{ -- LLONG intpart; -- -- intpart = (LLONG)value; -- value = value - intpart; -- if (value >= 0.5) intpart++; -- -- return intpart; --} -- --/* a replacement for modf that doesn't need the math library. Should -- be portable, but slow */ --static double my_modf(double x0, double *iptr) --{ -- int i; -- long l; -- double x = x0; -- double f = 1.0; -- -- for (i=0;i<100;i++) { -- l = (long)x; -- if (l <= (x+1) && l >= (x-1)) { -- if (i != 0) { -- double i2; -- double ret; -- -- ret = my_modf(x0-l*f, &i2); -- (*iptr) = l*f + i2; -- return ret; -- } -- -- (*iptr) = l; -- return x - (*iptr); -- } -- x *= 0.1; -- f *= 10.0; -- } -- -- /* yikes! the number is beyond what we can handle. What do we do? */ -- (*iptr) = 0; -- return 0; --} -- -- --static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, -- LDOUBLE fvalue, int min, int max, int flags) --{ -- int signvalue = 0; -- double ufvalue; -- char iconvert[311]; -- char fconvert[311]; -- int iplace = 0; -- int fplace = 0; -- int padlen = 0; /* amount to pad */ -- int zpadlen = 0; -- int caps = 0; -- int idx; -- double intpart; -- double fracpart; -- double temp; -- -- /* -- * AIX manpage says the default is 0, but Solaris says the default -- * is 6, and sprintf on AIX defaults to 6 -- */ -- if (max < 0) -- max = 6; -- -- ufvalue = abs_val (fvalue); -- -- if (fvalue < 0) { -- signvalue = '-'; -- } else { -- if (flags & DP_F_PLUS) { /* Do a sign (+/i) */ -- signvalue = '+'; -- } else { -- if (flags & DP_F_SPACE) -- signvalue = ' '; -- } -- } -- --#if 0 -- if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ --#endif -- --#if 0 -- if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */ --#endif -- -- /* -- * Sorry, we only support 16 digits past the decimal because of our -- * conversion method -- */ -- if (max > 16) -- max = 16; -- -- /* We "cheat" by converting the fractional part to integer by -- * multiplying by a factor of 10 -- */ -- -- temp = ufvalue; -- my_modf(temp, &intpart); -- -- fracpart = ROUND((POW10(max)) * (ufvalue - intpart)); -- -- if (fracpart >= POW10(max)) { -- intpart++; -- fracpart -= POW10(max); -- } -- -- -- /* Convert integer part */ -- do { -- temp = intpart*0.1; -- my_modf(temp, &intpart); -- idx = (int) ((temp -intpart +0.05)* 10.0); -- /* idx = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */ -- /* printf ("%llf, %f, %x\n", temp, intpart, idx); */ -- iconvert[iplace++] = -- (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; -- } while (intpart && (iplace < 311)); -- if (iplace == 311) iplace--; -- iconvert[iplace] = 0; -- -- /* Convert fractional part */ -- if (fracpart) -- { -- do { -- temp = fracpart*0.1; -- my_modf(temp, &fracpart); -- idx = (int) ((temp -fracpart +0.05)* 10.0); -- /* idx = (int) ((((temp/10) -fracpart) +0.05) *10); */ -- /* printf ("%lf, %lf, %ld\n", temp, fracpart, idx ); */ -- fconvert[fplace++] = -- (caps? "0123456789ABCDEF":"0123456789abcdef")[idx]; -- } while(fracpart && (fplace < 311)); -- if (fplace == 311) fplace--; -- } -- fconvert[fplace] = 0; -- -- /* -1 for decimal point, another -1 if we are printing a sign */ -- padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); -- zpadlen = max - fplace; -- if (zpadlen < 0) zpadlen = 0; -- if (padlen < 0) -- padlen = 0; -- if (flags & DP_F_MINUS) -- padlen = -padlen; /* Left Justifty */ -- -- if ((flags & DP_F_ZERO) && (padlen > 0)) { -- if (signvalue) { -- dopr_outch (buffer, currlen, maxlen, signvalue); -- --padlen; -- signvalue = 0; -- } -- while (padlen > 0) { -- dopr_outch (buffer, currlen, maxlen, '0'); -- --padlen; -- } -- } -- while (padlen > 0) { -- dopr_outch (buffer, currlen, maxlen, ' '); -- --padlen; -- } -- if (signvalue) -- dopr_outch (buffer, currlen, maxlen, signvalue); -- -- while (iplace > 0) -- dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]); -- --#ifdef DEBUG_SNPRINTF -- printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen); --#endif -- -- /* -- * Decimal point. This should probably use locale to find the correct -- * char to print out. -- */ -- if (max > 0) { -- dopr_outch (buffer, currlen, maxlen, '.'); -- -- while (zpadlen > 0) { -- dopr_outch (buffer, currlen, maxlen, '0'); -- --zpadlen; -- } -- -- while (fplace > 0) -- dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]); -- } -- -- while (padlen < 0) { -- dopr_outch (buffer, currlen, maxlen, ' '); -- ++padlen; -- } --} -- --static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) --{ -- if (*currlen < maxlen) { -- buffer[(*currlen)] = c; -- } -- (*currlen)++; --} -- -- int rsync_vsnprintf (char *str, size_t count, const char *fmt, va_list args) --{ -- return dopr(str, count, fmt, args); --} --#define vsnprintf rsync_vsnprintf --#endif -- --/* yes this really must be a ||. Don't muck with this (tridge) -- * -- * The logic for these two is that we need our own definition if the -- * OS *either* has no definition of *sprintf, or if it does have one -- * that doesn't work properly according to the autoconf test. -- */ --#if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_VSNPRINTF) --int rsync_snprintf(char *str,size_t count,const char *fmt,...) --{ -- size_t ret; -- va_list ap; -- -- va_start(ap, fmt); -- ret = vsnprintf(str, count, fmt, ap); -- va_end(ap); -- return ret; --} --#define snprintf rsync_snprintf --#endif -- --#endif -- --#ifndef HAVE_VASPRINTF -- int vasprintf(char **ptr, const char *format, va_list ap) --{ -- int ret; -- va_list ap2; -- -- VA_COPY(ap2, ap); -- -- ret = vsnprintf(NULL, 0, format, ap2); -- if (ret <= 0) return ret; -- -- (*ptr) = (char *)malloc(ret+1); -- if (!*ptr) return -1; -- -- VA_COPY(ap2, ap); -- -- ret = vsnprintf(*ptr, ret+1, format, ap2); -- -- return ret; --} --#endif -- -- --#ifndef HAVE_ASPRINTF -- int asprintf(char **ptr, const char *format, ...) --{ -- va_list ap; -- int ret; -- -- *ptr = NULL; -- va_start(ap, format); -- ret = vasprintf(ptr, format, ap); -- va_end(ap); -- -- return ret; --} --#endif -- --#ifdef TEST_SNPRINTF -- -- int sprintf(char *str,const char *fmt,...); -- -- int main (void) --{ -- char buf1[1024]; -- char buf2[1024]; -- char *fp_fmt[] = { -- "%1.1f", -- "%-1.5f", -- "%1.5f", -- "%123.9f", -- "%10.5f", -- "% 10.5f", -- "%+22.9f", -- "%+4.9f", -- "%01.3f", -- "%4f", -- "%3.1f", -- "%3.2f", -- "%.0f", -- "%f", -- "-16.16f", -- NULL -- }; -- double fp_nums[] = { 6442452944.1234, -1.5, 134.21, 91340.2, 341.1234, 203.9, 0.96, 0.996, -- 0.9996, 1.996, 4.136, 5.030201, 0.00205, -- /* END LIST */ 0}; -- char *int_fmt[] = { -- "%-1.5d", -- "%1.5d", -- "%123.9d", -- "%5.5d", -- "%10.5d", -- "% 10.5d", -- "%+22.33d", -- "%01.3d", -- "%4d", -- "%d", -- NULL -- }; -- long int_nums[] = { -1, 134, 91340, 341, 0203, 0}; -- char *str_fmt[] = { -- "10.5s", -- "5.10s", -- "10.1s", -- "0.10s", -- "10.0s", -- "1.10s", -- "%s", -- "%.1s", -- "%.10s", -- "%10s", -- NULL -- }; -- char *str_vals[] = {"hello", "a", "", "a longer string", NULL}; -- int x, y; -- int fail = 0; -- int num = 0; -- -- printf ("Testing snprintf format codes against system sprintf...\n"); -- -- for (x = 0; fp_fmt[x] ; x++) { -- for (y = 0; fp_nums[y] != 0 ; y++) { -- int l1 = snprintf(NULL, 0, fp_fmt[x], fp_nums[y]); -- int l2 = snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]); -- sprintf (buf2, fp_fmt[x], fp_nums[y]); -- if (strcmp (buf1, buf2)) { -- printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", -- fp_fmt[x], buf1, buf2); -- fail++; -- } -- if (l1 != l2) { -- printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, fp_fmt[x]); -- fail++; -- } -- num++; -- } -- } -- -- for (x = 0; int_fmt[x] ; x++) { -- for (y = 0; int_nums[y] != 0 ; y++) { -- int l1 = snprintf(NULL, 0, int_fmt[x], int_nums[y]); -- int l2 = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]); -- sprintf (buf2, int_fmt[x], int_nums[y]); -- if (strcmp (buf1, buf2)) { -- printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", -- int_fmt[x], buf1, buf2); -- fail++; -- } -- if (l1 != l2) { -- printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, int_fmt[x]); -- fail++; -- } -- num++; -- } -- } -- -- for (x = 0; str_fmt[x] ; x++) { -- for (y = 0; str_vals[y] != 0 ; y++) { -- int l1 = snprintf(NULL, 0, str_fmt[x], str_vals[y]); -- int l2 = snprintf(buf1, sizeof(buf1), str_fmt[x], str_vals[y]); -- sprintf (buf2, str_fmt[x], str_vals[y]); -- if (strcmp (buf1, buf2)) { -- printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", -- str_fmt[x], buf1, buf2); -- fail++; -- } -- if (l1 != l2) { -- printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, str_fmt[x]); -- fail++; -- } -- num++; -- } -- } -- -- printf ("%d tests failed out of %d.\n", fail, num); -- -- printf("seeing how many digits we support\n"); -- { -- double v0 = 0.12345678901234567890123456789012345678901; -- for (x=0; x<100; x++) { -- double p = pow(10, x); -- double r = v0*p; -- snprintf(buf1, sizeof(buf1), "%1.1f", r); -- sprintf(buf2, "%1.1f", r); -- if (strcmp(buf1, buf2)) { -- printf("we seem to support %d digits\n", x-1); -- break; -- } -- } -- } -- -- return 0; --} --#endif /* TEST_SNPRINTF */ diff --git a/aide-configure-c99-2.patch b/aide-configure-c99-2.patch deleted file mode 100644 index afa6bb1..0000000 --- a/aide-configure-c99-2.patch +++ /dev/null @@ -1,30 +0,0 @@ -This is no longer relevant upstream as of this commit: - -commit ab12f8919f0f7beff0b8db974e98285ede6a285d -Author: Hannes von Haugwitz -Date: Sun Sep 22 07:26:28 2019 +0200 - - Use AC_SYS_LARGEFILE for large-file support - - - closes #16 - - require C99 compatible compiler - - stop using readdir_r in favor of readdir - - remove unused 'size_o member in db_line struct - - '--disable-largefile' now disables LFS - -diff --git a/configure.ac b/configure.ac -index cafe16e95ed68c9f..144d55a9146548c0 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -574,9 +574,10 @@ AC_CACHE_CHECK([for LFS ino_t],ac_cv_ino_type,[ - AC_TRY_RUN([ - #include - #include -+#include - #include - #include --main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }], -+int main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }], - ac_cv_ino_type=ino64_t,ac_cv_ino_type=ino_t,ac_cv_ino_type=cross)]) - AIDE_INO_TYPE=$ac_cv_ino_type - diff --git a/aide-configure-c99-3.patch b/aide-configure-c99-3.patch deleted file mode 100644 index 68d8a46..0000000 --- a/aide-configure-c99-3.patch +++ /dev/null @@ -1,60 +0,0 @@ -Mostly equivalent to this upstream commit: - -commit 601113f8a57c8f195af09bb2f14123449fa6bded -Author: Sam James -Date: Fri Nov 18 00:04:53 2022 +0000 - - Fix configure.ac compatibility with Clang 16 - - Clang 16 makes -Wimplicit-function-declaration and -Wimplicit-int errors by default. - - Unfortunately, this can lead to misconfiguration or miscompilation of software as configure - tests may then return the wrong result. - - We also fix -Wstrict-prototypes while here as it's easy to do and it prepares - us for C23. - - For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2], - or the (new) c-std-porting mailing list [3]. - - [0] https://lwn.net/Articles/913505/ - [1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 - [2] https://wiki.gentoo.org/wiki/Modern_C_porting - [3] hosted at lists.linux.dev. - - Bug: https://bugs.gentoo.org/881707 - Signed-off-by: Sam James - -diff --git a/configure.ac b/configure.ac -index 144d55a9146548c0..e74911535ddd015f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -279,7 +279,10 @@ AC_CHECK_FUNCS(fcntl ftruncate posix_fadvise asprintf snprintf \ - AC_CACHE_CHECK([for open/O_NOATIME], db_cv_open_o_noatime, [ - echo "test for working open/O_NOATIME" > __o_noatime_file - AC_TRY_RUN([ -+#include - #include -+#include -+#include - #include - #ifndef O_NOATIME - #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) -@@ -288,12 +291,15 @@ AC_TRY_RUN([ - #define O_NOATIME 0 - #endif - #endif --main() { -+int main() { - int c, fd = open("__o_noatime_file", O_RDONLY | O_NOATIME, 0); - exit ((!O_NOATIME) || (fd == -1) || (read(fd, &c, 1) != 1)); - }], [db_cv_open_o_noatime=yes], [db_cv_open_o_noatime=no], - AC_TRY_LINK([ --#include -+#include -+#include -+#include -+#include - #include - #ifndef O_NOATIME - #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) diff --git a/aide-verbose.patch b/aide-verbose.patch new file mode 100644 index 0000000..c87ff90 --- /dev/null +++ b/aide-verbose.patch @@ -0,0 +1,34 @@ +diff -up ./src/conf_eval.c.fix ./src/conf_eval.c +--- ./src/conf_eval.c.fix 2023-12-22 12:12:22.961141634 +0100 ++++ ./src/conf_eval.c 2023-12-22 14:09:21.217786675 +0100 +@@ -166,6 +166,7 @@ static DB_ATTR_TYPE eval_attribute_expre + + static void set_database_attr_option(DB_ATTR_TYPE attr, int linenumber, char *filename, char* linebuf) { + char *str; ++ long num; + + DB_ATTR_TYPE hashes = get_hashes(true); + if (attr&(~hashes)) { +@@ -298,8 +299,20 @@ static void eval_config_statement(config + LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_CONFIG, "set 