diff options
Diffstat (limited to 'app-forensics')
174 files changed, 7323 insertions, 0 deletions
diff --git a/app-forensics/afflib/Manifest b/app-forensics/afflib/Manifest new file mode 100644 index 000000000000..9ebb2e1e6b42 --- /dev/null +++ b/app-forensics/afflib/Manifest @@ -0,0 +1,3 @@ +DIST afflib-3.7.1.tar.gz 779366 SHA256 7759a36259a070ae087da43a94f23d4026de871e16144d8c32d7b446f5155db2 SHA512 695b5535b7cbe6e1f9b702b40f8606e2dbb604761e2617cc88a61d99f7e296f0dccdf8f21c03bdb79ce5d1fcce543b3d5d23e6bb5c99e31d094e838c16a9443b WHIRLPOOL e6b8c8022cf1405bc4db8697fb20b2e4e21d7b90a3d035acfc56cc6afd742af86d1cffa998903af6ec53b6e370fe8c87e1fcf3188d005c6a7dd56b1cff3ec591 +DIST afflib-3.7.3.tar.gz 569264 SHA256 0bc786efbe4443ee0935eaedf8813d5ba00194dbe8c3340923cb7e38a3120978 SHA512 6c626c01aa8a8a0df47d7a34f14ad25ae818fdf49f142d36a624f747a54cbba88cbf32b8fdb541b37e41b5c28549343e81b4c26b4802299bc6111c6c04cdf6f9 WHIRLPOOL 8775f5e5be09673315002fe5ae74d277c049b109d0d35a2f40af84f68c54d8a9a1b2865e2f792394cbdd403af55e0d7e21f9b3a725d9796d01c855d6c8b26447 +DIST afflib-3.7.4.tar.gz 569346 SHA256 74934ae60a76616442f1d593bdeb93dd6aa105b5dc8cee7e8e5d7529a77f46c0 SHA512 58791388a05d614dd5f219a74173de2ff0938a1f93b21e2dd0731aca52ea544ba60cc4325f0d284937467ce600a4302b7a2f724d84710ecc7f12db1a22a8e41c WHIRLPOOL db8d5f48aecc55bd4ee0e6f45552e37e6aa1621674d93a448ae5a5a6b3bba1ae9c40d8aac2211b6e27bf1ba72e1c998b9bb01e6c24298ef4287d7a117db9d820 diff --git a/app-forensics/afflib/afflib-3.7.1.ebuild b/app-forensics/afflib/afflib-3.7.1.ebuild new file mode 100644 index 000000000000..03f4ce9698da --- /dev/null +++ b/app-forensics/afflib/afflib-3.7.1.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" +PYTHON_DEPEND="python? 2" +AUTOTOOLS_AUTORECONF=1 + +inherit autotools-utils python + +DESCRIPTION="Library that implements the AFF image standard" +HOMEPAGE="https://github.com/simsong/AFFLIBv3" +SRC_URI="mirror://github/simsong/AFFLIBv3/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="amd64 hppa ppc x86" +IUSE="fuse ncurses python qemu readline s3 static-libs threads" + +RDEPEND="dev-libs/expat + dev-libs/openssl:0 + sys-libs/zlib + fuse? ( sys-fs/fuse ) + ncurses? ( sys-libs/ncurses ) + readline? ( sys-libs/readline:0 ) + s3? ( net-misc/curl )" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${P}-python-module.patch + "${FILESDIR}"/${PN}-3.6.12-pyaff-header.patch +) + +pkg_setup() { + if use python ; then + python_set_active_version 2 + python_pkg_setup + fi +} + +src_prepare() { + sed -e '/FLAGS/s: -g::' \ + -e 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' \ + -i configure.ac || die + + sed -i -e '/-static/d' tools/Makefile.am || die + + autotools-utils_src_prepare +} + +src_configure() { + # Hacks for automagic dependencies + use ncurses || export ac_cv_lib_ncurses_initscr=no + use readline || export ac_cv_lib_readline_readline=no + + local myeconfargs=( + $(use_enable fuse) + $(use_enable python) + $(use_enable qemu) + $(use_enable s3) + $(use_enable threads threading) + ) + autotools-utils_src_configure +} diff --git a/app-forensics/afflib/afflib-3.7.3.ebuild b/app-forensics/afflib/afflib-3.7.3.ebuild new file mode 100644 index 000000000000..90c764a48b87 --- /dev/null +++ b/app-forensics/afflib/afflib-3.7.3.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) +AUTOTOOLS_AUTORECONF=1 +AUTOTOOLS_PRUNE_LIBTOOL_FILES=modules + +inherit autotools-utils python-single-r1 + +MY_PN=AFFLIBv3 +MY_P=${MY_PN}-${PV} + +DESCRIPTION="Library that implements the AFF image standard" +HOMEPAGE="https://github.com/simsong/AFFLIBv3/" +SRC_URI="https://github.com/simsong/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +IUSE="fuse ncurses python qemu readline s3 static-libs threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND="dev-libs/expat + dev-libs/openssl:0 + sys-libs/zlib + fuse? ( sys-fs/fuse ) + ncurses? ( sys-libs/ncurses ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0 ) + s3? ( net-misc/curl )" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-3.7.1-python-module.patch + "${FILESDIR}"/${PN}-3.6.12-pyaff-header.patch +) + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + use python && python-single-r1_pkg_setup +} + +src_prepare() { + sed -i '/FLAGS/s: -g::' configure.ac || die + sed -i '/-static/d' tools/Makefile.am || die + + autotools-utils_src_prepare +} + +src_configure() { + # Hacks for automagic dependencies + use ncurses || export ac_cv_lib_ncurses_initscr=no + use readline || export ac_cv_lib_readline_readline=no + + local myeconfargs=( + $(use_enable fuse) + $(use_enable python) + $(use_enable qemu) + $(use_enable s3) + $(use_enable threads threading) + ) + autotools-utils_src_configure +} diff --git a/app-forensics/afflib/afflib-3.7.4.ebuild b/app-forensics/afflib/afflib-3.7.4.ebuild new file mode 100644 index 000000000000..9f595b101469 --- /dev/null +++ b/app-forensics/afflib/afflib-3.7.4.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +PYTHON_COMPAT=( python2_7 ) +AUTOTOOLS_AUTORECONF=1 +AUTOTOOLS_PRUNE_LIBTOOL_FILES=modules + +inherit autotools-utils python-single-r1 + +MY_PN=AFFLIBv3 +MY_P=${MY_PN}-${PV} + +DESCRIPTION="Library that implements the AFF image standard" +HOMEPAGE="https://github.com/simsong/AFFLIBv3/" +SRC_URI="https://github.com/simsong/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="amd64 ~arm hppa ppc x86" +IUSE="fuse ncurses python qemu readline s3 static-libs threads" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +RDEPEND="dev-libs/expat + dev-libs/openssl:0 + sys-libs/zlib + fuse? ( sys-fs/fuse ) + ncurses? ( sys-libs/ncurses ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0 ) + s3? ( net-misc/curl )" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-3.7.1-python-module.patch + "${FILESDIR}"/${PN}-3.6.12-pyaff-header.patch +) + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + use python && python-single-r1_pkg_setup +} + +src_prepare() { + sed -i '/FLAGS/s: -g::' configure.ac || die + sed -i '/-static/d' tools/Makefile.am || die + + autotools-utils_src_prepare +} + +src_configure() { + # Hacks for automagic dependencies + use ncurses || export ac_cv_lib_ncurses_initscr=no + use readline || export ac_cv_lib_readline_readline=no + + local myeconfargs=( + $(use_enable fuse) + $(use_enable python) + $(use_enable qemu) + $(use_enable s3) + $(use_enable threads threading) + ) + autotools-utils_src_configure +} diff --git a/app-forensics/afflib/files/afflib-3.6.12-pyaff-header.patch b/app-forensics/afflib/files/afflib-3.6.12-pyaff-header.patch new file mode 100644 index 000000000000..496b02d25035 --- /dev/null +++ b/app-forensics/afflib/files/afflib-3.6.12-pyaff-header.patch @@ -0,0 +1,13 @@ +Fix include location based on the include directories passed via CFLAGS. + +--- afflib-3.6.12/pyaff/pyaff.c.orig ++++ afflib-3.6.12/pyaff/pyaff.c +@@ -21,7 +21,7 @@ + ****************************************************/ + + #include "Python.h" +-#include "lib/afflib.h" ++#include "afflib.h" + + #include <string.h> + #include <stdlib.h> diff --git a/app-forensics/afflib/files/afflib-3.7.1-python-module.patch b/app-forensics/afflib/files/afflib-3.7.1-python-module.patch new file mode 100644 index 000000000000..d89509f2f7ea --- /dev/null +++ b/app-forensics/afflib/files/afflib-3.7.1-python-module.patch @@ -0,0 +1,14 @@ +--- afflib-3.7.1/pyaff/Makefile.am ++++ afflib-3.7.1/pyaff/Makefile.am +@@ -7,8 +7,8 @@ + pyexec_LTLIBRARIES = pyaff.la + + pyaff_la_SOURCES = pyaff.c +-pyaff_la_LIBADD = ../lib/libafflib.la ++pyaff_la_LIBADD = @top_builddir@/lib/libafflib.la + pyaff_la_CPPFLAGS = $(PYTHON_CPPFLAGS) +-pyaff_la_CFLAGS = -fno-strict-aliasing +-pyaff_la_LDFLAGS = -module -avoid-version $(PYTHON_LDFLAGS) ++pyaff_la_CFLAGS = $(AM_CFLAGS) -shared -fno-strict-aliasing ++pyaff_la_LDFLAGS = -module -avoid-version -shared $(PYTHON_LDFLAGS) + endif diff --git a/app-forensics/afflib/metadata.xml b/app-forensics/afflib/metadata.xml new file mode 100644 index 000000000000..ded99876e3a6 --- /dev/null +++ b/app-forensics/afflib/metadata.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <use> + <flag name="fuse">Enable extra fuse thingies</flag> + <flag name="qemu">Enable qemu stuff</flag> + <flag name="s3">Enable support for Amazon S3</flag> + </use> + <upstream> + <remote-id type="github">simsong/AFFLIBv3</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/afl/Manifest b/app-forensics/afl/Manifest new file mode 100644 index 000000000000..067d900a09ad --- /dev/null +++ b/app-forensics/afl/Manifest @@ -0,0 +1,3 @@ +DIST afl-1.45b.tgz 775889 SHA256 c183b94c5734bb3558d7129833f0345df250fe9a1f4f8b1ce15ac2dc7e89b50f SHA512 82a5d56010baa69ab679cc49fa8193eff2eb0fcbacbedef8cc8216952750c66381f671d6a321a3665473ddf65a7da73d3723ff497803b18fec2bd0d19dfd4f51 WHIRLPOOL 9dd1727cf81466e1451d66b317b7cfb88033038d1943e0da63ee2684f0f17f9f5c73015727414c6779d07499954ece71c59812182abb75416873404ac52643a8 +DIST afl-1.57b.tgz 782637 SHA256 e4166a57e9ef812834c498a1d95f6fcab9b1805e7ba531bc00278cffa680bc15 SHA512 87d29ee22c7d097c672c106cc2eeac2fa26de646f2539e46444640c836887f8a4c7188e7bc30ab43d1a94b340bd55aaeea25171531d09331393395b0156e9cda WHIRLPOOL f7bbfeed279866ab27f5f5064d4a559682fd3ac04a017ae2d75cb1bd7bf9377b0d7e20b57f1217a89586b1e8a4d5bf062e7020a41eac7cb4c8d47d5e5d71d60d +DIST afl-1.80b.tgz 797509 SHA256 e042cfe30d03ef6df3ae92619408e236d1a8e9bb6cf94ca107c4519e23161401 SHA512 822e93643f0ca10e9ce3eb726667e70eae1789029385cb5332eef65589f7ef0350e6775108634b642e5b394c46599b1e7943227c93cb1b1b50facf1f9e069095 WHIRLPOOL 9e761ee67321cf8980229f6a0245b3c31c9d195db21ec240adef14113020e360d856a4e8de3ab9abce08205a1f085ad8c1f7826ae20702f54de402c21c2b9b72 diff --git a/app-forensics/afl/afl-1.45b.ebuild b/app-forensics/afl/afl-1.45b.ebuild new file mode 100644 index 000000000000..2ceb6deb5641 --- /dev/null +++ b/app-forensics/afl/afl-1.45b.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit multilib toolchain-funcs + +DESCRIPTION="american fuzzy lop - compile-time instrumentation fuzzer" +HOMEPAGE="http://lcamtuf.coredump.cx/afl/" +SRC_URI="http://lcamtuf.coredump.cx/afl/releases//${P}.tgz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64" +IUSE="" + +DEPEND="sys-devel/gcc" +RDEPEND="${DEPEND}" + +src_compile() { + emake CC="$(tc-getCC)" \ + PREFIX="/usr" \ + HELPER_PATH="/usr/$(get_libdir)/afl" \ + DOC_PATH="/usr/share/doc/${PF}" +} + +src_install() { + emake DESTDIR="${D}" \ + PREFIX="/usr" \ + HELPER_PATH="/usr/$(get_libdir)/afl" \ + DOC_PATH="/usr/share/doc/${PF}" \ + install +} diff --git a/app-forensics/afl/afl-1.57b.ebuild b/app-forensics/afl/afl-1.57b.ebuild new file mode 100644 index 000000000000..2ceb6deb5641 --- /dev/null +++ b/app-forensics/afl/afl-1.57b.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit multilib toolchain-funcs + +DESCRIPTION="american fuzzy lop - compile-time instrumentation fuzzer" +HOMEPAGE="http://lcamtuf.coredump.cx/afl/" +SRC_URI="http://lcamtuf.coredump.cx/afl/releases//${P}.tgz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64" +IUSE="" + +DEPEND="sys-devel/gcc" +RDEPEND="${DEPEND}" + +src_compile() { + emake CC="$(tc-getCC)" \ + PREFIX="/usr" \ + HELPER_PATH="/usr/$(get_libdir)/afl" \ + DOC_PATH="/usr/share/doc/${PF}" +} + +src_install() { + emake DESTDIR="${D}" \ + PREFIX="/usr" \ + HELPER_PATH="/usr/$(get_libdir)/afl" \ + DOC_PATH="/usr/share/doc/${PF}" \ + install +} diff --git a/app-forensics/afl/afl-1.80b.ebuild b/app-forensics/afl/afl-1.80b.ebuild new file mode 100644 index 000000000000..a6acdfd8c856 --- /dev/null +++ b/app-forensics/afl/afl-1.80b.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit multilib toolchain-funcs + +DESCRIPTION="american fuzzy lop - compile-time instrumentation fuzzer" +HOMEPAGE="http://lcamtuf.coredump.cx/afl/" +SRC_URI="http://lcamtuf.coredump.cx/afl/releases//${P}.tgz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64" +IUSE="" +DEPEND="sys-devel/gcc:* + sys-devel/clang" +RDEPEND="${DEPEND}" + +src_compile() { + emake CC="$(tc-getCC)" \ + PREFIX="/usr" \ + HELPER_PATH="/usr/$(get_libdir)/afl" \ + DOC_PATH="/usr/share/doc/${PF}" + cd llvm_mode + emake \ + PREFIX="/usr" \ + HELPER_PATH="/usr/$(get_libdir)/afl" \ + DOC_PATH="/usr/share/doc/${PF}" +} + +src_install() { + emake DESTDIR="${D}" \ + PREFIX="/usr" \ + HELPER_PATH="/usr/$(get_libdir)/afl" \ + DOC_PATH="/usr/share/doc/${PF}" \ + install +} diff --git a/app-forensics/afl/metadata.xml b/app-forensics/afl/metadata.xml new file mode 100644 index 000000000000..45b99c65fb75 --- /dev/null +++ b/app-forensics/afl/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>hanno@gentoo.org</email> + </maintainer> +</pkgmetadata> diff --git a/app-forensics/aide/Manifest b/app-forensics/aide/Manifest new file mode 100644 index 000000000000..fa9310f77a57 --- /dev/null +++ b/app-forensics/aide/Manifest @@ -0,0 +1,3 @@ +DIST aide-0.13.1.tar.gz 285400 SHA256 b55065413bad3c24af51a551e6ab7cd4a9ecd9f449929261a45fc2f53e040021 SHA512 ac0e49c49d1a4229cf473a60e9acd8e7dc7c3ee7c2d436a3b3d486131753fd914a73695675de6e7f9bb5cdadb2ed64760a9e834c935fb1a5c65bae0d7efa2946 WHIRLPOOL 5d7ee3b2a062c2c91e603c72ed1d76a1fc9d16f13e8253bab0b5f6335de239ef7e44c453ffe22da86f5b0bc8a69e0bf6276a4a52a1928339899298f07f1769df +DIST aide-0.14.2.tar.gz 418098 SHA256 bf4cd417b0f4778b4f9a618d23e0b0b7db10349ba6a0129394dc82fbc2fa8b9b SHA512 4ef96078fde057a54dda467fb55711e30d947969873715a02052362c57112f5bfd3155460ef353f70ce69fea3a3c491b7925bebbdb7034dbf618c63c360347df WHIRLPOOL fa91e4493bcac4cf11a8fedfd5e3c490752936f9ea04871d812b831f33089b694892e32ed19cef273926d3a8c091fb15a7b98a5e5303f08609f164773475d142 +DIST aide-0.15.1.tar.gz 424970 SHA256 303e5c186257df8c86e418193199f4ea2183fc37d3d4a9098a614f61346059ef SHA512 6afe327474858c697ba017b02bd40717c33874e69b801c171c2496ff9042b557e840bef4a151bda0e4d835ddb0d972b88790237a72f250525dc1fc6b8fa673e7 WHIRLPOOL 4c21221cfbaeff3aa00a3f22c4e31c1fffd3f00d112828540ab6ab94dd019086244de71e5d19d1120078acc7b81b9efa5a36d55937292f523bcb4e064830ba6a diff --git a/app-forensics/aide/aide-0.13.1-r3.ebuild b/app-forensics/aide/aide-0.13.1-r3.ebuild new file mode 100644 index 000000000000..341e5d33f884 --- /dev/null +++ b/app-forensics/aide/aide-0.13.1-r3.ebuild @@ -0,0 +1,146 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit autotools eutils + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire" +HOMEPAGE="http://aide.sourceforge.net/" +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="amd64 x86" +IUSE="acl curl mhash nls postgres selinux static xattr zlib" +#IUSE="acl audit curl mhash nls postgres selinux static xattr zlib" + +# libsandbox: Can't dlopen libc: (null) +RESTRICT="test" + +DEPEND="acl? ( sys-apps/acl ) + curl? ( net-misc/curl ) + mhash? ( >=app-crypt/mhash-0.9.2 ) + !mhash? ( dev-libs/libgcrypt ) + nls? ( virtual/libintl ) + postgres? ( dev-db/postgresql ) + selinux? ( + sys-libs/libselinux + sec-policy/selinux-aide + ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" +# audit? ( sys-process/audit ) + +RDEPEND="!static? ( ${DEPEND} )" + +DEPEND="${DEPEND} + nls? ( sys-devel/gettext ) + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if use mhash && use postgres ; then + eerror "We cannot emerge aide with mhash and postgres USE flags at the same time." + eerror "Please remove mhash OR postgres USE flags." + die "Please remove either mhash or postgres USE flag." + fi +} + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${P}-gentoo.patch" + + # fix configure switch + epatch "${FILESDIR}/${P}-configure.patch" + + # fix equal match issue, bug #204217 + epatch "${FILESDIR}/${P}-equ-matching.patch" + + # fix libgcrypt issue, bug #266175 + epatch "${FILESDIR}/${P}-libgrypt_init.patch" + + if ! use mhash ; then + # dev-libs/libgcrypt doesn't support whirlpool algorithm + sed -i -e 's/\+whirlpool//' doc/aide.conf.in || die + fi + + if ! use selinux ; then + sed -i -e 's/\+selinux//' doc/aide.conf.in || die + fi + + if ! use xattr ; then + sed -i -e 's/\+xattrs//' doc/aide.conf.in || die + fi + + if ! use acl ; then + sed -i -e 's/\+acl//' doc/aide.conf.in || die + fi + + eautoreconf +} + +src_compile() { + local myconf=" + $(use_with acl posix-acl) + $(use_with !mhash gcrypt) + $(use_with mhash mhash) + $(use_with nls locale) + $(use_with postgres psql) + $(use_with selinux) + $(use_enable static) + $(use_with xattr) + $(use_with zlib) + --sysconfdir=/etc/aide" +# $(use_with audit) + + # curl doesn't work with static + use curl && ! use static && myconf="${myconf} --with-curl" + + econf ${myconf} || die "econf failed" + # parallel make borked + emake -j1 || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + keepdir /var/lib/aide + fowners root:0 /var/lib/aide + fperms 0755 /var/lib/aide + + keepdir /var/log/aide + + insinto /etc/aide + doins "${FILESDIR}"/aide.conf + + dosbin "${FILESDIR}"/aideinit + + dodoc ChangeLog AUTHORS NEWS README "${FILESDIR}"/aide.cron + dohtml doc/manual.html +} + +pkg_postinst() { + elog + elog "A sample configuration file has been installed as" + elog "/etc/aide/aide.conf. Please edit to meet your needs." + elog "Read the aide.conf(5) manual page for more information." + elog "A helper script, aideinit, has been installed and can" + elog "be used to make AIDE management easier. Please run" + elog "aideinit --help for more information" + elog + + if use postgres; then + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/aide-0.13.1-r5.ebuild b/app-forensics/aide/aide-0.13.1-r5.ebuild new file mode 100644 index 000000000000..9acd68a1b2af --- /dev/null +++ b/app-forensics/aide/aide-0.13.1-r5.ebuild @@ -0,0 +1,152 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit autotools eutils + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire" +HOMEPAGE="http://aide.sourceforge.net/" +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~x86" +IUSE="acl curl mhash nls postgres selinux static xattr zlib" +#IUSE="acl audit curl mhash nls postgres selinux static xattr zlib" + +# libsandbox: Can't dlopen libc: (null) +RESTRICT="test" + +DEPEND="acl? ( sys-apps/acl ) + curl? ( net-misc/curl ) + mhash? ( >=app-crypt/mhash-0.9.2 ) + !mhash? ( dev-libs/libgcrypt ) + nls? ( virtual/libintl ) + postgres? ( dev-db/postgresql ) + selinux? ( + sys-libs/libselinux + sec-policy/selinux-aide + ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" +# audit? ( sys-process/audit ) + +RDEPEND="!static? ( ${DEPEND} )" + +DEPEND="${DEPEND} + nls? ( sys-devel/gettext ) + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if use mhash && use postgres ; then + eerror "We cannot emerge aide with mhash and postgres USE flags at the same time." + eerror "Please remove mhash OR postgres USE flags." + die "Please remove either mhash or postgres USE flag." + fi +} + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${P}-gentoo.patch" + + # fix configure switch + epatch "${FILESDIR}/${P}-configure.patch" + + # fix equal match issue, bug #204217 + epatch "${FILESDIR}/${P}-equ-matching.patch" + + # fix libgcrypt issue, bug #266175 + epatch "${FILESDIR}/${P}-libgrypt_init.patch" + + # fix as-need issue, bug #271326 + epatch "${FILESDIR}/${P}-as-needed.patch" + + # fix zlib issue, bug #316665 + epatch "${FILESDIR}/${P}-zlib.patch" + + if ! use mhash ; then + # dev-libs/libgcrypt doesn't support whirlpool algorithm + sed -i -e 's/\+whirlpool//' doc/aide.conf.in || die + fi + + if ! use selinux ; then + sed -i -e 's/\+selinux//' doc/aide.conf.in || die + fi + + if ! use xattr ; then + sed -i -e 's/\+xattrs//' doc/aide.conf.in || die + fi + + if ! use acl ; then + sed -i -e 's/\+acl//' doc/aide.conf.in || die + fi + + eautoreconf +} + +src_compile() { + local myconf=" + $(use_with acl posix-acl) + $(use_with !mhash gcrypt) + $(use_with mhash mhash) + $(use_with nls locale) + $(use_with postgres psql) + $(use_with selinux) + $(use_enable static) + $(use_with xattr) + $(use_with zlib) + --sysconfdir=/etc/aide" +# $(use_with audit) + + # curl doesn't work with static + use curl && ! use static && myconf="${myconf} --with-curl" + + econf ${myconf} || die "econf failed" + # parallel make borked + emake -j1 || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + keepdir /var/lib/aide + fowners root:0 /var/lib/aide + fperms 0755 /var/lib/aide + + keepdir /var/log/aide + + insinto /etc/aide + doins "${FILESDIR}"/aide.conf + + dosbin "${FILESDIR}"/aideinit + + dodoc ChangeLog AUTHORS NEWS README "${FILESDIR}"/aide.cron + dohtml doc/manual.html +} + +pkg_postinst() { + elog + elog "A sample configuration file has been installed as" + elog "/etc/aide/aide.conf. Please edit to meet your needs." + elog "Read the aide.conf(5) manual page for more information." + elog "A helper script, aideinit, has been installed and can" + elog "be used to make AIDE management easier. Please run" + elog "aideinit --help for more information" + elog + + if use postgres; then + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/aide-0.13.1.ebuild b/app-forensics/aide/aide-0.13.1.ebuild new file mode 100644 index 000000000000..8b43d61c4b86 --- /dev/null +++ b/app-forensics/aide/aide-0.13.1.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils autotools + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire" +HOMEPAGE="http://aide.sourceforge.net/" +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="amd64 x86" +IUSE="acl curl mhash nls postgres selinux static xattr zlib" +#IUSE="acl audit curl mhash nls postgres selinux static xattr zlib" + +DEPEND="acl? ( sys-apps/acl ) + curl? ( net-misc/curl ) + mhash? ( >=app-crypt/mhash-0.9.2 ) + !mhash? ( dev-libs/libgcrypt ) + nls? ( virtual/libintl ) + postgres? ( dev-db/postgresql ) + selinux? ( + sys-libs/libselinux + sec-policy/selinux-aide + ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" +# audit? ( sys-process/audit ) + +RDEPEND="!static? ( ${DEPEND} ) + virtual/mailx" + +DEPEND="${DEPEND} + nls? ( sys-devel/gettext ) + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if use mhash && use postgres ; then + eerror "We cannot emerge aide with mhash and postgres USE flags at the same time." + eerror "Please remove mhash OR postgres USE flags." + die "Please remove either mhash or postgres USE flag." + fi +} + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-gentoo.patch + + if ! use mhash ; then + # dev-libs/libgcrypt doesn't support whirlpool algorithm + sed -i -e 's/\+whirlpool//' doc/aide.conf.in || die + fi + + if ! use selinux ; then + sed -i -e 's/\+selinux//' doc/aide.conf.in || die + fi + + if ! use xattr ; then + sed -i -e 's/\+xattrs//' doc/aide.conf.in || die + fi + + if ! use acl ; then + sed -i -e 's/\+acl//' doc/aide.conf.in || die + fi + eautoreconf +} + +src_compile() { + local myconf="--sysconfdir=/etc/aide $(use_enable static)" + + # --without-* borked + use zlib && myconf="${myconf} --with-zlib" + use nls && myconf="${myconf} --with-locale" + use postgres && myconf="${myconf} --with-psql" + use selinux && myconf="${myconf} --with-selinux" + use acl && myconf="${myconf} --with-posix-acl" + use xattr && myconf="${myconf} --with-xattr" +# use audit && myconf="${myconf} --with-audit" + + # curl doesn't work with static + use curl && ! use static && myconf="${myconf} --with-curl" + + # If you use dev-libs/libgcrypt, --without-mhash is needed. + use mhash \ + && myconf="${myconf} --with-mhash" \ + || myconf="${myconf} --with-gcrypt --without-mhash" + + econf ${myconf} || die + # parallel make borked + emake -j1 || die +} + +src_install() { + emake DESTDIR="${D}" install || die + + keepdir /var/lib/aide + keepdir /var/log/aide + + insinto /etc/aide + doins "${FILESDIR}"/aide.conf + # doins doc/aide.conf + + dosbin "${FILESDIR}"/aideinit + + exeinto /etc/cron.daily + doexe "${FILESDIR}"/aide.cron + + dodoc ChangeLog AUTHORS NEWS README + dohtml doc/manual.html +} + +pkg_postinst() { + chown root:0 /var/lib/aide + chmod 0755 /var/lib/aide + + elog + elog "A sample configuration file has been installed as" + elog "/etc/aide/aide.conf. Please edit to meet your needs." + elog "Read the aide.conf(5) manual page for more information." + elog "A cron file has been installed in /etc/cron.daily/aide.cron" + elog "A helper script, aideinit, has been installed and can" + elog "be used to make AIDE management easier. Please run" + elog "aideinit --help for more information" + elog + + if use postgres; then + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/aide-0.14.2.ebuild b/app-forensics/aide/aide-0.14.2.ebuild new file mode 100644 index 000000000000..cfb3e18e0842 --- /dev/null +++ b/app-forensics/aide/aide-0.14.2.ebuild @@ -0,0 +1,114 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit autotools confutils eutils + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire" +HOMEPAGE="http://aide.sourceforge.net/" +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="amd64 x86" +IUSE="acl audit curl mhash nls postgres prelink selinux static xattr zlib" + +CDEPEND="acl? ( virtual/acl ) + audit? ( sys-process/audit ) + curl? ( net-misc/curl ) + mhash? ( >=app-crypt/mhash-0.9.2 ) + !mhash? ( dev-libs/libgcrypt:0 ) + nls? ( virtual/libintl ) + postgres? ( dev-db/postgresql ) + prelink? ( sys-devel/prelink ) + selinux? ( + sys-libs/libselinux + ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" + +RDEPEND="!static? ( ${CDEPEND} ) + selinux? ( sec-policy/selinux-aide )" + +DEPEND="${CDEPEND} + nls? ( sys-devel/gettext ) + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + confutils_use_conflict mhash postgres + confutils_use_conflict static curl postgres +} + +src_prepare() { + epatch "${FILESDIR}/${PN}-0.14-gentoo.patch" + + # fix as-need issue, bug #271326 + epatch "${FILESDIR}/${PN}-0.14-as-needed.patch" + + # fix configure issue, bug #323187 + epatch "${FILESDIR}/${PN}-0.14-configure.patch" + + eautoreconf +} + +src_configure() { + econf \ + $(use_with acl posix-acl) \ + $(use_with audit) \ + $(use_with curl) \ + $(use_with !mhash gcrypt) \ + $(use_with mhash mhash) \ + $(use_with nls locale) \ + $(use_with postgres psql) \ + $(use_with prelink) \ + $(use_with selinux) \ + $(use_enable static) \ + $(use_with xattr) \ + $(use_with zlib) \ + --sysconfdir="${EPREFIX}/etc/aide" || die "econf failed" +} + +src_install() { + emake DESTDIR="${D}" install install-man || die "emake install failed" + + keepdir /var/lib/aide || die + fowners root:0 /var/lib/aide || die + fperms 0755 /var/lib/aide || die + + keepdir /var/log/aide || die + + insinto /etc/aide + doins "${FILESDIR}"/aide.conf || die + + dosbin "${FILESDIR}"/aideinit || die + + dodoc AUTHORS ChangeLog NEWS README Todo "${FILESDIR}"/aide.cron || die + dohtml doc/manual.html || die +} + +pkg_postinst() { + elog + elog "A sample configuration file has been installed as" + elog "/etc/aide/aide.conf. Please edit to meet your needs." + elog "Read the aide.conf(5) manual page for more information." + elog "A helper script, aideinit, has been installed and can" + elog "be used to make AIDE management easier. Please run" + elog "aideinit --help for more information" + elog + + if use postgres; then + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/aide-0.15.1.ebuild b/app-forensics/aide/aide-0.15.1.ebuild new file mode 100644 index 000000000000..c1fda4679b4b --- /dev/null +++ b/app-forensics/aide/aide-0.15.1.ebuild @@ -0,0 +1,115 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit autotools confutils eutils + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a replacement for Tripwire" +HOMEPAGE="http://aide.sourceforge.net/" +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~x86" +IUSE="acl audit curl mhash nls postgres prelink selinux static xattr zlib" + +CDEPEND="acl? ( virtual/acl ) + audit? ( sys-process/audit ) + curl? ( net-misc/curl ) + mhash? ( >=app-crypt/mhash-0.9.2 ) + !mhash? ( dev-libs/libgcrypt:0 ) + nls? ( virtual/libintl ) + postgres? ( dev-db/postgresql ) + prelink? ( sys-devel/prelink ) + selinux? ( + sys-libs/libselinux + ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" + +RDEPEND="!static? ( ${CDEPEND} ) + selinux? ( sec-policy/selinux-aide )" + +DEPEND="${CDEPEND} + nls? ( sys-devel/gettext ) + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + confutils_use_conflict mhash postgres + confutils_use_conflict static curl postgres +} + +src_prepare() { + epatch "${FILESDIR}/${PN}-0.15.1-gentoo.patch" + + # fix as-need issue, bug #271326 + epatch "${FILESDIR}/${PN}-0.14-as-needed.patch" + + # fix configure issue, bug #323187 + epatch "${FILESDIR}/${PN}-0.14-configure.patch" + + eautoreconf +} + +src_configure() { + econf \ + $(use_with acl posix-acl) \ + $(use_with audit) \ + $(use_with curl) \ + $(use_with !mhash gcrypt) \ + $(use_with mhash mhash) \ + $(use_with nls locale) \ + $(use_with postgres psql) \ + $(use_with prelink) \ + $(use_with selinux) \ + $(use_enable static) \ + $(use_with xattr) \ + $(use_with zlib) \ + --sysconfdir="${EPREFIX}/etc/aide" || die "econf failed" +# $(use_with e2fsattrs) \ +} + +src_install() { + emake DESTDIR="${D}" install install-man || die "emake install failed" + + keepdir /var/lib/aide || die + fowners root:0 /var/lib/aide || die + fperms 0755 /var/lib/aide || die + + keepdir /var/log/aide || die + + insinto /etc/aide + doins "${FILESDIR}"/aide.conf || die + + dosbin "${FILESDIR}"/aideinit || die + + dodoc AUTHORS ChangeLog NEWS README Todo "${FILESDIR}"/aide.cron || die + dohtml doc/manual.html || die +} + +pkg_postinst() { + elog + elog "A sample configuration file has been installed as" + elog "/etc/aide/aide.conf. Please edit to meet your needs." + elog "Read the aide.conf(5) manual page for more information." + elog "A helper script, aideinit, has been installed and can" + elog "be used to make AIDE management easier. Please run" + elog "aideinit --help for more information" + elog + + if use postgres; then + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/files/aide-0.13.1-as-needed.patch b/app-forensics/aide/files/aide-0.13.1-as-needed.patch new file mode 100644 index 000000000000..9e0ec4d73aff --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-as-needed.patch @@ -0,0 +1,36 @@ +diff -Naur aide-0.13.1.orig/configure.in aide-0.13.1/configure.in +--- aide-0.13.1.orig/configure.in 2006-12-09 06:49:21.000000000 +0900 ++++ aide-0.13.1/configure.in 2009-12-16 19:30:17.000000000 +0900 +@@ -546,12 +546,12 @@ + if test x$with_zlib = xyes; then + AC_CHECK_HEADERS(zlib.h,, + [AC_MSG_ERROR([You don't have zlib properly installed. Install it or try --without-zlib.])]) +- save_LDFLAGS=$LDFLAGS +- LDFLAGS="$LDFLAGS $LD_STATIC_FLAG" ++# saveLIBS=$LIBS ++ LIBS="$LIBS -lz $LD_STATIC_FLAG" + AC_CHECK_LIB(z,gzdopen,, + [AC_MSG_ERROR([You don't have zlib properly installed. Install it or try --without-zlib.])] + ) +- LDFLAGS=$save_LDFLAGS ++# LIBS=$saveLIBS + AC_DEFINE(WITH_ZLIB,1,[use zlib]) + fi + +@@ -565,13 +565,13 @@ + fi + AC_CHECK_HEADERS(curl/curl.h,, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) +-# save_LDFLAGS=$LDFLAGS ++# saveLIBS=$LIBS + CFLAGS="$CFLAGS $CURL_CFLAGS" +- LDFLAGS="$LDFLAGS $CURL_LIBS $LD_STATIC_FLAG" ++ LIBS="$LIBS $CURL_LIBS $LD_STATIC_FLAG" + AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] + ) +-# LDFLAGS=$save_LDFLAGS ++# LIBS=$saveLIBS + AC_DEFINE(WITH_CURL,1,[use curl]) + compoptionstring="${compoptionstring}WITH_CURL\\n"], + fi diff --git a/app-forensics/aide/files/aide-0.13.1-configure.patch b/app-forensics/aide/files/aide-0.13.1-configure.patch new file mode 100644 index 000000000000..75eb5559ebba --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-configure.patch @@ -0,0 +1,74 @@ +--- configure.in.old 2008-01-26 15:07:28.000000000 +0100 ++++ configure.in 2008-01-26 15:14:05.000000000 +0100 +@@ -160,7 +160,9 @@ + fi + + # Check whether static linking has explicitly been disabled +-AC_ARG_ENABLE(static,[ --disable-static Disable static linking (lowers the security of aide)], [aide_static_choice=$enableval], [aide_static_choice=yes]) ++AC_ARG_ENABLE(static, ++ AC_HELP_STRING([--disable-static],[Disable static linking (lowers the security of aide)]), ++ [aide_static_choice=$enableval], [aide_static_choice=yes]) + + if test "$aide_static_choice" != "yes"; then + LD_STATIC_FLAG="" +@@ -190,8 +192,8 @@ + AC_CHECK_FUNCS(stricmp strnstr strnlen) + + AC_ARG_WITH([mmap], +- [AC_HELP_STRING([--with-mmap], +- [use mmap @<:@default=check@:>@])], ++ AC_HELP_STRING([--with-mmap], ++ [use mmap @<:@default=check@:>@]), + [], + [with_mmap=check] + ) +@@ -283,8 +285,8 @@ + AC_CHECK_HEADERS(syslog.h inttypes.h fcntl.h) + + AC_ARG_WITH([locale], +- [AC_HELP_STRING([--with-locale], +- [use locale stuff])], ++ AC_HELP_STRING([--with-locale], ++ [use locale stuff]), + [], + [with_locale=no] + ) +@@ -369,10 +371,10 @@ + [AC_HELP_STRING([--with-posix-acl], + [use POSIX ACLs (no checking)])], + [], +- [with_posix_acl_support=no] ++ [with_posix_acl=no] + ) + +-AS_IF([test "x$with_posix_acl_support" != xno], ++AS_IF([test "x$with_posix_acl" != xno], + [AC_DEFINE(WITH_POSIX_ACL,1,[use POSIX ACLs]) + AC_DEFINE(WITH_ACL,1,[use ACL]) + ACLLIB="-lacl" +@@ -388,10 +390,10 @@ + [AC_HELP_STRING([--with-selinux], + [use SELinux (no checking)])], + [], +- [with_selinux_support=no] ++ [with_selinux=no] + ) + +-AS_IF([test "x$with_selinux_support" != xno], ++AS_IF([test "x$with_selinux" != xno], + [AC_DEFINE(WITH_SELINUX,1,[use SELinux]) + if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists libselinux; then + SELINUXLIB=$(${PKG_CONFIG} --libs libselinux --static) +@@ -410,10 +412,10 @@ + [AC_HELP_STRING([--with-xattr], + [use xattr (no checking)])], + [], +- [with_xattr_support=no] ++ [with_xattr=no] + ) + +-AS_IF([test "x$with_xattr_support" != xno], ++AS_IF([test "x$with_xattr" != xno], + [AC_DEFINE(WITH_XATTR,1,[use xattr]) + ATTRLIB=-lattr + compoptionstring="${compoptionstring}WITH_XATTR\\n" diff --git a/app-forensics/aide/files/aide-0.13.1-equ-matching.patch b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch new file mode 100644 index 000000000000..e5d02a5ea7d5 --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-equ-matching.patch @@ -0,0 +1,83 @@ +--- src/gen_list.c.orig 2007-12-19 15:37:13.000000000 -0800 ++++ src/gen_list.c 2007-12-19 16:19:43.000000000 -0800 +@@ -732,33 +732,6 @@ + return retval; + } + +-//this is used to check if $text if equal to a node in $rxrlist +-//should be used to check equ_rx_lst only +-int check_list_for_equal(list* rxrlist,char* text,DB_ATTR_TYPE* attr) +-{ +- list* r=NULL; +- int retval=1; +- char *temp; +- +- for(r=rxrlist;r;r=r->next){ +- temp=((rx_rule*)r->data)->rx; +- +- //FIXME, if rx not begin with ^, may need to do something else +- if(temp[0]=='^') //^ is for reg exp, we can ignore this character +- temp++; +- +- //we don't need to worry about buff-overflow, so strcmp is safe +- if((retval=strcmp(temp, text))==0){ +- *attr=((rx_rule*)r->data)->attr; +- error(231,"\"%s\" matches string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); +- break; +- } else { +- error(231,"\"%s\" doesn't match string from line #%ld: %s\n",text,((rx_rule*)r->data)->conf_lineno,((rx_rule*)r->data)->rx); +- } +- } +- return retval; +-} +- + /* + * Function check_node_for_match() + * calls itself recursively to go to the top and then back down. +@@ -783,35 +756,24 @@ + return retval; + } + +- /* We need this to check whether this was the first one * +- * to be called and not a recursive call */ +- if(!