Projects
Mega:24.09
audit
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:audit.spec
Changed
@@ -2,36 +2,47 @@ Name: audit Epoch: 1 Version: 3.1.2 -Release: 4 +Release: 5 License: GPLv2+ and LGPLv2+ URL: https://people.redhat.com/sgrubb/audit/ Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt -Patch0: bugfix-audit-support-armv7b.patch -Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch -Patch2: bugfix-audit-reload-coredump.patch -Patch3: audit-Add-sw64-architecture.patch -Patch4: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch -Patch5: backport-first-part-of-NULL-pointer-checks.patch -Patch6: backport-second-part-of-NULL-pointer-checks.patch -Patch7: backport-last-part-of-NULL-pointer-checks.patch -Patch8: backport-Fixed-NULL-checks.patch -Patch9: backport-update-error-messages-in-NULL-Checks.patch -Patch10: backport-adding-the-file-descriptor-closure.patch -Patch11: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch -Patch12: backport-Use-atomic_int-if-available-for-signal-related-flags.patch -Patch13: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch -Patch14: backport-avoiding-of-NULL-pointers-dereference-366.patch -Patch15: backport-Cleanup-code-in-LRU.patch -Patch16: backport-Fix-memory-leaks.patch -Patch17: backport-fix-one-more-leak.patch -Patch18: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch -Patch19: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch -Patch20: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch -Patch21: backport-Fix-deprecated-python-function.patch -Patch22: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch -Patch23: backport-Cleanup-shell-script-warnings.patch +Patch0: bugfix-audit-support-armv7b.patch +Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch +Patch2: bugfix-audit-reload-coredump.patch +Patch3: audit-Add-sw64-architecture.patch +Patch4: backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch +Patch5: backport-Error-out-if-required-zos-parameters-missing.patch +Patch6: backport-Fix-deprecated-python-function.patch +Patch7: backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch +Patch8: backport-lib-enclose-macro-to-avoid-precedence-issues.patch +Patch9: backport-memory-allocation-updates-341.patch +Patch10: backport-lib-cast-to-unsigned-char-for-character-test-functio.patch +Patch11: backport-Make-session-id-consistently-typed-327.patch +Patch12: backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch +Patch13: backport-fix-the-use-of-isdigit-everywhere.patch +Patch14: backport-Fix-new-warnings-for-unused-results.patch +Patch15: backport-Change-the-first-iteration-test-so-static-analysis-b.patch +Patch16: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch +Patch17: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch +Patch18: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch +Patch19: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch +Patch20: backport-Cleanup-shell-script-warnings.patch +Patch21: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch +Patch22: backport-first-part-of-NULL-pointer-checks.patch +Patch23: backport-second-part-of-NULL-pointer-checks.patch +Patch24: backport-last-part-of-NULL-pointer-checks.patch +Patch25: backport-Fixed-NULL-checks.patch +Patch26: backport-update-error-messages-in-NULL-Checks.patch +Patch27: backport-adding-the-file-descriptor-closure.patch +Patch28: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch +Patch29: backport-Use-atomic_int-if-available-for-signal-related-flags.patch +Patch30: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch +Patch31: backport-avoiding-of-NULL-pointers-dereference-366.patch +Patch32: backport-Cleanup-code-in-LRU.patch +Patch33: backport-Fix-memory-leaks.patch +Patch34: backport-fix-one-more-leak.patch BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: openldap-devel krb5-devel libcap-ng-devel @@ -311,7 +322,6 @@ %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop -%attr(750,root,root) %{_libexecdir}/audit-functions %ghost %{_localstatedir}/run/auditd.state %attr(750,root,root) %dir %{_var}/log/audit %attr(750,root,root) %dir /etc/audit @@ -375,6 +385,9 @@ %attr(644,root,root) %{_mandir}/man8/*.8.gz %changelog +* Wed Jul 17 2024 xuraoqing<xuraoqing@huawei.com> - 1:3.1.2-5 +- backport patches to fix bugs + * Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1:3.1.2-4 - backport patches from upstream
View file
_service:tar_scm:backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch
Added
