Bug#1071564: marked as done (bookworm-pu: package aide/0.18.3-1+deb12u3)
Your message dated Sat, 29 Jun 2024 10:46:20 + with message-id and subject line Released with 12.6 has caused the Debian Bug report #1071564, regarding bookworm-pu: package aide/0.18.3-1+deb12u3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1071564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide User: release.debian@packages.debian.org Usertags: pu This upload fixes #1070805. The reporter, Hannes, is upstream and a DD, and thinks the issue warrants a stable update. [ Reason ] aide 0.18 has introduced some concurrency in processing. There is a bug that makes fail to concurrently read extended attributes (xattrs) due to variables shared between worker threads. [ Impact ] Incomplete aide checks [ Tests ] The fix is in productive use (in a git snapshot of HEAD) at upstream and the Debian maintainer. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Upstream patch 732e7e2e diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog --- aide-0.18.3/debian/changelog2023-07-01 14:37:51.0 +0200 +++ aide-0.18.3/debian/changelog2024-05-16 13:32:11.0 +0200 @@ -1,3 +1,10 @@ +aide (0.18.3-1+deb12u3) bookworm; urgency=medium + + * Upstream patch to fix concurrent reading of extended +attributes (xattrs) (Closes: #1070805) + + -- Marc Haber Thu, 16 May 2024 13:32:11 +0200 + aide (0.18.3-1+deb12u2) bookworm; urgency=medium * Upstream patch to fix child directory processing on equal match diff -Nru aide-0.18.3/debian/patches/debian-bug-1070805 aide-0.18.3/debian/patches/debian-bug-1070805 --- aide-0.18.3/debian/patches/debian-bug-1070805 1970-01-01 01:00:00.0 +0100 +++ aide-0.18.3/debian/patches/debian-bug-1070805 2024-05-16 13:32:11.0 +0200 @@ -0,0 +1,47 @@ +Description: Fix concurrent reading of extended attributes (xattrs) +Author: Hannes von Haugwitz +Origin: 732e7e2e7dc91bb614c508518c0abc6cab85565c +Date: Mon May 16 13:30:00 2024 +0200 +Forwarded: not-needed +--- a/src/do_md.c b/src/do_md.c +@@ -478,14 +478,13 @@ static void xattr_add(xattrs_type *xattr + void xattrs2line(db_line *line) { + /* get all generic user xattrs. */ + xattrs_type *xattrs = NULL; +-static ssize_t xsz = 1024; +-static char *xatrs = NULL; + ssize_t xret = -1; + + if (!(ATTR(attr_xattrs)>attr)) + return; + +-if (!xatrs) xatrs = checked_malloc(xsz); ++ssize_t xsz = 1024; ++char *xatrs = xatrs = checked_malloc(xsz); + + while (((xret = llistxattr(line->fullpath, xatrs, xsz)) == -1) && (errno == ERANGE)) { + xsz <<= 1; +@@ -498,10 +497,8 @@ void xattrs2line(db_line *line) { + log_msg(LOG_LEVEL_WARNING, "listxattrs failed for %s:%s", line->fullpath, strerror(errno)); + } else if (xret) { + const char *attr = xatrs; +-static ssize_t asz = 1024; +-static char *val = NULL; +- +-if (!val) val = checked_malloc(asz); ++ssize_t asz = 1024; ++char *val = checked_malloc(asz); + + xattrs = xattr_new(); + +@@ -529,7 +526,9 @@ next_attr: + attr += len + 1; + xret -= len + 1; + } ++free(val); + } ++free(xatrs); + + line->xattrs = xattrs; + } diff -Nru aide-0.18.3/debian/patches/series aide-0.18.3/debian/patches/series --- aide-0.18.3/debian/patches/series 2023-07-01 14:37:51.0 +0200 +++ aide-0.18.3/debian/patches/series 2024-05-16 13:32:11.0 +0200 @@ -1,3 +1,4 @@ debian-bug-1039936 debian-bug-1037436 compare-logs +debian-bug-1070805 --- End Message --- --- Begin Message --- Version: 12.6 The upload requested in this bug has been released as part of 12.6.--- End Message ---
Processed: aide 0.18.3-1+deb12u3 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1071564 = bookworm pending Bug #1071564 [release.debian.org] bookworm-pu: package aide/0.18.3-1+deb12u3 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1071564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1071564: aide 0.18.3-1+deb12u3 flagged for acceptance
package release.debian.org tags 1071564 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: aide Version: 0.18.3-1+deb12u3 Explanation: fix concurrent reading of extended attributes
Bug#1071564: bookworm-pu: package aide/0.18.3-1+deb12u3
On Sat, Jun 15, 2024 at 04:23:25PM +0100, Adam D. Barratt wrote: > On Tue, 2024-05-21 at 12:00 +0200, Marc Haber wrote: > > aide 0.18 has introduced some concurrency in processing. There is a > > bug > > that makes fail to concurrently read extended attributes (xattrs) due > > to > > variables shared between worker threads. > > Please go ahead. Uploaded! Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Processed: Re: Bug#1071564: bookworm-pu: package aide/0.18.3-1+deb12u3
Processing control commands: > tags -1 + confirmed Bug #1071564 [release.debian.org] bookworm-pu: package aide/0.18.3-1+deb12u3 Added tag(s) confirmed. -- 1071564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1071564: bookworm-pu: package aide/0.18.3-1+deb12u3
Control: tags -1 + confirmed On Tue, 2024-05-21 at 12:00 +0200, Marc Haber wrote: > aide 0.18 has introduced some concurrency in processing. There is a > bug > that makes fail to concurrently read extended attributes (xattrs) due > to > variables shared between worker threads. Please go ahead. Regards, Adam
Bug#1071564: bookworm-pu: package aide/0.18.3-1+deb12u3
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide User: release.debian@packages.debian.org Usertags: pu This upload fixes #1070805. The reporter, Hannes, is upstream and a DD, and thinks the issue warrants a stable update. [ Reason ] aide 0.18 has introduced some concurrency in processing. There is a bug that makes fail to concurrently read extended attributes (xattrs) due to variables shared between worker threads. [ Impact ] Incomplete aide checks [ Tests ] The fix is in productive use (in a git snapshot of HEAD) at upstream and the Debian maintainer. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Upstream patch 732e7e2e diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog --- aide-0.18.3/debian/changelog2023-07-01 14:37:51.0 +0200 +++ aide-0.18.3/debian/changelog2024-05-16 13:32:11.0 +0200 @@ -1,3 +1,10 @@ +aide (0.18.3-1+deb12u3) bookworm; urgency=medium + + * Upstream patch to fix concurrent reading of extended +attributes (xattrs) (Closes: #1070805) + + -- Marc Haber Thu, 16 May 2024 13:32:11 +0200 + aide (0.18.3-1+deb12u2) bookworm; urgency=medium * Upstream patch to fix child directory processing on equal match diff -Nru aide-0.18.3/debian/patches/debian-bug-1070805 aide-0.18.3/debian/patches/debian-bug-1070805 --- aide-0.18.3/debian/patches/debian-bug-1070805 1970-01-01 01:00:00.0 +0100 +++ aide-0.18.3/debian/patches/debian-bug-1070805 2024-05-16 13:32:11.0 +0200 @@ -0,0 +1,47 @@ +Description: Fix concurrent reading of extended attributes (xattrs) +Author: Hannes von Haugwitz +Origin: 732e7e2e7dc91bb614c508518c0abc6cab85565c +Date: Mon May 16 13:30:00 2024 +0200 +Forwarded: not-needed +--- a/src/do_md.c b/src/do_md.c +@@ -478,14 +478,13 @@ static void xattr_add(xattrs_type *xattr + void xattrs2line(db_line *line) { + /* get all generic user xattrs. */ + xattrs_type *xattrs = NULL; +-static ssize_t xsz = 1024; +-static char *xatrs = NULL; + ssize_t xret = -1; + + if (!(ATTR(attr_xattrs)>attr)) + return; + +-if (!xatrs) xatrs = checked_malloc(xsz); ++ssize_t xsz = 1024; ++char *xatrs = xatrs = checked_malloc(xsz); + + while (((xret = llistxattr(line->fullpath, xatrs, xsz)) == -1) && (errno == ERANGE)) { + xsz <<= 1; +@@ -498,10 +497,8 @@ void xattrs2line(db_line *line) { + log_msg(LOG_LEVEL_WARNING, "listxattrs failed for %s:%s", line->fullpath, strerror(errno)); + } else if (xret) { + const char *attr = xatrs; +-static ssize_t asz = 1024; +-static char *val = NULL; +- +-if (!val) val = checked_malloc(asz); ++ssize_t asz = 1024; ++char *val = checked_malloc(asz); + + xattrs = xattr_new(); + +@@ -529,7 +526,9 @@ next_attr: + attr += len + 1; + xret -= len + 1; + } ++free(val); + } ++free(xatrs); + + line->xattrs = xattrs; + } diff -Nru aide-0.18.3/debian/patches/series aide-0.18.3/debian/patches/series --- aide-0.18.3/debian/patches/series 2023-07-01 14:37:51.0 +0200 +++ aide-0.18.3/debian/patches/series 2024-05-16 13:32:11.0 +0200 @@ -1,3 +1,4 @@ debian-bug-1039936 debian-bug-1037436 compare-logs +debian-bug-1070805
Processed: bookworm-pu: package aide/0.18.3-1+deb12u3
Processing control commands: > affects -1 + src:aide Bug #1071564 [release.debian.org] bookworm-pu: package aide/0.18.3-1+deb12u3 Added indication that 1071564 affects src:aide -- 1071564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1038813: marked as done (bullseye-pu: package aide/0.17.3-4+deb11u2)
Your message dated Sat, 07 Oct 2023 12:41:28 +0100 with message-id <84bb5ff8312f749ebe536897993782bf35aa1977.ca...@adam-barratt.org.uk> and subject line Closing opu requests for updates included in 11.8 has caused the Debian Bug report #1038813, regarding bullseye-pu: package aide/0.17.3-4+deb11u2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1038813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable releas team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bullseye-proposed-updates. I have never done this before and am open for suggestions to improve and for documentation pointers. A fixed package has recently migrated to testing, the corresponding bookworm request is #1037945. [ Reason ] This update fixes #1037436, a "just" important bug that causes incorrect processing of extended attributes on symlinks that are monitored by aide. This is a fix suggested by upstream (who is also a DD). [ Impact ] Without this fix, Aide will wrongly process extended attributes for the file a symlink points to, which is not the intended behavior. The fixed aide will process the extended attributes of a symlink. [ Tests ] This bug is sadly not covered by automated tests. I created a symlink with extended attributes pointing to a file with different extended attributes and verified that actually the extended attributes of the symlink show up in the database. [ Risks ] Risks are that I goofed up in the fixes. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] commit b1d036a82a336836f05ed0d6dcb0b4bab6c7501f (HEAD -> bullseye) Author: Marc Haber Date: Wed Jun 21 18:29:23 2023 +0200 prepare upload to bullseye Git-Dch: ignore commit 60e63ac4052724be4a2b078940e266e835e89bf7 Author: Marc Haber Date: Wed Jun 21 18:27:56 2023 +0200 refresh patch for bullseye Git-Dch: ignore commit f2912c100a5d3d9b37d4ab9318d5b8b9bf45025c Author: Marc Haber Date: Wed Jun 14 04:15:51 2023 +0200 Fix handling of extended attributes on symlinks Closes: #1037436 This fixes wrong behavior regarding extended attributes on symlinks. Prior versions of aide would wrongly process the extended attributes of the file a symlink points to. This fix makes aide correctly process the extended attributes of the link itself, which is the intended behavior. The fix for extended attributes on symlinks might lead to reported changed entries during the next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will not only exclude the expected changes (of the symlink files) but also the unexpected changes (of other files). [ Other info ] source debdiff attached. A binary debdiff will be delivered on request. Please indicate whether this package might be a valid candidate to be in the next bullseye point release. Greetings Marc --- End Message --- --- Begin Message --- Package: release.debian.org Version: 11.8 Hi, The updates referred to by each of these requests were included in today's 11.8 bullseye point release. Regards, Adam--- End Message ---
