diff --git a/.cvsignore b/.cvsignore index 9462162..e8bbf4c 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -sectool-0.9.4.tar.bz2 +sectool-0.9.5.tar.bz2 diff --git a/sectool-0.9.2-optflags.patch b/sectool-0.9.2-optflags.patch deleted file mode 100644 index 9779cf7..0000000 --- a/sectool-0.9.2-optflags.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up sectool-0.9.2/src/Makefile~ sectool-0.9.2/src/Makefile ---- sectool-0.9.2/src/Makefile~ 2008-11-13 11:08:40.000000000 +0200 -+++ sectool-0.9.2/src/Makefile 2009-04-23 00:19:30.000000000 +0300 -@@ -1,7 +1,7 @@ - include ../sectool.mk - - CC= gcc --CFLAGS= -Wall -O2 -ffast-math -I. -D_FILE_OFFSET_BITS=64 -DTEST_SELINUX -I/usr/include/rpm -+CFLAGS= -Wall -O2 -ffast-math $(RPM_OPT_FLAGS) -I. -D_FILE_OFFSET_BITS=64 -DTEST_SELINUX -I/usr/include/rpm - LDFLAGS= -lrpm -lselinux - - SRCS_sectool=sectool.c diff --git a/sectool-0.9.3-ext4.patch b/sectool-0.9.3-ext4.patch deleted file mode 100644 index b06d0b8..0000000 --- a/sectool-0.9.3-ext4.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up sectool-0.9.3/tests/03_filesystem.dsc.ext4 sectool-0.9.3/tests/03_filesystem.dsc ---- sectool-0.9.3/tests/03_filesystem.dsc.ext4 2009-07-14 15:18:11.472860778 +0200 -+++ sectool-0.9.3/tests/03_filesystem.dsc 2009-07-14 15:18:32.558798787 +0200 -@@ -15,7 +15,7 @@ GROUPS="filesystem packages selinux" - AUTHOR="Dan Kopecek " - - [DEFAULT] --FSTYPES="ext2 ext3 reiserfs xfs" -+FSTYPES="ext2 ext3 ext4 reiserfs xfs" - EXCLUDE="/var/lib/misc - /var/lib/mock" - INCLUDE="/bin diff --git a/sectool-0.9.4-dbus-fix.patch b/sectool-0.9.4-dbus-fix.patch deleted file mode 100644 index de4da67..0000000 --- a/sectool-0.9.4-dbus-fix.patch +++ /dev/null @@ -1,156 +0,0 @@ -diff -up sectool-0.9.4/org.fedoraproject.sectool.mechanism.conf.old sectool-0.9.4/org.fedoraproject.sectool.mechanism.conf ---- sectool-0.9.4/org.fedoraproject.sectool.mechanism.conf.old 2009-09-01 10:20:23.000000000 +0200 -+++ sectool-0.9.4/org.fedoraproject.sectool.mechanism.conf 2010-03-10 14:51:48.564326918 +0100 -@@ -9,7 +9,7 @@ - - - -- -+ - - - -diff -up sectool-0.9.4/org.fedoraproject.sectool.policy.old sectool-0.9.4/org.fedoraproject.sectool.policy ---- sectool-0.9.4/org.fedoraproject.sectool.policy.old 2009-08-24 16:43:10.000000000 +0200 -+++ sectool-0.9.4/org.fedoraproject.sectool.policy 2010-03-10 14:51:51.858326825 +0100 -@@ -20,8 +20,9 @@ - Run level - System policy prevents run level - -- no -- auth_admin -+ no -+ auth_admin_keep -+ auth_admin_keep - - - -@@ -29,9 +30,9 @@ - Run tests - System policy prevents run tests - -- no -- no -- auth_admin -+ auth_admin_keep -+ auth_admin_keep -+ auth_admin_keep - - - -diff -up sectool-0.9.4/src/sectool-gui.py.old sectool-0.9.4/src/sectool-gui.py ---- sectool-0.9.4/src/sectool-gui.py.old 2010-03-10 14:50:07.111201828 +0100 -+++ sectool-0.9.4/src/sectool-gui.py 2010-03-10 14:52:01.219201762 +0100 -@@ -712,10 +712,14 @@ class DBusCaller(object): - - def __init__(self): - -+ #print "DBusCaller::init::start" - self.timeout = -1 -+ self.auth = 0 -+ #print "DBusCaller::init::SystemBus()" - self.bus = dbus.SystemBus () - #self.bus_name = dbus.service.BusName('org.fedoraproject.sectool.mechanism', self.bus) -- self.dbus_action_object = self.bus.get_object ("org.fedoraproject.sectool.mechanism", "/org/fedoraproject/sectool/object") -+ #self.dbus_action_object = self.bus.get_object ("org.fedoraproject.sectool.mechanism", "/org/fedoraproject/sectool/object") -+ #print "DBusCaller::init::end" - - def get_action(self, action): - """ Get action from dbus sectool mechanism """ -@@ -723,7 +727,7 @@ class DBusCaller(object): - - @staticmethod - def error_handler(error): -- #print "ERROR: ", error -+ print "[ASYNC ERROR]: ", error - pass # We will recieve an error that timeout has expired - - @staticmethod -@@ -736,12 +740,16 @@ class DBusCaller(object): - - def close(self): - self.bus.flush() -- self.bus.close() -+ #self.bus.close() # can't close this, cause it will close main loop - - def run( self, args, file ): - -- auth = slip.dbus.polkit.IsSystemBusNameAuthorized( self.bus.get_unique_name(), "org.fedoraproject.sectool.runtests" ) -+ #print "DBusCaller::run::start" -+ #if (self.auth != 1): -+ self.auth = slip.dbus.polkit.IsSystemBusNameAuthorized( self.bus.get_unique_name(), "org.fedoraproject.sectool.runtests" ) -+ #print "DBusCaller::run::auth: \"",self.auth,"\" end" - self.runtests(args, file) -+ #print "DBusCaller::run::end" - - @slip.dbus.polkit.enable_proxy - def runtests( self, args, file ): -@@ -754,7 +762,7 @@ class DBusCaller(object): - [args, file], - reply_handler=self.reply_handler, - error_handler=self.error_handler, -- timeout=0.00) -+ timeout=10) - - - class ThreadHandler(threading.Thread, Handler): -@@ -845,6 +853,9 @@ class ThreadHandler(threading.Thread, Ha - """ - - self.readers = [] -+ # get action from dbus -+ #print "start dbus" -+ self.bus = DBusCaller() - for test in self.__suite: - - self.test = test -@@ -869,12 +880,10 @@ class ThreadHandler(threading.Thread, Ha - - # Block for dbus exceptions handling, here should be all code that manipulate with dBus - try: -- # get action from dbus -- bus = DBusCaller() -- - # Start new thread - reader to listen on socket and update GUI if something from dBus comes up - # We need to call reader here, because of passing bus to close connection and save processes -- reader = Reader( file, test.dsc['HEADER']['NAME'], self.fill_form, self.test_done, iter, bus ) -+ #print "start reader" -+ reader = Reader( file, test.dsc['HEADER']['NAME'], self.fill_form, self.test_done, iter, self.bus ) - reader.start() - # Add reader to readers pool - self.readers.append( reader ) -@@ -886,12 +895,15 @@ class ThreadHandler(threading.Thread, Ha - TODO: Look for async call, this is workaround using 0-timeout - If you use timeout=-1, it will be sequencial, all positives numbers are seconds in float - """ -- -- bus.run( self.__make_dbus_call( test.dsc["HEADER"]["NAME"] ), file ) -+ #print "run start" -+ self.bus.run( self.