@@ -0,0 +1,137 @@ +From 2663987c5088924bce510fcf8e7891d6aae976ba Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Sat, 4 Nov 2023 03:48:39 +0100 +Subject: PATCH Avoid file descriptor leaks in multi-threaded applications + (#339) + +* lib: set close-on-exec flag + +libaudit may be called from a multi-threaded application. +Avoid leaking local file descriptors on a concurrent execve. + +* lib: simplify SOCK_CLOEXEC + +SOCK_CLOEXEC is supported since Linux 2.6.27. + +Reference:https://github.com/linux-audit/audit-userspace/commit/2663987c5088924bce510fcf8e7891d6aae976ba +Conflict:lib/audit_logging.c,lib/netlink.c,lib/libaudit.c + +--- + lib/audit_logging.c | 2 +- + lib/libaudit.c | 14 +++++++------- + lib/netlink.c | 12 +----------- + 3 files changed, 9 insertions(+), 19 deletions(-) + +diff --git a/lib/audit_logging.c b/lib/audit_logging.c +index 302c242..08b53aa 100644 +--- a/lib/audit_logging.c ++++ b/lib/audit_logging.c +@@ -177,7 +177,7 @@ static char *_get_commname(const char *comm, char *commname, unsigned int size) + + if (comm == NULL) { + int len; +- int fd = open("/proc/self/comm", O_RDONLY); ++ int fd = open("/proc/self/comm", O_RDONLY|O_CLOEXEC); + if (fd < 0) { + strcpy(commname, "\"?\""); + return commname; +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 2cc7afd..74fa2f3 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -221,7 +221,7 @@ static int load_libaudit_config(const char *path) + char buf128; + + /* open the file */ +- rc = open(path, O_NOFOLLOW|O_RDONLY); ++ rc = open(path, O_NOFOLLOW|O_RDONLY|O_CLOEXEC); + if (rc < 0) { + if (errno != ENOENT) { + audit_msg(LOG_ERR, "Error opening %s (%s)", +@@ -261,7 +261,7 @@ static int load_libaudit_config(const char *path) + } + + /* it's ok, read line by line */ +- f = fdopen(fd, "rm"); ++ f = fdopen(fd, "rme"); + if (f == NULL) { + audit_msg(LOG_ERR, "Error - fdopen failed (%s)", + strerror(errno)); +@@ -705,7 +705,7 @@ char *audit_format_signal_info(char *buf, int len, char *op, + char path32, ses16; + int rlen; + snprintf(path, sizeof(path), "/proc/%u", rep->signal_info->pid); +- int fd = open(path, O_RDONLY); ++ int fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC); + if (fd >= 0) { + if (fstat(fd, &sb) < 0) + sb.st_uid = -1; +@@ -714,7 +714,7 @@ char *audit_format_signal_info(char *buf, int len, char *op, + sb.st_uid = -1; + snprintf(path, sizeof(path), "/proc/%u/sessionid", + rep->signal_info->pid); +- fd = open(path, O_RDONLY, rep->signal_info->pid); ++ fd = open(path, O_RDONLY|O_CLOEXEC, rep->signal_info->pid); + if (fd < 0) + strcpy(ses, "4294967295"); + else { +@@ -918,7 +918,7 @@ uid_t audit_getloginuid(void) + char buf16; + + errno = 0; +- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY); ++ in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC); + if (in < 0) + return -1; + do { +@@ -946,7 +946,7 @@ int audit_setloginuid(uid_t uid) + + errno = 0; + count = snprintf(loginuid, sizeof(loginuid), "%u", uid); +- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); ++ o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC|O_CLOEXEC); + if (o >= 0) { + int block, offset = 0; + +@@ -982,7 +982,7 @@ uint32_t audit_get_session(void) + char buf16; + + errno = 0; +- in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY); ++ in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC); + if (in < 0) + return -2; + do { +diff --git a/lib/netlink.c b/lib/netlink.c +index 66a1e7c..f862da4 100644 +--- a/lib/netlink.c ++++ b/lib/netlink.c +@@ -47,7 +47,7 @@ static int check_ack(int fd); + int audit_open(void) + { + int saved_errno; +- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); ++ int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT); + + if (fd < 0) { + saved_errno = errno; +@@ -60,16 +60,6 @@ int audit_open(void) + "Error opening audit netlink socket (%s)", + strerror(errno)); + errno = saved_errno; +- return fd; +- } +- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { +- saved_errno = errno; +- audit_msg(LOG_ERR, +- "Error setting audit netlink socket CLOEXEC flag (%s)", +- strerror(errno)); +- close(fd); +- errno = saved_errno; +- return -1; + } + return fd; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-Change-the-first-iteration-test-so-static-analysis-b.patch
Added
@@ -0,0 +1,39 @@ +From b84b007cd0ef504e8c86b8cc73646f3119ed343c Mon Sep 17 00:00:00 2001 +From: Steve Grubb <ausearch.1@gmail.com> +Date: Wed, 29 Nov 2023 15:49:21 -0500 +Subject: PATCH Change the first iteration test so static analysis better + understands the code + +Reference:https://github.com/linux-audit/audit-userspace/commit/b84b007cd0ef504e8c86b8cc73646f3119ed343c +Conflict:NA + +--- + tools/aulast/aulast-llist.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/tools/aulast/aulast-llist.c b/tools/aulast/aulast-llist.c +index 87638ebc..d7765ba4 100644 +--- a/tools/aulast/aulast-llist.c ++++ b/tools/aulast/aulast-llist.c +@@ -140,11 +140,15 @@ int list_update_logout(llist* l, time_t t, unsigned long serial) + lnode *list_delete_cur(llist *l) + { + register lnode *cur, *prev; +- +- prev = cur = l->head; /* start at the beginning */ ++ ++ if (l == NULL || l->head == NULL) ++ return NULL; ++ ++ prev = cur = l->head; /* start at the beginning */ + while (cur) { + if (cur == l->cur) { +- if (cur == prev && cur == l->head) { ++ // If the first iteration ++ if (prev == l->head && cur == l->head) { + l->head = cur->next; + l->cur = cur->next; + free((void *)cur->name); +-- +2.33.0 +
View file
_service:tar_scm:backport-Cleanup-shell-script-warnings.patch