Bug#1040142: marked as done (bookworm-pu: package aide/0.18.3-1+deb12u2)
Your message dated Sat, 22 Jul 2023 13:19:42 + with message-id and subject line Released with 12.1 has caused the Debian Bug report #1040142, regarding bookworm-pu: package aide/0.18.3-1+deb12u2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1040142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable release team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bookworm-proposed-updates [ Reason ] This update augments 0.18.3-1+deb12u1 which has already been accepted for bookworm-pu last week. It fixes #1039936, an important bug that is a regression from bullseye and affects directory processing when using equals rules. [ Impact ] Without this bug fixes, equals rules concerning directories are incorrectly processed, which differs from the way that bullseye's aide handled this case and also differs from the way operation is documented. Debian's default configuration doesn't use equals rules and is therefore not affected, but local configurations might be. [ Tests ] Sadly, none. [ Risks ] The fix is reasonably simple, and we have done manual tests. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] In aide-0.18.3/debian/aide-common.postinst a typo in a version number in a comment is fixed, which reduces ambiguity and will reduce the size of future diffs. aide-0.18.3/debian/patches/debian-bug-1039936 adds the actual patch. It has been cherry-picked from upstream's 0.18.5 release. [ Other info ] The attached debdiff is the debdiff between 0.18.3-1+deb12u1, which is already in bookworm-proposed-updates and the newly suggested 0.18.3-1+deb12u2 which we are discussing right now. I hope this is the right thing to do to save you from reviewing the 0.18.3-1+deb12u1 changes a second time. Should you agree and tell me to go ahead with this upload, I'm planning to do the upload after 0.18.5-1 has migrated to testing to make sure that the version in testing and bookworm-pu have the issue both fixed. Greetings Marc diff -Nru aide-0.18.3/debian/aide-common.postinst aide-0.18.3/debian/aide-common.postinst --- aide-0.18.3/debian/aide-common.postinst 2023-06-14 17:04:20.0 +0200 +++ aide-0.18.3/debian/aide-common.postinst 2023-07-01 14:37:51.0 +0200 @@ -94,7 +94,7 @@ chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true fi if dpkg --compare-versions "$2" le 0.18.3-1; then -# we're updating from 0.18-3 or earlier, chown aideinit logs +# we're updating from 0.18.3-1 or earlier, chown aideinit logs chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true fi diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog --- aide-0.18.3/debian/changelog2023-06-14 17:04:20.0 +0200 +++ aide-0.18.3/debian/changelog2023-07-01 14:37:51.0 +0200 @@ -1,3 +1,10 @@ +aide (0.18.3-1+deb12u2) bookworm; urgency=medium + + * Upstream patch to fix child directory processing on equal match +(Closes: #1039936) + + -- Marc Haber Sat, 01 Jul 2023 14:37:51 +0200 + aide (0.18.3-1+deb12u1) bookworm; urgency=medium * call dh_installsysusers manually in debian/rules diff -Nru aide-0.18.3/debian/patches/debian-bug-1039936 aide-0.18.3/debian/patches/debian-bug-1039936 --- aide-0.18.3/debian/patches/debian-bug-1039936 1970-01-01 01:00:00.0 +0100 +++ aide-0.18.3/debian/patches/debian-bug-1039936 2023-07-01 14:37:51.0 +0200 @@ -0,0 +1,21 @@ +Subject: Fix child directory proccessing on equal match +Forwarded: not-needed +Source: https://github.com/aide/aide/commit/cf5026bf0852d350030d6d1a7a0351573c9512e6 +--- a/src/db_disk.c b/src/db_disk.c +@@ -171,13 +171,12 @@ void scan_dir(char *root_path, bool dry_ + #endif + switch (match) { + case RESULT_SELECTIVE_MATCH: ++case RESULT_EQUAL_MATCH: + if (S_ISDIR(fs.st_mode)) { +-log_msg(log_level, "scan_dir: add child directory '%s' to sca
Bug#1037945: marked as done (bookworm-pu: package aide/aide_0.18.3-1+deb12u1)
Your message dated Sat, 22 Jul 2023 13:19:41 + with message-id and subject line Released with 12.1 has caused the Debian Bug report #1037945, regarding bookworm-pu: package aide/aide_0.18.3-1+deb12u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1037945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable release team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bookworm-updates. I have never done this before and am open for suggestions to improve and for documentation pointers. I haven't found the bookwork point release policy yet, for example. A fixed package has been uploaded to unstable minutes ago, and I do not plan to actually upload the deb12u1 version of the package until the fixes have reached testing. [ Reason ] This update fixes #1037171, a serious bug that prevents new installations and upgrades of aide due to a misunderstanding in the dh code regarding dh_installsysusers. Embarrassing. And it also fixes #1037436, a "just" important bug that will fix correct processing of extended attributes on symlinks that are monitored by aide. This is a fix suggested by upstream (who is also a DD) and I will create a similiar package for bullseye. [ Impact ] Regarding #1037171, Aide will not be useable until the _aide account is manually created and some file permissions fixed. While package installation will succeed, neither aideinit nor the daily aide cronjob are invokeable and will error out. Regarding #1037436, Aide will wrongly process extended attributes for the file a symlink points to, which is not the intended behavior. The fixed aide will process the extended attributes of a symlink. [ Tests ] Both bugs are sadly not covered by automated tests, but I am kind of surprised that piuparts didn't catch #1037171. Regarding #1037171, I tested: - installation of aide in a bookworm VM with no aide installed before - updating 0.18.3-1 to 0.18.3-2 in a bookworm VM - updating 0.17.3-4+deb11u1 (oldstable) to 0.18.3-2 in a bookworm VM Regarding #1037436, I created a symlink with extended attributes pointing to a file with different extended attributes and verified that actually the extended attributes of the symlink show up in the database. [ Risks ] Risks are that I goofed up in the fixes. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] commit 456704ab523c6b7ca088a15ffde543fbac3fa391 Author: Marc Haber Date: Wed Jun 14 16:51:03 2023 +0200 remove trailing whitespace in debian/rules Git-Dch: ignore commit 2c221fd08e6c4d570c4a2c86c87d0a94201fbe9d Author: Marc Haber Date: Wed Jun 14 15:28:15 2023 +0200 chown aide logs even when updating from 0.18.3-1 0.18.3-1 doesn't create the account, so we need to see for correct file ownership when updating to a version that actually creates the account. commit 11547993349b3dffad11f2d6998875d58f6b0395 Author: Marc Haber Date: Wed Jun 14 04:15:51 2023 +0200 Fix handling of extended attributes on symlinks Closes: #1037436 This fixes wrong behavior regarding extended attributes on symlinks. Prior versions of aide would wrongly process the extended attributes of the file a symlink points to. This fix makes aide correctly process the extended attributes of the link itself, which is the intended behavior. The fix for extended attributes on symlinks might lead to reported changed entries during the next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will not only exclude the expected changes (of the symlink files) but also the unexpected changes (of other files). commit 0d0251e639334e0ef139c1f6f9d34b6032378d3d Author: Marc Haber Date: Tue Jun 13 16:53:49 2023 +0200 Move chown calls after #DEBHELPER# This is part of the fix for #1037171, the account is only created in the code inserted by debhelper at the #DEBHELPER# token. We thus cannot use the account after that tag. commit 218fff3fc157b89e53ece470267cb238fac5daac Au
Processed: aide 0.18.3-1+deb12u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1040142 = bookworm pending Bug #1040142 [release.debian.org] bookworm-pu: package aide/0.18.3-1+deb12u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1040142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1040142: aide 0.18.3-1+deb12u2 flagged for acceptance
package release.debian.org tags 1040142 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: aide Version: 0.18.3-1+deb12u2 Explanation: fix child directory processing on equal match
Bug#1040142: bookworm-pu: package aide/0.18.3-1+deb12u2
On Thu, Jul 06, 2023 at 07:25:35PM +0100, Adam D. Barratt wrote: > Please go ahead. Thanks for your advice. Uploaded. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Processed: Re: Bug#1040142: bookworm-pu: package aide/0.18.3-1+deb12u2
Processing control commands: > tags -1 + confirmed Bug #1040142 [release.debian.org] bookworm-pu: package aide/0.18.3-1+deb12u2 Added tag(s) confirmed. -- 1040142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1040142: bookworm-pu: package aide/0.18.3-1+deb12u2
Control: tags -1 + confirmed On Sat, 2023-07-01 at 16:03 +0200, Marc Haber wrote: > This update augments 0.18.3-1+deb12u1 which has already been accepted > for bookworm-pu last week. It fixes #1039936, an important bug that > is a > regression from bullseye and affects directory processing when using > equals rules. > > [ Impact ] > Without this bug fixes, equals rules concerning directories are > incorrectly processed, which differs from the way that bullseye's > aide > handled this case and also differs from the way operation is > documented. > Debian's default configuration doesn't use equals rules and is > therefore > not affected, but local configurations might be. > Please go ahead. Regards, Adam
