Date: Sun, 23 Jan 2022 23:02:42 GMT From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 06dbdc2155d4 - 2022Q1 - security/aide: Update to 0.17.4 Message-ID: <202201232302.20NN2gib018930@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2022Q1 has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=06dbdc2155d4edbe853e16ee56b1dfaeea62404e commit 06dbdc2155d4edbe853e16ee56b1dfaeea62404e Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-01-23 22:51:09 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-01-23 23:02:38 +0000 security/aide: Update to 0.17.4 Update aide to 0.17.4, fixing CVE-2021-45417. PR: 261407 Reported by: Yonas Yanfa <yonas.yanfa@gmail.com> Security: CVE-2021-45417 (cherry picked from commit 8fbfc5f93128b55b1ca8748cde645fe443c31c10) --- security/aide/Makefile | 2 +- security/aide/distinfo | 6 +++--- security/aide/files/patch-doc_aide.1 | 14 -------------- security/aide/files/patch-include_util.h | 10 ++++++++++ security/aide/files/patch-src_commandconf.c | 13 +++++++++++++ 5 files changed, 27 insertions(+), 18 deletions(-) diff --git a/security/aide/Makefile b/security/aide/Makefile index 20a64c443422..fbf829de0469 100644 --- a/security/aide/Makefile +++ b/security/aide/Makefile @@ -1,7 +1,7 @@ # Created by: Cy Schubert (Cy.Schubert@uumail.gov.bc.ca) PORTNAME= aide -PORTVERSION= 0.16.1 +PORTVERSION= 0.17.4 CATEGORIES= security MASTER_SITES= https://github.com/aide/aide/releases/download/v${PORTVERSION}/ diff --git a/security/aide/distinfo b/security/aide/distinfo index 05b3dba1c573..73ae932bb832 100644 --- a/security/aide/distinfo +++ b/security/aide/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1555181364 -SHA256 (aide-0.16.1.tar.gz) = 0f2b7cecc70c1a27d35c06c98804fcdb9f326630de5d035afc447122186010b7 -SIZE (aide-0.16.1.tar.gz) = 391531 +TIMESTAMP = 1642975384 +SHA256 (aide-0.17.4.tar.gz) = c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846 +SIZE (aide-0.17.4.tar.gz) = 331783 diff --git a/security/aide/files/patch-doc_aide.1 b/security/aide/files/patch-doc_aide.1 deleted file mode 100644 index 2dacc0a93438..000000000000 --- a/security/aide/files/patch-doc_aide.1 +++ /dev/null @@ -1,14 +0,0 @@ ---- doc/aide.1.orig 2016-07-25 14:09:52.000000000 -0700 -+++ doc/aide.1 2016-07-26 12:35:55.894637000 -0700 -@@ -103,9 +103,9 @@ - .SH FILES - .IP \fB${prefix}/etc/aide.conf\fR - Default aide configuration file. --.IP \fB${prefix}/etc/aide.db\fR -+.IP \fB/var/db/aide/aide.db\fR - Default aide database. --.IP \fB${prefix}/etc/aide.db.new\fR -+.IP \fB/var/db/aide/aide.db.new\fR - Default aide output database. - .SH SEE ALSO - .BR aide.conf (5) diff --git a/security/aide/files/patch-include_util.h b/security/aide/files/patch-include_util.h new file mode 100644 index 000000000000..100a2541214e --- /dev/null +++ b/security/aide/files/patch-include_util.h @@ -0,0 +1,10 @@ +--- include/util.h.orig 2022-01-19 12:03:06.000000000 -0800 ++++ include/util.h 2022-01-23 14:44:04.712694000 -0800 +@@ -24,6 +24,7 @@ + #include <string.h> + #include <stdbool.h> + #include <sys/types.h> ++#include "config.h" + #include "url.h" + + #define HEXD2ASC(x) (((x) < 10) ? ((x) + '0') : ((x) - 10 + 'A')) diff --git a/security/aide/files/patch-src_commandconf.c b/security/aide/files/patch-src_commandconf.c new file mode 100644 index 000000000000..d9c980015ee2 --- /dev/null +++ b/security/aide/files/patch-src_commandconf.c @@ -0,0 +1,13 @@ +--- src/commandconf.c.orig 2022-01-19 12:03:06.000000000 -0800 ++++ src/commandconf.c 2022-01-23 14:49:37.915576000 -0800 +@@ -226,8 +226,8 @@ + c=fgetc(db->fp); + if(c==(unsigned char)'\213'){ + log_msg(LOG_LEVEL_DEBUG,"db_input_wrapper(): handle gzip header"); +- lseek(fileno(db->fp),0L,SEEK_SET); +- db->gzp=gzdopen(fileno(db->fp),"rb"); ++ lseek(fileno((FILE *)(db->fp)),0L,SEEK_SET); ++ db->gzp=gzdopen(fileno((FILE *)(db->fp)),"rb"); + c=gzgetc(db->gzp); + log_msg(LOG_LEVEL_DEBUG, "db_input_wrapper(): first character after gzip header is: %c(%#X)\n",c,c); + if(c==-1) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202201232302.20NN2gib018930>