backport patches to fix bugs
Signed-off-by: xuraoqing <xuraoqing@huawei.com>
This commit is contained in:
xuraoqing
parent
f517345409
commit
3df60ccaad
@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing
|
|||||||
Name: audit
|
Name: audit
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 3.1.2
|
Version: 3.1.2
|
||||||
Release: 7
|
Release: 8
|
||||||
License: GPLv2+ and LGPLv2+
|
License: GPLv2+ and LGPLv2+
|
||||||
URL: https://people.redhat.com/sgrubb/audit/
|
URL: https://people.redhat.com/sgrubb/audit/
|
||||||
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
||||||
@ -45,6 +45,8 @@ Patch33: backport-Fix-memory-leaks.patch
|
|||||||
Patch34: backport-fix-one-more-leak.patch
|
Patch34: backport-fix-one-more-leak.patch
|
||||||
Patch35: backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
|
Patch35: backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
|
||||||
Patch36: backport-ausearch-format-Fix-display-of-renamed-file-411.patch
|
Patch36: backport-ausearch-format-Fix-display-of-renamed-file-411.patch
|
||||||
|
Patch37: backport-Fix-a-maybe-uninitialized-warning.patch
|
||||||
|
Patch38: backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch
|
||||||
|
|
||||||
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
|
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
|
||||||
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
|
BuildRequires: openldap-devel krb5-devel libcap-ng-devel
|
||||||
@ -387,6 +389,9 @@ fi
|
|||||||
%attr(644,root,root) %{_mandir}/man8/*.8.gz
|
%attr(644,root,root) %{_mandir}/man8/*.8.gz
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 26 2025 xuraoqing <xuraoqing@huawei.com> - 1:3.1.2-8
|
||||||
|
- backport patches from upstream
|
||||||
|
|
||||||
* Wed Dec 11 2024 wangjiang <app@cameyan.coom> - 1:3.1.2-7
|
* Wed Dec 11 2024 wangjiang <app@cameyan.coom> - 1:3.1.2-7
|
||||||
- backport patches to fix bug
|
- backport patches to fix bug
|
||||||
|
|
||||||
|
|||||||
53
backport-Fix-a-maybe-uninitialized-warning.patch
Normal file
53
backport-Fix-a-maybe-uninitialized-warning.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
From 25d5458a396a07e56f36f651da2c51b528fb293a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Steve Grubb <ausearch.1@gmail.com>
|
||||||
|
Date: Thu, 2 Jan 2025 16:32:34 -0500
|
||||||
|
Subject: [PATCH] Fix a maybe uninitialized warning
|
||||||
|
|
||||||
|
Reference:https://github.com/linux-audit/audit-userspace/commit/25d5458a396a07e56f36f651da2c51b528fb293a
|
||||||
|
Conflict:NA
|
||||||
|
|
||||||
|
---
|
||||||
|
src/ausearch-parse.c | 9 +++------
|
||||||
|
1 file changed, 3 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
|
||||||
|
index e15396d7..68e2b29e 100644
|
||||||
|
--- a/src/ausearch-parse.c
|
||||||
|
+++ b/src/ausearch-parse.c
|
||||||
|
@@ -1556,7 +1556,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
|
||||||
|
if (str) {
|
||||||
|
ptr = str + 5;
|
||||||
|
term = strchr(ptr, ' ');
|
||||||
|
- if (term == NULL)
|
||||||
|
+ if (term == NULL)
|
||||||
|
return 7;
|
||||||
|
saved = *term;
|
||||||
|
*term = 0;
|
||||||
|
@@ -1565,13 +1565,11 @@ static int parse_daemon1(const lnode *n, search_items *s)
|
||||||
|
if (errno)
|
||||||
|
return 8;
|
||||||
|
*term = saved;
|
||||||
|
- } else
|
||||||
|
- term = ptr;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
// ses - optional
|
||||||
|
if (event_session_id != -2) {
|
||||||
|
- ptr = term;
|
||||||
|
str = strstr(term, "ses=");
|
||||||
|
if (str) {
|
||||||
|
ptr = str + 4;
|
||||||
|
@@ -1585,8 +1583,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
|
||||||
|
if (errno)
|
||||||
|
return 10;
|
||||||
|
*term = saved;
|
||||||
|
- } else
|
||||||
|
- term = ptr;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (event_subject) {
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -0,0 +1,43 @@
|
|||||||
|
From f97f0579fafcd9fc58d892699a22ae7ee68aeff3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sergio Correia <scorreia@redhat.com>
|
||||||
|
Date: Mon, 16 Dec 2024 09:06:13 +0000
|
||||||
|
Subject: [PATCH] ausearch-parse: fix parsing for success/uid in
|
||||||
|
parse_daemon1() (#394)
|
||||||
|
|
||||||
|
In parse_daemon1(), we may have the uid= field appear both before and
|
||||||
|
after pid=, which may cause our parsing of it to fail, as we may have
|
||||||
|
skipped past it. For uid=, let us search from the beginning.
|
||||||
|
|
||||||
|
Example for this case:
|
||||||
|
|
||||||
|
type=DAEMON_END msg=audit(1709723032.140:753): op=terminate auid=0 uid=0 ses=8 pid=107086 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=success
|
||||||
|
|
||||||
|
ausearch -if sample.log -a 753 -m DAEMON_END -ui 0 --session 8 -p 107086 --success yes
|
||||||
|
|
||||||
|
Signed-off-by: Sergio Correia <scorreia@redhat.com>
|
||||||
|
|
||||||
|
Reference:https://github.com/linux-audit/audit-userspace/commit/f97f0579fafcd9fc58d892699a22ae7ee68aeff3
|
||||||
|
Conflict:NA
|
||||||
|
|
||||||
|
---
|
||||||
|
src/ausearch-parse.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
|
||||||
|
index 4c9bef0d..e15396d7 100644
|
||||||
|
--- a/src/ausearch-parse.c
|
||||||
|
+++ b/src/ausearch-parse.c
|
||||||
|
@@ -1549,7 +1549,9 @@ static int parse_daemon1(const lnode *n, search_items *s)
|
||||||
|
|
||||||
|
// uid - optional
|
||||||
|
if (event_uid != -1) {
|
||||||
|
- ptr = term;
|
||||||
|
+ // As the uid= field may happen in different orders, e.g. both before
|
||||||
|
+ // and after pid=, let us search for the uid from the beginning.
|
||||||
|
+ term = mptr;
|
||||||
|
str = strstr(term, " uid=");
|
||||||
|
if (str) {
|
||||||
|
ptr = str + 5;
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user