'config_version' option to '%s'", str) + break; + case VERBOSE_OPTION: +- log_msg(LOG_LEVEL_ERROR, "%s:%d: 'verbose' option is no longer supported, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf); +- exit(INVALID_CONFIGURELINE_ERROR); ++ log_msg(LOG_LEVEL_CONFIG, "%s:%d: 'verbose' option is deprecated, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf); ++ str = eval_string_expression(statement.e, linenumber, filename, linebuf); ++ num = strtol(str, NULL, 10); ++ ++ if (num < 0 && num > 255) { ++ LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_ERROR, "invalid verbose level: '%s'", str); ++ exit(INVALID_CONFIGURELINE_ERROR); ++ } ++ ++ if (num >= 10) { ++ set_log_level(LOG_LEVEL_DEBUG); ++ } ++ ++ free(str); + break; + case LIMIT_CMDLINE_OPTION: + /* command-line options are ignored here */ diff --git a/aide.spec b/aide.spec index 512b383..1cc9f4b 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.18.6 -Release: 3%{?dist} +Release: 4%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -25,20 +25,7 @@ BuildRequires: e2fsprogs-devel BuildRequires: audit-libs-devel BuildRequires: autoconf automake libtool -# Customize the database file location in the man page. -#Patch1: aide-0.16rc1-man.patch -# fix aide in FIPS mode -#Patch2: aide-0.16b1-fipsfix.patch -# Bug 1674637 - aide: FTBFS in Fedora rawhide/f30 -#Patch3: aide-0.16-Use-LDADD-for-adding-curl-library-to-the-linker-comm.patch - -#Patch4: aide-0.15-syslog-format.patch -#Patch5: aide-0.16-crypto-disable-haval-and-others.patch -#Patch6: coverity.patch -#Patch7: aide-0.16-crash-elf.patch -#Patch8: aide-configure-c99-1.patch -#Patch9: aide-configure-c99-2.patch -#Patch10: aide-configure-c99-3.patch +Patch1: aide-verbose.patch %description AIDE (Advanced Intrusion Detection Environment) is a file integrity @@ -48,6 +35,8 @@ checker and intrusion detection program. %autosetup -p1 cp -a %{S:2} . +%patch -R -P 1 -p1 -b .verbose + %build #autoreconf -ivf %configure \ @@ -83,6 +72,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Mon Feb 12 2024 Radovan Sroka - 0.18.6-4 +- rebase to 0.18.6 + * Mon Jan 22 2024 Fedora Release Engineering - 0.18.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/coverity2.patch b/coverity2.patch deleted file mode 100644 index 5052ba3..0000000 --- a/coverity2.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --up ./src/compare_db.c ./src/compare_db.c ---- ./src/compare_db.c -+++ ./src/compare_db.c -@@ -438,7 +438,11 @@ snprintf(*values[0], l, "%s",s); - } else { - *values = malloc(1 * sizeof (char*)); - if (DB_FTYPE&attr) { -- easy_string(get_file_type_string(line->perm)) -+ char *file_type = get_file_type_string(line->perm); -+ if (!file_type) { -+ error(2,"%s: ", file_type); -+ } -+ easy_string(file_type) - } else if (DB_LINKNAME&attr) { - easy_string(line->linkname) - easy_number((DB_SIZE|DB_SIZEG),size,"%li") -diff -up ./src/db_file.c ./src/db_file.c ---- ./src/db_file.c -+++ ./src/db_file.c -@@ -194,6 +194,10 @@ int db_file_read_spec(int db){ - - *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD)); - -+ if (*db_order == NULL){ -+ error(1,"malloc for *db_order failed in %s", __func__); -+ } -+ - while ((i=db_scan())!=TNEWLINE){ - switch (i) { - - From ae0fb53e0de78100f233ac6e8fc2636fbaedd80e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 17 Jul 2024 16:44:18 +0000 Subject: [PATCH 32/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- aide.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aide.spec b/aide.spec index 1cc9f4b..be6e4a7 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.18.6 -Release: 4%{?dist} +Release: 5%{?dist} URL: http://sourceforge.net/projects/aide License: GPL-2.0-or-later @@ -72,6 +72,9 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog +* Wed Jul 17 2024 Fedora Release Engineering - 0.18.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Mon Feb 12 2024 Radovan Sroka - 0.18.6-4 - rebase to 0.18.6 From b3964ed95f2f9a648aac18731dce7bc11bc04da6 Mon Sep 17 00:00:00 2001 From: Sandro Bonazzola Date: Wed, 4 Dec 2024 12:41:47 +0100 Subject: [PATCH 33/58] Update aide to 0.18.8 - Update aide to 0.18.8 - Resolves fedora#2306506 - GPG verify source tarball - Update project URL - Remove unused patches - Enable check phase during the build - Require logrotate Signed-off-by: Sandro Bonazzola --- .gitignore | 2 + aide-0.15-syslog-format.patch | 496 -------------------------- aide.spec | 325 ++--------------- coverity.patch | 642 ---------------------------------- gpgkey-aide.gpg | Bin 0 -> 5160 bytes sources | 3 +- 6 files changed, 32 insertions(+), 1436 deletions(-) delete mode 100644 aide-0.15-syslog-format.patch delete mode 100644 coverity.patch create mode 100644 gpgkey-aide.gpg diff --git a/.gitignore b/.gitignore index 2273619..465c998 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,5 @@ aide-0.14.tar.gz.asc /aide-0.16.tar.gz /aide-0.18.4.tar.gz /aide-0.18.6.tar.gz +/aide-0.18.8.tar.gz +/aide-0.18.8.tar.gz.asc diff --git a/aide-0.15-syslog-format.patch b/aide-0.15-syslog-format.patch deleted file mode 100644 index 0361434..0000000 --- a/aide-0.15-syslog-format.patch +++ /dev/null @@ -1,496 +0,0 @@ -diff -up ./doc/aide.conf.5.in.syslog_format ./doc/aide.conf.5.in ---- ./doc/aide.conf.5.in.syslog_format 2016-07-25 22:58:12.000000000 +0200 -+++ ./doc/aide.conf.5.in 2018-09-27 19:09:09.697371212 +0200 -@@ -57,6 +57,25 @@ inclusive. This parameter can only be gi - occurrence is used. If \-\-verbose or \-V is used then the value from that - is used. The default is 5. If verbosity is 20 then additional report - output is written when doing \-\-check, \-\-update or \-\-compare. -+.IP "syslog_format" -+Valid values are yes,true,no and false. This option enables new syslog format -+which is suitable for logging. Every change is logged as one simple line. This option -+changes verbose level to 0 and prints everything that was changed. It is suggested -+to use this option with "report_url=syslog:...". Default value is "false/no". -+Maximum size of message is 1KB which is limitation of syslog call. If message is -+greater than limit, message will be truncated. -+Option summarize_changes has no impact for this format. -+.nf -+.eo -+ -+Output always starts with: -+"AIDE found differences between database and filesystem!!" -+And it is followed by summary: -+summary;total_number_of_files=1000;added_files=0;removed_files=0;changed_files=1 -+And finally there are logs about changes: -+dir=/usr/sbin;Mtime_old=0000-00-00 00:00:00;Mtime_new=0000-00-00 00:00:00;... -+.ec -+.fi - .IP "report_url" - The url that the output is written to. There can be multiple instances - of this parameter. Output is written to all of them. The default is -diff -up ./include/db_config.h.syslog_format ./include/db_config.h ---- ./include/db_config.h.syslog_format 2016-07-25 22:56:55.000000000 +0200 -+++ ./include/db_config.h 2018-09-27 19:09:09.697371212 +0200 -@@ -311,6 +311,7 @@ typedef struct db_config { - FILE* db_out; - - int config_check; -+ int syslog_format; - - struct md_container *mdc_in; - struct md_container *mdc_out; -diff -up ./src/aide.c.syslog_format ./src/aide.c ---- ./src/aide.c.syslog_format 2018-09-27 19:09:09.695371197 +0200 -+++ ./src/aide.c 2018-09-27 19:09:09.698371220 +0200 -@@ -283,6 +283,7 @@ static void setdefaults_before_config() - } - - /* Setting some defaults */ -+ conf->syslog_format=0; - conf->report_db=0; - conf->tree=NULL; - conf->config_check=0; -@@ -495,6 +496,10 @@ static void setdefaults_after_config() - if(conf->verbose_level==-1){ - conf->verbose_level=5; - } -+ if(conf->syslog_format==1){ -+ conf->verbose_level=0; -+ } -+ - } - - -diff -up ./src/compare_db.c.syslog_format ./src/compare_db.c ---- ./src/compare_db.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/compare_db.c 2018-09-27 19:09:09.698371220 +0200 -@@ -110,7 +110,7 @@ const DB_ATTR_TYPE details_attributes[] - #endif - }; - --const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size (>)"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") -+const char* details_string[] = { _("File type") , _("Lname"), _("Size"), _("Size"), _("Bcount"), _("Perm"), _("Uid"), _("Gid"), _("Atime"), _("Mtime"), _("Ctime"), _("Inode"), _("Linkcount"), _("MD5"), _("SHA1"), _("RMD160"), _("TIGER"), _("SHA256"), _("SHA512") - #ifdef WITH_MHASH - , _("CRC32"), _("HAVAL"), _("GOST"), _("CRC32B"), _("WHIRLPOOL") - #endif -@@ -269,12 +269,19 @@ static int xattrs2array(xattrs_type* xat - if ((len == xattrs->ents[num - 1].vsz) || ((len == (xattrs->ents[num - 1].vsz - 1)) && !val[len])) { - length = 8 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); - (*values)[num]=malloc(length *sizeof(char)); -- snprintf((*values)[num], length , "[%.*zd] %s = %s", width, num, xattrs->ents[num - 1].key, val); -+ -+ char * fmt = "[%.*zd] %s = %s"; -+ if (conf->syslog_format) fmt = "[%.*zd]%s=%s"; // its smaller so it has to be enough space allocated. -+ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); -+ - } else { - val = encode_base64(xattrs->ents[num - 1].val, xattrs->ents[num - 1].vsz); - length = 10 + width + strlen(xattrs->ents[num - 1].key) + strlen(val); - (*values)[num]=malloc( length *sizeof(char)); -- snprintf((*values)[num], length , "[%.*zd] %s <=> %s", width, num, xattrs->ents[num - 1].key, val); -+ -+ char * fmt = "[%.*zd] %s <=> %s"; -+ if (conf->syslog_format) fmt = "[%.*zd]%s<=>%s"; // its smaller so it has to be enough space allocated. -+ snprintf((*values)[num], length , fmt, width, num, xattrs->ents[num - 1].key, val); - free(val); - } - } -@@ -302,6 +309,26 @@ static int acl2array(acl_type* acl, char - } - if (acl->acl_a || acl->acl_d) { - int j, k, i; -+ if (conf->syslog_format) { -+ *values = malloc(2 * sizeof(char*)); -+ -+ char *A, *D = ""; -+ -+ if (acl->acl_a) { A = acl->acl_a; } -+ if (acl->acl_d) { D = acl->acl_d; } -+ -+ (*values)[0] = (char*) malloc(strlen(A) + 3); // "A:" and \0 -+ snprintf((*values)[0], strlen(A) + 3, "A:%s", A); -+ -+ (*values)[1] = (char*) malloc(strlen(D) + 3); // "D:" and \0 -+ snprintf((*values)[1], strlen(D) + 3, "D:%s", D); -+ -+ i = 0; while ( (*values)[0][i] ) { if ( (*values)[0][i]=='\n') { (*values)[0][i] = ' '; } i++; } -+ i = 0; while ( (*values)[1][i] ) { if ( (*values)[1][i]=='\n') { (*values)[1][i] = ' '; } i++; } -+ -+ return 2; -+ } -+ - if (acl->acl_a) { i = 0; while (acl->acl_a[i]) { if (acl->acl_a[i++]=='\n') { n++; } } } - if (acl->acl_d) { i = 0; while (acl->acl_d[i]) { if (acl->acl_d[i++]=='\n') { n++; } } } - *values = malloc(n * sizeof(char*)); -@@ -338,25 +365,25 @@ static char* e2fsattrs2string(unsigned l - - static char* get_file_type_string(mode_t mode) { - switch (mode & S_IFMT) { -- case S_IFREG: return _("File"); -- case S_IFDIR: return _("Directory"); -+ case S_IFREG: return conf->syslog_format ? "file" : _("File"); -+ case S_IFDIR: return conf->syslog_format ? "dir" : _("Directory"); - #ifdef S_IFIFO -- case S_IFIFO: return _("FIFO"); -+ case S_IFIFO: return conf->syslog_format ? "fifo" : _("FIFO"); - #endif -- case S_IFLNK: return _("Link"); -- case S_IFBLK: return _("Block device"); -- case S_IFCHR: return _("Character device"); -+ case S_IFLNK: return conf->syslog_format ? "link" : _("Link"); -+ case S_IFBLK: return conf->syslog_format ? "blockd" : _("Block device"); -+ case S_IFCHR: return conf->syslog_format ? "chard" : _("Character device"); - #ifdef S_IFSOCK -- case S_IFSOCK: return _("Socket"); -+ case S_IFSOCK: return conf->syslog_format ? "socket" : _("Socket"); - #endif - #ifdef S_IFDOOR -- case S_IFDOOR: return _("Door"); -+ case S_IFDOOR: return conf->syslog_format ? "door" : _("Door"); - #endif - #ifdef S_IFPORT -- case S_IFPORT: return _("Port"); -+ case S_IFPORT: return conf->syslog_format ? "port" : _("Port"); - #endif - case 0: return NULL; -- default: return _("Unknown file type"); -+ default: return conf->syslog_format ? "unknown" : _("Unknown file type"); - } - } - -@@ -554,6 +581,51 @@ static void print_dbline_attributes(db_l - } - } - -+ -+static void print_dbline_attributes_syslog(db_line* oline, db_line* nline, DB_ATTR_TYPE -+ changed_attrs, DB_ATTR_TYPE force_attrs) { -+ char **ovalue, **nvalue; -+ int onumber, nnumber, i, j; -+ int length = sizeof(details_attributes)/sizeof(DB_ATTR_TYPE); -+ DB_ATTR_TYPE attrs; -+ char *file_type = get_file_type_string((nline==NULL?oline:nline)->perm); -+ if (file_type) { -+ error(0,"%s=", file_type); -+ } -+ error(0,"%s", (nline==NULL?oline:nline)->filename); -+ attrs=force_attrs|(~(ignored_changed_attrs)&changed_attrs); -+ for (j=0; j < length; ++j) { -+ if (details_attributes[j]&attrs) { -+ onumber=get_attribute_values(details_attributes[j], oline, &ovalue); -+ nnumber=get_attribute_values(details_attributes[j], nline, &nvalue); -+ -+ if (details_attributes[j] == DB_ACL || details_attributes[j] == DB_XATTRS) { -+ -+ error(0, ";%s_old=|", details_string[j]); -+ -+ for (i = 0 ; i < onumber ; i++) { -+ error(0, "%s|", ovalue[i]); -+ } -+ -+ error(0, ";%s_new=|", details_string[j]); -+ -+ for (i = 0 ; i < nnumber ; i++) { -+ error(0, "%s|", nvalue[i]); -+ } -+ -+ } else { -+ -+ error(0, ";%s_old=%s;%s_new=%s", details_string[j], *ovalue, details_string[j], *nvalue); -+ -+ } -+ -+ for(i=0; i < onumber; ++i) { free(ovalue[i]); ovalue[i]=NULL; } free(ovalue); ovalue=NULL; -+ for(i=0; i < nnumber; ++i) { free(nvalue[i]); nvalue[i]=NULL; } free(nvalue); nvalue=NULL; -+ } -+ } -+ error(0, "\n"); -+} -+ - static void print_attributes_added_node(db_line* line) { - print_dbline_attributes(NULL, line, 0, line->attr); - } -@@ -562,6 +634,26 @@ static void print_attributes_removed_nod - print_dbline_attributes(line, NULL, 0, line->attr); - } - -+static void print_attributes_added_node_syslog(db_line* line) { -+ -+ char *file_type = get_file_type_string(line->perm); -+ if (file_type) { -+ error(0,"%s=", file_type); -+ } -+ error(0,"%s; added\n", line->filename); -+ -+} -+ -+static void print_attributes_removed_node_syslog(db_line* line) { -+ -+ char *file_type = get_file_type_string(line->perm); -+ if (file_type) { -+ error(0,"%s=", file_type); -+ } -+ error(0,"%s; removed\n", line->filename); -+ -+} -+ - static void terse_report(seltree* node) { - list* r=NULL; - if ((node->checked&(DB_OLD|DB_NEW)) != 0) { -@@ -626,6 +718,26 @@ static void print_report_details(seltree - } - } - -+static void print_syslog_format(seltree* node) { -+ list* r=NULL; -+ -+ if (node->checked&NODE_CHANGED) { -+ print_dbline_attributes_syslog(node->old_data, node->new_data, node->changed_attrs, forced_attrs); -+ } -+ -+ if (node->checked&NODE_ADDED) { -+ print_attributes_added_node_syslog(node->new_data); -+ } -+ -+ if (node->checked&NODE_REMOVED) { -+ print_attributes_removed_node_syslog(node->old_data); -+ } -+ -+ for(r=node->childs;r;r=r->next){ -+ print_syslog_format((seltree*)r->data); -+ } -+} -+ - static void print_report_header() { - char *time; - int first = 1; -@@ -747,39 +859,53 @@ int gen_report(seltree* node) { - send_audit_report(); - #endif - if ((nadd|nrem|nchg) > 0 || conf->report_quiet == 0) { -- print_report_header(); -- if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { -- if (conf->grouped) { -- if (nadd) { -- error(2,(char*)report_top_format,_("Added entries")); -- print_report_list(node, NODE_ADDED); -- } -- if (nrem) { -- error(2,(char*)report_top_format,_("Removed entries")); -- print_report_list(node, NODE_REMOVED); -- } -- if (nchg) { -- error(2,(char*)report_top_format,_("Changed entries")); -- print_report_list(node, NODE_CHANGED); -- } -- } else if (nadd || nrem || nchg) { -- if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } -- else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } -- else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } -- else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } -- else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } -- else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } -- else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } -- print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); -- } -- if (nadd || nrem || nchg) { -- error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); -- print_report_details(node); -- } -- } -- print_report_databases(); -- conf->end_time=time(&(conf->end_time)); -- print_report_footer(); -+ -+ if (!conf->syslog_format) { -+ print_report_header(); -+ } -+ -+ if(conf->action&(DO_COMPARE|DO_DIFF) || (conf->action&DO_INIT && conf->report_detailed_init) ) { -+ if (!conf->syslog_format && conf->grouped) { -+ if (nadd) { -+ error(2,(char*)report_top_format,_("Added entries")); -+ print_report_list(node, NODE_ADDED); -+ } -+ if (nrem) { -+ error(2,(char*)report_top_format,_("Removed entries")); -+ print_report_list(node, NODE_REMOVED); -+ } -+ if (nchg) { -+ error(2,(char*)report_top_format,_("Changed entries")); -+ print_report_list(node, NODE_CHANGED); -+ } -+ } else if (!conf->syslog_format && ( nadd || nrem || nchg ) ) { -+ if (nadd && nrem && nchg) { error(2,(char*)report_top_format,_("Added, removed and changed entries")); } -+ else if (nadd && nrem) { error(2,(char*)report_top_format,_("Added and removed entries")); } -+ else if (nadd && nchg) { error(2,(char*)report_top_format,_("Added and changed entries")); } -+ else if (nrem && nchg) { error(2,(char*)report_top_format,_("Removed and changed entries")); } -+ else if (nadd) { error(2,(char*)report_top_format,_("Added entries")); } -+ else if (nrem) { error(2,(char*)report_top_format,_("Removed entries")); } -+ else if (nchg) { error(2,(char*)report_top_format,_("Changed entries")); } -+ print_report_list(node, NODE_ADDED|NODE_REMOVED|NODE_CHANGED); -+ } -+ if (nadd || nrem || nchg) { -+ if (!conf->syslog_format) { -+ error(nchg?5:7,(char*)report_top_format,_("Detailed information about changes")); -+ print_report_details(node); -+ } else { -+ /* Syslog Format */ -+ error(0, "AIDE found differences between database and filesystem!!\n"); -+ error(0, "summary;total_number_of_files=%ld;added_files=%ld;" -+ "removed_files=%ld;changed_files=%ld\n",ntotal,nadd,nrem,nchg); -+ print_syslog_format(node); -+ } -+ } -+ } -+ if (!conf->syslog_format) { -+ print_report_databases(); -+ conf->end_time=time(&(conf->end_time)); -+ print_report_footer(); -+ } - } - - return conf->action&(DO_COMPARE|DO_DIFF) ? (nadd!=0)*1+(nrem!=0)*2+(nchg!=0)*4 : 0; -diff -up ./src/conf_lex.l.syslog_format ./src/conf_lex.l ---- ./src/conf_lex.l.syslog_format 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/conf_lex.l 2018-09-27 19:09:09.698371220 +0200 -@@ -401,6 +401,12 @@ int var_in_conflval=0; - return (TROOT_PREFIX); - } - -+^[\t\ ]*"syslog_format"{E} { -+ error(230,"%li:syslog_format =\n",conf_lineno); -+ BEGIN CONFVALHUNT; -+ return (SYSLOG_FORMAT); -+} -+ - ^[\t\ ]*"recstop"{E} { - error(230,"%li:recstop =\n",conf_lineno); - BEGIN CONFVALHUNT; -diff -up ./src/conf_yacc.y.syslog_format ./src/conf_yacc.y ---- ./src/conf_yacc.y.syslog_format 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/conf_yacc.y 2018-09-27 19:09:09.699371228 +0200 -@@ -89,6 +89,7 @@ extern long conf_lineno; - %token TREPORT_URL - %token TGZIPDBOUT - %token TROOT_PREFIX -+%token SYSLOG_FORMAT - %token TUMASK - %token TTRUE - %token TFALSE -@@ -160,7 +161,7 @@ line : rule | equrule | negrule | define - | ifdefstmt | ifndefstmt | ifhoststmt | ifnhoststmt - | groupdef | db_in | db_out | db_new | db_attrs | verbose | report_detailed_init | config_version - | database_add_metadata | report | gzipdbout | root_prefix | report_base16 | report_quiet -- | report_ignore_e2fsattrs | recursion_stopper | warn_dead_symlinks | grouped -+ | report_ignore_e2fsattrs | syslogformat | recursion_stopper | warn_dead_symlinks | grouped - | summarize_changes | acl_no_symlink_follow | beginconfigstmt | endconfigstmt - | TEOF { - newlinelastinconfig=1; -@@ -408,6 +409,15 @@ conf->gzip_dbout=0; - #endif - } ; - -+syslogformat : SYSLOG_FORMAT TTRUE { -+conf->syslog_format=1; -+} | -+ SYSLOG_FORMAT TFALSE { -+conf->syslog_format=0; -+} ; -+ -+ -+ - recursion_stopper : TRECSTOP TSTRING { - /* FIXME implement me */ - -diff -up ./src/error.c.syslog_format ./src/error.c ---- ./src/error.c.syslog_format 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/error.c 2018-09-27 19:13:40.312416750 +0200 -@@ -38,6 +38,9 @@ - /*for locale support*/ - #include "util.h" - -+#define MAX_BUFFER_SIZE 1024 -+static char syslog_buffer[MAX_BUFFER_SIZE+1]; -+ - int cmp_url(url_t* url1,url_t* url2){ - - return ((url1->type==url2->type)&&(strcmp(url1->value,url2->value)==0)); -@@ -48,7 +51,9 @@ int error_init(url_t* url,int initial) - { - list* r=NULL; - FILE* fh=NULL; -- int sfac; -+ int sfac; -+ -+ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); - - if (url->type==url_database) { - conf->report_db++; -@@ -163,13 +168,24 @@ void error(int errorlevel,char* error_ms - } - #ifdef HAVE_SYSLOG - if(conf->initial_report_url->type==url_syslog){ --#ifdef HAVE_VSYSLOG -- vsyslog(SYSLOG_PRIORITY,error_msg,ap); --#else -- char buf[1024]; -- vsnprintf(buf,1024,error_msg,ap); -- syslog(SYSLOG_PRIORITY,"%s",buf); --#endif -+ -+ char buff[MAX_BUFFER_SIZE+1]; -+ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); -+ size_t buff_len = strlen(buff); -+ -+ char result_buff[MAX_BUFFER_SIZE+1]; -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wformat-truncation" -+ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); -+#pragma GCC diagnostic pop -+ -+ if(buff[buff_len-1] == '\n'){ -+ syslog(SYSLOG_PRIORITY,"%s",result_buff); -+ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); -+ } else { -+ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); -+ } -+ - va_end(ap); - return; - } -@@ -181,17 +197,25 @@ void error(int errorlevel,char* error_ms - - #ifdef HAVE_SYSLOG - if (conf->report_syslog!=0) { --#ifdef HAVE_VSYSLOG -- va_start(ap,error_msg); -- vsyslog(SYSLOG_PRIORITY,error_msg,ap); -- va_end(ap); --#else -- char buf[1024]; -- va_start(ap,error_msg); -- vsnprintf(buf,1024,error_msg,ap); -+ va_start(ap, error_msg); -+ -+ char buff[MAX_BUFFER_SIZE+1]; -+ vsnprintf(buff,MAX_BUFFER_SIZE,error_msg,ap); -+ size_t buff_len = strlen(buff); -+ -+ char result_buff[MAX_BUFFER_SIZE+1]; -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wformat-truncation" -+ snprintf(result_buff, MAX_BUFFER_SIZE, "%s%s", syslog_buffer, buff); -+#pragma GCC diagnostic pop -+ -+ if(buff[buff_len-1] == '\n'){ -+ syslog(SYSLOG_PRIORITY,"%s",result_buff); -+ memset(syslog_buffer, 0, MAX_BUFFER_SIZE+1); -+ } else { -+ memcpy(syslog_buffer, result_buff, MAX_BUFFER_SIZE); -+ } - va_end(ap); -- syslog(SYSLOG_PRIORITY,"%s",buf); --#endif - } - #endif - diff --git a/aide.spec b/aide.spec index be6e4a7..062480c 100644 --- a/aide.spec +++ b/aide.spec @@ -1,15 +1,20 @@ +%global forgeurl https://github.com/%{name}/%{name} + Summary: Intrusion detection environment Name: aide -Version: 0.18.6 -Release: 5%{?dist} -URL: http://sourceforge.net/projects/aide +Version: 0.18.8 +Release: %autorelease +URL: https://aide.github.io/ License: GPL-2.0-or-later - -Source0: %{url}/files/aide/%{version}/%{name}-%{version}.tar.gz -Source1: aide.conf -Source2: README.quickstart -Source3: aide.logrotate +Source0: %{forgeurl}/releases/download/v%{version}/%{name}-%{version}.tar.gz +Source1: %{forgeurl}/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc +# gpg2 --recv-keys 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 +# gpg2 --export --export-options export-minimal 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 >gpgkey-aide.gpg +Source2: gpgkey-aide.gpg +Source3: aide.conf +Source4: README.quickstart +Source5: aide.logrotate BuildRequires: gcc BuildRequires: make @@ -24,6 +29,13 @@ BuildRequires: libattr-devel BuildRequires: e2fsprogs-devel BuildRequires: audit-libs-devel BuildRequires: autoconf automake libtool +# For verifying signatures +BuildRequires: gnupg2 +# For being able to run 'make check' +BuildRequires: check-devel + + +Requires: logrotate Patch1: aide-verbose.patch @@ -32,8 +44,9 @@ AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. %prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 -cp -a %{S:2} . +cp -a %{S:4} . %patch -R -P 1 -p1 -b .verbose @@ -52,10 +65,13 @@ cp -a %{S:2} . --with-audit %make_build +%check +make check + %install %make_install bindir=%{_sbindir} -install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{S:1} -install -Dpm0644 %{S:3} %{buildroot}%{_sysconfdir}/logrotate.d/aide +install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{S:3} +install -Dpm0644 %{S:5} %{buildroot}%{_sysconfdir}/logrotate.d/aide mkdir -p %{buildroot}%{_localstatedir}/log/aide mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide @@ -72,289 +88,4 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %dir %attr(0700,root,root) %{_localstatedir}/log/aide %changelog -* Wed Jul 17 2024 Fedora Release Engineering - 0.18.6-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Mon Feb 12 2024 Radovan Sroka - 0.18.6-4 -- rebase to 0.18.6 - -* Mon Jan 22 2024 Fedora Release Engineering - 0.18.6-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 0.18.6-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Tue Oct 24 2023 Radovan Sroka - 0.18.6-1 -- rebase to 0.18.6 - -* Wed Jul 19 2023 Fedora Release Engineering - 0.18.