Changed
@@ -4,7 +4,7 @@ Subject: PATCH Cleanup shell script warnings Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9 -Conflict:init.d/augenrules, init.d/auditd.state +Conflict:NA --- init.d/auditd.reload | 2 +- @@ -12,11 +12,11 @@ init.d/auditd.rotate | 2 +- init.d/auditd.state | 6 +++--- init.d/auditd.stop | 2 +- - init.d/augenrules | 4 ++-- - 6 files changed, 7 insertions(+), 7 deletions(-) + init.d/augenrules | 2 +- + 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/init.d/auditd.reload b/init.d/auditd.reload -index 6db1bd74..b42fa6bf 100644 +index 53ff2f4..4f09d00 100644 --- a/init.d/auditd.reload +++ b/init.d/auditd.reload @@ -3,7 +3,7 @@ @@ -26,10 +26,10 @@ -test $(id -u) = 0 || exit 4 +test "$(id -u)" = "0" || exit 4 - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" + printf "Reconfiguring: " + /sbin/augenrules --load diff --git a/init.d/auditd.resume b/init.d/auditd.resume -index 96189eb6..8193bea9 100644 +index 96189eb..8193bea 100644 --- a/init.d/auditd.resume +++ b/init.d/auditd.resume @@ -3,7 +3,7 @@ @@ -39,10 +39,10 @@ -test $(id -u) = 0 || exit 4 +test "$(id -u)" = "0" || exit 4 - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" + printf "Resuming logging: " + /sbin/auditctl --signal resume diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate -index dcb12c26..8bb65530 100644 +index dcb12c2..8bb6553 100644 --- a/init.d/auditd.rotate +++ b/init.d/auditd.rotate @@ -3,7 +3,7 @@ @@ -52,10 +52,10 @@ -test $(id -u) = 0 || exit 4 +test "$(id -u)" = "0" || exit 4 - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" + printf "Rotating logs: " + /sbin/auditctl --signal rotate diff --git a/init.d/auditd.state b/init.d/auditd.state -index 6ae0845a..c59fe5a6 100644 +index 6ae0845..c59fe5a 100644 --- a/init.d/auditd.state +++ b/init.d/auditd.state @@ -3,7 +3,7 @@ @@ -66,18 +66,22 @@ +test "$(id -u)" = "0" || exit 4 PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" -@@ -15,7 +15,7 @@ killproc $prog -CONT + state_file="/var/run/auditd.state" +@@ -11,10 +11,10 @@ state_file="/var/run/auditd.state" + printf "Getting auditd internal state: " + /sbin/auditctl --signal state RETVAL=$? - echo -e "\n" +-echo -e "\n" sleep 1 -if $? -eq 0 ; then +if $RETVAL -eq 0 ; then if -e $state_file ; then ++ printf "\n\n" cat $state_file fi + fi diff --git a/init.d/auditd.stop b/init.d/auditd.stop -index 4cfe88b1..79e53a59 100644 +index 5049285..41c67d6 100644 --- a/init.d/auditd.stop +++ b/init.d/auditd.stop @@ -3,7 +3,7 @@ @@ -90,7 +94,7 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin prog="auditd" diff --git a/init.d/augenrules b/init.d/augenrules -index be6c9f5c..8c1a670b 100644 +index ea96aa7..605cfef 100644 --- a/init.d/augenrules +++ b/init.d/augenrules @@ -35,7 +35,7 @@ RETVAL=0
View file
_service:tar_scm:backport-Error-out-if-required-zos-parameters-missing.patch
Added
@@ -0,0 +1,41 @@ +From bbe96f9798451129ae2555f92e2f698f842f7833 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Tue, 10 Oct 2023 08:22:49 -0400 +Subject: PATCH Error out if required zos parameters missing + + +Reference:https://github.com/linux-audit/audit-userspace/commit/bbe96f9798451129ae2555f92e2f698f842f7833 +Conflict:NA + +--- + audisp/plugins/zos-remote/zos-remote-ldap.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/audisp/plugins/zos-remote/zos-remote-ldap.c b/audisp/plugins/zos-remote/zos-remote-ldap.c +index 7dd1424f..7e27eda4 100644 +--- a/audisp/plugins/zos-remote/zos-remote-ldap.c ++++ b/audisp/plugins/zos-remote/zos-remote-ldap.c +@@ -134,14 +134,18 @@ retry: + + int zos_remote_init(ZOS_REMOTE *zos_remote, const char *server, int port, + const char *user, const char *password, int timeout) +-{ ++{ ++ if (server == NULL || user == NULL || password == NULL) { ++ log_err("Error: required parameters are not present in config file"); ++ return ICTX_E_FATAL; ++ } + zos_remote->server = strdup(server); + zos_remote->port = port; + zos_remote->user = strdup(user); + zos_remote->password = strdup(password); + zos_remote->timeout = timeout; + zos_remote->connected = 0; +- ++ + if (!zos_remote->server || !zos_remote->user || !zos_remote->password) { + log_err("Error allocating memory for session members"); + return ICTX_E_FATAL; +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-new-warnings-for-unused-results.patch
Added