((retval&16)==16)){ +- retval|=16; ++ /* if this call is not recursive we check the equals list and we set top * ++ * and retval so we know following calls are recursive */ ++ if(!(retval&16)){ + top=1; +- } else { +- top=0; +- } +- +- /* if no deeper match found */ +- if(!((retval&8)==8)&&!((retval&4)==4)){ ++ retval|=16; ++ + if(!check_list_for_match(node->equ_rx_lst,text,attr)){ +- /* +- Zhi Wen Wong added this line to fix bug that equ not work for +- compare +- if we do "=/bin", we should only check /bin +- so, /bin/bash or /bin/something should return 0 as neg +- */ +- if(!check_list_for_equal(node->equ_rx_lst,text,attr)) +- retval|=(2|4); +- }; +- }; ++ retval|=2|4; ++ } ++ } + /* We'll use retval to pass information on whether to recurse + * the dir or not */ + + +- if(!((retval&8)==8)&&!((retval&4)==4)){ ++ /* If 4 and 8 are not set, we will check for matches */ ++ if(!(retval&(4|8))){ + if(!check_list_for_match(node->sel_rx_lst,text,attr)) +- retval|=(1|8); ++ retval|=1|8; + } + + /* Now let's check the ancestors */ diff --git a/app-forensics/aide/files/aide-0.13.1-gentoo.patch b/app-forensics/aide/files/aide-0.13.1-gentoo.patch new file mode 100644 index 000000000000..9c1c07b5ce5f --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-gentoo.patch @@ -0,0 +1,36 @@ +diff -Naur aide-0.13.1.orig/Makefile.am aide-0.13.1/Makefile.am +--- aide-0.13.1.orig/Makefile.am 2006-10-11 03:39:01.000000000 +0900 ++++ aide-0.13.1/Makefile.am 2007-09-27 01:35:39.000000000 +0900 +@@ -33,7 +33,7 @@ + src/aide -c doc/aide.conf -V20 + + update-db: all +- src/aide -B "database_out=file://$(top_srcdir)/doc/aide.db" -c doc/aide.conf -i ++ src/aide -B "database_out=file://$(abs_top_srcdir)/doc/aide.db" -c doc/aide.conf -i + + dist-hook: configure + mkdir $(distdir)/include +diff -Naur aide-0.13.1.orig/doc/aide.conf.in aide-0.13.1/doc/aide.conf.in +--- aide-0.13.1.orig/doc/aide.conf.in 2006-11-25 04:53:56.000000000 +0900 ++++ aide-0.13.1/doc/aide.conf.in 2007-09-27 01:35:39.000000000 +0900 +@@ -19,7 +19,7 @@ + # corresponding line. + # + +-@@define TOPDIR @top_srcdir@ ++@@define TOPDIR @abs_top_srcdir@ + + @@ifndef TOPDIR + @@define TOPDIR / +diff -Naur aide-0.13.1.orig/src/Makefile.am aide-0.13.1/src/Makefile.am +--- aide-0.13.1.orig/src/Makefile.am 2006-10-28 06:10:38.000000000 +0900 ++++ aide-0.13.1/src/Makefile.am 2007-09-27 01:35:39.000000000 +0900 +@@ -20,6 +20,8 @@ + # This is no longer needed + # SUBDIRS = crypt + ++DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ ++ + bin_PROGRAMS = aide + + aide_SOURCES = \ diff --git a/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch new file mode 100644 index 000000000000..56b39693f4ff --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-libgrypt_init.patch @@ -0,0 +1,49 @@ +diff -urp aide-0.13.1.orig/doc/aide.1 aide-0.13.1/doc/aide.1 +--- aide-0.13.1.orig/doc/aide.1 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/doc/aide.1 2009-04-14 15:49:18.000000000 -0700 +@@ -67,6 +67,7 @@ conditions: + .IP "16 Unimplemented function error" + .IP "17 Invalid configureline error" + .IP "18 IO error" ++.IP "19 Version mismatch error" + .PP + .SH NOTES + Please note that due to mmap issues, aide cannot be terminated with +diff -urp aide-0.13.1.orig/doc/aide.1.in aide-0.13.1/doc/aide.1.in +--- aide-0.13.1.orig/doc/aide.1.in 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/doc/aide.1.in 2009-04-14 15:49:56.000000000 -0700 +@@ -67,6 +67,7 @@ conditions: + .IP "16 Unimplemented function error" + .IP "17 Invalid configureline error" + .IP "18 IO error" ++.IP "19 Version mismatch error" + .PP + .SH NOTES + Please note that due to mmap issues, aide cannot be terminated with +diff -urp aide-0.13.1.orig/include/report.h aide-0.13.1/include/report.h +--- aide-0.13.1.orig/include/report.h 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/include/report.h 2009-04-14 15:46:28.000000000 -0700 +@@ -31,6 +31,7 @@ + #define UNIMPLEMENTED_FUNCTION_ERROR 16 + #define INVALID_CONFIGURELINE_ERROR 17 + #define IO_ERROR 18 ++#define VERSION_MISMATCH_ERROR 19 + + /* Errorcodes */ + #define HASH_ALGO_ERROR 30 +diff -urp aide-0.13.1.orig/src/md.c aide-0.13.1/src/md.c +--- aide-0.13.1.orig/src/md.c 2009-04-14 15:46:20.000000000 -0700 ++++ aide-0.13.1/src/md.c 2009-04-14 15:46:28.000000000 -0700 +@@ -201,6 +201,12 @@ int init_md(struct md_container* md) { + #endif + #ifdef WITH_GCRYPT + error(255,"Gcrypt library initialization\n"); ++ if(!gcry_check_version(GCRYPT_VERSION)) { ++ error(0,"libgcrypt version mismatch\n"); ++ exit(VERSION_MISMATCH_ERROR); ++ } ++ gcry_control(GCRYCTL_DISABLE_SECMEM, 0); ++ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + if(gcry_md_open(&md->mdh,0,0)!=GPG_ERR_NO_ERROR){ + error(0,"gcrypt_md_open failed\n"); + exit(IO_ERROR); diff --git a/app-forensics/aide/files/aide-0.13.1-zlib.patch b/app-forensics/aide/files/aide-0.13.1-zlib.patch new file mode 100644 index 000000000000..0ca5af25275d --- /dev/null +++ b/app-forensics/aide/files/aide-0.13.1-zlib.patch @@ -0,0 +1,12 @@ +diff -Naur aide-0.13.1.orig//src/be.c aide-0.13.1//src/be.c +--- aide-0.13.1.orig//src/be.c 2006-12-15 01:09:24.000000000 +0900 ++++ aide-0.13.1//src/be.c 2010-05-26 20:08:10.000000000 +0900 +@@ -161,7 +161,7 @@ + #endif + #ifdef WITH_ZLIB + if(iszipped && !inout){ +- fh=gzdopen(fd,"wb9+"); ++ fh=gzdopen(fd,"wb9"); + if(fh==NULL){ + error(0,_("Couldn't open file %s for %s"),u->value, + inout?"reading\n":"writing\n"); diff --git a/app-forensics/aide/files/aide-0.14-as-needed.patch b/app-forensics/aide/files/aide-0.14-as-needed.patch new file mode 100644 index 000000000000..7a90b4e25079 --- /dev/null +++ b/app-forensics/aide/files/aide-0.14-as-needed.patch @@ -0,0 +1,20 @@ +--- aide-0.14.orig/configure.in 2010-02-26 17:25:29.000000000 +0900 ++++ aide-0.14/configure.in 2010-05-27 00:11:34.000000000 +0900 +@@ -42,7 +42,7 @@ + AC_ARG_WITH(extra-libs, + AC_HELP_STRING([--with-extra-libs], + [Specify additional paths with -L to find libraries]), +- [LDFLAGS="$LDFLAGS $withval"] ++ [LIBS="$LIBS $withval"] + ) + AC_ARG_WITH(extra-link-libs, + AC_HELP_STRING([--with-extra-link-libs], +@@ -671,7 +671,7 @@ + AC_CHECK_HEADERS(curl/curl.h,, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) + CFLAGS="$CFLAGS $CURL_CFLAGS" +- LDFLAGS="$LDFLAGS $CURL_LIBS" ++ LIBS="$LIBS $CURL_LIBS" + AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] + ) diff --git a/app-forensics/aide/files/aide-0.14-configure.patch b/app-forensics/aide/files/aide-0.14-configure.patch new file mode 100644 index 000000000000..54afd8c4f4c6 --- /dev/null +++ b/app-forensics/aide/files/aide-0.14-configure.patch @@ -0,0 +1,38 @@ +diff -Naur aide-0.14.orig/configure.in aide-0.14/configure.in +--- aide-0.14.orig/configure.in 2010-02-26 17:25:29.000000000 +0900 ++++ aide-0.14/configure.in 2010-06-09 14:24:43.000000000 +0900 +@@ -407,14 +407,14 @@ + AC_ARG_WITH([zlib], + AC_HELP_STRING([--with-zlib], + [use zlib compression]), +- , ++ [with_zlib="$withval"], + [with_zlib=yes] + ) + + AC_ARG_WITH([curl], + AC_HELP_STRING([--with-curl], + [use curl for http,https and ftp backends]), +- , ++ [with_curl="$withval"], + [with_curl=no] + ) + +@@ -422,7 +422,7 @@ + AC_ARG_WITH([sun-acl], + [AC_HELP_STRING([--with-sun-acl], + [use ACL on solaris (no checking)])], +- [], ++ [with_sun_acl="$withval"], + [with_sun_acl=no] + ) + +@@ -440,7 +440,7 @@ + AC_ARG_WITH([posix-acl], + [AC_HELP_STRING([--with-posix-acl], + [use POSIX ACLs (no checking)])], +- [], ++ [with_posix_acl_support="$withval"], + [with_posix_acl_support=no] + ) + diff --git a/app-forensics/aide/files/aide-0.14-gentoo.patch b/app-forensics/aide/files/aide-0.14-gentoo.patch new file mode 100644 index 000000000000..f2c8156ed161 --- /dev/null +++ b/app-forensics/aide/files/aide-0.14-gentoo.patch @@ -0,0 +1,26 @@ +diff -Naur aide-0.14.orig//src/Makefile.am aide-0.14//src/Makefile.am +--- aide-0.14.orig//src/Makefile.am 2010-02-20 04:23:08.000000000 +0900 ++++ aide-0.14//src/Makefile.am 2010-05-26 23:56:47.000000000 +0900 +@@ -26,7 +26,7 @@ + LEX_OUTPUT_ROOT = lex.yy + + LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @ELFLIB@ +-AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g ++AM_CFLAGS = -DLOCALEDIR=\"$(localedir)\" @AIDE_DEFS@ -W -Wall -g + + CLEANFILES = conf_yacc.h conf_yacc.c conf_lex.c db_lex.c *~ + +diff -Naur aide-0.14.orig//src/db.c aide-0.14//src/db.c +--- aide-0.14.orig//src/db.c 2010-02-18 05:06:57.000000000 +0900 ++++ aide-0.14//src/db.c 2010-05-27 00:16:07.000000000 +0900 +@@ -26,6 +26,10 @@ + #include "db_file.h" + #include "db_disk.h" + ++#ifdef WITH_CURL ++#include "fopen.h" ++#endif ++ + #ifdef WITH_PSQL + #include "db_sql.h" + #endif diff --git a/app-forensics/aide/files/aide-0.15.1-gentoo.patch b/app-forensics/aide/files/aide-0.15.1-gentoo.patch new file mode 100644 index 000000000000..01c06f72387e --- /dev/null +++ b/app-forensics/aide/files/aide-0.15.1-gentoo.patch @@ -0,0 +1,26 @@ +diff -Naur aide-0.15.1.orig//src/Makefile.am aide-0.15.1//src/Makefile.am +--- aide-0.15.1.orig//src/Makefile.am 2010-08-02 03:23:44.000000000 +0900 ++++ aide-0.15.1//src/Makefile.am 2010-10-28 01:22:49.897871135 +0900 +@@ -26,7 +26,7 @@ + LEX_OUTPUT_ROOT = lex.yy + + LDADD = -lm @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ +-AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g ++AM_CFLAGS = -DLOCALEDIR=\"$(localedir)\" @AIDE_DEFS@ -W -Wall -g + + CLEANFILES = conf_yacc.h conf_yacc.c conf_lex.c db_lex.c *~ + +diff -Naur aide-0.15.1.orig//src/db.c aide-0.15.1//src/db.c +--- aide-0.15.1.orig//src/db.c 2010-08-09 02:39:31.000000000 +0900 ++++ aide-0.15.1//src/db.c 2010-10-28 01:22:12.930091842 +0900 +@@ -27,6 +27,10 @@ + #include "db_file.h" + #include "db_disk.h" + ++#ifdef WITH_CURL ++#include "fopen.h" ++#endif ++ + #ifdef WITH_PSQL + #include "db_sql.h" + #endif diff --git a/app-forensics/aide/files/aide.conf b/app-forensics/aide/files/aide.conf new file mode 100644 index 000000000000..cef1813db9f8 --- /dev/null +++ b/app-forensics/aide/files/aide.conf @@ -0,0 +1,115 @@ +# AIDE conf + +database=file:/var/lib/aide/aide.db +database_out=file:/var/lib/aide/aide.db.new + +# Change this to "no" or remove it to not gzip output +# (only useful on systems with few CPU cycles to spare) +gzip_dbout=yes + +# Here are all the things we can check - these are the default rules +# +#p: permissions +#i: inode +#n: number of links +#u: user +#g: group +#s: size +#b: block count +#m: mtime +#a: atime +#c: ctime +#S: check for growing size +#md5: md5 checksum +#sha1: sha1 checksum +#rmd160: rmd160 checksum +#tiger: tiger checksum +#R: p+i+n+u+g+s+m+c+md5 +#L: p+i+n+u+g +#E: Empty group +#>: Growing logfile p+u+g+i+n+S +#haval: haval checksum +#gost: gost checksum +#crc32: crc32 checksum + +# Defines formerly set here have been moved to /etc/default/aide. + +# Custom rules +Binlib = p+i+n+u+g+s+b+m+c+md5+sha1 +ConfFiles = p+i+n+u+g+s+b+m+c+md5+sha1 +Logs = p+i+n+u+g+S +Devices = p+i+n+u+g+s+b+c+md5+sha1 +Databases = p+n+u+g +StaticDir = p+i+n+u+g +ManPages = p+i+n+u+g+s+b+m+c+md5+sha1 + +# Next decide what directories/files you want in the database + +# Kernel, system map, etc. +=/boot$ Binlib +# Binaries +/bin Binlib +/sbin Binlib +/usr/bin Binlib +/usr/sbin Binlib +/usr/local/bin Binlib +/usr/local/sbin Binlib +#/usr/games Binlib +# Libraries +/lib Binlib +/usr/lib Binlib +/usr/local/lib Binlib +# Log files +=/var/log$ StaticDir +#!/var/log/ksymoops +/var/log/aide/aide.log(.[0-9])?(.gz)? Databases +/var/log/aide/error.log(.[0-9])?(.gz)? Databases +#/var/log/setuid.changes(.[0-9])?(.gz)? Databases +!/var/log/aide +/var/log Logs +# Devices +!/dev/pts +# If you get spurious warnings about being unable to mmap() /dev/cpu/mtrr, +# you may uncomment this to get rid of them. They're harmless but sometimes +# annoying. +#!/dev/cpu/mtrr +#!/dev/xconsole +/dev Devices +# Other miscellaneous files +/var/run$ StaticDir +!/var/run +# Test only the directory when dealing with /proc +/proc$ StaticDir +!/proc + +# You can look through these examples to get further ideas + +# MD5 sum files - especially useful with debsums -g +#/var/lib/dpkg/info/([^\.]+).md5sums u+g+s+m+md5+sha1 + +# Check crontabs +#/var/spool/anacron/cron.daily Databases +#/var/spool/anacron/cron.monthly Databases +#/var/spool/anacron/cron.weekly Databases +#/var/spool/cron Databases +#/var/spool/cron/crontabs Databases + +# manpages can be trojaned, especially depending on *roff implementation +#/usr/man ManPages +#/usr/share/man ManPages +#/usr/local/man ManPages + +# docs +#/usr/doc ManPages +#/usr/share/doc ManPages + +# check users' home directories +#/home Binlib + +# check sources for modifications +#/usr/src L +#/usr/local/src L + +# Check headers for same +#/usr/include L +#/usr/local/include L diff --git a/app-forensics/aide/files/aide.cron b/app-forensics/aide/files/aide.cron new file mode 100755 index 000000000000..c28b78f8e9db --- /dev/null +++ b/app-forensics/aide/files/aide.cron @@ -0,0 +1,192 @@ +#!/bin/bash +# Modified: Benjamin Smee +# Date: Fri Sep 10 11:35:41 BST 2004 + +# This is the email address reports get mailed to +MAILTO=root@localhost + +# Set this to suppress mailings when there's nothing to report +QUIETREPORTS=1 + +# This parameter defines which aide command to run from the cron script. +# Sensible values are "update" and "check". +# Default is "check", ensuring backwards compatibility. +# Since "update" does not take any longer, it is recommended to use "update", +# so that a new database is created every day. The new database needs to be +# manually copied over the current one, though. +COMMAND=update + +# This parameter defines how many lines to return per e-mail. Output longer +# than this value will be truncated in the e-mail sent out. +LINES=1000 + +# This parameter gives a grep regular expression. If given, all output lines +# that _don't_ match the regexp are listed first in the script's output. This +# allows to easily remove noise from the aide report. +NOISE="(/var/cache/|/var/lib/|/var/tmp)" +PATH="/bin:/usr/bin:/sbin:/usr/sbin" +LOGDIR="/var/log/aide" +LOGFILE="aide.log" +CONFFILE="/etc/aide/aide.conf" +ERRORLOG="aide_error.log" +MAILLOG="aide_mail.log" +ERRORTMP=`tempfile --directory "/tmp" --prefix "$ERRORLOG"` + +[ -f /usr/bin/aide ] || exit 0 + +DATABASE=`grep "^database=file:/" $CONFFILE | head -n 1 | cut --delimiter=: --fields=2` +FQDN=`hostname -f` +DATE=`date +"at %Y-%m-%d %H:%M"` + +# default values + +DATABASE="${DATABASE:-/var/lib/aide/aide.db}" + +AIDEARGS="-V4" + +if [ ! -f $DATABASE ]; then + /usr/sbin/sendmail $MAILTO <<EOF +Subject: Daily AIDE report for $FQDN +From: root@${FQDN} +To: ${MAILTO} +Fatal error: The AIDE database does not exist! +This may mean you haven't created it, or it may mean that someone has removed it. +EOF + exit 0 +fi + +# Removed so no deps on debianutils - strerror +#[ -f "$LOGDIR/$LOGFILE" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$LOGFILE" > /dev/null +#[ -f "$LOGDIR/$ERRORLOG" ] && savelog -j -t -g adm -m 640 -u root -c 7 "$LOGDIR/$ERRORLOG" > /dev/null + +aide $AIDEARGS --$COMMAND >"$LOGDIR/$LOGFILE" 2>"$ERRORTMP" +RETVAL=$? + +if [ -n "$QUIETREPORTS" ] && [ $QUIETREPORTS -a \! -s $LOGDIR/$LOGFILE -a \! -s $ERRORTMP ]; then + # Bail now because there was no output and QUIETREPORTS is set + exit 0 +fi + +MAILTMP=`tempfile --directory "/tmp" --prefix "$MAILLOG"` + +(cat << EOF +This is an automated report generated by the Advanced Intrusion Detection +Environment on $FQDN ${DATE}. + +EOF + +# include error log in daily report e-mail + +if [ "$RETVAL" != "0" ]; then + cat > "$LOGDIR/$ERRORLOG" << EOF + +***************************************************************************** +* aide returned a non-zero exit value * +***************************************************************************** + +EOF + echo "exit value is: $RETVAL" >> "$LOGDIR/$ERRORLOG" +else + touch "$LOGDIR/$ERRORLOG" +fi +< "$ERRORTMP" cat >> "$LOGDIR/$ERRORLOG" +rm -f "$ERRORTMP" + +if [ -s "$LOGDIR/$ERRORLOG" ]; then + errorlines=`wc -l "$LOGDIR/$ERRORLOG" | awk '{ print $1 }'` + if [ ${errorlines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned many errors. * +* the error log output has been truncated in this mail * +**************************************************************************** + +EOF + echo "Error output is $errorlines lines, truncated to $LINES." + head -$LINES "$LOGDIR/$ERRORLOG" + echo "The full output can be found in $LOGDIR/$ERRORLOG." + else + echo "Errors produced ($errorlines lines):" + cat "$LOGDIR/$ERRORLOG" + fi +else + echo "AIDE produced no errors." +fi + +# include de-noised log + +if [ -n "$NOISE" ]; then + NOISETMP=`tempfile --directory "/tmp" --prefix "aidenoise"` + NOISETMP2=`tempfile --directory "/tmp" --prefix "aidenoise"` + sed -n '1,/^Detailed information about changes:/p' "$LOGDIR/$LOGFILE" | \ + grep '^\(changed\|removed\|added\):' | \ + grep -v "^added: THERE WERE ALSO [0-9]\+ FILES ADDED UNDER THIS DIRECTORY" > $NOISETMP2 + + if [ -n "$NOISE" ]; then + < $NOISETMP2 grep -v "^\(changed\|removed\|added\):$NOISE" > $NOISETMP + rm -f $NOISETMP2 + echo "De-Noised output removes everything matching $NOISE." + else + mv $NOISETMP2 $NOISETMP + echo "No noise expression was given." + fi + + if [ -s "$NOISETMP" ]; then + loglines=`< $NOISETMP wc -l | awk '{ print $1 }'` + if [ ${loglines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned long output which has been truncated in this mail * +**************************************************************************** + +EOF + echo "De-Noised output is $loglines lines, truncated to $LINES." + < $NOISETMP head -$LINES + echo "The full output can be found in $LOGDIR/$LOGFILE." + else + echo "De-Noised output of the daily AIDE run ($loglines lines):" + cat $NOISETMP + fi + else + echo "AIDE detected no changes after removing noise." + fi + rm -f $NOISETMP + echo "============================================================================" +fi + +# include non-de-noised log + +if [ -s "$LOGDIR/$LOGFILE" ]; then + loglines=`wc -l "$LOGDIR/$LOGFILE" | awk '{ print $1 }'` + if [ ${loglines:=0} -gt $LINES ]; then + cat << EOF + +**************************************************************************** +* aide has returned long output which has been truncated in this mail * +**************************************************************************** + +EOF + echo "Output is $loglines lines, truncated to $LINES." + head -$LINES "$LOGDIR/$LOGFILE" + echo "The full output can be found in $LOGDIR/$LOGFILE." + else + echo "Output of the daily AIDE run ($loglines lines):" + cat "$LOGDIR/$LOGFILE" + fi +else + echo "AIDE detected no changes." +fi +) > ${MAILTMP} + +( +cat <<EOF +Subject: Daily AIDE report for $FQDN +From: root@${FQDN} +To: ${MAILTO} +EOF +cat ${MAILTMP} +) | /usr/sbin/sendmail $MAILTO + +rm -f "$MAILTMP" diff --git a/app-forensics/aide/files/aideinit b/app-forensics/aide/files/aideinit new file mode 100755 index 000000000000..6a3c60c37837 --- /dev/null +++ b/app-forensics/aide/files/aideinit @@ -0,0 +1,145 @@ +#!/bin/sh +# Copyright 2003 Mike Markley <mike@markley.org> +# This script is free for any purpose whatseoever so long as the above +# copyright notice remains in place. +# +# Modified for Gentoo: Benjamin Smee +# Date: Fri Sep 10 11:36:04 BST 2004 + +# This is the email address reports get mailed to +MAILTO=root@localhost + +# Defaults +#MAILTO="${MAILTO:-root}" + +# Options +opt_f=0 +opt_y=0 +opt_c=0 +opt_b=0 +config="/etc/aide/aide.conf" + +aideinit_usage() { + echo "Usage: $0 [options] -- [aide options]" + echo " -y|--yes Overwrite output file" + echo " -f|--force Force overwrite of database" + echo " -c|--config Specify alternate config file" + echo " -o|--output Specify alternate output file" + echo " -d|--database Specify alternate database file" + echo " -b|--background Run in the background" +} + +while [ -n "$1" ]; do + case "$1" in + -h|--help) + aideinit_usage + exit 0 + ;; + -f|--force) + opt_f=1 + shift + ;; + -y|--yes) + opt_y=1 + shift + ;; + -b|--background) + opt_b=1 + shift + ;; + -o|--output) + shift + [ -z "$1" ] && aideinit_usage && exit 1 + outfile=$1 + shift + ;; + -d|--database) + shift + [ -z "$1" ] && aideinit_usage && exit 1 + dbfile=$1 + shift + ;; + -c|--config) + opt_c=1 + shift + [ -z "$1" ] && aideinit_usage && exit 1 + config=$1 + shift + ;; + --) + shift + break 2 + ;; + *) + echo "Unknown option $1 (use -- to delimit aideinit and aide options)" + exit + ;; + esac +done + +if [ ! -f "$config" ]; then + echo "$0: $config: file not found" + exit 1 +fi + +if [ -z "$outfile" ]; then + outfile=`egrep "database_out=file:" $config | cut -d: -f2` + [ -z "$outfile" ] && outfile="/var/lib/aide/aide.db.new" +fi +if [ -z "$dbfile" ]; then + dbfile=`egrep "database=file:" $config | cut -d: -f2` + [ -z "$dbfile" ] && dbfile="/var/lib/aide/aide.db" +fi + +if [ -f $outfile ]; then + if [ $opt_y -eq 0 ]; then + echo -n "Overwrite existing $outfile [Yn]? " + read yn + case "$yn" in + [Nn]*) + exit 0 + ;; + esac + fi +fi + +extraflags="" + +if [ $opt_c -eq 1 ]; then + extraflags="$extraflags --config $config" +fi + +if [ $opt_b -eq 1 ]; then + (aide --init $extraflags $@ >/var/log/aide/aideinit.log 2>/var/log/aide/aideinit.errors + if [ -f "$dbfile" -a $opt_f -eq 0 ]; then + echo "$dbfile exists and -f was not specified" >> /var/log/aide/aideinit.errors + fi + lines=`wc -l /var/log/aide/aideinit.errors | awk '{ print $1 }'` + if [ "$lines" -gt 0 ]; then + (echo "AIDE init errors:"; cat /var/log/aide/aideinit.errors) | /bin/mail -s "AIDE initialization problem" $MAILTO + else + cp -f $outfile $dbfile + fi) & + exit 0 +fi + +echo "Running aide --init..." +aide --init $extraflags $@ + +return=$? +if [ $return -ne 0 ]; then + echo "Something didn't quite go right; see $outfile for details" >&2 + exit $return +fi + +if [ -f "$dbfile" -a $opt_f -eq 0 ]; then + echo -n "Overwrite $dbfile [yN]? " + read yn + case "$yn" in + [yY]*) + cp -f $outfile $dbfile + ;; + esac +else + cp -f $outfile $dbfile +fi diff --git a/app-forensics/aide/metadata.xml b/app-forensics/aide/metadata.xml new file mode 100644 index 000000000000..5771cd3beb4d --- /dev/null +++ b/app-forensics/aide/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <use> + <flag name="audit">Enable support for <pkg>sys-process/audit</pkg></flag> + <flag name="prelink">Enable support for <pkg>sys-devel/prelink</pkg></flag> + </use> + <upstream> + <remote-id type="sourceforge">aide</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/air/Manifest b/app-forensics/air/Manifest new file mode 100644 index 000000000000..2959a9243ec1 --- /dev/null +++ b/app-forensics/air/Manifest @@ -0,0 +1 @@ +DIST air-2.0.0.tar.gz 82881 SHA256 4bfabeee1086e0a115c71ca3eaff3bf71976a6bc79bc92ff2478126d1243ad7f SHA512 3b22b0b2f07fd5bf89b576bb1d96d9bc372534f2063e99c7a9c4931fd927b0cc5c3fe832f0c0d51ceb95fe242fd0d3e4fe6bf59339dd2971b6afcd00106ea92c WHIRLPOOL 89c1cfd7d722897c899bbf10ca0ac1f39a0f8c0edf098bdb7fda315f83ff537f2c57fe3c760a05062f254152a76105f253b84da78c8090cc4a2ef16e52716c45 diff --git a/app-forensics/air/air-2.0.0-r1.ebuild b/app-forensics/air/air-2.0.0-r1.ebuild new file mode 100644 index 000000000000..5ea8f8c975ea --- /dev/null +++ b/app-forensics/air/air-2.0.0-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +DESCRIPTION="A GUI front-end to dd/dc3dd" +HOMEPAGE="http://air-imager.sourceforge.net/" +SRC_URI="mirror://sourceforge/air-imager/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ppc x86" +IUSE="crypt" + +# coreutils are needed for /usr/bin/split binary +COMMON_DEPEND="userland_GNU? ( sys-apps/coreutils )" + +DEPEND="${COMMON_DEPEND} + >=dev-perl/perl-tk-804.27.0 + userland_GNU? ( app-arch/sharutils )" + +# TODO: air can utilize dc3dd, but it is not in portage ATM +RDEPEND="${COMMON_DEPEND} + app-arch/mt-st + net-analyzer/netcat + crypt? ( net-analyzer/cryptcat )" + +src_install() { + export PERLTK_VER=`perl -e 'use Tk;print "$Tk::VERSION";'` + + env INTERACTIVE=no INSTALL_DIR="${D}/usr" TEMP_DIR="${T}" \ + FINAL_INSTALL_DIR=/usr \ + ./install-${P} \ + || die "failed to install - please attach ${T}/air-install.log to a bug report at http://bugs.gentoo.org" + + dodoc README + + dodoc "${T}/air-install.log" + + fowners root:users /usr/share/air/logs + fperms ug+rwx /usr/share/air/logs + fperms a+x /usr/bin/air + + mkfifo "${D}usr/share/air/air-fifo" || die "pipe creation failed" + fperms ug+rw /usr/share/air/air-fifo + fowners root:users /usr/share/air/air-fifo +} + +pkg_postinst() { + elog "The author, steve@unixgurus.com, would appreciate an email of the install file /usr/share/doc/${PF}/air-install.log" +} diff --git a/app-forensics/air/metadata.xml b/app-forensics/air/metadata.xml new file mode 100644 index 000000000000..9f20c12db63e --- /dev/null +++ b/app-forensics/air/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <upstream> + <remote-id type="sourceforge">air-imager</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/autopsy/Manifest b/app-forensics/autopsy/Manifest new file mode 100644 index 000000000000..45a46dcdebbd --- /dev/null +++ b/app-forensics/autopsy/Manifest @@ -0,0 +1 @@ +DIST autopsy-2.24.tar.gz 387873 SHA256 ab787f519942783d43a561d12be0554587f11f22bc55ab79d34d8da703edc09e SHA512 09cd337c2c6e095c533cba449684b36e4a926cbe5736be6da4f644e733525069984550b5b76a902a32d797ac311218a2ec88626603f1dd4381d52f3f94d3cedb WHIRLPOOL 3dbc39cf3a16920f6816b7a0bf50939624d8d4ce455342ba3e6114a3993ffa3df2518612c96c885cad93f59d574994c46056cf8e686d389aebb2005d0d8bc9c7 diff --git a/app-forensics/autopsy/autopsy-2.24-r1.ebuild b/app-forensics/autopsy/autopsy-2.24-r1.ebuild new file mode 100644 index 000000000000..df58e624c407 --- /dev/null +++ b/app-forensics/autopsy/autopsy-2.24-r1.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +DESCRIPTION="A graphical interface to the digital forensic analysis tools in The Sleuth Kit" +HOMEPAGE="http://www.sleuthkit.org/autopsy/" +SRC_URI="mirror://sourceforge/autopsy/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~hppa ppc x86" +IUSE="" + +# Runtime depend on grep and file deliberate +RDEPEND=">=dev-lang/perl-5.8.0 + >=app-forensics/sleuthkit-3.0.0 + sys-apps/grep + sys-apps/file" +DEPEND="" + +src_configure() { + ./configure 2>&1 >/dev/null <<-EOF + n + /tmp + EOF + + cat <<-EOF > autopsy + #!/usr/bin/perl -wT + use lib '/usr/lib/autopsy/'; + use lib '/usr/lib/autopsy/lib/'; + EOF + cat base/autopsy.base >> autopsy + + sed -i 's:conf.pl:/etc/autopsy.pl:' $(grep -lr conf\.pl ./) + sed -i "s:INSTALLDIR = .*:INSTALLDIR = \'/usr/lib/autopsy\';:" conf.pl +} + +src_compile() { :; } + +src_install() { + insinto /usr/lib/autopsy + doins autopsy + doins global.css + insinto /usr/lib/autopsy/help + doins help/* + insinto /usr/lib/autopsy/lib + doins lib/* + insinto /usr/lib/autopsy/pict + doins pict/* + insinto /etc + newins conf.pl autopsy.pl + + dodir /usr/bin + dosym /usr/lib/autopsy/autopsy /usr/bin/autopsy + fperms +x /usr/lib/autopsy/autopsy + + doman $(find man/ -type f) + dodoc CHANGES.txt README* TODO.txt docs/sleuthkit-informer*.txt +} diff --git a/app-forensics/autopsy/metadata.xml b/app-forensics/autopsy/metadata.xml new file mode 100644 index 000000000000..a0f79f2db3b1 --- /dev/null +++ b/app-forensics/autopsy/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <upstream> + <remote-id type="sourceforge">autopsy</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/chkrootkit/Manifest b/app-forensics/chkrootkit/Manifest new file mode 100644 index 000000000000..e54ddf4adfc4 --- /dev/null +++ b/app-forensics/chkrootkit/Manifest @@ -0,0 +1,4 @@ +DIST chkrootkit-0.48-gentoo.diff.bz2 4534 SHA256 af7cdac03a2357615e6a6973c8f892b7541912e05c90b4e876eb1c0c8976d7dc SHA512 926c6913cc9a13f5578070e48301c6f3ff026d3f4df236dcf4b53e092ba4ba288f7d77fa8d8c7268e0e3c21921ae20b4027898e872c59a0cb1c451961bf862fb WHIRLPOOL b836f0846d5dbdcfb1a17f89328be62428107789b463537b0eb4daf9547771c6227d3caa37921a6030ae949ed1fbcb5dd38a24b98c4f08e7148218e304df5ece +DIST chkrootkit-0.48.tar.gz 38323 SHA256 b4b3d3540a7022aa7a81cae93f28c8475bc2660a21f88126725624c09769f1fb SHA512 df0348a1abd70ff905979ecead1e99b3fef1d706062112e3461e1e6b76e490e36466d46d254a02a2033e67e9774cfeb44ebff29fcc62a217e7a0e7843a239a24 WHIRLPOOL 76f9986dc0291789d16ae4ab1adb8c24b53c1013ad0984f9efe706aa52d0fb539ffc636ad738e3bc347081efad8f20c888d58cbb6a9619a540e9b383f7cd59ef +DIST chkrootkit-0.49-gentoo.diff.bz2 5472 SHA256 85a01c8bb159420fc7681b5f3ec6529bc69cf10b3484daee0a5c126ef4a7b5d8 SHA512 4121d09f7bb6ad7d3f2ed42c914087f4724877def3c591fd6b7fa8e2b2b23a1b32b1bb1ba94dc079914c967d2483ebd614582b13afb4c1c801701a58ada89b62 WHIRLPOOL 25df5424700c72d19201faf6555790b04b878af3ef185f52f44807e018701926cd9e8d112343b86168ad6688df8fffcc2829c11886d8f628b03ff7f63f1ac7d0 +DIST chkrootkit-0.49.tar.gz 39421 SHA256 ccb87be09e8923d51f450a167f484414f70c36c942f8ef5b9e5e4a69b7baa17f SHA512 b796547fc483635ff6ee4e953f7dda34913189459de05b547522b79f8edeef5adae72cc05515b8ff9382cbabffd93cae7d114a40636e14c55da513bb42b05909 WHIRLPOOL c94f96f185ae5f5dd038a7b2ffd9603ee8c0f2fcbaeb3eb73d20260898f1677a2c1aad5cd6a257b29ca540d02916dca59434ff10b807567447889cf23f65b25e diff --git a/app-forensics/chkrootkit/chkrootkit-0.48-r1.ebuild b/app-forensics/chkrootkit/chkrootkit-0.48-r1.ebuild new file mode 100644 index 000000000000..e6bd4434106c --- /dev/null +++ b/app-forensics/chkrootkit/chkrootkit-0.48-r1.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils toolchain-funcs + +DESCRIPTION="a tool to locally check for signs of a rootkit" +HOMEPAGE="http://www.chkrootkit.org/" +SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz + mirror://gentoo/${P}-gentoo.diff.bz2" + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86" +IUSE="" + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${WORKDIR}/${P}-gentoo.diff" + epatch "${FILESDIR}/${P}-shell-history-anomalies.diff" + epatch "${FILESDIR}/${P}-chkutmp.c-some-overruns-fixes.patch" + sed -i 's:/var/adm/:/var/log/:g' chklastlog.c || die "sed chklastlog.c failed" +} + +src_compile() { + emake CC=$(tc-getCC) STRIP=true sense || die "emake sense failed" +} + +src_install() { + dosbin chkdirs chklastlog chkproc chkrootkit chkwtmp chkutmp ifpromisc \ + strings-static || die + dodoc ACKNOWLEDGMENTS README* + + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/${PN}.cron ${PN} || die +} + +pkg_postinst() { + echo + elog "Edit /etc/cron.weekly/chkrootkit to activate chkrootkit!" + elog + elog "Some applications, such as portsentry, will cause chkrootkit" + elog "to produce false positives. Read the chkrootkit FAQ at" + elog "http://www.chkrootkit.org/ for more information." + echo +} diff --git a/app-forensics/chkrootkit/chkrootkit-0.49.ebuild b/app-forensics/chkrootkit/chkrootkit-0.49.ebuild new file mode 100644 index 000000000000..9d2a7fcd67f4 --- /dev/null +++ b/app-forensics/chkrootkit/chkrootkit-0.49.