Bug#1040142: bookworm-pu: package aide/0.18.3-1+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable release team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bookworm-proposed-updates [ Reason ] This update augments 0.18.3-1+deb12u1 which has already been accepted for bookworm-pu last week. It fixes #1039936, an important bug that is a regression from bullseye and affects directory processing when using equals rules. [ Impact ] Without this bug fixes, equals rules concerning directories are incorrectly processed, which differs from the way that bullseye's aide handled this case and also differs from the way operation is documented. Debian's default configuration doesn't use equals rules and is therefore not affected, but local configurations might be. [ Tests ] Sadly, none. [ Risks ] The fix is reasonably simple, and we have done manual tests. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] In aide-0.18.3/debian/aide-common.postinst a typo in a version number in a comment is fixed, which reduces ambiguity and will reduce the size of future diffs. aide-0.18.3/debian/patches/debian-bug-1039936 adds the actual patch. It has been cherry-picked from upstream's 0.18.5 release. [ Other info ] The attached debdiff is the debdiff between 0.18.3-1+deb12u1, which is already in bookworm-proposed-updates and the newly suggested 0.18.3-1+deb12u2 which we are discussing right now. I hope this is the right thing to do to save you from reviewing the 0.18.3-1+deb12u1 changes a second time. Should you agree and tell me to go ahead with this upload, I'm planning to do the upload after 0.18.5-1 has migrated to testing to make sure that the version in testing and bookworm-pu have the issue both fixed. Greetings Marc diff -Nru aide-0.18.3/debian/aide-common.postinst aide-0.18.3/debian/aide-common.postinst --- aide-0.18.3/debian/aide-common.postinst 2023-06-14 17:04:20.0 +0200 +++ aide-0.18.3/debian/aide-common.postinst 2023-07-01 14:37:51.0 +0200 @@ -94,7 +94,7 @@ chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true fi if dpkg --compare-versions "$2" le 0.18.3-1; then -# we're updating from 0.18-3 or earlier, chown aideinit logs +# we're updating from 0.18.3-1 or earlier, chown aideinit logs chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true fi diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog --- aide-0.18.3/debian/changelog2023-06-14 17:04:20.0 +0200 +++ aide-0.18.3/debian/changelog2023-07-01 14:37:51.0 +0200 @@ -1,3 +1,10 @@ +aide (0.18.3-1+deb12u2) bookworm; urgency=medium + + * Upstream patch to fix child directory processing on equal match +(Closes: #1039936) + + -- Marc Haber Sat, 01 Jul 2023 14:37:51 +0200 + aide (0.18.3-1+deb12u1) bookworm; urgency=medium * call dh_installsysusers manually in debian/rules diff -Nru aide-0.18.3/debian/patches/debian-bug-1039936 aide-0.18.3/debian/patches/debian-bug-1039936 --- aide-0.18.3/debian/patches/debian-bug-1039936 1970-01-01 01:00:00.0 +0100 +++ aide-0.18.3/debian/patches/debian-bug-1039936 2023-07-01 14:37:51.0 +0200 @@ -0,0 +1,21 @@ +Subject: Fix child directory proccessing on equal match +Forwarded: not-needed +Source: https://github.com/aide/aide/commit/cf5026bf0852d350030d6d1a7a0351573c9512e6 +--- a/src/db_disk.c b/src/db_disk.c +@@ -171,13 +171,12 @@ void scan_dir(char *root_path, bool dry_ + #endif + switch (match) { + case RESULT_SELECTIVE_MATCH: ++case RESULT_EQUAL_MATCH: + if (S_ISDIR(fs.st_mode)) { +-log_msg(log_level, "scan_dir: add child directory '%s' to scan stack (reason: selective match)", _full_path[conf->root_prefix_length]); ++log_msg(log_level, "scan_dir: add child directory '%s' to scan stack (reason: selective/equal match)", _full_path[conf->root_prefix_length]); + queue_enqueue(stack, entry_full_path); + free_entry_full_path = false; + } +-// fall through +-case RESULT_EQUAL_MATCH: + if (!dry_run) { + handle_matched_file(entry_full_path, rule->attr, fs); + } diff -Nru aide-0.18.3/debian/patches/series aid
Processed: bookworm-pu: package aide/0.18.3-1+deb12u2
Processing control commands: > affects -1 + src:aide Bug #1040142 [release.debian.org] bookworm-pu: package aide/0.18.3-1+deb12u2 Added indication that 1040142 affects src:aide -- 1040142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040142 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: aide 0.17.3-4+deb11u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1038813 = bullseye pending Bug #1038813 [release.debian.org] bullseye-pu: package aide/0.17.3-4+deb11u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1038813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1038813: aide 0.17.3-4+deb11u2 flagged for acceptance
package release.debian.org tags 1038813 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: aide Version: 0.17.3-4+deb11u2 Explanation: fix handling of extended attributes on symlinks
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Sun, 2023-06-25 at 20:15 +0200, Marc Haber wrote: > On Sun, Jun 25, 2023 at 05:29:12PM +0100, Adam D. Barratt wrote: > > On Sat, 2023-06-24 at 11:43 +0200, Marc Haber wrote: > > > On Sat, Jun 24, 2023 at 10:13:58AM +0100, Adam D. Barratt wrote: > > > > I was about to say "nothing other than a little more patience", > > > > given > > > > the request is only a few days old at this point. Looking back, > > > > however, it appears that there isn't actually a debdiff > > > > attached, > > > > as > > > > was claimed in the original mail. > > > > > > I apologize. Here we go. > > > > > > > Thanks. Please go ahead. > > Done. > > One more question that might be a good candidate for more in-depth > docs: > With both the bullseye and bookworm versions having been accepted to > the > respective proposed-updates repository, there is no longer need to > hold > back uploads to unstable, right? I can resume normal work on the > packages after the acceptance of the package for bullseye? > There's no need to block uploads to unstable on anything happening in (o)pu, no. The only requirement is that if the issue also affects unstable then it be fixed there first. Presumably future uploads to unstable wouldn't revert any fixes. Regards, Adam
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Sun, Jun 25, 2023 at 05:29:12PM +0100, Adam D. Barratt wrote: > On Sat, 2023-06-24 at 11:43 +0200, Marc Haber wrote: > > On Sat, Jun 24, 2023 at 10:13:58AM +0100, Adam D. Barratt wrote: > > > I was about to say "nothing other than a little more patience", > > > given > > > the request is only a few days old at this point. Looking back, > > > however, it appears that there isn't actually a debdiff attached, > > > as > > > was claimed in the original mail. > > > > I apologize. Here we go. > > > > Thanks. Please go ahead. Done. One more question that might be a good candidate for more in-depth docs: With both the bullseye and bookworm versions having been accepted to the respective proposed-updates repository, there is no longer need to hold back uploads to unstable, right? I can resume normal work on the packages after the acceptance of the package for bullseye? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Processed: Re: Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
Processing control commands: > tags -1 + confirmed Bug #1038813 [release.debian.org] bullseye-pu: package aide/0.17.3-4+deb11u2 Added tag(s) confirmed. -- 1038813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
Control: tags -1 + confirmed On Sat, 2023-06-24 at 11:43 +0200, Marc Haber wrote: > On Sat, Jun 24, 2023 at 10:13:58AM +0100, Adam D. Barratt wrote: > > I was about to say "nothing other than a little more patience", > > given > > the request is only a few days old at this point. Looking back, > > however, it appears that there isn't actually a debdiff attached, > > as > > was claimed in the original mail. > > I apologize. Here we go. > Thanks. Please go ahead. Regards, Adam
Processed: aide 0.18.3-1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1037945 = bookworm pending Bug #1037945 [release.debian.org] bookworm-pu: package aide/aide_0.18.3-1+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1037945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1037945: aide 0.18.3-1+deb12u1 flagged for acceptance
package release.debian.org tags 1037945 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: aide Version: 0.18.3-1+deb12u1 Explanation: properly handle creating the system user
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Sat, Jun 24, 2023 at 11:11:18AM +0100, Adam D. Barratt wrote: > Please feel free to upload. Done (for bookworm). Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Sat, 2023-06-24 at 11:53 +0200, Marc Haber wrote: > On Sat, Jun 24, 2023 at 10:47:31AM +0100, Adam D. Barratt wrote: > > Looking at the upstream issue linked from #1037436, it suggests > > that > > the extended attributes fix is likely to create a large amount of > > noise > > on the next aide run. If that's correct, is it worth adding a > > NEWS.Debian entry to warn users that this is expected? > > I deliberately didnt do that to keep the debdiff small, but I can add > a paragraph if you think that's a good idea. I'd do the same for the > bullseye-pu upload and the next sid upload then. > > However, this bug only shows itself if both the symlink AND the > target of the symlink do have extended attributes. I dont think > that's a very commmon case. > Thanks for clarifying - the detail there wasn't clear to me, and the upstream issue sounded like it would be much noisier. Please feel free to upload. Regards, Adam
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Sat, Jun 24, 2023 at 10:47:31AM +0100, Adam D. Barratt wrote: > Looking at the upstream issue linked from #1037436, it suggests that > the extended attributes fix is likely to create a large amount of noise > on the next aide run. If that's correct, is it worth adding a > NEWS.Debian entry to warn users that this is expected? I deliberately didnt do that to keep the debdiff small, but I can add a paragraph if you think that's a good idea. I'd do the same for the bullseye-pu upload and the next sid upload then. However, this bug only shows itself if both the symlink AND the target of the symlink do have extended attributes. I dont think that's a very commmon case. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Sat, 2023-06-24 at 10:45 +0200, Marc Haber wrote: > The BTS overview page has this as "awaiting upload", but there is no > message making that clear. Is that the "confirmed" tag? Is there > anything I am supposed to do before going forward with the upload? > That's what the "confirmed" tag means, yes. I realise that the message setting it wasn't quite as clear about that as I'd usually like. Looking at the upstream issue linked from #1037436, it suggests that the extended attributes fix is likely to create a large amount of noise on the next aide run. If that's correct, is it worth adding a NEWS.Debian entry to warn users that this is expected? Regards, Adam
