diff options
author | Matsuu Takuto <matsuu@gentoo.org> | 2009-04-16 14:59:20 +0000 |
---|---|---|
committer | Matsuu Takuto <matsuu@gentoo.org> | 2009-04-16 14:59:20 +0000 |
commit | 081005d0edba93ddaa7d498075cb1ef46078d7ad (patch) | |
tree | 76896d00bbf3cc340e5b56c26e3899cd696b2fe8 /app-forensics/aide | |
parent | fix bug #260786 (diff) | |
download | gentoo-2-081005d0edba93ddaa7d498075cb1ef46078d7ad.tar.gz gentoo-2-081005d0edba93ddaa7d498075cb1ef46078d7ad.tar.bz2 gentoo-2-081005d0edba93ddaa7d498075cb1ef46078d7ad.zip |
Fixed bug #204217 and #266175.
(Portage version: 2.1.6.11/cvs/Linux x86_64)
Diffstat (limited to 'app-forensics/aide')
-rw-r--r-- | app-forensics/aide/ChangeLog | 10 | ||||
-rw-r--r-- | app-forensics/aide/aide-0.13.1-r3.ebuild | 143 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-equ-matching.patch | 83 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch | 49 |
4 files changed, 284 insertions, 1 deletions
diff --git a/app-forensics/aide/ChangeLog b/app-forensics/aide/ChangeLog index 88bdbd70348f..3fa810333930 100644 --- a/app-forensics/aide/ChangeLog +++ b/app-forensics/aide/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-forensics/aide # Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-forensics/aide/ChangeLog,v 1.38 2009/03/01 01:52:37 patrick Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-forensics/aide/ChangeLog,v 1.39 2009/04/16 14:59:20 matsuu Exp $ + +*aide-0.13.1-r3 (16 Apr 2009) + + 16 Apr 2009; MATSUU Takuto <matsuu@gentoo.org> + +files/aide-0.13.1-equ-matching.patch, + +files/aide-0.13.1-libgrypt_init.patch, +aide-0.13.1-r3.ebuild: + Fixed equal match issue, bug #204217. Fixed libgcrypt issue, bug #266175. + RESTRICT="test" Removed --with-extra-lib. 01 Mar 2009; Patrick Lauer <patrick@gentoo.org> aide-0.13.1-r2.ebuild: Fixing elog messages to reflect changes from #195690. Closes #249793 diff --git a/app-forensics/aide/aide-0.13.1-r3.ebuild b/app-forensics/aide/aide-0.13.1-r3.ebuild new file mode 100644 index 000000000000..7e554d3d6b50 --- /dev/null +++ b/app-forensics/aide/aide-0.13.1-r3.ebuild @@ -0,0 +1,143 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-forensics/aide/aide-0.13.1-r3.ebuild,v 1.1 2009/04/16 14:59:20 matsuu Exp $ + +inherit autotools eutils + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire" +HOMEPAGE="http://aide.sourceforge.net/" +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" +IUSE="acl curl mhash nls postgres selinux static xattr zlib" +#IUSE="acl audit curl mhash nls postgres selinux static xattr zlib" + +# libsandbox: Can't dlopen libc: (null) +RESTRICT="test" + +DEPEND="acl? ( sys-apps/acl ) + curl? ( net-misc/curl ) + mhash? ( >=app-crypt/mhash-0.9.2 ) + !mhash? ( dev-libs/libgcrypt ) + nls? ( virtual/libintl ) + postgres? ( virtual/postgresql-base ) + selinux? ( sys-libs/libselinux ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" +# audit? ( sys-process/audit ) + +RDEPEND="!static? ( ${DEPEND} )" + +DEPEND="${DEPEND} + nls? ( sys-devel/gettext ) + sys-devel/bison + sys-devel/flex" + +pkg_config() { + if use mhash && use postgres ; then + eerror "We cannot emerge aide with mhash and postgres USE flags at the same time." + eerror "Please remove mhash OR postgres USE flags." + die "Please remove either mhash or postgres USE flag." + fi +} + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${P}-gentoo.patch" + + # fix configure switch + epatch "${FILESDIR}/${P}-configure.patch" + + # fix equal match issue, bug #204217 + epatch "${FILESDIR}/${P}-equ-matching.patch" + + # fix libgcrypt issue, bug #266175 + epatch "${FILESDIR}/${P}-libgrypt_init.patch" + + if ! use mhash ; then + # dev-libs/libgcrypt doesn't support whirlpool algorithm + sed -i -e 's/\+whirlpool//' doc/aide.conf.in || die + fi + + if ! use selinux ; then + sed -i -e 's/\+selinux//' doc/aide.conf.in || die + fi + + if ! use xattr ; then + sed -i -e 's/\+xattrs//' doc/aide.conf.in || die + fi + + if ! use acl ; then + sed -i -e 's/\+acl//' doc/aide.conf.in || die + fi + + eautoreconf +} + +src_compile() { + local myconf=" + $(use_with acl posix-acl) + $(use_with !mhash gcrypt) + $(use_with mhash mhash) + $(use_with nls locale) + $(use_with postgres psql) + $(use_with selinux) + $(use_enable static) + $(use_with xattr) + $(use_with zlib) + --sysconfdir=/etc/aide" +# $(use_with audit) + + # curl doesn't work with static + use curl && ! use static && myconf="${myconf} --with-curl" + + econf ${myconf} || die "econf failed" + # parallel make borked + emake -j1 || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + keepdir /var/lib/aide + fowners root:0 /var/lib/aide + fperms 0755 /var/lib/aide + + keepdir /var/log/aide + + insinto /etc/aide + doins "${FILESDIR}"/aide.conf + + dosbin "${FILESDIR}"/aideinit + + dodoc ChangeLog AUTHORS NEWS README "${FILESDIR}"/aide.cron + dohtml doc/manual.html +} + +pkg_postinst() { + elog + elog "A sample configuration file has been installed