!4 update audit to 2.8.5

Merge pull request !4 from wangchen/wangchen
2020-07-29 18:03:52 +08:00 · 2020-07-29 18:03:52 +08:00 · 1e4dbe51b1
commit 1e4dbe51b1
parent 46b4865a7b 1322107cb8
10 changed files with 19 additions and 532 deletions
--- a/0067-Fix-minor-memory-leak-in-auditd-kerberos-credentials.patch
+++ b/0067-Fix-minor-memory-leak-in-auditd-kerberos-credentials.patch
@ -1,43 +0,0 @@
 From c34481d21c51241e571873627a8da17556e153d2 Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Tue, 22 Jan 2019 08:10:30 +0100
 Subject: [PATCH 67/99] Fix minor memory leak in auditd kerberos credentials
 code
 ---
 src/auditd-listen.c | 11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)
 diff --git a/src/auditd-listen.c b/src/auditd-listen.c
 index 613cae6..bce8ca0 100644
 --- a/src/auditd-listen.c
 +++ b/src/auditd-listen.c
@@ -1107,7 +1107,11 @@ next_try:
 			}
 		}
 -		server_acquire_creds(princ, &server_creds);
 +		if (server_acquire_creds(princ, &server_creds)) {
 +			free(my_service_name);
 +			my_service_name = NULL;
 +			return -1;
 +		}
 	}
 #endif
@@ -1127,8 +1131,11 @@ void auditd_tcp_listen_uninit(struct ev_loop *loop, struct daemon_conf *config)
 	}
 #ifdef USE_GSSAPI
 -	if (USE_GSS)
 +	if (USE_GSS) {
 		gss_release_cred(&status, &server_creds);
 +		free(my_service_name);
 +		my_service_name = NULL;
 +	}
 #endif
 	while (client_chain) {
 -- 
 1.8.3.1
--- a/Fix-a-couple-more-fuzzer-induced-bugs.patch
+++ b/Fix-a-couple-more-fuzzer-induced-bugs.patch
@ -1,43 +0,0 @@
 From bbbebbef926376a7bec116a2cc3aadd86af75bb4 Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Sat, 15 Dec 2018 14:12:56 -0500
 Subject: [PATCH 209/217] Fix a couple more fuzzer induced bugs
 ---
 src/ausearch-parse.c | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
 index 44499c7..311f699 100644
 --- a/src/ausearch-parse.c
 +++ b/src/ausearch-parse.c
@@ -603,6 +603,8 @@ static int parse_syscall(lnode *n, search_items *s)
 				if (s->key) {
 					char *saved;
 					char *keyptr = unescape(str);
 +					if (keyptr == NULL)
 +						return 45;
 					char *kptr = strtok_r(keyptr,
 							key_sep, &saved);
 					while (kptr) {
@@ -1599,6 +1601,8 @@ static int parse_sockaddr(const lnode *n, search_items *s)
 			str += 6;
 			len = strlen(str)/2;
 			s->hostname = unescape(str);
 +			if (s->hostname == NULL)
 +				return 4;
 			saddr = (struct sockaddr *)s->hostname;
 			if (saddr->sa_family == AF_INET) {
 				if (len < sizeof(struct sockaddr_in)) {
@@ -2300,6 +2304,8 @@ static int parse_simple_message(const lnode *n, search_items *s)
 				if (s->key) {
 					char *saved;
 					char *keyptr = unescape(ptr);
 +					if (keyptr == NULL)
 +						return 8;
 					char *kptr = strtok_r(keyptr,
 						key_sep, &saved);
 					while (kptr) {
 -- 
 1.8.3.1
--- a/Fix-memory-leak-when-logs-are-corrupted.patch
+++ b/Fix-memory-leak-when-logs-are-corrupted.patch
@ -1,29 +0,0 @@
 From cc434ad723bba5c7da4d8e440130f55a9437961c Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Sat, 15 Dec 2018 09:55:29 -0500
 Subject: [PATCH 206/217] Fix memory leak when logs are corrupted
 ---