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Sat, Jun 24, 2023 at 10:13:58AM +0100, Adam D. Barratt wrote: > I was about to say "nothing other than a little more patience", given > the request is only a few days old at this point. Looking back, > however, it appears that there isn't actually a debdiff attached, as > was claimed in the original mail. I apologize. Here we go. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 diff -Nru aide-0.17.3/debian/changelog aide-0.17.3/debian/changelog --- aide-0.17.3/debian/changelog2022-01-16 13:36:56.0 +0100 +++ aide-0.17.3/debian/changelog2023-06-21 18:28:37.0 +0200 @@ -1,3 +1,9 @@ +aide (0.17.3-4+deb11u2) bullseye; urgency=medium + + * Fix handling of extended attributes on symlinks. (Closes: #1037436) + + -- Marc Haber Wed, 21 Jun 2023 18:28:37 +0200 + aide (0.17.3-4+deb11u1) bullseye-security; urgency=high * Apply upstream patch to fix heap-based buffer overflow in base64 functions diff -Nru aide-0.17.3/debian/patches/debian-bug-1037436 aide-0.17.3/debian/patches/debian-bug-1037436 --- aide-0.17.3/debian/patches/debian-bug-1037436 1970-01-01 01:00:00.0 +0100 +++ aide-0.17.3/debian/patches/debian-bug-1037436 2023-06-21 18:28:37.0 +0200 @@ -0,0 +1,25 @@ +Description: Fix handling of extended attributes on symlinks +Author: Hannes von Haugwitz +Origin: 04b34dd46292dedf830ef2366a8869a31488 +Date: Mon Jun 12 22:20:50 2023 +0200 +Forwarded: not-needed +--- a/src/do_md.c b/src/do_md.c +@@ -565,7 +565,7 @@ void xattrs2line(db_line *line) { + strncmp(attr, "trusted.", strlen("trusted."))) + goto next_attr; /* only store normal xattrs, and SELinux */ + +-while (((aret = getxattr(line->fullpath, attr, val, asz)) == ++while (((aret = lgetxattr(line->fullpath, attr, val, asz)) == + -1) && (errno == ERANGE)) { + asz <<= 1; + val = realloc (val, asz); +@@ -574,7 +574,7 @@ void xattrs2line(db_line *line) { + if (aret != -1) + xattr_add(xattrs, attr, val, aret); + else if (errno != ENOATTR) +-log_msg(LOG_LEVEL_WARNING, "getxattr failed for %s:%s", line->fullpath, strerror(errno)); ++log_msg(LOG_LEVEL_WARNING, "lgetxattr failed for %s:%s", line->fullpath, strerror(errno)); + + next_attr: + attr += len + 1; diff -Nru aide-0.17.3/debian/patches/series aide-0.17.3/debian/patches/series --- aide-0.17.3/debian/patches/series 2022-01-16 13:09:51.0 +0100 +++ aide-0.17.3/debian/patches/series 2023-06-21 18:28:37.0 +0200 @@ -1 +1,2 @@ 20-aide-0.17-cve-2021-45417.patch +debian-bug-1037436
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Sat, 2023-06-24 at 10:43 +0200, Marc Haber wrote: > On Wed, Jun 21, 2023 at 06:42:27PM +0200, Marc Haber wrote: > > Package: release.debian.org > > Severity: normal > > Tags: bullseye > > User: release.debian@packages.debian.org > > Usertags: pu > > X-Debbugs-Cc: a...@packages.debian.org > > Control: affects -1 + src:aide > > This is in status "needs info" on the BTS overview page, but there > were > no questions asked other than an "okay huh" which looks like an > answer by a confused bystander. > I'm also confused by what you're apparently seeing - I'm seeing this bug listed under "Outstanding bugs -- Oldstable Proposed Updates; Normal bugs (48 bugs)" in the BTS, which is what I'd expect as it's _not_ tagged moreinfo right now. > What am I supposed to add before we can proceed with the upload? I was about to say "nothing other than a little more patience", given the request is only a few days old at this point. Looking back, however, it appears that there isn't actually a debdiff attached, as was claimed in the original mail. Regards, Adam
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Wed, Jun 14, 2023 at 05:27:29PM +0200, Marc Haber wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: a...@packages.debian.org > Control: affects -1 + src:aide The BTS overview page has this as "awaiting upload", but there is no message making that clear. Is that the "confirmed" tag? Is there anything I am supposed to do before going forward with the upload? Greetings Marc
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Wed, Jun 21, 2023 at 06:42:27PM +0200, Marc Haber wrote: > Package: release.debian.org > Severity: normal > Tags: bullseye > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: a...@packages.debian.org > Control: affects -1 + src:aide This is in status "needs info" on the BTS overview page, but there were no questions asked other than an "okay huh" which looks like an answer by a confused bystander. What am I supposed to add before we can proceed with the upload? Greetings Marc
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable releas team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bullseye-proposed-updates. I have never done this before and am open for suggestions to improve and for documentation pointers. A fixed package has recently migrated to testing, the corresponding bookworm request is #1037945. [ Reason ] This update fixes #1037436, a "just" important bug that causes incorrect processing of extended attributes on symlinks that are monitored by aide. This is a fix suggested by upstream (who is also a DD). [ Impact ] Without this fix, Aide will wrongly process extended attributes for the file a symlink points to, which is not the intended behavior. The fixed aide will process the extended attributes of a symlink. [ Tests ] This bug is sadly not covered by automated tests. I created a symlink with extended attributes pointing to a file with different extended attributes and verified that actually the extended attributes of the symlink show up in the database. [ Risks ] Risks are that I goofed up in the fixes. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] commit b1d036a82a336836f05ed0d6dcb0b4bab6c7501f (HEAD -> bullseye) Author: Marc Haber Date: Wed Jun 21 18:29:23 2023 +0200 prepare upload to bullseye Git-Dch: ignore commit 60e63ac4052724be4a2b078940e266e835e89bf7 Author: Marc Haber Date: Wed Jun 21 18:27:56 2023 +0200 refresh patch for bullseye Git-Dch: ignore commit f2912c100a5d3d9b37d4ab9318d5b8b9bf45025c Author: Marc Haber Date: Wed Jun 14 04:15:51 2023 +0200 Fix handling of extended attributes on symlinks Closes: #1037436 This fixes wrong behavior regarding extended attributes on symlinks. Prior versions of aide would wrongly process the extended attributes of the file a symlink points to. This fix makes aide correctly process the extended attributes of the link itself, which is the intended behavior. The fix for extended attributes on symlinks might lead to reported changed entries during the next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will not only exclude the expected changes (of the symlink files) but also the unexpected changes (of other files). [ Other info ] source debdiff attached. A binary debdiff will be delivered on request. Please indicate whether this package might be a valid candidate to be in the next bullseye point release. Greetings Marc
Processed: bullseye-pu: package aide/0.17.3-4+deb11u2
Processing control commands: > affects -1 + src:aide Bug #1038813 [release.debian.org] bullseye-pu: package aide/0.17.3-4+deb11u2 Added indication that 1038813 affects src:aide -- 1038813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Wed, Jun 14, 2023 at 06:20:44PM +0100, Adam D. Barratt wrote: > One small comment: > > +if dpkg --compare-versions "$2" le 0.18.3-1; then > +# we're updating from 0.18-3 or earlier, chown aideinit logs > > That should presumably be "from 0.18.3". In the mean time, 0.18.3-1 has reached testing. Are you ok with me uploading 0.18.3-1+deb12u1 to bookworm-proposed-updates? I guess that I should also file a bug for 0.17.3-4+deb11u2 because the bullseye point release is planned earlier than the bookworm point release, right? Greetings Marc
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Wed, Jun 14, 2023 at 06:20:44PM +0100, Adam D. Barratt wrote: > On Wed, 2023-06-14 at 17:27 +0200, Marc Haber wrote: > > this pre-upload request for the aide package is filed to ask for > > guidance whether this package is suitable for bookworm-updates. > > Do you actually mean bookworm-updates here (i.e. pushed to users in > advance of 12.1), or simply (bookworm-)proposed-updates, therefore > reaching users with the release of 12.1? I would be fine with either, proposed-updates of course being less invasive. Probably a misunderstanding because of me being too stupidto find the docs. I'll read up on what you linked to me. > I'd be interested in seeing a binary debdiff (for an arbitrary > architecture) with "--controlfiles=ALL" to see the changes made to the > maintainer scripts, but overall I think this looks OK. aide-dynamic: 1 [23/4887]mh@salida:~/packages/aide $ debdiff --controlfiles=ALL 20230614/aide-dynamic_0.18.3-1_all.deb build-area/aide-dynamic_0.18.3-1+deb12u1_all.deb File lists identical (after any substitutions) Control files: lines which differ (wdiff format) ---- Recommends: aide-common (= [-0.18.3-1)-] {+0.18.3-1+deb12u1)+} Version: [-0.18.3-1-] {+0.18.3-1+deb12u1+} 1 [24/4888]mh@salida:~/packages/aide $ aide: [19/4883]mh@salida:~/packages/aide $ debdiff --controlfiles=ALL 20230614/aide_0.18.3-1_amd64.deb build-area/aide_0.18.3-1+deb12u1_amd64.deb File lists identical (after any substitutions) Control files: lines which differ (wdiff format) ---- Installed-Size: [-289-] {+293+} Recommends: aide-common (= [-0.18.3-1)-] {+0.18.3-1+deb12u1)+} Version: [-0.18.3-1-] {+0.18.3-1+deb12u1+} 1 [20/4884]mh@salida:~/packages/aide $ aide-common is attached. > > One small comment: > > +if dpkg --compare-versions "$2" le 0.18.3-1; then > +# we're updating from 0.18-3 or earlier, chown aideinit logs > > That should presumably be "from 0.18.3". Yes. fixed in git and master. Thanks for spotting this. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 [The following lists of changes regard files as different if they have different names, permissions or owners.] Files in second .deb but not in first - -rw-r--r-- root/root /usr/lib/sysusers.d/aide-common.conf No differences were encountered between the config files Control files: lines which differ (wdiff format) Depends: aide (>= 0.17), liblockfile1, ucf (>= 2.0020), debconf (>= 0.5) | [-debconf-2.0-] {+debconf-2.0, systemd | systemd-standalone-sysusers | systemd-sysusers+} Installed-Size: [-449-] {+451+} Version: [-0.18.3-1-] {+0.18.3-1+deb12u1+} Postinst files: lines which differ (wdiff format) - [-if dpkg --compare-versions "$2" lt 0.17.5-1; then-] [-# we're updating from a version earlier than 0.17.5, chown logs-] [-# and databases-] [-chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true-] [-chmod --quiet 2755 /var/log/aide || true-] [-chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true-] [-fi-] [-if dpkg --compare-versions "$2" lt 0.18-3; then-] [-# we're updating from a version earlier than 0.18-3, chown aideinit logs-] [-chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true-] [-fi-] # Automatically added by {+dh_installsysusers/13.11.4+} {+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then+} {+ systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} aide-common.conf+} {+fi+} {+# End automatically added section+} {+# Automatically added by+} dh_installtmpfiles/13.11.4 {+# this needs to be after debhelper, otherwise the account doesn't+} {+# yet exist.+} {+if dpkg --compare-versions "$2" lt 0.17.5-1; then+} {+# we're updating from a version earlier than 0.17.5, chown logs+} {+# and databases+} {+chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true+} {+chmod --quiet 2755 /var/log/aide || true+} {+chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true+} {+fi+} {+if dpkg --compare-versions "$2" le 0.18.3-1; then+} {+# we're updating from 0.18-3 or earlier, chown aideinit logs+} {+chown --quiet _ai
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
Control: tags -1 + confirmed On Wed, 2023-06-14 at 17:27 +0200, Marc Haber wrote: > this pre-upload request for the aide package is filed to ask for > guidance whether this package is suitable for bookworm-updates. Do you actually mean bookworm-updates here (i.e. pushed to users in advance of 12.1), or simply (bookworm-)proposed-updates, therefore reaching users with the release of 12.1? > I have > never done this before and am open for suggestions to improve and for > documentation pointers. I haven't found the bookwork point release > policy yet, for example. > There's been no substantial changes to the policy for a while. The "workflow" section of https://lists.debian.org/debian-devel-announce/2019/08/msg0.html (as linked from https://release.debian.org/ ) is still basically appropriate, and the basis of https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions (The "must be severity:important" bit isn't strictly enforced, more a guide as to the expected impact of the issue being resolved.) Maybe we should re-post it. I'd be interested in seeing a binary debdiff (for an arbitrary architecture) with "--controlfiles=ALL" to see the changes made to the maintainer scripts, but overall I think this looks OK. One small comment: +if dpkg --compare-versions "$2" le 0.18.3-1; then +# we're updating from 0.18-3 or earlier, chown aideinit logs That should presumably be "from 0.18.3". Regards, Adam
Processed: Re: Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1037945 [release.debian.org] bookworm-pu: package aide/aide_0.18.3-1+deb12u1 Added tag(s) confirmed. -- 1037945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable release team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bookworm-updates. I have never done this before and am open for suggestions to improve and for documentation pointers. I haven't found the bookwork point release policy yet, for example. A fixed package has been uploaded to unstable minutes ago, and I do not plan to actually upload the deb12u1 version of the package until the fixes have reached testing. [ Reason ] This update fixes #1037171, a serious bug that prevents new installations and upgrades of aide due to a misunderstanding in the dh code regarding dh_installsysusers. Embarrassing. And it also fixes #1037436, a "just" important bug that will fix correct processing of extended attributes on symlinks that are monitored by aide. This is a fix suggested by upstream (who is also a DD) and I will create a similiar package for bullseye. [ Impact ] Regarding #1037171, Aide will not be useable until the _aide account is manually created and some file permissions fixed. While package installation will succeed, neither aideinit nor the daily aide cronjob are invokeable and will error out. Regarding #1037436, Aide will wrongly process extended attributes for the file a symlink points to, which is not the intended behavior. The fixed aide will process the extended attributes of a symlink. [ Tests ] Both bugs are sadly not covered by automated tests, but I am kind of surprised that piuparts didn't catch #1037171. Regarding #1037171, I tested: - installation of aide in a bookworm VM with no aide installed before - updating 0.18.3-1 to 0.18.3-2 in a bookworm VM - updating 0.17.3-4+deb11u1 (oldstable) to 0.18.3-2 in a bookworm VM Regarding #1037436, I created a symlink with extended attributes pointing to a file with different extended attributes and verified that actually the extended attributes of the symlink show up in the database. [ Risks ] Risks are that I goofed up in the fixes. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] commit 456704ab523c6b7ca088a15ffde543fbac3fa391 Author: Marc Haber Date: Wed Jun 14 16:51:03 2023 +0200 remove trailing whitespace in debian/rules Git-Dch: ignore commit 2c221fd08e6c4d570c4a2c86c87d0a94201fbe9d Author: Marc Haber Date: Wed Jun 14 15:28:15 2023 +0200 chown aide logs even when updating from 0.18.3-1 0.18.3-1 doesn't create the account, so we need to see for correct file ownership when updating to a version that actually creates the account. commit 11547993349b3dffad11f2d6998875d58f6b0395 Author: Marc Haber Date: Wed Jun 14 04:15:51 2023 +0200 Fix handling of extended attributes on symlinks Closes: #1037436 This fixes wrong behavior regarding extended attributes on symlinks. Prior versions of aide would wrongly process the extended attributes of the file a symlink points to. This fix makes aide correctly process the extended attributes of the link itself, which is the intended behavior. The fix for extended attributes on symlinks might lead to reported changed entries during the next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will not only exclude the expected changes (of the symlink files) but also the unexpected changes (of other files). commit 0d0251e639334e0ef139c1f6f9d34b6032378d3d Author: Marc Haber Date: Tue Jun 13 16:53:49 2023 +0200 Move chown calls after #DEBHELPER# This is part of the fix for #1037171, the account is only created in the code inserted by debhelper at the #DEBHELPER# token. We thus cannot use the account after that tag. commit 218fff3fc157b89e53ece470267cb238fac5daac Author: Marc Haber Date: Sun Jun 11 22:54:19 2023 +0200 call dh_installsysusers manually in debian/rules Thanks: Tomasz Ciolek Closes: #1037171 dh_installsysusers is not called in the normal dh calling sequence in dh compat level 13. This resulted in the account not being created in new installs and probably also during upgrades from bullseye. Thix fixes the issue by calling dh_installsysusers explicitly in override_dh_auto_install. [ Other info ] source debdiff attached. Please indicate whether this package might be a valid candidate to be in the next bookworm point relase once 0.18.3-2 has reached testing. Greetings Marc diff -Nru aide-0.18.3/debian/aide-common.postinst aide-0.18.3/debian/aide-common.postinst --- aide-0.18.3/debian/aide-commo
Processed: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
Processing control commands: > affects -1 + src:aide Bug #1037945 [release.debian.org] bookworm-pu: package aide/aide_0.18.3-1+deb12u1 Added indication that 1037945 affects src:aide -- 1037945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037945 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1034060: marked as done (unblock: aide/0.18.2-1)
Your message dated Mon, 15 May 2023 20:47:27 +0200 with message-id <7f37c236-62fd-74fc-47f5-3cf7927e1...@debian.org> and subject line Re: Bug#1034060: unblock: aide/0.18.2-1 has caused the Debian Bug report #1034060, regarding unblock: aide/0.18.2-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1034060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide This is a pre-upload request for guidance regarding aide 0.18.2. upstream released a new version that fixes a number of locking issues, each of which possible a release-critical bug. Debian does not have reports of these bugs since aide is seldomly used on unstable/testing machines, but they have shown up during testing on upstream side and are fixed now. All downstream dependencies of aide are either in-package or Recommends/Suggests, so breaking other packages unlikely. I am attaching the upstream diff between 0.18.1 and 0.18.2, pulled apart to the respective commits, 273 lines length including commit messages, comments and the noise caused by the release. The aide package has autopkgtests. I reviewed the changes and approve them. Please indicate whether you would be ok with going with the upstream release via unstable to bookworm. A debdiff of the actual package will be delivered for approval before upload once you have indicated that you would consider approval. Thanks in advance. Greetings Marc --- End Message --- --- Begin Message --- On 15-05-2023 18:18, Bastian Germann wrote: The package has migrated, so this request can be closed. As Bastian said... Paul OpenPGP_signature Description: OpenPGP digital signature --- End Message ---
Processed: Re: Bug#1034060: unblock: aide/0.18.2-1
Processing control commands: > tags -1 - moreinfo Bug #1034060 [release.debian.org] unblock: aide/0.18.2-1 Removed tag(s) moreinfo. -- 1034060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1034060: unblock: aide/0.18.2-1
Control: tags -1 - moreinfo The package has migrated, so this request can be closed.
