Projects
Mega:24.09
audit
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:audit.spec
Changed
@@ -2,36 +2,47 @@ Name: audit Epoch: 1 Version: 3.1.2 -Release: 4 +Release: 5 License: GPLv2+ and LGPLv2+ URL: https://people.redhat.com/sgrubb/audit/ Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt -Patch0: bugfix-audit-support-armv7b.patch -Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch -Patch2: bugfix-audit-reload-coredump.patch -Patch3: audit-Add-sw64-architecture.patch -Patch4: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch -Patch5: backport-first-part-of-NULL-pointer-checks.patch -Patch6: backport-second-part-of-NULL-pointer-checks.patch -Patch7: backport-last-part-of-NULL-pointer-checks.patch -Patch8: backport-Fixed-NULL-checks.patch -Patch9: backport-update-error-messages-in-NULL-Checks.patch -Patch10: backport-adding-the-file-descriptor-closure.patch -Patch11: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch -Patch12: backport-Use-atomic_int-if-available-for-signal-related-flags.patch -Patch13: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch -Patch14: backport-avoiding-of-NULL-pointers-dereference-366.patch -Patch15: backport-Cleanup-code-in-LRU.patch -Patch16: backport-Fix-memory-leaks.patch -Patch17: backport-fix-one-more-leak.patch -Patch18: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch -Patch19: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch -Patch20: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch -Patch21: backport-Fix-deprecated-python-function.patch -Patch22: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch -Patch23: backport-Cleanup-shell-script-warnings.patch +Patch0: bugfix-audit-support-armv7b.patch +Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch +Patch2: bugfix-audit-reload-coredump.patch +Patch3: audit-Add-sw64-architecture.patch +Patch4: backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch +Patch5: backport-Error-out-if-required-zos-parameters-missing.patch +Patch6: backport-Fix-deprecated-python-function.patch +Patch7: backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch +Patch8: backport-lib-enclose-macro-to-avoid-precedence-issues.patch +Patch9: backport-memory-allocation-updates-341.patch +Patch10: backport-lib-cast-to-unsigned-char-for-character-test-functio.patch +Patch11: backport-Make-session-id-consistently-typed-327.patch +Patch12: backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch +Patch13: backport-fix-the-use-of-isdigit-everywhere.patch +Patch14: backport-Fix-new-warnings-for-unused-results.patch +Patch15: backport-Change-the-first-iteration-test-so-static-analysis-b.patch +Patch16: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch +Patch17: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch +Patch18: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch +Patch19: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch +Patch20: backport-Cleanup-shell-script-warnings.patch +Patch21: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch +Patch22: backport-first-part-of-NULL-pointer-checks.patch +Patch23: backport-second-part-of-NULL-pointer-checks.patch +Patch24: backport-last-part-of-NULL-pointer-checks.patch +Patch25: backport-Fixed-NULL-checks.patch +Patch26: backport-update-error-messages-in-NULL-Checks.patch +Patch27: backport-adding-the-file-descriptor-closure.patch +Patch28: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch +Patch29: backport-Use-atomic_int-if-available-for-signal-related-flags.patch +Patch30: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch +Patch31: backport-avoiding-of-NULL-pointers-dereference-366.patch +Patch32: backport-Cleanup-code-in-LRU.patch +Patch33: backport-Fix-memory-leaks.patch +Patch34: backport-fix-one-more-leak.patch BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: openldap-devel krb5-devel libcap-ng-devel @@ -311,7 +322,6 @@ %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop -%attr(750,root,root) %{_libexecdir}/audit-functions %ghost %{_localstatedir}/run/auditd.state %attr(750,root,root) %dir %{_var}/log/audit %attr(750,root,root) %dir /etc/audit @@ -375,6 +385,9 @@ %attr(644,root,root) %{_mandir}/man8/*.8.gz %changelog +* Wed Jul 17 2024 xuraoqing<xuraoqing@huawei.com> - 1:3.1.2-5 +- backport patches to fix bugs + * Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1:3.1.2-4 - backport patches from upstream
View file
_service:tar_scm:backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch
Added
@@ -0,0 +1,137 @@ +From 2663987c5088924bce510fcf8e7891d6aae976ba Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Sat, 4 Nov 2023 03:48:39 +0100 +Subject: PATCH Avoid file descriptor leaks in multi-threaded applications + (#339) + +* lib: set close-on-exec flag + +libaudit may be called from a multi-threaded application. +Avoid leaking local file descriptors on a concurrent execve. + +* lib: simplify SOCK_CLOEXEC + +SOCK_CLOEXEC is supported since Linux 2.6.27. + +Reference:https://github.com/linux-audit/audit-userspace/commit/2663987c5088924bce510fcf8e7891d6aae976ba +Conflict:lib/audit_logging.c,lib/netlink.c,lib/libaudit.c + +--- + lib/audit_logging.c | 2 +- + lib/libaudit.c | 14 +++++++------- + lib/netlink.c | 12 +----------- + 3 files changed, 9 insertions(+), 19 deletions(-) + +diff --git a/lib/audit_logging.c b/lib/audit_logging.c +index 302c242..08b53aa 100644 +--- a/lib/audit_logging.c ++++ b/lib/audit_logging.c +@@ -177,7 +177,7 @@ static char *_get_commname(const char *comm, char *commname, unsigned int size) + + if (comm == NULL) { + int len; +- int fd = open("/proc/self/comm", O_RDONLY); ++ int fd = open("/proc/self/comm", O_RDONLY|O_CLOEXEC); + if (fd < 0) { + strcpy(commname, "\"?