diff --git a/aide-0.17.3.tar.gz b/aide-0.17.3.tar.gz deleted file mode 100644 index fee206ffda7a05c69a7ce72f8a8d09869bc2b7b1..0000000000000000000000000000000000000000 Binary files a/aide-0.17.3.tar.gz and /dev/null differ diff --git a/aide-0.17.4.tar.gz b/aide-0.17.4.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..c2c9589bc9d0330b93f6582c921b2802dfa52a35 Binary files /dev/null and b/aide-0.17.4.tar.gz differ diff --git a/aide.spec b/aide.spec index 3dc2be7a45e7b9af2eb03ff227a3226c18802f6f..8cc3c4ad1d49aec526affcfe9df36504a4310dc4 100644 --- a/aide.spec +++ b/aide.spec @@ -1,6 +1,6 @@ Name: aide -Version: 0.17.3 -Release: 6 +Version: 0.17.4 +Release: 1 Summary: Advanced Intrusion Detection Environment License: GPLv2+ URL: http://sourceforge.net/projects/aide @@ -14,10 +14,9 @@ BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audi BuildRequires: autoconf automake Patch0: Add-sm3-algorithm-for-aide.patch -Patch1: backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch -Patch2: backport-Handle-malformed-database-lines.patch -Patch3: backport-Fix-handling-of-duplicate-database-entries.patch -Patch4: backport-Switch-from-PCRE-to-PCRE2-closes-116.patch +Patch1: backport-Handle-malformed-database-lines.patch +Patch2: backport-Fix-handling-of-duplicate-database-entries.patch +Patch3: backport-Switch-from-PCRE-to-PCRE2-closes-116.patch %description AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. @@ -68,6 +67,12 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide %{_mandir}/*/* %changelog +* Thu Oct 20 2022 yixiangzhike - 0.17.4-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: update to 0.17.4 + * Tue Oct 18 2022 yixiangzhike - 0.17.3-6 - Type:bugfix - ID:NA diff --git a/backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch b/backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch deleted file mode 100644 index 416ded00831cba2480405edc217e78f6ef10093f..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-45417-Precalculate-buffer-size-in-base64-functions.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 9c3cc43f55f6b2935250932109eb23c60aaf1035 Mon Sep 17 00:00:00 2001 -From: Hannes von Haugwitz -Date: Sat, 15 Jan 2022 17:16:51 +0100 -Subject: [PATCH] Precalculate buffer size in base64 functions - -Aide uses a fixed size (16k bytes) for the return buffer in -encode_base64/decode_base64 functions. This results in a segfault if -aide processes a file with too large extended attribute value or ACL. - -Fix this issue by precalculating the size of the return buffer depending on -the input in the encode_base64/decode_base64 functions. - -This addresses CVE-2021-45417. Thanks to David Bouman for reporting this -vulnerability and reviewing this patch. ---- - include/base64.h | 1 - - src/base64.c | 35 +++++++++++++++++------------------ - src/db.c | 6 ++++-- - 3 files changed, 21 insertions(+), 21 deletions(-) - -diff --git a/include/base64.h b/include/base64.h -index a446812..d9cbfd2 100644 ---- a/include/base64.h -+++ b/include/base64.h -@@ -35,7 +35,6 @@ - #include - #include "types.h" - --#define B64_BUF 16384 - #define FAIL -1 - #define SKIP -2 - -diff --git a/src/base64.c b/src/base64.c -index e01c0f5..09098db 100644 ---- a/src/base64.c -+++ b/src/base64.c -@@ -85,11 +85,9 @@ FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL, FAIL - }; - - /* Returns NULL on error */ --/* FIXME Possible buffer overflow on outputs larger than B64_BUF */ - char* encode_base64(byte* src,size_t ssize) - { - char* outbuf; -- char* retbuf; - int pos; - int i, l, left; - unsigned long triple; -@@ -100,7 +98,10 @@ char* encode_base64(byte* src,size_t ssize) - log_msg(LOG_LEVEL_DEBUG,"encode base64: empty string"); - return NULL; - } -- outbuf = (char *)checked_malloc(sizeof(char)*B64_BUF); -+ -+ /* length of encoded base64 string (padded) */ -+ size_t length = sizeof(char)* ((ssize + 2) / 3) * 4; -+ outbuf = (char *)checked_malloc(length + 1); - - /* Initialize working pointers */ - inb = src; -@@ -161,20 +162,14 @@ char* encode_base64(byte* src,size_t ssize) - inb++; - } - -- /* outbuf is not completely used so we use retbuf */ -- retbuf=(char*)checked_malloc(sizeof(char)*(pos+1)); -- memcpy(retbuf,outbuf,pos); -- retbuf[pos]='\0'; -- free(outbuf); -+ outbuf[pos]='\0'; - -- return retbuf; -+ return outbuf; - } - --/* FIXME Possible buffer overflow on outputs larger than B64_BUF */ - byte* decode_base64(char* src,size_t ssize, size_t *ret_len) - { - byte* outbuf; -- byte* retbuf; - char* inb; - int i; - int l; -@@ -188,10 +183,18 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) - return NULL; - } - -+ /* exit on unpadded input */ -+ if (ssize % 4) { -+ log_msg(LOG_LEVEL_WARNING, "decode_base64: '%s' has invalid length (missing padding characters?)", src); -+ return NULL; -+ } -+ -+ /* calculate length of decoded string, substract padding chars if any (ssize is >= 4) */ -+ size_t length = sizeof(byte) * ((ssize / 4) * 3)- (src[ssize-1] == '=') - (src[ssize-2] == '='); - - /* Initialize working pointers */ - inb = src; -- outbuf = (byte *)checked_malloc(sizeof(byte)*B64_BUF); -+ outbuf = (byte *)checked_malloc(length + 1); - - l = 0; - triple = 0; -@@ -242,15 +245,11 @@ byte* decode_base64(char* src,size_t ssize, size_t *ret_len) - inb++; - } - -- retbuf=(byte*)checked_malloc(sizeof(byte)*(pos+1)); -- memcpy(retbuf,outbuf,pos); -- retbuf[pos]='\0'; -- -- free(outbuf); -+ outbuf[pos]='\0'; - - if (ret_len) *ret_len = pos; - -- return retbuf; -+ return outbuf; - } - - size_t length_base64(char* src,size_t ssize) -diff --git a/src/db.c b/src/db.c -index d8b23a2..ac55f0a 100644 ---- a/src/db.c -+++ b/src/db.c -@@ -428,13 +428,15 @@ db_line* db_char2line(char** ss, database* db){ - - time_t base64totime_t(char* s, database* db, const char* field_name){ - -+ if(strcmp(s,"0")==0){ -+ return 0; -+ } - byte* b=decode_base64(s,strlen(s),NULL); - char* endp; - -- if (b==NULL||strcmp(s,"0")==0) { -+ if (b==NULL) { - - /* Should we print error here? */ -- free(b); - - return 0; - } else { --- -1.8.3.1 -