__make_dbus_call( test.dsc["HEADER"]["NAME"] ), file ) -+ #print "run end" - #bus.call( test.dsc["HEADER"]["NAME"], file ) - except dbus.DBusException, e: - # This should always happend. We need to be stopped by dBus to start new test in separate thread -+ raise e - if 'org.freedesktop.DBus.Error.NoReply' in e.get_dbus_name(): -+ print >>sys.stderr, "Not reply from DBus" - pass # maybe continue ? - # catch Authorization exception - elif 'NotAuthorizedException' in e.get_dbus_name(): -@@ -939,6 +951,7 @@ class ThreadHandler(threading.Thread, Ha - The testing process is going to die .. we have a little time to stop all tests correctly - """ - self.__stopthread.set( ) -+ self.bus.close() - for reader in self.readers: - reader.stop_thread() - -@@ -1056,7 +1069,7 @@ class Reader(threading.Thread): - def stop_thread(self): - - self.stop = True -- self.bus.close() -+ #self.bus.close() - - - diff --git a/sectool-0.9.4-deleted.patch b/sectool-0.9.4-deleted.patch deleted file mode 100644 index 5258e56..0000000 --- a/sectool-0.9.4-deleted.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up sectool-0.9.4/tests/netserv.sh.deleted sectool-0.9.4/tests/netserv.sh ---- sectool-0.9.4/tests/netserv.sh.deleted 2010-05-25 11:13:10.847410598 +0200 -+++ sectool-0.9.4/tests/netserv.sh 2010-05-25 11:14:25.615296772 +0200 -@@ -285,7 +285,10 @@ for p in ${PID[@]}; do - case "${FILE}" in - *.#prelink#.*) - FILE="`echo ${FILE} | sed -n 's|^\(.*\)\.#prelink#\..*$|\1|p'`" -- ;; -+ ;; -+ *\(deleted\)) -+ FILE="`echo ${FILE} | sed -n 's|^\(.*\)[[:space:]](deleted)$|\1|p'`" -+ ;; - esac - - case "`basename \"${FILE}\"`" in diff --git a/sectool-0.9.4-numcheck.patch b/sectool-0.9.4-numcheck.patch deleted file mode 100644 index 46a041b..0000000 --- a/sectool-0.9.4-numcheck.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff -up sectool-0.9.4/tests/bash_defs_debug.sh.numcheck sectool-0.9.4/tests/bash_defs_debug.sh ---- sectool-0.9.4/tests/bash_defs_debug.sh.numcheck 2010-06-02 13:33:14.224631406 +0200 -+++ sectool-0.9.4/tests/bash_defs_debug.sh 2010-06-02 13:33:37.983572856 +0200 -@@ -232,14 +232,14 @@ function check_file_perm () { - - if [[ -z "$2" ]]; then - test_exit ${E_FAIL} "check_file_perm: missing argument \$2" -- else -- if [[ "$2" != "0" ]]; then -- l_int numtest=$2 -- -- if (( numtest == 0 )); then -- test_exit ${E_FAIL} "check_file_perm: expected numeric value in \$2" -- fi -- fi -+# else -+# if [[ "$2" != "0" ]]; then -+# l_int numtest=$2 -+# -+# if (( numtest == 0 )); then -+# test_exit ${E_FAIL} "check_file_perm: expected numeric value in \$2" -+# fi -+# fi - fi - - if [[ -z "$3" ]]; then diff --git a/sectool-0.9.4-permissions.patch b/sectool-0.9.4-permissions.patch deleted file mode 100644 index 9a7b31f..0000000 --- a/sectool-0.9.4-permissions.