 auparse/ellist.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/auparse/ellist.c b/auparse/ellist.c
 index 90a0524..fd45fac 100644
 --- a/auparse/ellist.c
 +++ b/auparse/ellist.c
@@ -331,8 +331,11 @@ int aup_list_append(event_list_t *l, char *record, int list_idx,
 	// Then parse the record up into nvlist
 	rc = parse_up_record(r);
 -	if (r->cwd)
 +	if (r->cwd) {
 +		// Should never be 2 cwd records unless log is corrupted
 +		free(l->cwd);
 		l->cwd = r->cwd;
 +	}
 	return rc;
 }
 -- 
 1.8.3.1
--- a/More-fuzzer-induced-bug-fixes.patch
+++ b/More-fuzzer-induced-bug-fixes.patch
@ -1,56 +0,0 @@
 From c218a04655b2426b46d303d711863f9038f15917 Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Sat, 15 Dec 2018 14:58:31 -0500
 Subject: [PATCH 210/217] More fuzzer induced bug fixes
 ---
 auparse/normalize.c  | 10 +++++-----
 src/ausearch-parse.c |  4 +++-
 2 files changed, 8 insertions(+), 6 deletions(-)
 diff --git a/auparse/normalize.c b/auparse/normalize.c
 index 45d8821..5f15712 100644
 --- a/auparse/normalize.c
 +++ b/auparse/normalize.c
@@ -44,11 +44,11 @@
  * Both record and field are 0 based. Simple records are always 0. Compound
  * records start at 0 and go up.
  */
 -#define UNSET 0xFFFF
 -#define get_record(y) ((y >> 16) & 0x0000FFFF)
 -#define set_record(y, x) (((x & 0x0000FFFF) << 16) | (y & 0x0000FFFF))
 -#define get_field(y) (y & 0x0000FFFF)
 -#define set_field(y, x) ((y & 0xFFFF0000) | (x & 0x0000FFFF))
 +#define UNSET 0xFFFFU
 +#define get_record(y) ((y >> 16) & 0x0000FFFFU)
 +#define set_record(y, x) (((x & 0x0000FFFFU) << 16) | (y & 0x0000FFFFU))
 +#define get_field(y) (y & 0x0000FFFFU)
 +#define set_field(y, x) ((y & 0xFFFF0000U) | (x & 0x0000FFFFU))
 #define is_unset(y) (get_record(y) == UNSET)
 #define D au->norm_data
 diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
 index 311f699..cc2a06c 100644
 --- a/src/ausearch-parse.c
 +++ b/src/ausearch-parse.c
@@ -40,7 +40,7 @@
 #include "ausearch-parse.h"
 #include "auparse-idata.h"
 -#define NAME_OFFSET 36
 +#define NAME_OFFSET 28
 static const char key_sep[2] = { AUDIT_KEY_SEPARATOR, 0 };
 static int parse_task_info(lnode *n, search_items *s);
@@ -714,6 +714,8 @@ static int common_path_parser(search_items *s, char *path)
 				sn.str = unescape(path);
 				*term = ' ';
 			}
 +			if (sn.str == NULL)
 +				return 7;
 			// Attempt to rebuild path if relative
 			if ((sn.str[0] == '.') && ((sn.str[1] == '.') ||
 				(sn.str[1] == '/')) && s->cwd) {
 -- 
 1.8.3.1
--- a/Port-af_unix-plugin-to-libev.patch
+++ b/Port-af_unix-plugin-to-libev.patch
@ -1,279 +0,0 @@
 From 6d6c65e8e374ce31037e20b1cdc314808efd0e3c Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Sat, 24 Nov 2018 10:06:08 -0500
 Subject: [PATCH] Port af_unix plugin to libev
 ---
 audisp/Makefile.am        |  3 ++-
 audisp/audispd-builtins.c | 42 +++++++++++++++++++++++++++++++--------
 audisp/audispd-builtins.h |  9 ++-------
 audisp/audispd.c          | 38 -----------------------------------
 src/auditd.c              | 18 ++++++++---------
 5 files changed, 47 insertions(+), 63 deletions(-)