\""); + return commname; +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 2cc7afd..74fa2f3 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -221,7 +221,7 @@ static int load_libaudit_config(const char *path) + char buf128; + + /* open the file */ +- rc = open(path, O_NOFOLLOW|O_RDONLY); ++ rc = open(path, O_NOFOLLOW|O_RDONLY|O_CLOEXEC); + if (rc < 0) { + if (errno != ENOENT) { + audit_msg(LOG_ERR, "Error opening %s (%s)", +@@ -261,7 +261,7 @@ static int load_libaudit_config(const char *path) + } + + /* it's ok, read line by line */ +- f = fdopen(fd, "rm"); ++ f = fdopen(fd, "rme"); + if (f == NULL) { + audit_msg(LOG_ERR, "Error - fdopen failed (%s)", + strerror(errno)); +@@ -705,7 +705,7 @@ char *audit_format_signal_info(char *buf, int len, char *op, + char path32, ses16; + int rlen; + snprintf(path, sizeof(path), "/proc/%u", rep->signal_info->pid); +- int fd = open(path, O_RDONLY); ++ int fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC); + if (fd >= 0) { + if (fstat(fd, &sb) < 0) + sb.st_uid = -1; +@@ -714,7 +714,7 @@ char *audit_format_signal_info(char *buf, int len, char *op, + sb.st_uid = -1; + snprintf(path, sizeof(path), "/proc/%u/sessionid", + rep->signal_info->pid); +- fd = open(path, O_RDONLY, rep->signal_info->pid); ++ fd = open(path, O_RDONLY|O_CLOEXEC, rep->signal_info->pid); + if (fd < 0) + strcpy(ses, "4294967295"); + else { +@@ -918,7 +918,7 @@ uid_t audit_getloginuid(void) + char buf16; + + errno = 0; +- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY); ++ in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC); + if (in < 0) + return -1; + do { +@@ -946,7 +946,7 @@ int audit_setloginuid(uid_t uid) + + errno = 0; + count = snprintf(loginuid, sizeof(loginuid), "%u", uid); +- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); ++ o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC|O_CLOEXEC); + if (o >= 0) { + int block, offset = 0; + +@@ -982,7 +982,7 @@ uint32_t audit_get_session(void) + char buf16; + + errno = 0; +- in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY); ++ in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC); + if (in < 0) + return -2; + do { +diff --git a/lib/netlink.c b/lib/netlink.c +index 66a1e7c..f862da4 100644 +--- a/lib/netlink.c ++++ b/lib/netlink.c +@@ -47,7 +47,7 @@ static int check_ack(int fd); + int audit_open(void) + { + int saved_errno; +- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); ++ int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT); + + if (fd < 0) { + saved_errno = errno; +@@ -60,16 +60,6 @@ int audit_open(void) + "Error opening audit netlink socket (%s)", + strerror(errno)); + errno = saved_errno; +- return fd; +- } +- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { +- saved_errno = errno; +- audit_msg(LOG_ERR, +- "Error setting audit netlink socket CLOEXEC flag (%s)", +- strerror(errno)); +- close(fd); +- errno = saved_errno; +- return -1; + } + return fd; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-Change-the-first-iteration-test-so-static-analysis-b.patch
Added
@@ -0,0 +1,39 @@ +From b84b007cd0ef504e8c86b8cc73646f3119ed343c Mon Sep 17 00:00:00 2001 +From: Steve Grubb <ausearch.1@gmail.com> +Date: Wed, 29 Nov 2023 15:49:21 -0500 +Subject: PATCH Change the first iteration test so static analysis better + understands the code + +Reference:https://github.com/linux-audit/audit-userspace/commit/b84b007cd0ef504e8c86b8cc73646f3119ed343c +Conflict:NA + +--- + tools/aulast/aulast-llist.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/tools/aulast/aulast-llist.c b/tools/aulast/aulast-llist.c +index 87638ebc..d7765ba4 100644 +--- a/tools/aulast/aulast-llist.c ++++ b/tools/aulast/aulast-llist.c +@@ -140,11 +140,15 @@ int list_update_logout(llist* l, time_t t, unsigned long serial) + lnode *list_delete_cur(llist *l) + { + register lnode *cur, *prev; +- +- prev = cur = l->head; /* start at the beginning */ ++ ++ if (l == NULL || l->head == NULL) ++ return NULL; ++ ++ prev = cur = l->head; /* start at the beginning */ + while (cur) { + if (cur == l->cur) { +- if (cur == prev && cur == l->head) { ++ // If the first iteration ++ if (prev == l->head && cur == l->head) { + l->head = cur->next; + l->cur = cur->next; + free((void *)cur->name); +-- +2.33.0 +
View file
_service:tar_scm:backport-Cleanup-shell-script-warnings.patch
Changed
@@ -4,7 +4,7 @@ Subject: PATCH Cleanup shell script warnings Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9 -Conflict:init.d/augenrules, init.d/auditd.state +Conflict:NA --- init.d/auditd.reload | 2 +- @@ -12,11 +12,11 @@ init.d/auditd.rotate | 2 +- init.d/auditd.state | 6 +++--- init.d/auditd.stop | 2 +- - init.d/augenrules | 4 ++-- - 6 files changed, 7 insertions(+), 7 deletions(-) + init.d/augenrules | 2 +- + 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/init.d/auditd.reload b/init.d/auditd.reload -index 6db1bd74..b42fa6bf 100644 +index 53ff2f4..4f09d00 100644 --- a/init.d/auditd.reload +++ b/init.d/auditd.reload @@ -3,7 +3,7 @@ @@ -26,10 +26,10 @@ -test $(id -u) = 0 || exit 4 +test "$(id -u)" = "0" || exit 4 - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" + printf "Reconfiguring: " + /sbin/augenrules --load diff --git a/init.d/auditd.resume b/init.d/auditd.resume -index 96189eb6..8193bea9 100644 +index 