@@ -0,0 +1,107 @@ +From a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <ausearch.1@gmail.com> +Date: Mon, 20 Nov 2023 16:37:46 -0500 +Subject: PATCH Fix new warnings for unused results + +Reference:https://github.com/linux-audit/audit-userspace/commit/a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 +Conflict:NA + +--- + audisp/plugins/ids/ids.c | 5 +++-- + audisp/plugins/ids/ids.h | 2 +- + audisp/plugins/statsd/audisp-statsd.c | 4 ++-- + lib/libaudit.c | 3 ++- + lib/netlink.c | 3 ++- + src/auditd.c | 3 ++- + 6 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/audisp/plugins/ids/ids.c b/audisp/plugins/ids/ids.c +index d28237e5..1446ca71 100644 +--- a/audisp/plugins/ids/ids.c ++++ b/audisp/plugins/ids/ids.c +@@ -107,9 +107,10 @@ static void destroy_audit(void) + } + + +-void log_audit_event(int type, const char *text, int res) ++int log_audit_event(int type, const char *text, int res) + { +- audit_log_user_message(audit_fd, type, text, NULL, NULL, NULL, res); ++ return audit_log_user_message(audit_fd, type, text, ++ NULL, NULL, NULL, res); + } + + +diff --git a/audisp/plugins/ids/ids.h b/audisp/plugins/ids/ids.h +index f3710066..cb98cdba 100644 +--- a/audisp/plugins/ids/ids.h ++++ b/audisp/plugins/ids/ids.h +@@ -15,6 +15,6 @@ + extern int debug; + extern void my_printf(const char *fmt, ...) + __attribute__ (( format(printf, 1, 2) )); +-extern void log_audit_event(int type, const char *text, int res); ++extern int log_audit_event(int type, const char *text, int res); + + #endif +diff --git a/audisp/plugins/statsd/audisp-statsd.c b/audisp/plugins/statsd/audisp-statsd.c +index db2c6111..912f9171 100644 +--- a/audisp/plugins/statsd/audisp-statsd.c ++++ b/audisp/plugins/statsd/audisp-statsd.c +@@ -218,9 +218,9 @@ static void get_kernel_status(void) + struct audit_reply rep; + + audit_request_status(audit_fd); +- audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0); ++ int rc = audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0); + +- if (rep.type == AUDIT_GET) { ++ if (rc > 0 && rep.type == AUDIT_GET) { + // add info to global audit event struct + r.lost = rep.status->lost; + r.backlog = rep.status->backlog; +diff --git a/lib/libaudit.c b/lib/libaudit.c +index e5f2a7c5..3decff12 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -473,7 +473,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode) + rc = poll(pfd, 1, 100); /* .1 second */ + } while (rc < 0 && errno == EINTR); + +- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); ++ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0)) ++ ; // intentionally empty + return 1; + } + +diff --git a/lib/netlink.c b/lib/netlink.c +index eeeefc26..3381651a 100644 +--- a/lib/netlink.c ++++ b/lib/netlink.c +@@ -280,7 +280,8 @@ retry: + else if (rc > 0 && rep.type == NLMSG_ERROR) { + int error = rep.error->error; + /* Eat the message */ +- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); ++ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0)) ++ ; // intentionally empty + + /* NLMSG_ERROR can indicate success, only report nonzero */ + if (error) { +diff --git a/src/auditd.c b/src/auditd.c +index 2dedf35b..54b407f3 100644 +--- a/src/auditd.c ++++ b/src/auditd.c +@@ -1044,7 +1044,8 @@ static void clean_exit(void) + audit_msg(LOG_INFO, "The audit daemon is exiting."); + if (fd >= 0) { + if (!opt_aggregate_only) +- audit_set_pid(fd, 0, WAIT_NO); ++ if (audit_set_pid(fd, 0, WAIT_NO)) ++ ; // intentionally empty + audit_close(fd); + } + if (pidfile) +-- +2.33.0 +
View file
_service:tar_scm:backport-Make-session-id-consistently-typed-327.patch
Added
@@ -0,0 +1,62 @@ +From 8359a7004de5e22c5a9b85c01c56e3b376d84a81 Mon Sep 17 00:00:00 2001 +From: Michael Tautschnig <mt@debian.org> +Date: Thu, 2 Nov 2023 21:53:29 +0100 +Subject: PATCH Make session id consistently typed (#327) + +This fixes type-conflicting definitions and declarations. + +Reference:https://github.com/linux-audit/audit-userspace/commit/8359a7004de5e22c5a9b85c01c56e3b376d84a81 +Conflict:NA + +--- + src/aureport-options.c | 3 ++- + src/ausearch-options.c | 10 ++++++---- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/aureport-options.c b/src/aureport-options.c +index 93621e25..76a4b9f1 100644 +--- a/src/aureport-options.c ++++ b/src/aureport-options.c +@@ -61,7 +61,8 @@ const char *event_uuid = NULL; + const char *event_vmname = NULL; + long long event_exit = 0; + int event_exit_is_set = 0; +-int event_ppid = -1, event_session_id = -2; ++pid_t event_ppid = -1; ++uint32_t event_session_id = -2; + int event_debug = 0, event_machine = -1; + time_t arg_eoe_timeout = (time_t)0; + +diff --git a/src/ausearch-options.c b/src/ausearch-options.c +index 8a1f4772..499c2aa3 100644 +--- a/src/ausearch-options.c ++++ b/src/ausearch-options.c +@@ -895,19 +895,21 @@ int check_params(int count, char *vars) + size_t len = strlen(optarg); + if (isdigit(optarg0)) { + errno = 0; +- event_session_id = strtoul(optarg,NULL,10); +- if (errno) ++ unsigned long optval = strtoul(optarg,NULL,10); ++ if (errno || optval >= (1ul << 32)) + retval = -1; ++ event_session_id = optval; + c++; + } else if (len >= 2 && *(optarg)=='-' && + (isdigit(optarg1))) { + errno = 0; +- event_session_id = strtoul(optarg, NULL, 0); +- if (errno) { ++ long optval = strtol(optarg, NULL, 0); ++ if (errno || optval < INT_MIN || optval > INT_MAX) { + retval = -1; + fprintf(stderr, "Error converting %s\n", + optarg); + } ++ event_session_id = optval; + c++; + } else { + fprintf(stderr, +-- +2.33.0 +
View file
_service:tar_scm:backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch
Added