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils toolchain-funcs + +DESCRIPTION="Tool to locally check for signs of a rootkit" +HOMEPAGE="http://www.chkrootkit.org/" +SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz + mirror://gentoo/${P}-gentoo.diff.bz2" + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86" +IUSE="+cron" + +RDEPEND="cron? ( virtual/cron )" + +src_prepare() { + epatch "${WORKDIR}"/${P}-gentoo.diff + sed -i 's:/var/adm/:/var/log/:g' chklastlog.c || die "sed chklastlog.c failed" +} + +src_compile() { + emake CC="$(tc-getCC)" STRIP=true sense +} + +src_install() { + dosbin chkdirs chklastlog chkproc chkrootkit chkwtmp chkutmp ifpromisc strings-static + dodoc ACKNOWLEDGMENTS README* + + if use cron ; then + exeinto /etc/cron.weekly + newexe "${FILESDIR}"/${PN}.cron ${PN} + fi +} + +pkg_postinst() { + if use cron ; then + elog + elog "Edit /etc/cron.weekly/chkrootkit to activate chkrootkit!" + elog + fi + + elog + elog "Some applications, such as portsentry, will cause chkrootkit" + elog "to produce false positives. Read the chkrootkit FAQ at" + elog "http://www.chkrootkit.org/ for more information." + elog +} diff --git a/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch b/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch new file mode 100644 index 000000000000..09ba065a0697 --- /dev/null +++ b/app-forensics/chkrootkit/files/chkrootkit-0.48-chkutmp.c-some-overruns-fixes.patch @@ -0,0 +1,57 @@ +=== modified file 'chkutmp.c' +--- chkutmp.c 2008-10-06 19:07:51 +0000 ++++ chkutmp.c 2007-10-20 07:56:19 +0000 +@@ -23,6 +23,7 @@ + * + * Changelog: + * Ighighi X - Improved speed via break command - 2005/03/27 ++ * Stewart Gebbie - fixed buffer overrun bug related to MAXREAD and UT_PIDLENGTH - 2007-10-20 + * + */ + +@@ -42,7 +43,7 @@ + #endif + #include <ctype.h> + +-#define MAXREAD 1024 ++#define MAXREAD 4096 + #define MAXBUF 4096 + #define MAXLENGTH 256 + #define UT_PIDSIZE 12 +@@ -57,13 +58,13 @@ + #endif + + struct ps_line { +- char ps_tty[UT_LINESIZE]; +- char ps_user[UT_NAMESIZE]; +- char ps_args[MAXLENGTH]; ++ char ps_tty[UT_LINESIZE+1]; ++ char ps_user[UT_NAMESIZE+1]; ++ char ps_args[MAXLENGTH+1]; + int ps_pid; + }; + struct utmp_line { +- char ut_tty[UT_LINESIZE]; ++ char ut_tty[UT_LINESIZE+1]; + int ut_pid; + int ut_type; + }; +@@ -77,7 +78,7 @@ + int fetchps(struct ps_line *psl_p) + { + FILE *ps_fp; +- char line[MAXREAD + 1], pid[UT_PIDSIZE]; ++ char line[MAXREAD + 1], pid[UT_PIDSIZE+1]; + char *s, *d; + struct ps_line *curp = &psl_p[0]; + struct ps_line *endp = &psl_p[MAXBUF]; +@@ -97,7 +98,7 @@ + while (isspace(*s)) /* skip spaces */ + s++; + d = pid; +- for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_LINESIZE; x++) /* grab pid */ ++ for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_PIDSIZE; x++) /* grab pid */ + ; + *d = '\0'; + curp->ps_pid = atoi(pid); + diff --git a/app-forensics/chkrootkit/files/chkrootkit-0.48-shell-history-anomalies.diff b/app-forensics/chkrootkit/files/chkrootkit-0.48-shell-history-anomalies.diff new file mode 100644 index 000000000000..b0a5615d7264 --- /dev/null +++ b/app-forensics/chkrootkit/files/chkrootkit-0.48-shell-history-anomalies.diff @@ -0,0 +1,21 @@ +http://bugs.gentoo.org/show_bug.cgi?id=226067 + +*** a/chkrootkit Thu Jun 12 15:20:01 2008 +--- b/chkrootkit Thu Jun 12 15:28:09 2008 +*************** +*** 1098,1104 **** + echo "Warning: \`${files}' file size is zero" + files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)` + [ ! -z "${files1}" ] && \ +! echo "Warning: \`${files}' is linked to another file" + fi + if [ -z "${files}" -a -z "${files1}" ]; then + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi +--- 1098,1104 ---- + echo "Warning: \`${files}' file size is zero" + files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)` + [ ! -z "${files1}" ] && \ +! echo "Warning: \`${files1}' is linked to another file" + fi + if [ -z "${files}" -a -z "${files1}" ]; then + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi diff --git a/app-forensics/chkrootkit/files/chkrootkit.cron b/app-forensics/chkrootkit/files/chkrootkit.cron new file mode 100644 index 000000000000..9f7eb17b13b1 --- /dev/null +++ b/app-forensics/chkrootkit/files/chkrootkit.cron @@ -0,0 +1,6 @@ +#!/bin/sh +# +# uncomment this to make it work +# + +#exec /usr/sbin/chkrootkit -q diff --git a/app-forensics/chkrootkit/metadata.xml b/app-forensics/chkrootkit/metadata.xml new file mode 100644 index 000000000000..710ea088e6a5 --- /dev/null +++ b/app-forensics/chkrootkit/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <use> + <flag name="cron">Install cron script for weekly rootkit scans</flag> + </use> +</pkgmetadata> diff --git a/app-forensics/cmospwd/Manifest b/app-forensics/cmospwd/Manifest new file mode 100644 index 000000000000..a15697ed4533 --- /dev/null +++ b/app-forensics/cmospwd/Manifest @@ -0,0 +1 @@ +DIST cmospwd-5.1.tar.bz2 36792 SHA256 f296d2979794b0a6b726b80afc92e4d059c65dc2612a4b09377c168833d862f4 SHA512 eb76bbab2e686b54421556c5228b90a35c2883d59b31815ab04494df8e2d03e7193abdd83c4a7fa5915abdff1f189eb69bd29fc02ea9d84565ea8767e2c455a8 WHIRLPOOL 36cc687951d0bb2fd329b70984936aca0ca024b208418643af88e24d737cadb7810c7676db21274942e0f11662beb1e4e2a3fe981fbe0adc5986817ea44beda3 diff --git a/app-forensics/cmospwd/cmospwd-5.1.ebuild b/app-forensics/cmospwd/cmospwd-5.1.ebuild new file mode 100644 index 000000000000..e1c3ebafff5a --- /dev/null +++ b/app-forensics/cmospwd/cmospwd-5.1.ebuild @@ -0,0 +1,26 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit toolchain-funcs + +DESCRIPTION="CmosPwd decrypts password stored in cmos used to access BIOS SETUP" +HOMEPAGE="http://www.cgsecurity.org/wiki/CmosPwd" +SRC_URI="http://www.cgsecurity.org/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="" + +src_compile() { + cd src + $(tc-getCC) ${CFLAGS} ${LDFLAGS} cmospwd.c -o cmospwd || die +} + +src_install() { + dosbin src/cmospwd + dodoc cmospwd.txt +} diff --git a/app-forensics/cmospwd/metadata.xml b/app-forensics/cmospwd/metadata.xml new file mode 100644 index 000000000000..f2f257b19a0a --- /dev/null +++ b/app-forensics/cmospwd/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <longdescription> + CmosPwd decrypts password stored in cmos used to access BIOS SETUP. + + Works with the following BIOSes + - ACER/IBM BIOS + - AMI BIOS + - AMI WinBIOS 2.5 + - Award 4.5x/4.6x/6.0 + - Compaq (1992) + - Compaq (New version) + - IBM (PS/2, Activa, Thinkpad) + - Packard Bell + - Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107 + - Phoenix 4 release 6 (User) + - Gateway Solo - Phoenix 4.0 release 6 + - Toshiba + - Zenith AMI + </longdescription> +</pkgmetadata> diff --git a/app-forensics/examiner/Manifest b/app-forensics/examiner/Manifest new file mode 100644 index 000000000000..0afb38f5f844 --- /dev/null +++ b/app-forensics/examiner/Manifest @@ -0,0 +1 @@ +DIST examiner-0.5.tar.gz 34286 SHA256 720695f6b816eadb02a2a714f47ff6218a137f5116c5dc3c227fb6c198669cba SHA512 d10866f654e19e1c69e28488e39828026af65201fadb56cbed01a7fbab51069fe93476c6108927d042322ac8d15bb249f911acc412aad94985b4030c6c7e6d6b WHIRLPOOL aa238536d94dbbef9b8b5b8cc51d3d2c35beaa08d9134c3a14b33c23583e1cf662d0b359e23238ba298a93e09504abec06714b19466391f9623e613b16d7517a diff --git a/app-forensics/examiner/examiner-0.5-r2.ebuild b/app-forensics/examiner/examiner-0.5-r2.ebuild new file mode 100644 index 000000000000..db1da1583bca --- /dev/null +++ b/app-forensics/examiner/examiner-0.5-r2.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils + +DESCRIPTION="Application that utilizes the objdump command to disassemble and comment foreign executable binaries" +HOMEPAGE="http://www.academicunderground.org/examiner/" +SRC_URI="http://www.academicunderground.org/examiner/${P}.tar.gz" +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="amd64 ppc x86" +IUSE="" + +DEPEND="" +RDEPEND="dev-lang/perl" + +src_prepare() { + # Do not install docs through Makefile wrt bug #241256 + sed -i -e '/$(DOC)/d' Makefile || die 'sed failed' + epatch "${FILESDIR}"/${P}-perl.patch +} + +src_compile() { :; } + +src_install() { + dodir /usr/bin /usr/share/${PN} /usr/share/man/man1 + + emake \ + MAN="${D}/usr/share/man/man1" \ + BIN="${D}/usr/bin" \ + SHARE="${D}/usr/share/examiner" \ + install + + dodoc docs/{README*,BUGS,CHANGELOG,TODO,TUTORIAL} + dodoc -r utils +} diff --git a/app-forensics/examiner/files/examiner-0.5-perl.patch b/app-forensics/examiner/files/examiner-0.5-perl.patch new file mode 100644 index 000000000000..ee24bfd9c079 --- /dev/null +++ b/app-forensics/examiner/files/examiner-0.5-perl.patch @@ -0,0 +1,38 @@ +--- ./os/linux/examiner_hashes.pl.orig 2005-05-22 10:39:56.000000000 +1000 ++++ ./os/linux/examiner_hashes.pl 2005-05-22 10:40:11.000000000 +1000 +@@ -1,6 +1,6 @@ + $loaded_library=1; + +-syscalls = ( ++$syscalls = ( + 1 => "exit", + 2 => "fork", + 3 => "read", +@@ -240,7 +240,7 @@ + 237 => "fremovexattr", + ); + +-socketcall = ( ++$socketcall = ( + 1 => "SOCKET", + 2 => "BIND", + 3 => "CONNECT", +--- os/bsd/examiner_hashes.pl.orig 2005-05-22 10:45:39.000000000 +1000 ++++ os/bsd/examiner_hashes.pl 2005-05-22 10:45:58.000000000 +1000 +@@ -1,6 +1,6 @@ + $loaded_library=1; + +-syscalls = ( ++$syscalls = ( + 1 => "exit", + 2 => "fork", + 3 => "read", +@@ -186,7 +186,7 @@ + 281 => "MAXSYSCALL", + ); + +-socketcall = ( ++$socketcall = ( + 1 => "SOCKET", + 2 => "BIND", + 3 => "CONNECT", diff --git a/app-forensics/examiner/metadata.xml b/app-forensics/examiner/metadata.xml new file mode 100644 index 000000000000..2ff523b91b12 --- /dev/null +++ b/app-forensics/examiner/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>forensics</herd> +</pkgmetadata> diff --git a/app-forensics/foremost/Manifest b/app-forensics/foremost/Manifest new file mode 100644 index 000000000000..b44af48fa976 --- /dev/null +++ b/app-forensics/foremost/Manifest @@ -0,0 +1,2 @@ +DIST foremost-0.69.tar.gz 27719 SHA256 de807aaf2ffb71d9d7ec296f66781aa5e426d2ae186a100a00ceedb0cd30ae03 SHA512 3d25e62995f7da0e47ffbd9b90ac2d1a6a870ae0e310eb46b8332e914372008c44abe6ef504f875de60d22cfdfac439e53ec65d7cae255d4a989ee9cfa1020b6 WHIRLPOOL 6435cb6fcdb89add7179910a707a52d89052db67daae58a18b754c6983420bdfcbb00219eb4d3e0684c290b0d9976a71c5a216f56a55fa93963ce91e83fcf6c0 +DIST foremost-1.5.7.tar.gz 52352 SHA256 502054ef212e3d90b292e99c7f7ac91f89f024720cd5a7e7680c3d1901ef5f34 SHA512 8827c29d52496783be26374f3943eb26a154d842f34e50fb489f87b3a5045bf85f1e44d7d8d8b12b2355ba3fe4b06a0db979cc22c0f431593c5976001eb931ab WHIRLPOOL 85224ce66845d01560810da3522d74d19ade08ac516b48ccac86892749e26c3bf464fe82abf30fd65f8d85b0712ba10d4c807084359c594e059a06752899b941 diff --git a/app-forensics/foremost/files/foremost-1.4-config-location.patch b/app-forensics/foremost/files/foremost-1.4-config-location.patch new file mode 100644 index 000000000000..95372e1af9c0 --- /dev/null +++ b/app-forensics/foremost/files/foremost-1.4-config-location.patch @@ -0,0 +1,12 @@ +diff -uNr foremost-1.4.orig/config.c foremost-1.4/config.c +--- foremost-1.4.orig/config.c 2006-08-31 17:50:47.000000000 +0100 ++++ foremost-1.4/config.c 2006-08-31 17:51:09.000000000 +0100 +@@ -288,7 +288,7 @@ + #ifdef __WIN32 + set_config_file(s, "/Program Files/foremost/foremost.conf"); + #else +- set_config_file(s, "/usr/local/etc/foremost.conf"); ++ set_config_file(s, "/etc/foremost.conf"); + #endif + if ((f = fopen(get_config_file(s), "r")) == NULL) + { diff --git a/app-forensics/foremost/files/foremost-1.5.7-format-security.patch b/app-forensics/foremost/files/foremost-1.5.7-format-security.patch new file mode 100644 index 000000000000..32d1a4d3c7f6 --- /dev/null +++ b/app-forensics/foremost/files/foremost-1.5.7-format-security.patch @@ -0,0 +1,22 @@ +diff --git a/extract.c b/extract.c +index 30bdf54..9639117 100755 +--- a/extract.c ++++ b/extract.c +@@ -2110,7 +2110,6 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda + int i = 0; + time_t compile_time = 0; + struct tm *ret_time; +- char comment[32]; + char ascii_time[32]; + + if (buflen < 100) +@@ -2145,8 +2144,7 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda + ret_time->tm_sec); + chop(ascii_time); + +- sprintf(comment, ascii_time); +- strcat(needle->comment, comment); ++ strcat(needle->comment, ascii_time); + exe_char = htos(&foundat[22], FOREMOST_LITTLE_ENDIAN); + if (exe_char & 0x2000) + { diff --git a/app-forensics/foremost/foremost-0.69.ebuild b/app-forensics/foremost/foremost-0.69.ebuild new file mode 100644 index 000000000000..a6c11825d3eb --- /dev/null +++ b/app-forensics/foremost/foremost-0.69.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit toolchain-funcs + +DESCRIPTION="A console program to recover files based on their headers and footers" +HOMEPAGE="http://foremost.sourceforge.net/" +SRC_URI="http://foremost.sourceforge.net/pkg/${P}.tar.gz" + +KEYWORDS="~amd64 ppc x86" +IUSE="" +LICENSE="public-domain" +SLOT="0" + +src_compile() { + emake CC_OPTS="${CFLAGS}" CC="$(tc-getCC)" || die "emake failed" +} + +src_install() { + dobin foremost || die "dobin failed" + doman foremost.1 + dodoc foremost.conf README CHANGES TODO +} diff --git a/app-forensics/foremost/foremost-1.5.7-r1.ebuild b/app-forensics/foremost/foremost-1.5.7-r1.ebuild new file mode 100644 index 000000000000..4803113d4f32 --- /dev/null +++ b/app-forensics/foremost/foremost-1.5.7-r1.ebuild @@ -0,0 +1,35 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="A console program to recover files based on their headers and footers" +HOMEPAGE="http://foremost.sourceforge.net/" +#SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" +# starting to hate sf.net ... +SRC_URI="http://foremost.sourceforge.net/pkg/${P}.tar.gz" + +KEYWORDS="amd64 ppc x86" +IUSE="" +LICENSE="public-domain" +SLOT="0" + +src_prepare() { + epatch "${FILESDIR}/${PN}-1.4-config-location.patch" +} + +src_compile() { + emake RAW_FLAGS="${CFLAGS} -Wall ${LDFLAGS}" RAW_CC="$(tc-getCC) -DVERSION=\\\"${PV}\\\"" \ + CONF=/etc +} + +src_install() { + dobin foremost + doman foremost.8.gz + insinto /etc + doins foremost.conf + dodoc README CHANGES +} diff --git a/app-forensics/foremost/foremost-1.5.7-r2.ebuild b/app-forensics/foremost/foremost-1.5.7-r2.ebuild new file mode 100644 index 000000000000..aea55789ecbe --- /dev/null +++ b/app-forensics/foremost/foremost-1.5.7-r2.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="A console program to recover files based on their headers and footers" +HOMEPAGE="http://foremost.sourceforge.net/" +#SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" +# starting to hate sf.net ... +SRC_URI="http://foremost.sourceforge.net/pkg/${P}.tar.gz" + +KEYWORDS="amd64 ppc x86" +IUSE="" +LICENSE="public-domain" +SLOT="0" + +src_prepare() { + epatch "${FILESDIR}/${PN}-1.4-config-location.patch" + epatch "${FILESDIR}/${PN}-1.5.7-format-security.patch" +} + +src_compile() { + emake RAW_FLAGS="${CFLAGS} -Wall ${LDFLAGS}" RAW_CC="$(tc-getCC) -DVERSION=\\\"${PV}\\\"" \ + CONF=/etc +} + +src_install() { + dobin foremost + doman foremost.8.gz + insinto /etc + doins foremost.conf + dodoc README CHANGES +} diff --git a/app-forensics/foremost/metadata.xml b/app-forensics/foremost/metadata.xml new file mode 100644 index 000000000000..02136aff8c0a --- /dev/null +++ b/app-forensics/foremost/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>forensics</herd> +<maintainer> + <email>ikelos@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/app-forensics/galleta/Manifest b/app-forensics/galleta/Manifest new file mode 100644 index 000000000000..af592d03d622 --- /dev/null +++ b/app-forensics/galleta/Manifest @@ -0,0 +1 @@ +DIST galleta_20040505_1.tar.gz 2813 SHA256 87abe3c8354921cbf28eb471d9466ea4b3c144ce18096e1eab465596e9fe6d04 SHA512 7c420a413371cd9d7d818941026bc6981c8a749b8d3c97a9f0fc867116f9e642a06ad2832ded6de08780ed24885c2de7e8b655400569cb7ae56844161308dc3d WHIRLPOOL d6bb0fb8a003b0826de5d84f7a3db335170e5525cbceeec24055ef22df837549d0a22caea23473d1282ea887aab0d0ed6f989eba126d0e3b266284a91ddb88fc diff --git a/app-forensics/galleta/galleta-20040505_p1.ebuild b/app-forensics/galleta/galleta-20040505_p1.ebuild new file mode 100644 index 000000000000..01eb4071888d --- /dev/null +++ b/app-forensics/galleta/galleta-20040505_p1.ebuild @@ -0,0 +1,26 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit toolchain-funcs + +MY_P=${PN}_${PV/_p/_} +DESCRIPTION="IE Cookie Parser" +HOMEPAGE="http://sourceforge.net/projects/odessa/" +SRC_URI="mirror://sourceforge/odessa/${MY_P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc x86" +IUSE="" + +S=${WORKDIR}/${MY_P} + +src_compile() { + cd src + $(tc-getCC) ${CFLAGS} ${LDFLAGS} -o galleta galleta.c -lm -lc || die "failed to compile" +} + +src_install() { + dodoc Readme.txt + dobin src/galleta +} diff --git a/app-forensics/galleta/metadata.xml b/app-forensics/galleta/metadata.xml new file mode 100644 index 000000000000..259976d9a211 --- /dev/null +++ b/app-forensics/galleta/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <upstream> + <remote-id type="sourceforge">odessa</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/libbfio/Manifest b/app-forensics/libbfio/Manifest new file mode 100644 index 000000000000..bd5416b2ad62 --- /dev/null +++ b/app-forensics/libbfio/Manifest @@ -0,0 +1,3 @@ +DIST libbfio-alpha-20120425.tar.gz 1569560 SHA256 5b645f9a1da7dc96fcb0ca778c7a5c9f4bcefa95bbdda0786883007cd1497070 SHA512 058d5018202c404d789531f308b66d9e72924f4ce9d6365477c84a327a3fe2a4efb9cd0cc173f29dbf2d18cf366772e5577ffea6d0953b752865cbdf4da48c20 WHIRLPOOL 76adf2d5baaa27d86eb5024d9a1e2394323809f8f1f5fa4e3e72f703ccbadf8f81c4778b0ddfec1aa935d81133a5cea279ed33e36b1569ed1f89948a6fa5eca7 +DIST libbfio-alpha-20130609.tar.gz 1858612 SHA256 bf90af77d6894ff91d9973c33c0a5a63accea454b9e601275c7c52f578203dd4 SHA512 b2f46c7631aa8dca63d6e915c69ba6136f0f777f138708c4751e24f3e96a2399721182ce281e032b617b17ce631876cefb8ef686b9bd1cb866f9f1033d1dd18b WHIRLPOOL 438f9c48d2da78649bb9a0a5d12f5d66a2b695dd5816bc5bd5e063f02df171abd05c46e16db70da664de830202f988ca4c009e1cd747365a834728a60e414d52 +DIST libbfio-alpha-20130721.tar.gz 1899281 SHA256 153a31fde7b6e5af1ba991acf32ddb59ff1c11e390e6b4eb3b46da708f1313c1 SHA512 9a9e8f913e145d5dcf5ee94351b4023a8d35492f5c9c3863f4caf0850e45f1b9c79ee3ec7e0565f85f91d11ff25d134f2c770b176e3e1888b78c984fe4b8c2a8 WHIRLPOOL b4e9c66d2d2753aaaf2ac0719f5a9f4f874a46aa9f5c75d523a6c33a2571827c628840b868083e6ff440d55f88c64e99fab6574fd8d1adea16063e34afd7612c diff --git a/app-forensics/libbfio/libbfio-0.0.20120425_alpha.ebuild b/app-forensics/libbfio/libbfio-0.0.20120425_alpha.ebuild new file mode 100644 index 000000000000..5f7cd0969d4d --- /dev/null +++ b/app-forensics/libbfio/libbfio-0.0.20120425_alpha.ebuild @@ -0,0 +1,28 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit versionator + +MY_DATE="$(get_version_component_range 3)" + +DESCRIPTION="Library for providing a basic file input/output abstraction layer" +HOMEPAGE="http://code.google.com/p/libbfio/" +SRC_URI="http://dev.pentoo.ch/~zero/distfiles/${PN}-alpha-${MY_DATE}.tar.gz" + +LICENSE="LGPL-3" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +IUSE="unicode" + +S="${WORKDIR}/${PN}-${MY_DATE}" + +src_configure() { + econf $(use_enable unicode wide-character-type) +} + +src_install() { + emake install DESTDIR="${D}" || die "Failed to install" +} diff --git a/app-forensics/libbfio/libbfio-0.0.20130609_alpha.ebuild b/app-forensics/libbfio/libbfio-0.0.20130609_alpha.ebuild new file mode 100644 index 000000000000..1c8afe4f255f --- /dev/null +++ b/app-forensics/libbfio/libbfio-0.0.20130609_alpha.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit versionator + +MY_DATE="$(get_version_component_range 3)" + +DESCRIPTION="Library for providing a basic file input/output abstraction layer" +HOMEPAGE="http://code.google.com/p/libbfio/" +SRC_URI="http://dev.pentoo.ch/~zero/distfiles/${PN}-alpha-${MY_DATE}.tar.gz" + +LICENSE="LGPL-3" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="unicode" + +S="${WORKDIR}/${PN}-${MY_DATE}" + +src_configure() { + econf $(use_enable unicode wide-character-type) +} diff --git a/app-forensics/libbfio/libbfio-0.0.20130721.ebuild b/app-forensics/libbfio/libbfio-0.0.20130721.ebuild new file mode 100644 index 000000000000..1a1b288c1021 --- /dev/null +++ b/app-forensics/libbfio/libbfio-0.0.20130721.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit versionator + +MY_DATE="$(get_version_component_range 3)" + +DESCRIPTION="Library for providing a basic file input/output abstraction layer" +HOMEPAGE="http://code.google.com/p/libbfio/" +SRC_URI="http://dev.pentoo.ch/~zero/distfiles/${PN}-alpha-${MY_DATE}.tar.gz" + +LICENSE="LGPL-3" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +IUSE="unicode" + +S="${WORKDIR}/${PN}-${MY_DATE}" + +src_configure() { + econf $(use_enable unicode wide-character-type) +} diff --git a/app-forensics/libbfio/metadata.xml b/app-forensics/libbfio/metadata.xml new file mode 100644 index 000000000000..af67b19a8a02 --- /dev/null +++ b/app-forensics/libbfio/metadata.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer> +<email>zerochaos@gentoo.org</email> +<name>Rick Farina</name> +</maintainer> +</pkgmetadata> + diff --git a/app-forensics/libewf/Manifest b/app-forensics/libewf/Manifest new file mode 100644 index 000000000000..5d51f67ec1b5 --- /dev/null +++ b/app-forensics/libewf/Manifest @@ -0,0 +1,7 @@ +DIST libewf-20130128.tar.gz 1978794 SHA256 769a5662299485f98d50ef484e73da23813827ac52a2963b67a3e3416fd663d5 SHA512 94cdd0c3f0d8f535f3462c5adba266302f9b129abacda077ed429fa38af6862fca5a90ba2e606b78607b509769305cc6134c483c7033c20e226596cca2d42b90 WHIRLPOOL c126f4d074b032ccaeef6e5ef747c188f62c2b09cd7cc021facb94a8c6a9412a0169921b35a2371d7644a927ecb4d15c69a353747a4c6c98111823070c9577cd +DIST libewf-20130416.tar.gz 1968288 SHA256 e0f14071665b24a8077a24f4cafbf092ad5ac1859f49994dc4e843e747ba7a89 SHA512 e84e920dfe6e5a313bc165b1796ab9681c5b42fdefc7120b4f1c0f4e42b220d8192e03df2707051cf16f4cc991facdfdbd39042dcfb645ac7a27b549e02bd96e WHIRLPOOL 2afb81706899881d5191fec53409d2445e4ca7c485738eb638ef26eea602a4bf71da1ae56d986c49630dc13b1d287cf9c070c473ed72df0e2e0e8c86b4dffe06 +DIST libewf-20131210.tar.gz 2083286 SHA256 94609b8bfb2fca807c5e2dad0a0517941a1706df96e3ea3c5cd8d6219be14a0e SHA512 c81735dce78dbf1e2f3fff627e2e595a82178469ef32d4ddc16a210c6772a524d0a3dcafa871fdcc9f6e34a6499cfae442862afd727b24a8d460f745677b6afc WHIRLPOOL b15063eb03c73d4b072aad7961a5f73a7155f7a2f09b0d5ce5c648f46a35876be521edd559f21acea02e4136335453a42712d0105be9e495293efcbac1b5a518 +DIST libewf-20140227.tar.gz 2132507 SHA256 34994e588c8322af089bd303676b575231c2215a61a481e7d3ffdc56eaa23df9 SHA512 6a84c4f3660eb6d5a256d06c598817cc49fa73c7c841ec15e7992cb65823d8be0b2e8df5c66edffb9f45f484fa8a757bdb4b9d9b0ec271b7fa94207c7b5cd5f8 WHIRLPOOL cc4ff7339a843e6f3429f242691c713ff6ee8c6ed5724ad8db67567e778c76116d21c9b3e33b1e59f0ff99e02a3ba16bb3c7d2c8a846c1a5ef3eb0222f980bb3 +DIST libewf-20140406.tar.gz 2135248 SHA256 8a142ff823582ef9f2cf51caa7cefbe0d9e967b61d1d455d6646a9381b624f7c SHA512 5c67f66a240091e9d02f068ab28e65f7cf7c04d2c27aee1a2a7948ec9fe6a0011557637657aba1a9fadc5823a8d0595b333ad953d3213361a25fd840c03dcae8 WHIRLPOOL 773054e9ed47d4d6075ee84e9734bb9296dd09121d828bb76daae7fdf5c41cc8fda0cc9b7e8e3d119f9aac792548e0fe204c1432fe6b0e756a807e19b65699fe +DIST libewf-20140427.tar.gz 2136289 SHA256 9237519a3c02da9233713547dc00bcf6291fbaf1c496fdf621783f736074665c SHA512 76c98df903ee5b31718dc4fd8aea129fb4600167a7dce51bdbe1da980bdf9ba37f85fdbb90811d3c4d3143ed602d0514bc6b6f57fc57dce51813bccbee94ca01 WHIRLPOOL ddd3b83d223df48005343ef3edd9d036a085b4e5922d3d8701b4b3775669226a80ef4b6ba604de2a0c5a7db8e1949b875de89902a3363e9f2c407dc3b8482f05 +DIST libewf-20140608.tar.gz 2129518 SHA256 d14030ce6122727935fbd676d0876808da1e112721f3cb108564a4d9bf73da71 SHA512 f77f01e3452027bff71e644708744e0774e1e397c70e2ebd687983730f03ffb01b26fec782bec79971e149caac5029484f3d9073c3a8042df951bfc542fe2436 WHIRLPOOL ab643847cbce6ad9b8de33a82e5ecb27a05f45f55a831e33827eeae010126fa061f9fc0186457bf48f2b6cf1e481b88bfa9f156dab0f46cd40954c1eb25bd477 diff --git a/app-forensics/libewf/libewf-20130128.ebuild b/app-forensics/libewf/libewf-20130128.ebuild new file mode 100644 index 000000000000..5828cb3922ac --- /dev/null +++ b/app-forensics/libewf/libewf-20130128.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="http://libewf.googlecode.com/files/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="amd64 hppa ppc x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python rawio unicode" +IUSE="debug ewf +fuse rawio +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable rawio low-level-functions) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + #if we don't force disable this then it fails to build against new libbfio + --without-libbfio + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/libewf-20130416-r1.ebuild b/app-forensics/libewf/libewf-20130416-r1.ebuild new file mode 100644 index 000000000000..9f470784690b --- /dev/null +++ b/app-forensics/libewf/libewf-20130416-r1.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="http://libewf.googlecode.com/files/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python rawio unicode" +IUSE="bfio debug ewf +fuse rawio +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + bfio? ( =app-forensics/libbfio-0.0.20120425_alpha ) + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable rawio low-level-functions) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + $(use_with bfio libbfio) + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/libewf-20130416.ebuild b/app-forensics/libewf/libewf-20130416.ebuild new file mode 100644 index 000000000000..5828cb3922ac --- /dev/null +++ b/app-forensics/libewf/libewf-20130416.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="http://libewf.googlecode.com/files/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="amd64 hppa ppc x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python rawio unicode" +IUSE="debug ewf +fuse rawio +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable rawio low-level-functions) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + #if we don't force disable this then it fails to build against new libbfio + --without-libbfio + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/libewf-20131210.ebuild b/app-forensics/libewf/libewf-20131210.ebuild new file mode 100644 index 000000000000..773c8cf0169a --- /dev/null +++ b/app-forensics/libewf/libewf-20131210.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="https://googledrive.com/host/0B3fBvzttpiiSMTdoaVExWWNsRjg/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python rawio unicode" +IUSE="bfio debug ewf +fuse rawio +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + bfio? ( =app-forensics/libbfio-0.0.20120425_alpha ) + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable rawio low-level-functions) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + $(use_with bfio libbfio) + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/libewf-20140227.ebuild b/app-forensics/libewf/libewf-20140227.ebuild new file mode 100644 index 000000000000..19fdfa969ed4 --- /dev/null +++ b/app-forensics/libewf/libewf-20140227.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="https://googledrive.com/host/0B3fBvzttpiiSMTdoaVExWWNsRjg/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python unicode" +IUSE="bfio debug ewf +fuse +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + bfio? ( =app-forensics/libbfio-0.0.20120425_alpha ) + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + $(use_with bfio libbfio) + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/libewf-20140406.ebuild b/app-forensics/libewf/libewf-20140406.ebuild new file mode 100644 index 000000000000..19fdfa969ed4 --- /dev/null +++ b/app-forensics/libewf/libewf-20140406.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="https://googledrive.com/host/0B3fBvzttpiiSMTdoaVExWWNsRjg/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python unicode" +IUSE="bfio debug ewf +fuse +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + bfio? ( =app-forensics/libbfio-0.0.20120425_alpha ) + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + $(use_with bfio libbfio) + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/libewf-20140427.ebuild b/app-forensics/libewf/libewf-20140427.ebuild new file mode 100644 index 000000000000..19fdfa969ed4 --- /dev/null +++ b/app-forensics/libewf/libewf-20140427.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="https://googledrive.com/host/0B3fBvzttpiiSMTdoaVExWWNsRjg/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python unicode" +IUSE="bfio debug ewf +fuse +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + bfio? ( =app-forensics/libbfio-0.0.20120425_alpha ) + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + $(use_with bfio libbfio) + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/libewf-20140608.ebuild b/app-forensics/libewf/libewf-20140608.ebuild new file mode 100644 index 000000000000..19fdfa969ed4 --- /dev/null +++ b/app-forensics/libewf/libewf-20140608.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="Implementation of the EWF (SMART and EnCase) image format" +HOMEPAGE="http://code.google.com/p/libewf/" +SRC_URI="https://googledrive.com/host/0B3fBvzttpiiSMTdoaVExWWNsRjg/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/2" +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +# upstream bug #2597171, pyewf has implicit declarations +#IUSE="debug python unicode" +IUSE="bfio debug ewf +fuse +ssl static-libs +uuid unicode zlib" + +DEPEND=" + sys-libs/zlib + bfio? ( =app-forensics/libbfio-0.0.20120425_alpha ) + fuse? ( sys-fs/fuse ) + uuid? ( sys-apps/util-linux ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND}" + +AUTOTOOLS_IN_SOURCE_BUILD=1 + +DOCS=( AUTHORS ChangeLog NEWS README documents/header.txt documents/header2.txt ) + +src_configure() { + local myeconfargs=( + $(use_enable debug debug-output) + $(use_enable debug verbose-output) + $(use_enable ewf v1-api) + $(use_enable unicode wide-character-type) + $(use_with zlib) + # autodetects bzip2 but does not use + --without-bzip2 + $(use_with bfio libbfio) + $(use_with ssl openssl) + $(use_with uuid libuuid) + $(use_with fuse libfuse) + ) + autotools-utils_src_configure +} + +src_install() { + autotools-utils_src_install + doman manuals/*.1 manuals/*.3 +} diff --git a/app-forensics/libewf/metadata.xml b/app-forensics/libewf/metadata.xml new file mode 100644 index 000000000000..8c8acdb43b78 --- /dev/null +++ b/app-forensics/libewf/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>forensics</herd> +<use> + <flag name="bfio">Enables libbfio for chaining file in file handling</flag> + <flag name="rawio">Enables raw IO handling</flag> + <flag name="ewf">Enables the v1 API</flag> + <flag name="fuse">Enable fuse support for ewfmount</flag> + <flag name="uuid">Enable UUID support in the ewftools</flag> +</use> +</pkgmetadata> diff --git a/app-forensics/lynis/Manifest b/app-forensics/lynis/Manifest new file mode 100644 index 000000000000..0bc05dbaab3c --- /dev/null +++ b/app-forensics/lynis/Manifest @@ -0,0 +1,3 @@ +DIST lynis-1.6.4.tar.gz 171953 SHA256 886c74b591706f896149fe74adb481b58c549d32243d0cf620b46dfdd25dc66d SHA512 d0e102e4aac985460125dc26527e7902e9465e844c35253da7cc84e4c8fa19445e4b0b01d0db0b9e0f09c1929839aed33cf4b93f43c3be61490bcf11e2bbfa4b WHIRLPOOL 98275f8b014b70160e83ec6ddf0cdeec8a0e9ef78cc9dedf842a6524dabe3f44c7a42cf787d1180241a9122365cb2e1e908eedf05eab1768237fdb34322790bd +DIST lynis-2.1.0.tar.gz 180493 SHA256 16ed596c8c283b8e4c635ada25ceb042371384ae09b3238a658ca60801a73c24 SHA512 724c9d8d619d05a893197ff5e891056db3e6d4e03a59514499de0fda9134d2387c7c31c8e16fd58d7f3c1de9ce4c00df8f48679e1e27194dbcf6d34f6be94e62 WHIRLPOOL f50c32e36ab6b31bf4f1851e9b77c3f59d08b9f609bdb48c442603e21d61547483a0620de07fbd837c4ed6ffd9fc697e9b4cfcc40c970df9568de9da91e3fb7f +DIST lynis-2.1.1.tar.gz 181099 SHA256 d17b3cbbd305c52b9cd0d5141f41954882f398db44f26c10cb45fdaaa46a99d2 SHA512 03e694611b77cade352972360bd768355b945cf0919e445cb91eaa9801ab7501e533400c7a5b6912720fde0a90db47c3365c1f1c52aef41d84e32d6bbef8bf26 WHIRLPOOL 05a700425b94488ad1078a9c90093a4b250b7233d958183c57531f73b5431fbfb7aff315849c6451a8c2016f68018141917c3502a9cd3f1a2a41f09575ede8cd diff --git a/app-forensics/lynis/files/lynis.cron-new b/app-forensics/lynis/files/lynis.cron-new new file mode 100644 index 000000000000..15a39f1ca235 --- /dev/null +++ b/app-forensics/lynis/files/lynis.cron-new @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/sbin/lynis --checkall --auditor "automated" --cronjob diff --git a/app-forensics/lynis/lynis-1.6.4.ebuild b/app-forensics/lynis/lynis-1.6.4.ebuild new file mode 100644 index 000000000000..70707ad6b96c --- /dev/null +++ b/app-forensics/lynis/lynis-1.6.4.