as" + elog "/etc/aide/aide.conf. Please edit to meet your needs." + elog "Read the aide.conf(5) manual page for more information." + elog "A helper script, aideinit, has been installed and can" + elog "be used to make AIDE management easier. Please run" + elog "aideinit --help for more information" + elog + + if use postgres; then + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/files/aide-0.13.1-equ-matching.patch b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch new file mode 100644 index 000000000000..e5d02a5ea7d5 --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch @@ -0,0 +1,83 @@ +--- src/gen_list.c.orig 2007-12-19 15:37:13.000000000 -0800 ++++ src/gen_list.c 2007-12-19 16:19:43.000000000 -0800 +@@ -732,33 +732,6 @@ + return retval; + } + +-//this is used to check if $text if equal to a node in $rxrlist +-//should be used to check equ_rx_lst only +-int check_list_for_equal(list* rxrlist,char* text,DB_ATTR_TYPE* attr) +-{ +- list* r=NULL; +- int retval=1; +- char *temp; +- +- for(r=rxrlist;r;r=r->next){ +- temp=((rx_rule*)r->data)->rx; +- +- //FIXME, if rx not begin with ^, may need to do something else +- if(temp[0]=='^') //^ is for reg exp, we can ignore this character +- temp++; +- +- //we don't need to worry about buff-overflow, so strcmp is safe +- if((retval=strcmp(temp, text))==0){ +- *attr=((rx_rule*)r->data)->attr; +- error(231,"\"%s\" matches string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); +- break; +- } else { +- error(231,"\"%s\" doesn't match string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); +- } +- } +- return retval; +-} +- + /* + * Function check_node_for_match() + * calls itself recursively to go to the top and then back down. +@@ -783,35 +756,24 @@ + return retval; + } + +- /* We need this to check whether this was the first one * +- * to be called and not a recursive call */ +- if(!((retval&16)==16)){ +- retval|=16; ++ /* if this call is not recursive we check the equals list and we set top * ++ * and retval so we know following calls are recursive */ ++ if(!(retval&16)){ + top=1; +- } else { +- top=0; +- } +- +- /* if no deeper match found */ +- if(!((retval&8)==8)&&!((retval&4)==4)){ ++ retval|=16; ++ + if(!check_list_for_match(node->equ_rx_lst,text,attr)){ +- /* +- Zhi Wen Wong added this line to fix bug that equ not work for +- compare +- if we do "=/bin", we should only check /bin +- so, /bin/bash or /bin/something should return 0 as neg +- */ +- if(!check_list_for_equal(node->equ_rx_lst,text,attr)) +- retval|=(2|4); +- }; +- }; ++ retval|=2|4; ++ } ++ } + /* We'll use retval to pass information on whether to recurse + * the dir or not */ + + +- if(!((retval&8)==8)&&!((retval&4)==4)){ ++ /* If 4 and 8 are not set, we will check for matches */ ++ if(!(retval&(4|8))){ + if(!check_list_for_match(node->sel_rx_lst,text,attr)) +- retval|=(1|8); ++ retval|=1|8; + } + + /* Now let's check the ancestors */ diff --git a/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch new file mode 100644 index 000000000000..56b39693f4ff --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch @@ -0,0 +1,49 @@ +diff -urp aide-0.13.1.orig/doc/aide.1 aide-0.13.1/doc/aide.1 +--- aide-0.13.1.orig/doc/aide.1 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/doc/aide.1 2009-04-14 15:49:18.000000000 -0700 +@@ -67,6 +67,7 @@ conditions: + .IP "16 Unimplemented function error" + .IP "17 Invalid configureline error" + .IP "18 IO error" ++.IP "19 Version mismatch error" + .PP + .SH NOTES + Please note that due to mmap issues, aide cannot be terminated with +diff -urp aide-0.13.1.orig/doc/aide.1.in aide-0.13.1/doc/aide.1.in +--- aide-0.13.1.orig/doc/aide.1.in 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/doc/aide.1.in 2009-04-14 15:49:56.000000000 -0700 +@@ -67,6 +67,7 @@ conditions: + .IP "16 Unimplemented function error" + .IP "17 Invalid configureline error" + .IP "18 IO error" ++.IP "19 Version mismatch error" + .PP + .SH NOTES + Please note that due to mmap issues, aide cannot be terminated with +diff -urp aide-0.13.1.orig/include/report.h aide-0.13.1/include/report.h +--- aide-0.13.1.orig/include/report.h 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/include/report.h 2009-04-14 15:46:28.000000000 -0700 +@@ -31,6 +31,7 @@ + #define UNIMPLEMENTED_FUNCTION_ERROR 16 + #define INVALID_CONFIGURELINE_ERROR 17 + #define IO_ERROR 18 ++#define VERSION_MISMATCH_ERROR 19 + + /* Errorcodes */ + #define HASH_ALGO_ERROR 30 +diff -urp aide-0.13.1.orig/src/md.c aide-0.13.1/src/md.c +--- aide-0.13.1.orig/src/md.c 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/src/md.c 2009-04-14 15:46:28.000000000 -0700 +@@ -201,6 +201,12 @@ int init_md(struct md_container* md) { + #endif + #ifdef WITH_GCRYPT + error(255,"Gcrypt library initialization\n"); ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ gcry_control(GCRYCTL_DISABLE_SECMEM, 0); ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); |