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up sectool-0.9.4/tests/permissions.sh.perm sectool-0.9.4/tests/permissions.sh ---- sectool-0.9.4/tests/permissions.sh.perm 2009-08-24 15:34:48.000000000 +0200 -+++ sectool-0.9.4/tests/permissions.sh 2010-05-25 13:33:14.724541772 +0200 -@@ -25,25 +25,25 @@ E_DOESNT_EXIST=1 - E_WRONG_OWNER=2 - E_WRONG_PERM=3 - --dirs="/ 755 --/bin 755 --/boot 755 -+dirs="/ 555 -+/bin 555 -+/boot 555 - /dev 755 - /etc 755 - /home 755 --/lib 755 -+/lib 555 - /media 755 - /mnt 755 - /opt 755 --/root 750 --/sbin 755 -+/root 550 -+/sbin 555 - /srv 755 - /tmp 1777 - /usr 755 -- /usr/bin 755 -- /usr/sbin 755 -+ /usr/bin 555 -+ /usr/sbin 555 - /usr/include 755 -- /usr/lib 755 -+ /usr/lib 555 - /usr/share 755 - /usr/src 755 - /usr/local 755 -diff -up sectool-0.9.4/tests/shadow.sh.perm sectool-0.9.4/tests/shadow.sh ---- sectool-0.9.4/tests/shadow.sh.perm 2010-05-25 13:35:48.966534888 +0200 -+++ sectool-0.9.4/tests/shadow.sh 2010-05-25 13:36:02.557293905 +0200 -@@ -54,8 +54,8 @@ then - fi - - # permissions on /etc/shadow and /etc/gshadow should be 400, should be owned by root:root --check_file_perm $shadow 400 root:root 1 $E_BAD_PERMISSIONS_SHADOW "User shadow database" --check_file_perm $group_shadow 400 root:root 1 $E_BAD_PERMISSIONS_SHADOW "Group shadow database" -+check_file_perm $shadow 000 root:root 1 $E_BAD_PERMISSIONS_SHADOW "User shadow database" -+check_file_perm $group_shadow 000 root:root 1 $E_BAD_PERMISSIONS_SHADOW "Group shadow database" - - - { diff --git a/sectool-0.9.4-pk1.patch b/sectool-0.9.4-pk1.patch deleted file mode 100644 index 016efee..0000000 --- a/sectool-0.9.4-pk1.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up sectool-0.9.4/Makefile.old sectool-0.9.4/Makefile ---- sectool-0.9.4/Makefile.old 2009-11-19 13:36:45.680545213 +0100 -+++ sectool-0.9.4/Makefile 2009-11-19 13:37:05.108513565 +0100 -@@ -25,7 +25,7 @@ install: - mkdir -p $(DESTDIR)$(PKGDATADIR) - mkdir -p $(DESTDIR)$(PKGDATADIR)/scheduler - #mkdir -p $(DESTDIR)$(PKGDATADIR)/tests -- mkdir -p $(DESTDIR)$(DATADIR)/PolicyKit/policy/ -+ mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ - mkdir -p $(DESTDIR)$(SYSCONFDIR)/dbus-1/system.d/ - mkdir -p $(DESTDIR)$(DATADIR)/dbus-1/system-services/ - mkdir -p $(DESTDIR)$(LIBEXECDIR)/sectool/tests -@@ -78,7 +78,7 @@ install: - done && test -z "$$fail" - chmod a+x $(DESTDIR)$(PKGDATADIR)/sectool-mechanism.py - # PolicyKit -- install -p -m644 org.fedoraproject.sectool.policy $(DESTDIR)$(DATADIR)/PolicyKit/policy/ -+ install -p -m644 org.fedoraproject.sectool.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ - install -p -m644 org.fedoraproject.sectool.mechanism.conf $(DESTDIR)$(SYSCONFDIR)/dbus-1/system.d/ - install -p -m644 org.fedoraproject.sectool.mechanism.service $(DESTDIR)$(DATADIR)/dbus-1/system-services/ - diff --git a/sectool-0.9.4-policykit-fix.patch b/sectool-0.9.4-policykit-fix.patch deleted file mode 100644 index 5c46c4a..0000000 --- a/sectool-0.9.4-policykit-fix.patch +++ /dev/null @@ -1,84 +0,0 @@ -diff -up sectool-0.9.4/src/sectool-gui.py.old sectool-0.9.4/src/sectool-gui.py ---- sectool-0.9.4/src/sectool-gui.py.old 2009-12-08 17:11:31.417357216 +0100 -+++ sectool-0.9.4/src/sectool-gui.py 2010-01-13 14:37:49.817461379 +0100 -@@ -645,7 +645,7 @@ class TestHandler( Handler ): - """ Stop button has been pressed """ - - self.threadHandler.stop() #: give a short amount of time to stop the test by itself -- self.