From 2038ff627d7ff80deea9641f558e3d2d025a15c4 Mon Sep 17 00:00:00 2001 From: Brian Cox Date: Sun, 27 Mar 2016 13:57:00 -0700 Subject: [PATCH] Added 2.4.3 ReadMe & Packaging notes, removed old RPM spec file --- ChangeLog | 8 +- Packaging | 17 +++ ReadMe-2.4.3 | 50 ++++++++ tripwire.spec | 342 -------------------------------------------------- 4 files changed, 72 insertions(+), 345 deletions(-) create mode 100644 Packaging create mode 100644 ReadMe-2.4.3 delete mode 100644 tripwire.spec diff --git a/ChangeLog b/ChangeLog index 12ea228..0bd4983 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,11 +6,13 @@ (see http://svnweb.freebsd.org/ports/head/security/tripwire/ ) * Fix handling of SHA hashes (with and without OpenSSL hash impl.) * Update GNU config.guess & config.sub to current versions - * Compilation fixes for assorted platforms - (Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable, SkyOS) + * Compilation fixes for various and sundry Posix-esque platforms + (Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, MidnightBSD, Haiku, Syllable, SkyOS) * Added script to bump buildys file timestaps, to fix spurious aclocal/automake errors on a fresh clone/untar/etc. - + * Update 'make dist' to bundle manpages & policy files + * Replace broken RPM spec w/ 'Packaging' doc that explains where to get packaging stuff. + 2011-11-21 Stephane Dudzinski * Bumping version to 2.4.2.2 diff --git a/Packaging b/Packaging new file mode 100644 index 0000000..e1b8bc6 --- /dev/null +++ b/Packaging @@ -0,0 +1,17 @@ +Packaging for Open Source Tripwire is maintained by various third parties: + + * RPM: http://pkgs.fedoraproject.org/cgit/rpms/tripwire.git/ + + * Debian: https://tracker.debian.org/pkg/tripwire + + * Gentoo: https://packages.gentoo.org/packages/app-admin/tripwire + + * FreeBSD Ports: http://svnweb.freebsd.org/ports/head/security/tripwire/ + + * FreshPorts (BSD): http://www.freshports.org/security/tripwire + + * NetBSD pkgsrc: http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/security/tripwire/README.html + NOTE: At present (March 2016), NetBSD provides the ancient Tripwire 1.2, from the mid-1990s. + That version lacks contemporary hash algorithms, and you probably don't want to use it. + + diff --git a/ReadMe-2.4.3 b/ReadMe-2.4.3 new file mode 100644 index 0000000..c051013 --- /dev/null +++ b/ReadMe-2.4.3 @@ -0,0 +1,50 @@ +What's new in Open Source Tripwire 2.4.3.0: + +* This update fixes compilation errors on modern compilers (GCC 4.7+ and LLVM/clang), +as well as some additional errors encountered on various platforms. This is intended +to supersede patches against 2.4.2.x, e.g. http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html +and the additional changes in the FreeBSD ports tree: http://svnweb.freebsd.org/ports/head/security/tripwire/ + +* This update also fixes handling of SHA hashes, which appears to have broken when +someone added support for using OpenSSL's hash algorithms vs. the ones in the OST tree. +This resulted in SHA hashes always being reported as 'AAAAAAAAAAAAAAAAA'. This is +now fixed for both with- and without-OpenSSL builds. + +* The 2.4.3 tree no longer contains an RPM spec file. Instead, the 'Packaging' file +points at where current RPM, Debian, & other package configs can be obtained. + +* The 'touchconfig.sh' script bumps file timestamps to