From 4bffb60ea7ca4243418407f5fa20a72f7d24335a926d3d74ddde7a3ea086298c Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 24 Feb 2023 07:41:23 +0000 Subject: [PATCH] Accepting request 1067470 from home:pperego:branches:security - Update to 0.18 - Rename aide-0.17.3-as-needed.patch to and rebase aide-0.18-as-needed.patch - Added autoconf and autoconf-archive as building dependencies due to an error when reconfiguring the source - Rebase aide-xattr-in-libc.patch OBS-URL: https://build.opensuse.org/request/show/1067470 OBS-URL: https://build.opensuse.org/package/show/security/aide?expand=0&rev=49 --- aide-0.17.3-as-needed.patch | 11 -- aide-0.17.4.tar.gz | 3 - aide-0.17.4.tar.gz.asc | 14 --- aide-0.18-as-needed.patch | 12 ++ aide-0.18.tar.gz | 3 + aide-0.18.tar.gz.asc | 14 +++ aide-xattr-in-libc.patch | 225 ++++++++++++++++++++++++++++++++---- aide.changes | 32 +++-- aide.spec | 8 +- 9 files changed, 254 insertions(+), 68 deletions(-) delete mode 100644 aide-0.17.3-as-needed.patch delete mode 100644 aide-0.17.4.tar.gz delete mode 100644 aide-0.17.4.tar.gz.asc create mode 100644 aide-0.18-as-needed.patch create mode 100644 aide-0.18.tar.gz create mode 100644 aide-0.18.tar.gz.asc diff --git a/aide-0.17.3-as-needed.patch b/aide-0.17.3-as-needed.patch deleted file mode 100644 index b4e0a3e..0000000 --- a/aide-0.17.3-as-needed.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- aide-0.17.3/Makefile.am.orig 2021-02-24 12:03:16.648845473 +0100 -+++ aide-0.17.3/Makefile.am 2021-02-24 12:03:57.336978950 +0100 -@@ -59,7 +59,7 @@ - aide_SOURCES += include/fopen.h src/fopen.c - endif - --aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CAPLIB@ ${CURL_LIBS} -+aide_LDADD = -lm @LDFLAGS@ @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CAPLIB@ ${CURL_LIBS} - - if HAVE_CHECK - TESTS = check_aide diff --git a/aide-0.17.4.tar.gz b/aide-0.17.4.tar.gz deleted file mode 100644 index fc7748c..0000000 --- a/aide-0.17.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846 -size 331783 diff --git a/aide-0.17.4.tar.gz.asc b/aide-0.17.4.tar.gz.asc deleted file mode 100644 index bf05fb3..0000000 --- a/aide-0.17.4.tar.gz.asc +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAmHocOsACgkQGO6GOGAi -71di5Av9H7Iy6hWGNzv/GBxXR44+dD/dzNI1f1rQ/fHAxANVqj15pLRvGANR3r78 -XOm1t+UsyJLHuRImE33GGcyALYqqOaPn+qaiqR2gLTZzy3n2wJf+Jg7VsTgUMAX0 -VeCrCgae4tG4py3+/o35cf553tJf8cr62NEQpWM5Zeoqlv/m7N725/miirjqgoWL -w9/KQJPrBRvHZZFSs+P1TT+BSy8VUJOjtVXKTR3dPq+moncRZ1TEsRAgqwTbvgPd -GNQgLMlyUcex5oMLZC6Hpulx8nDhrougT1vMf0Nh8xTwJIXg4Mx+lsBazsdULD7b -WC1C5360EtsIcwdbuf2IrjKsQnXPlTcv4ya+u1y0DXGg9aA4GTngdF6lplOX4/hw -VWnOccMiUeNJ3lKp/S/ri/32RXcdYZznmOT4OhNETfxFtXv/EoeKs4DIzDFWSy/a -GAiwYHEJgpA9v+fAXTTWHVN8CWxWbac/Lhvf4o34XclLO22GzJzgNjsS3BGu521f -FrsCM5Ys -=K19s ------END PGP SIGNATURE----- diff --git a/aide-0.18-as-needed.patch b/aide-0.18-as-needed.patch new file mode 100644 index 0000000..a838f85 --- /dev/null +++ b/aide-0.18-as-needed.patch @@ -0,0 +1,12 @@ +diff --color -ruN aide-0.18.ori/Makefile.am aide-0.18/Makefile.am +--- aide-0.18.ori/Makefile.am 2023-02-06 22:06:50.000000000 +0100 ++++ aide-0.18/Makefile.am 2023-02-23 17:49:10.893667920 +0100 +@@ -65,7 +65,7 @@ + endif + + aide_CFLAGS = @AIDE_DEFS@ -W -Wall -g ${PTHREAD_CFLAGS} +-aide_LDADD = -lm ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS} ++aide_LDADD = -lm ${LDFLAGS} ${PCRE2_LIBS} ${ZLIB_LIBS} ${MHASH_LIBS} ${GCRYPT_LIBS} ${POSIX_ACL_LIBS} ${SELINUX_LIBS} ${AUDIT_LIBS} ${XATTR_LIBS} ${ELF_LIBS} ${E2FSATTRS_LIBS} ${CAPABILITIES_LIBS} ${CURL_LIBS} ${PTHREAD_LIBS} + + if HAVE_CHECK + TESTS = check_aide diff --git a/aide-0.18.tar.gz b/aide-0.18.tar.gz new file mode 100644 index 0000000..0b3eead --- /dev/null +++ b/aide-0.18.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f1166ad01a50f7f4523a585760c673ae11185a38cfa602ae7c9e9266effd038d +size 375922 diff --git a/aide-0.18.tar.gz.asc b/aide-0.18.tar.gz.asc new file mode 100644 index 0000000..be706f7 --- /dev/null +++ b/aide-0.18.tar.gz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAmPhb84ACgkQGO6GOGAi +71c+Pgv+JMW2H76Trn6lZ0+et0E568fOF1uwbLNzG62t1x6xvgl5tu+NgziSwsi3 +B1nD5jkDktI55twMxMeYsTsn0qrz/VTs+00yNo0ww93I6o2+gZF6Gex8vNYkK2EE +ZnBTuWOT8bNJTN1Mi5s09m5nPIFZKLpRyx7+iKmUnmWalJeJ6py+UcEe67l27cXJ +IvGs+JuShsWVNWtPuSHk8G3iH4pZ9TaGA5GkEPMxVI2Isx7GeiaIdHnr6XgzAtF0 +2oRyk807YNf2YWyBZQyitWpJ6fSHwBVixPM8Nfj2gWvxEEjTntfA0e298hxw/o4Y +S8btwy6rOvJUVq52/o5MfhBTzwaQZu5IRtxkFnd/4L365F61X0iOptXD1jiRkBUE +r6OQI7vOV5OdfkiJl9YvykxEQY7FQdqFaEKpXr300IS6amU//oSr/3uUVcUHFbYs +9U4g2FFEaiWMgCyKVozNVitweTErgGAy5GdVWQ7YgMsN44jbxT8YgaV4Gll+zqFY +EeIDKZ3/ +=tSe2 +-----END PGP SIGNATURE----- diff --git a/aide-xattr-in-libc.patch b/aide-xattr-in-libc.patch index e6874ec..3df1636 100644 --- a/aide-xattr-in-libc.patch +++ b/aide-xattr-in-libc.patch @@ -1,33 +1,208 @@ -diff -ru old/configure.ac new/configure.ac ---- old/configure.ac 2021-02-10 22:01:14.000000000 +0100 -+++ new/configure.ac 2021-02-24 13:17:31.287619804 +0100 -@@ -483,7 +483,7 @@ - - AS_IF([test "x$with_xattr_support" != xno], - [AC_DEFINE(WITH_XATTR,1,[use xattr]) -- ATTRLIB=-lattr -+ ATTRLIB= - compoptionstring="${compoptionstring}WITH_XATTR\\n" - AC_MSG_RESULT(yes)], - [AC_MSG_RESULT(no)] -diff -ru old/include/db_config.h new/include/db_config.h ---- old/include/db_config.h 2021-02-10 22:01:14.000000000 +0100 -+++ new/include/db_config.h 2021-02-24 13:49:16.813840910 +0100 -@@ -23,7 +23,6 @@ +diff --color -ruN aide-0.18.ori/configure.ac aide-0.18/configure.ac +--- aide-0.18.ori/configure.ac 2023-02-06 22:06:50.000000000 +0100 ++++ aide-0.18/configure.ac 2023-02-23 18:38:19.703630012 +0100 +@@ -59,7 +59,7 @@ + AIDE_DEFS="-D_GNU_SOURCE" + + dnl This is borrowed from libtool +- ++ + if test $ac_cv_c_compiler_gnu = yes; then + LD_STATIC_FLAG='-static' + +@@ -101,54 +101,54 @@ + # All AIX code is PIC. + LD_STATIC_FLAG='-bnso -bI:/lib/syscalls.exp' + ;; +- ++ + hpux9* | hpux10* | hpux11*) + # Is there a better LD_STATIC_FLAG that works with the bundled CC? + ## wl='-Wl,' + LD_STATIC_FLAG="${wl}-a ${wl}archive" + ## pic_flag='+Z' + ;; +- ++ + irix5* | irix6*) + ## wl='-Wl,' + LD_STATIC_FLAG='-non_shared' + # PIC (with -KPIC) is the default. + ;; +- ++ + cygwin* | mingw* | os2*) + # We can build DLLs from non-PIC. + ;; +- ++ + osf3* | osf4* | osf5*) + # All OSF/1 code is PIC. + ## wl='-Wl,' + LD_STATIC_FLAG='-non_shared' + ;; +- ++ + sco3.2v5*) + ## pic_flag='-Kpic' + LD_STATIC_FLAG='-dn' + ## special_shlib_compile_flags='-belf' + ;; +- ++ + solaris*) + ## pic_flag='-KPIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Wl,' + ;; +- ++ + sunos4*) + ## pic_flag='-PIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Qoption ld ' + ;; +- ++ + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + ## pic_flag='-KPIC' + LD_STATIC_FLAG='-Bstatic' + ## wl='-Wl,' + ;; +- ++ + uts4*) + ## pic_flag='-pic' + LD_STATIC_FLAG='-Bstatic' +@@ -338,8 +338,6 @@ + + AIDE_PKG_CHECK(selinux, SELinux, no, SELINUX, libselinux, selinux) + +-AIDE_PKG_CHECK(xattr, xattr, no, XATTR, libattr, xattrs) +- + AIDE_PKG_CHECK(capabilities, POSIX 1003.1e capabilities, no, CAPABILITIES, libcap, caps) + + AIDE_PKG_CHECK(e2fsattrs, e2fsattrs, no, E2FSATTRS, e2p, e2fsattrs) +diff --color -ruN aide-0.18.ori/include/db_config.h aide-0.18/include/db_config.h +--- aide-0.18.ori/include/db_config.h 2023-02-06 22:06:50.000000000 +0100 ++++ aide-0.18/include/db_config.h 2023-02-23 18:29:04.202036763 +0100 +@@ -19,7 +19,7 @@ + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +- ++ #ifndef _DB_CONFIG_H_INCLUDED #define _DB_CONFIG_H_INCLUDED - #include "config.h" --#include "attributes.h" - #include "report.h" - #include "types.h" - #include -@@ -48,7 +47,6 @@ - #ifdef WITH_XATTR /* Do generic user Xattrs. */ +@@ -32,7 +32,6 @@ + #ifdef WITH_ZLIB + #include + #endif +-#include "attributes.h" + #include "hashsum.h" + #include "db_line.h" + #include "list.h" +@@ -75,7 +74,7 @@ + /* int (*close)(_db_config*); */ + /* int db_size; */ + /* DB_FIELD* db_order; */ +-/* void* local; */ ++/* void* local; */ + /* }_db_config ; */ + + typedef struct database { +@@ -111,14 +110,14 @@ + #ifdef WITH_ZLIB + /* Is dbout gzipped or not */ + int gzip_dbout; +- ++ + #endif + + DB_ATTR_TYPE db_out_attrs; + + char *check_path; + RESTRICTION_TYPE check_file_type; +- ++ + char* config_file; + char* config_version; + bool config_check_warn_unrestricted_rules; +@@ -160,7 +159,7 @@ + int symlinks_found; + DB_ATTR_TYPE attr; + +-#ifdef WITH_ACL ++#ifdef WITH_ACL + int no_acl_on_symlinks; + #endif + int warn_dead_symlinks; +diff --color -ruN aide-0.18.ori/src/do_md.c aide-0.18/src/do_md.c +--- aide-0.18.ori/src/do_md.c 2023-02-06 22:06:50.000000000 +0100 ++++ aide-0.18/src/do_md.c 2023-02-23 18:29:31.706313697 +0100 +@@ -45,7 +45,6 @@ + + #ifdef WITH_XATTR #include -#include #ifndef ENOATTR # define ENOATTR ENODATA #endif -Only in new/include: md.h.orig -Only in new/src: md.c.orig +@@ -327,7 +326,7 @@ + } + + void fs2db_line(struct stat* fs,db_line* line) { +- ++ + line->inode=fs->st_ino; + + if(ATTR(attr_uid)&line->attr) { +@@ -349,7 +348,7 @@ + }else{ + line->size=0; + } +- ++ + if(ATTR(attr_linkcount)&line->attr){ + line->nlink=fs->st_nlink; + }else { +@@ -367,7 +366,7 @@ + }else{ + line->ctime=0; + } +- ++ + if(ATTR(attr_atime)&line->attr){ + line->atime=fs->st_atime; + }else{ +@@ -379,13 +378,13 @@ + } else { + line->bcount=0; + } +- ++ + } + + #ifdef WITH_ACL + void acl2line(db_line* line) { + acl_type *ret = NULL; +- ++ + #ifdef WITH_POSIX_ACL + if(ATTR(attr_acl)&line->attr) { + acl_t acl_a; +@@ -434,7 +433,7 @@ + acl_free(acl_d); + } + line->acl = ret; +-#endif ++#endif + } + #endif + +@@ -596,4 +595,3 @@ + void no_hash(db_line* line) { + line->attr&=~get_hashes(true); + } +- diff --git a/aide.changes b/aide.changes index 8acb2ac..406fe4d 100644 --- a/aide.changes +++ b/aide.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Feb 23 16:50:23 UTC 2023 - Paolo Perego + +- Update to 0.18 +- Rename aide-0.17.3-as-needed.patch to and rebase aide-0.18-as-needed.patch +- Added autoconf and autoconf-archive as building dependencies due to an error + when reconfiguring the source +- Rebase aide-xattr-in-libc.patch + ------------------------------------------------------------------- Tue Mar 29 09:19:54 UTC 2022 - Paolo Stivanin @@ -19,12 +28,12 @@ Fri Apr 2 07:03:22 UTC 2021 - Marcus Meissner ------------------------------------------------------------------- Wed Feb 24 13:45:59 UTC 2021 - Paolo Stivanin -- Update default config file to match v0.17 +- Update default config file to match v0.17 ------------------------------------------------------------------- Wed Feb 24 11:01:03 UTC 2021 - Paolo Stivanin -- Update to 0.17.3: +- Update to 0.17.3: * BACKWARDS INCOMPATIBLE CHANGES - '--verbose' command line option and 'verbose' config option are no longer supported, use 'log_level' and 'report_level' options instead @@ -142,7 +151,7 @@ Sun Mar 17 21:20:12 UTC 2019 - Matthias Eliasson Wed Jan 18 13:38:03 UTC 2017 - meissner@suse.com - Updated to 0.16 - - lots of bugfixes + - lots of bugfixes - including regexp matching within subdirectories of expressions - aide-0.16-as-needed.patch: replaces aide-0.15.1-as-needed.patch - aide-no_m4_dir.patch: upstream @@ -183,7 +192,7 @@ Fri Apr 26 11:26:37 UTC 2013 - mmeister@suse.com ------------------------------------------------------------------- Wed Jan 4 13:34:11 UTC 2012 - crrodriguez@opensuse.org -- libmhash development was abandoned in 2007, so it is time +- libmhash development was abandoned in 2007, so it is time for it to go into the library heaven, use libgcrypt instead. ------------------------------------------------------------------- @@ -215,8 +224,8 @@ Tue Aug 10 17:12:56 CEST 2010 - meissner@suse.de ------------------------------------------------------------------- Fri Apr 30 00:40:34 CEST 2010 - ro@suse.de -- make aide check verbose to get started -- add sleep and sync to fix build +- make aide check verbose to get started +- add sleep and sync to fix build ------------------------------------------------------------------- Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de @@ -226,7 +235,7 @@ Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de ------------------------------------------------------------------- Wed Jun 17 19:43:10 CEST 2009 - crrodriguez@suse.de -- fix build when as-needed is a default liker option +- fix build when as-needed is a default liker option ------------------------------------------------------------------- Mon Jan 5 14:19:26 CET 2009 - meissner@suse.de @@ -291,13 +300,13 @@ Sat Jan 14 22:08:31 CET 2006 - schwab@suse.de ------------------------------------------------------------------- Fri Mar 18 15:46:21 CET 2005 - mge@suse.de -- fixes #71272 - aide-0.10-47 config files not yet converted to utf8 +- fixes #71272 - aide-0.10-47 config files not yet converted to utf8 ------------------------------------------------------------------- Mon Jan 26 11:16:41 CET 2004 - mge@suse.de - upgrade to 0.10 -- #33600: more usable default aide.conf +- #33600: more usable default aide.conf (thanks to Dirk Mueller ) - example-cron-job @@ -309,7 +318,7 @@ Sat Jan 10 22:05:03 CET 2004 - adrian@suse.de ------------------------------------------------------------------- Wed Nov 13 01:36:35 CET 2002 - ro@suse.de -- fix build for current bison +- fix build for current bison ------------------------------------------------------------------- Thu Aug 15 16:11:22 CEST 2002 - mge@suse.de @@ -320,7 +329,7 @@ Thu Aug 15 16:11:22 CEST 2002 - mge@suse.de Mon Apr 9 11:30:55 CEST 2001 - ro@suse.de - don't use macro for version -- remove obsolete macros +- remove obsolete macros ------------------------------------------------------------------- Wed Nov 22 13:00:27 MET 2000 - mge@suse.de @@ -347,4 +356,3 @@ Sun Sep 12 00:00:00 MEST 1999 - Rami Lehti Sat Sep 11 00:00:00 MEST 1999 - Zach Brown - First go - diff --git a/aide.spec b/aide.spec index 266a739..b3e4df9 100644 --- a/aide.spec +++ b/aide.spec @@ -1,7 +1,7 @@ # # spec file for package aide # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: aide -Version: 0.17.4 +Version: 0.18 Release: 0 Summary: Advanced Intrusion Detection Environment License: GPL-2.0-or-later @@ -33,9 +33,11 @@ Source7: aide.timer.8 Source8: aide_service.conf Source42: https://github.com/aide/aide/releases/download/v%{version}/aide-%{version}.tar.gz.asc Source43: aide.keyring -Patch1: aide-0.17.3-as-needed.patch +Patch1: aide-0.18-as-needed.patch Patch2: aide-xattr-in-libc.patch Patch3: aide-systemd.patch +BuildRequires: autoconf +BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: bison BuildRequires: curl-devel