__signalHandler.kill_thread() #: kill the test by unix-style kill through os library -+ #self.__signalHandler.kill_thread() #: kill the test by unix-style kill through os library - - def show_message_hint( self, test, msg_id ): - """ Show info message in hintWindow """ -@@ -721,6 +721,16 @@ class DBusCaller(object): - """ Get action from dbus sectool mechanism """ - return self.dbus_action_object.get_dbus_method( action, "org.fedoraproject.sectool.mechanism" ) - -+ @staticmethod -+ def error_handler(error): -+ #print "ERROR: ", error -+ pass # We will recieve an error that timeout has expired -+ -+ @staticmethod -+ def reply_handler(): -+ #print "REPLY done." -+ pass -+ - def call(self, *p, **k): - self.bus.call_async(*p, **k) - -@@ -728,13 +738,23 @@ class DBusCaller(object): - self.bus.flush() - self.bus.close() - -+ def run( self, args, file ): -+ -+ auth = slip.dbus.polkit.IsSystemBusNameAuthorized( self.bus.get_unique_name(), "org.fedoraproject.sectool.runtests" ) -+ self.runtests(args, file) -+ - @slip.dbus.polkit.enable_proxy - def runtests( self, args, file ): - -- auth = slip.dbus.polkit.IsSystemBusNameAuthorized( self.bus.get_unique_name(), "org.fedoraproject.sectool.runtests" ) -- if auth == "yes": self.timeout = 0.00 -- self.dbus_action_object.runtests( args, file, timeout=self.timeout, dbus_interface = "org.fedoraproject.sectool.mechanism" ) -- #dbus_action( self.__make_dbus_call( test.dsc["HEADER"]["NAME"] ), file, timeout=0.00 ) -+ self.bus.call_async("org.fedoraproject.sectool.mechanism", -+ "/org/fedoraproject/sectool/object", -+ "org.fedoraproject.sectool.mechanism", -+ "runtests", -+ "ass", -+ [args, file], -+ reply_handler=self.reply_handler, -+ error_handler=self.error_handler, -+ timeout=0.00) - - - class ThreadHandler(threading.Thread, Handler): -@@ -867,7 +887,7 @@ class ThreadHandler(threading.Thread, Ha - If you use timeout=-1, it will be sequencial, all positives numbers are seconds in float - """ - -- bus.runtests( self.__make_dbus_call( test.dsc["HEADER"]["NAME"] ), file ) -+ bus.run( self.__make_dbus_call( test.dsc["HEADER"]["NAME"] ), file ) - #bus.call( test.dsc["HEADER"]["NAME"], file ) - except dbus.DBusException, e: - # This should always happend. We need to be stopped by dBus to start new test in separate thread -@@ -889,8 +909,6 @@ class ThreadHandler(threading.Thread, Ha - - while self.done < count: - if self.__stopthread.isSet(): -- for reader in self.readers: -- reader.stop_thread() - #self.__formatter.stopProgressBar() - break - time.sleep(2) -@@ -921,6 +939,8 @@ class ThreadHandler(threading.Thread, Ha - The testing process is going to die .. we have a little time to stop all tests correctly - """ - self.__stopthread.set( ) -+ for reader in self.readers: -+ reader.stop_thread() - - def __make_tmp_file( self ): - """ diff --git a/sectool-0.9.4-rpmio.patch b/sectool-0.9.4-rpmio.patch deleted file mode 100644 index a3a6c68..0000000 --- a/sectool-0.9.4-rpmio.