summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatsuu Takuto <matsuu@gentoo.org>2009-04-16 14:59:20 +0000
committerMatsuu Takuto <matsuu@gentoo.org>2009-04-16 14:59:20 +0000
commit081005d0edba93ddaa7d498075cb1ef46078d7ad (patch)
tree76896d00bbf3cc340e5b56c26e3899cd696b2fe8 /app-forensics/aide
parentfix bug #260786 (diff)
downloadgentoo-2-081005d0edba93ddaa7d498075cb1ef46078d7ad.tar.gz
gentoo-2-081005d0edba93ddaa7d498075cb1ef46078d7ad.tar.bz2
gentoo-2-081005d0edba93ddaa7d498075cb1ef46078d7ad.zip
Fixed bug #204217 and #266175.
(Portage version: 2.1.6.11/cvs/Linux x86_64)
Diffstat (limited to 'app-forensics/aide')
-rw-r--r--app-forensics/aide/ChangeLog10
-rw-r--r--app-forensics/aide/aide-0.13.1-r3.ebuild143
-rw-r--r--app-forensics/aide/files/aide-0.13.1-equ-matching.patch83
-rw-r--r--app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch49
4 files changed, 284 insertions, 1 deletions
diff --git a/app-forensics/aide/ChangeLog b/app-forensics/aide/ChangeLog
index 88bdbd70348f..3fa810333930 100644
--- a/app-forensics/aide/ChangeLog
+++ b/app-forensics/aide/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-forensics/aide
# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-forensics/aide/ChangeLog,v 1.38 2009/03/01 01:52:37 patrick Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/aide/ChangeLog,v 1.39 2009/04/16 14:59:20 matsuu Exp $
+
+*aide-0.13.1-r3 (16 Apr 2009)
+
+ 16 Apr 2009; MATSUU Takuto <matsuu@gentoo.org>
+ +files/aide-0.13.1-equ-matching.patch,
+ +files/aide-0.13.1-libgrypt_init.patch, +aide-0.13.1-r3.ebuild:
+ Fixed equal match issue, bug #204217. Fixed libgcrypt issue, bug #266175.
+ RESTRICT="test" Removed --with-extra-lib.
01 Mar 2009; Patrick Lauer <patrick@gentoo.org> aide-0.13.1-r2.ebuild:
Fixing elog messages to reflect changes from #195690. Closes #249793
diff --git a/app-forensics/aide/aide-0.13.1-r3.ebuild b/app-forensics/aide/aide-0.13.1-r3.ebuild
new file mode 100644
index 000000000000..7e554d3d6b50
--- /dev/null
+++ b/app-forensics/aide/aide-0.13.1-r3.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/aide/aide-0.13.1-r3.ebuild,v 1.1 2009/04/16 14:59:20 matsuu Exp $
+
+inherit autotools eutils
+
+DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire"
+HOMEPAGE="http://aide.sourceforge.net/"
+SRC_URI="mirror://sourceforge/aide/${P}.tar.gz"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+IUSE="acl curl mhash nls postgres selinux static xattr zlib"
+#IUSE="acl audit curl mhash nls postgres selinux static xattr zlib"
+
+# libsandbox: Can't dlopen libc: (null)
+RESTRICT="test"
+
+DEPEND="acl? ( sys-apps/acl )
+ curl? ( net-misc/curl )
+ mhash? ( >=app-crypt/mhash-0.9.2 )
+ !mhash? ( dev-libs/libgcrypt )
+ nls? ( virtual/libintl )
+ postgres? ( virtual/postgresql-base )
+ selinux? ( sys-libs/libselinux )
+ xattr? ( sys-apps/attr )
+ zlib? ( sys-libs/zlib )"
+# audit? ( sys-process/audit )
+
+RDEPEND="!static? ( ${DEPEND} )"
+
+DEPEND="${DEPEND}
+ nls? ( sys-devel/gettext )
+ sys-devel/bison
+ sys-devel/flex"
+
+pkg_config() {
+ if use mhash && use postgres ; then
+ eerror "We cannot emerge aide with mhash and postgres USE flags at the same time."
+ eerror "Please remove mhash OR postgres USE flags."
+ die "Please remove either mhash or postgres USE flag."
