diff --git a/Add-sm3-algorithm-for-aide.patch b/Add-sm3-algorithm-for-aide.patch index 669e86d..9409564 100644 --- a/Add-sm3-algorithm-for-aide.patch +++ b/Add-sm3-algorithm-for-aide.patch @@ -18,9 +18,9 @@ index 2473d79..3ccdeec 100644 --- a/include/attributes.h +++ b/include/attributes.h @@ -68,6 +68,7 @@ typedef enum { - attr_capabilities, - attr_stribog256, attr_stribog512, + attr_growing, + attr_compressed, + attr_sm3, attr_unknown } ATTRIBUTE; @@ -42,10 +42,10 @@ index 4a3dcb8..d3f328b 100644 --- a/src/attributes.c +++ b/src/attributes.c @@ -67,6 +67,7 @@ attributes_t attributes[] = { - { ATTR(attr_capabilities), "caps", "Caps", "capabilities", 'C' }, - { ATTR(attr_stribog256), "stribog256", "STRIBOG256" , "stribog256", '\0' }, - { ATTR(attr_stribog512), "stribog512", "STRIBOG512" , "stribog512", '\0' }, -+ { ATTR(attr_sm3), "sm3", "SM3" , "sm3", '\0' }, + { ATTR(attr_stribog512), "stribog512", "STRIBOG512", "stribog512", "stribog512", '\0' }, + { ATTR(attr_growing), "growing", NULL, NULL, NULL, '\0' }, + { ATTR(attr_compressed), "compressed", NULL, NULL, NULL, '\0' }, ++ { ATTR(attr_sm3), "sm3", "SM3" , "sm3", "sm3", '\0' }, }; DB_ATTR_TYPE num_attrs = sizeof(attributes)/sizeof(attributes_t); diff --git a/aide-0.17.4.tar.gz b/aide-0.17.4.tar.gz deleted file mode 100644 index c2c9589..0000000 Binary files a/aide-0.17.4.tar.gz and /dev/null differ diff --git a/aide-0.18.5.tar.gz b/aide-0.18.5.tar.gz new file mode 100644 index 0000000..7337410 Binary files /dev/null and b/aide-0.18.5.tar.gz differ diff --git a/aide.spec b/aide.spec index f1b28b1..3b1c375 100644 --- a/aide.spec +++ b/aide.spec @@ -1,8 +1,8 @@ %bcond_without have_check Name: aide -Version: 0.17.4 -Release: 3 +Version: 0.18.5 +Release: 1 Summary: Advanced Intrusion Detection Environment License: GPLv2+ URL: http://sourceforge.net/projects/aide @@ -12,8 +12,6 @@ Source2: aide.logrotate BuildRequires: gcc make bison flex pcre2-devel libgpg-error-devel libgcrypt-devel zlib-devel libcurl-devel BuildRequires: libacl-devel libselinux-devel libattr-devel e2fsprogs-devel audit-libs-devel -# command autoreconf needs autoconf and automake -BuildRequires: autoconf automake # for make check %if %{with have_check} BuildRequires: check-devel @@ -23,9 +21,6 @@ BuildRequires: check-devel Requires: libgcrypt-sm3 Patch0: Add-sm3-algorithm-for-aide.patch -Patch1: backport-Handle-malformed-database-lines.patch -Patch2: backport-Fix-handling-of-duplicate-database-entries.patch -Patch3: backport-Switch-from-PCRE-to-PCRE2-closes-116.patch %description AIDE (Advanced Intrusion Detection Environment, [eyd]) is a file and directory integrity checker. @@ -38,9 +33,6 @@ Once this database is initialized it can be used to verify the integrity of the %autosetup -n %{name}-%{version} -p1 %build -# add command autoreconf to regenerate configure file -# because, the patch Switch-from-PCRE-to-PCRE2 changed configure.ac file -autoreconf -ivf %configure --disable-static --with-config_file=%{_sysconfdir}/aide.conf --with-gcrypt --with-zlib \ --with-curl --with-posix-acl --with-selinux --with-xattr --with-e2fsattrs --with-audit make %{?