Processed: Re: Bug#1034060: unblock: aide/0.18.2-1
Processing control commands: > tags -1 confirmed moreinfo Bug #1034060 [release.debian.org] unblock: aide/0.18.2-1 Added tag(s) moreinfo and confirmed. -- 1034060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1034060: unblock: aide/0.18.2-1
Control: tags -1 confirmed moreinfo On 07-04-2023 19:34, Marc Haber wrote: This is a pre-upload request for guidance regarding aide 0.18.2. upstream released a new version that fixes a number of locking issues, each of which possible a release-critical bug. It seems you are overly cautious in this case. The aide package has autopkgtests. As aide is not a key package, this means we don't need to be involved if we're not going into full freeze already. A debdiff of the actual package will be delivered for approval before upload once you have indicated that you would consider approval. Thanks in advance. A debdiff normally contains all changes including the debian/changelog. I'm fine for now. Please remove the moreinfo tag once the package is uploaded and might miss bookworm due to an announcement of the full freeze (I'd expect if you upload soon, we don't need to be further involved). Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1034060: unblock: aide/0.18.2-1
On Fri, Apr 07, 2023 at 07:34:54PM +0200, Marc Haber wrote: > I am attaching the upstream diff between 0.18.1 and 0.18.2, pulled apart > to the respective commits, 273 lines length including commit messages, > comments and the noise caused by the release. Forgot trhe attachment. -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 commit 3d5b18b9e5e1c51533ac01d8acd3499b2f9fcc2e Author: Hannes von Haugwitz Date: Fri Apr 7 16:06:18 2023 +0200 Release aide 0.18.2 commit adc07f01042f327b78e4e787bb0afbbae73d566a Author: Hannes von Haugwitz Date: Mon Apr 3 21:15:05 2023 +0200 Add another missing lock for tree operations commit d3376eb6523bbae5ee8b8ea32c14355045524e12 Author: Hannes von Haugwitz Date: Sat Apr 1 11:21:54 2023 +0200 Add missing lock for tree operations during file system scan commit 5d46267c5d72bc2263aba76496707490acdb2a28 Author: Hannes von Haugwitz Date: Wed Mar 8 20:50:58 2023 +0100 Add warning if rules contain not compiled-in attributes commit 5d46267c5d72bc2263aba76496707490acdb2a28 Author: Hannes von Haugwitz Date: Wed Mar 8 20:50:58 2023 +0100 Add warning if rules contain not compiled-in attributes diff --git a/ChangeLog b/ChangeLog index 31ff00c..b6435bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2023-03-08 Hannes von Haugwitz + * Add warning if rules contain not compiled-in attributes (closes: #153) + 2023-03-04 Hannes von Haugwitz * Release aide 0.18.1 diff --git a/NEWS b/NEWS index 88ae5af..97db895 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Version 0.18.2 (UNRELEASED) +* Add warning if rules contain not compiled-in attributes + Version 0.18.1 (2023-03-04) * Fix handling of empty growing files * Fix segfault when using --dry-init diff --git a/src/commandconf.c b/src/commandconf.c index 1fcfbaa..e5ef8b9 100644 --- a/src/commandconf.c +++ b/src/commandconf.c @@ -338,14 +338,40 @@ bool add_rx_rule_to_tree(char* rx, char* rule_prefix, RESTRICTION_TYPE restricti r->config_line = checked_strdup(linebuf); r->prefix = rule_prefix; +char *str; + DB_ATTR_TYPE unsupported_hashes = attr&(get_hashes(true)&~get_hashes(false)); if (unsupported_hashes) { -char *str; LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_WARNING, "ignoring unsupported hash algorithm(s): %s", str = diff_attributes(0, unsupported_hashes)); free(str); attr &= ~unsupported_hashes; } +DB_ATTR_TYPE unsupported_attrs = attr& +(0 +#ifndef WITH_ACL + |ATTR(attr_acl) +#endif +#ifndef WITH_SELINUX + |ATTR(attr_selinux) +#endif +#ifndef WITH_XATTR + |ATTR(attr_xattrs) +#endif +#ifndef WITH_E2FSATTRS + |ATTR(attr_e2fsattrs) +#endif +#ifndef WITH_CAPABILITIES + |ATTR(attr_capabilities) +#endif +) +; +if (unsupported_attrs) { +LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_WARNING, "ignoring not compiiled-in attribute(s): %s", str = diff_attributes(0, unsupported_attrs)); +free(str); +attr &= ~unsupported_attrs; +} + r->attr=attr; if (attr(attr_sizeg)) { log_msg(LOG_LEVEL_NOTICE, "%s:%d: Using 'S' attribute is DEPRECATED and will be removed in the release after next. Update your config and use 'growing+s' instead (line: '%s')", filename, linenumber, linebuf); commit d3376eb6523bbae5ee8b8ea32c14355045524e12 Author: Hannes von Haugwitz Date: Sat Apr 1 11:21:54 2023 +0200 Add missing lock for tree operations during file system scan diff --git a/ChangeLog b/ChangeLog index b6435bf..80d0366 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2023-04-01 Hannes von Haugwitz + * Add missing lock for tree operations during file system scan + 2023-03-08 Hannes von Haugwitz * Add warning if rules contain not compiled-in attributes (closes: #153) diff --git a/NEWS b/NEWS index 97db895..5904559 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ Version 0.18.2 (UNRELEASED) * Add warning if rules contain not compiled-in attributes +* Add missing lock for tree operations during file system scan Version 0.18.1 (2023-03-04) * Fix handling of empty growing files diff --git a/src/db_disk.c b/src/db_disk.c index a1f1606..1bc91bb 100644 --- a/src/db_disk.c +++ b/src/db_disk.c @@ -46,6 +46,10 @@ #include #endif +#ifdef WITH_PTHREAD +pthread_mutex_t seltree_mutex = PTHREAD_MUTEX_INITIALIZER; +#endif + static int get_file_status(char *filename, struct stat *fs) { int sres = 0; sres = lstat(filename,fs); @@ -
Bug#1034060: unblock: aide/0.18.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide This is a pre-upload request for guidance regarding aide 0.18.2. upstream released a new version that fixes a number of locking issues, each of which possible a release-critical bug. Debian does not have reports of these bugs since aide is seldomly used on unstable/testing machines, but they have shown up during testing on upstream side and are fixed now. All downstream dependencies of aide are either in-package or Recommends/Suggests, so breaking other packages unlikely. I am attaching the upstream diff between 0.18.1 and 0.18.2, pulled apart to the respective commits, 273 lines length including commit messages, comments and the noise caused by the release. The aide package has autopkgtests. I reviewed the changes and approve them. Please indicate whether you would be ok with going with the upstream release via unstable to bookworm. A debdiff of the actual package will be delivered for approval before upload once you have indicated that you would consider approval. Thanks in advance. Greetings Marc
Processed: unblock: aide/0.18.2-1
Processing control commands: > affects -1 + src:aide Bug #1034060 [release.debian.org] unblock: aide/0.18.2-1 Added indication that 1034060 affects src:aide -- 1034060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
AIDE
Bonjour , J'ai installé DEBIAN 9.3 sur virtualbox . Je n'arrive pas à installer PHP et mysql . On me ramène toujours les problèmes de dépendances.Merci de m'aider
Re: [SRM] Approval for aide 0.15.1-3
On Tue, Apr 05, 2011 at 09:41:25PM +0100, Adam D. Barratt wrote: On Sun, 2011-03-27 at 10:25 +0200, Hannes von Haugwitz wrote: I'd like to fix two important bugs (#612405, #615111) in aide. Both bugs introduced problems which doesn't exist in oldstable. I've attached the diff for 0.15.1-3 (in unstable). Thanks. Have the patches been tested on stable? Yes. 0.15.1-2+squeeze1 has been tested on 32-bit debian stable. One other question - why is aide defining both _LARGEFILE64_SOURCE and _FILE_OFFSET_BITS=64 ? The code doesn't actually seem to use the *64 functions, so the former seems somewhat redundant. It seems as if _LARGEFILE64_SOURCE has been originally added as part of a fix for compilation under Solaris[0]. aide 0.15.1-3 has reached testing some days ago without any problems. Please consider aide 0.15.1-3 in stable. 0.15.1-3 itself won't enter stable, but a 0.15.1-2+squeeze1 might. The diff for 0.15.1-2+squeeze1 is available on git.debian.org[1]. Please let me know if I can upload. Thanks Hannes [0] http://aide.git.sourceforge.net/git/gitweb.cgi?p=aide/aide;a=commitdiff;h=12de742 [1] http://git.debian.org/?p=pkg-aide/aide.git;a=commitdiff;h=f674bb4;hp=debian/0.15.1-2 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110411185353.ga6...@carbon.vonhaugwitz.com
Re: [SRM] Approval for aide 0.15.1-3