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils bash-completion-r1 + +DESCRIPTION="Security and system auditing tool" +HOMEPAGE="http://cisofy.com/lynis/" +SRC_URI="http://cisofy.com/files/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="" + +DEPEND="" +RDEPEND="app-shells/bash" + +S="${WORKDIR}/${PN}" + +src_prepare() { + # Bug 507438 + epatch_user +} + +src_install() { + doman lynis.8 + dodoc CHANGELOG FAQ README + + # Remove the old one during the next stabilize progress + exeinto /etc/cron.daily + newexe "${FILESDIR}"/lynis.cron-new lynis + + dobashcomp extras/bash_completion.d/lynis + + # stricter default perms - bug 507436 + diropts -m0700 + insopts -m0600 + + insinto /usr/share/${PN} + doins -r db/ include/ plugins/ + + dosbin lynis + + insinto /etc/${PN} + doins default.prf +} + +pkg_postinst() { + einfo + einfo "A cron script has been installed to ${ROOT}etc/cron.daily/lynis." + einfo +} diff --git a/app-forensics/lynis/lynis-2.1.0.ebuild b/app-forensics/lynis/lynis-2.1.0.ebuild new file mode 100644 index 000000000000..30639f93b1eb --- /dev/null +++ b/app-forensics/lynis/lynis-2.1.0.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils bash-completion-r1 + +DESCRIPTION="Security and system auditing tool" +HOMEPAGE="http://cisofy.com/lynis/" +SRC_URI="http://cisofy.com/files/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND="" +RDEPEND="app-shells/bash" + +S="${WORKDIR}/${PN}" + +src_prepare() { + # Bug 507438 + epatch_user +} + +src_install() { + doman lynis.8 + dodoc CHANGELOG FAQ README + + # Remove the old one during the next stabilize progress + exeinto /etc/cron.daily + newexe "${FILESDIR}"/lynis.cron-new lynis + + dobashcomp extras/bash_completion.d/lynis + + # stricter default perms - bug 507436 + diropts -m0700 + insopts -m0600 + + insinto /usr/share/${PN} + doins -r db/ include/ plugins/ + + dosbin lynis + + insinto /etc/${PN} + doins default.prf +} + +pkg_postinst() { + einfo + einfo "A cron script has been installed to ${ROOT}etc/cron.daily/lynis." + einfo +} diff --git a/app-forensics/lynis/lynis-2.1.1.ebuild b/app-forensics/lynis/lynis-2.1.1.ebuild new file mode 100644 index 000000000000..30639f93b1eb --- /dev/null +++ b/app-forensics/lynis/lynis-2.1.1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils bash-completion-r1 + +DESCRIPTION="Security and system auditing tool" +HOMEPAGE="http://cisofy.com/lynis/" +SRC_URI="http://cisofy.com/files/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND="" +RDEPEND="app-shells/bash" + +S="${WORKDIR}/${PN}" + +src_prepare() { + # Bug 507438 + epatch_user +} + +src_install() { + doman lynis.8 + dodoc CHANGELOG FAQ README + + # Remove the old one during the next stabilize progress + exeinto /etc/cron.daily + newexe "${FILESDIR}"/lynis.cron-new lynis + + dobashcomp extras/bash_completion.d/lynis + + # stricter default perms - bug 507436 + diropts -m0700 + insopts -m0600 + + insinto /usr/share/${PN} + doins -r db/ include/ plugins/ + + dosbin lynis + + insinto /etc/${PN} + doins default.prf +} + +pkg_postinst() { + einfo + einfo "A cron script has been installed to ${ROOT}etc/cron.daily/lynis." + einfo +} diff --git a/app-forensics/lynis/metadata.xml b/app-forensics/lynis/metadata.xml new file mode 100644 index 000000000000..e6aa47785764 --- /dev/null +++ b/app-forensics/lynis/metadata.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>forensics</herd> +<maintainer> + <email>idl0r@gentoo.org</email> + <name>Christian Ruppert</name> +</maintainer> +</pkgmetadata> diff --git a/app-forensics/mac-robber/Manifest b/app-forensics/mac-robber/Manifest new file mode 100644 index 000000000000..88eb728336c1 --- /dev/null +++ b/app-forensics/mac-robber/Manifest @@ -0,0 +1 @@ +DIST mac-robber-1.02.tar.gz 11708 SHA256 5895d332ec8d87e15f21441c61545b7f68830a2ee2c967d381773bd08504806d SHA512 5330f766eb08aa766ca3f430684e0a40ecf29b7230a582c30a36bbaaa481d52c2a8519fa04e82762f09259ada9e77466c1430aebdff22615a511d519916d54a7 WHIRLPOOL e289325435b654c67874888d9cf08b07a2bc412610ffefaaf4fbd90da0060f42f131c215479463cc7f004a3d2d27af5fdbbbf05ac8d7f67f3fc3396874713c99 diff --git a/app-forensics/mac-robber/mac-robber-1.02.ebuild b/app-forensics/mac-robber/mac-robber-1.02.ebuild new file mode 100644 index 000000000000..d013b7e0ab29 --- /dev/null +++ b/app-forensics/mac-robber/mac-robber-1.02.ebuild @@ -0,0 +1,29 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit toolchain-funcs + +DESCRIPTION="mac-robber is a digital forensics and incident response tool that collects data" +HOMEPAGE="http://www.sleuthkit.org/mac-robber/index.php" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc x86" +IUSE="" + +src_prepare() { + sed -i -e 's:$(GCC_CFLAGS):\0 $(LDFLAGS):' Makefile || die +} + +src_compile() { + emake CC="$(tc-getCC)" GCC_OPT="${CFLAGS}" +} + +src_install() { + dobin mac-robber + dodoc CHANGES README +} diff --git a/app-forensics/mac-robber/metadata.xml b/app-forensics/mac-robber/metadata.xml new file mode 100644 index 000000000000..52de7337b30e --- /dev/null +++ b/app-forensics/mac-robber/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <longdescription> +mac-robber is a digital forensics and incident response tool that collects data from allocated files in a mounted file system. +The data can be used by the mactime tool in The Sleuth Kit to make a timeline of file activity. The mac-robber tool is based on +the grave-robber tool from TCT and is written in C instead of Perl. + +mac-robber requires that the file system be mounted by the operating system, unlike the tools in The Sleuth Kit that process the +file system themselves. Therefore, mac-robber will not collect data from deleted files or files that have been hidden by +rootkits. mac-robber will also modify the Access times on directories that are mounted with write permissions. + + +"What is mac-robber good for then", you ask? mac-robber is useful when dealing with a file system that is not supported by The +Sleuth Kit or other forensic tools. mac-robber is very basic C and should compile on any UNIX system. Therefore, you can run +mac-robber on an obscure, suspect UNIX file system that has been mounted read-only on a trusted system. I have also used +mac-robber during investigations of common UNIX systems such as AIX. +</longdescription> + <upstream> + <remote-id type="sourceforge">mac-robber</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/magicrescue/Manifest b/app-forensics/magicrescue/Manifest new file mode 100644 index 000000000000..7d700c44f7be --- /dev/null +++ b/app-forensics/magicrescue/Manifest @@ -0,0 +1 @@ +DIST magicrescue-1.1.9.tar.gz 92621 SHA256 a920b174efd664afe9760a43700588c9c5e6182cb13d7421e07ab613bceeb3c7 SHA512 3c0b97357f0d354dcf53045bbdf2ce81c451ae20c451d2d72dc8b2dbcc480cf48ab436494c0cca20c99f32c938c525074a561cbc779a580a648c674c150a7cc2 WHIRLPOOL 3aa09237ac22ab1235d87a271f3b819faab2fa46ef7280676cd35625b1e9e342dee8bf71308c22e3d8cc1ba2e901894ce9919a20687350e079d4b333d188d908 diff --git a/app-forensics/magicrescue/files/magicrescue-1.1.9-ldflags.patch b/app-forensics/magicrescue/files/magicrescue-1.1.9-ldflags.patch new file mode 100644 index 000000000000..96818c3d58ed --- /dev/null +++ b/app-forensics/magicrescue/files/magicrescue-1.1.9-ldflags.patch @@ -0,0 +1,50 @@ +diff -Naurd magicrescue-1.1.9/Makefile.in magicrescue-1.1.9.new//Makefile.in +--- magicrescue-1.1.9/Makefile.in 2008-06-27 00:24:06.000000000 +0400 ++++ magicrescue-1.1.9.new//Makefile.in 2012-05-13 07:57:59.000000000 +0400 +@@ -21,7 +21,7 @@ + $(CC) -o $@ $(LDFLAGS) $(MAGICRESCUE_OBJS) + + dupemap: $(DUPEMAP_OBJS) +- $(CC) -o $@ $(LDFLAGS) $(DBM_LDFLAGS) $(DUPEMAP_OBJS) ++ $(CC) -o $@ $(LDFLAGS) $(DUPEMAP_OBJS) $(DBM_LDFLAGS) + + tools/inputseek: $(INPUTSEEK_OBJS) + $(CC) -o $@ $(LDFLAGS) $(INPUTSEEK_OBJS) +diff -Naurd magicrescue-1.1.9/config.d/50dbm magicrescue-1.1.9.new//config.d/50dbm +--- magicrescue-1.1.9/config.d/50dbm 2008-06-27 00:24:05.000000000 +0400 ++++ magicrescue-1.1.9.new//config.d/50dbm 2012-05-13 07:56:16.000000000 +0400 +@@ -14,18 +14,14 @@ + flag="`echo $flag|sed 's/./-l&/'`" + echo "trying to link with flags [$flag]" >&5 + +- bak_LDFLAGS="$LDFLAGS" +- LDFLAGS="$LDFLAGS $flag" ++ LIBS="$flag" + if conftest_link; then + # we found it! +- LDFLAGS="$bak_LDFLAGS" + DBM_LDFLAGS="$flag" + env_vars="$env_vars DBM_LDFLAGS" + echo "#define $dbmdef" >> config.h + echo "#define HAVE_NDBM" >> config.h + return 0 +- else +- LDFLAGS="$bak_LDFLAGS" + fi + done + +diff -Naurd magicrescue-1.1.9/configure magicrescue-1.1.9.new//configure +--- magicrescue-1.1.9/configure 2008-06-27 00:24:06.000000000 +0400 ++++ magicrescue-1.1.9.new//configure 2012-05-13 07:56:16.000000000 +0400 +@@ -63,9 +63,9 @@ + } + + conftest_link() { +- echo "$CC -o conftest $LDFLAGS conftest.o" >&5 ++ echo "$CC -o conftest $LDFLAGS conftest.o $LIBS" >&5 + echo >&5 +- $CC -o conftest $LDFLAGS conftest.o >&5 2>&5 \ ++ $CC -o conftest $LDFLAGS conftest.o $LIBS >&5 2>&5 \ + && [ -x conftest ] && ./conftest 2>&5 + } + diff --git a/app-forensics/magicrescue/files/magicrescue-1.1.9-makefile.patch b/app-forensics/magicrescue/files/magicrescue-1.1.9-makefile.patch new file mode 100644 index 000000000000..3f57b1303c6e --- /dev/null +++ b/app-forensics/magicrescue/files/magicrescue-1.1.9-makefile.patch @@ -0,0 +1,52 @@ +--- magicrescue-1.1.9/Makefile.in.orig ++++ magicrescue-1.1.9/Makefile.in +@@ -57,34 +57,31 @@ + maintainer-clean: distclean docs-clean + + install: all +- [ -d $(PREFIX) ] ++ mkdir -p $(DESTDIR)$(PREFIX)/share/magicrescue/tools \ ++ $(DESTDIR)$(PREFIX)/share/magicrescue/recipes \ ++ $(DESTDIR)$(PREFIX)/share/man/man1 \ ++ $(DESTDIR)$(PREFIX)/bin + +- mkdir -p $(PREFIX)/share/magicrescue/tools \ +- $(PREFIX)/share/magicrescue/recipes \ +- $(PREFIX)/man/man1 \ +- $(PREFIX)/bin +- +- cp magicrescue$(EXE) dupemap$(EXE) magicsort $(PREFIX)/bin/ +- cp recipes/* $(PREFIX)/share/magicrescue/recipes/ +- cp $(DOCS) $(PREFIX)/man/man1 ++ cp magicrescue$(EXE) dupemap$(EXE) magicsort $(DESTDIR)$(PREFIX)/bin ++ cp recipes/* $(DESTDIR)$(PREFIX)/share/magicrescue/recipes/ ++ cp $(DOCS) $(DESTDIR)$(PREFIX)/share/man/man1 + + for f in tools/*; do \ + if [ -x "$$f" ]; then \ +- cp -f "$$f" $(PREFIX)/share/magicrescue/tools/; \ ++ cp -f "$$f" $(DESTDIR)$(PREFIX)/share/magicrescue/tools/; \ + fi; \ + done + + uninstall: +- [ -d $(PREFIX) ] +- rm -f $(PREFIX)/bin/magicrescue$(EXE) +- rm -f $(PREFIX)/bin/dupemap$(EXE) +- rm -f $(PREFIX)/bin/magicsort ++ rm -f $(DESTDIR)$(PREFIX)/bin/magicrescue$(EXE) ++ rm -f $(DESTDIR)$(PREFIX)/bin/dupemap$(EXE) ++ rm -f $(DESTDIR)$(PREFIX)/bin/magicsort + for f in $(DOCS); do \ +- rm -f "$(PREFIX)/man/man1/`basename $$f`"; \ ++ rm -f "$(DESTDIR)$(PREFIX)/share/man/man1/`basename $$f`"; \ + done +- rm -rf $(PREFIX)/share/magicrescue/tools +- rm -rf $(PREFIX)/share/magicrescue/recipes +- -rmdir $(PREFIX)/share/magicrescue ++ rm -rf $(DESTDIR)$(PREFIX)/share/magicrescue/tools ++ rm -rf $(DESTDIR)$(PREFIX)/share/magicrescue/recipes ++ -rmdir $(DESTDIR)$(PREFIX)/share/magicrescue + + .PHONY: all clean distclean docs-clean maintainer-clean install uninstall docs + diff --git a/app-forensics/magicrescue/magicrescue-1.1.9.ebuild b/app-forensics/magicrescue/magicrescue-1.1.9.ebuild new file mode 100644 index 000000000000..2f759d32f2a8 --- /dev/null +++ b/app-forensics/magicrescue/magicrescue-1.1.9.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit eutils toolchain-funcs + +DESCRIPTION="Find deleted files in block devices" +HOMEPAGE="http://www.itu.dk/people/jobr/magicrescue/" +SRC_URI="http://www.itu.dk/people/jobr/magicrescue/release/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="" + +DEPEND="|| ( sys-libs/gdbm sys-libs/db )" +RDEPEND="${DEPEND}" + +src_prepare() { + epatch "${FILESDIR}"/${P}-makefile.patch + epatch "${FILESDIR}"/${P}-ldflags.patch + tc-export CC +} + +src_configure() { + # Not autotools, just looks like it sometimes + ./configure --prefix=/usr || die +} diff --git a/app-forensics/magicrescue/metadata.xml b/app-forensics/magicrescue/metadata.xml new file mode 100644 index 000000000000..551acf5d4f41 --- /dev/null +++ b/app-forensics/magicrescue/metadata.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>forensics</herd> +<longdescription> +Magic Rescue scans a block device for file types it knows how to recover and calls an external program to extract them. It looks +at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or +partition. As long as the file data is there, it will find it. + +It works on any file system, but on very fragmented file systems it can only recover the first chunk of each file. Practical +experience (this program was not written for fun) shows, however, that chunks of 30-50MB are not uncommon. +</longdescription> +</pkgmetadata> diff --git a/app-forensics/memdump/Manifest b/app-forensics/memdump/Manifest new file mode 100644 index 000000000000..0d33b798e661 --- /dev/null +++ b/app-forensics/memdump/Manifest @@ -0,0 +1 @@ +DIST memdump-1.01.tar.gz 12713 SHA256 76de8ff167d0779d6c3b2f2f52ca9d1cc22af179c51e976fe6e3b9a5d1e5799f SHA512 46d013f812b0a5807c7ba38d6c3940e105057ba8e64b4f45b75a0800cab212d164caf881efbc1958d5c5c239236fdcb61f6fe093886ff3e28bc0b70791aaee3e WHIRLPOOL ae6e44d186a03b3b869473ec12a0bf1869d1e187c4e51092f370462ccdd1f20c5fa717ffcede808c04651444f8f1ed90515480d3400e6fd4c73d8bf9e73da5e7 diff --git a/app-forensics/memdump/files/memdump-1.01-linux3.patch b/app-forensics/memdump/files/memdump-1.01-linux3.patch new file mode 100644 index 000000000000..55563c4e077a --- /dev/null +++ b/app-forensics/memdump/files/memdump-1.01-linux3.patch @@ -0,0 +1,24 @@ +--- memdump-1.01.orig/makedefs ++++ memdump-1.01/makedefs +@@ -30,9 +30,7 @@ + SunOS.5*) DEFS="-DSUNOS5 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" + RANLIB=":" + ;; +- Linux.2.4*) DEFS="-DLINUX2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" +- ;; +- Linux.2*) DEFS="-DLINUX2" ++ Linux.*) DEFS="-DLINUX -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" + ;; + *) echo unsupported system: $SYSTEM.$RELEASE 1>&2; exit 1 + ;; +--- memdump-1.01.orig/memdump.c ++++ memdump-1.01/memdump.c +@@ -118,7 +118,7 @@ + #define SUPPORTED + #endif + +-#ifdef LINUX2 ++#ifdef LINUX + #include <paths.h> + #define GETPAGESIZE getpagesize + #define SUPPORTED diff --git a/app-forensics/memdump/memdump-1.01.ebuild b/app-forensics/memdump/memdump-1.01.ebuild new file mode 100644 index 000000000000..2537da5b9357 --- /dev/null +++ b/app-forensics/memdump/memdump-1.01.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit toolchain-funcs eutils + +DESCRIPTION="Simple memory dumper for UNIX-Like systems" +HOMEPAGE="http://www.porcupine.org/forensics" +SRC_URI="http://www.porcupine.org/forensics/${P}.tar.gz" + +LICENSE="IBM" +SLOT="0" +KEYWORDS="amd64 ppc x86" +IUSE="" + +src_prepare() { + sed -i -e 's:$(CFLAGS):\0 $(LDFLAGS):' Makefile || die + epatch "${FILESDIR}"/${P}-linux3.patch +} + +src_compile() { + emake CC="$(tc-getCC)" XFLAGS="${CFLAGS}" OPT= DEBUG= +} + +src_test() { + if [[ ${EUID} -ne 0 ]]; + then + einfo "Cannot test with FEATURES=userpriv" + elif [ -x /bin/wc ]; + then + einfo "testing" + if [ "`./memdump -s 344 | wc -c`" = "344" ]; + then + einfo "passed test" + else + die "failed test" + fi + fi +} + +src_install() { + dosbin memdump + dodoc README + doman memdump.1 +} diff --git a/app-forensics/memdump/metadata.xml b/app-forensics/memdump/metadata.xml new file mode 100644 index 000000000000..2ff523b91b12 --- /dev/null +++ b/app-forensics/memdump/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>forensics</herd> +</pkgmetadata> diff --git a/app-forensics/metadata.xml b/app-forensics/metadata.xml new file mode 100644 index 000000000000..c0d98da0e1f3 --- /dev/null +++ b/app-forensics/metadata.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE catmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<catmetadata> + <longdescription lang="en"> + The app-forensics category contains software which helps detect and + analyse security breaches. + </longdescription> + <longdescription lang="de"> + Die Kategorie app-forensics enthält Programme welche beim Erkennen + und Analysieren von Sicherheitsbrüchen helfen. + </longdescription> + <longdescription lang="es"> + La categoría app-forensics contiene programas para ayudar a detectar + y analizar problemas de seguridad. + </longdescription> + <longdescription lang="ja"> + app-forensicsカテゴリには安全保侵犯を捜し当てると取調べる + ソフトウェアが含まれます。 + </longdescription> + <longdescription lang="nl"> + De app-forensics categorie bevat applicaties voor het detecteren en + analyseren van inbreuken op de veiligheid van het systeem. + </longdescription> + <longdescription lang="vi"> + Nhóm app-forensics chứa các phần mềm hỗ trợ dò tìm, + phân tích các lỗ hổng bảo mật. + </longdescription> + <longdescription lang="it"> + La categoria app-forensics contiene programmi che aiutono a trovare + ed analizzare problemi di sicurezza. + </longdescription> + <longdescription lang="pt"> + A categoria app-forensics contém programas que ajudam a detectar + e analisar problemas de segurança. + </longdescription> + <longdescription lang="pl"> + Kategoria app-forensics zawiera oprogramowanie ułatwiające + przeprowadzanie audytu bezpieczeństwa systemu. + </longdescription> +</catmetadata> + diff --git a/app-forensics/openscap/Manifest b/app-forensics/openscap/Manifest new file mode 100644 index 000000000000..5c0f590b58cd --- /dev/null +++ b/app-forensics/openscap/Manifest @@ -0,0 +1,5 @@ +DIST openscap-1.0.8.tar.gz 13576237 SHA256 5dc420eaf4202d09619abd9f6247ab6db4f7d520a69c27984ba53fcaf1e31b9e SHA512 58fcc90198f82572505fd907351edc9d9609bc036c0cd1c0ab433056eea70a0baf362c811ab7990b8766ef6090a2a0a600803a9c3537d1867c56304d91fe20ff WHIRLPOOL b9d55acf06413db7953ed1d6200856bce6c787d9eda31e76375da43bf886d9b025bc59368f5824e3c6431a4697095a61dc7f6f8a87cd888a774344f86b2a9e9d +DIST openscap-1.1.1.tar.gz 13722034 SHA256 510489099242f655bdff9f8f6641692ed0d035bf05f00f4ed8072b2e028aaf99 SHA512 86cd695098a749fb0ef29233a7bafde6d76379fd891cfc0bcc90e222e228a6968d3a2755a71a0115ed208408ee2f8316fbaf9714de9e3bb0c6a6535407a043b9 WHIRLPOOL e28464332f8e78519519766ef9e1cba509d54cc78cf2e23b1de043d9d68ff641426496b25a02a0da5c363ebd5470af705772b7ad81abad7308eaef8d89e9f568 +DIST openscap-1.2.0.tar.gz 14308605 SHA256 88329ebf23e7c7d063cdb5615fe1f68b18fb436a0df81307c5acc3b5963d7cec SHA512 1c290e0c20382c45da7d1c12ae69d33a71c04b34db39843805401b74f6bc392b10e2b401e0e8f4a62deef19d99254eadcc3b9702c2d5c12967ca9616f02cf2ed WHIRLPOOL 8ae5791dbfd5e4602f8deab12ae28bd93ed1d96f20314a968fb26d925382169e3a9cbf550f14c6c6c24ca86b0cd2268e3ebd713da3b8dad2f5cd55a403d74564 +DIST openscap-1.2.1.tar.gz 14338019 SHA256 6f7fdc579c4c27554cc3ec99a4f16381b719faa8c9b3ea09575d872a2c46eedb SHA512 e5bafe18708c76f223ec69a22da0b06b68546fd3eb9b370784ebff984308b60d02c89d6af24eefea87d16764fee760b70b5bf9eab2e88e7285e8f0d1d60232c9 WHIRLPOOL acd6cd094cf90ed1d9c7270104186ddebfed17ff0480b137653ee8e644aa031985960ad072c7b9d3880d8461ecfd6855cc842cba7665befdb9751c639538646c +DIST openscap-1.2.5.tar.gz 14513153 SHA256 7e0c56c108ff3042fd6a6650a808553de15e4dfc7ccc9fcdd6a839de827c47ed SHA512 abeafafeaedd60ca08b52b981f83d458bc972894fc466d7cff29170b578a023f314bd330d7c812d838e09cad567ddc5daafa7e46e4b9a0db76451114d98d17ca WHIRLPOOL 703c6467aa19384f6c50bf0cb465ad2a21c724892e8d7db1f1439992dff939933ff4c48d049bddfddd97599618aee0b27c51596e2f84778707257092273897db diff --git a/app-forensics/openscap/metadata.xml b/app-forensics/openscap/metadata.xml new file mode 100644 index 000000000000..6537c58a4650 --- /dev/null +++ b/app-forensics/openscap/metadata.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>proxy-maintainers</herd> +<maintainer> +<email>clabbe.montjoie@gmail.com</email> +<name>LABBE Corentin (Montjoie)</name> +<description>Maintainer</description> +</maintainer> +<use> +<flag name="gconf">Build the gconf independant probes</flag> +<flag name="nss">Prefer NSS over libgcrypt as the crypto engine</flag> +<flag name="rpm">Compiles the RPM probes</flag> +<flag name="sce">Enables Script Check Engine (SCE) support</flag> +<flag name="sql">Build the sql independant probes</flag> +</use> +<longdescription lang="en"> +</longdescription> +</pkgmetadata> + diff --git a/app-forensics/openscap/openscap-1.0.8-r1.ebuild b/app-forensics/openscap/openscap-1.0.8-r1.ebuild new file mode 100644 index 000000000000..9b2f5ec4ceb3 --- /dev/null +++ b/app-forensics/openscap/openscap-1.0.8-r1.ebuild @@ -0,0 +1,139 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) + +inherit bash-completion-r1 eutils multilib python-single-r1 + +DESCRIPTION="Framework which enables integration with the Security Content Automation Protocol (SCAP)" +HOMEPAGE="http://www.open-scap.org/" +SRC_URI="https://fedorahosted.org/releases/o/p/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl caps debug doc gconf ldap nss pcre perl python rpm selinux sce sql test xattr" +#RESTRICT="test" + +RDEPEND="!nss? ( dev-libs/libgcrypt:0 ) + nss? ( dev-libs/nss ) + acl? ( virtual/acl ) + caps? ( sys-libs/libcap ) + gconf? ( gnome-base/gconf ) + ldap? ( net-nds/openldap ) + pcre? ( dev-libs/libpcre ) + rpm? ( >=app-arch/rpm-4.9 ) + sql? ( dev-db/opendbx ) + xattr? ( sys-apps/attr ) + dev-libs/libpcre + dev-libs/libxml2 + dev-libs/libxslt + net-misc/curl + ${PYTHON_DEPS}" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + perl? ( dev-lang/swig ) + python? ( dev-lang/swig ) + test? ( + app-arch/unzip + dev-perl/XML-XPath + net-misc/ipcalc + sys-apps/grep )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +src_prepare() { +# uncoment for debugging test +# sed -i 's,set -e,&;set -x,' tests/API/XCCDF/unittests/test_remediate_simple.sh || die +# sed -i 's,^ bash, LC_ALL=C bash,' tests/probes/process/test_probes_process.sh || die + + sed -i 's/uname -p/uname -m/' tests/probes/uname/test_probes_uname.xml.sh || die + + #probe runlevel for non-centos/redhat/fedora is not implemented + sed -i 's,.*runlevel_test.*,echo "runlevel test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,probecheck "runlevel,probecheck "runlevellllll,' tests/probes/runlevel/test_probes_runlevel.sh || die + + #According to comment of theses tests, we must modify it. For the moment disable it + sed -i 's,.*linux-def_inetlisteningservers_test,#&,' tests/mitre/test_mitre.sh || die + sed -i 's,.*ind-def_environmentvariable_test,#&,' tests/mitre/test_mitre.sh || die + + # theses tests are hardcoded for checking hald process..., + # but no good solution for the moment, disabling them with a fake echo + # because encased in a if then +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process_test.xml || die +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process58_test.xml || die + sed -i 's,.*process_test.*,echo "process test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,.*process58_test.*,echo "process58 test bypassed",' tests/mitre/test_mitre.sh || die + + #This test fail + sed -i 's,.*generate report: xccdf,#&,' tests/API/XCCDF/unittests/all.sh || die + + if ! use rpm ; then + sed -i 's,probe_rpminfo_req_deps_ok=yes,probe_rpminfo_req_deps_ok=no,' configure || die + sed -i 's,probe_rpminfo_opt_deps_ok=yes,probe_rpminfo_opt_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_req_deps_ok=yes,probe_rpmverify_req_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_opt_deps_ok=yes,probe_rpmverify_opt_deps_ok=no,' configure || die + sed -i 's,^probe_rpm.*_deps_missing=,&disabled_by_USE_flag,' configure || die + sed -i 's,.*rpm.*,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use selinux ; then + einfo "Disabling SELinux probes" + sed -i 's,.*selinux.*, echo "SELinux test bypassed",' tests/mitre/test_mitre.sh || die + #process58 need selinux + sed -i 's,.*process58,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use ldap; then + einfo "Disabling LDAP probes" + sed -i 's,ldap.h,ldapp.h,g' configure || die + fi + + epatch_user +} + +src_configure() { + python_setup + local myconf + if use debug ; then + myconf+=" --enable-debug" + fi + if use python ; then + myconf+=" --enable-python" + else + myconf+=" --enable-python=no" + fi + if use perl ; then + myconf+=" --enable-perl" + fi + if use nss ; then + myconf+=" --with-crypto=nss3" + else + myconf+=" --with-crypto=gcrypt" + fi + if use sce ; then + myconf+=" --enable-sce" + else + myconf+=" --enable-sce=no" + fi + econf ${myconf} +} + +src_compile() { + emake + if use doc ; then + cd docs && doxygen Doxyfile || die + fi +} + +src_install() { + emake install DESTDIR="${D}" + prune_libtool_files --all + if use doc ; then + dohtml -r docs/html/. + dodoc docs/examples/. + fi + dobashcomp "${D}"/etc/bash_completion.d/oscap + rm -rf "${D}"/etc/bash_completion.d || die +} diff --git a/app-forensics/openscap/openscap-1.1.1.ebuild b/app-forensics/openscap/openscap-1.1.1.ebuild new file mode 100644 index 000000000000..9b2f5ec4ceb3 --- /dev/null +++ b/app-forensics/openscap/openscap-1.1.1.ebuild @@ -0,0 +1,139 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) + +inherit bash-completion-r1 eutils multilib python-single-r1 + +DESCRIPTION="Framework which enables integration with the Security Content Automation Protocol (SCAP)" +HOMEPAGE="http://www.open-scap.org/" +SRC_URI="https://fedorahosted.org/releases/o/p/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl caps debug doc gconf ldap nss pcre perl python rpm selinux sce sql test xattr" +#RESTRICT="test" + +RDEPEND="!nss? ( dev-libs/libgcrypt:0 ) + nss? ( dev-libs/nss ) + acl? ( virtual/acl ) + caps? ( sys-libs/libcap ) + gconf? ( gnome-base/gconf ) + ldap? ( net-nds/openldap ) + pcre? ( dev-libs/libpcre ) + rpm? ( >=app-arch/rpm-4.9 ) + sql? ( dev-db/opendbx ) + xattr? ( sys-apps/attr ) + dev-libs/libpcre + dev-libs/libxml2 + dev-libs/libxslt + net-misc/curl + ${PYTHON_DEPS}" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + perl? ( dev-lang/swig ) + python? ( dev-lang/swig ) + test? ( + app-arch/unzip + dev-perl/XML-XPath + net-misc/ipcalc + sys-apps/grep )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +src_prepare() { +# uncoment for debugging test +# sed -i 's,set -e,&;set -x,' tests/API/XCCDF/unittests/test_remediate_simple.sh || die +# sed -i 's,^ bash, LC_ALL=C bash,' tests/probes/process/test_probes_process.sh || die + + sed -i 's/uname -p/uname -m/' tests/probes/uname/test_probes_uname.xml.sh || die + + #probe runlevel for non-centos/redhat/fedora is not implemented + sed -i 's,.*runlevel_test.*,echo "runlevel test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,probecheck "runlevel,probecheck "runlevellllll,' tests/probes/runlevel/test_probes_runlevel.sh || die + + #According to comment of theses tests, we must modify it. For the moment disable it + sed -i 's,.*linux-def_inetlisteningservers_test,#&,' tests/mitre/test_mitre.sh || die + sed -i 's,.*ind-def_environmentvariable_test,#&,' tests/mitre/test_mitre.sh || die + + # theses tests are hardcoded for checking hald process..., + # but no good solution for the moment, disabling them with a fake echo + # because encased in a if then +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process_test.xml || die +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process58_test.xml || die + sed -i 's,.*process_test.*,echo "process test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,.*process58_test.*,echo "process58 test bypassed",' tests/mitre/test_mitre.sh || die + + #This test fail + sed -i 's,.*generate report: xccdf,#&,' tests/API/XCCDF/unittests/all.sh || die + + if ! use rpm ; then + sed -i 's,probe_rpminfo_req_deps_ok=yes,probe_rpminfo_req_deps_ok=no,' configure || die + sed -i 's,probe_rpminfo_opt_deps_ok=yes,probe_rpminfo_opt_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_req_deps_ok=yes,probe_rpmverify_req_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_opt_deps_ok=yes,probe_rpmverify_opt_deps_ok=no,' configure || die + sed -i 's,^probe_rpm.*_deps_missing=,&disabled_by_USE_flag,' configure || die + sed -i 's,.*rpm.*,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use selinux ; then + einfo "Disabling SELinux probes" + sed -i 's,.*selinux.*, echo "SELinux test bypassed",' tests/mitre/test_mitre.sh || die + #process58 need selinux + sed -i 's,.*process58,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use ldap; then + einfo "Disabling LDAP probes" + sed -i 's,ldap.h,ldapp.h,g' configure || die + fi + + epatch_user +} + +src_configure() { + python_setup + local myconf + if use debug ; then + myconf+=" --enable-debug" + fi + if use python ; then + myconf+=" --enable-python" + else + myconf+=" --enable-python=no" + fi + if use perl ; then + myconf+=" --enable-perl" + fi + if use nss ; then + myconf+=" --with-crypto=nss3" + else + myconf+=" --with-crypto=gcrypt" + fi + if use sce ; then + myconf+=" --enable-sce" + else + myconf+=" --enable-sce=no" + fi + econf ${myconf} +} + +src_compile() { + emake + if use doc ; then + cd docs && doxygen Doxyfile || die + fi +} + +src_install() { + emake install DESTDIR="${D}" + prune_libtool_files --all + if use doc ; then + dohtml -r docs/html/. + dodoc docs/examples/. + fi + dobashcomp "${D}"/etc/bash_completion.d/oscap + rm -rf "${D}"/etc/bash_completion.d || die +} diff --git a/app-forensics/openscap/openscap-1.2.0.ebuild b/app-forensics/openscap/openscap-1.2.0.ebuild new file mode 100644 index 000000000000..9b2f5ec4ceb3 --- /dev/null +++ b/app-forensics/openscap/openscap-1.2.0.ebuild @@ -0,0 +1,139 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) + +inherit bash-completion-r1 eutils multilib python-single-r1 + +DESCRIPTION="Framework which enables integration with the Security Content Automation Protocol (SCAP)" +HOMEPAGE="http://www.open-scap.org/" +SRC_URI="https://fedorahosted.org/releases/o/p/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl caps debug doc gconf ldap nss pcre perl python rpm selinux sce sql test xattr" +#RESTRICT="test" + +RDEPEND="!nss? ( dev-libs/libgcrypt:0 ) + nss? ( dev-libs/nss ) + acl? ( virtual/acl ) + caps? ( sys-libs/libcap ) + gconf? ( gnome-base/gconf ) + ldap? ( net-nds/openldap ) + pcre? ( dev-libs/libpcre ) + rpm? ( >=app-arch/rpm-4.9 ) + sql? ( dev-db/opendbx ) + xattr? ( sys-apps/attr ) + dev-libs/libpcre + dev-libs/libxml2 + dev-libs/libxslt + net-misc/curl + ${PYTHON_DEPS}" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + perl? ( dev-lang/swig ) + python? ( dev-lang/swig ) + test? ( + app-arch/unzip + dev-perl/XML-XPath + net-misc/ipcalc + sys-apps/grep )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +src_prepare() { +# uncoment for debugging test +# sed -i 's,set -e,&;set -x,' tests/API/XCCDF/unittests/test_remediate_simple.sh || die +# sed -i 's,^ bash, LC_ALL=C bash,' tests/probes/process/test_probes_process.sh || die + + sed -i 's/uname -p/uname -m/' tests/probes/uname/test_probes_uname.xml.sh || die + + #probe runlevel for non-centos/redhat/fedora is not implemented + sed -i 's,.*runlevel_test.*,echo "runlevel test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,probecheck "runlevel,probecheck "runlevellllll,' tests/probes/runlevel/test_probes_runlevel.sh || die + + #According to comment of theses tests, we must modify it. For the moment disable it + sed -i 's,.*linux-def_inetlisteningservers_test,#&,' tests/mitre/test_mitre.sh || die + sed -i 's,.*ind-def_environmentvariable_test,#&,' tests/mitre/test_mitre.sh || die + + # theses tests are hardcoded for checking hald process..., + # but no good solution for the moment, disabling them with a fake echo + # because encased in a if then +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process_test.xml || die +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process58_test.xml || die + sed -i 's,.*process_test.*,echo "process test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,.*process58_test.*,echo "process58 test bypassed",' tests/mitre/test_mitre.sh || die + + #This test fail + sed -i 's,.*generate report: xccdf,#&,' tests/API/XCCDF/unittests/all.sh || die + + if ! use rpm ; then + sed -i 's,probe_rpminfo_req_deps_ok=yes,probe_rpminfo_req_deps_ok=no,' configure || die + sed -i 's,probe_rpminfo_opt_deps_ok=yes,probe_rpminfo_opt_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_req_deps_ok=yes,probe_rpmverify_req_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_opt_deps_ok=yes,probe_rpmverify_opt_deps_ok=no,' configure || die + sed -i 's,^probe_rpm.