@@ -0,0 +1,214 @@ +From 38572e7eead76015b388723038f03e2ef0b1e3c1 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Fri, 25 Aug 2023 10:41:20 -0400 +Subject: PATCH Rewrite legacy service functions in terms of systemctl + +Reference:https://github.com/linux-audit/audit-userspace/commit/38572e7eead76015b388723038f03e2ef0b1e3c1 +Conflict:init.d/Makefile.am,ChangeLog + +--- + init.d/Makefile.am | 3 +-- + init.d/audit-functions | 52 --------------------------------------- + init.d/auditd.condrestart | 7 +++--- + init.d/auditd.reload | 6 +---- + init.d/auditd.resume | 6 +---- + init.d/auditd.rotate | 6 +---- + init.d/auditd.state | 4 +-- + init.d/auditd.stop | 3 +-- + 8 files changed, 10 insertions(+), 77 deletions(-) + delete mode 100644 init.d/audit-functions + +diff --git a/init.d/Makefile.am b/init.d/Makefile.am +index fdbf81c..3a73697 100644 +--- a/init.d/Makefile.am ++++ b/init.d/Makefile.am +@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \ + auditd.cron libaudit.conf auditd.condrestart \ + auditd.reload auditd.restart auditd.resume \ + auditd.rotate auditd.state auditd.stop \ +- audit-stop.rules augenrules audit-functions ++ audit-stop.rules augenrules + libconfig = libaudit.conf + if ENABLE_SYSTEMD + initdir = /usr/lib/systemd/system +@@ -61,7 +61,6 @@ if ENABLE_SYSTEMD + $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.stop ${DESTDIR}${legacydir}/stop + $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.restart ${DESTDIR}${legacydir}/restart + $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.condrestart ${DESTDIR}${legacydir}/condrestart +- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/audit-functions ${DESTDIR}${libexecdir} + else + $(INSTALL_SCRIPT) -D ${srcdir}/auditd.init ${DESTDIR}${initdir}/auditd + endif +diff --git a/init.d/audit-functions b/init.d/audit-functions +deleted file mode 100644 +index 12f5023..0000000 +--- a/init.d/audit-functions ++++ /dev/null +@@ -1,52 +0,0 @@ +-# -*-Shell-script-*- +- +-# Make sure umask is sane +-umask 022 +- +-#/usr/libexec/audit/audit-functions +- +-# killproc {program} -signal +-killproc () +-{ +- local daemon="$1" +- local sig= +- -n "${2:-}" && sig=$2 +- +- # This matches src/auditd.c +- local pid_file="/var/run/auditd.pid" +- local pid_dir=$(dirname $pid_file) +- +- if ! -d "$pid_dir" ; then +- return 4 +- fi +- +- local pid= +- if -f "$pid_file" ; then +- # pid file exists, use it +- while : ; do +- read line +- -z "$line" && break +- for p in $line ; do +- # pid is numeric and corresponds to a process +- if -z "${p//0-9/}" && -d "/proc/$p" ; then +- d=$(cat "/proc/$p/comm") +- if "$d" = "$daemon" ; then +- pid="$p" +- break +- fi +- fi +- done +- done < "$pid_file" +- else +- # need to search /proc +- p=$(pidof "$daemon") +- if -n "$p" ; then +- pid="$p" +- fi +- fi +- +- # At this point we should have a pid or the process is dead +- if -n "$pid" && -n "$sig" ; then +- kill "$sig" "$pid" >/dev/null 2>&1 +- fi +-} +diff --git a/init.d/auditd.condrestart b/init.d/auditd.condrestart +index d86e5e4..c5803ff 100644 +--- a/init.d/auditd.condrestart ++++ b/init.d/auditd.condrestart +@@ -2,9 +2,10 @@ + # Helper script to provide legacy auditd service options not + # directly supported by systemd. + +-state=`service auditd status | awk '/^ Active/ { print $2 }'` +-if $state = "active" ; then +- /usr/libexec/initscripts/legacy-actions/auditd/restart ++state=$(systemctl status auditd | awk '/Active:/ { print $2 }') ++if "$state" = "active" ; then ++ /usr/libexec/initscripts/legacy-actions/auditd/stop ++ /bin/systemctl start auditd + RETVAL="$?" + exit $RETVAL + fi +diff --git a/init.d/auditd.reload b/init.d/auditd.reload +index e689534..53ff2f4 100644 +--- a/init.d/auditd.reload ++++ b/init.d/auditd.reload +@@ -5,13 +5,9 @@ + # Check that we are root ... so non-root users stop here + test $(id -u) = 0 || exit 4 + +-PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" +-. /usr/libexec/audit-functions +- + printf "Reconfiguring: " + /sbin/augenrules --load +-killproc $prog -HUP ++/sbin/auditctl --signal reload + RETVAL=$? + echo + exit $RETVAL +diff --git a/init.d/auditd.resume b/init.d/auditd.resume +index 6852fd6..96189eb 100644 +--- a/init.d/auditd.resume ++++ b/init.d/auditd.resume +@@ -5,12 +5,8 @@ + # Check that we are root ... so non-root users stop here + test $(id -u) = 0 || exit 4 + +-PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" +-. /usr/libexec/audit-functions +- + printf "Resuming logging: " +-killproc $prog -USR2 ++/sbin/auditctl --signal resume + RETVAL=$? + echo + exit $RETVAL +diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate +index 643b935..dcb12c2 100644 +--- a/init.d/auditd.rotate ++++ b/init.d/auditd.rotate +@@ -5,12 +5,8 @@ + # Check that we are root ... so non-root users stop here + test $(id -u) = 0 || exit 4 + +-PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" +-. /usr/libexec/audit-functions +- + printf "Rotating logs: " +-killproc $prog -USR1 ++/sbin/auditctl --signal rotate + RETVAL=$? + echo + exit $RETVAL +diff --git a/init.d/auditd.state b/init.d/auditd.state +index 4724c4f..6ae0845 100644 +--- a/init.d/auditd.state ++++ b/init.d/auditd.state +@@ -6,12 +6,10 @@ + test $(id -u) = 0 || exit 4 + + PATH=/sbin:/bin:/usr/bin:/usr/sbin +-prog="auditd" + state_file="/var/run/auditd.state" +-. /usr/libexec/audit-functions + + printf "Getting auditd internal state: " +-killproc $prog -CONT ++/sbin/auditctl --signal state + RETVAL=$? + echo -e "\n" + sleep 1 +diff --git a/init.d/auditd.stop b/init.d/auditd.stop +index d3fbc79..5049285 100644 +--- a/init.d/auditd.stop ++++ b/init.d/auditd.stop +@@ -7,7 +7,6 @@ test $(id -u) = 0 || exit 4 + + PATH=/sbin:/bin:/usr/bin:/usr/sbin + prog="auditd" +-. /usr/libexec/audit-functions
