Merge branch '0.16a2'

Conflicts:
	configure.in

ChangeLog

@@ -1,3 +1,52 @@
+2013-05-20 Hannes von Haugwitz <[email protected]>
+	* Print checksums of databases in verbose level 2 or higher (closes
+	  feature request 1502032)
+	* Added new 'database_attrs' option
+	* configure.in: fixed compilation with selinux
+	* src/conf_lex.l, src/db_lex.l: fixed definition of YYDEBUG
+
+2013-05-18	Hannes von Haugwitz <[email protected]>
+	* configure.in: removed check for 'libcrypt'
+	* Renamed 'detailed_init_report' option to 'report_detailed_init'
+
+2013-05-17	Hannes von Haugwitz <[email protected]>
+	* configure.in:
+	  - fixed "suspicious cache-id" warnings
+	  - removed 'AC_CONFIG_MACRO_DIR' macro
+	* src/Makefile.am:
+	  - replaced INCLUDES with AM_CPPFLAGS
+
+2013-05-16	Hannes von Haugwitz <[email protected]>
+	* Handle tilde (~) in database paths and report urls
+	* src/compare_db.c: adjusted report layout
+
+2013-05-14	Hannes von Haugwitz <[email protected]>
+	* src/db.c: fixed segfault when dbconf->db_out is NULL
+	* Replaced fopen.c with the version from curl-7.30.0
+
+2013-05-08	Hannes von Haugwitz <[email protected]>
+	* src/compare_db.c:
+	  - fixed output of checksums
+	  - use size_t as the type of for loop variable
+
+2013-05-06	Hannes von Haugwitz <[email protected]>
+	* src/compare_db.c:
+	  - fixed return value of database initialization
+	  - minor code cleanup
+	* src/db_file.c, src/do_md.c:
+	  - fixed use of unportable %m format
+	* doc/aide.1.in:
+	  - fixed format in NOTES section
+	  - documented return value of '--compare' and '--update' command
+
+2013-05-04	Hannes von Haugwitz <[email protected]>
+	* src/compare_db.c:
+	  - changed minimum verbose level for printing the details
+	    about added and removed entries to 7
+	* README:
+	  - updated "Source Code Verification" section
+	* Released version 0.16a2
+
 2012-10-10	Hannes von Haugwitz <[email protected]>
 	* Added new default group X
 	* src/gen_list.c: fixed stripping of removed attributes

NEWS

@@ -2,14 +2,16 @@ Version 0.16 (NOT_YET_RELEASED)
 	* Enabled summarize_changes by default
 	* Compare database entries just once
 	* Added new root_prefix option
-	* Added new detailed_init_report option
+	* Added new database_attrs option
+	* Added new report_detailed_init option
 	* Added new report_base16 option
 	* Wrap attribute values instead of cut them off
 	* Side-by-side output of acl and xattrs values
 	* Use '|' to separate the old value from the new one
+	* Print checksums of databases in verbose level 2 or higher
 	* Print added or removed attributes of changed entries if forced
 	  via report_attributes
-	* Print details about added and removed entries in verbose level 6
+	* Print details about added and removed entries in verbose level 7
 	  or higher
 	* Print added and removed attribute values of changed entries in
 	  verbose level 6 or higher
@@ -22,6 +24,7 @@ Version 0.16 (NOT_YET_RELEASED)
 	* Added info about number of entries if aide found no changes or
 	  the database has been initialized
 	* Added new default group X
+	* Handle tilde (~) in database paths and report urls
 	* Bug fixes
 
 Version 0.15.1

README

@@ -1,7 +1,7 @@
 
              AIDE - Advanced Intrusion Detection Environment
             -------------------------------------------------
-                               Version 0.16a1
+                               Version 0.16a2
 
     This file is free software; as a special exception the author gives
     unlimited permission to copy and/or distribute it, with or without
@@ -86,17 +86,16 @@
 
       $ git verify-tag v<VERSION_NUMBER>
 
-    The key used to create this signature is:
+    The current public key needed for signature verification is:
 