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Wed Jun 21 2023 Radovan Sroka - 0.18.4-1 -- aide-0.18.4 is available -Resolves: rhbz#1910486 -- Please port your pcre dependency to pcre2. Pcre has been deprecated -Resolves: rhbz#2128267 - -* Tue Jun 13 2023 Radovan Sroka - 0.16-23 -- migrated to SPDX license - -* Wed Jan 18 2023 Fedora Release Engineering - 0.16-22 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Fri Nov 25 2022 Florian Weimer - 0.16-21 -- Apply upstream patches to port configure to C99 - -* Wed Jul 20 2022 Fedora Release Engineering - 0.16-20 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Wed Jan 19 2022 Fedora Release Engineering - 0.16-19 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Wed Jul 21 2021 Fedora Release Engineering - 0.16-18 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon Jan 25 2021 Fedora Release Engineering - 0.16-17 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Fri Jul 31 2020 Fedora Release Engineering - 0.16-16 -- Second attempt - Rebuilt for - https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Mon Jul 27 2020 Fedora Release Engineering - 0.16-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jun 24 2020 Radovan Sroka 0.16-14 -- AIDE breaks when setting report_ignore_e2fsattrs - Resolves: rhbz#1850276 - -* Tue Jan 28 2020 Fedora Release Engineering - 0.16-13 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Wed Jul 31 2019 Radovan Sroka - 0.16-12 -- backport some patches - Resolves: rhbz#1717140 - -* Wed Jul 24 2019 Fedora Release Engineering - 0.16-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Wed Feb 20 2019 Daniel Kopecek - 0.16-10 -- Fix building with curl - Resolves: rhbz#1674637 - -* Thu Jan 31 2019 Fedora Release Engineering - 0.16-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Tue Jul 31 2018 Florian Weimer - 0.16-8 -- Rebuild with fixed binutils - -* Thu Jul 12 2018 Fedora Release Engineering - 0.16-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Feb 20 2018 Igor Gnatenko - 0.16-6 -- Rebuild - -* Wed Feb 07 2018 Fedora Release Engineering - 0.16-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Aug 02 2017 Fedora Release Engineering - 0.16-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 0.16-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed Apr 05 2017 Radovan Sroka - 0.16-2 -- fixed upstream link - -* Tue Apr 04 2017 Radovan Sroka - 0.16-1 -- rebase to stable v0.16 -- specfile cleanup -- make doc readable - resolves: #1421355 -- make aide binary runable for any user - resolves: #1421351 - -* Fri Feb 10 2017 Fedora Release Engineering - 0.16-0.3.rc1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Jul 12 2016 Tomas Sykora - 0.16-0.2.rc1 -- New upstream devel version - -* Mon Jun 20 2016 Tomas Sykora - 0.16-0.1.b1 -- New upstream devel version - -* Wed Feb 03 2016 Fedora Release Engineering - 0.15.1-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Sat Jul 25 2015 Till Maas - 0.15.1-11 -- Remove prelink dependency because prelink was retired - -* Tue Jun 16 2015 Fedora Release Engineering - 0.15.1-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Fri Aug 15 2014 Fedora Release Engineering - 0.15.1-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Fri Jul 18 2014 Yaakov Selkowitz - 0.15.1-8 -- Fix FTBFS with -Werror=format-security (#1036983, #1105942) -- Avoid prelink BR on aarch64, ppc64le (#924977, #1078476) - -* Sat Jun 07 2014 Fedora Release Engineering - 0.15.1-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Sat Aug 03 2013 Fedora Release Engineering - 0.15.1-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Wed Feb 13 2013 Fedora Release Engineering - 0.15.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Thu Nov 22 2012 Daniel Kopecek - 0.15.1-4 -- added patch to fix aide in FIPS mode -- use only FIPS approved digest algorithms in aide.conf so that - aide works by default in FIPS mode - -* Wed Jul 18 2012 Fedora Release Engineering - 0.15.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Jan 12 2012 Fedora Release Engineering - 0.15.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Thu Nov 11 2010 Steve Grubb - 0.15.1-1 -- New upstream release - -* Tue May 18 2010 Steve Grubb - 0.14-5 -- Apply 2 upstream bug fixes - -* Tue May 18 2010 Steve Grubb - 0.14-4 -- Use upstream's patch to fix bz 590566 - -* Sat May 15 2010 Steve Grubb - 0.14-3 -- Fix bz 590561 aide does not detect the change of SElinux context -- Fix bz 590566 aide reports a changed file when it has not been changed - -* Wed Apr 28 2010 Steve Grubb - 0.14-2 -- Fix bz 574764 by replacing abort calls with exit -- Apply libgcrypt init patch - -* Tue Mar 16 2010 Steve Grubb - 0.14-1 -- New upstream release final 0.14 - -* Thu Feb 25 2010 Steve Grubb - 0.14-0.4.rc3 -- New upstream release - -* Thu Feb 25 2010 Steve Grubb - 0.14-0.3.rc2 -- New upstream release - -* Tue Feb 23 2010 Steve Grubb - 0.14-0.2.rc1 -- Fix dirent detection on 64bit systems - -* Mon Feb 22 2010 Steve Grubb - 0.14-0.1.rc1 -- New upstream release - -* Fri Feb 19 2010 Steve Grubb - 0.13.1-16 -- Add logrotate script and spec file cleanups - -* Fri Dec 11 2009 Steve Grubb - 0.13.1-15 -- Get rid of .dedosify files - -* Wed Dec 09 2009 Steve Grubb - 0.13.1-14 -- Revise patch for Initialize libgcrypt correctly (#530485) - -* Sat Nov 07 2009 Steve Grubb - 0.13.1-13 -- Initialize libgcrypt correctly (#530485) - -* Fri Aug 21 2009 Tomas Mraz - 0.13.1-12 -- rebuilt with new audit - -* Wed Aug 19 2009 Steve Grubb 0.13.1-11 -- rebuild for new audit-libs -- Correct regex for root's dot files (#509370) - -* Fri Jul 24 2009 Fedora Release Engineering - 0.13.1-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Mon Jun 08 2009 Steve Grubb - 0.13.1-9 -- Make aide smarter about prelinked files (Peter Vrabec) -- Add /lib64 to default config - -* Mon Feb 23 2009 Fedora Release Engineering - 0.13.1-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Fri Jan 30 2009 Steve Grubb - 0.13.1-6 -- enable xattr support and update config file - -* Fri Sep 26 2008 Tom "spot" Callaway - 0.13.1-5 -- fix selcon patch to apply without fuzz - -* Fri Feb 15 2008 Steve Conklin -- rebuild for gcc4.3 - -* Tue Aug 21 2007 Michael Schwendt -- rebuilt - -* Sun Jul 22 2007 Michael Schwendt - 0.13.1-2 -- Apply Steve Conklin's patch to increase displayed portion of - selinux context. - -* Sun Dec 17 2006 Michael Schwendt - 0.13.1-1 -- Update to 0.13.1 release. - -* Sun Dec 10 2006 Michael Schwendt - 0.13-1 -- Update to 0.13 release. -- Include default aide.conf from RHEL5 as doc example file. - -* Sun Oct 29 2006 Michael Schwendt - 0.12-3.20061027cvs -- CAUTION! This changes the database format and results in a report of - false inconsistencies until an old database file is updated. -- Check out CVS 20061027 which now contains Red Hat's - acl/xattr/selinux/audit patches. -- Patches merged upstream. -- Update manual page substitutions. - -* Mon Oct 23 2006 Michael Schwendt - 0.12-2 -- Add "memory leaks and performance updates" patch as posted - to aide-devel by Steve Grubb. - -* Sat Oct 07 2006 Michael Schwendt - 0.12-1 -- Update to 0.12 release. -- now offers --disable-static, so -no-static patch is obsolete -- fill last element of getopt struct array with zeroes - -* Mon Oct 02 2006 Michael Schwendt - 0.11-3 -- rebuilt - -* Mon Sep 11 2006 Michael Schwendt - 0.11-2 -- rebuilt - -* Sun Feb 19 2006 Michael Schwendt - 0.11-1 -- Update to 0.11 release. -- useless-includes patch merged upstream. -- old Russian man pages not available anymore. -- disable static linking. - -* Thu Apr 7 2005 Michael Schwendt -- rebuilt - -* Fri Nov 28 2003 Michael Schwendt - 0:0.10-0.fdr.1 -- Update to 0.10 release. -- memleaks patch merged upstream. -- rootpath patch merged upstream. -- fstat patch not needed anymore. -- Updated URL. - -* Thu Nov 13 2003 Michael Schwendt - 0:0.10-0.fdr.0.2.cvs20031104 -- Added buildreq m4 to work around incomplete deps of bison package. - -* Tue Nov 04 2003 Michael Schwendt - 0:0.10-0.fdr.0.1.cvs20031104 -- Only tar.gz available upstream. -- byacc not needed when bison -y is available. -- Installed Russian manual pages. -- Updated with changes from CVS (2003-11-04). -- getopt patch merged upstream. -- bison-1.35 patch incorporated upstream. - -* Tue Sep 09 2003 Michael Schwendt - 0:0.9-0.fdr.0.2.20030902 -- Added fixes for further memleaks. - -* Sun Sep 07 2003 Michael Schwendt - 0:0.9-0.fdr.0.1.20030902 -- Initial package version. +%autochangelog diff --git a/coverity.patch b/coverity.patch deleted file mode 100644 index 9b981be..0000000 --- a/coverity.patch +++ /dev/null @@ -1,642 +0,0 @@ -diff -up ./include/be.h.coverity ./include/be.h ---- ./include/be.h.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./include/be.h 2018-10-10 19:27:18.680632681 +0200 -@@ -22,6 +22,6 @@ - #define _BE_H_INCLUDED - #include "db_config.h" - --FILE* be_init(int inout,url_t* u,int iszipped); -+void* be_init(int inout,url_t* u,int iszipped); - - #endif /* _BE_H_INCLUDED */ -diff -up ./include/db_config.h.coverity ./include/db_config.h ---- ./include/db_config.h.coverity 2018-10-10 19:27:18.672632611 +0200 -+++ ./include/db_config.h 2018-10-10 19:27:18.681632689 +0200 -@@ -376,7 +376,7 @@ typedef struct db_config { - #endif - - url_t* initial_report_url; -- FILE* initial_report_fd; -+ void* initial_report_fd; - - /* report_url is a list of url_t*s */ - list* report_url; -diff -up ./src/aide.c.coverity ./src/aide.c ---- ./src/aide.c.coverity 2018-10-10 19:27:18.678632663 +0200 -+++ ./src/aide.c 2018-10-10 19:27:18.681632689 +0200 -@@ -278,7 +278,7 @@ static void setdefaults_before_config() - error(0,_("Couldn't get hostname")); - free(s); - } else { -- s=(char*)realloc((void*)s,strlen(s)+1); -+ // s=(char*)realloc((void*)s,strlen(s)+1); - do_define("HOSTNAME",s); - } - -@@ -506,8 +506,6 @@ static void setdefaults_after_config() - int main(int argc,char**argv) - { - int errorno=0; -- byte* dig=NULL; -- char* digstr=NULL; - - #ifdef USE_LOCALE - setlocale(LC_ALL,""); -@@ -544,6 +542,10 @@ int main(int argc,char**argv) - } - - errorno=commandconf('C',conf->config_file); -+ if (errorno==RETFAIL){ -+ error(0,_("Configuration error\n")); -+ exit(INVALID_CONFIGURELINE_ERROR); -+ } - - errorno=commandconf('D',""); - if (errorno==RETFAIL){ -@@ -594,6 +596,9 @@ int main(int argc,char**argv) - } - } - #ifdef WITH_MHASH -+ byte* dig=NULL; -+ char* digstr=NULL; -+ - if(conf->config_check&&FORCECONFIGMD){ - error(0,"Can't give config checksum when compiled with --enable-forced_configmd\n"); - exit(INVALID_ARGUMENT_ERROR); -diff -up ./src/base64.c.coverity ./src/base64.c ---- ./src/base64.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/base64.c 2018-10-10 19:27:18.681632689 +0200 -@@ -209,6 +209,7 @@ byte* decode_base64(char* src,size_t ssi - case FAIL: - error(3, "decode_base64: Illegal character: %c\n", *inb); - error(230, "decode_base64: Illegal line:\n%s\n", src); -+ free(outbuf); - return NULL; - break; - case SKIP: -@@ -260,7 +261,7 @@ size_t length_base64(char* src,size_t ss - int l; - int left; - size_t pos; -- unsigned long triple; -+ //unsigned long triple; - - error(235, "decode base64\n"); - /* Exit on empty input */ -@@ -273,7 +274,7 @@ size_t length_base64(char* src,size_t ss - inb = src; - - l = 0; -- triple = 0; -+ //triple = 0; - pos=0; - left = ssize; - /* -@@ -293,7 +294,7 @@ size_t length_base64(char* src,size_t ss - case SKIP: - break; - default: -- triple = triple<<6 | (0x3f & i); -+ //triple = triple<<6 | (0x3f & i); - l++; - break; - } -@@ -302,10 +303,10 @@ size_t length_base64(char* src,size_t ss - switch(l) - { - case 2: -- triple = triple>>4; -+ //triple = triple>>4; - break; - case 3: -- triple = triple>>2; -+ //triple = triple>>2; - break; - default: - break; -@@ -314,7 +315,7 @@ size_t length_base64(char* src,size_t ss - { - pos++; - } -- triple = 0; -+ //triple = 0; - l = 0; - } - inb++; -diff -up ./src/be.c.coverity ./src/be.c ---- ./src/be.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/be.c 2018-10-10 19:27:18.681632689 +0200 -@@ -117,9 +117,9 @@ static char* get_first_value(char** in){ - - #endif - --FILE* be_init(int inout,url_t* u,int iszipped) -+void* be_init(int inout,url_t* u,int iszipped) - { -- FILE* fh=NULL; -+ void* fh=NULL; - long a=0; - char* err=NULL; - int fd; -diff -up ./src/commandconf.c.coverity ./src/commandconf.c ---- ./src/commandconf.