96189eb..8193bea 100644 --- a/init.d/auditd.resume +++ b/init.d/auditd.resume @@ -3,7 +3,7 @@ @@ -39,10 +39,10 @@ -test $(id -u) = 0 || exit 4 +test "$(id -u)" = "0" || exit 4 - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" + printf "Resuming logging: " + /sbin/auditctl --signal resume diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate -index dcb12c26..8bb65530 100644 +index dcb12c2..8bb6553 100644 --- a/init.d/auditd.rotate +++ b/init.d/auditd.rotate @@ -3,7 +3,7 @@ @@ -52,10 +52,10 @@ -test $(id -u) = 0 || exit 4 +test "$(id -u)" = "0" || exit 4 - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" + printf "Rotating logs: " + /sbin/auditctl --signal rotate diff --git a/init.d/auditd.state b/init.d/auditd.state -index 6ae0845a..c59fe5a6 100644 +index 6ae0845..c59fe5a 100644 --- a/init.d/auditd.state +++ b/init.d/auditd.state @@ -3,7 +3,7 @@ @@ -66,18 +66,22 @@ +test "$(id -u)" = "0" || exit 4 PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" -@@ -15,7 +15,7 @@ killproc $prog -CONT + state_file="/var/run/auditd.state" +@@ -11,10 +11,10 @@ state_file="/var/run/auditd.state" + printf "Getting auditd internal state: " + /sbin/auditctl --signal state RETVAL=$? - echo -e "\n" +-echo -e "\n" sleep 1 -if $? -eq 0 ; then +if $RETVAL -eq 0 ; then if -e $state_file ; then ++ printf "\n\n" cat $state_file fi + fi diff --git a/init.d/auditd.stop b/init.d/auditd.stop -index 4cfe88b1..79e53a59 100644 +index 5049285..41c67d6 100644 --- a/init.d/auditd.stop +++ b/init.d/auditd.stop @@ -3,7 +3,7 @@ @@ -90,7 +94,7 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin prog="auditd" diff --git a/init.d/augenrules b/init.d/augenrules -index be6c9f5c..8c1a670b 100644 +index ea96aa7..605cfef 100644 --- a/init.d/augenrules +++ b/init.d/augenrules @@ -35,7 +35,7 @@ RETVAL=0
View file
_service:tar_scm:backport-Error-out-if-required-zos-parameters-missing.patch
Added
@@ -0,0 +1,41 @@ +From bbe96f9798451129ae2555f92e2f698f842f7833 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Tue, 10 Oct 2023 08:22:49 -0400 +Subject: PATCH Error out if required zos parameters missing + + +Reference:https://github.com/linux-audit/audit-userspace/commit/bbe96f9798451129ae2555f92e2f698f842f7833 +Conflict:NA + +--- + audisp/plugins/zos-remote/zos-remote-ldap.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/audisp/plugins/zos-remote/zos-remote-ldap.c b/audisp/plugins/zos-remote/zos-remote-ldap.c +index 7dd1424f..7e27eda4 100644 +--- a/audisp/plugins/zos-remote/zos-remote-ldap.c ++++ b/audisp/plugins/zos-remote/zos-remote-ldap.c +@@ -134,14 +134,18 @@ retry: + + int zos_remote_init(ZOS_REMOTE *zos_remote, const char *server, int port, + const char *user, const char *password, int timeout) +-{ ++{ ++ if (server == NULL || user == NULL || password == NULL) { ++ log_err("Error: required parameters are not present in config file"); ++ return ICTX_E_FATAL; ++ } + zos_remote->server = strdup(server); + zos_remote->port = port; + zos_remote->user = strdup(user); + zos_remote->password = strdup(password); + zos_remote->timeout = timeout; + zos_remote->connected = 0; +- ++ + if (!zos_remote->server || !zos_remote->user || !zos_remote->password) { + log_err("Error allocating memory for session members"); + return ICTX_E_FATAL; +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-new-warnings-for-unused-results.patch
Added
@@ -0,0 +1,107 @@ +From a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <ausearch.1@gmail.com> +Date: Mon, 20 Nov 2023 16:37:46 -0500 +Subject: PATCH Fix new warnings for unused results + +Reference:https://github.com/linux-audit/audit-userspace/commit/a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 +Conflict:NA + +--- + audisp/plugins/ids/ids.c | 5 +++-- + audisp/plugins/ids/ids.h | 2 +- + audisp/plugins/statsd/audisp-statsd.c | 4 ++-- + lib/libaudit.c | 3 ++- + lib/netlink.c | 3 ++- + src/auditd.c | 3 ++- + 6 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/audisp/plugins/ids/ids.c b/audisp/plugins/ids/ids.c +index d28237e5..1446ca71 100644 +--- a/audisp/plugins/ids/ids.c ++++ b/audisp/plugins/ids/ids.c +@@ -107,9 +107,10 @@ static void destroy_audit(void) + } + + +-void log_audit_event(int type, const char *text, int res) ++int log_audit_event(int type, const char *text, int res) + { +- audit_log_user_message(audit_fd, type, text, NULL, NULL, NULL, res); ++ return audit_log_user_message(audit_fd, type, text, ++ NULL, NULL, NULL, res); + } + + +diff --git a/audisp/plugins/ids/ids.h b/audisp/plugins/ids/ids.h +index f3710066..cb98cdba 100644 +--- a/audisp/plugins/ids/ids.h ++++ b/audisp/plugins/ids/ids.h +@@ -15,6 +15,6 @@ + extern int debug; + extern void my_printf(const char *fmt, ...) + __attribute__ (( format(printf, 1, 2) )); +-extern void log_audit_event(int type, const char *text, int res); ++extern int log_audit_event(int type, const char *text, int res); + + #endif +diff --git a/audisp/plugins/statsd/audisp-statsd.c b/audisp/plugins/statsd/audisp-statsd.c +index db2c6111..912f9171 100644 +--- a/audisp/plugins/statsd/audisp-statsd.c ++++ b/audisp/plugins/statsd/audisp-statsd.c +@@ -218,9 +218,9 @@ static void get_kernel_status(void) + struct audit_reply rep; + + audit_request_status(audit_fd); +- audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0); ++ int rc = audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0); + +- if (rep.type == AUDIT_GET) { ++ if (rc > 0 && rep.type == AUDIT_GET) { + // add info to global audit event struct + r.lost = rep.status->lost; + r.backlog = rep.status->backlog; +diff --git a/lib/libaudit.c b/lib/libaudit.c +index e5f2a7c5..3decff12 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -473,7 +473,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode) + rc = poll(pfd, 1, 100); /* .1 second */ + } while (rc < 0 && errno == EINTR); + +- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); ++ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0)) ++ ; // intentionally empty + return 1; + } + +diff --git a/lib/netlink.c b/lib/netlink.c +index eeeefc26..3381651a 100644 +--- a/lib/netlink.c ++++ b/lib/netlink.c +@@ -280,7 +280,8 @@ retry: + else if (rc > 0 && rep.type == NLMSG_ERROR) { + int error = rep.error->error; + /* Eat the message */ +- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); ++ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0)) ++ ; // intentionally empty + + /* NLMSG_ERROR can indicate success, only report nonzero */ + if (error) { +diff --git a/src/auditd.c b/src/auditd.c +index 2dedf35b..54b407f3 100644 +--- a/src/auditd.c ++++ b/src/auditd.c +@@ -1044,7 +1044,8 @@ static void clean_exit(void) + audit_msg(LOG_INFO, "The audit daemon is exiting."); + if (fd >= 0) { + if (!opt_aggregate_only) +- audit_set_pid(fd, 0, WAIT_NO); ++ if (audit_set_pid(fd, 0, WAIT_NO)) ++ ; // intentionally empty + audit_close(fd); + } + if (pidfile) +-- +2.33.0 +
View file
_service:tar_scm:backport-Make-session-id-consistently-typed-327.patch
Added
@@ -0,0 +1,62 @@ +From 8359a7004de5e22c5a9b85c01c56e3b376d84a81 Mon Sep 17 00:00:00 2001 +From: Michael Tautschnig <mt@debian.org> +Date: Thu, 2 Nov 2023 21:53:29 +0100 +Subject: PATCH Make session id consistently typed (#327) + +This fixes type-conflicting definitions and declarations. + +Reference:https://github.com/linux-audit/audit-userspace/commit/8359a7004de5e22c5a9b85c01c56e3b376d84a81 +Conflict:NA + +--- + src/aureport-options.c | 3 ++- + src/ausearch-options.c | 10 ++++++---- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/aureport-options.c b/src/aureport-options.c +index 93621e25..76a4b9f1 100644 +--- a/src/aureport-options.c ++++ b/src/aureport-options.c +@@ -61,7 +61,8 @@ const char *event_uuid = NULL; + const char *event_vmname = NULL; + long long event_exit = 0; + int event_exit_is_set = 0; +-int event_ppid = -1, event_session_id = -2; ++pid_t event_ppid = -1; ++uint32_t event_session_id = -2; + int event_debug = 0, event_machine = -1; + time_t arg_eoe_timeout = (time_t)0; + +diff --git a/src/ausearch-options.c b/src/ausearch-options.c +index 8a1f4772..499c2aa3 100644 +--- a/src/ausearch-options.c ++++ b/src/ausearch-options.c +@@ -895,19 +895,21 @@ int check_params(int count, char *vars) + size_t len = strlen(optarg); + if (isdigit(optarg0)) { + errno = 0; +- event_session_id = strtoul(optarg,NULL,10); +- if (errno) ++ unsigned long optval = strtoul(optarg,NULL,10); ++ if (errno || optval >= (1ul << 32)) + retval = -1; ++ event_session_id = optval; + c++; + } else if (len >= 2 && *(optarg)=='-' && + (isdigit(optarg1))) { + errno = 0; +- event_session_id = strtoul(optarg, NULL, 0); +- if (errno) { ++ long optval = strtol(optarg, NULL, 0); ++ if (errno || optval < INT_MIN || optval > INT_MAX) { + retval = -1; + fprintf(stderr, "Error converting %s\n", + optarg); + } ++ event_session_id = optval; + c++; + } else { + fprintf(stderr, +-- +2.33.0 +
View file
_service:tar_scm:backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch
Added
@@ -0,0 +1,214 @@ +From 38572e7eead76015b388723038f03e2ef0b1e3c1 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Fri, 25 Aug 2023 10:41:20 -0400 +Subject: PATCH Rewrite legacy service functions in terms of systemctl + +Reference:https://github.com/linux-audit/audit-userspace/commit/38572e7eead76015b388723038f03e2ef0b1e3c1 +Conflict:init.d/Makefile.am,ChangeLog + +--- + init.d/Makefile.am | 3 +-- + init.d/audit-functions | 52 --------------------------------------- + init.d/auditd.condrestart | 7 +++--- + init.d/auditd.reload | 6 +---- + init.d/auditd.resume | 6 +---- + init.d/auditd.rotate | 6 +---- + init.d/auditd.state | 4 +-- + init.d/auditd.stop | 3 +-- + 8 files changed, 10 insertions(+), 77 deletions(-) + delete mode 100644 init.d/audit-functions + +diff --git a/init.d/Makefile.am b/init.d/Makefile.am +index fdbf81c..3a73697 100644 +--- a/init.d/Makefile.am ++++ b/init.d/Makefile.am +@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \ + auditd.cron libaudit.conf auditd.condrestart \ + auditd.reload auditd.restart auditd.resume \ + auditd.rotate auditd.state auditd.stop \ +- audit-stop.rules augenrules audit-functions ++ audit-stop.rules augenrules + libconfig = libaudit.conf + if ENABLE_SYSTEMD + initdir = /usr/lib/systemd/system +@@ -61,7 +61,6 @@ if ENABLE_SYSTEMD + $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.stop ${DESTDIR}${legacydir}/stop + $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.restart ${DESTDIR}${legacydir}/restart + $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.condrestart ${DESTDIR}${legacydir}/condrestart +- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/audit-functions ${DESTDIR}${libexecdir} + else + $(INSTALL_SCRIPT) -D ${srcdir}/auditd.init ${DESTDIR}${initdir}/auditd + endif +diff --git a/init.d/audit-functions b/init.d/audit-functions +deleted file mode 100644 +index 12f5023..0000000 +--- a/init.d/audit-functions ++++ /dev/null +@@ -1,52 +0,0 @@ +-# -*-Shell-script-*- +- +-# Make sure umask is sane +-umask 022 +- +-#/usr/libexec/audit/audit-functions +- +-# killproc {program} -signal +-killproc () +-{ +- local daemon="$1" +- local sig= +- -n "${2:-}" && sig=$2 +- +- # This matches src/auditd.c +- local pid_file="/var/run/auditd.pid" +- local pid_dir=$(dirname $pid_file) +- +- if ! -d "$pid_dir" ; then +- return 4 +- fi +- +- local pid= +- if -f "$pid_file" ; then +- # pid file exists, use it +- while : ; do +- read line +- -z "$line" && break +- for p in $line ; do +- # pid is numeric and corresponds to a process +- if -z "${p//0-9/}" && -d "/proc/$p" ; then +- d=$(cat "/proc/$p/comm") +- if "$d" = "$daemon" ; then +- pid="$p" +- break +- fi +- fi +- done +- done < "$pid_file" +- else +- # need to search /proc +- p=$(pidof "$daemon") +- if -n "$p" ; then +- pid="$p" +- fi +- fi +- +- # At this point we should have a pid or the process is dead +- if -n "$pid" && -n "$sig" ; then +- kill "$sig" "$pid" >/dev/null 2>&1 +- fi +-} +diff --git a/init.d/auditd.condrestart b/init.d/auditd.condrestart +index d86e5e4..c5803ff 100644 +--- a/init.d/auditd.condrestart ++++ b/init.d/auditd.condrestart +@@ -2,9 +2,10 @@ + # Helper script to provide legacy auditd service options not + # directly supported by systemd. + +-state=`service auditd status | awk '/^ Active/ { print $2 }'` +-if $state = "active" ; then +- /usr/libexec/initscripts/legacy-actions/auditd/restart ++state=$(systemctl status auditd | awk '/Active:/ { print $2 }') ++if "$state" = "active" ; then ++ /usr/libexec/initscripts/legacy-actions/auditd/stop ++ /bin/systemctl start auditd + RETVAL="$?" + exit $RETVAL + fi +diff --git a/init.d/auditd.reload b/init.d/auditd.reload +index e689534..53ff2f4 100644 +--- a/init.d/auditd.reload ++++ b/init.d/auditd.reload +@@ -5,13 +5,9 @@ + # Check that we are root ... so non-root users stop here + test $(id -u) = 0 || exit 4 + +-PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" +-. /usr/libexec/audit-functions +- + printf "Reconfiguring: " + /sbin/augenrules --load +-killproc $prog -HUP ++/sbin/auditctl --signal reload + RETVAL=$? + echo + exit $RETVAL +diff --git a/init.d/auditd.resume b/init.d/auditd.resume +index 6852fd6..96189eb 100644 +--- a/init.d/auditd.resume ++++ b/init.d/auditd.resume +@@ -5,12 +5,8 @@ + # Check that we are root ... so non-root users stop here + test $(id -u) = 0 || exit 4 + +-PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" +-. /usr/libexec/audit-functions +- + printf "Resuming logging: " +-killproc $prog -USR2 ++/sbin/auditctl --signal resume + RETVAL=$? + echo + exit $RETVAL +diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate +index 643b935..dcb12c2 100644 +--- a/init.d/auditd.rotate ++++ b/init.d/auditd.rotate +@@ -5,12 +5,8 @@ + # Check that we are root ... so non-root users stop here + test $(id -u) = 0 || exit 4 + +-PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" +-. /usr/libexec/audit-functions +- + printf "Rotating logs: " +-killproc $prog -USR1 ++/sbin/auditctl --signal rotate + RETVAL=$? + echo + exit $RETVAL +diff --git a/init.d/auditd.state b/init.d/auditd.state +index 4724c4f..6ae0845 100644 +--- a/init.d/auditd.state ++++ b/init.d/auditd.state +@@ -6,12 +6,10 @@ + test $(id -u) = 0 || exit 4 + + PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" + state_file="/var/run/auditd.state" +-. /usr/libexec/audit-functions + + printf "Getting auditd internal state: " +-killproc $prog -CONT ++/sbin/auditctl --signal state + RETVAL=$? + echo -e "\n" + sleep 1 +diff --git a/init.d/auditd.stop b/init.d/auditd.stop +index d3fbc79..5049285 100644 +--- a/init.d/auditd.stop ++++ b/init.d/auditd.stop +@@ -7,7 +7,6 @@ test $(id -u) = 0 || exit 4 + + PATH=/sbin:/bin:/usr/bin:/usr/sbin + prog="auditd" +-. /usr/libexec/audit-functions + pid= + p=$(pidof "$prog") + if -n "$p" ; then +@@ -15,7 +14,7 @@ if -n "$p" ; then + fi + + printf "Stopping logging: " +-killproc $prog -TERM ++/sbin/auditctl --signal stop + RETVAL=$? + if -n "$pid" ; then + # Wait up to 20 seconds for auditd to shutdown +-- +2.33.0 +
View file
_service:tar_scm:backport-fix-the-use-of-isdigit-everywhere.patch
Added
@@ -0,0 +1,401 @@ +From 149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <ausearch.1@gmail.com> +Date: Sun, 5 Nov 2023 14:24:49 -0500 +Subject: PATCH fix the use of isdigit everywhere + +Reference:https://github.com/linux-audit/audit-userspace/commit/149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 +Conflict:NA + +--- + audisp/plugins/af_unix/audisp-af_unix.c | 2 +- + audisp/plugins/ids/ids_config.c | 2 +- + audisp/plugins/remote/remote-config.c | 2 +- + audisp/plugins/zos-remote/zos-remote-config.c | 6 ++-- + auparse/auditd-config.c | 2 +- + auparse/interpret.c | 6 ++-- + src/auditctl.c | 6 ++-- + src/aureport-options.c | 4 +-- + src/aureport-output.c | 2 +- + src/ausearch-options.c | 36 +++++++++---------- + src/ausearch-parse.c | 2 +- + tools/ausyscall/ausyscall.c | 4 +-- + 12 files changed, 37 insertions(+), 37 deletions(-) + +diff --git a/audisp/plugins/af_unix/audisp-af_unix.c b/audisp/plugins/af_unix/audisp-af_unix.c +index ffcc7603..ffbf2ac0 100644 +--- a/audisp/plugins/af_unix/audisp-af_unix.c ++++ b/audisp/plugins/af_unix/audisp-af_unix.c +@@ -126,7 +126,7 @@ int setup_socket(int argc, char *argv) + } else { + int i; + for (i=1; i < 3; i++) { +- if (isdigit(argvi0)) { ++ if (isdigit((unsigned char)argvi0)) { + errno = 0; + mode = strtoul(argvi, NULL, 8); + if (errno) { +diff --git a/audisp/plugins/ids/ids_config.c b/audisp/plugins/ids/ids_config.c +index 