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}/${P}-gentoo.patch"
+
+ # fix configure switch
+ epatch "${FILESDIR}/${P}-configure.patch"
+
+ # fix equal match issue, bug #204217
+ epatch "${FILESDIR}/${P}-equ-matching.patch"
+
+ # fix libgcrypt issue, bug #266175
+ epatch "${FILESDIR}/${P}-libgrypt_init.patch"
+
+ if ! use mhash ; then
+ # dev-libs/libgcrypt doesn't support whirlpool algorithm
+ sed -i -e 's/\+whirlpool//' doc/aide.conf.in || die
+ fi
+
+ if ! use selinux ; then
+ sed -i -e 's/\+selinux//' doc/aide.conf.in || die
+ fi
+
+ if ! use xattr ; then
+ sed -i -e 's/\+xattrs//' doc/aide.conf.in || die
+ fi
+
+ if ! use acl ; then
+ sed -i -e 's/\+acl//' doc/aide.conf.in || die
+ fi
+
+ eautoreconf
+}
+
+src_compile() {
+ local myconf="
+ $(use_with acl posix-acl)
+ $(use_with !mhash gcrypt)
+ $(use_with mhash mhash)
+ $(use_with nls locale)
+ $(use_with postgres psql)
+ $(use_with selinux)
+ $(use_enable static)
+ $(use_with xattr)
+ $(use_with zlib)
+ --sysconfdir=/etc/aide"
+# $(use_with audit)
+
+ # curl doesn't work with static
+ use curl && ! use static && myconf="${myconf} --with-curl"
+
+ econf ${myconf} || die "econf failed"
+ # parallel make borked
+ emake -j1 || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ keepdir /var/lib/aide
+ fowners root:0 /var/lib/aide
+ fperms 0755 /var/lib/aide
+
+ keepdir /var/log/aide
+
+ insinto /etc/aide
+ doins "${FILESDIR}"/aide.conf
+
+ dosbin "${FILESDIR}"/aideinit
+
+ dodoc ChangeLog AUTHORS NEWS README "${FILESDIR}"/aide.cron
+ dohtml doc/manual.html
+}
+
+pkg_postinst() {
+ elog
+ elog "A sample configuration file has been installed as"
+ elog "/etc/aide/aide.conf. Please edit to meet your needs."
+ elog "Read the aide.conf(5) manual page for more information."
+ elog "A helper script, aideinit, has been installed and can"
+ elog "be used to make AIDE management easier. Please run"
+ elog "aideinit --help for more information"
+ elog
+
+ if use postgres; then
+ elog "Due to a bad assumption by aide, you must issue the following"
+ elog "command after the database initialization (aide --init ...):"
+ elog
+ elog 'psql -c "update pg_index set indisunique=false from pg_class \\ '
+ elog " where pg_class.relname='TABLE_pkey' and \ "
+ elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER'
+ elog
+ elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as"
+ elog "your aide.conf."
+ elog
+ fi
+}
diff --git a/app-forensics/aide/files/aide-0.13.1-equ-matching.patch b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch
new file mode 100644
index 000000000000..e5d02a5ea7d5
--- /dev/null
+++ b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch
@@ -0,0 +1,83 @@
+--- src/gen_list.c.orig 2007-12-19 15:37:13.000000000 -0800
++++ src/gen_list.c 2007-12-19 16:19:43.000000000 -0800
+@@ -732,33 +732,6 @@
+ return retval;
+ }
+
+-//this is used to check if $text if equal to a node in $rxrlist
+-//should be used to check equ_rx_lst only
+-int check_list_for_equal(list* rxrlist,char* text,DB_ATTR_TYPE* attr)
+-{
+- list* r=NULL;
+- int retval=1;
+- char *temp;
+-
+- for(r=rxrlist;r;r=r->next){
+- temp=((rx_rule*)r->data)->rx;
+-
+- //FIXME, if rx not begin with ^, may need to do something else
+- if(temp[0]=='^') //^ is for reg exp, we can ignore this character
+- temp++;
+-
+- //we don't need to worry about buff-overflow, so strcmp is safe
+- if((retval=strcmp(temp, text))==0){
+- *attr=((rx_rule*)r->data)->attr;
+- error(231,"\"%s\" matches string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
+- break;
+- } else {
+- error(231,"\"%s\" doesn't match string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx);
+- }
+- }
+- return retval;
+-}
+-
+ /*
+ * Function check_node_for_match()
+ * calls itself recursively to go to the top and then back down.