-      pub   4096R/F4474E5A 2011-01-30 [expires: 2012-01-31]
-      uid                  Aide Developers <[email protected]>
+        pub   4096R/68E7B931 2011-06-28 [expires: 2017-06-26]
+        uid                  Hannes von Haugwitz <[email protected]>
 
-    If you do not have this key, you can get it from the SourceForge
-    web site or from one of the well known PGP key servers. You have
-    to make sure that the key you install is not a faked one. You can
-    do this with reasonable assurance by comparing the output of:
+    If you do not have this key, you can get it from one of the well known PGP
+    key servers. You have to make sure that the key you install is not a faked
+    one. You can do this with reasonable assurance by comparing the output of:
 
-      $ gpg --fingerprint 0xF4474E5A
+      $ gpg --fingerprint 0x68E7B931
 
     with the fingerprint published elsewhere.
 

configure.in

@@ -2,15 +2,14 @@ m4_include([version.m4])
 
 dnl Initialize autoconf/automake
 AC_INIT(aide, AIDE_VERSION)
-dnl AC_CONFIG_MACRO_DIR([m4])
 AC_CANONICAL_TARGET
 AM_INIT_AUTOMAKE
 
 AC_DEFINE_UNQUOTED(AIDEVERSION, "AIDE_VERSION")
 AH_TEMPLATE([AIDEVERSION], [package version])
 
 dnl The name of the configure h-file.
-AC_CONFIG_HEADERS([config.h])
+AM_CONFIG_HEADER(config.h)
 
 dnl Checks for programs.
 AC_PROG_CC
@@ -465,15 +464,26 @@ AC_ARG_WITH([selinux],
 )
 
 AS_IF([test "x$with_selinux_support" != xno],
-	[AC_DEFINE(WITH_SELINUX,1,[use SELinux])
-	if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists libselinux; then
-		SELINUXLIB=$(${PKG_CONFIG} --libs libselinux --static)
-	else
-		SELINUXLIB="-lselinux"
-	fi
+    AC_DEFINE(WITH_SELINUX,1,[use SELinux])
+    [AC_MSG_RESULT(yes)
+    if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists libselinux; then
+        if test "$aide_static_choice" == "yes"; then
+            SELINUXLIB=$(${PKG_CONFIG} --libs libselinux --static)
+        else
+            SELINUXLIB=$(${PKG_CONFIG} --libs libselinux)
+        fi
+    else
+    SELINUXLIB="-lselinux"
+    if test "$aide_static_choice" == "yes"; then
+        saveLIBS=$LIBS
+        LIBS="-static $SELINUXLIB"
+        AC_SEARCH_LIBS([lgetfilecon_raw], [], [], [SELINUXLIB="$SELINUXLIB -lpthread"])
+        LIBS=$saveLIBS
+    fi
+    fi
 	compoptionstring="${compoptionstring}WITH_SELINUX\\n"
 	aideextragroups="${aideextragroups}+selinux"
-	AC_MSG_RESULT(yes)],
+    ],
 	[AC_MSG_RESULT(no)]
 )
 
@@ -591,22 +601,24 @@ AC_CHECK_FUNC(lstat64,
 
 saved_CFLAGS="$CFLAGS"
 CFLAGS="$CFLAGS $AIDE_DEFS"
-AC_CACHE_CHECK([for LFS ino_t],AIDE_INO_TYPE,[
+AC_CACHE_CHECK([for LFS ino_t],ac_cv_ino_type,[
 AC_TRY_RUN([
 #include <unistd.h>
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }],
-AIDE_INO_TYPE=ino64_t,AIDE_INO_TYPE=ino_t,AIDE_INO_TYPE=cross)])
+ac_cv_ino_type=ino64_t,ac_cv_ino_type=ino_t,ac_cv_ino_type=cross)])
+AIDE_INO_TYPE=$ac_cv_ino_type
 