On Sun, 2011-03-27 at 10:25 +0200, Hannes von Haugwitz wrote: I'd like to fix two important bugs (#612405, #615111) in aide. Both bugs introduced problems which doesn't exist in oldstable. I've attached the diff for 0.15.1-3 (in unstable). Thanks. Have the patches been tested on stable? One other question - why is aide defining both _LARGEFILE64_SOURCE and _FILE_OFFSET_BITS=64 ? The code doesn't actually seem to use the *64 functions, so the former seems somewhat redundant. aide 0.15.1-3 has reached testing some days ago without any problems. Please consider aide 0.15.1-3 in stable. 0.15.1-3 itself won't enter stable, but a 0.15.1-2+squeeze1 might. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1302036086.7710.625.ca...@hathi.jungle.funky-badger.org
[SRM] Approval for aide 0.15.1-3
Hi, I'd like to fix two important bugs (#612405, #615111) in aide. Both bugs introduced problems which doesn't exist in oldstable. I've attached the diff for 0.15.1-3 (in unstable). aide 0.15.1-3 has reached testing some days ago without any problems. Please consider aide 0.15.1-3 in stable. Thanks Hannes diff --git a/debian/aide.conf.d/31_aide_bind9 b/debian/aide.conf.d/31_aide_bind9 index 06950c1..3176a2e 100644 --- a/debian/aide.conf.d/31_aide_bind9 +++ b/debian/aide.conf.d/31_aide_bind9 @@ -1,5 +1,5 @@ @@ifdef BINDCHROOT -@@{BINDCHROOT}/dev/log$ LowLogs +@@{BINDCHROOT}/dev/log$ LowLog @@{BINDCHROOT}/dev VarDir @@endif @@{BINDCHROOT}/var/log/bind/queries\.log$ Log diff --git a/debian/changelog b/debian/changelog index c1c4959..5c76900 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +aide (0.15.1-3) unstable; urgency=low + + [ Marc Haber ] + * 31_aide_bind9: +- fix wrong group (closes: #612405) + + [ Hannes von Haugwitz ] + * debian/patches/05-configure_32-bit_lfs_fix.dpatch: new +- fixed lfs on 32-bit systems (closes: #615111) + + -- Hannes von Haugwitz han...@vonhaugwitz.com Fri, 11 Mar 2011 09:50:46 +0100 + aide (0.15.1-2) unstable; urgency=low * debian/po/da.po: diff --git a/debian/patches/00list b/debian/patches/00list index 8bf570a..df151de 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -1 +1,2 @@ +05-configure_32-bit_lfs_fix 10-manpages diff --git a/debian/patches/05-configure_32-bit_lfs_fix.dpatch b/debian/patches/05-configure_32-bit_lfs_fix.dpatch new file mode 100755 index 000..f40b290 --- /dev/null +++ b/debian/patches/05-configure_32-bit_lfs_fix.dpatch @@ -0,0 +1,24 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05-configure_32-bit_lfs_fix.dpatch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Description: Fix large file support on 32-bit systems +## DP: Forwarded: not-needed +## DP: Author: Hannes von Haugwitz han...@vonhaugwitz.com +## DP: Applied-Upstream: 0.16a1, http://aide.git.sourceforge.net/git/gitweb.cgi?p=aide/aide;a=commit;h=92c7878 +## DP: Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615111 +## DP: Last-Update: 2011-03-11 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' aide~/configure aide/configure +--- aide~/configure 2011-03-11 06:23:39.0 + aide/configure 2011-03-11 06:29:11.0 + +@@ -6435,7 +6435,7 @@ + if test x$ac_cv_func_lstat64 = xyes; then : + ac_fn_c_check_func $LINENO stat64 ac_cv_func_stat64 + if test x$ac_cv_func_stat64 = xyes; then : +- AIDE_DEFS=$AIDE_DEFS -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS ++ AIDE_DEFS=$AIDE_DEFS -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 + AIDE_LSTAT_FUNC=lstat64 + compoptionstring=${compoptionstring}WITH_LSTAT64\\n + AIDE_STAT_FUNC=stat64
Bug#601347: unblock: aide/0.15.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception Please unblock package aide Danish translation update only. No other changes. Thanks aide (0.15.1-2) unstable; urgency=low * debian/po/da.po: - updated Danish debconf translations, thanks to Joe Hansen (closes: #59) unblock aide/0.15.1-2 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (300, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.36 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101025120728.17102.15898.report...@carbon.localhost.localdomain
Bug#601347: marked as done (unblock: aide/0.15.1-2)
Your message dated Mon, 25 Oct 2010 15:30:18 +0200 with message-id 4cc5866a.6060...@dogguy.org and subject line Re: Bug#601347: unblock: aide/0.15.1-2 has caused the Debian Bug report #601347, regarding unblock: aide/0.15.1-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 601347: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601347 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception Please unblock package aide Danish translation update only. No other changes. Thanks aide (0.15.1-2) unstable; urgency=low * debian/po/da.po: - updated Danish debconf translations, thanks to Joe Hansen (closes: #59) unblock aide/0.15.1-2 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (300, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.36 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash ---End Message--- ---BeginMessage--- On 10/25/2010 02:07 PM, Hannes von Haugwitz wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: freeze-exception Please unblock package aide Unblocked. Regards, -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ ---End Message---
Re: Pre-clearance for aide bug fix of #596230
Julien Cristau wrote: On Sat, Sep 11, 2010 at 20:36:15 +0200, Marc Haber wrote: What would the release team prefer to get these fixes into squeeze: - upload aide 0.15.1 to unstable, let it migrate to squeeze - update aide 0.15 with the patches that virtually make it aide 0.15.1? - Add the rule patches or not? Please indicate what you would prefer. 0.15.1 should be ok. I've uploaded aide 0.15.1 to unstable 8 days ago, would you please unblock it? Thanks Hannes -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c9b610c.4070...@vonhaugwitz.com
Re: Pre-clearance for aide bug fix of #596230
On Thu, Sep 23, 2010 at 16:15:40 +0200, Hannes von Haugwitz wrote: I've uploaded aide 0.15.1 to unstable 8 days ago, would you please unblock it? Done. Cheers, Julien signature.asc Description: Digital signature
Re: Pre-clearance for aide bug fix of #596230
On Sat, Sep 11, 2010 at 20:36:15 +0200, Marc Haber wrote: What would the release team prefer to get these fixes into squeeze: - upload aide 0.15.1 to unstable, let it migrate to squeeze - update aide 0.15 with the patches that virtually make it aide 0.15.1? - Add the rule patches or not? Please indicate what you would prefer. 0.15.1 should be ok. Cheers, Julien signature.asc Description: Digital signature
Pre-clearance for aide bug fix of #596230
Hi, Hannes von Haugwitz has found a bad bug in aide 0.15 (#596230). Upstream has released 0.15.1, which contains only the patches listed in #596230 (aside from using a later autofoo). We also have a number of smaller changes against the rules we ship: --- a/debian/aide.conf.d/31_aide_apt +++ b/debian/aide.conf.d/31_aide_apt @@ -55,6 +55,11 @@ echo ${VARDIR}/extended_states$ VarFile echo ${VARDIR}$ VarDir echo ${LOGDIR}/term\.log$ Log +echo /var/backups/apt\.extended_states\.0$ LowLog +echo /var/backups/apt\.extended_states\.1\.gz$ LoSerMemberLog +echo /var/backups/apt\.extended_states\.[2345]\.gz$ SerMemberLog +echo /var/backups/apt\.extended_states\.6\.gz$ HiSerMemberLog + if [ $IGNORE_ARCHIVES = yes ]; then echo !$ARCHIVESDIR/[-a-zA-Z0-9%\.~_+]+_(@@{ARCH}|all)\.deb$ fi diff --git a/debian/aide.conf.d/31_aide_munin b/debian/aide.conf.d/31_aide_munin index ce05b60..71e64b6 100644 --- a/debian/aide.conf.d/31_aide_munin +++ b/debian/aide.conf.d/31_aide_munin @@ -10,7 +10,7 @@ !/var/run/munin/munin-(update|datafile|graph|limits|html)\.lock$ /var/lib/munin/(limits|datafiles|munin-(update|graph)\.stats)$ VarFile !/var/lib/munin/munin-(update|graph)\.stats\.tmp$ -/var/lib/munin/plugin-state/(exim_mailstats|(smart-[sh]d[a-z]|munin-cupsys-pages)\.state)$ VarFile +/var/lib/munin/plugin-state/(exim_mailstats(-(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5]))?|(smart-[sh]d[a-z]|munin-cupsys-pages)\.state)$ VarFile /var/lib/munin/plugin-state/(postfix_mailvolume|_proc_net_tcp[6]?)$ VarFile /var/lib/munin/datafile$ VarFile /var/lib/munin$ VarDir diff --git a/debian/aide.conf.d/31_aide_rkhunter b/debian/aide.conf.d/31_aide_rkhunter index 49dfce4..26cbeba 100644 --- a/debian/aide.conf.d/31_aide_rkhunter +++ b/debian/aide.conf.d/31_aide_rkhunter @@ -1,4 +1,5 @@ -/var/lib/rkhunter/db/(rkhunter\.dat(\.old)?|(mirrors|rkhunter_prop_list)\.dat)$ VarTime +/var/lib/rkhunter/db/(mirrors|rkhunter_prop_list)\.dat$ VarTime +/var/lib/rkhunter/db/rkhunter\.dat(\.old)?$ InodeData /var/lib/rkhunter/tmp/(group|passwd)$ VarFile /var/lib/rkhunter/(db|tmp)$ VarDir /var/log/rkhunter\.log$ Log What would the release team prefer to get these fixes into squeeze: - upload aide 0.15.1 to unstable, let it migrate to squeeze - update aide 0.15 with the patches that virtually make it aide 0.15.1? - Add the rule patches or not? Please indicate what you would prefer. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100911183615.ge23...@torres.zugschlus.de
