Blob Blame History Raw
# segfaults
%{!?_with_curl: %{!?_without_curl: %global _without_curl --without-curl}}

Summary: Intrusion detection environment
Name: aide
Version: 0.15.1
Release: 13%{?dist}.1
URL: http://sourceforge.net/projects/aide
License: GPLv2+
Group: Applications/System
Source0: http://downloads.sourceforge.net/aide/aide-%{version}.tar.gz
Source1: aide.conf
Source2: README.quickstart
Source3: aide.logrotate
# Customize the database file location in the man page.
Patch1: aide-0.14-man.patch
# fix aide in FIPS mode
Patch2: aide-0.15.1-fipsfix.patch
# warn if processing prelinked binary objects and the prelink binary is not available
Patch3: aide-0.15.1-prelinkwarn.patch
Patch4: aide-0.15-syslog-format.patch
Patch5: aide-0.15-error-messages.patch

# 2041952 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF
Patch6: aide-0.16-CVE-2021-45417.patch


Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
BuildRequires: mktemp
%ifnarch aarch64 ppc64le
BuildRequires: prelink
%endif
BuildRequires: elfutils-libelf-devel
%if 0%{?rhel} == 0
Buildrequires: mhash-devel
%endif
Buildrequires: zlib-devel libgcrypt-devel
Buildrequires: flex bison
Buildrequires: libattr-devel e2fsprogs-devel
Buildrequires: libacl-devel libselinux-devel
Buildrequires: audit-libs-devel >= 1.2.8-2
%if "%{?_with_curl}x" != "x"
Buildrequires: curl-devel
%endif

%description
AIDE (Advanced Intrusion Detection Environment) is a file integrity
checker and intrusion detection program.


%prep
%setup -q
%patch1 -p1 -b .man
%patch2 -p1 -b .fipsfix
%patch3 -p1 -b .prelinkwarn
%patch4 -p1 -b .syslog-format
%patch5 -p1 -b .error-messages
%patch6 -p1 -b .cve


%build
%configure --with-config_file=%{_sysconfdir}/aide.conf \
           --with-zlib \
           --disable-static \
%if 0%{?rhel} == 0
           --with-mhash \
%endif
           %{?_with_curl} %{?_without_curl} \
           --with-posix-acl \
           --with-selinux \
%ifnarch aarch64 ppc64le
           --with-prelink \
%else
	   --without-prelink \
%endif
           --with-xattr \
           --with-e2fsattrs \
           --with-audit

make


%install
rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/aide
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
install -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}
mkdir -p -m0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/aide
install -p %{SOURCE2} README.quickstart
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/aide

%clean
rm -rf $RPM_BUILD_ROOT


%files
%defattr(0644,root,root,0755)
%doc AUTHORS COPYING ChangeLog NEWS README doc/manual.html contrib/
%doc README.quickstart
%attr(0700,root,root) %{_sbindir}/aide
%{_mandir}/man1/*
%{_mandir}/man5/*
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/aide.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/aide
%dir %attr(0700,root,root) %{_localstatedir}/lib/aide
%dir %attr(0700,root,root) %{_localstatedir}/log/aide


%changelog
* Tue Jan 25 2022 Radovan Sroka <rsroka@redhat.com> - 0.15.1.1
- backported fix for CVE-2021-45417
  resolves: rhbz#2041952

* Mon Mar 20 2017 Radovan Sroka <rsroka@redhat.com> - 0.15.1-13
- RHEL 7.4 ERRATUM
  Resolves: rhbz#1400548

* Tue Mar 07 2017 Radovan Sroka <rsroka@redhat.com> - 0.15.1-12
- RHEL 7.4 ERRATUM
  Resolves: rhbz#1377215

* Tue Jul 19 2016 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-11
- Corrected typos in the default configuration file
  Resolves: rhbz#1304334

* Fri Jun 24 2016 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-10
- Updated the default configuration file. New defaults contributed
  by Steve Grubb.
  Resolves: rhbz#1304334

* Mon Aug  4 2014 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-9
- Don't require prelink on aarch64 and ppc64le
  Resolves: rhbz#1078555
  Resolves: rhbz#1125462

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.15.1-8
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.15.1-7
- Mass rebuild 2013-12-27

* Fri Nov 08 2013 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-6
- warn if processing prelinked binary objects and the prelink binary
  is not available
  Resolves: rbhz#1004826

* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Thu Nov 22 2012 Daniel Kopecek <dkopecek@redhat.com> - 0.15.1-4
- added patch to fix aide in FIPS mode
- use only FIPS approved digest algorithms in aide.conf so that
  aide works by default in FIPS mode

* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Thu Nov 11 2010 Steve Grubb <sgrubb@redhat.com> - 0.15.1-1
- New upstream release

* Tue May 18 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-5
- Apply 2 upstream bug fixes

* Tue May 18 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-4
- Use upstream's patch to fix bz 590566

* Sat May 15 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-3
- Fix bz 590561 aide does not detect the change of SElinux context
- Fix bz 590566 aide reports a changed file when it has not been changed

* Wed Apr 28 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-2
- Fix bz 574764 by replacing abort calls with exit
- Apply libgcrypt init patch

* Tue Mar 16 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-1
- New upstream release final 0.14

* Thu Feb 25 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.4.rc3
- New upstream release

* Thu Feb 25 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.3.rc2
- New upstream release

* Tue Feb 23 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.2.rc1
- Fix dirent detection on 64bit systems

* Mon Feb 22 2010 Steve Grubb <sgrubb@redhat.com> - 0.14-0.1.rc1
- New upstream release

* Fri Feb 19 2010 Steve Grubb <sgrubb@redhat.com> - 0.13.1-16
- Add logrotate script and spec file cleanups

* Fri Dec 11 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-15
- Get rid of .dedosify files

* Wed Dec 09 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-14
- Revise patch for Initialize libgcrypt correctly (#530485)

* Sat Nov 07 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-13
- Initialize libgcrypt correctly (#530485)

* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.13.1-12
- rebuilt with new audit

* Wed Aug 19 2009 Steve Grubb <sgrubb@redhat.com> 0.13.1-11
- rebuild for new audit-libs
- Correct regex for root's dot files (#509370)

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Mon Jun 08 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-9
- Make aide smarter about prelinked files (Peter Vrabec)
- Add /lib64 to default config

* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.13.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Fri Jan 30 2009 Steve Grubb <sgrubb@redhat.com> - 0.13.1-6
- enable xattr support and update config file

* Fri Sep 26 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.13.1-5
- fix selcon patch to apply without fuzz

* Fri Feb 15 2008 Steve Conklin <sconklin@redhat.com>
- rebuild for gcc4.3

* Tue Aug 21 2007 Michael Schwendt <mschwendt[AT]users.sf.net>
- rebuilt

* Sun Jul 22 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13.1-2
- Apply Steve Conklin's patch to increase displayed portion of
  selinux context.

* Sun Dec 17 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13.1-1
- Update to 0.13.1 release.

* Sun Dec 10 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.13-1
- Update to 0.13 release.
- Include default aide.conf from RHEL5 as doc example file.

* Sun Oct 29 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-3.20061027cvs
- CAUTION! This changes the database format and results in a report of
  false inconsistencies until an old database file is updated.
- Check out CVS 20061027 which now contains Red Hat's
  acl/xattr/selinux/audit patches.
- Patches merged upstream.
- Update manual page substitutions.

* Mon Oct 23 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-2
- Add "memory leaks and performance updates" patch as posted
  to aide-devel by Steve Grubb.

* Sat Oct 07 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.12-1
- Update to 0.12 release.
- now offers --disable-static, so -no-static patch is obsolete
- fill last element of getopt struct array with zeroes

* Mon Oct 02 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.11-3
- rebuilt

* Mon Sep 11 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.11-2
- rebuilt

* Sun Feb 19 2006 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.11-1
- Update to 0.11 release.
- useless-includes patch merged upstream.
- old Russian man pages not available anymore.
- disable static linking.

* Fri Apr  7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
- rebuilt

* Fri Nov 28 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.10-0.fdr.1
- Update to 0.10 release.
- memleaks patch merged upstream.
- rootpath patch merged upstream.
- fstat patch not needed anymore.
- Updated URL.

* Thu Nov 13 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.10-0.fdr.0.2.cvs20031104
- Added buildreq m4 to work around incomplete deps of bison package.

* Tue Nov 04 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.10-0.fdr.0.1.cvs20031104
- Only tar.gz available upstream.
- byacc not needed when bison -y is available.
- Installed Russian manual pages.
- Updated with changes from CVS (2003-11-04).
- getopt patch merged upstream.
- bison-1.35 patch incorporated upstream.

* Tue Sep 09 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.9-0.fdr.0.2.20030902
- Added fixes for further memleaks.

* Sun Sep 07 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.9-0.fdr.0.1.20030902
- Initial package version.