Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aide for openSUSE:Factory checked in at 2021-02-25 18:28:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aide (Old) and /work/SRC/openSUSE:Factory/.aide.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aide" Thu Feb 25 18:28:56 2021 rev:32 rq:874874 version:0.17.3 Changes: -------- --- /work/SRC/openSUSE:Factory/aide/aide.changes 2020-07-31 16:07:28.408818026 +0200 +++ /work/SRC/openSUSE:Factory/.aide.new.2378/aide.changes 2021-02-25 18:28:59.362240966 +0100 @@ -1,0 +2,85 @@ +Wed Feb 24 13:45:59 UTC 2021 - Paolo Stivanin <i...@paolostivanin.com> + +- Update default config file to match v0.17 + +------------------------------------------------------------------- +Wed Feb 24 11:01:03 UTC 2021 - Paolo Stivanin <i...@paolostivanin.com> + +- Update to 0.17.3: + * BACKWARDS INCOMPATIBLE CHANGES + - '--verbose' command line option and 'verbose' config option are no + longer supported, use 'log_level' and 'report_level' options instead + - '--report' command line option is no longer supported, use + 'report_url' config option instead + - 'ignore_list' config option is no longer supported, use + 'report_ignore_changed_attrs' instead + - 'report_attributes' config option is no longer supported, use + 'report_force_attrs' instead + - (restricted) regular rules must start with literal '/', i.e. the rule + cannot begin with a macro variable + - config lines must end with new line + - '@' and ' ' in the configuration are now escaped with '\', that means + to match a '\' you have to use four backslashes '\\\\' in your rules + - 'gzip_dbout=false' fails now with config error when no zlib support + is compiled in + - remove '--with-initial-errors' configure option + - remove PostgreSQL database backend support + - remove Sun ACL support + - remove config and database signing support + * Enhancements: + - add new '--log-level' command line option and 'log_level' config option + - introduce named log levels + - add new 'report' log level to help to debug rule matching + - add new 'config' log level to help to debug config and rule parsing + - aad new '--dry-init' command + - add new '--path-check' command + - add directory support for @@include + - add new @@x_include config macro + - add new @@x_include_setenv config macro + - add new default compound group 'H' (all compiled-in hashsums) + - add support for per-report_url options + - add new 'report_level' config option + - add new 'report_append' config option + - add exit code 21 for file lock errors + - add default config values, available hashsums and compound groups + to '--version' output + - add Linux capabilities support + - show changed attributes in 'different attributes' message + - enable 'gost' and 'whirlpool' checksums when using gcrypt + - add 'stribog256' and 'stribog512' gcrypt algorithms + - add config file names to log output + * Miscellaneous behaviour changes: + - 'report_summarize_changes': hashsum changes are now indicated with 'H' + - print '--help' and '--verion' output to stdout + - log messages and errors are always written to stderr + - initialise report URLs after configuration parsing + - allow empty values for macro variables + - SIGUSR1 now toggles debug log level + - fail on errors in regular expressions during config parsing + - fail on invalid URLs during config check + - Fail on double slash in rule path + - cache log lines when 'log_level' is not yet set + * Deprecations: + - 'database' config option is now deprecated, use 'database_in' instead + - 'summarize_changes' config option is now deprecated, use + 'report_summarize_changes' instead + - 'grouped' config option is now deprecated, use 'report_grouped' + instead + - non-alphanumeric group names are deprecated + * Notable bug fixes: + - fix line numbers in log messages + - remove warning when input database is '/dev/null' + - correctly handle UTF-8 in path names and rules + - fix compilation with curl and gcrypt + - warn on unsupported hash algorithms + - improve large-file support + * Remove obsolete aide-attributes.sh script + * Remove outdated manual.html + * Update documentation + +- Rename aide-0.16.1-as-needed.patch to and rebase aide-0.17.3-as-needed.patch +- Rebase aide-xattr-in-libc.patch +- Remove aide-define_hash_use_gcrypt.patch (no longer needed) +- Remove aide-dynamic.patch (no longer