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/commandconf.c 2018-10-10 19:27:18.682632698 +0200 -@@ -106,7 +106,7 @@ int commandconf(const char mode,const ch - rv=0; - } else { - -- rv=access(config,R_OK); -+ if (config != NULL) rv=access(config,R_OK); - if(rv==-1){ - error(0,_("Cannot access config file: %s: %s\n"),config,strerror(errno)); - } -@@ -166,14 +166,11 @@ int commandconf(const char mode,const ch - int conf_input_wrapper(char* buf, int max_size, FILE* in) - { - int retval=0; -- int c=0; -- char* tmp=NULL; -- void* key=NULL; -- int keylen=0; - - /* FIXME Add support for gzipped config. :) */ - #ifdef WITH_MHASH - /* Read a character at a time until we are doing md */ -+ int c=0; - if(conf->do_configmd){ - retval=fread(buf,1,max_size,in); - }else { -@@ -185,6 +182,9 @@ int conf_input_wrapper(char* buf, int ma - #endif - - #ifdef WITH_MHASH -+ char* tmp=NULL; -+ void* key=NULL; -+ int keylen=0; - if(conf->do_configmd||conf->config_check){ - if(((conf->do_configmd==1)&&conf->config_check)||!conf->confmd){ - if(conf->do_configmd==1){ -@@ -276,6 +276,9 @@ int db_input_wrapper(char* buf, int max_ - #endif - break; - } -+ default: { -+ return 0; -+ } - } - - #ifdef WITH_CURL -@@ -651,7 +654,6 @@ int handle_endif(int doit,int allow_else - case 0 : { - conferror("@@endif or @@else expected"); - return -1; -- count=0; - } - - default : { -@@ -816,6 +818,7 @@ void do_dbdef(int dbtype,char* val) - if(u==NULL||u->type==url_unknown||u->type==url_stdout - ||u->type==url_stderr) { - error(0,_("Unsupported input URL-type:%s\n"),val); -+ free(u); - } - else { - *conf_db_url=u; -@@ -825,6 +828,7 @@ void do_dbdef(int dbtype,char* val) - case DB_WRITE: { - if(u==NULL||u->type==url_unknown||u->type==url_stdin){ - error(0,_("Unsupported output URL-type:%s\n"),val); -+ free(u); - } - else{ - conf->db_out_url=u; -@@ -848,6 +852,7 @@ void do_dbindef(char* val) - if(u==NULL||u->type==url_unknown||u->type==url_stdout - ||u->type==url_stderr) { - error(0,_("Unsupported input URL-type:%s\n"),val); -+ free(u); - } - else { - conf->db_in_url=u; -@@ -869,6 +874,7 @@ void do_dboutdef(char* val) - * both input and output urls */ - if(u==NULL||u->type==url_unknown||u->type==url_stdin){ - error(0,_("Unsupported output URL-type:%s\n"),val); -+ free(u); - } - else{ - conf->db_out_url=u; -@@ -894,7 +900,8 @@ void do_repurldef(char* val) - } else { - error_init(u,0); - } -- -+ -+ free(u); - } - - void do_verbdef(char* val) -@@ -984,7 +991,7 @@ void do_report_ignore_e2fsattrs(char* va - break; - } - } -- *val++; -+ val++; - } - } - #endif -diff -up ./src/compare_db.c.coverity ./src/compare_db.c ---- ./src/compare_db.c.coverity 2018-10-10 19:27:18.673632619 +0200 -+++ ./src/compare_db.c 2018-10-10 19:27:18.682632698 +0200 -@@ -312,7 +312,7 @@ static int acl2array(acl_type* acl, char - if (conf->syslog_format) { - *values = malloc(2 * sizeof(char*)); - -- char *A, *D = ""; -+ char *A= "", *D = ""; - - if (acl->acl_a) { A = acl->acl_a; } - if (acl->acl_d) { D = acl->acl_d; } -diff -up ./src/conf_lex.l.coverity ./src/conf_lex.l ---- ./src/conf_lex.l.coverity 2018-10-10 19:27:18.673632619 +0200 -+++ ./src/conf_lex.l 2018-10-10 19:27:18.682632698 +0200 -@@ -133,7 +133,7 @@ int var_in_conflval=0; - [\ \t]*\n { - conf_lineno++; - return (TNEWLINE); -- BEGIN 0; -+// BEGIN 0; - } - - \+ { -diff -up ./src/db.c.coverity ./src/db.c ---- ./src/db.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/db.c 2018-10-10 19:27:18.683632707 +0200 -@@ -27,6 +27,7 @@ - #include "db_file.h" - #include "db_disk.h" - #include "md.h" -+#include "fopen.h" - - #ifdef WITH_PSQL - #include "db_sql.h" -@@ -269,6 +270,9 @@ db_line* db_readline(int db){ - db_order=&(conf->db_new_order); - break; - } -+ default: { -+ return NULL; -+ } - } - - switch (db_url->type) { -@@ -368,7 +372,7 @@ db_line* db_char2line(char** ss,int db){ - - int i; - db_line* line=(db_line*)malloc(sizeof(db_line)*1); -- int* db_osize=0; -+ int* db_osize=NULL; - DB_FIELD** db_order=NULL; - - switch (db) { -@@ -382,6 +386,10 @@ db_line* db_char2line(char** ss,int db){ - db_order=&(conf->db_new_order); - break; - } -+ default: { -+ free(line); -+ return NULL; -+ } - } - - -@@ -601,7 +609,9 @@ db_line* db_char2line(char** ss,int db){ - size_t vsz = 0; - - tval = strtok(NULL, ","); -- line->xattrs->ents[num].key = db_readchar(strdup(tval)); -+ char * tmp = strdup(tval); -+ line->xattrs->ents[num].key = db_readchar(tmp); -+ free(tmp); - tval = strtok(NULL, ","); - val = base64tobyte(tval, strlen(tval), &vsz); - line->xattrs->ents[num].val = val; -@@ -648,6 +658,8 @@ db_line* db_char2line(char** ss,int db){ - - default : { - error(0,_("Not implemented in db_char2line %i \n"),(*db_order)[i]); -+ free_db_line(line); -+ free(line); - return NULL; - } - -@@ -826,7 +838,7 @@ void db_close() { - case url_ftp: - { - if (conf->db_out!=NULL) { -- url_fclose(conf->db_out); -+ url_fclose((URL_FILE*)conf->db_out); - } - break; - } -diff -up ./src/db_disk.c.coverity ./src/db_disk.c ---- ./src/db_disk.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/db_disk.c 2018-10-10 19:28:00.108995089 +0200 -@@ -79,9 +79,15 @@ static DIR *open_dir(char* path) { - - static void next_in_dir (void) - { -+ - #ifdef HAVE_READDIR_R -- if (dirh != NULL) -+ if (dirh != NULL) { -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wdeprecated-declarations" - rdres = AIDE_READDIR_R_FUNC (dirh, entp, resp); -+#pragma GCC diagnostic pop -+ } -+ - #else - #ifdef HAVE_READDIR - if (dirh != NULL) { -diff -up ./src/db_file.c.coverity ./src/db_file.c ---- ./src/db_file.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/db_file.c 2018-10-10 19:27:18.683632707 +0200 -@@ -171,7 +171,7 @@ int dofprintf( const char* s,...) - int db_file_read_spec(int db){ - - int i=0; -- int* db_osize=0; -+ int* db_osize=NULL; - DB_FIELD** db_order=NULL; - - switch (db) { -@@ -187,6 +187,9 @@ int db_file_read_spec(int db){ - db_lineno=&db_new_lineno; - break; - } -+ default: { -+ return RETFAIL; -+ } - } - - *db_order=(DB_FIELD*) malloc(1*sizeof(DB_FIELD)); -@@ -198,13 +201,10 @@ int db_file_read_spec(int db){ - int l; - - -- /* Yes... we do not check if realloc returns nonnull */ -- -- *db_order=(DB_FIELD*) -- realloc((void*)*db_order, -+ void * tmp = realloc((void*)*db_order, - ((*db_osize)+1)*sizeof(DB_FIELD)); -- -- if(*db_order==NULL){ -+ if (tmp != NULL) *db_order=(DB_FIELD*) tmp; -+ else { - return RETFAIL; - } - -@@ -291,8 +291,8 @@ char** db_readline_file(int db){ - int* domd=NULL; - #ifdef WITH_MHASH - MHASH* md=NULL; --#endif - char** oldmdstr=NULL; -+#endif - int* db_osize=0; - DB_FIELD** db_order=NULL; - FILE** db_filep=NULL; -@@ -302,9 +302,9 @@ char** db_readline_file(int db){ - case DB_OLD: { - #ifdef WITH_MHASH - md=&(conf->dboldmd); -+ oldmdstr=&(conf->old_dboldmdstr); - #endif - domd=&(conf->do_dboldmd); -- oldmdstr=&(conf->old_dboldmdstr); - - db_osize=&(conf->db_in_size); - db_order=&(conf->db_in_order); -@@ -316,9 +316,9 @@ char** db_readline_file(int db){ - case DB_NEW: { - #ifdef WITH_MHASH - md=&(conf->dbnewmd); -+ oldmdstr=&(conf->old_dbnewmdstr); - #endif - domd=&(conf->do_dbnewmd); -- oldmdstr=&(conf->old_dbnewmdstr); - - db_osize=&(conf->db_new_size); - db_order=&(conf->db_new_order); -@@ -328,7 +328,9 @@ char** db_readline_file(int db){ - break; - } - } -- -+ -+ if (db_osize == NULL) return NULL; -+ - if (*db_osize==0) { - db_buff(db,*db_filep); - -@@ -737,8 +739,6 @@ int db_writespec_file(db_config* dbconf) - int i=0; - int j=0; - int retval=1; -- void*key=NULL; -- int keylen=0; - struct tm* st; - time_t tim=time(&tim); - st=localtime(&tim); -@@ -750,6 +750,8 @@ int db_writespec_file(db_config* dbconf) - - #ifdef WITH_MHASH - /* From hereon everything must MD'd before write to db */ -+ void*key=NULL; -+ int keylen=0; - if((key=get_db_key())!=NULL){ - keylen=get_db_key_len(); - dbconf->do_dbnewmd=1; -diff -up ./src/do_md.c.coverity ./src/do_md.c ---- ./src/do_md.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/do_md.c 2018-10-10 19:27:18.683632707 +0200 -@@ -202,7 +202,6 @@ void calc_md(struct AIDE_STAT_TYPE* old_ - and we don't read from a pipe :) - */ - struct AIDE_STAT_TYPE fs; -- int sres=0; - int stat_diff,filedes; - #ifdef WITH_PRELINK - pid_t pid; -@@ -237,7 +236,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_ - return; - } - -- sres=AIDE_FSTAT_FUNC(filedes,&fs); -+ AIDE_FSTAT_FUNC(filedes,&fs); - if(!(line->attr&DB_RDEV)) - fs.st_rdev=0; - -@@ -331,7 +330,7 @@ void calc_md(struct AIDE_STAT_TYPE* old_ - } - #endif - #endif /* not HAVE_MMAP */ -- buf=malloc(READ_BLOCK_SIZE); -+// buf=malloc(READ_BLOCK_SIZE); - #if READ_BLOCK_SIZE>SSIZE_MAX - #error "READ_BLOCK_SIZE" is too large. Max value is SSIZE_MAX, and current is READ_BLOCK_SIZE - #endif -diff -up ./src/gen_list.c.coverity ./src/gen_list.c ---- ./src/gen_list.c.coverity 2016-07-25 22:56:55.000000000 +0200 -+++ ./src/gen_list.c 2018-10-10 19:27:18.684632716 +0200 -@@ -843,15 +843,15 @@ static void add_file_to_tree(seltree* tr - DB_ATTR_TYPE localignorelist=0; - DB_ATTR_TYPE ignored_added_attrs, ignored_removed_attrs, ignored_changed_attrs; - -+ if(file==NULL){ -+ error(0, "add_file_to_tree was called with NULL db_line\n"); -+ } -+ - node=get_seltree_node(tree,file->filename); - - if(!node){ - node=new_seltree_node(tree,file->filename,0,NULL); - } -- -- if(file==NULL){ -- error(0, "add_file_to_tree was called with NULL db_line\n"); -- } - - /* add note to this node which db has modified it */ - node->checked|=db; -diff -up ./src/md.c.coverity ./src/md.c ---- ./src/md.c.coverity 2018-10-10 19:27:18.679632672 +0200 -+++ ./src/md.c 2018-10-10 19:27:18.684632716 +0200 -@@ -36,8 +36,8 @@ - */ - - DB_ATTR_TYPE hash_gcrypt2attr(int i) { -- DB_ATTR_TYPE r=0; - #ifdef WITH_GCRYPT -+ DB_ATTR_TYPE r=0; - switch (i) { - case GCRY_MD_MD5: { - r=DB_MD5; -@@ -74,13 +74,15 @@ DB_ATTR_TYPE hash_gcrypt2attr(int i) { - default: - break; - } --#endif - return r; -+#else /* !WITH_GCRYPT */ -+ return 0; -+#endif - } - - const char * hash_gcrypt2str(int i) { -- char * r = "?"; - #ifdef WITH_GCRYPT -+ char * r = "?"; - switch (i) { - case GCRY_MD_MD5: { - r = "MD5"; -@@ -117,13 +119,17 @@ const char * hash_gcrypt2str(int i) { - default: - break; - } --#endif - return r; -+#else /* !WITH_GCRYPT */ -+ return "?"; -+#endif - } - -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wunused-parameter" - DB_ATTR_TYPE hash_mhash2attr(int i) { -- DB_ATTR_TYPE r=0; - #ifdef WITH_MHASH -+ DB_ATTR_TYPE r=0; - switch (i) { - case MHASH_CRC32: { - r=DB_CRC32; -@@ -198,10 +204,15 @@ DB_ATTR_TYPE hash_mhash2attr(int i) { - default: - break; - } --#endif -+ - return r; -+#else /*!WITH_MHASH */ -+ return 0; -+#endif - } - -+#pragma GCC diagnostic pop -+ - /* - Initialise md_container according it's todo_attr field - */ -@@ -317,7 +328,6 @@ int init_md(struct md_container* md) { - */ - - int update_md(struct md_container* md,void* data,ssize_t size) { -- int i; - - error(255,"update_md called\n"); - -@@ -328,6 +338,7 @@ int update_md(struct md_container* md,vo - #endif - - #ifdef WITH_MHASH -+ int i; - - for(i=0;i<=HASH_MHASH_COUNT;i++) { - if (md->mhash_mdh[i]!=MHASH_FAILED) { -@@ -348,7 +359,6 @@ int update_md(struct md_container* md,vo - */ - - int close_md(struct md_container* md) { -- int i; - #ifdef _PARAMETER_CHECK_ - if (md==NULL) { - return RETFAIL; -@@ -356,6 +366,7 @@ int close_md(struct md_container* md) { - #endif - error(255,"close_md called \n"); - #ifdef WITH_MHASH -+ int i; - for(i=0;i<=HASH_MHASH_COUNT;i++) { - if (md->mhash_mdh[i]!=MHASH_FAILED) { - mhash (md->mhash_mdh[i], NULL, 0); -diff -up ./src/util.c.coverity ./src/util.c ---- ./src/util.c.coverity 2018-10-10 19:27:18.670632593 +0200 -+++ ./src/util.c 2018-10-10 19:27:18.684632716 +0200 -@@ -105,13 +105,15 @@ url_t* parse_url(char* val) - for(i=0;r[0]!='/'&&r[0]!='\0';r++,i++); - if(r[0]=='\0'){ - error(0,"Invalid file-URL,no path after hostname: file:%s\n",t); -+ free(hostname); - return NULL; - } - u->value=strdup(r); - r[0]='\0'; - if(gethostname(hostname,MAXHOSTNAMELEN)==-1){ -- strncpy(hostname,"localhost", 10); -+ strncpy(hostname,"localhost", 10); - } -+ - if( (strcmp(t,"localhost")==0)||(strcmp(t,hostname)==0)){ - free(hostname); - break; -@@ -120,7 +122,7 @@ url_t* parse_url(char* val) - free(hostname); - return NULL; - } -- free(hostname); -+ - break; - } - u->value=strdup(r); diff --git a/gpgkey-aide.gpg b/gpgkey-aide.gpg new file mode 100644 index 0000000000000000000000000000000000000000..efb011917bd132d1633f2ceeb97ee79c1acfa0f4 GIT binary patch literal 5160 zcmajiXEYp&y2kM-gwY9x=)JdSBYH0xq7Op!=ti_bY+`glB8ccEI?=Woqjxbx34+l} zh~9~C*V*TsbrCd694Ss?}50AWv)%l{OW_~LfIvFc0ne0q-#>1e);23q2#C>wm zPJv6RX_L_VYfIkgW?6IR4jr2Vp2}M7x!B2eGPJ)|YHRVY8Lz}hvj!~1!mf|aH3`S{oQpOpF}!xUk2)nJF0RWQEvSN7I=A5+b~Kii?!q({IY{ZM<)O8I82dP?gXKZ90Awq5?nWABCDjU|oQ?%YBM ztIr+$g>?wu%tn#0jrltgM(>iEY^G6`FAjDEYi(^u9&9TEO?YEA^gnfn_pJA++0QeJ z^EKm#U4-R-zU}a_2<)Cct*-`H>j*h`Sp_@CQOv$?XY@>d_&8?r_Js-xCA`kng%`&x z>#pFL+KODskft&2Pc5`x zo8&B{AIj9_Nmdj1-^u$QrS7Y|UBW7on~+JpC_OETl{OAF?57Yvns@4hqeh}&ppBrc zpvd<`ZaZK0Su6ct>u3534`YlU2*s&k5z?8^kK- z{MS**AL;4*ubZ$v(nBE@guuHGBmyXd7=ZZ15JCblJ`E9skQkp91O@^?%s>$I6^I^4 z%Z4Y=I!Rt$m-)~L^Q-tg<&O&ItrjtSkV7yp3qFKV(zORb1flr%owaMuEY-$al3dp-t6agj&Po2tvB0sCJw_Emq)Lll>`dN6+^{@uhqC z6FyDMfh=^yigmxOF9S&}Bq6b0=qansw>aV_T$15IW3hk+L*w&Hs6NqRzAJA9Mfx?v z3do73s3*5>4ki0s7A|TYWTou5HTRbwF5!FU5oJ6mMT58IGp^U$>f7gf4`pc)MVnwpoO}YcP)NUwq8Yz9 z3`uALWvtvh?qWsFGr+5cN73jTYx#6IAiW=lQCyEO@NiTnzceLz+!`*Yj8JpJgDN|u z_eRir_a>3UFV{cYh9_dE;1>=0CIkd@qQ>+cSD&RP8l*J`S?isv=R!akPm^gw!v@=*pI)~K z;t{vuY^XP%#7E*p7J{=Sq$|HtjFocjQ&E4^(LwqXGmafFxTS(yhG%l@@3FS^+yQVA zzN*cuNp<6C(?U8|4*(Z$cZy_*5g_wIHksj6v20(2d&&u{Uf}=k(Es24DLFXWx!8IN zBfXszVnN1#WvK8s8U9^^GXJ~5(>n?P+G6;_bh0k6gX{<{==&3?BGi!=X38rEDoJeCk2c0NdfI}lJ`a$`&0;K2co2Peyi&_!!5AN_zkmpt+hv-z2~PeEAJ zvO;BZ|FOjP^5=!%MZU9TF|g+J8q#l#x^O?VgReo9*spJ zNIxtJ`jzG6m)-}&r+XNS9)q13ndAV(hd+%qjgq>K#_yW6%|~K4B`KVnWcREZk8+rV z`Quif7_V$to;W|0g^Km-dd)N=;F6XH9_F+^#ABa`&$5h-v3@brn~ZOf>@lvG(0+Yt zm$!nS)VKRPfs|o{41)^eaS7)h?eEYl&Hx%$F&TC8ru96*9JG8biryE|@*8a>Bc4X~ zmp@;M3XIN;wv-=dYhIU<{MB+#2d0wXwm)_exm%m8=ihxUTP8aDHI!