Bug#1034060: unblock: aide/0.18.2-1

2023-05-15 Thread Bastian Germann 

Control: tags -1 - moreinfo

The package has migrated, so this request can be closed.

Bug#1034060: unblock: aide/0.18.2-1

2023-04-20 Thread Paul Gevers 

Control: tags -1 confirmed moreinfo

On 07-04-2023 19:34, Marc Haber wrote:

This is a pre-upload request for guidance regarding aide 0.18.2.
upstream released a new version that fixes a number of locking issues,
each of which possible a release-critical bug.


It seems you are overly cautious in this case.


The aide package has autopkgtests.


As aide is not a key package, this means we don't need to be involved if 
we're not going into full freeze already.



A debdiff of the actual package will be delivered for approval before
upload once you have indicated that you would consider approval. Thanks
in advance.


A debdiff normally contains all changes including the debian/changelog. 
I'm fine for now.


Please remove the moreinfo tag once the package is uploaded and might 
miss bookworm due to an announcement of the full freeze (I'd expect if 
you upload soon, we don't need to be further involved).


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1034060: unblock: aide/0.18.2-1

2023-04-08 Thread Marc Haber 
On Fri, Apr 07, 2023 at 07:34:54PM +0200, Marc Haber wrote:
> I am attaching the upstream diff between 0.18.1 and 0.18.2, pulled apart
> to the respective commits, 273 lines length including commit messages,
> comments and the noise caused by the release.

Forgot trhe attachment.

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
commit 3d5b18b9e5e1c51533ac01d8acd3499b2f9fcc2e
Author: Hannes von Haugwitz 
Date:   Fri Apr 7 16:06:18 2023 +0200

Release aide 0.18.2

commit adc07f01042f327b78e4e787bb0afbbae73d566a
Author: Hannes von Haugwitz 
Date:   Mon Apr 3 21:15:05 2023 +0200

Add another missing lock for tree operations

commit d3376eb6523bbae5ee8b8ea32c14355045524e12
Author: Hannes von Haugwitz 
Date:   Sat Apr 1 11:21:54 2023 +0200

Add missing lock for tree operations during file system scan

commit 5d46267c5d72bc2263aba76496707490acdb2a28
Author: Hannes von Haugwitz 
Date:   Wed Mar 8 20:50:58 2023 +0100

Add warning if rules contain not compiled-in attributes
commit 5d46267c5d72bc2263aba76496707490acdb2a28
Author: Hannes von Haugwitz 
Date:   Wed Mar 8 20:50:58 2023 +0100

Add warning if rules contain not compiled-in attributes

diff --git a/ChangeLog b/ChangeLog
index 31ff00c..b6435bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2023-03-08 Hannes von Haugwitz 
+   * Add warning if rules contain not compiled-in attributes (closes: #153)
+
 2023-03-04 Hannes von Haugwitz 
* Release aide 0.18.1
 
diff --git a/NEWS b/NEWS
index 88ae5af..97db895 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Version 0.18.2 (UNRELEASED)
+* Add warning if rules contain not compiled-in attributes
+
 Version 0.18.1 (2023-03-04)
 * Fix handling of empty growing files
 * Fix segfault when using --dry-init
diff --git a/src/commandconf.c b/src/commandconf.c
index 1fcfbaa..e5ef8b9 100644
--- a/src/commandconf.c
+++ b/src/commandconf.c
@@ -338,14 +338,40 @@ bool add_rx_rule_to_tree(char* rx, char* rule_prefix, 
RESTRICTION_TYPE restricti
 r->config_line = checked_strdup(linebuf);
 r->prefix = rule_prefix;
 
+char *str;
+
 DB_ATTR_TYPE unsupported_hashes = 
attr&(get_hashes(true)&~get_hashes(false));
 if (unsupported_hashes) {
-char *str;
 LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_WARNING, "ignoring unsupported 
hash algorithm(s): %s", str = diff_attributes(0, unsupported_hashes));
 free(str);
 attr &= ~unsupported_hashes;
 }
 
+DB_ATTR_TYPE unsupported_attrs = attr&
+(0
+#ifndef WITH_ACL
+ |ATTR(attr_acl)
+#endif
+#ifndef WITH_SELINUX
+ |ATTR(attr_selinux)
+#endif
+#ifndef WITH_XATTR
+ |ATTR(attr_xattrs)
+#endif
+#ifndef WITH_E2FSATTRS
+ |ATTR(attr_e2fsattrs)
+#endif
+#ifndef WITH_CAPABILITIES
+ |ATTR(attr_capabilities)
+#endif
+)
+;
+if (unsupported_attrs) {
+LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_WARNING, "ignoring not 
compiiled-in attribute(s): %s", str = diff_attributes(0, unsupported_attrs));
+free(str);
+attr &= ~unsupported_attrs;
+}
+
 r->attr=attr;
 if (attr&ATTR(attr_sizeg)) {
 log_msg(LOG_LEVEL_NOTICE, "%s:%d: Using 'S' attribute is 
DEPRECATED and will be removed in the release after next. Update your config 
and use 'growing+s' instead (line: '%s')", filename, linenumber, linebuf);
commit d3376eb6523bbae5ee8b8ea32c14355045524e12
Author: Hannes von Haugwitz 
Date:   Sat Apr 1 11:21:54 2023 +0200

Add missing lock for tree operations during file system scan

diff --git a/ChangeLog b/ChangeLog
index b6435bf..80d0366 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2023-04-01 Hannes von Haugwitz 
+   * Add missing lock for tree operations during file system scan
+
 2023-03-08 Hannes von Haugwitz 
* Add warning if rules contain not compiled-in attributes (closes: #153)
 
diff --git a/NEWS b/NEWS
index 97db895..5904559 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,6 @@
 Version 0.18.2 (UNRELEASED)
 * Add warning if rules contain not compiled-in attributes
+* Add missing lock for tree operations during file system scan
 
 Version 0.18.1 (2023-03-04)
 * Fix handling of empty growing files
diff --git a/src/db_disk.c b/src/db_disk.c
index a1f1606..1bc91bb 100644
--- a/src/db_disk.c
+++ b/src/db_disk.c
@@ -46,6 +46,10 @@
 #include 
 #endif
 
+#ifdef WITH_PTHREAD
+pthread_mutex_t seltree_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+
 static int get_file_status(char *filename, struct stat *fs) {
 int sres = 0;
 sres = lstat(filename,fs);
@@ -121,7 +125,13 @@ void scan_dir(char *root_path, bool dry_run) {
 
 log_msg(LOG_LE

Bug#1034060: unblock: aide/0.18.2-1

2023-04-07 Thread Marc Haber 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@packages.debian.org
Control: affects -1 + src:aide

This is a pre-upload request for guidance regarding aide 0.18.2.
upstream released a new version that fixes a number of locking issues,
each of which possible a release-critical bug.

Debian does not have reports of these bugs since aide is seldomly used on
unstable/testing machines, but they have shown up during testing on
upstream side and are fixed now.

All downstream dependencies of aide are either in-package or
Recommends/Suggests, so breaking other packages unlikely.

I am attaching the upstream diff between 0.18.1 and 0.18.2, pulled apart
to the respective commits, 273 lines length including commit messages,
comments and the noise caused by the release.

The aide package has autopkgtests.

I reviewed the changes and approve them.

Please indicate whether you would be ok with going with the upstream
release via unstable to bookworm.

A debdiff of the actual package will be delivered for approval before
upload once you have indicated that you would consider approval. Thanks
in advance.

Greetings
Marc