needed) + +------------------------------------------------------------------- Old: ---- aide-0.16.1-as-needed.patch aide-0.16.2.tar.gz aide-0.16.2.tar.gz.asc aide-define_hash_use_gcrypt.patch aide-dynamic.patch New: ---- aide-0.17.3-as-needed.patch aide-0.17.3.tar.gz aide-0.17.3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aide.spec ++++++ --- /var/tmp/diff_new_pack.ENrU4d/_old 2021-02-25 18:29:00.130241464 +0100 +++ /var/tmp/diff_new_pack.ENrU4d/_new 2021-02-25 18:29:00.134241468 +0100 @@ -1,7 +1,7 @@ # # spec file for package aide # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: aide -Version: 0.16.2 +Version: 0.17.3 Release: 0 Summary: Advanced Intrusion Detection Environment License: GPL-2.0-or-later @@ -28,10 +28,8 @@ Source3: aide-test.sh Source42: https://github.com/aide/aide/releases/download/v%{version}/aide-%{version}.tar.gz.asc Source43: aide.keyring -Patch1: aide-0.16.1-as-needed.patch -Patch3: aide-xattr-in-libc.patch -Patch4: aide-dynamic.patch -Patch5: aide-define_hash_use_gcrypt.patch +Patch1: aide-0.17.3-as-needed.patch +Patch2: aide-xattr-in-libc.patch BuildRequires: automake BuildRequires: bison BuildRequires: curl-devel @@ -54,9 +52,7 @@ %prep %setup -q %patch1 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 +%patch2 -p1 %build autoreconf -fiv @@ -84,7 +80,16 @@ mkdir -p doc/examples%{_sysconfdir}/cron.daily/ cp -a %{SOURCE2} doc/examples%{_sysconfdir}/cron.daily/aide.sh +%post +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' %{_sysconfdir}/aide.conf + sed -i '/verbose=/d' %{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' %{_sysconfdir}/aide.conf +fi + %check +rm -rf %{_localstatedir}/tmp/aide-test mkdir %{_localstatedir}/tmp/aide-test export TESTDIR=%{_localstatedir}/tmp/aide-test %make_build DESTDIR=$TESTDIR install @@ -92,19 +97,26 @@ install -m 700 -d $TESTDIR%{_sysconfdir} install -m 600 %{SOURCE1} $TESTDIR%{_sysconfdir}/aide.conf.new sed -e "s#%{_localstatedir}/lib/aide#$TESTDIR%{_localstatedir}/lib/aide#g" <$TESTDIR%{_sysconfdir}/aide.conf.new >$TESTDIR%{_sysconfdir}/aide.conf +if ! grep -q "database_in" %{_sysconfdir}/aide.conf ; then + # with the 0.17 update some backward incompatible changes were made to the config file. Therefore, we have to adapt those parameters, otherwise the program will fail + sed -i 's/database=/database_in=/' $TESTDIR%{_sysconfdir}/aide.conf + sed -i '/verbose=/d' $TESTDIR%{_sysconfdir}/aide.conf + sed -i 's/\t/ /g' $TESTDIR%{_sysconfdir}/aide.conf +fi +$TESTDIR/usr/bin/aide -D -c $TESTDIR%{_sysconfdir}/aide.conf sleep 2 sync sleep 2 $TESTDIR/usr/bin/aide -c $TESTDIR%{_sysconfdir}/aide.conf --init mv $TESTDIR%{_localstatedir}/lib/aide/aide.db.new $TESTDIR%{_localstatedir}/lib/aide/aide.db -$TESTDIR/usr/bin/aide -c $TESTDIR%{_sysconfdir}/aide.conf --check --verbose +$TESTDIR/usr/bin/aide -c $TESTDIR%{_sysconfdir}/aide.conf --check --log-level=info rm -rf $TESTDIR %files %license COPYING -%doc AUTHORS ChangeLog NEWS README doc/manual* doc/examples +%doc AUTHORS ChangeLog NEWS README doc/examples %{_bindir}/aide /%{_mandir}/man1/aide.1.gz /%{_mandir}/man5/aide.conf.5.gz ++++++ aide-0.16.1-as-needed.patch -> aide-0.17.3-as-needed.patch ++++++ --- /work/SRC/openSUSE:Factory/aide/aide-0.16.1-as-needed.patch 2019-03-26 15:43:43.932198350 +0100 +++ /work/SRC/openSUSE:Factory/.aide.new.2378/aide-0.17.3-as-needed.patch 2021-02-25 18:28:59.254240896 +0100 @@ -1,13 +1,11 @@ -Index: aide-0.16/Makefile.am -=================================================================== ---- aide-0.16.orig/Makefile.am -+++ aide-0.16/Makefile.am -@@ -55,7 +55,7 @@ if USE_CURL +--- aide-0.17.3/Makefile.am.orig 2021-02-24 12:03:16.648845473 +0100 ++++ aide-0.17.3/Makefile.am 2021-02-24 12:03:57.336978950 +0100 +@@ -59,7 +59,7 @@ aide_SOURCES += include/fopen.h src/fopen.c endif --aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ -+aide_LDADD = -lm @LDFLAGS@ @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ - AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g - AM_CPPFLAGS = -I$(top_srcdir) \ - -I$(top_srcdir)/include \ +-aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CAPLIB@ ${CURL_LIBS} ++aide_LDADD = -lm @LDFLAGS@ @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CAPLIB@ ${CURL_LIBS} + + if HAVE_CHECK + TESTS = check_aide ++++++ aide-0.16.2.tar.gz -> aide-0.17.3.tar.gz ++++++ ++++ 36674 lines of diff (skipped) ++++++ aide-xattr-in-libc.patch ++++++ --- /var/tmp/diff_new_pack.ENrU4d/_old 2021-02-25 18:29:00.290241568 +0100 +++ /var/tmp/diff_new_pack.ENrU4d/_new 2021-02-25 18:29:00.294241572 +0100 @@ -1,19 +1,27 @@ -diff -Pdpru aide-0.16.1.orig/configure.ac aide-0.16.1/configure.ac ---- aide-0.16.1.orig/configure.ac 2019-03-17 22:12:56.269936982 +0100 -+++ aide-0.16.1/configure.ac 2019-03-17 22:14:48.084669784 +0100 -@@ -536,7 +536,7 @@ AC_ARG_WITH([xattr], +diff -ru old/configure.ac new/configure.ac +--- old/configure.ac 2021-02-10 22:01:14.000000000 +0100 ++++ new/configure.ac 2021-02-24 13:17:31.287619804 +0100 +@@ -483,7 +483,7 @@ AS_IF([test "x$with_xattr_support" != xno], [AC_DEFINE(WITH_XATTR,1,[use xattr]) - ATTRLIB=-lattr + ATTRLIB= compoptionstring="${compoptionstring}WITH_XATTR\\n" - aideextragroups="${aideextragroups}+xattrs" AC_MSG_RESULT(yes)], -diff -Pdpru aide-0.16.1.orig/include/db_config.h aide-0.16.1/include/db_config.h ---- aide-0.16.1.orig/include/db_config.h 2019-03-17 22:12:56.269936982 +0100 -+++ aide-0.16.1/include/db_config.h 2019-03-17 22:16:01.303841342 +0100 -@@ -62,7 +62,6 @@ typedef struct acl_type { + [AC_MSG_RESULT(no)] +diff -ru old/include/db_config.h new/include/db_config.h +--- old/include/db_config.h 2021-02-10 22:01:14.000000000 +0100 ++++ new/include/db_config.h 2021-02-24 13:49:16.813840910 +0100 +@@ -23,7 +23,6 @@ + #ifndef _DB_CONFIG_H_INCLUDED + #define _DB_CONFIG_H_INCLUDED + #include "config.h" +-#include "attributes.h" + #include "report.h" + #include "types.h" + #include <unistd.h> +@@ -48,7 +47,6 @@ #ifdef WITH_XATTR /* Do generic user Xattrs. */ #include <sys/xattr.h> @@ -21,3 +29,5 @@ #ifndef ENOATTR # define ENOATTR ENODATA #endif +Only in new/include: md.h.orig +Only in new/src: md.c.orig ++++++ aide.conf ++++++ --- /var/tmp/diff_new_pack.ENrU4d/_old 2021-02-25 18:29:00.310241581 +0100 +++ /var/tmp/diff_new_pack.ENrU4d/_new 2021-02-25 18:29:00.314241585 +0100 @@ -1,85 +1,85 @@ # -# AIDE _Example_ Configuration +# AIDE _Example_ Configuration # -# Thanks to the Debian people and Dirk M??ller <dmu...@gmx.net> +# Thanks to the Debian people and Dirk M??ller <dmu...@gmx.net> # -# Use at your own risk! +# Use at your own risk! # -# Matthias G. Eckermann <m...@suse.de> +# Matthias G. Eckermann <m...@suse.de> # # # Configuration parameters # -database=file:/var/lib/aide/aide.db +database_in=file:/var/lib/aide/aide.db database_out=file:/var/lib/aide/aide.db.new -verbose=1 report_url=stdout warn_dead_symlinks=yes # # Custom rules # -Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 -ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 -Logs = p+i+n+u+g+S -Devices = p+i+n+u+g+s+b+c+sha256+sha512 -Databases = p+n+u+g -StaticDir = p+i+n+u+g -ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 +Binlib = p+i+n+u+g+s+b+m+c+sha256+sha512 +ConfFiles = p+i+n+u+g+s+b+m+c+sha256+sha512 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+sha256+sha512 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+sha256+sha512 # # Directories and files # # Kernel, system map, etc. -/boot Binlib +/boot Binlib # watch config files, but exclude, what changes at boot time, ... !/etc/mtab !/etc/lvm* -/etc ConfFiles +/etc ConfFiles # Binaries -/bin Binlib -/sbin Binlib +/bin Binlib +/sbin Binlib # Libraries -/lib Binlib +/lib Binlib # Complete /usr and /opt -/usr Binlib -/opt Binlib +/usr Binlib +/opt Binlib # Log files -/var/log$ StaticDir -#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases -#/var/log/aide/error.log(.[0-9])?(.gz)? Databases -#/var/log/setuid.changes(.[0-9])?(.gz)? Databases -/var/log Logs +/var/log$ StaticDir +#/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +#/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +/var/log Logs # Devices !/dev/pts -/dev Devices +/dev Devices # Other miscellaneous files -/var/run$ StaticDir +/var/run$ StaticDir !/var/run -/var/lib Databases +/var/lib Databases # Test only the directory when dealing with /proc -/proc$ StaticDir +/proc$ StaticDir !/proc # manpages can be trojaned, especially depending on *roff implementation -#/usr/man ManPages -#/usr/share/man ManPages -#/usr/local/man ManPages +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages # check sources for modifications -#/usr/src L -#/usr/local/src L +#/usr/src L +#/usr/local/src L # Check headers for same -#/usr/include L -#/usr/local/include L +#/usr/include L +#/usr/local/include L +