_smp_mflags} @@ -81,6 +73,12 @@ make check %{_mandir}/*/* %changelog +* Wed Jul 12 2023 yixiangzhike - 0.18.5-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC: update to 0.18.5 + * Tue Apr 25 2023 yixiangzhike - 0.17.4-3 - Type:bugfix - ID:NA diff --git a/backport-Fix-handling-of-duplicate-database-entries.patch b/backport-Fix-handling-of-duplicate-database-entries.patch deleted file mode 100644 index 6adc361..0000000 --- a/backport-Fix-handling-of-duplicate-database-entries.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 1067d1e1ce10dcd8f374e9d4295d39d75abf4958 Mon Sep 17 00:00:00 2001 -From: Hannes von Haugwitz -Date: Sun, 20 Feb 2022 18:09:10 +0100 -Subject: [PATCH] Fix handling of duplicate database entries - -* closes: #122 ---- - src/gen_list.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gen_list.c b/src/gen_list.c -index bf5ce2e..a1467f3 100644 ---- a/src/gen_list.c -+++ b/src/gen_list.c -@@ -352,7 +352,7 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db_flags, const dat - if(!node){ - node=new_seltree_node(tree,file->filename,0,NULL); - log_msg(LOG_LEVEL_DEBUG, "added new node '%s' (%p) for '%s' (reason: new entry)", node->path, node, file->filename); -- } else if (db && db_flags&DB_NEW?node->new_data:node->old_data) { -+ } else if (db && node->checked&db_flags) { - LOG_DB_FORMAT_LINE(LOG_LEVEL_WARNING, duplicate database entry found for '%s' (skip line), file->filename) - free_db_line(file); - free(file); --- -1.8.3.1 - diff --git a/backport-Handle-malformed-database-lines.patch b/backport-Handle-malformed-database-lines.patch deleted file mode 100644 index 3946db0..0000000 --- a/backport-Handle-malformed-database-lines.patch +++ /dev/null @@ -1,169 +0,0 @@ -From efaaba614c946118d731b542319b99a25a0a199c Mon Sep 17 00:00:00 2001 -From: Hannes von Haugwitz -Date: Tue, 18 Jan 2022 21:20:07 +0100 -Subject: [PATCH] Handle malformed database lines - -* handle malformed path -* handle duplicate database entry -* closes: #122 ---- - src/db_file.c | 19 ++++++++++++------- - src/gen_list.c | 34 +++++++++++++++++++--------------- - 2 files changed, 31 insertions(+), 22 deletions(-) - -diff --git a/src/db_file.c b/src/db_file.c -index 86d5b31..30324f2 100644 ---- a/src/db_file.c -+++ b/src/db_file.c -@@ -1,7 +1,7 @@ - /* - * AIDE (Advanced Intrusion Detection Environment) - * -- * Copyright (C) 1999-2007, 2010-2013, 2016, 2018-2021 Rami Lehti, -+ * Copyright (C) 1999-2007, 2010-2013, 2016, 2018-2022 Rami Lehti, - * Pablo Virolainen, Mike Markley, Richard van den Berg, - * Hannes von Haugwitz - * -@@ -249,13 +249,18 @@ char** db_readline_file(database* db) { - break; - } - case TPATH: { -- i = 0; -- s = checked_malloc(sizeof(char*)*num_attrs); -- for(ATTRIBUTE j=0; jfields[i]].db_name, i, dbtext); - } -- s[i] = checked_strdup(dbtext); -- LOG_DB_FORMAT_LINE(LOG_LEVEL_DEBUG, '%s' set field '%s' (position %d): '%s', s[0], attributes[db->fields[i]].db_name, i, dbtext); - break; - } - case TSTRING: { -diff --git a/src/gen_list.c b/src/gen_list.c -index 98b437c..bf5ce2e 100644 ---- a/src/gen_list.c -+++ b/src/gen_list.c -@@ -1,7 +1,7 @@ - /* - * AIDE (Advanced Intrusion Detection Environment) - * -- * Copyright (C) 1999-2006, 2009-2012, 2015-2016, 2019-2021 Rami Lehti, -+ * Copyright (C) 1999-2006, 2009-2012, 2015-2016, 2019-2022 Rami Lehti, - * Pablo Virolainen, Mike Markley, Richard van den Berg, - * Hannes von Haugwitz - * -@@ -342,9 +342,8 @@ void strip_dbline(db_line* line) - - /* - * add_file_to_tree -- * db = which db this file belongs to - */ --static void add_file_to_tree(seltree* tree,db_line* file,int db) -+static void add_file_to_tree(seltree* tree,db_line* file,int db_flags, const database *db) - { - seltree* node=NULL; - -@@ -353,14 +352,19 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) - if(!node){ - node=new_seltree_node(tree,file->filename,0,NULL); - log_msg(LOG_LEVEL_DEBUG, "added new node '%s' (%p) for '%s' (reason: new entry)", node->path, node, file->filename); -+ } else if (db && db_flags&DB_NEW?node->new_data:node->old_data) { -+ LOG_DB_FORMAT_LINE(LOG_LEVEL_WARNING, duplicate database entry found for '%s' (skip line), file->filename) -+ free_db_line(file); -+ free(file); -+ return; - } - - /* add note to this node which db has modified it */ -- node->checked|=db; -+ node->checked|=db_flags; - - strip_dbline(file); - -- switch (db) { -+ switch (db_flags) { - case DB_OLD: { - log_msg(LOG_LEVEL_DEBUG, "add old entry '%s' (%c) to node '%s' (%p) as old data", file->filename, get_file_type_char_from_perm(file->perm), node->path, node); - node->old_data=file; -@@ -430,9 +434,9 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) - db_line *newData; - seltree* moved_node; - -- moved_node=get_seltree_inode(tree,file,db==DB_OLD?DB_NEW:DB_OLD); -+ moved_node=get_seltree_inode(tree,file,db_flags==DB_OLD?DB_NEW:DB_OLD); - if(!(moved_node == NULL || moved_node == node)) { -- if(db == DB_NEW) { -+ if(db_flags == DB_NEW) { - newData = node->new_data; - oldData = moved_node->old_data; - log_msg(LOG_LEVEL_DEBUG, "checking old data of node '%s' with new data of '%s'", moved_node->path, node->path); -@@ -453,8 +457,8 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) - /* Free the data if same else leave as is for report_tree */ - DB_ATTR_TYPE changed_attr_moved_file = get_changed_attributes(oldData, newData); - if ((changed_attr_moved_file&~(ATTR(attr_ctime))) == RETOK) { -- node->checked |= db==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT; -- moved_node->checked |= db==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN; -+ node->checked |= db_flags==DB_NEW ? NODE_MOVED_IN : NODE_MOVED_OUT; -+ moved_node->checked |= db_flags==DB_NEW ? NODE_MOVED_OUT : NODE_MOVED_IN; - if (changed_attr_moved_file & (ATTR(attr_ctime))) { - log_msg(LOG_LEVEL_DEBUG,_(" ctime is ignored, due to filename change: '%s' => '%s'"), oldData->filename, newData->filename); - } -@@ -471,13 +475,13 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) - log_msg(LOG_LEVEL_DEBUG, "no moved file found for '%s'", file->filename); - } - } -- if( (db == DB_NEW) && -+ if( (db_flags == DB_NEW) && - (node->new_data!=NULL) && - (file->attr & ATTR(attr_allownewfile)) ){ - node->checked|=NODE_ALLOW_NEW; - log_msg(LOG_LEVEL_DEBUG,_(" mark node '%s' as NODE_ALLOW_NEW (reason: entry '%s' has ANF attribute set)"), node->path, file->filename); - } -- if( (db == DB_OLD) && -+ if( (db_flags == DB_OLD) && - (node->old_data!