+@@ -783,35 +756,24 @@
+ return retval;
+ }
+
+- /* We need this to check whether this was the first one *
+- * to be called and not a recursive call */
+- if(!((retval&16)==16)){
+- retval|=16;
++ /* if this call is not recursive we check the equals list and we set top *
++ * and retval so we know following calls are recursive */
++ if(!(retval&16)){
+ top=1;
+- } else {
+- top=0;
+- }
+-
+- /* if no deeper match found */
+- if(!((retval&8)==8)&&!((retval&4)==4)){
++ retval|=16;
++
+ if(!check_list_for_match(node->equ_rx_lst,text,attr)){
+- /*
+- Zhi Wen Wong added this line to fix bug that equ not work for
+- compare
+- if we do "=/bin", we should only check /bin
+- so, /bin/bash or /bin/something should return 0 as neg
+- */
+- if(!check_list_for_equal(node->equ_rx_lst,text,attr))
+- retval|=(2|4);
+- };
+- };
++ retval|=2|4;
++ }
++ }
+ /* We'll use retval to pass information on whether to recurse
+ * the dir or not */
+
+
+- if(!((retval&8)==8)&&!((retval&4)==4)){
++ /* If 4 and 8 are not set, we will check for matches */
++ if(!(retval&(4|8))){
+ if(!check_list_for_match(node->sel_rx_lst,text,attr))
+- retval|=(1|8);
++ retval|=1|8;
+ }
+
+ /* Now let's check the ancestors */
diff --git a/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch
new file mode 100644
index 000000000000..56b39693f4ff
--- /dev/null
+++ b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch
@@ -0,0 +1,49 @@
+diff -urp aide-0.13.1.orig/doc/aide.1 aide-0.13.1/doc/aide.1
+--- aide-0.13.1.orig/doc/aide.1 2009-04-14 15:46:20.000000000 -0700
++++ aide-0.13.1/doc/aide.1 2009-04-14 15:49:18.000000000 -0700
+@@ -67,6 +67,7 @@ conditions:
+ .IP "16 Unimplemented function error"
+ .IP "17 Invalid configureline error"
+ .IP "18 IO error"
++.IP "19 Version mismatch error"
+ .PP
+ .SH NOTES
+ Please note that due to mmap issues, aide cannot be terminated with
+diff -urp aide-0.13.1.orig/doc/aide.1.in aide-0.13.1/doc/aide.1.in
+--- aide-0.13.1.orig/doc/aide.1.in 2009-04-14 15:46:20.000000000 -0700
++++ aide-0.13.1/doc/aide.1.in 2009-04-14 15:49:56.000000000 -0700
+@@ -67,6 +67,7 @@ conditions:
+ .IP "16 Unimplemented function error"
+ .IP "17 Invalid configureline error"
+ .IP "18 IO error"
++.IP "19 Version mismatch error"
+ .PP
+ .SH NOTES
+ Please note that due to mmap issues, aide cannot be terminated with
+diff -urp aide-0.13.1.orig/include/report.h aide-0.13.1/include/report.h
+--- aide-0.13.1.orig/include/report.h 2009-04-14 15:46:20.000000000 -0700
++++ aide-0.13.1/include/report.h 2009-04-14 15:46:28.000000000 -0700
+@@ -31,6 +31,7 @@
+ #define UNIMPLEMENTED_FUNCTION_ERROR 16
+ #define INVALID_CONFIGURELINE_ERROR 17
+ #define IO_ERROR 18
++#define VERSION_MISMATCH_ERROR 19
+
+ /* Errorcodes */
+ #define HASH_ALGO_ERROR 30
+diff -urp aide-0.13.1.orig/src/md.c aide-0.13.1/src/md.c
+--- aide-0.13.1.orig/src/md.c 2009-04-14 15:46:20.000000000 -0700
++++ aide-0.13.1/src/md.c 2009-04-14 15:46:28.000000000 -0700
+@@ -201,6 +201,12 @@ int init_md(struct md_container* md) {
+ #endif
+ #ifdef WITH_GCRYPT
+ error(255,"Gcrypt library initialization\n");
++ if(!gcry_check_version(GCRYPT_VERSION)) {
++ error(0,"libgcrypt version mismatch\n");
++ exit(VERSION_MISMATCH_ERROR);
++ }
++ gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){
+ error(0,"gcrypt_md_open failed\n");
+ exit(IO_ERROR);