*_deps_missing=,&disabled_by_USE_flag,' configure || die + sed -i 's,.*rpm.*,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use selinux ; then + einfo "Disabling SELinux probes" + sed -i 's,.*selinux.*, echo "SELinux test bypassed",' tests/mitre/test_mitre.sh || die + #process58 need selinux + sed -i 's,.*process58,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use ldap; then + einfo "Disabling LDAP probes" + sed -i 's,ldap.h,ldapp.h,g' configure || die + fi + + epatch_user +} + +src_configure() { + python_setup + local myconf + if use debug ; then + myconf+=" --enable-debug" + fi + if use python ; then + myconf+=" --enable-python" + else + myconf+=" --enable-python=no" + fi + if use perl ; then + myconf+=" --enable-perl" + fi + if use nss ; then + myconf+=" --with-crypto=nss3" + else + myconf+=" --with-crypto=gcrypt" + fi + if use sce ; then + myconf+=" --enable-sce" + else + myconf+=" --enable-sce=no" + fi + econf ${myconf} +} + +src_compile() { + emake + if use doc ; then + cd docs && doxygen Doxyfile || die + fi +} + +src_install() { + emake install DESTDIR="${D}" + prune_libtool_files --all + if use doc ; then + dohtml -r docs/html/. + dodoc docs/examples/. + fi + dobashcomp "${D}"/etc/bash_completion.d/oscap + rm -rf "${D}"/etc/bash_completion.d || die +} diff --git a/app-forensics/openscap/openscap-1.2.1.ebuild b/app-forensics/openscap/openscap-1.2.1.ebuild new file mode 100644 index 000000000000..431878e167cb --- /dev/null +++ b/app-forensics/openscap/openscap-1.2.1.ebuild @@ -0,0 +1,139 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) + +inherit bash-completion-r1 eutils multilib python-single-r1 + +DESCRIPTION="Framework which enables integration with the Security Content Automation Protocol (SCAP)" +HOMEPAGE="http://www.open-scap.org/" +SRC_URI="https://fedorahosted.org/releases/o/p/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl caps debug doc gconf ldap nss pcre perl python rpm selinux sce sql test xattr" +RESTRICT="test" + +RDEPEND="!nss? ( dev-libs/libgcrypt:0 ) + nss? ( dev-libs/nss ) + acl? ( virtual/acl ) + caps? ( sys-libs/libcap ) + gconf? ( gnome-base/gconf ) + ldap? ( net-nds/openldap ) + pcre? ( dev-libs/libpcre ) + rpm? ( >=app-arch/rpm-4.9 ) + sql? ( dev-db/opendbx ) + xattr? ( sys-apps/attr ) + dev-libs/libpcre + dev-libs/libxml2 + dev-libs/libxslt + net-misc/curl + ${PYTHON_DEPS}" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + perl? ( dev-lang/swig ) + python? ( dev-lang/swig ) + test? ( + app-arch/unzip + dev-perl/XML-XPath + net-misc/ipcalc + sys-apps/grep )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +src_prepare() { +# uncoment for debugging test +# sed -i 's,set -e,&;set -x,' tests/API/XCCDF/unittests/test_remediate_simple.sh || die +# sed -i 's,^ bash, LC_ALL=C bash,' tests/probes/process/test_probes_process.sh || die + + sed -i 's/uname -p/uname -m/' tests/probes/uname/test_probes_uname.xml.sh || die + + #probe runlevel for non-centos/redhat/fedora is not implemented + sed -i 's,.*runlevel_test.*,echo "runlevel test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,probecheck "runlevel,probecheck "runlevellllll,' tests/probes/runlevel/test_probes_runlevel.sh || die + + #According to comment of theses tests, we must modify it. For the moment disable it + sed -i 's,.*linux-def_inetlisteningservers_test,#&,' tests/mitre/test_mitre.sh || die + sed -i 's,.*ind-def_environmentvariable_test,#&,' tests/mitre/test_mitre.sh || die + + # theses tests are hardcoded for checking hald process..., + # but no good solution for the moment, disabling them with a fake echo + # because encased in a if then +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process_test.xml || die +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process58_test.xml || die + sed -i 's,.*process_test.*,echo "process test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,.*process58_test.*,echo "process58 test bypassed",' tests/mitre/test_mitre.sh || die + + #This test fail + sed -i 's,.*generate report: xccdf,#&,' tests/API/XCCDF/unittests/all.sh || die + + if ! use rpm ; then + sed -i 's,probe_rpminfo_req_deps_ok=yes,probe_rpminfo_req_deps_ok=no,' configure || die + sed -i 's,probe_rpminfo_opt_deps_ok=yes,probe_rpminfo_opt_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_req_deps_ok=yes,probe_rpmverify_req_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_opt_deps_ok=yes,probe_rpmverify_opt_deps_ok=no,' configure || die + sed -i 's,^probe_rpm.*_deps_missing=,&disabled_by_USE_flag,' configure || die + sed -i 's,.*rpm.*,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use selinux ; then + einfo "Disabling SELinux probes" + sed -i 's,.*selinux.*, echo "SELinux test bypassed",' tests/mitre/test_mitre.sh || die + #process58 need selinux + sed -i 's,.*process58,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use ldap; then + einfo "Disabling LDAP probes" + sed -i 's,ldap.h,ldapp.h,g' configure || die + fi + + epatch_user +} + +src_configure() { + python_setup + local myconf + if use debug ; then + myconf+=" --enable-debug" + fi + if use python ; then + myconf+=" --enable-python" + else + myconf+=" --enable-python=no" + fi + if use perl ; then + myconf+=" --enable-perl" + fi + if use nss ; then + myconf+=" --with-crypto=nss3" + else + myconf+=" --with-crypto=gcrypt" + fi + if use sce ; then + myconf+=" --enable-sce" + else + myconf+=" --enable-sce=no" + fi + econf ${myconf} +} + +src_compile() { + emake + if use doc ; then + cd docs && doxygen Doxyfile || die + fi +} + +src_install() { + emake install DESTDIR="${D}" + prune_libtool_files --all + if use doc ; then + dohtml -r docs/html/. + dodoc docs/examples/. + fi + dobashcomp "${D}"/etc/bash_completion.d/oscap + rm -rf "${D}"/etc/bash_completion.d || die +} diff --git a/app-forensics/openscap/openscap-1.2.5.ebuild b/app-forensics/openscap/openscap-1.2.5.ebuild new file mode 100644 index 000000000000..431878e167cb --- /dev/null +++ b/app-forensics/openscap/openscap-1.2.5.ebuild @@ -0,0 +1,139 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) + +inherit bash-completion-r1 eutils multilib python-single-r1 + +DESCRIPTION="Framework which enables integration with the Security Content Automation Protocol (SCAP)" +HOMEPAGE="http://www.open-scap.org/" +SRC_URI="https://fedorahosted.org/releases/o/p/${PN}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl caps debug doc gconf ldap nss pcre perl python rpm selinux sce sql test xattr" +RESTRICT="test" + +RDEPEND="!nss? ( dev-libs/libgcrypt:0 ) + nss? ( dev-libs/nss ) + acl? ( virtual/acl ) + caps? ( sys-libs/libcap ) + gconf? ( gnome-base/gconf ) + ldap? ( net-nds/openldap ) + pcre? ( dev-libs/libpcre ) + rpm? ( >=app-arch/rpm-4.9 ) + sql? ( dev-db/opendbx ) + xattr? ( sys-apps/attr ) + dev-libs/libpcre + dev-libs/libxml2 + dev-libs/libxslt + net-misc/curl + ${PYTHON_DEPS}" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + perl? ( dev-lang/swig ) + python? ( dev-lang/swig ) + test? ( + app-arch/unzip + dev-perl/XML-XPath + net-misc/ipcalc + sys-apps/grep )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +src_prepare() { +# uncoment for debugging test +# sed -i 's,set -e,&;set -x,' tests/API/XCCDF/unittests/test_remediate_simple.sh || die +# sed -i 's,^ bash, LC_ALL=C bash,' tests/probes/process/test_probes_process.sh || die + + sed -i 's/uname -p/uname -m/' tests/probes/uname/test_probes_uname.xml.sh || die + + #probe runlevel for non-centos/redhat/fedora is not implemented + sed -i 's,.*runlevel_test.*,echo "runlevel test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,probecheck "runlevel,probecheck "runlevellllll,' tests/probes/runlevel/test_probes_runlevel.sh || die + + #According to comment of theses tests, we must modify it. For the moment disable it + sed -i 's,.*linux-def_inetlisteningservers_test,#&,' tests/mitre/test_mitre.sh || die + sed -i 's,.*ind-def_environmentvariable_test,#&,' tests/mitre/test_mitre.sh || die + + # theses tests are hardcoded for checking hald process..., + # but no good solution for the moment, disabling them with a fake echo + # because encased in a if then +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process_test.xml || die +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process58_test.xml || die + sed -i 's,.*process_test.*,echo "process test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,.*process58_test.*,echo "process58 test bypassed",' tests/mitre/test_mitre.sh || die + + #This test fail + sed -i 's,.*generate report: xccdf,#&,' tests/API/XCCDF/unittests/all.sh || die + + if ! use rpm ; then + sed -i 's,probe_rpminfo_req_deps_ok=yes,probe_rpminfo_req_deps_ok=no,' configure || die + sed -i 's,probe_rpminfo_opt_deps_ok=yes,probe_rpminfo_opt_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_req_deps_ok=yes,probe_rpmverify_req_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_opt_deps_ok=yes,probe_rpmverify_opt_deps_ok=no,' configure || die + sed -i 's,^probe_rpm.*_deps_missing=,&disabled_by_USE_flag,' configure || die + sed -i 's,.*rpm.*,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use selinux ; then + einfo "Disabling SELinux probes" + sed -i 's,.*selinux.*, echo "SELinux test bypassed",' tests/mitre/test_mitre.sh || die + #process58 need selinux + sed -i 's,.*process58,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use ldap; then + einfo "Disabling LDAP probes" + sed -i 's,ldap.h,ldapp.h,g' configure || die + fi + + epatch_user +} + +src_configure() { + python_setup + local myconf + if use debug ; then + myconf+=" --enable-debug" + fi + if use python ; then + myconf+=" --enable-python" + else + myconf+=" --enable-python=no" + fi + if use perl ; then + myconf+=" --enable-perl" + fi + if use nss ; then + myconf+=" --with-crypto=nss3" + else + myconf+=" --with-crypto=gcrypt" + fi + if use sce ; then + myconf+=" --enable-sce" + else + myconf+=" --enable-sce=no" + fi + econf ${myconf} +} + +src_compile() { + emake + if use doc ; then + cd docs && doxygen Doxyfile || die + fi +} + +src_install() { + emake install DESTDIR="${D}" + prune_libtool_files --all + if use doc ; then + dohtml -r docs/html/. + dodoc docs/examples/. + fi + dobashcomp "${D}"/etc/bash_completion.d/oscap + rm -rf "${D}"/etc/bash_completion.d || die +} diff --git a/app-forensics/openscap/openscap-9999.ebuild b/app-forensics/openscap/openscap-9999.ebuild new file mode 100644 index 000000000000..159215b09fc4 --- /dev/null +++ b/app-forensics/openscap/openscap-9999.ebuild @@ -0,0 +1,160 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) + +inherit bash-completion-r1 eutils multilib python-single-r1 + +DESCRIPTION="Framework which enables integration with the Security Content Automation Protocol (SCAP)" +HOMEPAGE="http://www.open-scap.org/" +if [[ "${PV}" != "9999" ]]; +then + SRC_URI="https://fedorahosted.org/releases/o/p/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +else + inherit git-2 autotools + EGIT_REPO_URI="git://git.fedorahosted.org/git/openscap.git" + EGIT_SOURCEDIR="${WORKDIR}/openscap" + KEYWORDS="" + S="${WORKDIR}/${PN}" +fi + +LICENSE="LGPL-2.1" +SLOT="0" +IUSE="acl caps debug doc gconf ldap nss pcre perl python rpm selinux sce sql test xattr" +#RESTRICT="test" + +RDEPEND="!nss? ( dev-libs/libgcrypt:0 ) + nss? ( dev-libs/nss ) + acl? ( virtual/acl ) + caps? ( sys-libs/libcap ) + gconf? ( gnome-base/gconf ) + ldap? ( net-nds/openldap ) + pcre? ( dev-libs/libpcre ) + rpm? ( >=app-arch/rpm-4.9 ) + sql? ( dev-db/opendbx ) + xattr? ( sys-apps/attr ) + dev-libs/libpcre + dev-libs/libxml2 + dev-libs/libxslt + net-misc/curl + ${PYTHON_DEPS}" +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen ) + perl? ( dev-lang/swig ) + python? ( dev-lang/swig ) + test? ( + app-arch/unzip + dev-perl/XML-XPath + net-misc/ipcalc + sys-apps/grep )" + +src_unpack() { + if [[ "${PV}" == "9999" ]]; + then + git-2_src_unpack + fi +} + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +src_prepare() { +# uncoment for debugging test +# sed -i 's,set -e,&;set -x,' tests/API/XCCDF/unittests/test_remediate_simple.sh || die + + sed -i 's/uname -p/uname -m/' tests/probes/uname/test_probes_uname.xml.sh || die + + #probe runlevel for non-centos/redhat/fedora is not implemented + sed -i 's,.*runlevel_test.*,echo "runlevel test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,probecheck "runlevel,probecheck "runlevellllll,' tests/probes/runlevel/test_probes_runlevel.sh || die + + #According to comment of theses tests, we must modify it. For the moment disable it + sed -i 's,.*linux-def_inetlisteningservers_test,#&,' tests/mitre/test_mitre.sh || die + sed -i 's,.*ind-def_environmentvariable_test,#&,' tests/mitre/test_mitre.sh || die + + # theses tests are hardcoded for checking hald process..., + # but no good solution for the moment, disabling them with a fake echo + # because encased in a if then +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process_test.xml || die +# sed -i 's,ha.d,/sbin/udevd --daemon,g' tests/mitre/unix-def_process58_test.xml || die + sed -i 's,.*process_test.*,echo "process test bypassed",' tests/mitre/test_mitre.sh || die + sed -i 's,.*process58_test.*,echo "process58 test bypassed",' tests/mitre/test_mitre.sh || die + + #This test fail + sed -i 's,.*generate report: xccdf,#&,' tests/API/XCCDF/unittests/all.sh || die + + if [[ "${PV}" == "9999" ]]; + then + eautoreconf + fi + + if ! use rpm ; then + sed -i 's,probe_rpminfo_req_deps_ok=yes,probe_rpminfo_req_deps_ok=no,' configure || die + sed -i 's,probe_rpminfo_opt_deps_ok=yes,probe_rpminfo_opt_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_req_deps_ok=yes,probe_rpmverify_req_deps_ok=no,' configure || die + sed -i 's,probe_rpmverify_opt_deps_ok=yes,probe_rpmverify_opt_deps_ok=no,' configure || die + sed -i 's,^probe_rpm.*_deps_missing=,&disabled_by_USE_flag,' configure || die + sed -i 's,.*rpm.*,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use selinux ; then + einfo "Disabling SELinux probes" + sed -i 's,.*selinux.*, echo "SELinux test bypassed",' tests/mitre/test_mitre.sh || die + #process58 need selinux + sed -i 's,.*process58,#&,' tests/mitre/test_mitre.sh || die + fi + if ! use ldap; then + einfo "Disabling LDAP probes" + sed -i 's,ldap.h,ldapp.h,g' configure || die + fi + + epatch_user +} + +src_configure() { + python_setup + local myconf + if use debug ; then + myconf+=" --enable-debug" + fi + if use python ; then + myconf+=" --enable-python" + else + myconf+=" --enable-python=no" + fi + if use perl ; then + myconf+=" --enable-perl" + fi + if use nss ; then + myconf+=" --with-crypto=nss3" + else + myconf+=" --with-crypto=gcrypt" + fi + if use sce ; then + myconf+=" --enable-sce" + else + myconf+=" --enable-sce=no" + fi + econf ${myconf} +} + +src_compile() { + emake + if use doc ; then + einfo "Building HTML documentation using Doxygen (which will take a while)" + cd docs && doxygen Doxyfile || die + fi +} + +src_install() { + emake install DESTDIR="${D}" + prune_libtool_files --all + if use doc ; then + dohtml -r docs/html/. + dodoc docs/examples/. + fi + dobashcomp "${D}"/etc/bash_completion.d/oscap + rm -rf "${D}"/etc/bash_completion.d || die +} diff --git a/app-forensics/ovaldi/Manifest b/app-forensics/ovaldi/Manifest new file mode 100644 index 000000000000..b585afec0b11 --- /dev/null +++ b/app-forensics/ovaldi/Manifest @@ -0,0 +1,3 @@ +DIST ovaldi-5.10.1.2-src.tar.bz2 14859172 SHA256 2d00a1bc730f6635beebd52611ee30c914169626ef5adf68ff313295c483d319 SHA512 77ffc04a8b33a43a9370b795e6af5e79e63ca59ec70c974408fffc163d487c654f153924494b14e1fc8b2ba2f33e96bc85e175fd8044e370a75a88f3f9c37fcb WHIRLPOOL 6c8e8da498c9f0c36be7a88a1293a984975e6fc90993fe6a860969af63cd8b9393e6adb4bf68893c6da468562322adb4b60a4894393bd7916047f900631f8296 +DIST ovaldi-5.10.1.4-src.tar.bz2 14868251 SHA256 92a22ad75ecdb02abb155e520cf249cc0f737c52b17380b1d58caf410f8c2560 SHA512 d7926a7416fe90013e203b333390e33d51c3eb0caa6ebba69dd593791a8377ac38f5db72fcff2d1ab2dd39a0f5d1b0d2a0d08f906d3e26740288532a27debb47 WHIRLPOOL b9e9142f3d51818c6fbdd12d036176a435bb7af4a75b39bd6bbaee9c542718f9058401ccdfb053a84bac97dfb9b5ba0acdbcf98c4085f6198ad51e94d6ea9d25 +DIST ovaldi-5.9.1-src.tar.bz2 14745625 SHA256 40161ac64fd221543a19f178de283919be2dd7f513a6fb354f1440fe1bfb98e1 SHA512 5ac3fb0b943aa6c650ae31131a41e059d2b338defe608b1a7b65ba776e249d005ccf4c3ff3ab64fb042a775c70467f4ca879de005f6bf78c19a4a0c782204d34 WHIRLPOOL d96fcf29bfbf301dde50e54a6d710db913520d7b0e47be8b17f2a202353f81eef94e2934d0aa84ca6ddd24dce8a0fdd9c4cfe6224f4757717c88317895ad12af diff --git a/app-forensics/ovaldi/files/disable-acl.patch b/app-forensics/ovaldi/files/disable-acl.patch new file mode 100644 index 000000000000..49ea42c80558 --- /dev/null +++ b/app-forensics/ovaldi/files/disable-acl.patch @@ -0,0 +1,23 @@ +--- src/probes/unix/FileProbe.cpp.old 2013-01-14 16:28:33.000000000 +0100 ++++ src/probes/unix/FileProbe.cpp 2013-01-14 16:30:33.000000000 +0100 +@@ -427,19 +427,8 @@ + 5) If a file doesn't have an ACL, or it matches the standard UNIX permissions, the value will be 'false' (this is covered by acl_extended_file() - thank you openscap)
+ 6) If a file has an ACL, the value will be 'true'.
+ */
+-
+- int hasExtendedAcl = acl_extended_file(filePath.c_str());
+- if(hasExtendedAcl > -1){ // behavior 4, 5, and 6
+- item->AppendElement(new ItemEntity("has_extended_acl",Common::ToString(hasExtendedAcl),OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_EXISTS,0));
+- }else{
+- if(errno == EOPNOTSUPP){ // behavior 3
+- item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_DOES_NOT_EXIST,0));
+- }else{ // behavior 2
+- item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_ERROR,0));
+- item->AppendMessage(new OvalMessage(string("Error reading ACL data: ") + strerror(errno)));
+- }
+- }
+
++ item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_NOT_COLLECTED,0));
+ # else
+ // behavior 1
+ item->AppendElement(new ItemEntity("has_extended_acl","",OvalEnum::DATATYPE_BOOLEAN,OvalEnum::STATUS_NOT_COLLECTED,0));
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.2-add-selinux-libs.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-add-selinux-libs.patch new file mode 100644 index 000000000000..d390be2ed6ce --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-add-selinux-libs.patch @@ -0,0 +1,11 @@ +--- project/linux/Makefile.orig 2012-01-02 12:08:20.400871287 +0100 ++++ project/linux/Makefile 2012-01-02 12:08:48.966488826 +0100 +@@ -50,7 +50,7 @@ + LIBDIR = -L/usr/local/lib -L/usr/lib
+
+ # What libraries do we need?
+-LIBS = -lxerces-c -lxalan-c -lpcre -lpopt -lgcrypt -lblkid
++LIBS = -lxerces-c -lxalan-c -lpcre -lpopt -lgcrypt -lblkid -lsepol -lselinux
+
+ # Determine what package management system is being used
+ #PACKAGE_RPM = $(shell /usr/bin/env rpm --version 2>/dev/null)
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.2-disable-ldap-probes.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-disable-ldap-probes.patch new file mode 100644 index 000000000000..1a15ca25d62f --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-disable-ldap-probes.patch @@ -0,0 +1,11 @@ +--- src/linux/ProbeFactory.cpp 2010-12-10 13:37:00.019140703 +0100 ++++ src/linux/ProbeFactory.cpp 2010-08-27 21:23:41.000000000 +0200 +@@ -61,8 +61,6 @@ + probe = XmlFileContentProbe::Instance();
+ } else if(objectName.compare("textfilecontent54_object") == 0) {
+ probe = TextFileContent54Probe::Instance();
+- } else if(objectName.compare("ldap_object") == 0) {
+- probe = LDAPProbe::Instance();
+
+ // here are the objects defined in the unix schema
+ } else if(objectName.compare("file_object") == 0) {
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.2-disable-selinux-probes.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-disable-selinux-probes.patch new file mode 100644 index 000000000000..f93304deb1b3 --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-disable-selinux-probes.patch @@ -0,0 +1,94 @@ +--- ./src/linux/ProbeFactory.cpp.old 2011-08-18 14:45:11.314556346 +0200 ++++ ./src/linux/ProbeFactory.cpp 2011-08-18 14:45:23.151011753 +0200 +@@ -101,10 +101,6 @@ + #endif
+ } else if (objectName.compare("partition_object") == 0) {
+ probe = PartitionProbe::Instance();
+- } else if (objectName.compare("selinuxsecuritycontext_object") == 0) {
+- probe = SelinuxSecurityContextProbe::Instance();
+- } else if (objectName.compare("selinuxboolean_object") == 0) {
+- probe = SelinuxBooleanProbe::Instance();
+ } else if (objectName.compare("iflisteners_object") == 0) {
+ probe = IfListenersProbe::Instance();
+ } else {
+--- src/linux/ProbeFactory.h.old 2011-08-18 14:47:23.226501075 +0200 ++++ src/linux/ProbeFactory.h 2011-08-18 14:47:34.183998019 +0200 +@@ -71,8 +71,6 @@ + #include "InetdProbe.h"
+ + #include "PartitionProbe.h"
+-#include "SelinuxSecurityContextProbe.h"
+-#include "SelinuxBooleanProbe.h"
+ #include "IfListenersProbe.h"
+
+ class AbsProbe;
+--- src/probes/unix/Process58Probe.cpp.old 2012-05-22 10:09:52.980828398 +0200 ++++ src/probes/unix/Process58Probe.cpp 2012-05-22 10:11:06.266468168 +0200 +@@ -29,10 +29,10 @@ + //****************************************************************************************//
+
+ #ifdef LINUX
+-# include <selinux/selinux.h>
+-# include <selinux/context.h>
++/*# include <selinux/selinux.h>
++# include <selinux/context.h>*/
+ # include <sys/capability.h>
+-# include <SecurityContextGuard.h>
++/*# include <SecurityContextGuard.h>*/
+ #endif
+
+ #include <fstream>
+@@ -328,7 +328,7 @@ + pid_t sessionId;
+ uid_t loginuid;
+ uint64_t effCap, *effCapp=&effCap;
+- string selinuxDomainLabel;
++/* string selinuxDomainLabel;*/
+
+ Process58Probe::ProcStatus statStatus, statusStatus, ttyStatus, loginuidStatus;
+
+@@ -423,10 +423,10 @@ + }
+
+ // this one doesn't require reading anything in /proc
+- if (!RetrieveSelinuxDomainLabel(pid, &selinuxDomainLabel, &errMsg)) {
++/* if (!RetrieveSelinuxDomainLabel(pid, &selinuxDomainLabel, &errMsg)) {
+ item->AppendMessage(new OvalMessage(errMsg, OvalEnum::LEVEL_ERROR));
+ item->SetStatus(OvalEnum::STATUS_ERROR);
+- }
++ }*/
+
+ // The Linux start time is represented as the number of jiffies (1/100 sec)
+ // that the application was started after the last system reboot. To get an
+@@ -491,10 +491,10 @@ + // aren't any.
+ item->AppendElement(new ItemEntity("posix_capability", "", OvalEnum::DATATYPE_STRING, false, OvalEnum::STATUS_ERROR));
+
+- if (selinuxDomainLabel.empty())
++/* if (selinuxDomainLabel.empty())*/
+ item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, false, OvalEnum::STATUS_ERROR));
+- else
+- item->AppendElement(new ItemEntity("selinux_domain_label", selinuxDomainLabel));
++/* else
++ item->AppendElement(new ItemEntity("selinux_domain_label", selinuxDomainLabel));*/
+
+ if (statStatus == PROC_OK)
+ item->AppendElement(new ItemEntity("session_id", Common::ToString(sessionId), OvalEnum::DATATYPE_INTEGER));
+@@ -709,7 +709,7 @@ + capMap[capEnum]));
+ }
+ }
+-
++/*
+ bool Process58Probe::RetrieveSelinuxDomainLabel(pid_t pid, string *label, string *err) {
+ security_context_t sctx;
+ int ec = getpidcon(pid, &sctx);
+@@ -732,7 +732,7 @@ + *label = tmp;
+ return true;
+ }
+-
++*/
+ #elif defined SUNOS
+
+ void Process58Probe::GetPSInfo(string command, string pidStr, ItemVector* items) {
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.2-missing-memory-header.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-missing-memory-header.patch new file mode 100644 index 000000000000..3f5fcdba2450 --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-missing-memory-header.patch @@ -0,0 +1,20 @@ +--- src/CountFunction.cpp.old 2012-01-02 11:37:27.113604532 +0100 ++++ src/CountFunction.cpp 2012-01-02 11:37:39.624998573 +0100 +@@ -29,6 +29,7 @@ + //****************************************************************************************// + + #include <cstddef> ++#include <memory> + #include "CountFunction.h" + #include "ComponentFactory.h" + +--- src/UniqueFunction.cpp.orig 2012-01-02 11:39:58.564269070 +0100 ++++ src/UniqueFunction.cpp 2012-01-02 11:40:12.057615550 +0100 +@@ -29,6 +29,7 @@ + //****************************************************************************************// + + #include <set> ++#include <memory> + #include "Common.h" + #include "ComponentFactory.h" + #include "UniqueFunction.h" diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.2-strnicmp.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-strnicmp.patch new file mode 100644 index 000000000000..fc127efd3cdb --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-strnicmp.patch @@ -0,0 +1,11 @@ +--- src/Main.h.old 2010-10-22 14:59:13.000000000 +0200 ++++ src/Main.h 2010-10-22 14:59:38.000000000 +0200 +@@ -38,7 +38,7 @@ + #endif
+
+ #ifdef LINUX
+-# define STRNICMP strnicmp
++# define STRNICMP strncasecmp
+ #elif defined SUNOS
+ # define STRNICMP strncasecmp
+ #elif defined DARWIN
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.2-xerces3.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-xerces3.patch new file mode 100644 index 000000000000..b127ee44ed45 --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.2-xerces3.patch @@ -0,0 +1,306 @@ +--- src/XmlProcessor.cpp.old 2011-08-18 14:51:20.311616357 +0200 ++++ src/XmlProcessor.cpp 2011-08-18 14:51:47.214381144 +0200 +@@ -35,7 +35,6 @@ + // for dom Writer
+ #include <xercesc/dom/DOMImplementation.hpp>
+ #include <xercesc/dom/DOMImplementationLS.hpp>
+-#include <xercesc/dom/DOMWriter.hpp>
+ #include <xercesc/framework/StdOutFormatTarget.hpp>
+ #include <xercesc/framework/LocalFileFormatTarget.hpp>
+ #include <xercesc/util/XMLUni.hpp>
+@@ -53,8 +52,17 @@ + //****************************************************************************************//
+ // DataDirResolver Class //
+ //****************************************************************************************//
+-
++#if XERCES_VERSION_MAJOR < 3
+ DOMInputSource* DataDirResolver::resolveEntity (const XMLCh *const /*publicId*/, const XMLCh *const systemId, const XMLCh *const /*baseURI*/) {
++#else
++InputSource* DataDirResolver::resolveEntity(const XMLCh* publicId, const XMLCh* systemId)
++{
++ return NULL;
++ //return DataDirResolver::resolveEntity (publicId, systemId, NULL);
++}
++
++DOMLSInput* DataDirResolver::resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI) {
++#endif
+ string path = "";
+ size_t last;
+ string schemapath = Common::GetSchemaPath();
+@@ -104,13 +112,19 @@ +
+ try {
+ XMLPlatformUtils::Initialize();
++#if XERCES_VERSION_MAJOR < 3
++#define SetParameter(parser,n,v) parser->setFeature(n,v)
++#else
++#define SetParameter(parser,n,v) parser->getDomConfig()->setParameter(n,v)
++#endif
+
+ parser = makeParser();
+ parserWithCallerAdoption = makeParser();
+ // add one extra feature on this parser to prevent it from
+ // taking ownership of its documents.
+- parserWithCallerAdoption->setFeature(XMLUni::fgXercesUserAdoptsDOMDocument, true);
++ SetParameter(parserWithCallerAdoption, XMLUni::fgXercesUserAdoptsDOMDocument, true);
+
++#undef SetParameter
+ } catch (const XMLException& toCatch) {
+ string errMsg = "Error: An error occured durring initialization of the xml utilities:\n";
+ errMsg.append(XmlCommon::ToString(toCatch.getMessage()));
+@@ -137,32 +151,55 @@ +
+ }
+
++#if XERCES_VERSION_MAJOR < 3
+ DOMBuilder *XmlProcessor::makeParser() {
++#else
++DOMLSParser *XmlProcessor::makeParser() {
++#endif
+ // Instantiate the DOM parser.
+ static const XMLCh gLS[] = { chLatin_L, chLatin_S, chNull };
+ DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(gLS);
+
++#if XERCES_VERSION_MAJOR < 3
+ DOMBuilder *parser = ((DOMImplementationLS*)impl)->createDOMBuilder(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#else
++ DOMLSParser *parser = ((DOMImplementationLS*)impl)->createLSParser(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#endif
+
+ ///////////////////////////////////////////////////////
+ // Set features on the builder
+ ///////////////////////////////////////////////////////
+
+- parser->setFeature(XMLUni::fgDOMComments, false); // Discard Comment nodes in the document.
+- parser->setFeature(XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.
+- parser->setFeature(XMLUni::fgDOMNamespaces, true); // Perform Namespace processing
+- parser->setFeature(XMLUni::fgDOMValidation, true); // Report all validation errors.
+- parser->setFeature(XMLUni::fgXercesSchema, true); // Enable the parser's schema support.
+- parser->setFeature(XMLUni::fgXercesSchemaFullChecking, true); // Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.
+- parser->setFeature(XMLUni::fgXercesValidationErrorAsFatal, true); // The parser will treat validation error as fatal and will exit
+- parser->setFeature(XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
++#if XERCES_VERSION_MAJOR < 3
++#define SetParameter(parser,n,v) parser->setFeature(n,v)
++#else
++#define SetParameter(parser,n,v) parser->getDomConfig()->setParameter(n,v)
++#endif
++
++ SetParameter(parser, XMLUni::fgDOMComments, false); // Discard Comment nodes in the document.
++ SetParameter(parser, XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.
++ SetParameter(parser, XMLUni::fgDOMNamespaces, true); // Perform Namespace processing
++#if XERCES_VERSION_MAJOR < 3
++ SetParameter(parser, XMLUni::fgDOMValidation, true); // Report all validation errors.
++#else
++ SetParameter(parser, XMLUni::fgDOMValidate, true); // Report all validation errors.
++#endif
++ SetParameter(parser, XMLUni::fgXercesSchema, true); // Enable the parser's schema support.
++ SetParameter(parser, XMLUni::fgXercesSchemaFullChecking, true); // Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.
++ SetParameter(parser, XMLUni::fgXercesValidationErrorAsFatal, true); // The parser will treat validation error as fatal and will exit
++ SetParameter(parser, XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
++#undef SetParameter
+
+ ///////////////////////////////////////////////////////
+ //****************************************************************************************//
+ // The following code was added to handle air-gap operation //
+ //****************************************************************************************//
+ /* Look for XML schemas in local directory instead of Internet */
++#if XERCES_VERSION_MAJOR < 3
+ parser->setEntityResolver (&resolver);
++#else
++ parser->getDomConfig()->setParameter(XMLUni::fgXercesEntityResolver, &resolver);
++#endif
+ //****************************************************************************************//
+ // End of air-gap code //
+ //****************************************************************************************//
+@@ -170,7 +207,11 @@ + ///////////////////////////////////////////////////////
+ // Add an Error Handler
+ ///////////////////////////////////////////////////////
++#if XERCES_VERSION_MAJOR < 3
+ parser->setErrorHandler(&errHandler);
++#else
++ parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, &errHandler);
++#endif
+
+ return parser;
+ }
+@@ -250,24 +291,26 @@ + XMLCh tempStr[100];
+ XMLString::transcode("LS", tempStr, 99);
+ DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(tempStr);
++#if XERCES_VERSION_MAJOR < 3
+ DOMWriter *theSerializer = ((DOMImplementationLS*)impl)->createDOMWriter();
++#else
++ DOMLSSerializer *theSerializer = ((DOMImplementationLS*)impl)->createLSSerializer();
++#endif
++
++#if XERCES_VERSION_MAJOR < 3
++#define SetParameter(serializer,n,v) if (serializer->canSetFeature(n,v)) serializer->setFeature(n,v)
++#else
++#define SetParameter(serializer,n,v) if (serializer->getDomConfig()->canSetParameter(n,v)) serializer->getDomConfig()->setParameter(n,v)
++#endif
+
+ // set feature if the serializer supports the feature/mode
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTSplitCdataSections, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTSplitCdataSections, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTBOM, false))
+- theSerializer->setFeature(XMLUni::fgDOMWRTBOM, false);
+-
+- //if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+- // theSerializer->setFeature(XMLUni::fgDOMWRTBOM, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTSplitCdataSections, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTDiscardDefaultContent, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTFormatPrettyPrint, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, false);
++ //SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, true);
+
++#undef SetParameter
+ //
+ // Plug in a format target to receive the resultant
+ // XML stream from the serializer.