=NULL) && - (file->attr & ATTR(attr_allowrmfile)) ){ - node->checked|=NODE_ALLOW_RM; -@@ -677,7 +681,7 @@ void populate_tree(seltree* tree, bool dry_run) - db_lex_buffer(&(conf->database_new)); - while((new=db_readline(&(conf->database_new))) != NULL){ - if((add=check_rxtree(new->filename,tree, &rule, get_restriction_from_perm(new->perm), dry_run))>0){ -- add_file_to_tree(tree,new,DB_NEW); -+ add_file_to_tree(tree,new,DB_NEW, &(conf->database_new)); - } else { - free_db_line(new); - free(new); -@@ -692,7 +696,7 @@ void populate_tree(seltree* tree, bool dry_run) - new=NULL; - log_msg(LOG_LEVEL_INFO, "read new entries from disk (root: '%s', limit: '%s')", conf->root_prefix, conf->limit?conf->limit:"(none)"); - while((new=db_readline_disk(dry_run)) != NULL) { -- add_file_to_tree(tree,new,DB_NEW); -+ add_file_to_tree(tree,new,DB_NEW, NULL); - } - } - if((conf->action&DO_COMPARE)||(conf->action&DO_DIFF)){ -@@ -701,9 +705,9 @@ void populate_tree(seltree* tree, bool dry_run) - while((old=db_readline(&(conf->database_in))) != NULL) { - add=check_rxtree(old->filename,tree, &rule, get_restriction_from_perm(old->perm), dry_run); - if(add > 0) { -- add_file_to_tree(tree,old,DB_OLD); -+ add_file_to_tree(tree,old,DB_OLD, &(conf->database_in)); - } else if (conf->limit!=NULL && add < 0) { -- add_file_to_tree(tree,old,DB_OLD|DB_NEW); -+ add_file_to_tree(tree,old,DB_OLD|DB_NEW, &(conf->database_in)); - }else{ - if(!initdbwarningprinted){ - log_msg(LOG_LEVEL_WARNING, _("%s:%s: old database entry '%s' has no matching rule, run --init or --update (this warning is only shown once)"), get_url_type_string((conf->database_in.url)->type), (conf->database_in.url)->value, old->filename); --- -1.8.3.1 - diff --git a/backport-Switch-from-PCRE-to-PCRE2-closes-116.patch b/backport-Switch-from-PCRE-to-PCRE2-closes-116.patch deleted file mode 100644 index 3a42fcf..0000000 --- a/backport-Switch-from-PCRE-to-PCRE2-closes-116.patch +++ /dev/null @@ -1,376 +0,0 @@ -From 367545d8e27aec9d0d407bafd8da81f5df42ce31 Mon Sep 17 00:00:00 2001 -From: Hannes von Haugwitz -Date: Wed, 1 Dec 2021 21:17:44 +0100 -Subject: [PATCH] Switch from PCRE to PCRE2 (closes: #116) - ---- - Makefile.am | 4 ++-- - README | 2 +- - configure.ac | 13 +++++-------- - include/db_config.h | 6 ++++-- - include/gen_list.h | 3 ++- - include/rx_rule.h | 6 ++++-- - include/seltree.h | 2 +- - src/aide.c | 26 ++++++++++++++++++++++---- - src/commandconf.c | 6 +----- - src/conf_eval.c | 25 +++++++++++++++++-------- - src/gen_list.c | 10 +++++----- - src/seltree.c | 32 +++++++++++++++++++++++++------- - 12 files changed, 89 insertions(+), 46 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 4744ec4..21a552e 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -62,7 +62,7 @@ if USE_CURL - aide_SOURCES += include/fopen.h src/fopen.c - endif - --aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CAPLIB@ ${CURL_LIBS} -+aide_LDADD = -lm ${PCRE2_LIBS} @CRYPTLIB@ @ACLLIB@ @SELINUXLIB@ @AUDITLIB@ @ATTRLIB@ @E2FSATTRSLIB@ @ELFLIB@ @CAPLIB@ ${CURL_LIBS} - - if HAVE_CHECK - TESTS = check_aide -@@ -71,7 +71,7 @@ check_aide_SOURCES = tests/check_aide.c tests/check_aide.h \ - tests/check_attributes.c src/attributes.c \ - src/log.c src/util.c - check_aide_CFLAGS = -I$(top_srcdir)/include $(CHECK_CFLAGS) --check_aide_LDADD = -lm @PCRELIB@ @CRYPTLIB@ $(CHECK_LIBS) -+check_aide_LDADD = -lm ${PCRE2_LIBS} @CRYPTLIB@ $(CHECK_LIBS) - endif # HAVE_CHECK - - AM_CFLAGS = @AIDE_DEFS@ -W -Wall -g -diff --git a/README b/README -index 079d4b2..3526065 100644 ---- a/README -+++ b/README -@@ -117,7 +117,7 @@ - o GNU yacc (bison). - o GNU make. - o pkg-config -- o PCRE library -+ o PCRE2 library - o Mhash (optional, but highly recommended). Mhash is currently - available from http://mhash.sourceforge.net/. A static version of - libmhash needs to be build using the --enable-static=yes -diff --git a/configure.ac b/configure.ac -index ae9e6b9..a741a1b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -328,15 +328,12 @@ fi - - AC_CHECK_HEADERS(syslog.h inttypes.h fcntl.h ctype.h) - --PCRELIB="-lpcre" --if test "$aide_static_choice" == "yes"; then -- PCRELIB="$PCRELIB -pthread" -+if test "$aide_static_choice" == "yes"; then -+ PKG_CHECK_MODULES_STATIC(PCRE2, [libpcre2-8], , [AC_MSG_RESULT([libpcre2-8 not found by pkg-config - Try to add directory containing libpcre2-8.pc to PKG_CONFIG_PATH environment variable])]) -+else -+ PKG_CHECK_MODULES(PCRE2, [libpcre2-8], , [AC_MSG_RESULT([libpcre2-8 not found by pkg-config - Try to add directory containing libpcre2-8.pc to PKG_CONFIG_PATH environment variable])]) - fi --AC_CHECK_LIB(pcre, pcre_exec, [ -- compoptionstring="${compoptionstring}WITH_PCRE\\n" -- ], [AC_MSG_ERROR([You don't have pcre library properly installed.])] -- ) --AC_SUBST(PCRELIB) -+compoptionstring="${compoptionstring}WITH_PCRE2\\n" - - AC_ARG_WITH([locale], - [AC_HELP_STRING([--with-locale], -diff --git a/include/db_config.h b/include/db_config.h -index dbe0138..49fa384 100644 ---- a/include/db_config.h -+++ b/include/db_config.h -@@ -28,7 +28,8 @@ - #include "types.h" - #include - #include --#include -+#define PCRE2_CODE_UNIT_WIDTH 8 -+#include - - #define E2O(n) (1< -+#define PCRE2_CODE_UNIT_WIDTH 8 -+#include - #include "seltree.h" - #include "list.h" - #include -diff --git a/include/rx_rule.h b/include/rx_rule.h -index fa8bdd3..196a5b7 100644 ---- a/include/rx_rule.h -+++ b/include/rx_rule.h -@@ -25,7 +25,8 @@ - #include "attributes.h" - #include "seltree_struct.h" - #include --#include -+#define PCRE2_CODE_UNIT_WIDTH 8 -+#include - - #define RESTRICTION_TYPE unsigned int - #define FT_REG (1U<<0) /* file */ -@@ -41,7 +42,8 @@ - - typedef struct rx_rule { - char* rx; /* Regular expression in text form */ -- pcre* crx; /* Compiled regexp */ -+ pcre2_code* crx; /* Compiled regexp */ -+ pcre2_match_data *md; - DB_ATTR_TYPE attr; /* Which attributes to save */ - seltree *node; - char *config_filename; -diff --git a/include/seltree.h b/include/seltree.h -index c4e6f05..61f9a8c 100644 ---- a/include/seltree.h -+++ b/include/seltree.h -@@ -32,7 +32,7 @@ seltree* new_seltree_node(seltree*, char*, int, rx_rule*); - - seltree* get_seltree_node(seltree* ,char*); - --rx_rule * add_rx_to_tree(char *, RESTRICTION_TYPE, int, seltree *, const char **, int *); -+rx_rule * add_rx_to_tree(char *, RESTRICTION_TYPE, int, seltree *, int, char *, char *); - - int