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up sectool-0.9.4/src/Makefile.rpmio sectool-0.9.4/src/Makefile ---- sectool-0.9.4/src/Makefile.rpmio 2010-04-19 12:01:28.502222085 +0200 -+++ sectool-0.9.4/src/Makefile 2010-04-19 12:01:35.076221727 +0200 -@@ -2,7 +2,7 @@ include ../sectool.mk - - CC= gcc - CFLAGS= -Wall -O2 -ffast-math $(RPM_OPT_FLAGS) -I. -D_FILE_OFFSET_BITS=64 -DTEST_SELINUX -I/usr/include/rpm --LDFLAGS= -lrpm -lselinux -+LDFLAGS= -lrpm -lselinux -lrpmio - - SRCS_sectool=sectool.c - OBJS_sectool=$(SRCS_sectool:.c=.o) diff --git a/sectool-0.9.5-optflags.patch b/sectool-0.9.5-optflags.patch new file mode 100644 index 0000000..c47a3a9 --- /dev/null +++ b/sectool-0.9.5-optflags.patch @@ -0,0 +1,12 @@ +diff -up sectool-0.9.5/src/Makefile.optflags sectool-0.9.5/src/Makefile +--- sectool-0.9.5/src/Makefile.optflags 2010-06-04 11:35:47.000000000 +0200 ++++ sectool-0.9.5/src/Makefile 2010-06-04 11:51:19.428092050 +0200 +@@ -1,7 +1,7 @@ + include ../sectool.mk + + CC= gcc +-CFLAGS= -Wall -O2 -ffast-math -I. -D_FILE_OFFSET_BITS=64 -DTEST_SELINUX -I/usr/include/rpm ++CFLAGS= -Wall -O2 -ffast-math $(RPM_OPT_FLAGS) -I. -D_FILE_OFFSET_BITS=64 -DTEST_SELINUX -I/usr/include/rpm + LDFLAGS= -lrpm -lselinux -lrpmio + + SRCS_sectool=sectool.c diff --git a/sectool.spec b/sectool.spec index df1df45..bf8de21 100644 --- a/sectool.spec +++ b/sectool.spec @@ -1,18 +1,11 @@ Summary: A security audit system and intrusion detection system Name: sectool -Version: 0.9.4 -Release: 9%{?dist} +Version: 0.9.5 +Release: 1%{?dist} URL: https://hosted.fedoraproject.org/sectool/wiki/WikiStart Source0: https://fedorahosted.org/releases/s/e/sectool/%{name}-%{version}.tar.bz2 Source1: sectool.log -Patch1: sectool-0.9.2-optflags.patch -Patch2: sectool-0.9.4-pk1.patch -Patch3: sectool-0.9.4-policykit-fix.patch -Patch4: sectool-0.9.4-dbus-fix.patch -Patch5: sectool-0.9.4-rpmio.patch -Patch6: sectool-0.9.4-permissions.patch -Patch7: sectool-0.9.4-deleted.patch -Patch8: sectool-0.9.4-numcheck.patch +Patch1: sectool-0.9.5-optflags.patch License: GPLv2+ Group: Applications/System Requires: gettext coreutils python-slip-dbus PolicyKit dbus @@ -48,13 +41,6 @@ sectool-gui provides a GTK-based graphical user interface to sectool. %prep %setup -q %patch1 -p1 -b .optflags -%patch2 -p1 -b .pk1 -%patch3 -p1 -b .policykit -%patch4 -p1 -b .dbus -%patch5 -p1 -b .rpmio -%patch6 -p1 -b .perm -%patch7 -p1 -b .deleted -%patch8 -p1 -b .numcheck %build make %{?_smp_mflags} @@ -128,10 +114,13 @@ rm -rf $RPM_BUILD_ROOT %changelog -* Wed Jun 02 2010 Peter Vrabec - 0.9.4-9 +* Fri Jun 04 2010 Peter Vrabec - 0.9.5-1 +- upgrade + +* Wed Jun 02 2010 Peter Vrabec - 0.9.4-9 - skip a numeric check in debug mode -* Tue May 25 2010 Peter Vrabec - 0.9.4-8 +* Tue May 25 2010 Peter Vrabec - 0.9.4-8 - filter (deleted) files in netserv - create empty log file after installation - fix expected permissions on shadow/gshadow diff --git a/sources b/sources index 469a20f..3c19455 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fbd348268a8c5a5cf3004fb96a47e393 sectool-0.9.4.tar.bz2 +3f2496eaf10d690e899a0f8b3edb9853 sectool-0.9.5.tar.bz2