+@@ -284,7 +327,13 @@ + //
+ // do the serialization through DOMWriter::writeNode();
+ //
++#if XERCES_VERSION_MAJOR < 3
+ theSerializer->writeNode(myFormTarget, *doc);
++#else
++ DOMLSOutput *output = ((DOMImplementationLS*)impl)->createLSOutput();
++ output->setByteStream(myFormTarget);
++ theSerializer->write(doc, output);
++#endif
+
+ theSerializer->release();
+ delete myFormTarget;
+--- src/XmlProcessor.h.old 2011-08-18 14:35:41.608703233 +0200 ++++ src/XmlProcessor.h 2011-08-18 14:39:21.835597094 +0200 +@@ -38,14 +38,17 @@ + #include <string>
+
+ // required xerces includes
+-#include <xercesc/dom/DOMBuilder.hpp>
+ #include <xercesc/dom/DOMDocument.hpp>
+ #include <xercesc/dom/DOMErrorHandler.hpp>
+ #include <xercesc/dom/DOMError.hpp>
+
+ // for entity resolver
+-#include <xercesc/dom/DOMEntityResolver.hpp>
+-#include <xercesc/dom/DOMInputSource.hpp>
++
++#include <xercesc/dom/DOMImplementationRegistry.hpp>
++#include <xercesc/dom/DOMLSParser.hpp>
++#include <xercesc/sax/EntityResolver.hpp>
++#include <xercesc/sax/InputSource.hpp>
++#include <xercesc/sax2/SAX2XMLReader.hpp>
+
+ #include "Exception.h"
+
+@@ -53,12 +56,14 @@ + This class extends the default DOMEntityResolver and implments the resolve entity method
+ to support
+ */
+-class DataDirResolver : public xercesc::DOMEntityResolver {
++class DataDirResolver : public xercesc::EntityResolver {
+ public:
+ /**
+ *
+ */
+- xercesc::DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
++// xercesc::DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI); ++ xercesc::InputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId); ++ xercesc::DOMLSInput *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI); + };
+
+ /**
+@@ -135,7 +140,7 @@ + /**
+ * Has the common code for creating an XML parser.
+ */
+- xercesc::DOMBuilder *makeParser();
++ xercesc::DOMLSParser *makeParser();
+
+ static XmlProcessor* instance;
+
+@@ -144,7 +149,7 @@ + * owns the documents it builds. Users must manually destroy
+ * those documents.
+ */
+- xercesc::DOMBuilder *parserWithCallerAdoption;
++ xercesc::DOMLSParser *parserWithCallerAdoption;
+
+ /**
+ * This parser doesn't have user-adoption switched on, so it
+@@ -156,7 +161,7 @@ + * appear to ever be switched off. So to make sure this isn't
+ * leaking memory, I have created separate parsers.
+ */
+- xercesc::DOMBuilder *parser;
++ xercesc::DOMLSParser *parser;
+
+ /** The entity resolver for both parsers. */
+ DataDirResolver resolver;
+--- src/probes/independent/XmlFileContentProbe.cpp.old 2010-10-22 14:49:22.000000000 +0200 ++++ src/probes/independent/XmlFileContentProbe.cpp 2010-10-22 14:51:39.000000000 +0200 +@@ -419,12 +419,24 @@ + return new DummyEntityResolver::DoNothingBinInputStream();
+ }
+
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#else
++const XMLCh* DummyEntityResolver::DoNothingBinInputStream::getContentType() const
++{
++ return NULL;
++}
++XMLFilePos DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#endif
+ {
+ return 0;
+ }
+
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const /*toFill*/, const unsigned int /*maxToRead*/)
++#else
++XMLSize_t DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const toFill, XMLSize_t maxToRead)
++#endif
+ {
+ return 0;
+ }
+--- src/probes/independent/XmlFileContentProbe.h.old 2010-10-22 14:55:47.000000000 +0200 ++++ src/probes/independent/XmlFileContentProbe.h 2010-10-22 14:57:00.000000000 +0200 +@@ -134,8 +134,14 @@ + class DoNothingBinInputStream : public BinInputStream
+ {
+ public:
++#if XERCES_VERSION_MAJOR < 3
+ virtual unsigned int curPos() const;
+ virtual unsigned int readBytes(XMLByte *const toFill, const unsigned int maxToRead);
++#else
++ virtual XMLFilePos curPos() const;
++ virtual const XMLCh* getContentType() const;
++ virtual XMLSize_t readBytes(XMLByte *const toFill, XMLSize_t maxToRead);
++#endif
+ };
+ };
+
+--- src/XmlCommon.cpp.old ++++ src/XmlCommon.cpp +@@ -546,7 +546,11 @@ void XmlCommon::AddSchemaLocation(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *do + string XmlCommon::GetNamespace(DOMElement *element) {
+
+ string xmlns = "";
++#if XERCES_VERSION_MAJOR < 3
+ xmlns = XmlCommon::ToString(element->getTypeInfo()->getNamespace());
++#else
++ xmlns = XmlCommon::ToString(element->getSchemaTypeInfo()->getTypeNamespace());
++#endif
+ if (xmlns.compare("") == 0) {
+ xmlns = "";
+ }
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.4-disable-selinux-probes.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-disable-selinux-probes.patch new file mode 100644 index 000000000000..b9d02d763c61 --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-disable-selinux-probes.patch @@ -0,0 +1,84 @@ +--- src/probes/unix/Process58Probe.cpp.old 2013-01-14 16:05:18.000000000 +0100 ++++ src/probes/unix/Process58Probe.cpp 2013-01-14 16:06:16.000000000 +0100 +@@ -29,8 +29,8 @@ + //****************************************************************************************//
+
+ #ifdef LINUX
+-# include <selinux/selinux.h>
+-# include <selinux/context.h>
++/*# include <selinux/selinux.h>
++# include <selinux/context.h>*/
+ # include <sys/capability.h>
+ # include <SecurityContextGuard.h>
+ #endif
+@@ -328,7 +328,7 @@ + pid_t sessionId;
+ uid_t loginuid;
+ uint64_t effCap, *effCapp=&effCap;
+- string selinuxDomainLabel;
++/* string selinuxDomainLabel;*/
+
+ Process58Probe::ProcStatus statStatus, statusStatus, ttyStatus, loginuidStatus;
+
+@@ -423,10 +423,10 @@ + }
+
+ // this one doesn't require reading anything in /proc
+- if (!RetrieveSelinuxDomainLabel(pid, &selinuxDomainLabel, &errMsg)) {
++/* if (!RetrieveSelinuxDomainLabel(pid, &selinuxDomainLabel, &errMsg)) {
+ item->AppendMessage(new OvalMessage(errMsg, OvalEnum::LEVEL_ERROR));
+ item->SetStatus(OvalEnum::STATUS_ERROR);
+- }
++ }*/
+
+ // The Linux start time is represented as the number of jiffies (1/100 sec)
+ // that the application was started after the last system reboot. To get an
+@@ -522,10 +522,10 @@ + // aren't any.
+ item->AppendElement(new ItemEntity("posix_capability", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_ERROR));
+
+- if (selinuxDomainLabel.empty())
++/* if (selinuxDomainLabel.empty())
+ item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_ERROR));
+ else
+- item->AppendElement(new ItemEntity("selinux_domain_label", selinuxDomainLabel));
++ item->AppendElement(new ItemEntity("selinux_domain_label", selinuxDomainLabel));*/
+
+ if (statStatus == PROC_OK)
+ item->AppendElement(new ItemEntity("session_id", Common::ToString(sessionId), OvalEnum::DATATYPE_INTEGER));
+@@ -740,7 +740,7 @@ + capMap[capEnum]));
+ }
+ }
+-
++/*
+ bool Process58Probe::RetrieveSelinuxDomainLabel(pid_t pid, string *label, string *err) {
+ security_context_t sctx;
+ int ec = getpidcon(pid, &sctx);
+@@ -763,7 +763,7 @@ + *label = tmp;
+ return true;
+ }
+-
++*/
+ #elif defined SUNOS
+
+ void Process58Probe::GetPSInfo(string command, string pidStr, ItemVector* items) {
+@@ -830,7 +830,7 @@ + item->AppendElement(new ItemEntity("exec_shield", "", OvalEnum::DATATYPE_BOOLEAN, OvalEnum::STATUS_NOT_COLLECTED));
+ item->AppendElement(new ItemEntity("loginuid", "", OvalEnum::DATATYPE_INTEGER, OvalEnum::STATUS_NOT_COLLECTED));
+ item->AppendElement(new ItemEntity("posix_capability", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
+- item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
++/* item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));*/
+ item->AppendElement(new ItemEntity("session_id", Common::ToString(info.pr_sid), OvalEnum::DATATYPE_INTEGER));
+
+ items->push_back(item);
+@@ -988,7 +988,7 @@ + item->AppendElement(new ItemEntity("exec_shield", "", OvalEnum::DATATYPE_BOOLEAN, OvalEnum::STATUS_NOT_COLLECTED));
+ item->AppendElement(new ItemEntity("loginuid", "", OvalEnum::DATATYPE_INTEGER, OvalEnum::STATUS_NOT_COLLECTED));
+ item->AppendElement(new ItemEntity("posix_capability", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
+- item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));
++/* item->AppendElement(new ItemEntity("selinux_domain_label", "", OvalEnum::DATATYPE_STRING, OvalEnum::STATUS_NOT_COLLECTED));*/
+ item->AppendElement(new ItemEntity("session_id", "", OvalEnum::DATATYPE_INTEGER, OvalEnum::STATUS_NOT_COLLECTED));
+
+ items->push_back(item);
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.4-strnicmp.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-strnicmp.patch new file mode 100644 index 000000000000..fc127efd3cdb --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-strnicmp.patch @@ -0,0 +1,11 @@ +--- src/Main.h.old 2010-10-22 14:59:13.000000000 +0200 ++++ src/Main.h 2010-10-22 14:59:38.000000000 +0200 +@@ -38,7 +38,7 @@ + #endif
+
+ #ifdef LINUX
+-# define STRNICMP strnicmp
++# define STRNICMP strncasecmp
+ #elif defined SUNOS
+ # define STRNICMP strncasecmp
+ #elif defined DARWIN
diff --git a/app-forensics/ovaldi/files/ovaldi-5.10.1.4-xerces3.patch b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-xerces3.patch new file mode 100644 index 000000000000..9350029312c4 --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.10.1.4-xerces3.patch @@ -0,0 +1,283 @@ +--- src/XmlProcessor.h.old 2011-08-18 14:35:41.608703233 +0200 ++++ src/XmlProcessor.h 2011-08-18 14:39:21.835597094 +0200 +@@ -38,14 +38,17 @@ + #include <string>
+
+ // required xerces includes
+-#include <xercesc/dom/DOMBuilder.hpp>
+ #include <xercesc/dom/DOMDocument.hpp>
+ #include <xercesc/dom/DOMErrorHandler.hpp>
+ #include <xercesc/dom/DOMError.hpp>
+
+ // for entity resolver
+-#include <xercesc/dom/DOMEntityResolver.hpp>
+-#include <xercesc/dom/DOMInputSource.hpp>
++
++#include <xercesc/dom/DOMImplementationRegistry.hpp>
++#include <xercesc/dom/DOMLSParser.hpp>
++#include <xercesc/sax/EntityResolver.hpp>
++#include <xercesc/sax/InputSource.hpp>
++#include <xercesc/sax2/SAX2XMLReader.hpp>
+
+ #include "Exception.h"
+
+@@ -53,12 +56,14 @@ + This class extends the default DOMEntityResolver and implments the resolve entity method
+ to support
+ */
+-class DataDirResolver : public xercesc::DOMEntityResolver {
++class DataDirResolver : public xercesc::EntityResolver {
+ public:
+ /**
+ *
+ */
+- xercesc::DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
++// xercesc::DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI); ++ xercesc::InputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId); ++ xercesc::DOMLSInput *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI); + };
+
+ /**
+@@ -144,7 +149,7 @@ + * owns the documents it builds. Users must manually destroy
+ * those documents.
+ */
+- xercesc::DOMBuilder *parserWithCallerAdoption;
++ xercesc::DOMLSParser *parserWithCallerAdoption;
+
+ /**
+ * This parser doesn't have user-adoption switched on, so it
+@@ -156,7 +161,7 @@ + * appear to ever be switched off. So to make sure this isn't
+ * leaking memory, I have created separate parsers.
+ */
+- xercesc::DOMBuilder *parser;
++ xercesc::DOMLSParser *parser;
+
+ /** The entity resolver for both parsers. */
+ DataDirResolver resolver;
+--- src/probes/independent/XmlFileContentProbe.cpp.old 2010-10-22 14:49:22.000000000 +0200 ++++ src/probes/independent/XmlFileContentProbe.cpp 2010-10-22 14:51:39.000000000 +0200 +@@ -419,12 +419,24 @@ + return new DummyEntityResolver::DoNothingBinInputStream();
+ }
+
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#else
++const XMLCh* DummyEntityResolver::DoNothingBinInputStream::getContentType() const
++{
++ return NULL;
++}
++XMLFilePos DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#endif
+ {
+ return 0;
+ }
+
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const /*toFill*/, const unsigned int /*maxToRead*/)
++#else
++XMLSize_t DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const toFill, XMLSize_t maxToRead)
++#endif
+ {
+ return 0;
+ }
+--- src/probes/independent/XmlFileContentProbe.h.old 2010-10-22 14:55:47.000000000 +0200 ++++ src/probes/independent/XmlFileContentProbe.h 2010-10-22 14:57:00.000000000 +0200 +@@ -134,8 +134,14 @@ + class DoNothingBinInputStream : public BinInputStream
+ {
+ public:
++#if XERCES_VERSION_MAJOR < 3
+ virtual unsigned int curPos() const;
+ virtual unsigned int readBytes(XMLByte *const toFill, const unsigned int maxToRead);
++#else
++ virtual XMLFilePos curPos() const;
++ virtual const XMLCh* getContentType() const;
++ virtual XMLSize_t readBytes(XMLByte *const toFill, XMLSize_t maxToRead);
++#endif
+ };
+ };
+
+--- src/XmlCommon.cpp.old ++++ src/XmlCommon.cpp +@@ -546,7 +546,11 @@ void XmlCommon::AddSchemaLocation(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *do + string XmlCommon::GetNamespace(DOMElement *element) {
+
+ string xmlns = "";
++#if XERCES_VERSION_MAJOR < 3
+ xmlns = XmlCommon::ToString(element->getTypeInfo()->getNamespace());
++#else
++ xmlns = XmlCommon::ToString(element->getSchemaTypeInfo()->getTypeNamespace());
++#endif
+ if (xmlns.compare("") == 0) {
+ xmlns = "";
+ }
+--- src/XmlProcessor.cpp.old 2013-01-14 15:16:14.000000000 +0100 ++++ src/XmlProcessor.cpp 2013-01-14 15:19:20.000000000 +0100 +@@ -35,7 +35,6 @@ + // for dom Writer
+ #include <xercesc/dom/DOMImplementation.hpp>
+ #include <xercesc/dom/DOMImplementationLS.hpp>
+-#include <xercesc/dom/DOMWriter.hpp>
+ #include <xercesc/framework/StdOutFormatTarget.hpp>
+ #include <xercesc/framework/LocalFileFormatTarget.hpp>
+ #include <xercesc/util/XMLUni.hpp>
+@@ -50,11 +49,26 @@ + using namespace std;
+ using namespace xercesc;
+
++#if XERCES_VERSION_MAJOR < 3
++#define SetParameter(serializer,n,v) if (serializer->canSetFeature(n,v)) serializer->setFeature(n,v)
++#else
++#define SetParameter(serializer,n,v) if (serializer->getDomConfig()->canSetParameter(n,v)) serializer->getDomConfig()->setParameter(n,v)
++#endif
++
+ //****************************************************************************************//
+ // DataDirResolver Class //
+ //****************************************************************************************//
+-
++#if XERCES_VERSION_MAJOR < 3
+ DOMInputSource* DataDirResolver::resolveEntity (const XMLCh *const /*publicId*/, const XMLCh *const systemId, const XMLCh *const /*baseURI*/) {
++#else
++InputSource* DataDirResolver::resolveEntity(const XMLCh* publicId, const XMLCh* systemId)
++{
++ return NULL;
++ //return DataDirResolver::resolveEntity (publicId, systemId, NULL);
++}
++
++DOMLSInput* DataDirResolver::resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI) {
++#endif
+ string path = "";
+ size_t last;
+ string schemapath = Common::GetSchemaPath();
+@@ -127,7 +141,7 @@ + parserWithCallerAdoption = makeParser(schemaLocation);
+ // add one extra feature on this parser to prevent it from
+ // taking ownership of its documents.
+- parserWithCallerAdoption->setFeature(XMLUni::fgXercesUserAdoptsDOMDocument, true);
++ SetParameter(parserWithCallerAdoption, XMLUni::fgXercesUserAdoptsDOMDocument, true);
+
+ } catch (const XMLException& toCatch) {
+ string errMsg = "Error: An error occured durring initialization of the xml utilities:\n";
+@@ -156,32 +170,40 @@ + XMLPlatformUtils::Terminate();
+ }
+
+-DOMBuilder *XmlProcessor::makeParser(const string &schemaLocation) {
++DOMLSParser *XmlProcessor::makeParser(const string &schemaLocation) {
+ // Instantiate the DOM parser.
+ static const XMLCh gLS[] = { chLatin_L, chLatin_S, chNull };
+ DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(gLS);
+
+- DOMBuilder *parser = ((DOMImplementationLS*)impl)->createDOMBuilder(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#if XERCES_VERSION_MAJOR < 3
++ DOMLSParser *parser = ((DOMImplementationLS*)impl)->createDOMLSParser(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#else
++ DOMLSParser *parser = ((DOMImplementationLS*)impl)->createLSParser(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#endif
+
+ ///////////////////////////////////////////////////////
+ // Set features on the builder
+ ///////////////////////////////////////////////////////
+
+- parser->setFeature(XMLUni::fgDOMComments, false); // Discard Comment nodes in the document.
+- parser->setFeature(XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.
+- parser->setFeature(XMLUni::fgDOMNamespaces, true); // Perform Namespace processing
+- parser->setFeature(XMLUni::fgDOMValidation, true); // Report all validation errors.
+- parser->setFeature(XMLUni::fgXercesSchema, true); // Enable the parser's schema support.
+- parser->setFeature(XMLUni::fgXercesSchemaFullChecking, true); // Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.
+- parser->setFeature(XMLUni::fgXercesValidationErrorAsFatal, true); // The parser will treat validation error as fatal and will exit
+- parser->setFeature(XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
++ SetParameter(parser, XMLUni::fgDOMComments, false); // Discard Comment nodes in the document.
++ SetParameter(parser, XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.
++ SetParameter(parser, XMLUni::fgDOMNamespaces, true); // Perform Namespace processing
++ SetParameter(parser, XMLUni::fgDOMValidate, true); // Report all validation errors.
++ SetParameter(parser, XMLUni::fgXercesSchema, true); // Enable the parser's schema support.
++ SetParameter(parser, XMLUni::fgXercesSchemaFullChecking, true); // Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.
++ SetParameter(parser, XMLUni::fgXercesValidationErrorAsFatal, true); // The parser will treat validation error as fatal and will exit
++ SetParameter(parser, XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
+
+ ///////////////////////////////////////////////////////
+ //****************************************************************************************//
+ // The following code was added to handle air-gap operation //
+ //****************************************************************************************//
+ /* Look for XML schemas in local directory instead of Internet */
++#if XERCES_VERSION_MAJOR < 3
+ parser->setEntityResolver (&resolver);
++#else
++ parser->getDomConfig()->setParameter(XMLUni::fgXercesEntityResolver, &resolver);
++#endif
+ //****************************************************************************************//
+ // End of air-gap code //
+ //****************************************************************************************//
+@@ -189,7 +211,11 @@ + ///////////////////////////////////////////////////////
+ // Add an Error Handler
+ ///////////////////////////////////////////////////////
++#if XERCES_VERSION_MAJOR < 3
+ parser->setErrorHandler(&errHandler);
++#else
++ parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, &errHandler);
++#endif
+
+ // Fix a schema location if possible, so instance documents don't
+ // have to set the schemaLocation attribute. And if they do, this
+@@ -197,7 +223,7 @@ + // overriding of the value in instance documents.
+ if (!schemaLocation.empty()) {
+ XMLCh *schemaLocationCstr = XMLString::transcode(schemaLocation.c_str());
+- parser->setProperty(XMLUni::fgXercesSchemaExternalSchemaLocation, schemaLocationCstr);
++ SetParameter(parser, XMLUni::fgXercesSchemaExternalSchemaLocation, schemaLocationCstr);
+ XMLString::release(&schemaLocationCstr);
+ }
+
+@@ -279,23 +305,19 @@ + XMLCh tempStr[100];
+ XMLString::transcode("LS", tempStr, 99);
+ DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(tempStr);
++#if XERCES_VERSION_MAJOR < 3
+ DOMWriter *theSerializer = ((DOMImplementationLS*)impl)->createDOMWriter();
++#else
++ DOMLSSerializer *theSerializer = ((DOMImplementationLS*)impl)->createLSSerializer();
++#endif
+
+- // set feature if the serializer supports the feature/mode
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTSplitCdataSections, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTSplitCdataSections, true);
+
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTBOM, false))
+- theSerializer->setFeature(XMLUni::fgDOMWRTBOM, false);
+-
+- //if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+- // theSerializer->setFeature(XMLUni::fgDOMWRTBOM, true);
++ // set feature if the serializer supports the feature/mode
++ SetParameter(theSerializer, XMLUni::fgDOMWRTSplitCdataSections, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTDiscardDefaultContent, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTFormatPrettyPrint, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, false);
++ //SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, true);
+
+ //
+ // Plug in a format target to receive the resultant
+@@ -313,7 +335,13 @@ + //
+ // do the serialization through DOMWriter::writeNode();
+ //
++#if XERCES_VERSION_MAJOR < 3
+ theSerializer->writeNode(myFormTarget, *doc);
++#else
++ DOMLSOutput *output = ((DOMImplementationLS*)impl)->createLSOutput();
++ output->setByteStream(myFormTarget);
++ theSerializer->write(doc, output);
++#endif
+
+ theSerializer->release();
+ delete myFormTarget;
diff --git a/app-forensics/ovaldi/files/ovaldi-5.9.1-disable-ldap-probes.patch b/app-forensics/ovaldi/files/ovaldi-5.9.1-disable-ldap-probes.patch new file mode 100644 index 000000000000..1f59b02b699e --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.9.1-disable-ldap-probes.patch @@ -0,0 +1,32 @@ +--- src/linux/ProbeFactory.cpp 2010-12-10 13:37:00.019140703 +0100 ++++ src/linux/ProbeFactory.cpp 2010-08-27 21:23:41.000000000 +0200 +@@ -61,8 +61,6 @@ + probe = XmlFileContentProbe::Instance();
+ } else if(objectName.compare("textfilecontent54_object") == 0) {
+ probe = TextFileContent54Probe::Instance();
+- } else if(objectName.compare("ldap_object") == 0) {
+- probe = LDAPProbe::Instance();
+
+ // here are the objects defined in the unix schema
+ } else if(objectName.compare("file_object") == 0) {
+--- src/linux/ProbeFactory.h 2010-12-10 13:36:50.315386197 +0100 ++++ src/linux/ProbeFactory.h 2010-08-27 21:23:41.000000000 +0200 +@@ -68,7 +68,6 @@ + #include "RunLevelProbe.h"
+ #include "XinetdProbe.h"
+ #include "InetdProbe.h"
+-#include "LDAPProbe.h"
+
+
+
+--- project/linux/Makefile 2010-12-10 13:49:06.655143160 +0100 ++++ project/linux/Makefile 2010-12-10 13:47:37.247382096 +0100 +@@ -49,7 +49,7 @@ + LIBDIR = -L/usr/local/lib -L/usr/lib
+
+ # What libraries do we need?
+-LIBS = -lxerces-c -lxalan-c -lpcre -lpopt -lgcrypt -lldap
++LIBS = -lxerces-c -lxalan-c -lpcre -lpopt -lgcrypt
+
+ # Determine what package management system is being used
+ PACKAGE_RPM = $(shell /usr/bin/env rpm --version 2>/dev/null)
diff --git a/app-forensics/ovaldi/files/ovaldi-5.9.1-strnicmp.patch b/app-forensics/ovaldi/files/ovaldi-5.9.1-strnicmp.patch new file mode 100644 index 000000000000..fc127efd3cdb --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.9.1-strnicmp.patch @@ -0,0 +1,11 @@ +--- src/Main.h.old 2010-10-22 14:59:13.000000000 +0200 ++++ src/Main.h 2010-10-22 14:59:38.000000000 +0200 +@@ -38,7 +38,7 @@ + #endif
+
+ #ifdef LINUX
+-# define STRNICMP strnicmp
++# define STRNICMP strncasecmp
+ #elif defined SUNOS
+ # define STRNICMP strncasecmp
+ #elif defined DARWIN
diff --git a/app-forensics/ovaldi/files/ovaldi-5.9.1-xerces3.patch b/app-forensics/ovaldi/files/ovaldi-5.9.1-xerces3.patch new file mode 100644 index 000000000000..a5269cbb5ea5 --- /dev/null +++ b/app-forensics/ovaldi/files/ovaldi-5.9.1-xerces3.patch @@ -0,0 +1,270 @@ +--- src/XmlProcessor.cpp.old 2010-10-25 15:13:58.000000000 +0200 ++++ src/XmlProcessor.cpp 2010-10-26 09:14:46.000000000 +0200 +@@ -34,8 +34,17 @@ + //****************************************************************************************//
+ // DataDirResolver Class //
+ //****************************************************************************************//
+-
++#if XERCES_VERSION_MAJOR < 3
+ DOMInputSource* DataDirResolver::resolveEntity (const XMLCh *const /*publicId*/, const XMLCh *const systemId, const XMLCh *const /*baseURI*/) {
++#else
++InputSource* DataDirResolver::resolveEntity(const XMLCh* publicId, const XMLCh* systemId)
++{
++ return NULL;
++ //return DataDirResolver::resolveEntity (publicId, systemId, NULL);
++}
++
++DOMLSInput* DataDirResolver::resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI) {
++#endif
+ string path = "";
+ size_t last;
+ string schemapath = Common::GetSchemaPath();
+@@ -111,21 +120,35 @@ + // Instantiate the DOM parser.
+ static const XMLCh gLS[] = { chLatin_L, chLatin_S, chNull };
+ DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(gLS);
++#if XERCES_VERSION_MAJOR < 3
+ parser = ((DOMImplementationLS*)impl)->createDOMBuilder(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#else
++ parser = ((DOMImplementationLS*)impl)->createLSParser(DOMImplementationLS::MODE_SYNCHRONOUS, 0);
++#endif
+
+ ///////////////////////////////////////////////////////
+ // Set fetuares on the builder
+ ///////////////////////////////////////////////////////
+
++#if XERCES_VERSION_MAJOR < 3
++#define SetParameter(parser,n,v) parser->setFeature(n,v)
++#else
++#define SetParameter(parser,n,v) parser->getDomConfig()->setParameter(n,v)
++#endif
++ SetParameter(parser, XMLUni::fgDOMComments, false); // Discard Comment nodes in the document.
++ SetParameter(parser, XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.
++ SetParameter(parser, XMLUni::fgDOMNamespaces, true); // Perform Namespace processing
++#if XERCES_VERSION_MAJOR < 3
++ SetParameter(parser, XMLUni::fgDOMValidation, true); // Report all validation errors.
++#else
++ SetParameter(parser, XMLUni::fgDOMValidate, true); // Report all validation errors.
++#endif
++ SetParameter(parser, XMLUni::fgXercesSchema, true); // Enable the parser's schema support.
++ SetParameter(parser, XMLUni::fgXercesSchemaFullChecking, true); // Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.
++ SetParameter(parser, XMLUni::fgXercesValidationErrorAsFatal, true); // The parser will treat validation error as fatal and will exit
++ SetParameter(parser, XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
+
+- parser->setFeature(XMLUni::fgDOMComments, false); // Discard Comment nodes in the document.
+- parser->setFeature(XMLUni::fgDOMDatatypeNormalization, true); // Let the validation process do its datatype normalization that is defined in the used schema language.
+- parser->setFeature(XMLUni::fgDOMNamespaces, true); // Perform Namespace processing
+- parser->setFeature(XMLUni::fgDOMValidation, true); // Report all validation errors.
+- parser->setFeature(XMLUni::fgXercesSchema, true); // Enable the parser's schema support.
+- parser->setFeature(XMLUni::fgXercesSchemaFullChecking, true); // Enable full schema constraint checking, including checking which may be time-consuming or memory intensive. Currently, particle unique attribution constraint checking and particle derivation restriction checking are controlled by this option.
+- parser->setFeature(XMLUni::fgXercesValidationErrorAsFatal, true); // The parser will treat validation error as fatal and will exit
+- parser->setFeature(XMLUni::fgXercesDOMHasPSVIInfo, true); // Enable storing of PSVI information in element and attribute nodes.
++#undef SetParameter
+
+ ///////////////////////////////////////////////////////
+ //****************************************************************************************//
+@@ -133,7 +156,11 @@ + //****************************************************************************************//
+ /* Look for XML schemas in local directory instead of Internet */
+ DataDirResolver resolver;
++#if XERCES_VERSION_MAJOR < 3
+ parser->setEntityResolver (&resolver);
++#else
++ parser->getDomConfig()->setParameter(XMLUni::fgXercesEntityResolver, &resolver);
++#endif
+ //****************************************************************************************//
+ // End of air-gap code //
+ //****************************************************************************************//
+@@ -144,7 +171,11 @@ + // Create a new DOMErrorHandler
+ // and set it to the builder
+ XmlProcessorErrorHandler *errHandler = new XmlProcessorErrorHandler();
++#if XERCES_VERSION_MAJOR < 3
+ parser->setErrorHandler(errHandler);
++#else
++ parser->getDomConfig()->setParameter(XMLUni::fgDOMErrorHandler, errHandler);
++#endif
+
+ try {
+ // reset document pool
+@@ -215,24 +246,26 @@ + XMLCh tempStr[100];
+ XMLString::transcode("LS", tempStr, 99);
+ DOMImplementation *impl = DOMImplementationRegistry::getDOMImplementation(tempStr);
++#if XERCES_VERSION_MAJOR < 3
+ DOMWriter *theSerializer = ((DOMImplementationLS*)impl)->createDOMWriter();
++#else
++ DOMLSSerializer *theSerializer = ((DOMImplementationLS*)impl)->createLSSerializer();
++#endif
++
++#if XERCES_VERSION_MAJOR < 3
++#define SetParameter(serializer,n,v) if (serializer->canSetFeature(n,v)) serializer->setFeature(n,v)
++#else
++#define SetParameter(serializer,n,v) if (serializer->getDomConfig()->canSetParameter(n,v)) serializer->getDomConfig()->setParameter(n,v)
++#endif
+
+ // set feature if the serializer supports the feature/mode
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTSplitCdataSections, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTSplitCdataSections, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true))
+- theSerializer->setFeature(XMLUni::fgDOMWRTFormatPrettyPrint, true);
+-
+- if (theSerializer->canSetFeature(XMLUni::fgDOMWRTBOM, false))
+- theSerializer->setFeature(XMLUni::fgDOMWRTBOM, false);
+-
+- //if (theSerializer->canSetFeature(XMLUni::fgDOMWRTDiscardDefaultContent, true))
+- // theSerializer->setFeature(XMLUni::fgDOMWRTBOM, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTSplitCdataSections, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTDiscardDefaultContent, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTFormatPrettyPrint, true);
++ SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, false);
++ //SetParameter(theSerializer, XMLUni::fgDOMWRTBOM, true);
+
++#undef SetParameter
+ //
+ // Plug in a format target to receive the resultant
+ // XML stream from the serializer.