prevent spurious make errors +(usually about a missing aclocal-1.8) on a fresh clone/untar/etc., which occur due +to all files in the tree initially having the same timestamps. The only case where +an 'autoreconf -i' is actually required is on SkyOS 5, where SIZEOF_LONG_LONG gets +defined incorrectly otherwise. + + +The update has been tested on a variety of platforms: + +Linuxes +- CentOS 7 (amd64) + gcc 4.8.5 +- Ubuntu 14.0.4 (amd64) + gcc 4.x +- RHEL 3.4 (Itanium) + gcc 3.4.3 + +OSX +- Mac OS X 10.11 + LLVM 7.0.2 / clang-700.1.81 + +BSDs +- FreeBSD 10.2 (amd64) + LLVM/clang +- OpenBSD 5.8 (amd64 & x86) + gcc 4.2.1 +- NetBSD 6.0 (x86) + gcc 4.5.1 +- DragonflyBSD 4.4.2 + gcc 5.2.1 +- MidnightBSD 0.7 + gcc 4.2.1 + +Other +- Solaris 10 x86 + gcc 3.4.3 +- OpenIndiana 151 + gcc 4.8.5 [an OpenSolaris/illumos distro] +- IBM AIX 5.2 + gcc 4.3.1 +- Minix 3.3.0 + LLVM/clang +- Debian GNU/Hurd 0.6 + gcc 4.9.2 +- Cygwin 2.4.1 (amd64) + gcc 5.3.0 +- Haiku R1 Alpha 4 + gcc 4 +- Syllable 0.67 + gcc 4.1.2 +- SkyOS 5 (beta 6947) + gcc 4.1.1 + diff --git a/tripwire.spec b/tripwire.spec deleted file mode 100644 index 2b91a7d..0000000 --- a/tripwire.spec +++ /dev/null @@ -1,342 +0,0 @@ -%define path_to_vi /bin/vi -%define path_to_sendmail /usr/sbin/sendmail - -Name: tripwire -Version: 2.4.3.0 -Release: 1%{?dist} -Summary: IDS (Intrusion Detection System) - -License: GPL -Group: Applications/System -Source0: https://github.com/Tripwire/tripwire-open-source/archive/master.zip -Source1: tripwire.cron.in -Source3: tripwire.gif -Source4: twcfg.txt.in -Source5: tripwire-setup-keyfiles.in -Source6: twpol.txt.in -Source7: README.Fedora.in -Source9: License-Issues -URL: http://www.tripwire.org/ -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - -BuildRequires: openssl-devel -Requires(post): sed - -Patch1: tripwire-siggen-man8.patch - -%description -Tripwire is a very valuable security tool for Linux systems, if it is -installed to a clean system. Tripwire should be installed right after -the OS installation, and before you have connected your system to a -network (i.e., before any possibility exists that someone could alter -files on your system). - -When Tripwire is initially set up, it creates a database that records -certain file information. Then when it is run, it compares a designated -set of files and directories to the information stored in the database. -Added or deleted files are flagged and reported, as are any files that -have changed from their previously recorded state in the database. When -Tripwire is run against system files on a regular basis, any file -changes will be spotted when Tripwire is run. Tripwire will report the -changes, which will give system administrators a clue that they need to -enact damage control measures immediately if certain files have been -altered. - -%prep -%setup -q -%{__cp} -p %{SOURCE3} . - -%patch1 -p1 -b .siggen.manpage - -%build -%{__chmod} 755 configure -# RPM_OPT_FLAGS break the code (deadlock). -export CXXFLAGS="-O -Wall -pipe -g" -./configure -q \ - path_to_vi=%{path_to_vi} \ - path_to_sendmail=%{path_to_sendmail} \ - --prefix=/ \ - --sysconfdir=%{_sysconfdir}/tripwire \ - --sbindir=%{_sbindir} \ - --libdir=%{_var}/lib \ - --mandir=%{_mandir} - -%{__make} %{?