Re: aide 0.15 in unstable - please consider a freeze exception
On Tue, Aug 24, 2010 at 17:25:45 +0200, Marc Haber wrote: ping. aide 0.15 has now been running ok on all my servers, and no bugs have been reported. I think it's safe to allow aide into squeeze. Unblocked. Cheers, Julien signature.asc Description: Digital signature
Re: aide 0.15 in unstable - please consider a freeze exception
On Wed, Aug 25, 2010 at 11:46:13AM +0200, Julien Cristau wrote: On Tue, Aug 24, 2010 at 17:25:45 +0200, Marc Haber wrote: ping. aide 0.15 has now been running ok on all my servers, and no bugs have been reported. I think it's safe to allow aide into squeeze. Unblocked. Thanks! Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100825103017.ga16...@torres.zugschlus.de
Re: aide 0.15 in unstable - please consider a freeze exception
On Fri, Aug 13, 2010 at 07:05:46PM +0200, Marc Haber wrote: On Tue, Aug 10, 2010 at 10:21:18PM -0400, Julien Cristau wrote: On Mon, Aug 9, 2010 at 17:11:25 +0200, Marc Haber wrote: I have uploaded the diffs to http://q.bofh.de/~mh/stuff/diff (full diff) http://q.bofh.de/~mh/stuff/manual-diff (generated files and irrelevant changes removed) for your review. I'd really appreciate an appropriate exception. Thanks, the stripped down diff looks sane on a quick glance. Can you upload to unstable, make sure the package is as well tested as possible, and get back to us in a couple of weeks (or whenever you're confident that it's ready for squeeze)? Hannes uploaded, and I will ping you in about two weeks (should no bugs arise). ping. aide 0.15 has now been running ok on all my servers, and no bugs have been reported. I think it's safe to allow aide into squeeze. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100824152545.gg21...@torres.zugschlus.de
Re: aide 0.15 in unstable - please consider a freeze exception
On Tue, Aug 10, 2010 at 10:21:18PM -0400, Julien Cristau wrote: On Mon, Aug 9, 2010 at 17:11:25 +0200, Marc Haber wrote: I have uploaded the diffs to http://q.bofh.de/~mh/stuff/diff (full diff) http://q.bofh.de/~mh/stuff/manual-diff (generated files and irrelevant changes removed) for your review. I'd really appreciate an appropriate exception. Thanks, the stripped down diff looks sane on a quick glance. Can you upload to unstable, make sure the package is as well tested as possible, and get back to us in a couple of weeks (or whenever you're confident that it's ready for squeeze)? Hannes uploaded, and I will ping you in about two weeks (should no bugs arise). Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100813170546.gb10...@torres.zugschlus.de
Re: aide 0.15 in unstable - please consider a freeze exception
On Mon, Aug 9, 2010 at 17:11:25 +0200, Marc Haber wrote: I have uploaded the diffs to http://q.bofh.de/~mh/stuff/diff (full diff) http://q.bofh.de/~mh/stuff/manual-diff (generated files and irrelevant changes removed) for your review. I'd really appreciate an appropriate exception. Thanks, the stripped down diff looks sane on a quick glance. Can you upload to unstable, make sure the package is as well tested as possible, and get back to us in a couple of weeks (or whenever you're confident that it's ready for squeeze)? Cheers, Julien signature.asc Description: Digital signature
aide 0.15 in unstable - please consider a freeze exception
Hi, on Friday, aide upstream released aide 0.15. The upstream changes were mostly done by by Hannes von Haugwitz, who has also done a lot of work in aide's Debian packaging recently. aide 0.15 is already in experimental. I would like to ask the release team for their kind permission to upload aide 0.15 to unstable and to allow it to migrate to testing after the regular migration wait to testing. The diff between aide_0.14.2 and aide_0.15 seems rather large (around a megabyte), which is caused by lex and yacc being used to generate the configuration file parsing code. With the generated parts of the upstream tarball removed, the diff is about 90 KB large diffstat: aide-0.15/Makefile.in |1 aide-0.15/NEWS |7 aide-0.15/config.h.in |3 aide-0.15/configure.in | 20 aide-0.15/contrib/aide-attributes.sh |2 aide-0.15/debian/NEWS | 18 aide-0.15/debian/aide.conf.d/31_aide_apt |2 aide-0.15/debian/aide.conf.d/31_aide_dhcp3-client |2 aide-0.15/debian/aide.conf.d/31_aide_kerberos |2 aide-0.15/debian/aide.conf.d/31_aide_pm-utils |1 aide-0.15/debian/aide.conf.d/31_aide_smartmontools |3 aide-0.15/debian/aide.conf.in | 23 aide-0.15/debian/changelog | 57 ++ aide-0.15/debian/control |7 aide-0.15/debian/copyright |8 aide-0.15/debian/cron.daily/aide | 107 ++-- aide-0.15/debian/rules |2 aide-0.15/doc/Makefile.in |1 aide-0.15/doc/aide.1 |2 aide-0.15/doc/aide.1.in|2 aide-0.15/doc/aide.conf.5 | 30 - aide-0.15/doc/aide.conf.5.in | 30 - aide-0.15/doc/aide.conf.in | 13 aide-0.15/doc/manual.html | 13 aide-0.15/include/Makefile.in |1 aide-0.15/include/db_config.h | 14 aide-0.15/include/do_md.h |7 aide-0.15/include/gen_list.h |5 aide-0.15/include/list.h |4 aide-0.15/src/Makefile.am |2 aide-0.15/src/Makefile.in |3 aide-0.15/src/aide.c | 29 - aide-0.15/src/commandconf.c| 14 aide-0.15/src/compare_db.c | 552 + aide-0.15/src/conf_lex.l |9 aide-0.15/src/conf_yacc.y | 20 aide-0.15/src/db.c | 11 aide-0.15/src/db_disk.c|5 aide-0.15/src/db_file.c|9 aide-0.15/src/do_md.c | 25 aide-0.15/src/gen_list.c | 31 - aide-0.15/src/list.c | 67 ++ aide-0.15/version.m4 |2 include/compare_db.h | 11 44 files changed, 759 insertions(+), 418 deletions(-) debian/changelog: +aide (0.15-1) experimental; urgency=low + + * new upstream version + * debian/aide.conf.in: +- added grouped option (by default enabled) + * debian/control: +- aide-common: replaced Conflicts with Breaks/Replaces + + -- Hannes von Haugwitz han...@vonhaugwitz.com Sun, 08 Aug 2010 21:37:10 +0200 + +aide (0.14.2.git20100726-1) experimental; urgency=low + + * new upstream git snapshot, changes include: +- fit detailed output in 80 columns (closes: #146112) +- added new attribute 'ftype' for file type change detection +- added new attribute 'e2fsattrs' file attributes on a second extended + file system +- sort files in report by filename (see: #146113) +- new grouped option + * debian/control: +- bumped to Standards-Version 3.9.1 (no changes necessary) +- added e2fslibs-dev to build dependencies + * cron.daily/aide: +- fixed spelling error + * debian/rules: +- enabled e2fsattrs support + * debian/aide.conf.in: +- removed whirlpool from Checksums +- added ftype to OwnerMode +- added e2fsattrs to InodeData, VarFile, VarDir, VarDirInode and Log + * debian/copyright: +- updated upstream copyright +- added myself as co-maintainer + * cron.daily/aide: +- adjusted script to work with new upstream git snapshot +- replaced New with Added in End of AIDE output message +- don't fail when aide.conf contains white spaces, thanks to Adam Bolte + for the patch (LP: #302669) +- update configuration file before parsing it +- exit with code 1 if database doesn't exist +- include database name
Request permission to upload aide 0.13
Hi release managers! I'd like to upload aide 0.13 (upstream stable), because this version fixes numerous nasty bugs reported upstream (but not to the Debian bts) and to the Debian BTS. Aide has received a lot of attention lately. I'd like to see it in etch. I don't expect any RC bug arising with this new version. The only packages depending on aide are harden-environment and checksecurity, and aide's interface has not changed. Do you (the RMs) allow me to upload it to sid (for inclusion into etch)? Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Request permission to upload aide 0.13
* Marc Haber ([EMAIL PROTECTED]) [061128 15:22]: Do you (the RMs) allow me to upload it to sid (for inclusion into etch)? Same as with nagios2. Cheers, Andi -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]