*vLb5`&;$y=Q zoP%fP#g!T2_Dj6={r;y{?n~wD2H6I?T>fBgj6LX~hm@&YH7n`XqtEmNEXge|(NgH$ zy~b8IUT=q#wcos9m`YuV@$4300-he^_a`6;pig@ZUN>R;T`*YK@JQDJXu^TZv~Ac_ za*tE$FR~917GUJVyVP)Bomln+Ti(7^%mMG;oAW9c$LNhyDaqBd&r7oeLEStS!1ubI z25>IUna>O7m-_#~650q(5iBjN5Pub}r%VE^jx;RwT!7j16Nd`96kX|4zqHJhAnCtk zCM64MUzZMK(ebH?gHD{A31=Dd;U;ybx$sJil#F*{BSr4k#PZiQ*mW0=l_Nm&2G>FC zMj3$z!pN;Ut*}65N?IiEhz&b-aP_*9LsOqQV01MEE!Mc9&f?K&Ul%nJ9q{Fq?d2?{ z1>6uQmgVC(2q(PCLzwvrH*{uq%?WwU#{g{RUh(w*@b?FBRj6yAgk2)8t>0sLUnF1e z6P0ZlY^ASJ+|Kl?9|yNRdX*^f8j(Bi6l|>xVN1ZF?0QZtqJn|cN8~%6;kdvewR#Wy z;LhYSQtzQJeu)~x4t+#7sy{M5P&>BA>Jo`~P^QQyJ&nr1Wa|sI{uoy~Qy+EtYnx(0 za(Hw=A^Xjjo3%?w3F%s^{uSX3Bmb*5UDF(|*}z2E8;osz*PzLEy5>PRjz3oK7#8O%$F z=LH=#au4G`nc${vUlzyiIzf>1$l(5z4L5g6U0}q9*t%1&B__I9!q^^5rV@YKGHU!Z zq$c)RKf9%sjn^tUEjpwBt6fjhdKluRx9tg$eqqI_k@%LXX~MU&wi8B{yD3FzHzzIT z*|J!CF(LmJ%MK6kWwRygPsr8h#_;Q4wFkF8Ll<@)DjZ+PG8@3q?arC+h$AgfvPMg8 zFB-cm(3r~69+r42xH4#N5ItyLT+8~NF>oL)+&Hpa;B519Mkt_3qg8j;A5F4crqxT$ zPzqU@vNi3F7TD!1$ zni)rX&Jqhd^n2m>of)?%sz6kqcUZgh8-_6utMJ*8LArnK9VAvCwI5I80a?;+zpYz) zhY%;%I4i-24B1L|H8|zFQTA`lCHVd%)g8B%zX-pr&{WMy8j9mj$dzSF+_|4r)f^KG zhnHbDS;SQf<*wd{#0oDkYyXS01ds$!DriF{FrxVIw=#}f_tt63Hh_cM=iRggT5=+Z zp@&8p5N52|rgSDZRIze1?B@J<>^bALIj?N8g{DORaEv#K~bV&G_+m6R)tcRYB7s3dcFh#K-Xy>DtR4+XxAY+sI= zON?K}O3_e4j=842KCtvAQ1E!=VF@3xe+XWqn3CsR>+rh12RE|*G9#V`NwgoNZEC#i zROu0C*;CX@T?{o(%zAO%sfAil?bu|xOo?Us)8Wukzk$Kr*dDpZaatK!y#T&N;ntfj z>>GJcXe3&AC{1EA?Ylci{Cw%MJCXu!A=oM#;f@=$RJVrV!3~`s`Ba^yd2YQX{V9+0EWX63UniW1RSLYTr%z2c;q-4EN3gb7%>}ozvY`JP7e}eRuB;uP}N3yVeX*n z^P&_kGHGl#1J>8Y|1rt!X4p9L_KL>EElQR*yc1{I_BDR&VZO1dtUj69NEs$WU~U{IMac91w068`Uj7XhqTPNRqtc*LizTvS z|2(a+vMt-5I$Q8juGCKz^`szpmO8e?bfcEi$*iidDDPx~AZotd-jrQf!JjbD@SUIu zGFofZURCVgt;1lR%h(^YYmc@3Ym+|KOE>AQ0R)e^l{A}gfBi-Kbw)`i(!xL;I_=b`8r|JWIJkd2@ zd>^`|Ppq3c`WehBxr(-@VEzyuu^!-ui(+t1^<6!2tPUSVO7uM}5H#|Nq|aUkJz`Qd zilI4+{{4x*U^QN2)Iqkrop8Pe;5MMW;N=%v4isn;VTUL6Ss_;+F zH{L)Jz-U5;hf~0ioDkbN2BA9 zZqwwDbYigPTtm8P4-yH?GWp3fm6{i;yg<_7TZn-tCGpK^Pgb2g*U03AO9)6euSQaH zqAMV<4!oW+v-&d9jYmGSZgT;~_0JvlEv87-FWKFFV7VDF@GJoa?^k|tc_vHetjg8n zPi@N+w)k(!tuu~E(DDkhx?`Xmq6dQGASh5zGqcEIoPG;_0rbe-nUTmQ$3FGFFJH&A zhtFDe`tibOO)Ds$6=%7{JZ?vOEe&{E;ewT6Ics^QQ8G>%f8KaJuhIN*O0`Aq$F)-q z5PanW=T;w^pnTUl$|5*co!8?0TN##=Ek*O%a=vPSj|9q3v4wNh{;5hGl7kKyq$!}> z6E|m*u34L*e{E`MTY!hu#q*aj*a3@MpCy8SxilOyI#&rClIdo_e0`t~=)u@Cdm$g5 z_pBML)JFG-^=2)ZP-*cgsIy$lgre<#at6=;d!0dl$Jyr}>nsffmUZG-@#uksfP45L zJ;;ssKYY{eN5O2^4-hvf;#(Ne2VxT%`X~KIWI5mC#j{t!dJeEYh3K==gxn9?~ZaDQfjvI~{+_OV<`-wiP+0T;F*F3PJ1ctNZioay5 z`KGoh5o?84wlu(x=jbRgOLMb!TaAQZsEu=F?sB+kZ-oJ!*7UCMwQ zzV=c1ZW{a3`MktoAxJD)c3R=7$XO~ysJs}$ZR3OBEs?zr#I{ z6E`8QTvtIA?LcduZ@l$(Tu0DnnJ`&7xu%aStV4?(?U%`Kk8Nd~vO1j17+;*3 zlxgUzvp9@zDRE@t-PI7k0O<(Ys7DG~To#ynQ;&bLlLdh0@l}>VBu~zLUgro|swpN! zl+4Fv@|*stSU*3J*lDsrSv zEeT+9PYtu!*4r={+PLYMm9B8#P=M#t>U)Uz2kedZN_Drw@UdYB)w_d`kBz0^|k5Ph*++)0mBf}cNHh>OW_hxT5ysO!v|vBs>|FUE|=~TOEtfsQ7X-yhS+hO&qx})a?10CzMh5B@m{`s8a2StauxN=j`dq_;pN1oU6MZI$o< literal 0 HcmV?d00001 diff --git a/sources b/sources index aab41a4..ca6c59b 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (aide-0.18.6.tar.gz) = c0e7c366029a401bce4cf44762caecada4d4831bfc2f00ebab6cb818ba259fae5409fdfcc7386d2bc9ca91a8e8fe0eb78927205bc75513578b8a3ccd17183744 +SHA512 (aide-0.18.8.tar.gz) = 38763f527cfbc11847eca2fca17eceabc46158624954f0457feb49b885f34e4311f2dbc50b5471f4ff972e9e4e9c9f55c2da8dd8d55c04063a9043ab4829ff05 +SHA512 (aide-0.18.8.tar.gz.asc) = 9eeed86a0484d9f2acfd91c49adae285b34ebc390f65f32d72e9409a5e57456e637036094cb7fd38cb6a1332f6bbb58e4ff704819fd4449ec0d7b2ae01d95cd8 From 204ac42bba4e3365036d29d4a68b64acf7c4962f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 10:44:20 +0000 Subject: [PATCH 34/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From c1f9cbad754fb62aefa08c1208a3e8dc3a26243e Mon Sep 17 00:00:00 2001 From: Patrik Koncity Date: Wed, 8 Jan 2025 14:25:09 +0100 Subject: [PATCH 35/58] Add tmt CI --- .fmf/version | 1 + ci.fmf | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 .fmf/version create mode 100644 ci.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/ci.fmf b/ci.fmf new file mode 100644 index 0000000..a36dc28 --- /dev/null +++ b/ci.fmf @@ -0,0 +1,12 @@ +#e2e test plan +/e2e: + plan: + import: + url: https://github.com/RedHat-SP-Security/aide-plans.git + name: /generic/e2e_ci + +/rpmverify: + plan: + import: + url: https://github.com/RedHat-SP-Security/aide-plans.git + name: /generic/rpmverify From 3073404dcdbb82446c5844ac4bca68797a1763d6 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 24 Feb 2025 14:48:55 -0800 Subject: [PATCH 36/58] Remove confusing and broken patch (#2346091) Jian Peng noticed that this patch has multiple errors that cause compilation to fail if it is applied. We did not notice because, as the package stands, the patch is applied "normally" (by %autosetup) and then immediately reverted (by the patch -R call) before compilation occurs. So it's a confusing no-op. Let's just remove it to avoid future confusion. If somebody wants to re-add a fixed version of it, please ensure it works correctly and the reason for its inclusion is documented in the spec file. --- aide-verbose.patch | 34 ---------------------------------- aide.spec | 4 ---- 2 files changed, 38 deletions(-) delete mode 100644 aide-verbose.patch diff --git a/aide-verbose.patch b/aide-verbose.patch deleted file mode 100644 index c87ff90..0000000 --- a/aide-verbose.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -up ./src/conf_eval.c.fix ./src/conf_eval.c ---- ./src/conf_eval.c.fix 2023-12-22 12:12:22.961141634 +0100 -+++ ./src/conf_eval.c 2023-12-22 14:09:21.217786675 +0100 -@@ -166,6 +166,7 @@ static DB_ATTR_TYPE eval_attribute_expre - - static void set_database_attr_option(DB_ATTR_TYPE attr, int linenumber, char *filename, char* linebuf) { - char *str; -+ long num; - - DB_ATTR_TYPE hashes = get_hashes(true); - if (attr&(~hashes)) { -@@ -298,8 +299,20 @@ static void eval_config_statement(config - LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_CONFIG, "set 'config_version' option to '%s'", str) - break; - case VERBOSE_OPTION: -- log_msg(LOG_LEVEL_ERROR, "%s:%d: 'verbose' option is no longer supported, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf); -- exit(INVALID_CONFIGURELINE_ERROR); -+ log_msg(LOG_LEVEL_CONFIG, "%s:%d: 'verbose' option is deprecated, use 'log_level' and 'report_level' options instead (see man aide.conf for details) (line: '%s')", conf_filename, conf_linenumber, conf_linebuf); -+ str = eval_string_expression(statement.e, linenumber, filename, linebuf); -+ num = strtol(str, NULL, 10); -+ -+ if (num < 0 && num > 255) { -+ LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_ERROR, "invalid verbose level: '%s'", str); -+ exit(INVALID_CONFIGURELINE_ERROR); -+ } -+ -+ if (num >= 10) { -+ set_log_level(LOG_LEVEL_DEBUG); -+ } -+ -+ free(str); - break; - case LIMIT_CMDLINE_OPTION: - /* command-line options are ignored here */ diff --git a/aide.spec b/aide.spec index 062480c..eda0cff 100644 --- a/aide.spec +++ b/aide.spec @@ -37,8 +37,6 @@ BuildRequires: check-devel Requires: logrotate -Patch1: aide-verbose.patch - %description AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and intrusion detection program. @@ -48,8 +46,6 @@ checker and intrusion detection program. %autosetup -p1 cp -a %{S:4} . -%patch -R -P 1 -p1 -b .verbose - %build #autoreconf -ivf %configure \ From 4750c5ce8a6f1c547f339ff8146e90e0348376b4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 16:50:19 +0000 Subject: [PATCH 37/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 7b39911f4eb2db77db0fc254927fd64145b42e1c Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 5 Aug 2025 11:23:42 +0200 Subject: [PATCH 38/58] Simplify URL handling --- aide.spec | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/aide.spec b/aide.spec index eda0cff..8efe513 100644 --- a/aide.spec +++ b/aide.spec @@ -1,14 +1,12 @@ -%global forgeurl https://github.com/%{name}/%{name} - Summary: Intrusion detection environment Name: aide Version: 0.18.8 Release: %autorelease -URL: https://aide.github.io/ +URL: https://github.com/aide/aide License: GPL-2.0-or-later -Source0: %{forgeurl}/releases/download/v%{version}/%{name}-%{version}.tar.gz -Source1: %{forgeurl}/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc +Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz +Source1: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz.asc # gpg2 --recv-keys 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 # gpg2 --export --export-options export-minimal 2BBBD30FAAB29B3253BCFBA6F6947DAB68E7B931 >gpgkey-aide.gpg Source2: gpgkey-aide.gpg From f3c128e1ec4eb9ae7587e205f92220018060201f Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 5 Aug 2025 11:26:43 +0200 Subject: [PATCH 39/58] spec: standardize source file reference syntax Use consistent %{SOURCE#} macro syntax throughout the spec file instead of mixing %{S:#} and %{SOURCE#} formats. This improves readability and follows RPM packaging best practices. --- aide.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/aide.spec b/aide.spec index 8efe513..fdb6bfc 100644 --- a/aide.spec +++ b/aide.spec @@ -42,7 +42,7 @@ checker and intrusion detection program. %prep %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 -cp -a %{S:4} . +cp -a %{SOURCE4} . %build #autoreconf -ivf @@ -64,8 +64,8 @@ make check %install %make_install bindir=%{_sbindir} -install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{S:3} -install -Dpm0644 %{S:5} %{buildroot}%{_sysconfdir}/logrotate.d/aide +install -Dpm0644 -t %{buildroot}%{_sysconfdir} %{SOURCE3} +install -Dpm0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/aide mkdir -p %{buildroot}%{_localstatedir}/log/aide mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide From d45509d296037b559dd13f0217ef380a4b93f9c5 Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 5 Aug 2025 11:38:04 +0200 Subject: [PATCH 40/58] Rebase to 0.19.1 --- .gitignore | 2 ++ aide.spec | 2 +- sources | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 465c998..3d07290 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,5 @@ aide-0.14.tar.gz.asc /aide-0.18.6.tar.gz /aide-0.18.8.tar.gz /aide-0.18.8.tar.gz.asc +/aide-0.19.1.tar.gz +/aide-0.19.1.tar.gz.asc diff --git a/aide.spec b/aide.spec index fdb6bfc..1553dba 100644 --- a/aide.spec +++ b/aide.spec @@ -1,6 +1,6 @@ Summary: Intrusion detection environment Name: aide -Version: 0.18.8 +Version: 0.19.1 Release: %autorelease URL: https://github.com/aide/aide License: GPL-2.0-or-later diff --git a/sources b/sources index ca6c59b..d46f6aa 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (aide-0.18.8.tar.gz) = 38763f527cfbc11847eca2fca17eceabc46158624954f0457feb49b885f34e4311f2dbc50b5471f4ff972e9e4e9c9f55c2da8dd8d55c04063a9043ab4829ff05 -SHA512 (aide-0.18.8.tar.gz.asc) = 9eeed86a0484d9f2acfd91c49adae285b34ebc390f65f32d72e9409a5e57456e637036094cb7fd38cb6a1332f6bbb58e4ff704819fd4449ec0d7b2ae01d95cd8 +SHA512 (aide-0.19.1.tar.gz) = 5f345458acdc79072b8293ea19a6846f2f7ab2eca36729ff1dc6fe06595a40f46af5aac57c8b02b4d144a4ad649b2a1d7f8e3bb216f0fa3d48a7023abf0029b1 +SHA512 (aide-0.19.1.tar.gz.asc) = d5bb3b8ec7dec229a01ae2e2588cc64caf9eaf2e9a71593c2d43662eb25f0afca9d955de7eeba13ca10dbe09f5b66e3b653ab018aa4c16f0531c368335b5e6de From 8e0d851b93fe8045dd46d53f6532b5b159d62fcc Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 5 Aug 2025 11:41:14 +0200 Subject: [PATCH 41/58] cry: use nettle instead of gcrypt --- aide.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/aide.spec b/aide.spec index 1553dba..9bd36bf 100644 --- a/aide.spec +++ b/aide.spec @@ -18,7 +18,7 @@ BuildRequires: gcc BuildRequires: make BuildRequires: bison flex BuildRequires: pcre2-devel -BuildRequires: libgpg-error-devel libgcrypt-devel +BuildRequires: libgpg-error-devel nettle-devel BuildRequires: zlib-devel BuildRequires: libcurl-devel BuildRequires: libacl-devel @@ -49,7 +49,8 @@ cp -a %{SOURCE4} . %configure \ --disable-static \ --with-config_file=%{_sysconfdir}/aide.conf \ - --with-gcrypt \ + --without-gcrypt \ + --with-nettle \ --with-zlib \ --with-curl \ --with-posix-acl \ @@ -71,7 +72,7 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %files %license COPYING -%doc AUTHORS ChangeLog NEWS README contrib/ +%doc AUTHORS ChangeLog NEWS README %doc README.quickstart %{_sbindir}/aide %{_mandir}/man1/*.1* From faf0f7484f747e738fb6dc73b4af6e461c0c832c Mon Sep 17 00:00:00 2001 From: Cropi Date: Thu, 7 Aug 2025 10:28:00 +0200 Subject: [PATCH 42/58] aide.conf: add missing fields to config (added since 0.17) --- aide.conf | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/aide.conf b/aide.conf index 57b15b9..5c978f7 100644 --- a/aide.conf +++ b/aide.conf @@ -14,10 +14,37 @@ database_out=file:@@{DBDIR}/aide.db.new.gz # Whether to gzip the output to database gzip_dbout=yes +# Database attributes to include in report (H = all compiled hashsums, default) +database_attrs=H + +# Add metadata to database (version info, timestamps) +database_add_metadata=yes + +# Warn about unrestricted rules during config check (default: false) +config_check_warn_unrestricted_rules=false + +# Number of workers for parallel processing (default: 1, can use percentage) +num_workers=1 + # Default. log_level=warning report_level=changed_attributes +# Report format (plain or json) +report_format=plain + +# Group files in report by added/removed/changed +report_grouped=yes + +# Summarize changes in report +report_summarize_changes=yes + +# Don't report if no differences found +report_quiet=no + +# Report encoding (base64 is default, base16 available) +report_base16=no + report_url=file:@@{LOGDIR}/aide.log report_url=stdout #report_url=stderr From aa4fd80a6162bb0e14037cbd3ada91dc21e11cda Mon Sep 17 00:00:00 2001 From: Cropi Date: Thu, 7 Aug 2025 10:29:00 +0200 Subject: [PATCH 43/58] aide.conf: correct report_url possible values --- aide.