_smp_mflags} - -%install -%{__rm} -fr ${RPM_BUILD_ROOT} - -# Install the binaries. -%{__mkdir_p} ${RPM_BUILD_ROOT}%{_sbindir} -%{__install} -p -m755 bin/siggen ${RPM_BUILD_ROOT}%{_sbindir} -%{__install} -p -m755 bin/tripwire ${RPM_BUILD_ROOT}%{_sbindir} -%{__install} -p -m755 bin/twadmin ${RPM_BUILD_ROOT}%{_sbindir} -%{__install} -p -m755 bin/twprint ${RPM_BUILD_ROOT}%{_sbindir} - -# Install the man pages. -%{__mkdir_p} ${RPM_BUILD_ROOT}%{_mandir}/{man4,man5,man8} -%{__install} -p -m644 man/man4/*.4 ${RPM_BUILD_ROOT}%{_mandir}/man4/ -%{__install} -p -m644 man/man5/*.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/ -%{__install} -p -m644 man/man8/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ - -# Create configuration files from templates. -%{__rm} -fr _tmpcfg -%{__mkdir} _tmpcfg -for infile in %{SOURCE1} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE7} ; do - outfile=${infile##/*/} - outfile=${outfile%.*n} - cat ${infile} |\ - %{__sed} -e 's|@path_to_vi@|%{path_to_vi}|g' |\ - %{__sed} -e 's|@path_to_sendmail@|%{path_to_sendmail}|g' |\ - %{__sed} -e 's|@sysconfdir@|%{_sysconfdir}|g' |\ - %{__sed} -e 's|@sbindir@|%{_sbindir}|g' |\ - %{__sed} -e 's|@vardir@|%{_var}|g' >\ - _tmpcfg/${outfile} -done -%{__mv} _tmpcfg/{tripwire-setup-keyfiles,README.Fedora} . - -# Create the reports directory. -%{__install} -d -m700 ${RPM_BUILD_ROOT}%{_var}/lib/tripwire/report - -# Install the cron job. -%{__install} -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily -%{__install} -p -m755 _tmpcfg/tripwire.cron \ - ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/tripwire-check -%{__rm} _tmpcfg/tripwire.cron - -# Install configuration files. -%{__mkdir_p} ${RPM_BUILD_ROOT}%{_sysconfdir}/tripwire -for file in _tmpcfg/* ; do - %{__install} -p -m644 ${file} ${RPM_BUILD_ROOT}%{_sysconfdir}/tripwire -done - -# Install the keyfile setup script -%{__install} -p -m755 tripwire-setup-keyfiles ${RPM_BUILD_ROOT}%{_sbindir} - -# Fix permissions on documentation files. -%{__cp} -p %{SOURCE9} . -%{__chmod} 644 \ - ChangeLog COMMERCIAL COPYING TRADEMARK tripwire.gif \ - README.Fedora policy/policyguide.txt License-Issues - - -%clean -%{__rm} -rf ${RPM_BUILD_ROOT} - - -post -# Set the real hostname in twpol.txt -%{__sed} -i -e "s|localhost|$HOSTNAME|g" %{_sysconfdir}/tripwire/twpol.txt - - -%files -%defattr(0644,root,root,0755) -%doc ChangeLog COMMERCIAL COPYING TRADEMARK tripwire.gif -%doc README.Fedora policy/policyguide.txt License-Issues -%attr(0700,root,root) %dir %{_sysconfdir}/tripwire -%config(noreplace) %{_sysconfdir}/tripwire/twcfg.txt -%config(noreplace) %{_sysconfdir}/tripwire/twpol.txt -%attr(0755,root,root) %{_sysconfdir}/cron.daily/tripwire-check -%attr(0700,root,root) %dir %{_var}/lib/tripwire -%attr(0700,root,root) %dir %{_var}/lib/tripwire/report -%{_mandir}/*/* -%attr(0755,root,root) %{_sbindir}/* - - -%changelog -2016-03-25 -* Fri Mar 25 2016 Brian Cox 2.4.3.0 -- Bumping version to 2.4.3.0 -- Compilation fixes for gcc 4.7+ and LLVM/clang (see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/tripwire.html ) -- Absorb fixes from FreeBSD ports patchset (see http://svnweb.freebsd.org/ports/head/security/tripwire/ ) -- Fix handling of SHA hashes (with and without OpenSSL hash impl.) -- Update GNU config.guess & config.sub to current versions -- Compilation fixes for assorted platforms (Mac OS X, OpenBSD, OpenSolaris, Cygwin, Minix 3.x, GNU/Hurd, Haiku, Syllable, SkyOS) -- Added