 diff --git a/audisp/Makefile.am b/audisp/Makefile.am
 index 5aa1d09..852169e 100644
 --- a/audisp/Makefile.am
 +++ b/audisp/Makefile.am
@@ -22,7 +22,7 @@
 SUBDIRS = plugins 
 CONFIG_CLEAN_FILES = *.rej *.orig
 -AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src
 +AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src -I${top_srcdir}/src/libev
 LIBS = -L${top_builddir}/lib -laudit 
 LDADD = -lpthread
@@ -30,5 +30,6 @@ noinst_HEADERS = audispd-pconfig.h audispd-llist.h audispd-config.h \
 	queue.h audispd-builtins.h libdisp.h
 libdisp_a_SOURCES = audispd.c audispd-pconfig.c queue.c \
 	audispd-llist.c audispd-builtins.c
 +libdisp_a_CFLAGS = -fno-strict-aliasing
 noinst_LIBRARIES = libdisp.a
 diff --git a/audisp/audispd-builtins.c b/audisp/audispd-builtins.c
 index 1fbe680..024faec 100644
 --- a/audisp/audispd-builtins.c
 +++ b/audisp/audispd-builtins.c
@@ -1,6 +1,6 @@
 /*
 * audispd-builtins.c - some common builtin plugins
 -* Copyright (c) 2007,2010,2013 Red Hat Inc., Durham, North Carolina.
 +* Copyright (c) 2007,2010,2013,2018 Red Hat Inc., Durham, North Carolina.
 * All Rights Reserved. 
 *
 * This software may be freely redistributed and/or modified under the
@@ -35,12 +35,17 @@
 #include <sys/uio.h> // writev
 #include <fcntl.h>
 #include <stdio.h>
 +#include "ev.h"
 #include "audispd-pconfig.h"
 #include "audispd-builtins.h"
 +// Global data
 +extern struct ev_loop *loop;
 +
 // Local data
 static volatile int sock = -1, conn = -1;
 static char *path = NULL;
 +static struct ev_io af_unix_watcher;
 // Local prototypes
 static void init_af_unix(const plugin_conf_t *conf);
@@ -63,21 +68,37 @@ void stop_builtin(plugin_conf_t *conf)
 		syslog(LOG_ERR, "Unknown builtin %s", conf->path);
 }
 -static void af_unix_accept(int fd)
 +static int watching = 0;
 +static void stop_watching(void)
 +{
 +	if (watching) {
 +		ev_io_stop(loop, &af_unix_watcher);
 +		watching = 0;
 +	}
 +}
 +
 +static void af_unix_accept(struct ev_loop *l, struct ev_io *_io, int revents)
 {
 	int cmd;
 	do {
 -		conn = accept(fd, NULL, NULL);
 +		conn = accept(_io->fd, NULL, NULL);
 	} while (conn < 0 && errno == EINTR);
 	// De-register since this is intended to be one listener
 	if (conn >= 0)
 -		remove_event(fd);
 +		stop_watching();
 	cmd = fcntl(conn, F_GETFD);
 	fcntl(conn, F_SETFD, cmd|FD_CLOEXEC);
 }
 +static void start_watching(void)
 +{
 +	ev_io_init(&af_unix_watcher, af_unix_accept, sock, EV_READ);
 +	ev_io_start(loop, &af_unix_watcher);
 +	watching = 1;
 +}
 +
 static int create_af_unix_socket(const char *path, int mode)
 {
 	struct sockaddr_un addr;
@@ -122,8 +143,8 @@ static int create_af_unix_socket(const char *path, int mode)
 	// Make socket listening...won't block
 	(void)listen(sock, 5);
 -	// Register socket with poll
 -	add_event(sock, af_unix_accept);
 +	// Register socket with libev
 +	start_watching();
 	return 0;
 }
@@ -213,7 +234,8 @@ void send_af_unix_string(const char *s, unsigned int len)
 		if (rc < 0 && errno == EPIPE) {
 			close(conn);
 			conn = -1;
 -			add_event(sock, af_unix_accept);
 +			stop_watching();
 +			start_watching();
 		}
 	} 
 }