4da5ca93..f773794a 100644 +--- a/audisp/plugins/ids/ids_config.c ++++ b/audisp/plugins/ids/ids_config.c +@@ -345,7 +345,7 @@ static int unsigned_int_parser(struct nv_pair *nv, int line, unsigned int *val) + + /* check that all chars are numbers */ + for (i=0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + syslog(LOG_ERR, + "Value %s should only be numbers - line %d", + nv->value, line); +diff --git a/audisp/plugins/remote/remote-config.c b/audisp/plugins/remote/remote-config.c +index 02b51337..8de7b27f 100644 +--- a/audisp/plugins/remote/remote-config.c ++++ b/audisp/plugins/remote/remote-config.c +@@ -484,7 +484,7 @@ static int parse_uint (const struct nv_pair *nv, int line, unsigned int *valp, + + /* check that all chars are numbers */ + for (i=0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + syslog(LOG_ERR, + "Value %s should only be numbers - line %d", + nv->value, line); +diff --git a/audisp/plugins/zos-remote/zos-remote-config.c b/audisp/plugins/zos-remote/zos-remote-config.c +index b92dc778..2f7e42f5 100644 +--- a/audisp/plugins/zos-remote/zos-remote-config.c ++++ b/audisp/plugins/zos-remote/zos-remote-config.c +@@ -301,7 +301,7 @@ static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c) + + /* check that all chars are numbers */ + for (i = 0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + log_err("Value %s should only be numbers - line %d", nv->value, line); + return 1; + } +@@ -327,7 +327,7 @@ static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c) + + /* check that all chars are numbers */ + for (i = 0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + log_err("Value %s should only be numbers - line %d", nv->value, line); + return 1; + } +@@ -376,7 +376,7 @@ static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c) + + /* check that all chars are numbers */ + for (i = 0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + log_err("Value %s should only be numbers - line %d", nv->value, line); + return 1; + } +diff --git a/auparse/auditd-config.c b/auparse/auditd-config.c +index 9a6a6a71..6e5c86a8 100644 +--- a/auparse/auditd-config.c ++++ b/auparse/auditd-config.c +@@ -340,7 +340,7 @@ static int eoe_timeout_parser(auparse_state_t *au, const char *val, int line, + + /* check that all chars are numbers */ + for (i=0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + audit_msg(au, LOG_ERR, + "Value %s should only be numbers - line %d", + val, line); +diff --git a/auparse/interpret.c b/auparse/interpret.c +index f13723b6..77c96468 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -325,7 +325,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode) + static int is_int_string(const char *str) + { + while (*str) { +- if (!isdigit(*str)) ++ if (!isdigit((unsigned char)*str)) + return 0; + str++; + } +@@ -1485,7 +1485,7 @@ static const char *print_success(const char *val) + { + int res; + +- if (isdigit(*val)) { ++ if (isdigit((unsigned char)*val)) { + errno = 0; + res = strtoul(val, NULL, 10); + if (errno) { +@@ -2319,7 +2319,7 @@ static const char *print_fanotify(const char *val) + { + int res; + +- if (isdigit(*val)) { ++ if (isdigit((unsigned char)*val)) { + errno = 0; + res = strtoul(val, NULL, 10); + if (errno) { +diff --git a/src/auditctl.c b/src/auditctl.c +index ccd62bc3..e1ca0f83 100644 +--- a/src/auditctl.c ++++ b/src/auditctl.c +@@ -680,7 +680,7 @@ static int setopt(int count, int lineno, char *vars) + } + break; + case 'r': +- if (optarg && isdigit(optarg0)) { ++ if (optarg && isdigit((unsigned char)optarg0)) { + uint32_t rate; + errno = 0; + rate = strtoul(optarg,NULL,0); +@@ -699,7 +699,7 @@ static int setopt(int count, int lineno, char *vars) + } + break; + case 'b': +- if (optarg && isdigit(optarg0)) { ++ if (optarg && isdigit((unsigned char)optarg0)) { + uint32_t limit; + errno = 0; + limit = strtoul(optarg,NULL,0); +@@ -1134,7 +1134,7 @@ process_keys: + case 2: + #if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME == 1 || \ + HAVE_DECL_AUDIT_STATUS_BACKLOG_WAIT_TIME == 1 +- if (optarg && isdigit(optarg0)) { ++ if (optarg && isdigit((unsigned char)optarg0)) { + uint32_t bwt; + errno = 0; + bwt = strtoul(optarg,NULL,0); +diff --git a/src/aureport-options.c b/src/aureport-options.c +index 203c3880..7480c8a9 100644 +--- a/src/aureport-options.c ++++ b/src/aureport-options.c +@@ -385,7 +385,7 @@ int check_params(int count, char *vars) + // } else { + // UNIMPLEMENTED; + // set_detail(D_SPECIFIC); +-// if (isdigit(optarg0)) { ++// if (isdigit((unsigned char)optarg0)) { + // errno = 0; + // event_id = strtoul(optarg, + // NULL, 10); +@@ -764,7 +764,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10); + if (errno || arg_eoe_timeout == 0) { +diff --git a/src/aureport-output.c b/src/aureport-output.c +index a635d536..27a2ce25 100644 +--- a/src/aureport-output.c ++++ b/src/aureport-output.c +@@ -976,7 +976,7 @@ static void do_user_summary_output(slist *sptr) + long uid; + char name64; + +- if (sn->str0 == '-' || isdigit(sn->str0)) { ++ if (sn->str0 == '-' || isdigit((unsigned char)sn->str0)) { + uid = strtol(sn->str, NULL, 10); + printf("%u ", sn->hits); + safe_print_string(aulookup_uid(uid, name, +diff --git a/src/ausearch-options.c b/src/ausearch-options.c +index 53d0db64..1c653648 100644 +--- a/src/ausearch-options.c ++++ b/src/ausearch-options.c +@@ -253,7 +253,7 @@ static int convert_str_to_msg(const char *optarg) + { + int tmp, retval = 0; + +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + tmp = strtoul(optarg, NULL, 