script to bump buildys file timestaps, to fix spurious aclocal/automake errors on a fresh clone/untar/etc. - -* Mon Nov 21 2011 Stephane Dudzinski 2.4.2.2 -- Updated spec file -- Updated version revision in reports and all -- Added experimental policy creation (see policy/policy_generator_readme.txt) -- Fixed report formating and sendmail issues -- Added Debian patches for crypto and hostnames -- Fixed compiling issue on recent GCC compilers (-fpermissive) - -* Wed Jul 13 2011 Stephane Dudzinski 2.4.2.1 -- Updated spec file to compile with 2.4.2.1 - -* Wed Feb 28 2007 Brandon Holbrook 2.4.1.1-1 -- Upgrade to upstream 2.4.1.1 (obsoletes gcc4 patch) -- Merge quickstart.txt into README.Fedora and fix doc bug (#161764) - -* Thu Dec 21 2006 Brandon Holbrook 2.4.0.1-4 -- Don't print anything at install time - -* Tue Dec 19 2006 Brandon Holbrook 2.4.0.1-3 -- Changed defattr to 644,755 -- removed BR: autoconf -- Inform users about README.Fedora instead of spamming the install - with catting the whole file - -* Wed Nov 15 2006 Brandon Holbrook 2.4.0.1-2 -- chmod'ed /etc/tripwire to 0700 -- Added sed to Requires(post) - -* Tue Aug 22 2006 Brandon Holbrook 2.4.0.1-1.4 -- Include COMMERCIAL file from upstream -- Print README.RPM on initial install -- Added _smp_mflags to make -- Removed ExclusiveArch: ix86 -- Replaced 2.3 with 2.4 in tripwire.txt - -* Tue Aug 22 2006 Brandon Holbrook 2.4.0.1-1.2 -- Updated to 2.4.0.1 - -* Fri Apr 7 2005 Michael Schwendt -- rebuilt - -* Tue Jun 15 2004 Keith G. Robertson-Turner 0:2.3.1-20.fdr.1 -- Revision bump to supersede Fedora Legacy -- Fixed a bogus entry in twpol.txt.in (modeprobe.conf -> modprobe.conf) - -* Thu Jun 10 2004 Keith G. Robertson-Turner 0:2.3.1-18.fdr.9 -- Applied Paul Herman's patch to fix a format string vulnerability in - pipedmailmessage.cpp - -* Sun Feb 29 2004 Keith G. Robertson-Turner 0:2.3.1-18.fdr.8 -- Default policy overhaul -- Spec cleanup - -* Sun Feb 22 2004 Keith G. Robertson-Turner 0:2.3.1-18.fdr.7 -- Moved documentation data out of package description - -* Sat Feb 21 2004 Keith G. Robertson-Turner 0:2.3.1-18.fdr.6 -- Removed explicit Buildrequires gcc-c++ - -* Fri Feb 20 2004 Keith G. Robertson-Turner 0:2.3.1-18.fdr.5 -- Finally moved twinstall.sh from the sysconfdir to the sbindir, since - it is not a configuration file. Fixes Red Hat bug #61855 -- Renamed twinstall.sh to tripwire-setup-keyfiles, since the name is - misleading. It is setting up keyfiles, not installing an application -- Minor correction to twinstall.sh (now tripwire-setup-keyfiles), which - made an incorrect reference to the site key rather than the local key -- Long overdue default policy update -- Added explicit Buildrequires gcc-c++, to satisfy mach - -* Thu Feb 19 2004 Keith G. Robertson-Turner 0:2.3.1-18.fdr.4 -- Fixed siggen.8 man page, broken command synopsis syntax. Submitted by - doclifter -- Set real hostname in post, so Tripwire works first time, without - editing twpol.txt -- More accurate package summary -- Spec cleanup - -* Fri Nov 28 2003 Keith G. Robertson-Turner 0:2.3.1-18.fdr.3 -- Thanks to Michael Schwendt for really cleaning up the Spec file -- The remaining parts of the original tripwire-2.3.1-gcc3.patch have - now been implemented -- Debuginfo fully builds now - -* Thu Nov 27 2003 Keith G. Robertson-Turner 0:2.3.1-18.fdr.2 -- Removed version