+@@ -249,7 +282,13 @@ + //
+ // do the serialization through DOMWriter::writeNode();
+ //
++#if XERCES_VERSION_MAJOR < 3
+ theSerializer->writeNode(myFormTarget, *doc);
++#else
++ DOMLSOutput *output = ((DOMImplementationLS*)impl)->createLSOutput();
++ output->setByteStream(myFormTarget);
++ theSerializer->write(doc, output);
++#endif
+
+ delete theSerializer;
+ delete myFormTarget;
+--- src/XmlProcessor.h.old 2010-10-22 12:06:05.000000000 +0200 ++++ src/XmlProcessor.h 2010-10-22 12:06:20.000000000 +0200 +@@ -40,7 +40,7 @@ +
+ // required xerces includes
+ #include <xercesc/dom/DOMImplementationRegistry.hpp>
+-#include <xercesc/dom/DOMBuilder.hpp>
++//#include <xercesc/dom/DOMBuilder.hpp>
+ #include <xercesc/dom/DOMException.hpp>
+ #include <xercesc/dom/DOMErrorHandler.hpp>
+ #include <xercesc/dom/DOMError.hpp>
+--- src/XmlProcessor.h.old 2010-10-22 14:40:45.000000000 +0200 ++++ src/XmlProcessor.h 2010-10-22 14:42:00.000000000 +0200 +@@ -50,18 +50,23 @@ + // for dom Writer
+ #include <xercesc/dom/DOMImplementation.hpp>
+ #include <xercesc/dom/DOMImplementationLS.hpp>
+-#include <xercesc/dom/DOMWriter.hpp>
++//#include <xercesc/dom/DOMWriter.hpp>
+ #include <xercesc/framework/StdOutFormatTarget.hpp>
+ #include <xercesc/framework/LocalFileFormatTarget.hpp>
+ #include <xercesc/parsers/XercesDOMParser.hpp>
+ #include <xercesc/util/XMLUni.hpp>
+
+ // for entity resolver
+-#include <xercesc/dom/DOMEntityResolver.hpp>
+-#include <xercesc/dom/DOMInputSource.hpp>
++//#include <xercesc/dom/DOMEntityResolver.hpp>
++//#include <xercesc/dom/DOMInputSource.hpp>
+ #include <xercesc/framework/LocalFileInputSource.hpp>
+ #include <xercesc/framework/Wrapper4InputSource.hpp>
+
++#include <xercesc/dom/DOMImplementationRegistry.hpp>
++#include <xercesc/sax/EntityResolver.hpp>
++#include <xercesc/sax/InputSource.hpp>
++#include <xercesc/sax2/SAX2XMLReader.hpp>
++
+
+ XERCES_CPP_NAMESPACE_USE
+
+--- src/XmlProcessor.h.old 2010-10-22 14:43:06.000000000 +0200 ++++ src/XmlProcessor.h 2010-10-22 14:44:16.000000000 +0200 +@@ -75,12 +75,14 @@ + This class extends the default DOMEntityResolver and implments the resolve entity method
+ to support
+ */
+-class DataDirResolver : public DOMEntityResolver {
++class DataDirResolver : public EntityResolver {
+ public:
+ /**
+ *
+ */
+- DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
++// DOMInputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
++ InputSource *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId);
++ DOMLSInput *resolveEntity (const XMLCh *const publicId, const XMLCh *const systemId, const XMLCh *const baseURI);
+ };
+
+ /**
+@@ -120,7 +122,7 @@ +
+ static XmlProcessor* instance;
+
+- DOMBuilder *parser;
++ DOMLSParser *parser;
+ };
+
+ /**
+--- src/probes/independent/XmlFileContentProbe.cpp.old 2010-10-22 14:49:22.000000000 +0200 ++++ src/probes/independent/XmlFileContentProbe.cpp 2010-10-22 14:51:39.000000000 +0200 +@@ -419,12 +419,24 @@ + return new DummyEntityResolver::DoNothingBinInputStream();
+ }
+
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#else
++const XMLCh* DummyEntityResolver::DoNothingBinInputStream::getContentType() const
++{
++ return NULL;
++}
++XMLFilePos DummyEntityResolver::DoNothingBinInputStream::curPos() const
++#endif
+ {
+ return 0;
+ }
+
++#if XERCES_VERSION_MAJOR < 3
+ unsigned int DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const /*toFill*/, const unsigned int /*maxToRead*/)
++#else
++XMLSize_t DummyEntityResolver::DoNothingBinInputStream::readBytes(XMLByte *const toFill, XMLSize_t maxToRead)
++#endif
+ {
+ return 0;
+ }
+--- src/probes/independent/XmlFileContentProbe.h.old 2010-10-22 14:55:47.000000000 +0200 ++++ src/probes/independent/XmlFileContentProbe.h 2010-10-22 14:57:00.000000000 +0200 +@@ -134,8 +134,14 @@ + class DoNothingBinInputStream : public BinInputStream
+ {
+ public:
++#if XERCES_VERSION_MAJOR < 3
+ virtual unsigned int curPos() const;
+ virtual unsigned int readBytes(XMLByte *const toFill, const unsigned int maxToRead);
++#else
++ virtual XMLFilePos curPos() const;
++ virtual const XMLCh* getContentType() const;
++ virtual XMLSize_t readBytes(XMLByte *const toFill, XMLSize_t maxToRead);
++#endif
+ };
+ };
+
+--- src/XmlCommon.cpp.old ++++ src/XmlCommon.cpp +@@ -546,7 +546,11 @@ void XmlCommon::AddSchemaLocation(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *do + string XmlCommon::GetNamespace(DOMElement *element) {
+
+ string xmlns = "";
++#if XERCES_VERSION_MAJOR < 3
+ xmlns = XmlCommon::ToString(element->getTypeInfo()->getNamespace());
++#else
++ xmlns = XmlCommon::ToString(element->getSchemaTypeInfo()->getTypeNamespace());
++#endif
+ if (xmlns.compare("") == 0) {
+ xmlns = "";
+ }
diff --git a/app-forensics/ovaldi/files/rpmdb.patch b/app-forensics/ovaldi/files/rpmdb.patch new file mode 100644 index 000000000000..0d6e62608b52 --- /dev/null +++ b/app-forensics/ovaldi/files/rpmdb.patch @@ -0,0 +1,58 @@ +--- src/probes/linux/rpmdb.h.old 2010-10-22 15:16:49.000000000 +0200 ++++ src/probes/linux/rpmdb.h 2010-10-22 15:22:09.000000000 +0200 +@@ -8,8 +8,8 @@ + */ + + #include <assert.h> +-#include "rpmlib.h" +-#include "rpmsw.h" ++/*#include <rpmlib.h> ++#include <rpmsw.h>*/ + #include "db.h" + + /*@-exportlocal@*/ +@@ -508,7 +508,7 @@ + * @param opx per-rpmdb accumulator index (aka rpmtsOpX) + * @return per-rpmdb accumulator pointer + */ +-void * dbiStatsAccumulator(dbiIndex dbi, int opx) ++rpmop_s * dbiStatsAccumulator(dbiIndex dbi, int opx) + /*@*/; + + #if !defined(SWIG) +@@ -576,7 +576,7 @@ + /*@globals fileSystem, internalState @*/ + /*@modifies dbi, *dbcursor, fileSystem, internalState @*/ + { +- void * sw = dbiStatsAccumulator(dbi, 16); /* RPMTS_OP_DBDEL */ ++ rpmop_s *sw = dbiStatsAccumulator(dbi, 16); /* RPMTS_OP_DBDEL */ + int rc; + assert(key->data != NULL && key->size > 0); + (void) rpmswEnter(sw, 0); +@@ -600,7 +600,7 @@ + /*@globals fileSystem, internalState @*/ + /*@modifies dbi, *dbcursor, *key, *data, fileSystem, internalState @*/ + { +- void * sw = dbiStatsAccumulator(dbi, 14); /* RPMTS_OP_DBGET */ ++ rpmop_s * sw = dbiStatsAccumulator(dbi, 14); /* RPMTS_OP_DBGET */ + int rc; + assert((flags == DB_NEXT) || (key->data != NULL && key->size > 0)); + (void) rpmswEnter(sw, 0); +@@ -625,7 +625,7 @@ + /*@globals fileSystem, internalState @*/ + /*@modifies dbi, *dbcursor, *key, *pkey, *data, fileSystem, internalState @*/ + { +- void * sw = dbiStatsAccumulator(dbi, 14); /* RPMTS_OP_DBGET */ ++ rpmop_s * sw = dbiStatsAccumulator(dbi, 14); /* RPMTS_OP_DBGET */ + int rc; + assert((flags == DB_NEXT) || (key->data != NULL && key->size > 0)); + (void) rpmswEnter(sw, 0); +@@ -649,7 +649,7 @@ + /*@globals fileSystem, internalState @*/ + /*@modifies dbi, *dbcursor, *key, fileSystem, internalState @*/ + { +- void * sw = dbiStatsAccumulator(dbi, 15); /* RPMTS_OP_DBPUT */ ++ rpmop_s * sw = dbiStatsAccumulator(dbi, 15); /* RPMTS_OP_DBPUT */ + int rc; + assert(key->data != NULL && key->size > 0 && data->data != NULL && data->size > 0); + (void) rpmswEnter(sw, 0); diff --git a/app-forensics/ovaldi/files/use_local_rpmdb.patch b/app-forensics/ovaldi/files/use_local_rpmdb.patch new file mode 100644 index 000000000000..036d35edf947 --- /dev/null +++ b/app-forensics/ovaldi/files/use_local_rpmdb.patch @@ -0,0 +1,11 @@ +--- src/probes/linux/RPMInfoProbe.h.old 2010-10-22 15:12:50.000000000 +0200 ++++ src/probes/linux/RPMInfoProbe.h 2010-10-22 15:13:02.000000000 +0200 +@@ -36,7 +36,7 @@ + #include <rpm/rpmlib.h>
+ #include <rpm/rpmio.h>
+ #include <rpm/rpmts.h>
+-#include <rpm/rpmdb.h>
++#include "rpmdb.h"
+ #include <rpm/header.h>
+ #include <rpm/rpmcli.h> // added for rpm query function
+ #include <rpm/rpmds.h> // added for rpm query function
diff --git a/app-forensics/ovaldi/metadata.xml b/app-forensics/ovaldi/metadata.xml new file mode 100644 index 000000000000..c82cdda62c13 --- /dev/null +++ b/app-forensics/ovaldi/metadata.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>proxy-maintainers</herd> + <maintainer> + <email>clabbe.montjoie@gmail.com</email> + <name>LABBE Corentin</name> + <description>Upstream and Maintainer. Assign bugs to him</description> + </maintainer> + <use> + <flag name="rpm">Enable the RPM probes</flag> + </use> + <upstream> + <remote-id type="sourceforge">ovaldi</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/ovaldi/ovaldi-5.10.1.2.ebuild b/app-forensics/ovaldi/ovaldi-5.10.1.2.ebuild new file mode 100644 index 000000000000..10235f4589c7 --- /dev/null +++ b/app-forensics/ovaldi/ovaldi-5.10.1.2.ebuild @@ -0,0 +1,78 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=3 + +inherit eutils + +DESCRIPTION="Free implementation of OVAL" +HOMEPAGE="http://oval.mitre.org/language/interpreter.html" +SRC_URI="mirror://sourceforge/${PN}/${P}-src.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="ldap rpm selinux" + +DEPEND="rpm? ( app-arch/rpm ) + dev-libs/libgcrypt:0 + dev-libs/libpcre + dev-libs/xalan-c + dev-libs/xerces-c + ldap? ( net-nds/openldap )" +RDEPEND="${DEPEND} + selinux? ( sys-libs/libselinux )" + +S="${WORKDIR}/${P}-src" + +src_prepare() { + epatch "${FILESDIR}"/${P}-xerces3.patch + epatch "${FILESDIR}"/${P}-strnicmp.patch + epatch "${FILESDIR}"/${P}-missing-memory-header.patch + if ! use ldap ; then + einfo "Disabling LDAP probes" + epatch "${FILESDIR}"/${P}-disable-ldap-probes.patch + sed -i 's/-lldap//' project/linux/Makefile || die + sed -i 's/.*LDAPProbe.h.*//' src/linux/ProbeFactory.h || die + rm src/probes/independent/LDAPProbe.{cpp,h} || die + fi + + # rpm probes support is build dependant only on the presence of the rpm binary + if use rpm ; then + #Same problems as bug 274679, so i do a local copy of the header and patch it + cp /usr/include/rpm/rpmdb.h src/probes/linux/ || die + epatch "${FILESDIR}"/use_local_rpmdb.patch + epatch "${FILESDIR}"/rpmdb.patch + else + einfo "Disabling rpm probes" + sed -i 's/^PACKAGE_RPM/#PACKAGE_RPM/' project/linux/Makefile || die + fi + # same thing for dpkg, but package dpkg is not sufficient, needs app-arch/apt-pkg that is not on tree + einfo "Disabling dpkg probes" + sed -i 's/^PACKAGE_DPKG/#PACKAGE_DPKG/' project/linux/Makefile || die + + #Disabling SELinux support + if ! use selinux ; then + rm src/probes/linux/SelinuxSecurityContextProbe.cpp || die + rm src/probes/linux/SelinuxBooleanProbe.cpp || die + rm src/probes/linux/SelinuxBooleanProbe.h || die + epatch "${FILESDIR}"/${P}-disable-selinux-probes.patch + else + epatch "${FILESDIR}"/${P}-add-selinux-libs.patch + fi +} + +src_compile () { + emake -C project/linux || die +} + +src_install () { + # no make install in Makefile + dosbin project/linux/Release/ovaldi project/linux/ovaldi.sh || die + dodir /var/log/${PN} || die + insinto /usr/share/${PN} + doins xml/* || die + dodoc docs/{README.txt,version.txt} || die + doman docs/ovaldi.1 || die +} diff --git a/app-forensics/ovaldi/ovaldi-5.10.1.4.ebuild b/app-forensics/ovaldi/ovaldi-5.10.1.4.ebuild new file mode 100644 index 000000000000..0e6af2534dc0 --- /dev/null +++ b/app-forensics/ovaldi/ovaldi-5.10.1.4.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils toolchain-funcs + +DESCRIPTION="Free implementation of OVAL" +HOMEPAGE="http://oval.mitre.org/language/interpreter.html" +SRC_URI="mirror://sourceforge/${PN}/${P}-src.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl ldap rpm selinux" + +CDEPEND="dev-libs/libgcrypt:0 + dev-libs/libpcre + dev-libs/xalan-c + dev-libs/xerces-c + sys-apps/util-linux + sys-libs/libcap + acl? ( sys-apps/acl ) + ldap? ( net-nds/openldap ) + rpm? ( app-arch/rpm )" +DEPEND="${CDEPEND} + sys-apps/sed" +RDEPEND="${CDEPEND} + selinux? ( sys-libs/libselinux )" + +S="${WORKDIR}/${P}-src" + +src_prepare() { + #Ovaldi do not support xerces 3, but portage have only that + epatch "${FILESDIR}"/${P}-xerces3.patch + sed -i 's,xercesc::DOMBuilder,xercesc::DOMLSParser,' src/XmlProcessor.h || die + sed -i 's,DOMBuilder,DOMLSParser,' src/XmlProcessor.cpp || die + + epatch "${FILESDIR}"/${P}-strnicmp.patch + + if ! use ldap ; then + einfo "Disabling LDAP probes" + sed -i 's,.*ldap,//&,' src/linux/ProbeFactory.cpp || die + sed -i 's,.*LDAP,//&,' src/linux/ProbeFactory.cpp || die + sed -i 's/-lldap//' project/linux/Makefile || die + sed -i 's/-llber//' project/linux/Makefile || die + sed -i 's/.*LDAPProbe.h.*//' src/linux/ProbeFactory.h || die + rm src/probes/independent/LDAPProbe.{cpp,h} || die + fi + + if ! use acl ; then + sed -i 's,.*libacl,//&,' src/probes/unix/FileProbe.h || die + epatch "${FILESDIR}"/disable-acl.patch + sed -i 's, -lacl , ,' project/linux/Makefile || die + fi + + # rpm probes support is build dependant only on the presence of the rpm binary + if use rpm ; then + #Same problems as bug 274679, so i do a local copy of the header and patch it + cp /usr/include/rpm/rpmdb.h src/probes/linux/ || die + epatch "${FILESDIR}"/use_local_rpmdb.patch + epatch "${FILESDIR}"/rpmdb.patch + else + einfo "Disabling rpm probes" + sed -i 's/^PACKAGE_RPM/#PACKAGE_RPM/' project/linux/Makefile || die + fi + # same thing for dpkg, but package dpkg is not sufficient, needs app-arch/apt-pkg that is not on tree + einfo "Disabling dpkg probes" + sed -i 's/^PACKAGE_DPKG/#PACKAGE_DPKG/' project/linux/Makefile || die + + #Disabling SELinux support + if ! use selinux ; then + rm src/probes/linux/SelinuxSecurityContextProbe.cpp || die + rm src/probes/linux/SelinuxBooleanProbe.cpp || die + rm src/probes/linux/SelinuxBooleanProbe.h || die + epatch "${FILESDIR}"/${P}-disable-selinux-probes.patch + sed -i 's,.*selinux.*,//&,' src/linux/ProbeFactory.cpp || die + sed -i 's,.*Selinux.*,//&,' src/linux/ProbeFactory.cpp || die + sed -i 's,.*selinux.*,//&,' src/linux/ProbeFactory.h || die + sed -i 's,.*Selinux.*,//&,' src/linux/ProbeFactory.h || die + sed -i 's,.*SecurityContextGuard.h.*,//&,' src/probes/unix/Process58Probe.cpp || die + rm src/linux/SecurityContextGuard.h || die + sed -i 's, -lselinux,,' project/linux/Makefile || die + fi + # respect CXXFLAGS and CXX + sed -i -e '/^CPPFLAGS/s/$(INCDIRS)/$(CXXFLAGS) \0/' project/linux/Makefile || die + tc-export CXX +} + +src_compile () { + emake -C project/linux +} + +src_install () { + # no make install in Makefile + dosbin project/linux/Release/ovaldi project/linux/ovaldi.sh + dodir /var/log/${PN} + insinto /usr/share/${PN} + doins xml/* + dodoc docs/{README.txt,version.txt} + doman docs/ovaldi.1 +} diff --git a/app-forensics/ovaldi/ovaldi-5.9.1.ebuild b/app-forensics/ovaldi/ovaldi-5.9.1.ebuild new file mode 100644 index 000000000000..d0f4b9c161b4 --- /dev/null +++ b/app-forensics/ovaldi/ovaldi-5.9.1.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=3 + +inherit eutils + +DESCRIPTION="Free implementation of OVAL" +HOMEPAGE="http://oval.mitre.org/language/interpreter.html" +SRC_URI="mirror://sourceforge/${PN}/${P}-src.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="ldap rpm" + +DEPEND="rpm? ( app-arch/rpm ) + dev-libs/libgcrypt:0 + dev-libs/libpcre + dev-libs/xalan-c + dev-libs/xerces-c + ldap? ( net-nds/openldap )" +RDEPEND="${DEPEND}" + +S="${WORKDIR}/${P}-src" + +src_prepare() { + epatch "${FILESDIR}"/${P}-xerces3.patch + epatch "${FILESDIR}"/${P}-strnicmp.patch + if ! use ldap ; then + einfo "Disabling LDAP probes" + epatch "${FILESDIR}"/${P}-disable-ldap-probes.patch + rm src/probes/independent/LDAPProbe.{cpp,h} || die + fi + + # rpm probes support is build dependant only on the presence of the rpm binary + if use rpm ; then + #Same problems as bug 274679, so i do a local copy of the header and patch it + cp /usr/include/rpm/rpmdb.h src/probes/linux/ || die + epatch "${FILESDIR}"/use_local_rpmdb.patch + epatch "${FILESDIR}"/rpmdb.patch + else + einfo "Disabling rpm probes" + sed -i 's/^PACKAGE_RPM/#PACKAGE_RPM/' project/linux/Makefile || die + fi + # same thing for dpkg, but package dpkg is not sufficient, needs app-arch/apt-pkg that is not on tree + einfo "Disabling dpkg probes" + sed -i 's/^PACKAGE_DPKG/#PACKAGE_DPKG/' project/linux/Makefile || die +} + +src_compile () { + emake -C project/linux || die +} + +src_install () { + # no make install in Makefile + dosbin project/linux/Release/ovaldi project/linux/ovaldi.sh || die + dodir /var/log/${PN} || die + insinto /usr/share/${PN} + doins xml/* || die + dodoc docs/{README.txt,version.txt} || die + doman docs/ovaldi.1 || die +} diff --git a/app-forensics/pasco/Manifest b/app-forensics/pasco/Manifest new file mode 100644 index 000000000000..88bae5743b6a --- /dev/null +++ b/app-forensics/pasco/Manifest @@ -0,0 +1 @@ +DIST pasco_20040505_1.tar.gz 4032 SHA256 a3b8ee7be960571410bc564ecc93067755a28650fb35bfb559a4aeb6af6f6868 SHA512 fd3c1b31618a64ea9a381c68971800a511f8c826a26ca0f554bd6c69f4992312c0c34adf7067da97ff6d7c11b7ed8a64401435fa9ceb218e165cf83a3b6083db WHIRLPOOL 8c853c78e0a47bf4424da8b381ccfdc8091949969d95488a798434c86d70aa057cc385e16ea3b5075b354a790b6e8a7e4448c5ca7f9bcd74e88aa019f7cb0499 diff --git a/app-forensics/pasco/metadata.xml b/app-forensics/pasco/metadata.xml new file mode 100644 index 000000000000..259976d9a211 --- /dev/null +++ b/app-forensics/pasco/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <upstream> + <remote-id type="sourceforge">odessa</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/pasco/pasco-20040505_p1-r1.ebuild b/app-forensics/pasco/pasco-20040505_p1-r1.ebuild new file mode 100644 index 000000000000..aa13acb97643 --- /dev/null +++ b/app-forensics/pasco/pasco-20040505_p1-r1.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit toolchain-funcs + +MY_P=${PN}_${PV/_p/_} + +DESCRIPTION="IE Activity Parser" +HOMEPAGE="http://sourceforge.net/projects/odessa/" +SRC_URI="mirror://sourceforge/odessa/${MY_P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +S="${WORKDIR}/${MY_P}/src" + +src_compile() { + $(tc-getCC) ${CFLAGS} ${LDFLAGS} -o ${PN} ${PN}.c -lm -lc || die "failed to compile" +} + +src_install() { + dobin ${PN} +} diff --git a/app-forensics/pasco/pasco-20040505_p1.ebuild b/app-forensics/pasco/pasco-20040505_p1.ebuild new file mode 100644 index 000000000000..f51427055ec6 --- /dev/null +++ b/app-forensics/pasco/pasco-20040505_p1.ebuild @@ -0,0 +1,25 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit toolchain-funcs + +MY_P=${PN}_${PV/_p/_} +DESCRIPTION="IE Activity Parser" +HOMEPAGE="http://sourceforge.net/projects/odessa/" +SRC_URI="mirror://sourceforge/odessa/${MY_P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc x86" +IUSE="" + +S=${WORKDIR}/${MY_P} + +src_compile() { + cd src + $(tc-getCC) ${CFLAGS} ${LDFLAGS} -o pasco pasco.c -lm -lc || die "failed to compile" +} + +src_install() { + dobin src/pasco +} diff --git a/app-forensics/rdd/Manifest b/app-forensics/rdd/Manifest new file mode 100644 index 000000000000..cbbe14b641c1 --- /dev/null +++ b/app-forensics/rdd/Manifest @@ -0,0 +1 @@ +DIST rdd-3.0.4.tar.gz 5896942 SHA256 13e20e91dbc029a4a4f0713c1a049c94378083a1f3469ef0006e301484040685 SHA512 8f4536cfd8d1f4bb841a40d163b922698e27f02b8aa9f525c265e4c2ebf94bf5e61f8ea8452fca00d5a5ab7977bc24b64288b6442c8076692b045ed9936ba86f WHIRLPOOL 25a5b8032aa6c317d55f83ad745e1c0436aac12655726ce4a1938900bcd34c7cb92d6410159b490800bf8b850658573f3999a15b261539597820aa5360e4ecb3 diff --git a/app-forensics/rdd/files/rdd-3.0.4-sandbox-fix.patch b/app-forensics/rdd/files/rdd-3.0.4-sandbox-fix.patch new file mode 100644 index 000000000000..b7188030fba5 --- /dev/null +++ b/app-forensics/rdd/files/rdd-3.0.4-sandbox-fix.patch @@ -0,0 +1,25 @@ +diff -Naur rdd-3.0.4-orig/src/Makefile.am rdd-3.0.4/src/Makefile.am +--- rdd-3.0.4-orig/src/Makefile.am 2013-07-26 11:27:50.288696066 -0400 ++++ rdd-3.0.4/src/Makefile.am 2013-07-26 12:14:51.601771619 -0400 +@@ -83,14 +83,15 @@ + rdd-verify.1 + + install-exec-local: +- $(INSTALL) $(srcdir)/rddi.py $(bindir)/rddi +- $(INSTALL) $(srcdir)/plot-entropy.py $(bindir)/plot-entropy +- $(INSTALL) $(srcdir)/plot-md5.py $(bindir)/plot-md5 ++ $(INSTALL) -d $(DESTDIR)$(bindir) ++ $(INSTALL) $(srcdir)/rddi.py $(DESTDIR)$(bindir)/rddi ++ $(INSTALL) $(srcdir)/plot-entropy.py $(DESTDIR)$(bindir)/plot-entropy ++ $(INSTALL) $(srcdir)/plot-md5.py $(DESTDIR)$(bindir)/plot-md5 + + uninstall-local: +- rm -f $(bindir)/rddi +- rm -f $(bindir)/plot-entropy +- rm -f $(bindir)/plot-md5 ++ rm -f $(DESTDIR)$(bindir)/rddi ++ rm -f $(DESTDIR)$(bindir)/plot-entropy ++ rm -f $(DESTDIR)$(bindir)/plot-md5 + + DISTCLEANFILES= Makefile.in + diff --git a/app-forensics/rdd/metadata.xml b/app-forensics/rdd/metadata.xml new file mode 100644 index 000000000000..dd5f0a448a31 --- /dev/null +++ b/app-forensics/rdd/metadata.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>benchmarks</herd> + <maintainer> + <email>patrick@gentoo.org</email> + <name>Patrick Lauer</name> + </maintainer> + <maintainer> + <email>zerochaos@gentoo.org</email> + <name>Rick Farina</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">rdd</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/rdd/rdd-3.0.4-r1.ebuild b/app-forensics/rdd/rdd-3.0.4-r1.ebuild new file mode 100644 index 000000000000..1c117d472b4d --- /dev/null +++ b/app-forensics/rdd/rdd-3.0.4-r1.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit autotools eutils + +# no worky +RESTRICT="test" + +DESCRIPTION="Rdd is a forensic copy program" +HOMEPAGE="http://www.sf.net/projects/rdd" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +KEYWORDS="~x86 ~amd64" +IUSE="debug doc" +LICENSE="BSD" +SLOT="0" + +RDEPEND="app-forensics/libewf + x11-libs/gtk+:2 + gnome-base/libglade:2.0" + +DEPEND="${RDEPEND} + doc? ( app-doc/doxygen )" + +src_prepare() { + epatch "${FILESDIR}/rdd-3.0.4-sandbox-fix.patch" + sed -i 's/AM_PATH_GTK_2_0//' configure.ac || die + AT_M4DIR=m4 eautoreconf +} + +src_configure() { + #doxygen-html fails but the docs are prebuilt so we don't need to enable them + econf --disable-doxygen-html \ + $(use_enable debug tracing) \ + $(use_enable doc doxygen-doc) +} + +src_compile() { + emake -j1 +} + +src_install() { + emake install DESTDIR="${D}" + dobin src/rddi.py + dosym rdd-copy /usr/bin/rdd + #this causes a warning about not being recursive, no clue why + dohtml -r doxygen-doc/html/* +} diff --git a/app-forensics/rifiuti/Manifest b/app-forensics/rifiuti/Manifest new file mode 100644 index 000000000000..30e135c83b6f --- /dev/null +++ b/app-forensics/rifiuti/Manifest @@ -0,0 +1 @@ +DIST rifiuti_20040505_1.tar.gz 2823 SHA256 3694cf6811c7be96412934ee1f378cf74003472d1a62dc642e2229f4ad5073cc SHA512 9d7e77c3eb74b97fedd66c0cac9c1960d3de0f284fcdee81c1e523eb9898cc9758194d7913b1bd7e0bc82eae4eeed656b7b3c699bcdd536325604d17c41da6de WHIRLPOOL 791e3ebee6a9e125da17a6a9180ff3ef7ad81b3339f039031c6b57a8a37339c230d5e721326d4e956945013e6ca359e55fadf0ea35ba9d3a949e8461e3d09bce diff --git a/app-forensics/rifiuti/metadata.xml b/app-forensics/rifiuti/metadata.xml new file mode 100644 index 000000000000..259976d9a211 --- /dev/null +++ b/app-forensics/rifiuti/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <upstream> + <remote-id type="sourceforge">odessa</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/rifiuti/rifiuti-20040505_p1.ebuild b/app-forensics/rifiuti/rifiuti-20040505_p1.ebuild new file mode 100644 index 000000000000..cbeee622762a --- /dev/null +++ b/app-forensics/rifiuti/rifiuti-20040505_p1.ebuild @@ -0,0 +1,25 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit toolchain-funcs + +MY_P=${PN}_${PV/_p/_} +DESCRIPTION="Recycle Bin Analyzer" +HOMEPAGE="http://sourceforge.net/projects/odessa/" +SRC_URI="mirror://sourceforge/odessa/${MY_P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc x86" +IUSE="" + +S=${WORKDIR}/${MY_P} + +src_compile() { + cd src + $(tc-getCC) ${CFLAGS} ${LDFLAGS} -o rifiuti rifiuti.c -lm -lc || die "failed to compile" +} + +src_install() { + dobin src/rifiuti +} diff --git a/app-forensics/rkhunter/Manifest b/app-forensics/rkhunter/Manifest new file mode 100644 index 000000000000..614e87813ee2 --- /dev/null +++ b/app-forensics/rkhunter/Manifest @@ -0,0 +1,2 @@ +DIST rkhunter-1.4.0.tar.gz 244211 SHA256 8a03d6add50663531994d55aff058eced74c64df948b88176621cd761b68ccf9 SHA512 597e8b2e3f75cd1cb57dd3e33df004265f03ca1503310f984211612da43a160e5d3b50626b4918bd38bf0d239fe2e4a45e55a96212c5a3b5a5645e77e030b60a WHIRLPOOL 45c023b625c7c1664a9f99438b5bebe5ed70265346f122b9d71f91611439d77a2bda01c137698898314183458c4467c66f73bb703b83fbaae2ffe65ded3307ad +DIST rkhunter-1.4.2.tar.gz 277707 SHA256 789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3 SHA512 a4e45caaaf5b8262619ebb890784c75c4e30db4c6c0eba305f86d419142b4796c95bc55fe8846dce8d58bc7636bdb365a4a8c41707f64d4d81373687c5a3b0d4 WHIRLPOOL 911ed8e37e112516adba3afb63e3d4862d061ea35cd4b8becea455922d6b2a744f4b8e7cf92685cff29c3192c594dfc58ba3c194f371dd4d95530bd4c09c5d84 diff --git a/app-forensics/rkhunter/files/rkhunter-1.3.cron b/app-forensics/rkhunter/files/rkhunter-1.3.cron new file mode 100644 index 000000000000..ae14dd3dcb67 --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter-1.3.cron @@ -0,0 +1,134 @@ +#!/bin/bash +# $Id$ +# original author: Aaron Walker <ka0ttic@gentoo.org> + +########################## Begin Configuration ############################### + +# Default options - more options may be added depending on the +# configuration variables you set below +# --cronjob implies -c, --nocolor, --sk +RKHUNTER_OPTS="--cronjob --summary" + +# Set this to 'yes' to enable ; this script does nothing otherwise +ENABLE=no + +# Automatically update rkhunter's dat files prior to running? +UPDATE=no + +# Set this to 'yes' if you wish the output to be mailed to you +SEND_EMAIL=no + +# NOTE: the following EMAIL_* variables are only relevant if you set the +# SEND_EMAIL variable to 'yes' +EMAIL_SUBJECT="${HOSTNAME}: rkhunter output" +EMAIL_RECIPIENT=root +EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}" + +# Log rkhunter output? +LOG=no + +# The default log location is /var/log/rkhunter.log. Set this variable if +# you'd like to use an alternate location. +#LOGFILE="" + +# By default, the log file created by rkhunter is world-readable (0644). If +# you'd like to modify the permissions afterwards, set this variable. The +# value of this variable, must be a valid chmod argument such as '0600' or +# 'u+rw,go-rwx'. See the chmod(1) manual page for more information. +#LOGFILE_PERMS="0600" + +# By default, rkhunter overwrites the previous log. Set this variable +# to 'yes' if you'd like the log output appended to the logfile, instead +# of overwriting it. +SAVE_OLD_LOGS=no + +# Set to 1 to recieve only warnings & errors +# Set to 2 to recieve ALL rkhunter output +# Set to 3 to recieve rkhunter report +VERBOSITY=3 + +########################### End Configuration ################################ + +# exit immediately, unless enabled +[[ "${ENABLE}" == "yes" ]] || exit 0 + +# debug mode? (mainly for my benefit) +if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then + set -o verbose -o xtrace +fi + +[[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log" + +# moved this out of config section since it'll +# probably never need to be changed +RKHUNTER_EXEC="/usr/sbin/rkhunter" + +# sanity check +if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then + echo "${RKHUNTER_EXEC} does not exist or is not executable!" + exit 1 +fi + +# we create a few tmp files, so let's at least make +# them readable/writable by root only +umask 0077 + +# all output goes to this temp file +_tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX) +exec > ${_tmpout} 2>&1 + +# update data files +if [[ "${UPDATE}" == "yes" ]] ; then + # save the output of --update in a tmp file so that it can be mailed + # along with the scan output; otherwise the user will get 2 mails + ${RKHUNTER_EXEC} --nocolor --update +fi + +# formulate options string according to user configuration +[[ "${LOG}" == "yes" ]] && \ + RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}" + +case "${VERBOSITY}" in + # warnings and errors only + 1) RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;; + # default rkhunter output (no extra options) +# 2) ;; + # default to option 3 + *) ;; +esac + +# save old log +if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then + if [[ -e "${LOGFILE}" ]] ; then + _tmpfile=$(mktemp ${LOGFILE}.XXXXXX) + mv -f ${LOGFILE} ${_tmpfile} + echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile} + fi +fi + +# finally, run rkhunter +CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}" +eval ${CMD} +RV=$? + +# email output? +if [[ "${SEND_EMAIL}" == "yes" ]] ; then + CMD="cat ${_tmpout} ${EMAIL_CMD}" + eval ${CMD} +fi + +# remove temp file +[[ -n "${_tmpout}" ]] && rm -f ${_tmpout} + +[[ "${LOG}" != "yes" ]] && exit ${RV} + +# from this point on, we can assume logging is enabled + +# append new log to old log and restore +if [[ -n "${_tmpfile}" ]] ; then + cat ${LOGFILE} >> ${_tmpfile} + mv ${_tmpfile} ${LOGFILE} +fi + +chmod ${LOGFILE_PERMS:-0644} ${LOGFILE} +exit ${RV} diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.0.conf.patch b/app-forensics/rkhunter/files/rkhunter-1.4.0.conf.patch new file mode 100644 index 000000000000..0b5465590c2a --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter-1.4.0.conf.patch @@ -0,0 +1,31 @@ +--- rkhunter.conf.old 2009-01-07 17:33:11.000000000 +0100 ++++ rkhunter.conf 2009-01-07 17:36:58.000000000 +0100 +@@ -19,6 +19,7 @@ + # describing the option will say if this is so. + # + ++INSTALLDIR=/usr + + # + # If this option is set to 1, it specifies that the mirrors file +@@ -84,17 +85,17 @@ MAIL_CMD=mail -s "[rkhunter] Warnings fo + # important files will be written to this directory, so be + # sure that the directory permissions are tight. + # +-#TMPDIR=/var/lib/rkhunter/tmp ++TMPDIR=/var/lib/rkhunter/tmp + + # + # Specify the database directory to use. + # +-#DBDIR=/var/lib/rkhunter/db ++DBDIR=/var/lib/rkhunter/db + + # + # Specify the script directory to use. + # +-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts ++SCRIPTDIR=/usr/lib/rkhunter/scripts + + # + # Specify the root directory to use. diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch b/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch new file mode 100644 index 000000000000..8fd49ab421da --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch @@ -0,0 +1,38 @@ +diff -Naur rkhunter-1.4.2/files/rkhunter.conf rkhunter-1.4.2-fixed/files/rkhunter.conf +--- rkhunter-1.4.2/files/rkhunter.conf 2014-01-25 16:29:51.000000000 -0500 ++++ rkhunter-1.4.2-fixed/files/rkhunter.conf 2014-05-27 11:58:11.098750088 -0400 +@@ -72,6 +72,7 @@ + # to use. + # + ++INSTALLDIR=/usr + + # + # If this option is set to '1', it specifies that the mirrors file +@@ -154,7 +155,7 @@ + # subsequently commented out or removed, then the program will assume a + # default directory beneath the installation directory. + # +-#TMPDIR=/var/lib/rkhunter/tmp ++TMPDIR=/var/lib/rkhunter/tmp + + # + # This option specifies the database directory to use. +@@ -163,7 +164,7 @@ + # subsequently commented out or removed, then the program will assume a + # default directory beneath the installation directory. + # +-#DBDIR=/var/lib/rkhunter/db ++DBDIR=/var/lib/rkhunter/db + + # + # This option specifies the script directory to use. +@@ -171,7 +172,7 @@ + # The installer program will set the default directory. If this default is + # subsequently commented out or removed, then the program will not run. + # +-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts ++SCRIPTDIR=/usr/lib/rkhunter/scripts + + # + # This option can be used to modify the command directory list used by rkhunter diff --git a/app-forensics/rkhunter/files/rkhunter.bash-completion b/app-forensics/rkhunter/files/rkhunter.bash-completion new file mode 100644 index 000000000000..5235e74d7735 --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter.bash-completion @@ -0,0 +1,88 @@ +# $Id$ +# rkhunter completion + +_rkhunter() { + local cur prev opts + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + prev=${COMP_WORDS[COMP_CWORD-1]} + opts="-c --checkall --createlogfile --cronjob --display-logfile -h --help\ + --nocolors --report-mode --report-warnings-only \ + --skip-application-check --skip-keypress --quick --quiet --update \ + --version --versioncheck --bindir --configfile --dbdir --rootdir \ + --tmpdir --disable-md5-check --disable-passwd-check \ + --scan-knownbad-files" + + if [[ "${cur}" == -* ]] || [[ ${COMP_CWORD} -eq 1 ]]; then + COMPREPLY=($(compgen -W "${opts}" -- "${cur}")) + fi + + case "${prev}" in + --createlogfile) + COMPREPLY=($(compgen -o filenames -A file -W "${opts/--createlogfile}" \ + -- "${cur}")) + ;; + --display-logfile) + COMPREPLY=($(compgen -W "${opts/--display-logfile}" -- "${cur}")) + ;; + --*dir) + COMPREPLY=($(compgen -o dirnames -A directory -- "${cur}")) + ;; + --*file) + COMPREPLY=($(compgen -o filenames -A file -- "${cur}")) + ;; + -c|--checkall) + COMPREPLY=($(compgen -W "${opts/-c --checkall}" -- "${cur}")) + ;; + --cronjob) + COMPREPLY=($(compgen -W "${opts/--cronjob}" -- "${cur}")) + ;; + -h|--help) + COMPREPLY=($(compgen -W "${opts/-h --help}" -- "${cur}")) + ;; + --nocolors) + COMPREPLY=($(compgen -W "${opts/--nocolors}" -- "${cur}")) + ;; + --report-mode) + COMPREPLY=($(compgen -W "${opts/--report-mode}" -- "${cur}")) + ;; + --report-warnings-only) + COMPREPLY=($(compgen -W "${opts/--report-warnings-only}" -- \ + "${cur}")) + ;; + --skip-application-check) + COMPREPLY=($(compgen -W "${opts/--skip-application-check}" -- \ + "${cur}")) + ;; + --skip-keypress) + COMPREPLY=($(compgen -W "${opts/--skip-keypress}" -- "${cur}")) + ;; + --quick) + COMPREPLY=($(compgen -W "${opts/--quick}" -- "${cur}")) + ;; + --quiet) + COMPREPLY=($(compgen -W "${opts/--quiet}" -- "${cur}")) + ;; + --update) + COMPREPLY=($(compgen -W "${opts/--update}" -- "${cur}")) + ;; + --version) + COMPREPLY=($(compgen -W "${opts/--version}" -- "${cur}")) + ;; + --versioncheck) + COMPREPLY=($(compgen -W "${opts/--versioncheck}" -- "${cur}")) + ;; + --disable-md5-check) + COMPREPLY=($(compgen -W "${opts/--disable-md5-check}" -- "${cur}")) + ;; + --disable-passwd-check) + COMPREPLY=($(compgen -W "${opts/--disable-passwd-check}" -- \ + "${cur}")) + ;; + --scan-knownbad-files) + COMPREPLY=($(compgen -W "${opts/--scan-knownbad-files}" -- \ + "${cur}")) + ;; + esac +} +complete -F _rkhunter rkhunter diff --git a/app-forensics/rkhunter/metadata.xml b/app-forensics/rkhunter/metadata.xml new file mode 100644 index 000000000000..c1740f780c19 --- /dev/null +++ b/app-forensics/rkhunter/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <upstream> + <remote-id type="sourceforge">rkhunter</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/rkhunter/rkhunter-1.4.0.ebuild b/app-forensics/rkhunter/rkhunter-1.4.0.ebuild new file mode 100644 index 000000000000..d8a37b339a1b --- /dev/null +++ b/app-forensics/rkhunter/rkhunter-1.4.0.