@@ -237,7 +259,8 @@ void send_af_unix_binary(event_t *e)
 		if (rc < 0 && errno == EPIPE) {
 			close(conn);
 			conn = -1;
 -			add_event(sock, af_unix_accept);
 +			stop_watching();
 +			start_watching();
 		}
 	} 
 }
@@ -250,10 +273,13 @@ void destroy_af_unix(void)
 		conn = -1;
 		did_something = 1;
 	}
 +	stop_watching();
 	if (sock >= 0) {
 +
 		close(sock);
 		sock = -1;
 		did_something = 1;
 +		
 	}
 	if (path) {
 		unlink(path);
 diff --git a/audisp/audispd-builtins.h b/audisp/audispd-builtins.h
 index 2083775..2d344ea 100644
 --- a/audisp/audispd-builtins.h
 +++ b/audisp/audispd-builtins.h
@@ -1,6 +1,6 @@
 /*
 -* audispd-builtins.h - Minimal linked list library
 -* Copyright (c) 2007,2013 Red Hat Inc., Durham, North Carolina.
 +* audispd-builtins.h - Interface to builtin plugins
 +* Copyright (c) 2007,2013,2018 Red Hat Inc., Durham, North Carolina.
 * All Rights Reserved. 
 *
 * This software may be freely redistributed and/or modified under the
@@ -33,10 +33,5 @@ void send_af_unix_string(const char *s, unsigned int len);
 void send_af_unix_binary(event_t *e);
 void destroy_af_unix(void);
 -typedef void (*poll_callback_ptr)(int fd);
 -int add_event(int fd, poll_callback_ptr cb);
 -int remove_event(int fd);
 -
 -
 #endif
 diff --git a/audisp/audispd.c b/audisp/audispd.c
 index e9584b7..9c3a118 100644
 --- a/audisp/audispd.c
 +++ b/audisp/audispd.c
@@ -31,7 +31,6 @@
 #include <pthread.h>
 #include <dirent.h>
 #include <fcntl.h>
 -#include <sys/poll.h>
 #include <netdb.h>
 #include <arpa/inet.h>
 #include <limits.h>
@@ -578,43 +577,6 @@ static int event_loop(void)
 		return 1;
 }
 -static struct pollfd pfd[4];
 -static poll_callback_ptr pfd_cb[4];
 -static volatile int pfd_cnt=0;
 -int add_event(int fd, poll_callback_ptr cb)
 -{
 -	if (pfd_cnt > 3)
 -		return -1;
 -
 -	pfd[pfd_cnt].fd = fd;
 -	pfd[pfd_cnt].events = POLLIN;
 -	pfd[pfd_cnt].revents = 0;
 -	pfd_cb[pfd_cnt] = cb;
 -	pfd_cnt++;
 -	return 0;
 -}
 -
 -int remove_event(int fd)
 -{
 -	int start, i;
 -	if (pfd_cnt == 0)
 -		return -1;
 -
 -	for (start=0; start < pfd_cnt; start++) {
 -		if (pfd[start].fd == fd)
 -			break;
 -	}
 -	for (i=start; i<(pfd_cnt-1); i++) {
 -		pfd[i].events = pfd[i+1].events;
 -		pfd[i].revents = pfd[i+1].revents;
 -		pfd[i].fd = pfd[i+1].fd;
 -		pfd_cb[i] = pfd_cb[i+1];
 -	}
 -
 -	pfd_cnt--;
 -	return 0;
 -}
 -
 /* returns > 0 if plugins and 0 if none */
 int libdisp_active(void)
 {
 diff --git a/src/auditd.c b/src/auditd.c
 index bd7e3b8..22bdc9b 100644
 --- a/src/auditd.c
 +++ b/src/auditd.c
@@ -581,6 +581,7 @@ static void close_pipes(void)
 	close(pipefds[1]);
 }
 +struct ev_loop *loop;
 int main(int argc, char *argv[])
 {
 	struct sigaction sa;
@@ -598,7 +599,6 @@ int main(int argc, char *argv[])
 	enum startup_state opt_startup = startup_enable;
 	extern char *optarg;
 	extern int optind;
 -	struct ev_loop *loop;
 	struct ev_io netlink_watcher;
 	struct ev_io pipe_watcher;
 	struct ev_signal sigterm_watcher;
@@ -749,14 +749,6 @@ int main(int argc, char *argv[])
 		return 1;
 	}
 -	if (init_dispatcher(&config)) {
 -		if (pidfile)
 -			unlink(pidfile);