-AC_CACHE_CHECK([for LFS dirent],AIDE_DIRENT_TYPE,[
+AC_CACHE_CHECK([for LFS dirent],ac_cv_dirent_type,[
 AC_TRY_COMPILE([
 #include <unistd.h>
 #include <sys/types.h>
 #include <dirent.h>],
 [struct dirent64 de;],
-AIDE_DIRENT_TYPE=dirent64,AIDE_DIRENT_TYPE=dirent)])
+ac_cv_dirent_type=dirent64,ac_cv_dirent_type=dirent)])
+AIDE_DIRENT_TYPE=$ac_cv_dirent_type
 else
 	AIDE_LSTAT_FUNC="lstat"
 	AIDE_STAT_FUNC="stat"
@@ -926,9 +938,6 @@ AC_ARG_WITH(initial_errors_to,
 	AC_DEFINE_UNQUOTED(INITIALERRORSTO,"stderr",[send errors to stderr])
 )
 
-
-AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt))
-
 AC_MSG_CHECKING(for PostgresSQL support)
 AC_ARG_WITH([psql],
 	[AC_HELP_STRING([--with-psql],

doc/aide.1.in

@@ -54,7 +54,9 @@ Prints out the standard help message.
 .PP
 .SH DIAGNOSTICS
 Normally, the exit status is 0 if no errors occurred. Except when the
-.B --check
+.BR --check,
+.BR --compare " or"
+.B --update
 command was requested, in which case the exit status is defined as:
 .IP "1 * (new files detected?)     +"
 .IP "2 * (removed files detected?) +"
@@ -77,7 +79,7 @@ The checksums in the database and in the output are by default base64
 encoded (see also report_base16 option).
 To decode them you can use the following shell command:
 
-echo <encoded_checksum> | base64 -d | hexdump -v -e '32/1 "%02x" "\\n"'
+echo <encoded_checksum> | base64 \-d | hexdump \-v \-e '32/1 "%02x" "\\n"'
 
 .PP
 .SH FILES

doc/aide.conf.5.in

@@ -38,6 +38,14 @@ first is used. The default value is "@prefix@/etc/aide.db.new".
 .IP "database_new"
 The url from which the other database for \-\-compare is read.
 There is no default for this one.
+.IP "database_attrs"
+The attributes of the (uncompressed) database files which are to be added to
+the final report in verbose level 2 or higher. Only checksum attributes are
+supported. To disable set
+.I database_attrs
+to
+.RB ' E '.
+By default all compiled in checksums are added to the report.
 .IP "verbose"
 The level of messages that is output. This value can be 0-255
 inclusive. This parameter can only be given once. Value from the first
@@ -52,7 +60,7 @@ stdout.
 Whether to base16 encode the checksums in the report or not. Valid values are
 yes, true, no and false. The default is to report checksums not in base16 but
 in base64 encoding.
-.IP "detailed_init_report"
+.IP "report_detailed_init"
 Whether to report added files (verbose level >= 2) and their details (verbose
 level >=6) in initialization mode or not. Valid values are yes, true, no and
 false. The default is to not report added files or their details in init mode.

doc/manual.html

@@ -1,5 +1,5 @@
 <html>
-<head><title>AIDE Manual version 0.16a1</title>
+<head><title>AIDE Manual version 0.16a2</title>
 <meta name="cvsheader" content="
 $Id$
 ">

include/db.h

@@ -1,7 +1,7 @@
 /* aide, Advanced Intrusion Detection Environment
  *
- * Copyright (C) 1999-2002,2004,2005 Rami Lehti, Pablo Virolainen,
- * Richard van den Berg
+ * Copyright (C) 1999-2002,2004,2005,2013 Rami Lehti, Pablo Virolainen,
+ * Richard van den Berg, Hannes von Haugwitz
  * $Header$
  *
  * This program is free software; you can redistribute it and/or
@@ -33,7 +33,7 @@ int db_writespec(db_config*);
 
 int db_writeline(db_line*,db_config*);
 
-int db_close(db_config*);
+void db_close();
 
 void free_db_line(db_line* dl);