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/aide.conf b/aide.conf index 5c978f7..4a0c0b8 100644 --- a/aide.conf +++ b/aide.conf @@ -48,8 +48,7 @@ report_base16=no report_url=file:@@{LOGDIR}/aide.log report_url=stdout #report_url=stderr -#NOT IMPLEMENTED report_url=mailto:root@foo.com -#NOT IMPLEMENTED report_url=syslog:LOG_AUTH +#report_url=syslog:LOG_AUTH # These are the default rules. # From c19980c40c356c14c5bfe0bf1149c93f48449313 Mon Sep 17 00:00:00 2001 From: Cropi Date: Thu, 7 Aug 2025 10:31:02 +0200 Subject: [PATCH 44/58] aide.conf: update (special) attributes section --- aide.conf | 55 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 15 deletions(-) diff --git a/aide.conf b/aide.conf index 4a0c0b8..2deaa1b 100644 --- a/aide.conf +++ b/aide.conf @@ -52,8 +52,11 @@ report_url=stdout # These are the default rules. # +#ftype: file type +#fstype: file system type (Linux-only) #p: permissions -#i: inode: +#i: inode +#l: link name (symbolic links only) #n: number of links #u: user #g: group @@ -62,28 +65,50 @@ report_url=stdout #m: mtime #a: atime #c: ctime -#S: check for growing size #acl: Access Control Lists #selinux SELinux security context #xattrs: Extended file attributes -#md5: md5 checksum -#sha1: sha1 checksum +#e2fsattrs: file attributes on Linux file system +#caps: file capabilities (Linux-only) + +# Hashsums attributes (regular files only) #sha256: sha256 checksum #sha512: sha512 checksum -#rmd160: rmd160 checksum -#tiger: tiger checksum +#sha512_256: SHA-512 checksum truncated to 256 output bits +#sha3_256: SHA3-256 checksum (modern) +#sha3_512: SHA3-512 checksum (modern) +#stribog256: GOST R 34.11-2012, 256 bit +#stribog512: GOST R 34.11-2012, 512 bit -#haval: haval checksum (MHASH only) -#gost: gost checksum (MHASH only) -#crc32: crc32 checksum (MHASH only) -#whirlpool: whirlpool checksum (MHASH only) +# DEPRECATED (will be removed in future versions): +#md5: md5 checksum (deprecated since v0.19) +#sha1: sha1 checksum (deprecated since v0.19) +#rmd160: rmd160 checksum (deprecated since v0.19) +#gost: gost checksum (deprecated since v0.19) -FIPSR = p+i+n+u+g+s+m+c+acl+selinux+xattrs+sha256 +# REMOVED in AIDE v0.19: +#S: check for growing size (use 'growing+s' instead) +#tiger: tiger checksum (removed) +#haval: haval checksum (removed) +#crc32: crc32 checksum (removed) +#crc32b: crc32b checksum (removed) +#whirlpool: whirlpool checksum (removed) -#R: p+i+n+u+g+s+m+c+acl+selinux+xattrs+md5 -#L: p+i+n+u+g+acl+selinux+xattrs -#E: Empty group -#>: Growing logfile p+u+g+i+n+S+acl+selinux+xattrs +# Special attributes for advanced use cases: +#I: ignore changed filename - detects moved files by inode +#growing: ignore growing file size/timestamps for logs +#compressed: ignore compression - compares uncompressed content +#ANF: allow new files - new files ignored in report +#ARF: allow removed files - missing files ignored in report + +# Default groups in AIDE v0.19: +# R = p+ftype+i+l+n+u+g+s+m+c+sha3_256+X +# L = p+ftype+i+l+n+u+g+X +# > = Growing file p+ftype+l+u+g+i+n+s+growing+X +# H = all compiled in (and not deprecated) hashsums +# X = acl+selinux+xattrs+e2fsattrs+caps (if compiled in) +# E = Empty group +# Use 'aide --version' to list the default compound groups. # You can create custom rules like this. # With MHASH... From 7aad76e824e38aa8e4ce3ed520f3ce841e69d1af Mon Sep 17 00:00:00 2001 From: Cropi Date: Wed, 20 Aug 2025 08:33:36 +0200 Subject: [PATCH 45/58] Rebase to 0.19.2 Resolves: rhbz#2389391 Resolves: rhbz#2389389 CVE-2025-54389 CVE-2025-54409 --- .gitignore | 2 ++ aide.spec | 2 +- sources | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3d07290..ce1812d 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,5 @@ aide-0.14.tar.gz.asc /aide-0.18.8.tar.gz.asc /aide-0.19.1.tar.gz /aide-0.19.1.tar.gz.asc +/aide-0.19.2.tar.gz +/aide-0.19.2.tar.gz.asc diff --git a/aide.spec b/aide.spec index 9bd36bf..7b1c7a4 100644 --- a/aide.spec +++ b/aide.spec @@ -1,6 +1,6 @@ Summary: Intrusion detection environment Name: aide -Version: 0.19.1 +Version: 0.19.2 Release: %autorelease URL: https://github.com/aide/aide License: GPL-2.0-or-later diff --git a/sources b/sources index d46f6aa..0b47fd8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (aide-0.19.1.tar.gz) = 5f345458acdc79072b8293ea19a6846f2f7ab2eca36729ff1dc6fe06595a40f46af5aac57c8b02b4d144a4ad649b2a1d7f8e3bb216f0fa3d48a7023abf0029b1 -SHA512 (aide-0.19.1.tar.gz.asc) = d5bb3b8ec7dec229a01ae2e2588cc64caf9eaf2e9a71593c2d43662eb25f0afca9d955de7eeba13ca10dbe09f5b66e3b653ab018aa4c16f0531c368335b5e6de +SHA512 (aide-0.19.2.tar.gz) = 08506c2302e34794fa08a27caaa1e714ba736d46351c577234f2c3d2623ea82b243b3318061a369a46d6961a782f42fbb8edd42d1d4de6949e7fc30c87865830 +SHA512 (aide-0.19.2.tar.gz.asc) = ebc04f22a49ec6b378dca4930574edcd46919281297bc1d5e09f5839a6fab3a38762462b7d852a82b7045313f9c24208bfff49a561d8afd04e9116be7096169a From 920124928552faeaef5846b87f8f9dd5423b1011 Mon Sep 17 00:00:00 2001 From: Cropi Date: Thu, 7 Aug 2025 10:32:01 +0200 Subject: [PATCH 46/58] Refactor aide.conf --- aide.conf | 310 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 198 insertions(+), 112 deletions(-) diff --git a/aide.conf b/aide.conf index 2deaa1b..5953f6d 100644 --- a/aide.conf +++ b/aide.conf @@ -111,31 +111,29 @@ report_url=stdout # Use 'aide --version' to list the default compound groups. # You can create custom rules like this. -# With MHASH... -# ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32 -ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger -# Everything but access time (Ie. all changes) +# Note: Removed deprecated/removed hashsums (tiger, haval, crc32, crc32b, whirlpool, md5, sha1, rmd160, gost) +ALLXTRAHASHES = sha256+sha512+sha512_256+sha3_256+sha3_512+stribog256+stribog512 +# Everything but access time (Ie. all changes) - updated with modern hashsums EVERYTHING = R+ALLXTRAHASHES -# Sane, with multiple hashes -# NORMAL = R+rmd160+sha256+whirlpool -NORMAL = FIPSR+sha512 +# Base + sha512 (strong) +NORMAL = R+sha512 -# For directories, don't bother doing hashes -DIR = p+i+n+u+g+acl+selinux+xattrs +# Content only - added file type and strong hash +CONTENT = ftype+sha512 -# Access control only -PERMS = p+i+u+g+acl+selinux +# For directories, don't bother doing hashes - added file type and link name +DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs + +# Access control only - added file type and link name +PERMS = ftype+p+i+l+u+g+acl+selinux # Logfile are special, in that they often change LOG = > -# Just do sha256 and sha512 hashes -LSPP = FIPSR+sha512 - # Some files get updated automatically, so the inode/ctime/mtime change -# but we want to know when the data inside them changes -DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 +# but we want to know when the data inside them changes - updated with modern hash +DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 # Next decide what directories/files you want in the database. @@ -144,124 +142,215 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 /sbin NORMAL /lib NORMAL /lib64 NORMAL -/opt NORMAL +# Monitor /opt selectively to avoid noise from auto-updating applications +/opt CONTENT /usr NORMAL -/root NORMAL # These are too volatile !/usr/src !/usr/tmp +/root NORMAL +# Admins dot files constantly change, just check perms +/root/\..* PERMS +!/root/.xauth* + # Check only permissions, inode, user and group for /etc, but # cover some important files closely. /etc PERMS !/etc/mtab # Ignore backup files !/etc/.*~ -/etc/exports NORMAL -/etc/fstab NORMAL -/etc/passwd NORMAL -/etc/group NORMAL -/etc/gshadow NORMAL -/etc/shadow NORMAL -/etc/security/opasswd NORMAL -/etc/hosts.allow NORMAL -/etc/hosts.deny NORMAL +# trusted databases +/etc/hosts$ NORMAL +/etc/host.conf$ NORMAL +/etc/hostname$ NORMAL +/etc/issue$ NORMAL +/etc/issue.net$ NORMAL +/etc/protocols$ NORMAL +/etc/services$ NORMAL +/etc/localtime$ NORMAL +/etc/alternatives NORMAL +/etc/mime.types$ NORMAL +/etc/terminfo NORMAL +/etc/exports$ NORMAL +/etc/fstab$ NORMAL +/etc/passwd$ NORMAL +/etc/group$ NORMAL +/etc/gshadow$ NORMAL +/etc/shadow$ NORMAL +/etc/subgid$ NORMAL +/etc/subuid$ NORMAL +/etc/skel NORMAL +/etc/sssd NORMAL +/etc/swid NORMAL +/etc/system-release-cpe$ NORMAL +/etc/tmux.conf$ NORMAL +/etc/xattr.conf$ NORMAL -/etc/sudoers NORMAL -/etc/skel NORMAL +# networking +/etc/firewalld NORMAL +!/etc/NetworkManager/system-connections +/etc/NetworkManager NORMAL +/etc/networks$ NORMAL +/etc/dhcp NORMAL +/etc/wpa_supplicant NORMAL +/etc/resolv.conf$ DATAONLY +/etc/nscd.conf$ NORMAL -/etc/logrotate.d NORMAL - -/etc/resolv.conf DATAONLY - -/etc/nscd.conf NORMAL -/etc/securetty NORMAL +# logins and accounts +/etc/login.defs$ NORMAL +/etc/libuser.conf$ NORMAL +/var/log/faillog$ PERMS +/var/log/lastlog$ PERMS +/var/run/faillock PERMS +/etc/pam.d NORMAL +/etc/security NORMAL +/etc/securetty$ NORMAL +/etc/polkit-1 NORMAL +/etc/sudo.conf$ NORMAL +/etc/sudoers$ NORMAL +/etc/sudoers.d NORMAL # Shell/X starting files -/etc/profile NORMAL -/etc/bashrc NORMAL -/etc/bash_completion.d/ NORMAL -/etc/login.defs NORMAL -/etc/zprofile NORMAL -/etc/zshrc NORMAL -/etc/zlogin NORMAL -/etc/zlogout NORMAL -/etc/profile.d/ NORMAL -/etc/X11/ NORMAL +/etc/profile$ NORMAL +/etc/profile.d NORMAL +/etc/bashrc$ NORMAL +/etc/bash_completion.d NORMAL +/etc/zprofile$ NORMAL +/etc/zshrc$ NORMAL +/etc/zlogin$ NORMAL +/etc/zlogout$ NORMAL +/etc/X11 NORMAL +/etc/shells$ NORMAL # Pkg manager -/etc/yum.conf NORMAL -/etc/yumex.conf NORMAL -/etc/yumex.profiles.conf NORMAL -/etc/yum/ NORMAL -/etc/yum.repos.d/ NORMAL +/etc/dnf NORMAL +/etc/yum.repos.d NORMAL -/var/log LOG +# auditing +# AIDE produces an audit record, so this becomes perpetual motion. +/var/log/audit PERMS +/etc/audit NORMAL +/etc/libaudit.conf$ NORMAL +/etc/aide.conf$ NORMAL + +# System logs +/etc/rsyslog.conf$ NORMAL +/etc/rsyslog.d NORMAL +/etc/logrotate.conf$ NORMAL +/etc/logrotate.d NORMAL +/etc/systemd/journald.conf$ NORMAL +/var/log LOG+ANF+ARF /var/run/utmp LOG + +# secrets +/etc/pkcs11 NORMAL +/etc/pki NORMAL +/etc/ssl NORMAL +/etc/certmonger NORMAL +/var/lib/systemd/random-seed$ PERMS + +# init system +/etc/systemd NORMAL +/etc/sysconfig NORMAL +/etc/rc.d NORMAL +/etc/tmpfiles.d NORMAL +/etc/machine-id$ NORMAL + +# boot config +/etc/default NORMAL +/etc/grub.d NORMAL +/etc/grub2.cfg$ NORMAL +/etc/dracut.conf$ NORMAL +/etc/dracut.conf.d NORMAL + +# glibc linker +/etc/ld.so.cache$ NORMAL +/etc/ld.so.conf$ NORMAL +/etc/ld.so.conf.d NORMAL +/etc/ld.so.preload$ NORMAL + +# kernel config +/etc/sysctl.conf$ NORMAL +/etc/sysctl.d NORMAL +/etc/modprobe.d NORMAL +/etc/modules-load.d NORMAL +/etc/depmod.d NORMAL +/etc/udev NORMAL +/etc/crypttab$ NORMAL + +#### Daemons #### + +# cron jobs +/var/spool/at CONTENT +/etc/at.allow$ CONTENT +/etc/at.deny$ CONTENT +/etc/anacrontab$ NORMAL +/etc/cron.allow$ NORMAL +/etc/cron.deny$ NORMAL +/etc/cron.d NORMAL +/etc/cron.daily NORMAL +/etc/cron.hourly NORMAL +/etc/cron.monthly NORMAL +/etc/cron.weekly NORMAL +/etc/crontab$ NORMAL +/var/spool/cron/root CONTENT + +# time keeping +/etc/ntp.conf$ NORMAL +/etc/ntp NORMAL +/etc/chrony.conf$ NORMAL +/etc/chrony.keys$ NORMAL + +# mail +/etc/aliases$ NORMAL +/etc/aliases.db$ NORMAL +/etc/postfix NORMAL + +# ssh +/etc/ssh/sshd_config$ NORMAL +/etc/ssh/ssh_config$ NORMAL + +# stunnel +/etc/stunnel NORMAL + +# ftp +/etc/vsftpd CONTENT + +# printing +/etc/cups NORMAL +/etc/cupshelpers NORMAL +/etc/avahi NORMAL + +# web server +/etc/httpd NORMAL + +# dns +/etc/named NORMAL +/etc/named.conf$ NORMAL +/etc/named.iscdlv.key$ NORMAL +/etc/named.rfc1912.zones$ NORMAL +/etc/named.root.key$ NORMAL + +# xinetd +/etc/xinetd.conf$ NORMAL +/etc/xinetd.d NORMAL + +# IPsec +/etc/ipsec.conf$ NORMAL +/etc/ipsec.secrets$ NORMAL +/etc/ipsec.d NORMAL + +# USBGuard +/etc/usbguard NORMAL + # This gets new/removes-old filenames daily !