 -		tell_parent(FAILURE);
 -		free_config(&config);
 -		return 1;
 -	}
 -
 	/* Get machine name ready for use */
 	if (resolve_node(&config)) {
 		if (pidfile)
@@ -892,6 +884,14 @@ int main(int argc, char *argv[])
 	/* Depending on value of opt_startup (-s) set initial audit state */
 	loop = ev_default_loop (EVFLAG_NOENV);
 +	if (init_dispatcher(&config)) {
 +		if (pidfile)
 +			unlink(pidfile);
 +		tell_parent(FAILURE);
 +		free_config(&config);
 +		return 1;
 +	}
 +
 	if (!opt_aggregate_only) {
 		ev_io_init (&netlink_watcher, netlink_handler, fd, EV_READ);
 		ev_io_start (loop, &netlink_watcher);
--- a/audit-2.8.5.tar.gz
+++ b/audit-2.8.5.tar.gz
--- a/audit-3.0-alpha5.tar.gz
+++ b/audit-3.0-alpha5.tar.gz
--- a/audit.spec
+++ b/audit.spec
@ -2,25 +2,17 @@
 Summary:            User space tools for kernel auditing
 Name:               audit
-Version:            3.0
+Version:            2.8.5
-Release:            5
+Release:            1
 License:            GPLv2+ and LGPLv2+
-URL:                http://people.redhat.com/sgrubb/audit/
+URL:                https://people.redhat.com/sgrubb/audit/
-Source0:            http://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha5.tar.gz
+Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source1:            https://www.gnu.org/licenses/lgpl-2.1.txt
-Patch6000:          bindings-swig-src-auditswig.i-Do-not-hardcode-the-pa.patch
+Patch0:          Fix-memleak-in-auparse-caused-by-corrected-event-ordering.patch
-Patch6001:          Fix-memory-leak-when-logs-are-corrupted.patch
+Patch1:          bugfix-audit-support-armv7b.patch
-Patch6002:          fix-out-of-bound-read-on-shutdown.patch
+Patch2:          bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
-Patch6003:          Fix-a-couple-more-fuzzer-induced-bugs.patch
+Patch3:          bugfix-audit-reload-coredump.patch
 Patch6004:          More-fuzzer-induced-bug-fixes.patch
 Patch6005:          Fix-memleak-in-auparse-caused-by-corrected-event-ordering.patch
 Patch6006:          Port-af_unix-plugin-to-libev.patch
 Patch6007:          0067-Fix-minor-memory-leak-in-auditd-kerberos-credentials.patch
 Patch9000:          bugfix-audit-support-armv7b.patch
 Patch9001:          bugfix-audit-userspace-missing-syscalls-for-aarm64.patch
 Patch9002:          bugfix-audit-reload-coredump.patch
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@ -74,7 +66,6 @@ License:            LGPLv2+
 Requires:           %{name}%{?_isa} = %{version}-%{release}
 Requires:           kernel-headers >= 2.6.29
 Provides:           audit-libs-devel audit-libs-static
 Obsoletes:          audit-libs-devel audit-libs-static
 %description devel
 The audit-libs-devel package contains the header files needed for developing
@ -196,6 +187,7 @@ fi
 %attr(755,root,root) /sbin/ausearch
 %attr(755,root,root) /sbin/aureport
 %attr(750,root,root) /sbin/autrace
 %attr(755,root,root) /sbin/audispd
 %attr(755,root,root) /sbin/augenrules
 %attr(755,root,root) %{_bindir}/aulast
 %attr(755,root,root) %{_bindir}/aulastlog
@ -219,7 +211,8 @@ fi
 %ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
