diff --git a/aide-0.13.1-libgrypt-init.patch b/aide-0.13.1-libgrypt-init.patch new file mode 100644 index 0000000..b6794fc --- /dev/null +++ b/aide-0.13.1-libgrypt-init.patch @@ -0,0 +1,41 @@ +diff -urp aide-0.13.1.orig/doc/aide.1.in aide-0.13.1/doc/aide.1.in +--- aide-0.13.1.orig/doc/aide.1.in 2009-12-01 12:23:10.000000000 -0500 ++++ aide-0.13.1/doc/aide.1.in 2009-12-01 12:28:14.000000000 -0500 +@@ -67,6 +67,7 @@ conditions: + .IP "16 Unimplemented function error" + .IP "17 Invalid configureline error" + .IP "18 IO error" ++.IP "19 Version mismatch error" + .PP + .SH NOTES + Please note that due to mmap issues, aide cannot be terminated with +diff -urp aide-0.13.1.orig/include/report.h aide-0.13.1/include/report.h +--- aide-0.13.1.orig/include/report.h 2009-12-01 12:23:10.000000000 -0500 ++++ aide-0.13.1/include/report.h 2009-12-01 12:27:43.000000000 -0500 +@@ -31,6 +31,7 @@ + #define UNIMPLEMENTED_FUNCTION_ERROR 16 + #define INVALID_CONFIGURELINE_ERROR 17 + #define IO_ERROR 18 ++#define VERSION_MISMATCH_ERROR 19 + + /* Errorcodes */ + #define HASH_ALGO_ERROR 30 +diff -urp aide-0.13.1.orig/src/md.c aide-0.13.1/src/md.c +--- aide-0.13.1.orig/src/md.c 2009-12-01 12:23:10.000000000 -0500 ++++ aide-0.13.1/src/md.c 2009-12-01 12:27:04.000000000 -0500 +@@ -201,6 +201,15 @@ int init_md(struct md_container* md) { + #endif + #ifdef WITH_GCRYPT + error(255,"Gcrypt library initialization\n"); ++ /* ++ Initialize libgcrypt as per ++ http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html ++ */ ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); diff --git a/aide-0.14-abort.patch b/aide-0.14-abort.patch new file mode 100644 index 0000000..80f2699 --- /dev/null +++ b/aide-0.14-abort.patch @@ -0,0 +1,97 @@ +diff -urp aide.orig/src/commandconf.c aide/src/commandconf.c +--- aide.orig/src/commandconf.c 2010-04-28 11:17:07.000000000 -0400 ++++ aide/src/commandconf.c 2010-04-28 11:19:12.000000000 -0400 +@@ -216,7 +216,7 @@ int conf_input_wrapper(char* buf, int ma + MHASH_FAILED){ + error(0, "mhash_hmac_init() failed for %i for config check. Aborting\n", + conf->confhmactype); +- abort(); ++ exit(EXIT_FAILURE); + } + } else { + conf->do_configmd=0; +@@ -341,7 +341,7 @@ int db_input_wrapper(char* buf, int max_ + if(c==-1) { + int xx; + error(0,"Error reading gzipped file: %s\n",gzerror(*db_gzp,&xx)); +- abort(); ++ exit(EXIT_FAILURE); + } + }else { + /* False alarm */ +@@ -377,7 +377,7 @@ int db_input_wrapper(char* buf, int max_ + mhash_get_hash_pblock(conf->dbhmactype)))== + MHASH_FAILED){ + error(0, "mhash_hmac_init() failed for db check. Aborting\n"); +- abort(); ++ exit(EXIT_FAILURE); + } + } else { + *domd=0; +diff -urp aide.orig/src/compare_db.c aide/src/compare_db.c +--- aide.orig/src/compare_db.c 2010-04-28 11:17:07.000000000 -0400 ++++ aide/src/compare_db.c 2010-04-28 11:20:15.000000000 -0400 +@@ -1025,7 +1025,7 @@ void init_rxlst(list* rxlst) + + if (data==NULL){ + error(0,_("Not enough memory for regexpr compile... exiting..\n")); +- abort(); ++ exit(EXIT_FAILURE); + } + + strcpy(data+1,((rx_rule*)r->data)->rx); +diff -urp aide.orig/src/db.c aide/src/db.c +--- aide.orig/src/db.c 2010-04-28 11:17:07.000000000 -0400 ++++ aide/src/db.c 2010-04-28 11:21:02.000000000 -0400 +@@ -382,7 +382,7 @@ db_line* db_char2line(char** ss,int db){ + line->filename=strdup(ss[(*db_order)[i]]); + } else { + error(0,"db_char2line():Error while reading database\n"); +- abort(); ++ exit(EXIT_FAILURE); + } + break; + } +diff -urp aide.orig/src/list.c aide/src/list.c +--- aide.orig/src/list.c 2010-04-28 11:17:07.000000000 -0400 ++++ aide/src/list.c 2010-04-28 11:22:45.000000000 -0400 +@@ -47,7 +47,7 @@ + + + /* +- * Some way to handle mallocs failure would be nice. Now it say abort(). ++ * Some way to handle mallocs failure would be nice. + */ + + list* list_append(list* listp,void*data) +@@ -57,7 +57,7 @@ list* list_append(list* listp,void*data) + + if (newitem==NULL) { + error(0,"Not enough memory to add a new item to list.\n"); +- abort(); ++ exit(EXIT_FAILURE); + } + + if(listp==NULL){ +@@ -65,7 +65,7 @@ list* list_append(list* listp,void*data) + + if (header==NULL){ + error(0,"Not enough memory for list header allocation\n"); +- abort(); ++ exit(EXIT_FAILURE); + } + + newitem->data=data; +diff -urp aide.orig/src/util.c aide/src/util.c +--- aide.orig/src/util.c 2010-04-28 11:17:07.000000000 -0400 ++++ aide/src/util.c 2010-04-28 11:21:49.000000000 -0400 +@@ -332,8 +332,7 @@ void sig_handler(int signum) + conf->catch_mmap=0; + } else { + error(0,"Caught SIGBUS/SEGV. Exiting\n"); +- abort(); +- exit(1); ++ exit(EXIT_FAILURE); + } + break; + } diff --git a/aide.spec b/aide.spec index 057a5cc..c6c3f0f 100644 --- a/aide.spec +++ b/aide.spec @@ -4,7 +4,7 @@ Summary: Intrusion detection environment Name: aide Version: 0.14 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://sourceforge.net/projects/aide License: GPLv2+ Group: Applications/System @@ -14,6 +14,8 @@ Source2: README.quickstart Source3: aide.logrotate # Customize the database file location in the man page. Patch1: aide-0.14-man.patch +Patch2: aide-0.13.1-libgrypt-init.patch +Patch3: aide-0.14-abort.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) BuildRequires: mktemp BuildRequires: prelink elfutils-libelf-devel @@ -36,6 +38,8 @@ checker and intrusion detection program. %prep %setup -q %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build %configure --with-config_file=%{_sysconfdir}/aide.conf \ @@ -81,6 +85,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Apr 28 2010 Steve Grubb - 0.14-2 +- Fix bz 574764 by replacing abort calls with exit +- Apply libgcrypt init patch + * Tue Mar 16 2010 Steve Grubb - 0.14-1 - New upstream release final 0.14