!72 Fix double free for SIGUSR1

From: @yixiangzhike 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

aide.spec

@@ -1,6 +1,8 @@
+%bcond_without have_check
+
 Name:       aide
 Version:    0.17.4
-Release:    1
+Release:    6
 Summary:    Advanced Intrusion Detection Environment
 License:    GPLv2+
 URL:        http://sourceforge.net/projects/aide
@@ -12,11 +14,20 @@ BuildRequires:  gcc make bison flex pcre2-devel libgpg-error-devel libgcrypt-dev
 BuildRequires:  libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audit-libs-devel
 # command autoreconf needs autoconf and automake
 BuildRequires:  autoconf automake
+# for make check
+%if %{with have_check}
+BuildRequires:  check-devel
+%endif
+# for sm3 support
+Requires:  libgcrypt-sm3
 
 Patch0:    Add-sm3-algorithm-for-aide.patch 
 Patch1:    backport-Handle-malformed-database-lines.patch
 Patch2:    backport-Fix-handling-of-duplicate-database-entries.patch
 Patch3:    backport-Switch-from-PCRE-to-PCRE2-closes-116.patch
+Patch4:    backport-Fix-condition-for-error-message-of-failing-to-open-g.patch
+Patch5:    backport-Use-signal-safe-write-function-in-signal-handler.patch
+Patch6:    backport-Handle-SIGUSR1-only-after-config-parsing.patch
 
 %description
 AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker.
@@ -43,6 +54,11 @@ install -Dpm0644 %{S:2} %{buildroot}%{_sysconfdir}/logrotate.d/aide
 mkdir -p %{buildroot}%{_localstatedir}/log/aide
 mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
 
+%check
+%if %{with have_check}
+make check
+%endif
+
 %pre
 
 %preun
@@ -67,6 +83,36 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
 %{_mandir}/*/*
 
 %changelog
+* Thu Apr 17 2025 yixiangzhike <yixiangzhike007@163.com> - 0.17.4-6
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: backport upstream patch to fix double free for SIGUSR1
+
+* Thu Jan 9 2025 yixiangzhike <yixiangzhike007@163.com> - 0.17.4-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: backport upstream patch to use signal safe write function in signal handler
+
+* Thu Jul 4 2024 yixiangzhike <yixiangzhike007@163.com> - 0.17.4-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: backport upstream patch to fix error condition checking
+
+* Tue Apr 25 2023 yixiangzhike <yixiangzhike007@163.com> - 0.17.4-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: add Requires:libgcrypt-sm3 to support sm3
+
+* Tue Mar 28 2023 yixiangzhike <yixiangzhike007@163.com> - 0.17.4-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: enable make check
+
 * Thu Oct 20 2022 yixiangzhike <yixiangzhike007@163.com> - 0.17.4-1
 - Type:enhancement
 - ID:NA

backport-Fix-condition-for-error-message-of-failing-to-open-g.patch

@@ -0,0 +1,27 @@
+From 87bd10564bb2497d9e6f03f12f4dd246fbcb1443 Mon Sep 17 00:00:00 2001
+From: Mingjie Shen <shen497@purdue.edu>
+Date: Tue, 14 Nov 2023 16:00:05 -0500
+Subject: [PATCH] Fix condition for error message of failing to open gzipped
+ files
+
+gzfh should be checked, instead of fh.
+---
+ src/be.c  | 2 +-
+ 2 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/src/be.c b/src/be.c
+index 39592cd..9ddaa48 100644
+--- a/src/be.c
++++ b/src/be.c
+@@ -160,7 +160,7 @@ void* be_init(bool readonly, url_t* u, bool iszipped, bool append, int linenumbe
+ #ifdef WITH_ZLIB
+     if(iszipped && !readonly){
+       gzFile gzfh = gzdopen(a,"w");
+-      if(fh==NULL){
++      if(gzfh==NULL){
+ 	log_msg(LOG_LEVEL_ERROR,"couldn't reopen file descriptor %li",a);
+       }
+       return gzfh;
+-- 
+2.33.0
+

