From cb55545c6a62222533bbe065e33b9c790d92fd15 Mon Sep 17 00:00:00 2001 From: Daniel Kopecek Date: Jul 12 2016 12:34:10 +0000 Subject: New upstream devel version --- diff --git a/.gitignore b/.gitignore index 266719d..10dd52a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ aide-0.14.tar.gz aide-0.14.tar.gz.asc /aide-0.15.1.tar.gz /aide-0.15.1.tar.gz.asc +/aide-0.16b1.tar.gz diff --git a/aide-0.14-man.patch b/aide-0.14-man.patch deleted file mode 100644 index 8192636..0000000 --- a/aide-0.14-man.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ur aide.orig/doc/aide.1.in aide/doc/aide.1.in ---- aide.orig/doc/aide.1.in 2010-02-24 13:53:49.000000000 -0500 -+++ aide/doc/aide.1.in 2010-02-24 13:57:44.000000000 -0500 -@@ -75,9 +75,9 @@ - .SH FILES - .B @sysconfdir@/aide.conf - Default aide configuration file. --.B @sysconfdir@/aide.db -+.B @localstatedir@/lib/aide.db - Default aide database. --.B @sysconfdir@/aide.db.new -+.B @localstatedir@/lib/aide.db.new - Default aide output database. - .SH SEE ALSO - .BR aide.conf (5) diff --git a/aide-0.15.1-fipsfix.patch b/aide-0.15.1-fipsfix.patch deleted file mode 100644 index 2b80c39..0000000 --- a/aide-0.15.1-fipsfix.patch +++ /dev/null @@ -1,103 +0,0 @@ -diff -up aide-0.15.1/src/aide.c.fipsfix aide-0.15.1/src/aide.c ---- aide-0.15.1/src/aide.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 -+++ aide-0.15.1/src/aide.c 2012-11-22 16:59:45.378713818 +0100 -@@ -484,9 +484,28 @@ int main(int argc,char**argv) - #endif - umask(0177); - init_sighandler(); -- - setdefaults_before_config(); - -+#if WITH_GCRYPT -+ error(255,"Gcrypt library initialization\n"); -+ /* -+ * Initialize libgcrypt as per -+ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html -+ * -+ * -+ */ -+ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); -+ gcry_control(GCRYCTL_INIT_SECMEM, 1); -+ -+ if(!gcry_check_version(GCRYPT_VERSION)) { -+ error(0,"libgcrypt version mismatch\n"); -+ exit(VERSION_MISMATCH_ERROR); -+ } -+ -+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -+#endif /* WITH_GCRYPT */ -+ -+ - if(read_param(argc,argv)==RETFAIL){ - error(0, _("Invalid argument\n") ); - exit(INVALID_ARGUMENT_ERROR); -@@ -641,6 +660,9 @@ int main(int argc,char**argv) - } - #endif - } -+#ifdef WITH_GCRYPT -+ gcry_control(GCRYCTL_TERM_SECMEM, 0); -+#endif /* WITH_GCRYPT */ - return RETOK; - } - const char* aide_key_3=CONFHMACKEY_03; -diff -up aide-0.15.1/src/md.c.fipsfix aide-0.15.1/src/md.c ---- aide-0.15.1/src/md.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 -+++ aide-0.15.1/src/md.c 2012-11-22 16:59:33.166673632 +0100 -@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { - } - #endif - #ifdef WITH_GCRYPT -- error(255,"Gcrypt library initialization\n"); -- if(!gcry_check_version(GCRYPT_VERSION)) { -- error(0,"libgcrypt version mismatch\n"); -- exit(VERSION_MISMATCH_ERROR); -- } -- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); -- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); -- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ -+ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ - error(0,"gcrypt_md_open failed\n"); - exit(IO_ERROR); - } -@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { - - /*. There might be more hashes in the library. Add those here.. */ - -- gcry_md_reset(md->mdh); -+ gcry_md_close(md->mdh); - #endif - - #ifdef WITH_MHASH -diff -up aide-0.15.1/src/util.c.fipsfix aide-0.15.1/src/util.c ---- aide-0.15.1/src/util.c.fipsfix 2010-08-08 19:39:31.000000000 +0200 -+++ aide-0.15.1/src/util.c 2012-11-22 16:59:33.166673632 +0100 -@@ -494,28 +494,5 @@ int syslog_facility_lookup(char *s) - return(AIDE_SYSLOG_FACILITY); - } - --/* We need these dummy stubs to fool the linker into believing that -- we do not need them at link time */ -- --void* dlopen(char*filename,int flag) --{ -- return NULL; --} -- --void* dlsym(void*handle,char*symbol) --{ -- return NULL; --} -- --void* dlclose(void*handle) --{ -- return NULL; --} -- --const char* dlerror(void) --{ -- return NULL; --} -- - const char* aide_key_2=CONFHMACKEY_02; - const char* db_key_2=DBHMACKEY_02; diff --git a/aide-0.15.1-format-security.patch b/aide-0.15.1-format-security.patch deleted file mode 100644 index e7a10b0..0000000 --- a/aide-0.15.1-format-security.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/src/db_file.c -+++ b/src/db_file.c -@@ -702,7 +702,7 @@ int db_write_byte_base64(byte*data,size_t len,FILE* file,int i, - } - - if(tmpstr){ -- retval=dofprintf(tmpstr); -+ retval=dofprintf("%s",tmpstr); - free(tmpstr); - return retval; - }else { -@@ -741,7 +741,7 @@ int db_write_time_base64(time_t i,FILE* file,int a) - - - tmpstr=encode_base64((byte *)ptr,strlen(ptr)); -- retval=dofprintf(tmpstr); -+ retval=dofprintf("%s",tmpstr); - free(tmpstr); - free(ptr); - diff --git a/aide-0.16b1-fipsfix.patch b/aide-0.16b1-fipsfix.patch new file mode 100644 index 0000000..434d74e --- /dev/null +++ b/aide-0.16b1-fipsfix.patch @@ -0,0 +1,103 @@ +diff -up ./src/aide.c.orig ./aide-0.16b1/src/aide.c +--- ./src/aide.c.orig 2016-07-12 11:10:08.013158385 +0200 ++++ ./src/aide.c 2016-07-12 11:30:54.867833064 +0200 +@@ -511,9 +511,28 @@ int main(int argc,char**argv) + #endif + umask(0177); + init_sighandler(); +- + setdefaults_before_config(); + ++#if WITH_GCRYPT ++ error(255,"Gcrypt library initialization\n"); ++ /* ++ * Initialize libgcrypt as per ++ * http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html ++ * ++ * ++ */ ++ gcry_control(GCRYCTL_SET_ENFORCED_FIPS_FLAG, 0); ++ gcry_control(GCRYCTL_INIT_SECMEM, 1); ++ ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); ++#endif /* WITH_GCRYPT */ ++ ++ + if(read_param(argc,argv)==RETFAIL){ + error(0, _("Invalid argument\n") ); + exit(INVALID_ARGUMENT_ERROR); +@@ -646,6 +665,9 @@ int main(int argc,char**argv) + } + #endif + } ++#ifdef WITH_GCRYPT ++ gcry_control(GCRYCTL_TERM_SECMEM, 0); ++#endif /* WITH_GCRYPT */ + return RETOK; + } + const char* aide_key_3=CONFHMACKEY_03; +diff -up ./src/md.c.orig ./aide-0.16b1/src/md.c +--- ./src/md.c.orig 2016-04-15 23:30:16.000000000 +0200 ++++ ./src/md.c 2016-07-12 11:35:04.007675329 +0200 +@@ -201,14 +201,7 @@ int init_md(struct md_container* md) { + } + #endif + #ifdef WITH_GCRYPT +- error(255,"Gcrypt library initialization\n"); +- if(!gcry_check_version(GCRYPT_VERSION)) { +- error(0,"libgcrypt version mismatch\n"); +- exit(VERSION_MISMATCH_ERROR); +- } +- gcry_control(GCRYCTL_DISABLE_SECMEM, 0); +- gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); +- if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ ++ if(gcry_md_open(&md->mdh,0,GCRY_MD_FLAG_SECURE)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); + } +@@ -299,7 +292,7 @@ int close_md(struct md_container* md) { + + /*. There might be more hashes in the library. Add those here.. */ + +- gcry_md_reset(md->mdh); ++ gcry_md_close(md->mdh); + #endif + + #ifdef WITH_MHASH +diff -up ./src/util.c.orig ./aide-0.16b1/src/util.c +--- ./src/util.c.orig 2016-07-12 11:39:17.023437355 +0200 ++++ ./src/util.c 2016-07-12 11:39:51.618721157 +0200 +@@ -519,28 +519,5 @@ int syslog_facility_lookup(char *s) + return(AIDE_SYSLOG_FACILITY); + } + +-/* We need these dummy stubs to fool the linker into believing that +- we do not need them at link time */ +- +-void* dlopen(char*filename,int flag) +-{ +- return NULL; +-} +- +-void* dlsym(void*handle,char*symbol) +-{ +- return NULL; +-} +- +-void* dlclose(void*handle) +-{ +- return NULL; +-} +- +-const char* dlerror(void) +-{ +- return NULL; +-} +- + const char* aide_key_2=CONFHMACKEY_02; + const char* db_key_2=DBHMACKEY_02; diff --git a/aide-0.16b1-man.patch b/aide-0.16b1-man.patch new file mode 100644 index 0000000..f1bcfd3 --- /dev/null +++ b/aide-0.16b1-man.patch @@ -0,0 +1,15 @@ +diff -up ./doc/aide.1.in.origman ./doc/aide.1.in +--- ./doc/aide.1.in.origman 2016-07-12 11:50:49.859083100 +0200 ++++ ./doc/aide.1.in 2016-07-12 11:49:20.191333852 +0200 +@@ -88,9 +88,9 @@ echo | base64 \-d | h + .SH FILES + .IP \fB@sysconfdir@/aide.conf\fR + Default aide configuration file. +-.IP \fB@sysconfdir@/aide.db\fR ++.IP \fB@localstatedir@/lib/aide/aide.db\fR + Default aide database. +-.IP \fB@sysconfdir@/aide.db.new\fR ++.IP \fB@localstatedir@/lib/aide/aide.db.new\fR + Default aide output database. + .SH SEE ALSO + .BR aide.conf (5) diff --git a/aide.spec b/aide.spec index d76c113..88434fc 100644 --- a/aide.spec +++ b/aide.spec @@ -3,21 +3,19 @@ Summary: Intrusion detection environment Name: aide -Version: 0.15.1 -Release: 12%{?dist} +Version: 0.16 +Release: 0.1.b1%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ Group: Applications/System -Source0: http://downloads.sourceforge.net/aide/aide-%{version}.tar.gz +Source0: https://sourceforge.net/projects/aide/files/devel/0.16b1/aide-0.16b1.tar.gz Source1: aide.conf Source2: README.quickstart Source3: aide.logrotate # Customize the database file location in the man page. -Patch1: aide-0.14-man.patch +Patch1: aide-0.16b1-man.patch # fix aide in FIPS mode -Patch2: aide-0.15.1-fipsfix.patch -# -Werror=format-security -Patch3: aide-0.15.1-format-security.patch +Patch2: aide-0.16b1-fipsfix.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) BuildRequires: mktemp BuildRequires: elfutils-libelf-devel @@ -39,10 +37,10 @@ checker and intrusion detection program. %prep -%setup -q +%setup -q -n %{name}-%{version}b1 %patch1 -p1 -b .man %patch2 -p1 -b .fipsfix -%patch3 -p1 -b .format + %build %configure --with-config_file=%{_sysconfdir}/aide.conf \ @@ -90,6 +88,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Jun 20 2016 Tomas Sykora - 0.16-0.1.b1 +- New upstream devel version + * Wed Feb 03 2016 Fedora Release Engineering - 0.15.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild diff --git a/sources b/sources index cea29b0..6009c9b 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -d0b72535ff68b93a648e4d08b0ed7f07 aide-0.15.1.tar.gz -aa8e08c35c13786b2abb3afe6e6a8024 aide-0.15.1.tar.gz.asc +8ab56524e8ca4dd67f1e8cee30e32424 aide-0.16b1.tar.gz