check_seltree(seltree *, char *, RESTRICTION_TYPE, rx_rule* *); - -diff --git a/src/aide.c b/src/aide.c -index 12ecfe1..741e1cd 100644 ---- a/src/aide.c -+++ b/src/aide.c -@@ -283,13 +283,31 @@ static void read_param(int argc,char**argv) - break; - } - case 'l': { -- const char* pcre_error; -- int pcre_erroffset; -+ int pcre2_errorcode; -+ PCRE2_SIZE pcre2_erroffset; - conf->limit=checked_malloc(strlen(optarg)+1); - strcpy(conf->limit,optarg); -- if((conf->limit_crx=pcre_compile(conf->limit, PCRE_ANCHORED, &pcre_error, &pcre_erroffset, NULL)) == NULL) { -- INVALID_ARGUMENT("--limit", error in regular expression '%s' at %i: %s, conf->limit, pcre_erroffset, pcre_error) -+ if((conf->limit_crx=pcre2_compile((PCRE2_SPTR) conf->limit, PCRE2_ZERO_TERMINATED, PCRE2_UTF|PCRE2_ANCHORED, &pcre2_errorcode, &pcre2_erroffset, NULL)) == NULL) { -+ PCRE2_UCHAR pcre2_error[128]; -+ pcre2_get_error_message(pcre2_errorcode, pcre2_error, 128); -+ INVALID_ARGUMENT("--limit", error in regular expression '%s' at %zu: %s, conf->limit, pcre2_erroffset, pcre2_error) -+ -+ } -+ conf->limit_md = pcre2_match_data_create_from_pattern(conf->limit_crx, NULL); -+ if (conf->limit_md == NULL) { -+ log_msg(LOG_LEVEL_ERROR, "pcre2_match_data_create_from_pattern: failed to allocate memory"); -+ exit(EXIT_FAILURE); -+ } -+ -+ int pcre2_jit = pcre2_jit_compile(conf->limit_crx, PCRE2_JIT_PARTIAL_SOFT); -+ if (pcre2_jit < 0) { -+ PCRE2_UCHAR pcre2_error[128]; -+ pcre2_get_error_message(pcre2_jit, pcre2_error, 128); -+ log_msg(LOG_LEVEL_NOTICE, "JIT compilation for limit '%s' failed: %s (fall back to interpreted matching)", conf->limit, pcre2_error); -+ } else { -+ log_msg(LOG_LEVEL_DEBUG, "JIT compilation for limit '%s' successful", conf->limit); - } -+ - log_msg(LOG_LEVEL_INFO,_("(--limit): set limit to '%s'"), conf->limit); - break; - } -diff --git a/src/commandconf.c b/src/commandconf.c -index edec4f9..a3b0e27 100644 ---- a/src/commandconf.c -+++ b/src/commandconf.c -@@ -307,11 +307,7 @@ bool add_rx_rule_to_tree(char* rx, RESTRICTION_TYPE restriction, DB_ATTR_TYPE at - char *attr_str = NULL; - char *rs_str = NULL; - -- const char* rule_error; -- int rule_erroffset; -- -- if ((r = add_rx_to_tree(rx, restriction, type, tree, &rule_error, &rule_erroffset)) == NULL) { -- log_msg(LOG_LEVEL_ERROR, "%s:%d:%i: error in rule '%s': %s (line: '%s')", filename, linenumber, rule_erroffset, rx, rule_error, linebuf); -+ if ((r = add_rx_to_tree(rx, restriction, type, tree, linenumber, filename, linebuf)) == NULL) { - retval = false; - }else { - r->config_linenumber = linenumber; -diff --git a/src/conf_eval.c b/src/conf_eval.c -index 460e530..7d9b182 100644 ---- a/src/conf_eval.c -+++ b/src/conf_eval.c -@@ -512,14 +512,21 @@ static void include_directory(const char* dir, const char* rx, bool execute, int - struct dirent **namelist; - int n; - -- const char* pcre_error; -- int pcre_erroffset; -- pcre* crx; -- -- if((crx = pcre_compile(rx, PCRE_UTF8, &pcre_error, &pcre_erroffset, NULL)) == NULL) { -- LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_ERROR, '%s': error in regular expression '%s' at %i: %s, execute?"