10); + if (errno) { +@@ -335,7 +335,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_id = strtoul(optarg, NULL, 10); + if (errno) { +@@ -357,7 +357,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10); + if (errno || arg_eoe_timeout == 0) { +@@ -463,7 +463,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_gid = strtoul(optarg,NULL,10); + if (errno) { +@@ -497,7 +497,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_egid = strtoul(optarg,NULL,10); + if (errno) { +@@ -529,7 +529,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_gid = strtoul(optarg,NULL,10); + if (errno) { +@@ -655,7 +655,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_ppid = strtol(optarg,NULL,10); + if (errno) +@@ -676,7 +676,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_pid = strtol(optarg,NULL,10); + if (errno) +@@ -794,7 +794,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_syscall = (int)strtoul(optarg, NULL, 10); + if (errno) { +@@ -893,7 +893,7 @@ int check_params(int count, char *vars) + } + { + size_t len = strlen(optarg); +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + unsigned long optval = strtoul(optarg,NULL,10); + if (errno || optval >= (1ul << 32)) +@@ -901,7 +901,7 @@ int check_params(int count, char *vars) + event_session_id = optval; + c++; + } else if (len >= 2 && *(optarg)=='-' && +- (isdigit(optarg1))) { ++ (isdigit((unsigned char)optarg1))) { + errno = 0; + long optval = strtol(optarg, NULL, 0); + if (errno || optval < INT_MIN || optval > INT_MAX) { +@@ -933,7 +933,7 @@ int check_params(int count, char *vars) + } + { + size_t len = strlen(optarg); +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_exit = strtoll(optarg, NULL, 0); + if (errno) { +@@ -942,7 +942,7 @@ int check_params(int count, char *vars) + optarg); + } + } else if (len >= 2 && *(optarg)=='-' && +- (isdigit(optarg1))) { ++ (isdigit((unsigned char)optarg1))) { + errno = 0; + event_exit = strtoll(optarg, NULL, 0); + if (errno) { +@@ -1074,7 +1074,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_uid = strtoul(optarg,NULL,10); + if (errno) { +@@ -1107,7 +1107,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_euid = strtoul(optarg,NULL,10); + if (errno) { +@@ -1140,7 +1140,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_uid = strtoul(optarg,NULL,10); + if (errno) { +@@ -1184,7 +1184,7 @@ int check_params(int count, char *vars) + } + { + size_t len = strlen(optarg); +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + event_loginuid = strtoul(optarg,NULL,10); + if (errno) { +@@ -1194,7 +1194,7 @@ int check_params(int count, char *vars) + retval = -1; + } + } else if (len >= 2 && *(optarg)=='-' && +- (isdigit(optarg1))) { ++ (isdigit((unsigned char)optarg1))) { + errno = 0; + event_loginuid = strtol(optarg, NULL, 0); + if (errno) { +diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c +index e6868c6e..1a5b047f 100644 +--- a/src/ausearch-parse.c ++++ b/src/ausearch-parse.c +@@ -1128,7 +1128,7 @@ try_again: + return 25; + ptr = str + 4; + term = ptr; +- while (isdigit(*term)) ++ while (isdigit((unsigned char)*term)) + term++; + if (term == ptr) + return 14; +diff --git a/tools/ausyscall/ausyscall.c b/tools/ausyscall/ausyscall.c +index bf751f17..489b1095 100644 +--- a/tools/ausyscall/ausyscall.c ++++ b/tools/ausyscall/ausyscall.c +@@ -47,9 +47,9 @@ int main(int argc, char *argv) + usage(); + } else if (argc < 2) + usage(); +- ++ + for (i=1; i<argc; i++) { +- if (isdigit(argvi0)) { ++ if (isdigit((unsigned char)argvi0)) { + if (syscall_num != -1) { + fputs("Two syscall numbers not allowed\n", + stderr); +-- +2.33.0 +
View file
_service:tar_scm:backport-lib-cast-to-unsigned-char-for-character-test-functio.patch
Added
@@ -0,0 +1,165 @@ +From 3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Thu, 2 Nov 2023 21:20:40 +0100 +Subject: PATCH lib: cast to unsigned char for character test functions + (#338) + +Passing a value not representable by unsigned char is undefined +behavior. + +Reference:https://github.com/linux-audit/audit-userspace/commit/3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 +Conflict:NA + +--- + lib/libaudit.c | 32 ++++++++++++++++---------------- + lib/lookup_table.c | 2 +- + 2 files changed, 17 insertions(+), 17 deletions(-) + +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 960525a..abcdf4a 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -1031,7 +1031,7 @@ int audit_rule_syscallbyname_data(struct audit_rule_data *rule, + return -2; + nr = audit_name_to_syscall(scall, machine); + if (nr < 0) { +- if (isdigit(scall0)) ++ if (isdigit((unsigned char)scall0)) + nr = strtol(scall, NULL, 0); + } + if (nr >= 0) +@@ -1056,7 +1056,7 @@ int audit_rule_io_uringbyname_data(struct audit_rule_data *rule, + } + nr = audit_name_to_uringop(scall); + if (nr < 0) { +- if (isdigit(scall0)) ++ if (isdigit((unsigned char)scall0)) + nr = strtol(scall, NULL, 0); + } + if (nr >= 0) +@@ -1585,11 +1585,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + case AUDIT_OBJ_UID: + // Do positive & negative separate for 32 bit systems + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else { +@@ -1609,7 +1609,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + case AUDIT_SGID: + case AUDIT_FSGID: + case AUDIT_OBJ_GID: +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else { +@@ -1625,11 +1625,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + if (flags != AUDIT_FILTER_EXIT) + return -EAU_EXITONLY; + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else { +@@ -1644,7 +1644,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + flags != AUDIT_FILTER_USER) + return -EAU_MSGTYPEEXCLUDEUSER; + +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else +@@ -1715,7 +1715,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_ARCHMISPLACED; + if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) + return -EAU_OPEQNOTEQ; +- if (isdigit((char)*(v))) { ++ if (isdigit((unsigned char)*(v))) { + int machine; + + errno = 0; +@@ -1757,7 +1757,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_STRTOOLONG; + + for (i = 0; i < len; i++) { +- switch (tolower(vi)) { ++ switch (tolower((unsigned char)vi)) { + case 'r': + val |= AUDIT_PERM_READ; + break; +@@ -1791,7 +1791,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_FIELDUNAVAIL; + if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) + return -EAU_OPEQNOTEQ; +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else +@@ -1804,11 +1804,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + break; + case AUDIT_ARG0...AUDIT_ARG3: + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else +@@ -1824,11 +1824,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_FIELDNOFILTER; + // Do positive & negative separate for 32 bit systems + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else if (strcmp(v, "unset") == 0) +@@ -1854,7 +1854,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT)) + return -EAU_EXITONLY; + +- if (!isdigit((char)*(v))) ++ if (!isdigit((unsigned char)*(v))) + return -EAU_FIELDVALNUM; + + if (field == AUDIT_INODE) +diff --git a/lib/lookup_table.c b/lib/lookup_table.c +index 2f5e6cd..d839205 100644 +--- a/lib/lookup_table.c ++++ b/lib/lookup_table.c +@@ -255,7 +255,7 @@ int audit_name_to_msg_type(const char *msg_type) + strncpy(buf, msg_type + 8, len); + errno = 0; + return strtol(buf, NULL, 10); +- } else if (isdigit(*msg_type)) { ++ } else if (isdigit((unsigned char)*msg_type)) { + errno = 0; + return strtol(msg_type, NULL, 10); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch
Added
@@ -0,0 +1,35 @@ +From 3f928b21486369c495d9eaca46eb9d506ae576b3 Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Wed, 1 Nov 2023 20:35:40 +0100 +Subject: PATCH lib: close audit socket in load_feature_bitmap() (#334) + + +Reference:https://github.com/linux-audit/audit-userspace/commit/3f928b21486369c495d9eaca46eb9d506ae576b3 +Conflict:NA + +--- + lib/libaudit.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/libaudit.c b/lib/libaudit.c +index ded3ab47..4c317c87 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -657,12 +657,14 @@ static void load_feature_bitmap(void) + + /* Found it... */ + features_bitmap = rep.status->feature_bitmap; ++ audit_close(fd); + return; + } + } + } + #endif + features_bitmap = AUDIT_FEATURES_UNSUPPORTED; ++ audit_close(fd); + } + + uint32_t audit_get_features(void) +-- +2.33.0 +
View file
_service:tar_scm:backport-lib-enclose-macro-to-avoid-precedence-issues.patch
Added
@@ -0,0 +1,29 @@ +From e97c79260a2e7bdbf02c5162b0c40451c9555111 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Tue, 31 Oct 2023 16:49:10 +0100 +Subject: PATCH lib: enclose macro to avoid precedence issues + + +Reference:https://github.com/linux-audit/audit-userspace/commit/e97c79260a2e7bdbf02c5162b0c40451c9555111 +Conflict:NA + +--- + lib/audit_logging.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/audit_logging.c b/lib/audit_logging.c +index 8b8b6207..e8b79d3e 100644 +--- a/lib/audit_logging.c ++++ b/lib/audit_logging.c +@@ -38,7 +38,7 @@ + #include "private.h" + + #define TTY_PATH 32 +-#define MAX_USER (UT_NAMESIZE * 2) + 8 ++#define MAX_USER ((UT_NAMESIZE * 2) + 8) + + // NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore, + // these routines do not need to send them. +-- +2.33.0 +
View file
_service:tar_scm:backport-memory-allocation-updates-341.patch
Added
@@ -0,0 +1,56 @@ +From b92027ac9e29659483a5e920e548fe74126f72af Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Wed, 1 Nov 2023 22:15:40 +0100 +Subject: PATCH memory allocation updates (#341) + +* Check memory allocation + +Avoid later NULL dereference. + +* Check memory allocation and merge zeroing + +Avoid later NULL dereference. + +Reference:https://github.com/linux-audit/audit-userspace/commit/b92027ac9e29659483a5e920e548fe74126f72af +Conflict:NA + +--- + auparse/interpret.c | 2 ++ + lib/libaudit.c | 7 +++++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/auparse/interpret.c b/auparse/interpret.c +index ecde07ae..76ca2814 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -366,6 +366,8 @@ char *au_unescape(char *buf) + // strlen(buf) / 2. + olen = strlen(buf); + str = malloc(olen+1); ++ if (!str) ++ return NULL; + + saved = *ptr; + *ptr = 0; +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 6a42871b..d90d83b8 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -891,9 +891,12 @@ int audit_make_equivalent(int fd, const char *mount_point, + struct { + uint32_t sizes2; + unsigned char buf; +- } *cmd = malloc(sizeof(*cmd) + len1 + len2); ++ } *cmd = calloc(1, sizeof(*cmd) + len1 + len2); + +- memset(cmd, 0, sizeof(*cmd) + len1 + len2); ++ if (!cmd) { ++ audit_msg(LOG_ERR, "Cannot allocate memory!"); ++ return -ENOMEM; ++ } + + cmd->sizes0 = len1; + cmd->sizes1 = len2; +-- +2.33.0 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/audit.git</param> - <param name="revision">master</param> + <param name="revision">openEuler-24.09</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2