backport-Handle-SIGUSR1-only-after-config-parsing.patch

@@ -0,0 +1,52 @@
+From 04b51aa49461a2e762a7d363cabcd73718023250 Mon Sep 17 00:00:00 2001
+From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
+Date: Tue, 25 Mar 2025 19:19:37 +0100
+Subject: [PATCH] Handle SIGUSR1 only after config parsing
+
+* closes: #181
+---
+ src/aide.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/aide.c b/src/aide.c
+index e935794..beb8c01 100644
+--- a/src/aide.c
++++ b/src/aide.c
+@@ -91,14 +91,11 @@ static void usage(int exitvalue)
+ 
+ static void sig_handler(int);
+ 
+-static void init_sighandler()
++static void init_db_sighandler()
+ {
+   signal(SIGBUS,sig_handler);
+   signal(SIGTERM,sig_handler);
+-  signal(SIGUSR1,sig_handler);
+   signal(SIGHUP,sig_handler);
+-
+-  return;
+ }
+ 
+ static void sig_handler(int signum)
+@@ -557,7 +554,7 @@ int main(int argc,char**argv)
+   textdomain(PACKAGE);
+ #endif
+   umask(0177);
+-  init_sighandler();
++  init_db_sighandler();
+ 
+   setdefaults_before_config();
+ 
+@@ -584,6 +581,9 @@ int main(int argc,char**argv)
+ 
+   setdefaults_after_config();
+ 
++  log_msg(LOG_LEVEL_DEBUG, "initialize signal handler for SIGUSR1");
++  signal(SIGUSR1,sig_handler);
++
+   log_msg(LOG_LEVEL_CONFIG, "report_urls:");
+   log_report_urls(LOG_LEVEL_CONFIG);
+ 
+-- 
+2.33.0
+

backport-Use-signal-safe-write-function-in-signal-handler.patch

@@ -0,0 +1,63 @@
+From f1728dc97c981d76fd913102a822c71c35c58946 Mon Sep 17 00:00:00 2001
+From: Hannes von Haugwitz <hannes@vonhaugwitz.com>
+Date: Sat, 9 Jul 2022 23:06:36 +0200
+Subject: [PATCH] Use signal-safe write function in signal handler
+
+* closes: #100
+---
+ src/aide.c                                    | 20 +++---
+ 1 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/aide.c b/src/aide.c
+index 30e2942..e935794 100644
+--- a/src/aide.c
++++ b/src/aide.c
+@@ -103,33 +103,37 @@ static void init_sighandler()
+ 
+ static void sig_handler(int signum)
+ {
++  char *str;
+   switch(signum){
+   case SIGBUS  : {
+     if(conf->catch_mmap==1){
+-      log_msg(LOG_LEVEL_NOTICE, "Caught SIGBUS while mmapping. File was truncated while aide was running?");
++      str = "Caught SIGBUS while mmapping. File was truncated while aide was running?\n";
++      write(STDERR_FILENO ,str, strlen(str));
+       conf->catch_mmap=0;
+     } else {
+-      log_msg(LOG_LEVEL_ERROR, "Caught SIGBUS. Exiting");
++      str = "Caught SIGBUS. Exiting\n";
++      write(STDERR_FILENO ,str, strlen(str));
+       exit(EXIT_FAILURE);
+     }
+     break;
+   }
+   case SIGHUP : {
+-    log_msg(LOG_LEVEL_INFO, "Caught SIGHUP");
++    str = "Caught SIGHUP. Ignoring\n";
++    write(STDERR_FILENO ,str, strlen(str));
+     break;
+   }
+   case SIGTERM : {
+-    log_msg(LOG_LEVEL_INFO, "Caught SIGTERM. Use SIGKILL to terminate");
++    str = "Caught SIGTERM. Use SIGKILL to terminate\n";
++    write(STDERR_FILENO ,str, strlen(str));
+     break;
+   }
+   case SIGUSR1 : {
+-    log_msg(LOG_LEVEL_INFO, "Caught SIGUSR1, toggle debug level: set log level to %s", get_log_level_name(toogle_log_level(LOG_LEVEL_DEBUG)));
++    str = "Caught SIGUSR1, toggle debug level\n";
++    write(STDERR_FILENO ,str, strlen(str));
++    toogle_log_level(LOG_LEVEL_DEBUG);
+     break;
+   }
+   }
+-  init_sighandler();
+-
+-  return;
+ }
+ 
+ static void print_version(void)
+-- 
+2.33.0
+