 %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
-%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
 %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
 %files libs
 /%{_lib}/libaudit.so.1*
@ -227,16 +220,15 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/libaudit.conf
 %files -n audispd-plugins
-%config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
-%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
-%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
 %attr(750,root,root) /sbin/audisp-remote
 %attr(750,root,root) /sbin/audisp-syslog
 %attr(700,root,root) %dir %{_var}/spool/audit
 %files -n audispd-plugins-zos
-%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
-%config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
 %attr(750,root,root) /sbin/audispd-zos-remote
 %files devel
@ -276,6 +268,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 %changelog
 * Wed Jul 29 2020 wangchen <wangchen137@huawei.com> - 2.8.5-1
 - revert to 2.8.5
 * Wed Jan 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.0-5
 - add subpackages
--- a/bindings-swig-src-auditswig.i-Do-not-hardcode-the-pa.patch
+++ b/bindings-swig-src-auditswig.i-Do-not-hardcode-the-pa.patch
@ -1,33 +0,0 @@
 From 5d206ce4ac545595170d1ed1490d4824b442bd19 Mon Sep 17 00:00:00 2001
 From: Helmut Grohne <helmut@subdivi.de>
 Date: Mon, 1 Oct 2018 07:48:54 +0200
 Subject: [PATCH 177/217] bindings/swig/src/auditswig.i: Do not hardcode the
 path of stdint.h
 auditswig.i hard codes the path to stdint.h. That will fail to work with
 non-glibc libcs and after moving glibc's headers (#798955). The path is
 hard coded, because swig's %include does not search the standard header
 search path. Rather than using %include here, we can use #include,
 because stdint.h does not declare any functions. Thus swig entirely
 ignores stdint.h and leaves the search to the C compiler.
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909967
 ---
 bindings/swig/src/auditswig.i | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
 index 356a5ab..7ebb373 100644
 --- a/bindings/swig/src/auditswig.i
 +++ b/bindings/swig/src/auditswig.i
@@ -41,6 +41,6 @@ typedef unsigned __u32;
 typedef unsigned uid_t;
 %include "/usr/include/linux/audit.h"
 #define __extension__ /*nothing*/
 -%include "/usr/include/stdint.h"
 +#include <stdint.h>
 %include "../lib/libaudit.h"
 -- 
 1.8.3.1
--- a/fix-out-of-bound-read-on-shutdown.patch
+++ b/fix-out-of-bound-read-on-shutdown.patch
@ -1,25 +0,0 @@
 From 5b62b99bcdba4bf9cc3c03a0ffc26d6b9b7a56ce Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Sat, 15 Dec 2018 13:35:29 -0500
 Subject: [PATCH 208/217] fix out of bound read on shutdown
 ---
 src/auditd-listen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/auditd-listen.c b/src/auditd-listen.c
 index 9db5f35..a2560ad 100644
 --- a/src/auditd-listen.c
 +++ b/src/auditd-listen.c
@@ -1118,7 +1118,7 @@ 
 #endif
 	ev_io_stop(loop, &tcp_listen_watcher);
 -	while (nlsocks >= 0) {
 +	while (nlsocks > 0) {
 		nlsocks--;
 		close(listen_socket[nlsocks]);
 	}
 --
 1.8.3.1