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit eutils bash-completion-r1 + +DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers" +HOMEPAGE="http://rkhunter.sf.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~mips ppc x86" +IUSE="" + +RDEPEND=" + app-shells/bash + dev-lang/perl + sys-process/lsof[rpc] + virtual/cron + virtual/mailx +" + +S="${WORKDIR}/${P}/files" + +src_prepare() { + epatch "${FILESDIR}/${P}.conf.patch" +} + +src_install() { + # rkhunter requires to be root + dosbin ${PN} + + # rkhunter doesn't create it by itself + dodir /var/lib/${PN}/tmp + + insinto /etc + doins ${PN}.conf + + exeinto /usr/lib/${PN}/scripts + doexe *.pl + + insinto /var/lib/${PN}/db + doins *.dat + + insinto /var/lib/${PN}/db/i18n + doins i18n/* + + doman ${PN}.8 + dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README + + exeinto /etc/cron.daily + newexe "${FILESDIR}/${PN}-1.3.cron" ${PN} + + newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN} +} + +pkg_postinst() { + elog "A cron script has been installed to /etc/cron.daily/rkhunter." + elog "To enable it, edit /etc/cron.daily/rkhunter and follow the" + elog "directions." + elog "If you want ${PN} to send mail, you will need to install" + elog "virtual/mailx or alter the EMAIL_CMD variable in the" + elog "cron script and possibly the MAIL_CMD variable in the" + elog "${PN}.conf file to use another mail client." +} diff --git a/app-forensics/rkhunter/rkhunter-1.4.2.ebuild b/app-forensics/rkhunter/rkhunter-1.4.2.ebuild new file mode 100644 index 000000000000..715b9e2e540d --- /dev/null +++ b/app-forensics/rkhunter/rkhunter-1.4.2.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils bash-completion-r1 + +DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers" +HOMEPAGE="http://rkhunter.sf.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~mips ppc x86" +IUSE="" + +RDEPEND=" + app-shells/bash + dev-lang/perl + sys-process/lsof[rpc] + virtual/cron + virtual/mailx +" + +S="${WORKDIR}/${P}/files" + +src_prepare() { + epatch "${FILESDIR}/${P}.conf.patch" +} + +src_install() { + # rkhunter requires to be root + dosbin ${PN} + + insinto /etc + doins ${PN}.conf + + exeinto /usr/lib/${PN}/scripts + doexe *.pl + + insinto /var/lib/${PN}/db + doins *.dat + + insinto /var/lib/${PN}/db/i18n + doins i18n/* + + doman ${PN}.8 + dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README + + exeinto /etc/cron.daily + newexe "${FILESDIR}/${PN}-1.3.cron" ${PN} + + newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN} +} + +pkg_postinst() { + elog "A cron script has been installed to /etc/cron.daily/rkhunter." + elog "To enable it, edit /etc/cron.daily/rkhunter and follow the" + elog "directions." + elog "If you want ${PN} to send mail, you will need to install" + elog "virtual/mailx or alter the EMAIL_CMD variable in the" + elog "cron script and possibly the MAIL_CMD variable in the" + elog "${PN}.conf file to use another mail client." +} diff --git a/app-forensics/scalpel/Manifest b/app-forensics/scalpel/Manifest new file mode 100644 index 000000000000..1aae79c41975 --- /dev/null +++ b/app-forensics/scalpel/Manifest @@ -0,0 +1 @@ +DIST scalpel-2.0.tar.gz 1436379 SHA256 164a8a58ad8473c545794e981ca6349f2b4b76107c9553baab10a8a0204267e7 SHA512 7bf8e36f2fd22eb34e0f454c44a3ec3bc4e61dfd44ecda6ae93f0cc41cc3ad2b9fd9604637329bb96274a606812a578c968dd435d9d4a3ac5533613c849d321a WHIRLPOOL 72e5c0d689c8594970815352b8c0140670d38d8bc77f5ae640de5f5718a510675ba72c734672c3274d5eac1fe70f90d160e0760bbeae4429f72e1d173e4720d3 diff --git a/app-forensics/scalpel/metadata.xml b/app-forensics/scalpel/metadata.xml new file mode 100644 index 000000000000..4a106d1643b3 --- /dev/null +++ b/app-forensics/scalpel/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <longdescription lang="en"> + Scalpel is a fast file carver that reads a database of header and footer + definitions and extracts matching files or data fragments from a set of image + files or raw device files. Scalpel is filesystem-independent and will carve + files from FATx, NTFS, ext2/3, HFS+, or raw partitions. It is useful for both + digital forensics investigation and file recovery. + </longdescription> +</pkgmetadata> diff --git a/app-forensics/scalpel/scalpel-2.0.ebuild b/app-forensics/scalpel/scalpel-2.0.ebuild new file mode 100644 index 000000000000..85a108031d16 --- /dev/null +++ b/app-forensics/scalpel/scalpel-2.0.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +DESCRIPTION="A high performance file carver" +HOMEPAGE="http://www.digitalforensicssolutions.com/Scalpel/" +SRC_URI="http://www.digitalforensicssolutions.com/Scalpel/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +RDEPEND="dev-libs/tre" +DEPEND="${RDEPEND}" + +DOCS=(Changelog README) + +src_prepare() { + # Set the default config file location + sed -i -e "s:scalpel.conf:/etc/\0:" src/scalpel.h || die "sed failed" +} + +src_install() { + default + + insinto /etc + doins scalpel.conf +} diff --git a/app-forensics/sleuthkit/Manifest b/app-forensics/sleuthkit/Manifest new file mode 100644 index 000000000000..21febf598731 --- /dev/null +++ b/app-forensics/sleuthkit/Manifest @@ -0,0 +1,5 @@ +DIST sleuthkit-4.0.1.tar.gz 7488397 SHA256 719d9a702f74c30302840301fe573c5bb5af5b88471b48657114eba6b0d76f12 SHA512 34de46671c575a61e169af524a8c92701731b58a3f9717a22639b99cab6fd5ac84fe912e699169b5a8bb546816d464370d0e3fa55e714898dd4ca94c7fa907fe WHIRLPOOL df41455499a4a29ffd1efa61925b7d491d1e253c2761e1d8026df41d6620719269954f7fd851a30744ed90816e1ec9e7ccec6dc8d46990e9b20177fb1b6116a1 +DIST sleuthkit-4.0.2.tar.gz 7577570 SHA256 112f80fbc6a868c18c7a924f756b35c79eed9d0cc8923a4f973646f00e546e62 SHA512 acf1d6006db3e75675eb769034ea78fd78133ac0f83c9caa74ec720c0dd25f95fb1a5df2c652027eeeac53e1fca6a3096b5248db95e3a01ce95e72e779e44f37 WHIRLPOOL 72ba21e2b89c6b06974612041c9374e3f306237312328c375d012197409a02fcaa1abc120189d28a8261cabbbd1d6c37b3b14431c47b008f06d43a7c6d9ea612 +DIST sleuthkit-4.1.0.tar.gz 7974564 SHA256 b410428df2e1b253fa23ce6a299d059d8c2650bf9c602f7b80c0f4ce1368c36a SHA512 1cfa96bd3746c59c92c3e3f07f5f3f0f6896239bcaec012c43958654bb63794ecf9d7bd28bb9b4ab939558f4b27f03cd87f645ea91a8f9cfbb9037df93ef5223 WHIRLPOOL 20856982b77ecbdd1ed3b7c147e4340461830f0238ba7cdc17da3159f5a666df5b3d490760699d25d2896289c811f615ffb4160d163f9917f09e57a37ff26a21 +DIST sleuthkit-4.1.2.tar.gz 7990136 SHA256 58253b35c016083558fb581308f4a3baf884229de89eb84ddbfb977ed56600d3 SHA512 1f64acf42e86adf275bcd86c63c097210a498ac34ce69e64b3c120d86dffae65b5d57ed9618692dd510f637e940a48a60912dd57c8de840bf3a2b4428baabab8 WHIRLPOOL 1298a345416bec11564007c41474010cbddc26289aee025f31ecd2b7069f0d16ca81eeb07a292e38d91d6b34c3a891fad8a2f4b42bfd4df96053469d25dc8c65 +DIST sleuthkit-4.1.3.tar.gz 7952733 SHA256 67f9d2a31a8884d58698d6122fc1a1bfa9bf238582bde2b49228ec9b899f0327 SHA512 66f6ac32da5a21b3505390557ed6cf7bbcfcca69f231e20a7086fd48c5de45a3f064a716837d25eb582d0a89bae3b6ba7e89dcf3159e1cacdb4b5d452d0ce9a2 WHIRLPOOL 34d59163812d5e2b135d6d3a05bc9bed2f2739ab47bd77ed25ee3162eaf7389fec40a7b187745ef65b9596877399884d3081f2f4549fc0c4390382ec247174bc diff --git a/app-forensics/sleuthkit/files/sleuthkit-3.2.3-tools-shared-libs.patch b/app-forensics/sleuthkit/files/sleuthkit-3.2.3-tools-shared-libs.patch new file mode 100644 index 000000000000..749c67030046 --- /dev/null +++ b/app-forensics/sleuthkit/files/sleuthkit-3.2.3-tools-shared-libs.patch @@ -0,0 +1,55 @@ +--- sleuthkit-3.2.3/tools/autotools/Makefile.am ++++ sleuthkit-3.2.3/tools/autotools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk3/libtsk3.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = tsk_recover tsk_loaddb tsk_comparedir tsk_gettimes +--- sleuthkit-3.2.3/tools/fstools/Makefile.am ++++ sleuthkit-3.2.3/tools/fstools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk3/libtsk3.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro fscheck.cpp + + bin_PROGRAMS = blkcalc blkcat blkls blkstat ffind fls fsstat icat ifind ils \ +--- sleuthkit-3.2.3/tools/hashtools/Makefile.am ++++ sleuthkit-3.2.3/tools/hashtools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk3/libtsk3.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro md5.c sha1.c + + bin_PROGRAMS = hfind +--- sleuthkit-3.2.3/tools/imgtools/Makefile.am ++++ sleuthkit-3.2.3/tools/imgtools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk3/libtsk3.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = img_cat img_stat +--- sleuthkit-3.2.3/tools/srchtools/Makefile.am ++++ sleuthkit-3.2.3/tools/srchtools/Makefile.am +@@ -6,7 +6,6 @@ + + sigfind_SOURCES = sigfind.cpp + sigfind_LDADD = ../../tsk3/libtsk3.la +-sigfind_LDFLAGS = -static + + indent: + indent *.c *.cpp +--- sleuthkit-3.2.3/tools/vstools/Makefile.am ++++ sleuthkit-3.2.3/tools/vstools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk3/libtsk3.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = mmls mmstat mmcat diff --git a/app-forensics/sleuthkit/files/sleuthkit-4.0.0-system-sqlite.patch b/app-forensics/sleuthkit/files/sleuthkit-4.0.0-system-sqlite.patch new file mode 100644 index 000000000000..7b98f4dafd2f --- /dev/null +++ b/app-forensics/sleuthkit/files/sleuthkit-4.0.0-system-sqlite.patch @@ -0,0 +1,34 @@ +--- sleuthkit-4.0.0/tsk3/auto/db_sqlite.cpp ++++ sleuthkit-4.0.0/tsk3/auto/db_sqlite.cpp +@@ -14,7 +14,7 @@ + */ + + #include "tsk_db_sqlite.h" +-#include "sqlite3.h" ++#include <sqlite3.h> + + #include <string.h> + +--- sleuthkit-4.0.0/tsk3/auto/Makefile.am ++++ sleuthkit-4.0.0/tsk3/auto/Makefile.am +@@ -3,7 +3,8 @@ + + noinst_LTLIBRARIES = libtskauto.la + # Note that the .h files are in the top-level Makefile +-libtskauto_la_SOURCES = auto.cpp tsk_auto_i.h auto_db.cpp sqlite3.c sqlite3.h db_sqlite.cpp tsk_db_sqlite.h case_db.cpp tsk_case_db.h ++libtskauto_la_SOURCES = auto.cpp tsk_auto_i.h auto_db.cpp db_sqlite.cpp tsk_db_sqlite.h case_db.cpp tsk_case_db.h ++libtskauto_la_LIBADD = -lsqlite3 + + indent: + indent *.cpp *.h +--- sleuthkit-4.0.0/tsk3/auto/tsk_db_sqlite.h ++++ sleuthkit-4.0.0/tsk3/auto/tsk_db_sqlite.h +@@ -25,7 +25,7 @@ + #include <ostream> + + +-#include "sqlite3.h" ++#include <sqlite3.h> + #include "tsk_auto_i.h" + + using std::map; diff --git a/app-forensics/sleuthkit/files/sleuthkit-4.1.0-system-sqlite.patch b/app-forensics/sleuthkit/files/sleuthkit-4.1.0-system-sqlite.patch new file mode 100644 index 000000000000..413357fb5045 --- /dev/null +++ b/app-forensics/sleuthkit/files/sleuthkit-4.1.0-system-sqlite.patch @@ -0,0 +1,34 @@ +--- sleuthkit-4.1.0/tsk/auto/db_sqlite.cpp ++++ sleuthkit-4.1.0/tsk/auto/db_sqlite.cpp +@@ -14,7 +14,7 @@ + */ + + #include "tsk_db_sqlite.h" +-#include "sqlite3.h" ++#include <sqlite3.h> + + #include <string.h> + +--- sleuthkit-4.1.0/tsk/auto/Makefile.am ++++ sleuthkit-4.1.0/tsk/auto/Makefile.am +@@ -3,7 +3,8 @@ + + noinst_LTLIBRARIES = libtskauto.la + # Note that the .h files are in the top-level Makefile +-libtskauto_la_SOURCES = auto.cpp tsk_auto_i.h auto_db.cpp sqlite3.c sqlite3.h db_sqlite.cpp tsk_db_sqlite.h case_db.cpp tsk_case_db.h ++libtskauto_la_SOURCES = auto.cpp tsk_auto_i.h auto_db.cpp db_sqlite.cpp tsk_db_sqlite.h case_db.cpp tsk_case_db.h ++libtskauto_la_LIBADD = -lsqlite3 + + indent: + indent *.cpp *.h +--- sleuthkit-4.1.0/tsk/auto/tsk_db_sqlite.h ++++ sleuthkit-4.1.0/tsk/auto/tsk_db_sqlite.h +@@ -25,7 +25,7 @@ + #include <ostream> + + +-#include "sqlite3.h" ++#include <sqlite3.h> + #include "tsk_auto_i.h" + + using std::map; diff --git a/app-forensics/sleuthkit/files/sleuthkit-4.1.0-tools-shared-libs.patch b/app-forensics/sleuthkit/files/sleuthkit-4.1.0-tools-shared-libs.patch new file mode 100644 index 000000000000..efa335068333 --- /dev/null +++ b/app-forensics/sleuthkit/files/sleuthkit-4.1.0-tools-shared-libs.patch @@ -0,0 +1,55 @@ +--- sleuthkit-4.1.0/tools/autotools/Makefile.am ++++ sleuthkit-4.1.0/tools/autotools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = tsk_recover tsk_loaddb tsk_comparedir tsk_gettimes +--- sleuthkit-4.1.0/tools/fstools/Makefile.am ++++ sleuthkit-4.1.0/tools/fstools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro fscheck.cpp + + bin_PROGRAMS = blkcalc blkcat blkls blkstat ffind fls fcat fsstat icat ifind ils \ +--- sleuthkit-4.1.0/tools/hashtools/Makefile.am ++++ sleuthkit-4.1.0/tools/hashtools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro md5.c sha1.c + + bin_PROGRAMS = hfind +--- sleuthkit-4.1.0/tools/imgtools/Makefile.am ++++ sleuthkit-4.1.0/tools/imgtools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = img_cat img_stat +--- sleuthkit-4.1.0/tools/srchtools/Makefile.am ++++ sleuthkit-4.1.0/tools/srchtools/Makefile.am +@@ -6,7 +6,6 @@ + + sigfind_SOURCES = sigfind.cpp + sigfind_LDADD = ../../tsk/libtsk.la +-sigfind_LDFLAGS = -static + + indent: + indent *.c *.cpp +--- sleuthkit-4.1.0/tools/vstools/Makefile.am ++++ sleuthkit-4.1.0/tools/vstools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = mmls mmstat mmcat diff --git a/app-forensics/sleuthkit/metadata.xml b/app-forensics/sleuthkit/metadata.xml new file mode 100644 index 000000000000..bbbab40dda92 --- /dev/null +++ b/app-forensics/sleuthkit/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <use> + <flag name="aff">Enable extra aff formats</flag> + <flag name="ewf">Enable libewf support</flag> + </use> + <upstream> + <remote-id type="sourceforge">sleuthkit</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/sleuthkit/sleuthkit-4.0.1.ebuild b/app-forensics/sleuthkit/sleuthkit-4.0.1.ebuild new file mode 100644 index 000000000000..1dd845914cfd --- /dev/null +++ b/app-forensics/sleuthkit/sleuthkit-4.0.1.ebuild @@ -0,0 +1,42 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils autotools + +DESCRIPTION="A collection of file system and media management forensic analysis tools" +HOMEPAGE="http://www.sleuthkit.org/sleuthkit/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2 IBM" +SLOT="0" +KEYWORDS="amd64 hppa ppc x86" +IUSE="aff ewf static-libs" + +DEPEND="dev-db/sqlite:3 + ewf? ( app-forensics/libewf ) + aff? ( app-forensics/afflib )" +RDEPEND="${DEPEND} + dev-perl/DateManip" + +DOCS=( NEWS.txt README.txt ) + +src_prepare() { + epatch "${FILESDIR}"/${PN}-4.0.0-system-sqlite.patch + epatch "${FILESDIR}"/${PN}-3.2.3-tools-shared-libs.patch + eautoreconf +} + +src_configure() { + econf \ + $(use_with aff afflib) \ + $(use_with ewf libewf) \ + $(use_enable static-libs static) +} + +src_install() { + default + prune_libtool_files +} diff --git a/app-forensics/sleuthkit/sleuthkit-4.0.2.ebuild b/app-forensics/sleuthkit/sleuthkit-4.0.2.ebuild new file mode 100644 index 000000000000..e276d0013a24 --- /dev/null +++ b/app-forensics/sleuthkit/sleuthkit-4.0.2.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools-utils + +DESCRIPTION="A collection of file system and media management forensic analysis tools" +HOMEPAGE="http://www.sleuthkit.org/sleuthkit/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2 IBM" +SLOT="0/9" # subslot = major soname version +KEYWORDS="amd64 hppa ppc x86" +IUSE="aff ewf static-libs" + +DEPEND="dev-db/sqlite:3 + ewf? ( app-forensics/libewf ) + aff? ( app-forensics/afflib )" +RDEPEND="${DEPEND} + dev-perl/DateManip" + +DOCS=( NEWS.txt README.txt ) + +PATCHES=( + "${FILESDIR}"/${PN}-4.0.0-system-sqlite.patch + "${FILESDIR}"/${PN}-3.2.3-tools-shared-libs.patch +) + +AUTOTOOLS_AUTORECONF=1 +AUTOTOOLS_IN_SOURCE_BUILD=1 + +src_configure() { + local myeconfargs=( + $(use_with aff afflib) + $(use_with ewf libewf) + ) + autotools-utils_src_configure +} diff --git a/app-forensics/sleuthkit/sleuthkit-4.1.0.ebuild b/app-forensics/sleuthkit/sleuthkit-4.1.0.ebuild new file mode 100644 index 000000000000..5e5fb7285a6d --- /dev/null +++ b/app-forensics/sleuthkit/sleuthkit-4.1.0.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +AUTOTOOLS_AUTORECONF=1 +AUTOTOOLS_IN_SOURCE_BUILD=1 + +inherit autotools-utils + +DESCRIPTION="A collection of file system and media management forensic analysis tools" +HOMEPAGE="http://www.sleuthkit.org/sleuthkit/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2 IBM" +SLOT="0/10" # subslot = major soname version +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +IUSE="aff ewf static-libs" + +DEPEND="dev-db/sqlite:3 + ewf? ( app-forensics/libewf ) + aff? ( app-forensics/afflib )" +RDEPEND="${DEPEND} + dev-perl/DateManip" + +DOCS=( NEWS.txt README.txt ) + +PATCHES=( + "${FILESDIR}"/${P}-system-sqlite.patch + "${FILESDIR}"/${P}-tools-shared-libs.patch +) + +src_configure() { + local myeconfargs=( + $(use_with aff afflib) + $(use_with ewf libewf) + ) + autotools-utils_src_configure +} diff --git a/app-forensics/sleuthkit/sleuthkit-4.1.2.ebuild b/app-forensics/sleuthkit/sleuthkit-4.1.2.ebuild new file mode 100644 index 000000000000..7cc4ea5af448 --- /dev/null +++ b/app-forensics/sleuthkit/sleuthkit-4.1.2.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +AUTOTOOLS_AUTORECONF=1 +AUTOTOOLS_IN_SOURCE_BUILD=1 + +inherit autotools-utils + +DESCRIPTION="A collection of file system and media management forensic analysis tools" +HOMEPAGE="http://www.sleuthkit.org/sleuthkit/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2 IBM" +SLOT="0/10" # subslot = major soname version +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +IUSE="aff ewf static-libs" + +DEPEND="dev-db/sqlite:3 + ewf? ( app-forensics/libewf ) + aff? ( app-forensics/afflib )" +RDEPEND="${DEPEND} + dev-perl/DateManip" + +DOCS=( NEWS.txt README.txt ) + +PATCHES=( + "${FILESDIR}"/${PN}-4.1.0-system-sqlite.patch + "${FILESDIR}"/${PN}-4.1.0-tools-shared-libs.patch +) + +src_configure() { + local myeconfargs=( + $(use_with aff afflib) + $(use_with ewf libewf) + ) + autotools-utils_src_configure +} diff --git a/app-forensics/sleuthkit/sleuthkit-4.1.3.ebuild b/app-forensics/sleuthkit/sleuthkit-4.1.3.ebuild new file mode 100644 index 000000000000..bbdcf6f402e4 --- /dev/null +++ b/app-forensics/sleuthkit/sleuthkit-4.1.3.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +AUTOTOOLS_AUTORECONF=1 +AUTOTOOLS_IN_SOURCE_BUILD=1 + +inherit autotools-utils + +DESCRIPTION="A collection of file system and media management forensic analysis tools" +HOMEPAGE="http://www.sleuthkit.org/sleuthkit/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2 IBM" +SLOT="0/10" # subslot = major soname version +KEYWORDS="~amd64 ~hppa ~ppc ~x86" +IUSE="aff ewf static-libs" + +DEPEND="dev-db/sqlite:3 + ewf? ( app-forensics/libewf ) + aff? ( app-forensics/afflib )" +RDEPEND="${DEPEND} + dev-perl/DateManip" + +DOCS=( NEWS.txt README.txt ) + +PATCHES=( + "${FILESDIR}"/${PN}-4.1.0-system-sqlite.patch + "${FILESDIR}"/${PN}-4.1.0-tools-shared-libs.patch +) + +src_configure() { + local myeconfargs=( + $(use_with aff afflib) + $(use_with ewf libewf) + ) + autotools-utils_src_configure +} diff --git a/app-forensics/unhide/Manifest b/app-forensics/unhide/Manifest new file mode 100644 index 000000000000..1123e5325113 --- /dev/null +++ b/app-forensics/unhide/Manifest @@ -0,0 +1,2 @@ +DIST unhide-20130526.tgz 59625 SHA256 4ef970e0cc1366c19601fd5c98d90c7e7fb868f047115367b819ecfed7740b31 SHA512 0fbe4d8b36171906f81fa35b1bbf91c079920a31244e89a9dad3570d8e2832d2db2f7bd8f7f33aaa66d08e6be0a19c5fb0b8aa418f09154b97279c9279af1223 WHIRLPOOL 1545f1274d885c025bf5d94953c470494fd4b894d9eb93544460a6728ffb000cc072e9ccc7ac39d6f4da96c407e3dacfd93e5c2918812be7484ca9f9ab1b02a3 +DIST unhide_20121229.tgz 54700 SHA256 fa2d1b4a7e9eb8dc987317566fac2c62a6b42e7bbd91f14a69efb26e3dde6b76 SHA512 a0269b0524e5a8c64e34155e4843bc23fa74c0bee1cc684930966fd037b1d897404cfcb9ff062eebde38e3d6e3660bd445609c9cffa5da7600cca92a2f7b83c9 WHIRLPOOL 92fbcc277279bb7ac3290154fd846ad04fcd940ecda5a922660f57a4d80841e282c15537d5ebeb1374c30c2e30274c01de09e46c9936ca2839f7a86fde68af85 diff --git a/app-forensics/unhide/metadata.xml b/app-forensics/unhide/metadata.xml new file mode 100644 index 000000000000..367cade8916e --- /dev/null +++ b/app-forensics/unhide/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <upstream> + <remote-id type="sourceforge">unhide</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/unhide/unhide-20121229.ebuild b/app-forensics/unhide/unhide-20121229.ebuild new file mode 100644 index 000000000000..0f33fe82d958 --- /dev/null +++ b/app-forensics/unhide/unhide-20121229.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit toolchain-funcs + +MY_P="${PN}_${PV}" +S="${WORKDIR}" + +DESCRIPTION="A forensic tool to find hidden processes and TCP/UDP ports by rootkits/LKMs or other technique" +HOMEPAGE="http://www.unhide-forensics.info" +SRC_URI="mirror://sourceforge/${PN}/files/${MY_P}.tgz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND="" +RDEPEND="${DEPEND}" + +src_compile() { + $(tc-getCC) ${CFLAGS} ${LDFLAGS} --static -pthread \ + unhide-linux*.c unhide-output.c -o unhide + $(tc-getCC) ${CFLAGS} ${LDFLAGS} --static \ + unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp +} + +src_install() { + dobin ${PN} + dobin ${PN}-tcp + dodoc changelog README.txt TODO + dodoc changelog README.txt LEEME.txt LISEZ-MOI.TXT NEWS TODO + doman man/unhide.8 man/unhide-tcp.8 + has "fr" ${LINGUAS} && newman man/fr/unhide.8 unhide.fr.8 + has "es" ${LINGUAS} && newman man/es/unhide.8 unhide.es.8 +} diff --git a/app-forensics/unhide/unhide-20130526.ebuild b/app-forensics/unhide/unhide-20130526.ebuild new file mode 100644 index 000000000000..9f04f3788959 --- /dev/null +++ b/app-forensics/unhide/unhide-20130526.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit toolchain-funcs + +DESCRIPTION="A forensic tool to find hidden processes and TCP/UDP ports by rootkits/LKMs or other technique" +HOMEPAGE="http://www.unhide-forensics.info" +SRC_URI="mirror://sourceforge/${PN}/files/${P}.tgz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND="" +RDEPEND="${DEPEND}" + +src_compile() { + $(tc-getCC) ${CFLAGS} ${LDFLAGS} --static -pthread \ + unhide-linux*.c unhide-output.c -o unhide + $(tc-getCC) ${CFLAGS} ${LDFLAGS} --static \ + unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp +} + +src_install() { + dobin ${PN} + dobin ${PN}-tcp + dodoc changelog README.txt TODO + dodoc changelog README.txt LEEME.txt LISEZ-MOI.TXT NEWS TODO + doman man/unhide.8 man/unhide-tcp.8 + has "fr" ${LINGUAS} && newman man/fr/unhide.8 unhide.fr.8 + has "es" ${LINGUAS} && newman man/es/unhide.8 unhide.es.8 +} diff --git a/app-forensics/volatility/Manifest b/app-forensics/volatility/Manifest new file mode 100644 index 000000000000..95762a7624c2 --- /dev/null +++ b/app-forensics/volatility/Manifest @@ -0,0 +1 @@ +DIST volatility-2.4.1.tar.gz 2407119 SHA256 43d2946ec9c198a028fc068e8b4add7836ca03482665bacdd31998bc540e5c9c SHA512 cc2db2a17b071a21852bab967c9615df0fce369dac35ffbca8754bc789e218a86fc88bd2042203174308e620e281a24debc7b0a8bacd516a404a9170ea522596 WHIRLPOOL 386adfe0750a8b21656d95fb5a8fb9276b1199e94099e74f66d76cbdc0191de92449b93e708140e94072a136488235fd9f0515b14752bc7c2c97fdf81ec02220 diff --git a/app-forensics/volatility/metadata.xml b/app-forensics/volatility/metadata.xml new file mode 100644 index 000000000000..ee82a147eef8 --- /dev/null +++ b/app-forensics/volatility/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>forensics</herd> + <maintainer> + <email>chithanh@gentoo.org</email> + <name>Chí-Thanh Christopher Nguyễn</name> + </maintainer> +</pkgmetadata> + diff --git a/app-forensics/volatility/volatility-2.4.1.ebuild b/app-forensics/volatility/volatility-2.4.1.ebuild new file mode 100644 index 000000000000..3560127ae43d --- /dev/null +++ b/app-forensics/volatility/volatility-2.4.1.ebuild @@ -0,0 +1,33 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +PYTHON_COMPAT=( python2_7 ) +inherit distutils-r1 + +DESCRIPTION="Framework for analyzing volatile memory" +HOMEPAGE="http://www.volatilityfoundation.org/" +#2.4.1 not on mirrors yet +#SRC_URI="http://downloads.volatilityfoundation.org/releases/${PV}/${P}.tar.gz" +SRC_URI="mirror://gentoo/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="" + +DEPEND="" +RDEPEND=">=dev-libs/distorm64-3[${PYTHON_USEDEP}] + dev-libs/libpcre + dev-python/pycrypto[${PYTHON_USEDEP}]" + +src_install() { + distutils-r1_src_install + mkdir "${D}/usr/share/${PN}" + mv "${D}/usr/contrib/plugins" "${D}/usr/share/${PN}/" + rmdir "${D}/usr/contrib" + mv "${D}/usr/tools" "${D}/usr/share/${PN}/" + dosym /usr/bin/vol.py /usr/bin/volatility +} diff --git a/app-forensics/yasat/Manifest b/app-forensics/yasat/Manifest new file mode 100644 index 000000000000..827296784e86 --- /dev/null +++ b/app-forensics/yasat/Manifest @@ -0,0 +1,4 @@ +DIST yasat-526.tar.gz 123976 SHA256 a4ff957d59923c7c87fbcde27c894d731a3685b8534be17867d9cdc41974e600 SHA512 8abcc43f49791e7fd4c7755a2d2b20b6b89d5437bf9dfd392867374ecaaddba96d311636b38d4a6ba60f52c342334675bb1f3894b7aeae446ab479b9a319f898 WHIRLPOOL fc84bf86ed5a655129e917be30e24928c7a6afdc53b6bc7481e22e2050bf9612459ffaf681bc19a39bb623c8a7907378fcc358a91b86bbbcf1c269e8a2745796 +DIST yasat-700.tar.gz 137379 SHA256 323c54cadc637fb90b9bcb3869bad5996615dc67a4b3bbf9617569c94fe07ef5 SHA512 5022667810bf70f07181b7177ddf542690d22be3a82e7b0476d8d0d9c01844413ca6c848587dc29ec4c5c4e40c6a5a51781a2e564b19e9674d0ca916807378a5 WHIRLPOOL 5c7ebaf8eeb19d3490fcb5eba00a48029f1f92928b90de738e3b20e5f80999def0b64d53b3d945eabcb8b7af9baf78a9b3773d66e1bcc08e7a4dc8942f3a9b06 +DIST yasat-755.tar.gz 141633 SHA256 14bd57abe26f9cef64897c75ee9d3a4b5df9d3c794ce9fd7f5670bf2f7524590 SHA512 5a2a86c1f828f3fee5b84447ce6607b0dbdd8a16d8425dac910ef1c6f0d606105e851af35eedada46bf6438fb7cdde3f178803d8adf91e86f3bae4ce06151f44 WHIRLPOOL 031178629c574b5886e41c66c79caad74f8548c23180529bd06f8a2f8764ff929aa6eef30e9ab57ed826a75bbe372ad11627e37aaad6cd219621ac157470a2e4 +DIST yasat-839.tar.gz 148015 SHA256 ca14fe274ad53911d4c3d7c38bc0821ea7edaab9d2874522f7fb36c2bcaca3f1 SHA512 daf500a6f71a41d5f29501b0e449b711aea151d39b553c0ec356a8986b58a60ab96553cb9a752b495a455e1072e945c8b70aaf9eea53abac0ada8f26aa0b9181 WHIRLPOOL dc98fd6103aed808a174be5279328767dd22565310e714ea4bac972dafe944d7f884c8b17a7306bffa92a0e85f565603575b34a1b558b62258dd67c11a550ea9 diff --git a/app-forensics/yasat/files/yasat-700-remove-absent-tests.patch b/app-forensics/yasat/files/yasat-700-remove-absent-tests.patch new file mode 100644 index 000000000000..cffda2f50fa7 --- /dev/null +++ b/app-forensics/yasat/files/yasat-700-remove-absent-tests.patch @@ -0,0 +1,14 @@ +--- a/tests/test.test ++++ b/tests/test.test +@@ -137,7 +137,7 @@ + qa_test $? 3 + + #check_system_cron +-echo "====== Check a private key ======" +-check_private_key ./tests/test_rsa.pem 2 +-echo "====== Check a private key protected with password ======" +-check_private_key ./tests/test_rsa_password.pem 2 ++#echo "====== Check a private key ======" ++#check_private_key ./tests/test_rsa.pem 2 ++#echo "====== Check a private key protected with password ======" ++#check_private_key ./tests/test_rsa_password.pem 2 diff --git a/app-forensics/yasat/metadata.xml b/app-forensics/yasat/metadata.xml new file mode 100644 index 000000000000..21f80afe1716 --- /dev/null +++ b/app-forensics/yasat/metadata.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>proxy-maintainers</herd> + <maintainer> + <email>clabbe.montjoie@gmail.com</email> + <name>LABBE Corentin</name> + <description>Upstream and Maintainer. Assign bugs to him</description> + </maintainer> + <upstream> + <remote-id type="sourceforge">yasat</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/yasat/yasat-526.ebuild b/app-forensics/yasat/yasat-526.ebuild new file mode 100644 index 000000000000..15b84b3f2a0b --- /dev/null +++ b/app-forensics/yasat/yasat-526.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +DESCRIPTION="Security and system auditing tool" +HOMEPAGE="http://yasat.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~sparc ~x86" +IUSE="" + +S=${WORKDIR}/${PN} + +src_compile() { :; } + +src_install() { + emake install DESTDIR="${D}" PREFIX="/usr" SYSCONFDIR="/etc" + dodoc README CHANGELOG + doman man/yasat.8 +} diff --git a/app-forensics/yasat/yasat-700.ebuild b/app-forensics/yasat/yasat-700.ebuild new file mode 100644 index 000000000000..3484fbf878b5 --- /dev/null +++ b/app-forensics/yasat/yasat-700.ebuild @@ -0,0 +1,30 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils + +DESCRIPTION="Security and system auditing tool" +HOMEPAGE="http://yasat.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~sparc ~x86" + +S=${WORKDIR}/${PN} + +src_prepare() { + epatch "${FILESDIR}"/${P}-remove-absent-tests.patch +} + +src_compile() { :; } + +src_install() { + emake install DESTDIR="${D}" PREFIX="/usr" SYSCONFDIR="/etc" + + dodoc README CHANGELOG + doman man/yasat.8 +} diff --git a/app-forensics/yasat/yasat-755.ebuild b/app-forensics/yasat/yasat-755.ebuild new file mode 100644 index 000000000000..3148b0d5c88e --- /dev/null +++ b/app-forensics/yasat/yasat-755.ebuild @@ -0,0 +1,26 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils + +DESCRIPTION="Security and system auditing tool" +HOMEPAGE="http://yasat.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~sparc ~x86" + +S=${WORKDIR}/${PN} + +src_compile() { :; } + +src_install() { + emake install DESTDIR="${D}" PREFIX="/usr" SYSCONFDIR="/etc" + + dodoc README CHANGELOG + doman man/yasat.8 +} diff --git a/app-forensics/yasat/yasat-839.ebuild b/app-forensics/yasat/yasat-839.ebuild new file mode 100644 index 000000000000..bdcdc13f3743 --- /dev/null +++ b/app-forensics/yasat/yasat-839.ebuild @@ -0,0 +1,26 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils + +DESCRIPTION="Security and system auditing tool" +HOMEPAGE="http://yasat.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~sparc ~x86" + +S=${WORKDIR}/${PN} + +src_compile() { :; } + +src_install() { + emake install DESTDIR="${D}" PREFIX="/usr" SYSCONFDIR="/etc" + + dodoc README CHANGELOG + doman man/yasat.8 +} diff --git a/app-forensics/zzuf/Manifest b/app-forensics/zzuf/Manifest new file mode 100644 index 000000000000..ef1559b47500 --- /dev/null +++ b/app-forensics/zzuf/Manifest @@ -0,0 +1,2 @@ +DIST zzuf-0.13-zzcat-zzat-rename.patch.bz2 11370 SHA256 33864b8a54fc71464650130c5b2092d969776535f787075119a6750e869d99d3 SHA512 5df3ccc08315c8a983f13294ca3fc38f3b7094a9ba04a46ee7740522ad486318bcf019fec78d60581cb541b5ebdbe1d0751273233d5a54b03f411aef84790529 WHIRLPOOL 87c8561d2eba2626d97600964b7ee8851a1f8a4dc40eda758b5e4854b9149f71b8a26223f36355b707c1e30d559dd1e977292ba2f17d79fa1992a414a573c31d +DIST zzuf-0.13.tar.gz 461498 SHA256 0842c548522028c3e0d9c9cf7d09f6320b661f33824bb6df19ca209851bdf627 SHA512 e8208dae68b4eee5ebc96775476f616c6822bc9a6a9c753d7f477e9f3e6f527a03e1aec494c2cb8a6666f3159104ea2e221acf8da35efb7d8e357666dbc315ce WHIRLPOOL b4fe880dbd894ee270a847614456536e7d3f615bf3fa01251cbeac863f95704ff766e858fcb037d7e1dcd089acfffb297aea6c8fa01bde4940370288590e8867 diff --git a/app-forensics/zzuf/metadata.xml b/app-forensics/zzuf/metadata.xml new file mode 100644 index 000000000000..f9d50da18d39 --- /dev/null +++ b/app-forensics/zzuf/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>maintainer-needed@gentoo.org</email> + <description>This package lacks a primary herd or maintainer.</description> + </maintainer> +</pkgmetadata> diff --git a/app-forensics/zzuf/zzuf-0.13-r1.ebuild b/app-forensics/zzuf/zzuf-0.13-r1.ebuild new file mode 100644 index 000000000000..e3ba11a5ac7d --- /dev/null +++ b/app-forensics/zzuf/zzuf-0.13-r1.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=4 + +inherit autotools eutils + +DESCRIPTION="Transparent application input fuzzer" +HOMEPAGE="http://libcaca.zoy.org/wiki/zzuf/" +SRC_URI="http://caca.zoy.org/files/${PN}/${P}.tar.gz + http://dev.gentoo.org/~cardoe/distfiles/${P}-zzcat-zzat-rename.patch.bz2" + +LICENSE="WTFPL-2" +SLOT="0" +KEYWORDS="~amd64 ~sparc ~x86" +IUSE="" + +# fails with sandbox enabled +RESTRICT="test" + +DOCS=( AUTHORS ChangeLog NEWS README TODO ) + +src_prepare() { + sed -i -e '/CFLAGS/d' "${S}"/configure.ac \ + || die "unable to fix the configure.ac" + sed -i -e 's:noinst_:check_:' "${S}"/test/Makefile.am \ + || die "unable to fix unconditional test building" + + epatch "${DISTDIR}"/${P}-zzcat-zzat-rename.patch.bz2 + + eautoreconf +} + +src_configure() { + # Don't build the static library, as the library is only used for + # preloading, so there is no reason to build it statically, unless + # you want to use zzuf with a static-linked executable, which I'm + # not even sure would be a good idea. + econf --disable-static +} + +src_install() { + default + + find "${D}" -name '*.la' -delete +} |