View file
_service:tar_scm:backport-fix-the-use-of-isdigit-everywhere.patch
Added
@@ -0,0 +1,401 @@ +From 149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <ausearch.1@gmail.com> +Date: Sun, 5 Nov 2023 14:24:49 -0500 +Subject: PATCH fix the use of isdigit everywhere + +Reference:https://github.com/linux-audit/audit-userspace/commit/149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 +Conflict:NA + +--- + audisp/plugins/af_unix/audisp-af_unix.c | 2 +- + audisp/plugins/ids/ids_config.c | 2 +- + audisp/plugins/remote/remote-config.c | 2 +- + audisp/plugins/zos-remote/zos-remote-config.c | 6 ++-- + auparse/auditd-config.c | 2 +- + auparse/interpret.c | 6 ++-- + src/auditctl.c | 6 ++-- + src/aureport-options.c | 4 +-- + src/aureport-output.c | 2 +- + src/ausearch-options.c | 36 +++++++++---------- + src/ausearch-parse.c | 2 +- + tools/ausyscall/ausyscall.c | 4 +-- + 12 files changed, 37 insertions(+), 37 deletions(-) + +diff --git a/audisp/plugins/af_unix/audisp-af_unix.c b/audisp/plugins/af_unix/audisp-af_unix.c +index ffcc7603..ffbf2ac0 100644 +--- a/audisp/plugins/af_unix/audisp-af_unix.c ++++ b/audisp/plugins/af_unix/audisp-af_unix.c +@@ -126,7 +126,7 @@ int setup_socket(int argc, char *argv) + } else { + int i; + for (i=1; i < 3; i++) { +- if (isdigit(argvi0)) { ++ if (isdigit((unsigned char)argvi0)) { + errno = 0; + mode = strtoul(argvi, NULL, 8); + if (errno) { +diff --git a/audisp/plugins/ids/ids_config.c b/audisp/plugins/ids/ids_config.c +index 4da5ca93..f773794a 100644 +--- a/audisp/plugins/ids/ids_config.c ++++ b/audisp/plugins/ids/ids_config.c +@@ -345,7 +345,7 @@ static int unsigned_int_parser(struct nv_pair *nv, int line, unsigned int *val) + + /* check that all chars are numbers */ + for (i=0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + syslog(LOG_ERR, + "Value %s should only be numbers - line %d", + nv->value, line); +diff --git a/audisp/plugins/remote/remote-config.c b/audisp/plugins/remote/remote-config.c +index 02b51337..8de7b27f 100644 +--- a/audisp/plugins/remote/remote-config.c ++++ b/audisp/plugins/remote/remote-config.c +@@ -484,7 +484,7 @@ static int parse_uint (const struct nv_pair *nv, int line, unsigned int *valp, + + /* check that all chars are numbers */ + for (i=0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + syslog(LOG_ERR, + "Value %s should only be numbers - line %d", + nv->value, line); +diff --git a/audisp/plugins/zos-remote/zos-remote-config.c b/audisp/plugins/zos-remote/zos-remote-config.c +index b92dc778..2f7e42f5 100644 +--- a/audisp/plugins/zos-remote/zos-remote-config.c ++++ b/audisp/plugins/zos-remote/zos-remote-config.c +@@ -301,7 +301,7 @@ static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c) + + /* check that all chars are numbers */ + for (i = 0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + log_err("Value %s should only be numbers - line %d", nv->value, line); + return 1; + } +@@ -327,7 +327,7 @@ static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c) + + /* check that all chars are numbers */ + for (i = 0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + log_err("Value %s should only be numbers - line %d", nv->value, line); + return 1; + } +@@ -376,7 +376,7 @@ static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c) + + /* check that all chars are numbers */ + for (i = 0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + log_err("Value %s should only be numbers - line %d", nv->value, line); + return 1; + } +diff --git a/auparse/auditd-config.c b/auparse/auditd-config.c +index 9a6a6a71..6e5c86a8 100644 +--- a/auparse/auditd-config.c ++++ b/auparse/auditd-config.c +@@ -340,7 +340,7 @@ static int eoe_timeout_parser(auparse_state_t *au, const char *val, int line, + + /* check that all chars are numbers */ + for (i=0; ptri; i++) { +- if (!isdigit(ptri)) { ++ if (!isdigit((unsigned char)ptri)) { + audit_msg(au, LOG_ERR, + "Value %s should only be numbers - line %d", + val, line); +diff --git a/auparse/interpret.c b/auparse/interpret.c +index f13723b6..77c96468 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -325,7 +325,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode) + static int is_int_string(const char *str) + { + while (*str) { +- if (!isdigit(*str)) ++ if (!isdigit((unsigned char)*str)) + return 0; + str++; + } +@@ -1485,7 +1485,7 @@ static const char *print_success(const char *val) + { + int res; + +- if (isdigit(*val)) { ++ if (isdigit((unsigned char)*val)) { + errno = 0; + res = strtoul(val, NULL, 10); + if (errno) { +@@ -2319,7 +2319,7 @@ static const char *print_fanotify(const char *val) + { + int res; + +- if (isdigit(*val)) { ++ if (isdigit((unsigned char)*val)) { + errno = 0; + res = strtoul(val, NULL, 10); + if (errno) { +diff --git a/src/auditctl.c b/src/auditctl.c +index ccd62bc3..e1ca0f83 100644 +--- a/src/auditctl.c ++++ b/src/auditctl.c +@@ -680,7 +680,7 @@ static int setopt(int count, int lineno, char *vars) + } + break; + case 'r': +- if (optarg && isdigit(optarg0)) { ++ if (optarg && isdigit((unsigned char)optarg0)) { + uint32_t rate; + errno = 0; + rate = strtoul(optarg,NULL,0); +@@ -699,7 +699,7 @@ static int setopt(int count, int lineno, char *vars) + } + break; + case 'b': +- if (optarg && isdigit(optarg0)) { ++ if (optarg && isdigit((unsigned char)optarg0)) { + uint32_t limit; + errno = 0; + limit = strtoul(optarg,NULL,0); +@@ -1134,7 +1134,7 @@ process_keys: + case 2: + #if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME == 1 || \ + HAVE_DECL_AUDIT_STATUS_BACKLOG_WAIT_TIME == 1 +- if (optarg && isdigit(optarg0)) { ++ if (optarg && isdigit((unsigned char)optarg0)) { + uint32_t bwt; + errno = 0; + bwt = strtoul(optarg,NULL,0); +diff --git a/src/aureport-options.c b/src/aureport-options.c +index 203c3880..7480c8a9 100644 +--- a/src/aureport-options.c ++++ b/src/aureport-options.c +@@ -385,7 +385,7 @@ int check_params(int count, char *vars) + // } else { + // UNIMPLEMENTED; + // set_detail(D_SPECIFIC); +-// if (isdigit(optarg0)) { ++// if (isdigit((unsigned char)optarg0)) { + // errno = 0; + // event_id = strtoul(optarg, + // NULL, 10); +@@ -764,7 +764,7 @@ int check_params(int count, char *vars) + retval = -1; + break; + } +- if (isdigit(optarg0)) { ++ if (isdigit((unsigned char)optarg0)) { + errno = 0; + arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10); + if (errno || arg_eoe_timeout == 0) { +diff --git a/src/aureport-output.c b/src/aureport-output.c +index a635d536..27a2ce25 100644 +--- a/src/aureport-output.c ++++ b/src/aureport-output.c +@@ -976,7 +976,7 @@ static void do_user_summary_output(slist *sptr) + long uid; + char name64; + +- if (sn->str0 == '-' || isdigit(sn->str0)) {
View file
_service:tar_scm:backport-lib-cast-to-unsigned-char-for-character-test-functio.patch
Added
@@ -0,0 +1,165 @@ +From 3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Thu, 2 Nov 2023 21:20:40 +0100 +Subject: PATCH lib: cast to unsigned char for character test functions + (#338) + +Passing a value not representable by unsigned char is undefined +behavior. + +Reference:https://github.com/linux-audit/audit-userspace/commit/3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 +Conflict:NA + +--- + lib/libaudit.c | 32 ++++++++++++++++---------------- + lib/lookup_table.c | 2 +- + 2 files changed, 17 insertions(+), 17 deletions(-) + +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 960525a..abcdf4a 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -1031,7 +1031,7 @@ int audit_rule_syscallbyname_data(struct audit_rule_data *rule, + return -2; + nr = audit_name_to_syscall(scall, machine); + if (nr < 0) { +- if (isdigit(scall0)) ++ if (isdigit((unsigned char)scall0)) + nr = strtol(scall, NULL, 0); + } + if (nr >= 0) +@@ -1056,7 +1056,7 @@ int audit_rule_io_uringbyname_data(struct audit_rule_data *rule, + } + nr = audit_name_to_uringop(scall); + if (nr < 0) { +- if (isdigit(scall0)) ++ if (isdigit((unsigned char)scall0)) + nr = strtol(scall, NULL, 0); + } + if (nr >= 0) +@@ -1585,11 +1585,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + case AUDIT_OBJ_UID: + // Do positive & negative separate for 32 bit systems + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else { +@@ -1609,7 +1609,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + case AUDIT_SGID: + case AUDIT_FSGID: + case AUDIT_OBJ_GID: +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else { +@@ -1625,11 +1625,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + if (flags != AUDIT_FILTER_EXIT) + return -EAU_EXITONLY; + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else { +@@ -1644,7 +1644,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + flags != AUDIT_FILTER_USER) + return -EAU_MSGTYPEEXCLUDEUSER; + +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else +@@ -1715,7 +1715,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_ARCHMISPLACED; + if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) + return -EAU_OPEQNOTEQ; +- if (isdigit((char)*(v))) { ++ if (isdigit((unsigned char)*(v))) { + int machine; + + errno = 0; +@@ -1757,7 +1757,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_STRTOOLONG; + + for (i = 0; i < len; i++) { +- switch (tolower(vi)) { ++ switch (tolower((unsigned char)vi)) { + case 'r': + val |= AUDIT_PERM_READ; + break; +@@ -1791,7 +1791,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_FIELDUNAVAIL; + if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) + return -EAU_OPEQNOTEQ; +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else +@@ -1804,11 +1804,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + break; + case AUDIT_ARG0...AUDIT_ARG3: + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else +@@ -1824,11 +1824,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + return -EAU_FIELDNOFILTER; + // Do positive & negative separate for 32 bit systems + vlen = strlen(v); +- if (isdigit((char)*(v))) ++ if (isdigit((unsigned char)*(v))) + rule->valuesrule->field_count = + strtoul(v, NULL, 0); + else if (vlen >= 2 && *(v)=='-' && +- (isdigit((char)*(v+1)))) ++ (isdigit((unsigned char)*(v+1)))) + rule->valuesrule->field_count = + strtol(v, NULL, 0); + else if (strcmp(v, "unset") == 0) +@@ -1854,7 +1854,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, + if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT)) + return -EAU_EXITONLY; + +- if (!isdigit((char)*(v))) ++ if (!isdigit((unsigned char)*(v))) + return -EAU_FIELDVALNUM; + + if (field == AUDIT_INODE) +diff --git a/lib/lookup_table.c b/lib/lookup_table.c +index 2f5e6cd..d839205 100644 +--- a/lib/lookup_table.c ++++ b/lib/lookup_table.c +@@ -255,7 +255,7 @@ int audit_name_to_msg_type(const char *msg_type) + strncpy(buf, msg_type + 8, len); + errno = 0; + return strtol(buf, NULL, 10); +- } else if (isdigit(*msg_type)) { ++ } else if (isdigit((unsigned char)*msg_type)) { + errno = 0; + return strtol(msg_type, NULL, 10); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch
Added
@@ -0,0 +1,35 @@ +From 3f928b21486369c495d9eaca46eb9d506ae576b3 Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Wed, 1 Nov 2023 20:35:40 +0100 +Subject: PATCH lib: close audit socket in load_feature_bitmap() (#334) + + +Reference:https://github.com/linux-audit/audit-userspace/commit/3f928b21486369c495d9eaca46eb9d506ae576b3 +Conflict:NA + +--- + lib/libaudit.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/libaudit.c b/lib/libaudit.c +index ded3ab47..4c317c87 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -657,12 +657,14 @@ static void load_feature_bitmap(void) + + /* Found it... */ + features_bitmap = rep.status->feature_bitmap; ++ audit_close(fd); + return; + } + } + } + #endif + features_bitmap = AUDIT_FEATURES_UNSUPPORTED; ++ audit_close(fd); + } + + uint32_t audit_get_features(void) +-- +2.33.0 +
View file
_service:tar_scm:backport-lib-enclose-macro-to-avoid-precedence-issues.patch
Added
@@ -0,0 +1,29 @@ +From e97c79260a2e7bdbf02c5162b0c40451c9555111 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Tue, 31 Oct 2023 16:49:10 +0100 +Subject: PATCH lib: enclose macro to avoid precedence issues + + +Reference:https://github.com/linux-audit/audit-userspace/commit/e97c79260a2e7bdbf02c5162b0c40451c9555111 +Conflict:NA + +--- + lib/audit_logging.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/audit_logging.c b/lib/audit_logging.c +index 8b8b6207..e8b79d3e 100644 +--- a/lib/audit_logging.c ++++ b/lib/audit_logging.c +@@ -38,7 +38,7 @@ + #include "private.h" + + #define TTY_PATH 32 +-#define MAX_USER (UT_NAMESIZE * 2) + 8 ++#define MAX_USER ((UT_NAMESIZE * 2) + 8) + + // NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore, + // these routines do not need to send them. +-- +2.33.0 +
View file
_service:tar_scm:backport-memory-allocation-updates-341.patch
Added
@@ -0,0 +1,56 @@ +From b92027ac9e29659483a5e920e548fe74126f72af Mon Sep 17 00:00:00 2001 +From: cgzones <cgzones@googlemail.com> +Date: Wed, 1 Nov 2023 22:15:40 +0100 +Subject: PATCH memory allocation updates (#341) + +* Check memory allocation + +Avoid later NULL dereference. + +* Check memory allocation and merge zeroing + +Avoid later NULL dereference. + +Reference:https://github.com/linux-audit/audit-userspace/commit/b92027ac9e29659483a5e920e548fe74126f72af +Conflict:NA + +--- + auparse/interpret.c | 2 ++ + lib/libaudit.c | 7 +++++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/auparse/interpret.c b/auparse/interpret.c +index ecde07ae..76ca2814 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -366,6 +366,8 @@ char *au_unescape(char *buf) + // strlen(buf) / 2. + olen = strlen(buf); + str = malloc(olen+1); ++ if (!str) ++ return NULL; + + saved = *ptr; + *ptr = 0; +diff --git a/lib/libaudit.c b/lib/libaudit.c +index 6a42871b..d90d83b8 100644 +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -891,9 +891,12 @@ int audit_make_equivalent(int fd, const char *mount_point, + struct { + uint32_t sizes2; + unsigned char buf; +- } *cmd = malloc(sizeof(*cmd) + len1 + len2); ++ } *cmd = calloc(1, sizeof(*cmd) + len1 + len2); + +- memset(cmd, 0, sizeof(*cmd) + len1 + len2); ++ if (!cmd) { ++ audit_msg(LOG_ERR, "Cannot allocate memory!"); ++ return -ENOMEM; ++ } + + cmd->sizes0 = len1; + cmd->sizes1 = len2; +-- +2.33.0 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/audit.git</param> - <param name="revision">master</param> + <param name="revision">openEuler-24.09</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2