specific grep dependency, since grep >= 2.3 is common -- Added openssl-devel and autoconf to build dependencies -- The tripwire-jbj.patch is now confirmed merged with tw-20030919.patch -- Added RPM optimisation flags option, disabled by default since it - breaks the code -- Fixed file permissions of packaged files - -* Wed Nov 26 2003 Keith G. Robertson-Turner 0:2.3.1-18.fdr.1 -- Implemented Paul Herman's tw-20030919.patch -- Removed the fhs gcc3 and jbj patches, which are now broken/obsoleted - by the above -- Both the mkstemp and rfc822 patches are still implemented -- Build uses autoconf for now -- Spec file given complete overhaul for stricter compliance. More to do - -* Wed Jan 22 2003 Tim Powers -- rebuilt - -* Sat Nov 16 2002 Jeff Johnson 2.3.1-16 -- rebuild from cvs. -- comment out debug messages to achieve compilation. -- include policyguide.txt (#72259). -- use mkstemp, not mktemp. - -* Fri Aug 02 2002 Mike A. Harris 2.3.1-14 -- Modified default sample twpol file to remove bogus warnings (#70502) - -* Fri Jun 21 2002 Tim Powers 2.3.1-13 -- automated rebuild - -* Sun May 26 2002 Tim Powers 2.3.1-12 -- automated rebuild - -* Wed May 22 2002 Mike A. Harris 2.3.1-11 -- Rebuilt in new build environment with gcc 3.1 - -* Tue Feb 26 2002 Mike A. Harris 2.3.1-9 -- Conditionalized gcc3 patch -- Added back the ExclusiveArch that is required but disappeared somewhere along - the line. -- Rebuild in new build environment - -* Thu Jan 31 2002 Mike A. Harris 2.3.1-7 -- Bump release and rebuild in new environment. -- (Elliot Lee) Add patch to make it build with gcc3. - -* Thu Aug 9 2001 Nalin Dahyabhai 2.3.1-5 -- define USE_FHS when USES_FHS is defined, so that the database winds up - in the right directory (#51332) -- update default twpol file to include files recently-added to the full - installation tree - -* Tue Jul 17 2001 Mike A. Harris 2.3.1-4 -- Applied bugfix for (#47276) to make tripwire email RFC822 compliant, using - patch in bugreport from Michael Schwendt - -* Tue Jul 10 2001 Mike A. Harris 2.3.1-3 -- Made package own dir /var/lib/tripwire - -* Mon Jun 25 2001 Nalin Dahyabhai -- update to 2.3.1-2 - -* Thu Mar 1 2001 Bill Nottingham -- rebuild, fix defattr. Weird. - -* Tue Feb 27 2001 Nalin Dahyabhai -- refresh from upstream -- modify the default policy to match the current tree more closely (#28744) -- make the text files 0644, not 0755 -- defattr for the sake of the docs - -* Wed Sep 20 2000 Nalin Dahyabhai -- change exclusivearch: i386 to exclusivearch: %%{ix86} (#17759) - -* Wed Aug 23 2000 Than Ngo -- remove copyleft information in specfile (Bug #16765) - -* Tue Aug 22 2000 Nalin Dahyabhai -- remove duplicate source files -- sync up description with specspo - -* Fri Aug 4 2000 Than Ngo -- remove Vendor and Distribution from specfile (Bug #15246) - -* Fri Aug 4 2000 Than Ngo -- starts tripwire --check if it was configured before. (Bug #15384) - -* Fri Aug 4 2000 Nalin Dahyabhai -- fix sense of checking for the database's existence in the cron job -- actually include twinstall.sh, twcfg.txt, twpol.txt - -* Thu Aug 3 2000 Than Ngo -- permission fix (bug #15246) - -* Mon Jul 31 2000 Nalin Dahyabhai -- add quickstart docs (Ed) -- tweak description text (Ed) - -* Thu Jul 20 2000 Nalin Dahyabhai -- update .spec file to follow RPM conventions -- add tripwire --check to cron.daily -