@@x_include":"@@include", rx, pcre_erroffset, pcre_error) -+ int pcre2_errorcode; -+ PCRE2_SIZE pcre2_erroffset; -+ pcre2_code* crx; -+ -+ if((crx = pcre2_compile((PCRE2_SPTR) rx, PCRE2_ZERO_TERMINATED, PCRE2_UTF, &pcre2_errorcode, &pcre2_erroffset, NULL)) == NULL) { -+ PCRE2_UCHAR pcre2_error[128]; -+ pcre2_get_error_message(pcre2_errorcode, pcre2_error, 128); -+ LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_ERROR, '%s': error in regular expression '%s' at %i: %s, execute?"@@x_include":"@@include", rx, pcre2_erroffset, pcre2_error) - exit(INVALID_CONFIGURELINE_ERROR); - } -+ pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(crx, NULL); -+ if (match_data == NULL) { -+ log_msg(LOG_LEVEL_ERROR, "pcre2_match_data_create_from_pattern: failed to allocate memory"); -+ exit(EXIT_FAILURE); -+ } - - struct stat fs; - -@@ -547,7 +554,8 @@ static void include_directory(const char* dir, const char* rx, bool execute, int - exit(INVALID_CONFIGURELINE_ERROR); - } - if (S_ISREG(fs.st_mode)) { -- if(pcre_exec(crx, NULL, namelist[i]->d_name, strlen(namelist[i]->d_name), 0, 0, NULL, 0) < 0) { -+ int match=pcre2_match(crx, (PCRE2_SPTR) namelist[i]->d_name, PCRE2_ZERO_TERMINATED, 0, 0, match_data, NULL); -+ if(match < 0) { - log_msg(LOG_LEVEL_DEBUG,"%s: skip '%s' (reason: file name does not match regex '%s')", dir, namelist[i]->d_name, rx); - } else { - int exec = execute && S_IXUSR&fs.st_mode; -@@ -565,7 +573,8 @@ static void include_directory(const char* dir, const char* rx, bool execute, int - free(namelist[i]); - } - free(namelist); -- free(crx); -+ pcre2_match_data_free(match_data); -+ pcre2_code_free(crx); - } - - static void eval_include_statement(include_statement statement, int include_depth, int linenumber, char *filename, char* linebuf) { -diff --git a/src/gen_list.c b/src/gen_list.c -index 98b437c..9c3aed5 100644 ---- a/src/gen_list.c -+++ b/src/gen_list.c -@@ -32,7 +32,8 @@ - #include - #include - #include --#include -+#define PCRE2_CODE_UNIT_WIDTH 8 -+#include - - #include "attributes.h" - #include "list.h" -@@ -488,13 +489,12 @@ static void add_file_to_tree(seltree* tree,db_line* file,int db) - int check_rxtree(char* filename,seltree* tree, rx_rule* *rule, RESTRICTION_TYPE file_type, bool dry_run) - { - log_msg(LOG_LEVEL_RULE, "\u252c process '%s' (filetype: %c)", filename, get_restriction_char(file_type)); -- int retval=0; - - if(conf->limit!=NULL) { -- retval=pcre_exec(conf->limit_crx, NULL, filename, strlen(filename), 0, PCRE_PARTIAL_SOFT, NULL, 0); -- if (retval >= 0) { -+ int match=pcre2_match(conf->limit_crx, (PCRE2_SPTR) filename, PCRE2_ZERO_TERMINATED, 0, PCRE2_PARTIAL_SOFT, conf->limit_md, NULL); -+ if (match >= 0) { - log_msg(LOG_LEVEL_DEBUG, "\u2502 '%s' does match limit '%s'", filename, conf->limit); -- } else if (retval == PCRE_ERROR_PARTIAL) { -+ } else if (match == PCRE2_ERROR_PARTIAL) { - if(file_type&FT_DIR && get_seltree_node(tree,filename)==NULL){ - seltree* node = new_seltree_node(tree,filename,0,NULL); - log_msg(LOG_LEVEL_DEBUG, "added new node '%s' (%p) for '%s' (reason: partial limit match)", node->path, node, filename); -diff --git a/src/seltree.c b/src/seltree.c -index 7819b06..bc8b371 100644 ---- a/src/seltree.c -+++ b/src/seltree.c -@@ -260,7 +260,7 @@ seltree *init_tree() { - return node; - } - --rx_rule * add_rx_to_tree(char * rx, RESTRICTION_TYPE restriction, int rule_type, seltree *tree, const char **rule_error, int *rule_erroffset) { -+rx_rule * add_rx_to_tree(char * rx, RESTRICTION_TYPE restriction, int rule_type, seltree *tree, int linenumber, char* filename, char* linebuf) { - rx_rule* r = NULL; - seltree *curnode = NULL; - char *rxtok = NULL; -@@ -275,17 +275,36 @@ rx_rule * add_rx_to_tree(char * rx, RESTRICTION_TYPE restriction, int rule_type, - r->config_linenumber = -1; - r->attr = 0; - -- if((r->crx=pcre_compile(r->rx, PCRE_ANCHORED|PCRE_UTF8, rule_error, rule_erroffset, NULL)) == NULL) { -+ int pcre2_errorcode; -+ PCRE2_SIZE pcre2_erroffset; -+ -+ if((r->crx=pcre2_compile((PCRE2_SPTR) r->rx, PCRE2_ZERO_TERMINATED, PCRE2_UTF|PCRE2_ANCHORED, &pcre2_errorcode, &pcre2_erroffset, NULL)) == NULL) { -+ PCRE2_UCHAR pcre2_error[128]; -+ pcre2_get_error_message(pcre2_errorcode, pcre2_error, 128); -+ log_msg(LOG_LEVEL_ERROR, "%s:%d:%i: error in rule '%s': %s (line: '%s')", filename, linenumber, pcre2_erroffset, rx, pcre2_error, linebuf); - free(r); - return NULL; - } else { -+ r->md = pcre2_match_data_create_from_pattern(r->crx, NULL); -+ if (r->md == NULL) { -+ log_msg(LOG_LEVEL_ERROR, "pcre2_match_data_create_from_pattern: failed to allocate memory"); -+ exit(EXIT_FAILURE); -+ } -+ int pcre2_jit = pcre2_jit_compile(r->crx, PCRE2_JIT_PARTIAL_SOFT); -+ if (pcre2_jit < 0) { -+ PCRE2_UCHAR pcre2_error[128]; -+ pcre2_get_error_message(pcre2_jit, pcre2_error, 128); -+ log_msg(LOG_LEVEL_NOTICE, "JIT compilation for regex '%s' failed: %s (fall back to interpreted matching)", r->rx, pcre2_error); -+ } else { -+ log_msg(LOG_LEVEL_DEBUG, "JIT compilation for reges '%s' successful", r->rx); -+ } -+ - rxtok=strrxtok(r->rx); - curnode=get_seltree_node(tree,rxtok); - - for(size_t i=1;i < strlen(rxtok); ++i){ - if (rxtok[i] == '/' && rxtok[i-1] == '/') { -- *rule_error = "invalid double slash" ; -- *rule_erroffset = i; -+ log_msg(LOG_LEVEL_ERROR, "%s:%d:1: error in rule '%s': invalid double slash (line: '%s')", filename, linenumber, rx, linebuf); - free(r); - return NULL; - } -@@ -323,14 +342,13 @@ static int check_list_for_match(list* rxrlist,char* text, rx_rule* *rule, RESTRI - list* r=NULL; - int retval=NO_RULE_MATCH; - int pcre_retval; -- pcre_extra *pcre_extra = NULL; - char *rs_str = NULL; - for(r=rxrlist;r;r=r->next){ - rx_rule *rx = (rx_rule*)r->data; - - if (!(unrestricted_only && rx->restriction)) { - -- pcre_retval=pcre_exec((pcre*)rx->crx, pcre_extra, text, strlen(text), 0, PCRE_PARTIAL_SOFT, NULL, 0); -+ pcre_retval = pcre2_match(rx->crx, (PCRE2_SPTR) text, PCRE2_ZERO_TERMINATED, 0, PCRE2_PARTIAL_SOFT, rx->md, NULL); - if (pcre_retval >= 0) { - if (!rx->restriction || file_type&rx->restriction) { - *rule = rx; -@@ -343,7 +361,7 @@ static int check_list_for_match(list* rxrlist,char* text, rx_rule* *rule, RESTRI - free(rs_str); - retval=PARTIAL_RULE_MATCH; - } -- } else if (pcre_retval == PCRE_ERROR_PARTIAL) { -+ } else if (pcre_retval == PCRE2_ERROR_PARTIAL) { - LOG_MATCH(LOG_LEVEL_RULE, "\u2502", partially matches regex '%s', rx->rx) - retval=PARTIAL_RULE_MATCH; - } else { --- -1.8.3.1 -