[Integrit-users] integrit-3.05 is out
Brought to you by:
ecashin
Menu
▾
▴
[Integrit-users] integrit-3.05 is out
|
From: Ed L. C. <ec...@gm...> - 2005-09-14 03:58:48
|
Hi, all. There's been a new release of integrit that includes=20 changes from two developers, Chris Johns and Yuri D'Elia. Thanks very much to these two for helping to keep integrit simple, stable, and useful. It occurs to me to mention on this happy occasion that a helpful goal for the next integrit release is the removal=20 of the use of md5 in integrit. The md5 algorithm has been pretty thoroughly broken within the past year or two, and so using SHA1 exclusively would be a good move. Here are the changes for 3.05. 3.05 changes:=20 Document Chris Johns changes and update Makefile targets for developers. 3.04 changes: Applied patches from Yuri D'Elia: - configure.in: Added some checks whether -static (or other flags) can be used. Under at least OSX (and possibly open darwin) -static cannot be used. This patch fix the build on those systems. - elcwft.c: reorganized the walk loop. Ignored directories are now _really_ ignored (that is, no more "cannot open directory"). - gnupg/md5.c: fixed broken macro for big endian systems under certain compilers. - other fixes: Assume checksums to be unsigned char as required by gnupg/* (eliminates a dozen of warnings). Changes from Chris Johns: Remove the "filetype" change type, and replace it with a new "type" inode change. So now integrit keeps the S_IFMT mode bits, in the same way to the permission bits from the file mode, and hence any change to file type gets flagged in the "stat" change type. Add a new "devicetype" element in the "stat" change type, to detect when a character or block special file changes major/minor number. Finally, treat symbolic links similarly to regular files, in that integrit computes an SHA-1 checksum for them, but not for the file contents, but rather for the name in the symlink (using readlink()). Then, if a file remains a symlink, but points to a different target, that's flagged as an "SHA-1" change to the file. Note that the database itself is not affected by this change, since it contains a 'struct stat' and an SHA-1 checksum string already. The code simply uses the existing database contents differently now. --=20 Ed L. Cashin <ec...@no...> |