/var/log/sa # As we are checking it, we've truncated yesterdays size to zero. !/var/log/aide.log -# LSPP rules... -# AIDE produces an audit record, so this becomes perpetual motion. -# /var/log/audit/ LSPP -/etc/audit/ LSPP -/etc/libaudit.conf LSPP -/usr/sbin/stunnel LSPP -/var/spool/at LSPP -/etc/at.allow LSPP -/etc/at.deny LSPP -/etc/cron.allow LSPP -/etc/cron.deny LSPP -/etc/cron.d/ LSPP -/etc/cron.daily/ LSPP -/etc/cron.hourly/ LSPP -/etc/cron.monthly/ LSPP -/etc/cron.weekly/ LSPP -/etc/crontab LSPP -/var/spool/cron/root LSPP - -/etc/login.defs LSPP -/etc/securetty LSPP -/var/log/faillog LSPP -/var/log/lastlog LSPP - -/etc/hosts LSPP -/etc/sysconfig LSPP - -/etc/inittab LSPP -/etc/grub/ LSPP -/etc/rc.d LSPP - -/etc/ld.so.conf LSPP - -/etc/localtime LSPP - -/etc/sysctl.conf LSPP - -/etc/modprobe.conf LSPP - -/etc/pam.d LSPP -/etc/security LSPP -/etc/aliases LSPP -/etc/postfix LSPP - -/etc/ssh/sshd_config LSPP -/etc/ssh/ssh_config LSPP - -/etc/stunnel LSPP - -/etc/vsftpd.ftpusers LSPP -/etc/vsftpd LSPP - -/etc/issue LSPP -/etc/issue.net LSPP - -/etc/cups LSPP - # With AIDE's default verbosity level of 5, these would give lots of # warnings upon tree traversal. It might change with future version. # @@ -269,7 +358,4 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256 #=/home DIR # Ditto /var/log/sa reason... -!/var/log/and-httpd - -# Admins dot files constantly change, just check perms -/root/\..* PERMS +!/var/log/httpd \ No newline at end of file From 8a1c97dba18c69ab61d4de8bacc5c915a65aab0c Mon Sep 17 00:00:00 2001 From: Cropi Date: Wed, 17 Sep 2025 11:26:30 +0200 Subject: [PATCH 47/58] Replace ntp with chrony config files --- aide.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/aide.conf b/aide.conf index 5953f6d..799961f 100644 --- a/aide.conf +++ b/aide.conf @@ -299,8 +299,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 /var/spool/cron/root CONTENT # time keeping -/etc/ntp.conf$ NORMAL -/etc/ntp NORMAL /etc/chrony.conf$ NORMAL /etc/chrony.keys$ NORMAL From 9566357ccc7dbebd709f0005b241bfaae1e5024f Mon Sep 17 00:00:00 2001 From: Cropi Date: Wed, 17 Sep 2025 11:29:15 +0200 Subject: [PATCH 48/58] Remove deprecated config file /etc/nscd.conf https://fedoraproject.org/wiki/Changes/RemoveNSCD --- aide.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/aide.conf b/aide.conf index 799961f..e698ac6 100644 --- a/aide.conf +++ b/aide.conf @@ -196,7 +196,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 /etc/dhcp NORMAL /etc/wpa_supplicant NORMAL /etc/resolv.conf$ DATAONLY -/etc/nscd.conf$ NORMAL # logins and accounts /etc/login.defs$ NORMAL From d25ee9c7642ff575917aedbc5f977fdeff047ac8 Mon Sep 17 00:00:00 2001 From: Cropi Date: Mon, 22 Sep 2025 16:19:04 +0200 Subject: [PATCH 49/58] Adjust /var/log/journal monitoring in default config file By default, log files are expected to grow but persistent journal files are not handled correctly. The persistent journal is stored in /var/log/journal, hence fall into LOG rule.Unfortunately since some version of Fedora, the journal files get an extended attribute user.crtime_usec which updates when the file rotates. Make sure to leave this out from the report. --- aide.conf | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/aide.conf b/aide.conf index e698ac6..da4cbb5 100644 --- a/aide.conf +++ b/aide.conf @@ -128,8 +128,10 @@ DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs # Access control only - added file type and link name PERMS = ftype+p+i+l+u+g+acl+selinux -# Logfile are special, in that they often change -LOG = > +# Logfiles are special, in that they often change +# Don't track inodes (-i) since log rotation creates new files with different inodes +# Allow new files (ANF) and allow removed files (ARF) due to log rotation techniques +LOG = >+ANF+ARF-i # Some files get updated automatically, so the inode/ctime/mtime change # but we want to know when the data inside them changes - updated with modern hash @@ -234,13 +236,18 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 /etc/libaudit.conf$ NORMAL /etc/aide.conf$ NORMAL -# System logs +# System logs with proper logrotate handling /etc/rsyslog.conf$ NORMAL /etc/rsyslog.d NORMAL /etc/logrotate.conf$ NORMAL /etc/logrotate.d NORMAL /etc/systemd/journald.conf$ NORMAL -/var/log LOG+ANF+ARF + +# Log directory +/var/log LOG +# Journal files - exclude xattrs due to systemd journal's user.crtime_usec extended attribute changes +/var/log/journal LOG-xattrs + /var/run/utmp LOG From c9baefb29993343e1dc03a55663aac2f518d902f Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 23 Sep 2025 08:46:09 +0200 Subject: [PATCH 50/58] Add .rpmlintrc file --- aide.rpmlintrc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 aide.rpmlintrc diff --git a/aide.rpmlintrc b/aide.rpmlintrc new file mode 100644 index 0000000..67d2667 --- /dev/null +++ b/aide.rpmlintrc @@ -0,0 +1,15 @@ +# RPMlint configuration for aide package +# These warnings are expected and intentional for security reasons + +# AIDE log directory has restricted permissions (700) for security +# Log files may contain sensitive security information +addFilter("aide.* non-standard-dir-perm /var/log/aide 700") + +# AIDE configuration file has restricted permissions (600) for security +# Configuration reveals what files/directories are monitored +addFilter("aide.* non-readable /etc/aide.conf 600") + +# FSF address in COPYING file is outdated - this is an upstream issue +# The license text contains the old FSF address format +addFilter("aide.* incorrect-fsf-address /usr/share/licenses/aide/COPYING") + From 32855bb23585027061c8b289466e796eb662ce82 Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 23 Sep 2025 11:08:10 +0200 Subject: [PATCH 51/58] Update LOG in config file --- aide.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/aide.conf b/aide.conf index da4cbb5..bf7e66b 100644 --- a/aide.conf +++ b/aide.conf @@ -130,8 +130,9 @@ PERMS = ftype+p+i+l+u+g+acl+selinux # Logfiles are special, in that they often change # Don't track inodes (-i) since log rotation creates new files with different inodes +# Don't track size (-s) since log rotation causes size decreases that we don't care about # Allow new files (ANF) and allow removed files (ARF) due to log rotation techniques -LOG = >+ANF+ARF-i +LOG = >+ANF+ARF-i-s # Some files get updated automatically, so the inode/ctime/mtime change # but we want to know when the data inside them changes - updated with modern hash From 2ed6802a1a5f0554427a3e18d0f1cf453b310041 Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 23 Sep 2025 11:51:37 +0200 Subject: [PATCH 52/58] Do not include mtime/ctime in regular files --- aide.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aide.conf b/aide.conf index bf7e66b..c8ed75d 100644 --- a/aide.conf +++ b/aide.conf @@ -117,7 +117,7 @@ ALLXTRAHASHES = sha256+sha512+sha512_256+sha3_256+sha3_512+stribog256+stribog512 EVERYTHING = R+ALLXTRAHASHES # Base + sha512 (strong) -NORMAL = R+sha512 +NORMAL = R+sha512-m-c # Content only - added file type and strong hash CONTENT = ftype+sha512 From 5634fe32368d43da2a5aec91fa7691cae1048e05 Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 23 Sep 2025 12:17:43 +0200 Subject: [PATCH 53/58] Adjust ordering of /root files --- aide.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aide.conf b/aide.conf index c8ed75d..5ea17ef 100644 --- a/aide.conf +++ b/aide.conf @@ -152,10 +152,10 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 !/usr/src !/usr/tmp -/root NORMAL # Admins dot files constantly change, just check perms /root/\..* PERMS !/root/.xauth* +/root NORMAL # Check only permissions, inode, user and group for /etc, but # cover some important files closely. From 307529a5874a6219b5b513d32eeac5c7d919aea1 Mon Sep 17 00:00:00 2001 From: Cropi Date: Tue, 23 Sep 2025 14:59:21 +0200 Subject: [PATCH 54/58] Do not monitor acl on /var/log/journal --- aide.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aide.conf b/aide.conf index 5ea17ef..da9d00d 100644 --- a/aide.conf +++ b/aide.conf @@ -247,7 +247,7 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 # Log directory /var/log LOG # Journal files - exclude xattrs due to systemd journal's user.crtime_usec extended attribute changes -/var/log/journal LOG-xattrs +/var/log/journal LOG-xattrs-acl /var/run/utmp LOG From 8479fabb2f09bb8aace92132692fc616aa3e039f Mon Sep 17 00:00:00 2001 From: Cropi Date: Wed, 24 Sep 2025 08:16:59 +0200 Subject: [PATCH 55/58] Accomodate for constantly changing log files Many log files constantly change, especially if those are rotated. Many of those files have changing xattrs, e2fsattrs, caps and acl(s). So let's not monitor them, unless there will be many false positives. --- aide.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/aide.conf b/aide.conf index da9d00d..8524225 100644 --- a/aide.conf +++ b/aide.conf @@ -128,11 +128,11 @@ DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs # Access control only - added file type and link name PERMS = ftype+p+i+l+u+g+acl+selinux -# Logfiles are special, in that they often change -# Don't track inodes (-i) since log rotation creates new files with different inodes -# Don't track size (-s) since log rotation causes size decreases that we don't care about +# Logfiles are special, in that they often change due to log rotation +# Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes # Allow new files (ANF) and allow removed files (ARF) due to log rotation techniques -LOG = >+ANF+ARF-i-s +# Don't track: size, inodes, timestamps, checksums and some special attributes (these change frequently with log rotation) +LOG = p+ftype+u+g+n+ANF+ARF+selinux+xattrs # Some files get updated automatically, so the inode/ctime/mtime change # but we want to know when the data inside them changes - updated with modern hash @@ -247,7 +247,7 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 # Log directory /var/log LOG # Journal files - exclude xattrs due to systemd journal's user.crtime_usec extended attribute changes -/var/log/journal LOG-xattrs-acl +/var/log/journal LOG-xattrs /var/run/utmp LOG From c4ba6e2926d7a55448a3f619b2a73d7ad6bf220e Mon Sep 17 00:00:00 2001 From: Cropi Date: Thu, 9 Oct 2025 09:42:32 +0200 Subject: [PATCH 56/58] Add explanatory comment for /boot/grub2/grubenv exclusion Document why /boot/grub2/grubenv is excluded from AIDE monitoring. The file's timestamp gets modified continuously due to the "boot_success" implementation, which would cause unnecessary noise in security monitoring reports. Do not monitor link count in /var/log/journal --- aide.conf | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/aide.conf b/aide.conf index 8524225..0ec4c0c 100644 --- a/aide.conf +++ b/aide.conf @@ -246,8 +246,9 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 # Log directory /var/log LOG -# Journal files - exclude xattrs due to systemd journal's user.crtime_usec extended attribute changes -/var/log/journal LOG-xattrs +# Journal files - exclude xattrs and link count due to systemd journal's user.crtime_usec extended attribute changes and new directory creation +/var/log/journal LOG-xattrs-n + /var/run/utmp LOG @@ -363,4 +364,7 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 #=/home DIR # Ditto /var/log/sa reason... -!/var/log/httpd \ No newline at end of file +!/var/log/httpd +# /boot/grub2/grubenv's timestamp is getting modified continuously due to "boot_success" implementation +!/boot/grub2/grubenv + From 9a67d750d4f88a2eebd7f6e944e25f6de0bf2d4b Mon Sep 17 00:00:00 2001 From: Cropi Date: Thu, 16 Oct 2025 09:46:00 +0200 Subject: [PATCH 57/58] Adjust default config to avoid false positives in /etc --- aide.conf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/aide.conf b/aide.conf index 0ec4c0c..56ba1da 100644 --- a/aide.conf +++ b/aide.conf @@ -126,7 +126,7 @@ CONTENT = ftype+sha512 DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs # Access control only - added file type and link name -PERMS = ftype+p+i+l+u+g+acl+selinux +PERMS = ftype+p+u+g+acl+selinux+xattrs # Logfiles are special, in that they often change due to log rotation # Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes @@ -159,7 +159,6 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 # Check only permissions, inode, user and group for /etc, but # cover some important files closely. -/etc PERMS !/etc/mtab # Ignore backup files !/etc/.*~ @@ -352,6 +351,9 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256 # USBGuard /etc/usbguard NORMAL +# Now everything else +/etc PERMS + # This gets new/removes-old filenames daily !/var/log/sa # As we are checking it, we've truncated yesterdays size to zero. From 3b76bcd11a6bf80bfcfb0904ee45de2e3d9e79b6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 16 Jan 2026 03:31:38 +0000 Subject: [PATCH 58/58] Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild