packages/audit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!120 [sync] PR-119: backport patches from upstream

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2024-06-12 03:49:28 +00:00 committed by Gitee
commit 43198023d9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 477 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
audit.spec
View File

@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing
Name: audit Name: audit
Epoch: 1 Epoch: 1
Version: 3.1.2 Version: 3.1.2
Release: 3 Release: 4
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: https://people.redhat.com/sgrubb/audit/ URL: https://people.redhat.com/sgrubb/audit/
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -26,6 +26,12 @@ Patch14: backport-avoiding-of-NULL-pointers-dereference-366.patch
Patch15: backport-Cleanup-code-in-LRU.patch Patch15: backport-Cleanup-code-in-LRU.patch
Patch16: backport-Fix-memory-leaks.patch Patch16: backport-Fix-memory-leaks.patch
Patch17: backport-fix-one-more-leak.patch Patch17: backport-fix-one-more-leak.patch
Patch18: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch
Patch19: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch
Patch20: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch
Patch21: backport-Fix-deprecated-python-function.patch
Patch22: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch
Patch23: backport-Cleanup-shell-script-warnings.patch
BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29
BuildRequires: openldap-devel krb5-devel libcap-ng-devel BuildRequires: openldap-devel krb5-devel libcap-ng-devel
@ -369,6 +375,9 @@ fi
%attr(644,root,root) %{_mandir}/man8/*.8.gz %attr(644,root,root) %{_mandir}/man8/*.8.gz
%changelog %changelog
* Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1:3.1.2-4
- backport patches from upstream
* Tue May 28 2024 xuraoqing<xuraoqing@huawei.com> - 1:3.1.2-3 * Tue May 28 2024 xuraoqing<xuraoqing@huawei.com> - 1:3.1.2-3
- backport patches to fix bugs - backport patches to fix bugs

30
backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch Normal file
View File

@ -0,0 +1,30 @@
From cd7599210fe398360ddb81c0c2453a085d408089 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Mon, 19 Feb 2024 10:50:42 -0500
Subject: [PATCH] Change python bindings to switch from PyEval_CallObject on
3.12 and later to silence warning
Reference:https://github.com/linux-audit/audit-userspace/commit/cd7599210fe398360ddb81c0c2453a085d408089
Conflict:NA
---
bindings/python/auparse_python.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c
index 99d37cca..9ab919b3 100644
--- a/bindings/python/auparse_python.c
+++ b/bindings/python/auparse_python.c
@@ -290,7 +290,7 @@ static void auparse_callback(auparse_state_t *au,
if (debug) printf("<< auparse_callback\n");
arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type,
cb->user_data);
-#if PY_MINOR_VERSION >= 13
+#if PY_MINOR_VERSION >= 12
result = PyObject_CallObject(cb->func, arglist);
#else
result = PyEval_CallObject(cb->func, arglist);
--
2.33.0

107
backport-Cleanup-shell-script-warnings.patch Normal file
View File

@ -0,0 +1,107 @@
From 79c1212ff38254a961c27d8eb10bc766e412ffe9 Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Fri, 23 Feb 2024 12:26:05 -0500
Subject: [PATCH] Cleanup shell script warnings
Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9
Conflict:init.d/augenrules, init.d/auditd.state
---
init.d/auditd.reload | 2 +-
init.d/auditd.resume | 2 +-
init.d/auditd.rotate | 2 +-
init.d/auditd.state | 6 +++---
init.d/auditd.stop | 2 +-
init.d/augenrules | 4 ++--
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/init.d/auditd.reload b/init.d/auditd.reload
index 6db1bd74..b42fa6bf 100644
--- a/init.d/auditd.reload
+++ b/init.d/auditd.reload
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/auditd.resume b/init.d/auditd.resume
index 96189eb6..8193bea9 100644
--- a/init.d/auditd.resume
+++ b/init.d/auditd.resume
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
index dcb12c26..8bb65530 100644
--- a/init.d/auditd.rotate
+++ b/init.d/auditd.rotate
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/auditd.state b/init.d/auditd.state
index 6ae0845a..c59fe5a6 100644
--- a/init.d/auditd.state
+++ b/init.d/auditd.state
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
@@ -15,7 +15,7 @@ killproc $prog -CONT
RETVAL=$?
echo -e "\n"
sleep 1
-if [ $? -eq 0 ] ; then
+if [ $RETVAL -eq 0 ] ; then
if [ -e $state_file ] ; then
cat $state_file
fi
diff --git a/init.d/auditd.stop b/init.d/auditd.stop
index 4cfe88b1..79e53a59 100644
--- a/init.d/auditd.stop
+++ b/init.d/auditd.stop
@@ -3,7 +3,7 @@
# directly supported by systemd
# Check that we are root ... so non-root users stop here
-test $(id -u) = 0 || exit 4
+test "$(id -u)" = "0" || exit 4
PATH=/sbin:/bin:/usr/bin:/usr/sbin
prog="auditd"
diff --git a/init.d/augenrules b/init.d/augenrules
index be6c9f5c..8c1a670b 100644
--- a/init.d/augenrules
+++ b/init.d/augenrules
@@ -35,7 +35,7 @@ RETVAL=0
usage="Usage: $0 [--check|--load]"
# Delete the interim file on faults
-trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15
+trap 'rm -f ${TmpRules}; exit 1' HUP INT QUIT PIPE TERM
try_load() {
if [ $LoadRules -eq 1 ] ; then
--
2.33.0

143
backport-Consolidate-end-of-event-detection-to-a-common-funct.patch Normal file
View File

@ -0,0 +1,143 @@
From 6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Sat, 26 Aug 2023 08:52:25 -0400
Subject: [PATCH] Consolidate end of event detection to a common function
Reference:https://github.com/linux-audit/audit-userspace/commit/6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed
Conflict:ChangeLog
---
auparse/auparse.c | 9 +--------
common/Makefile.am | 2 +-
common/common.c | 43 +++++++++++++++++++++++++++++++++++++++++++
common/common.h | 3 ++-
src/ausearch-lol.c | 9 ++-------
5 files changed, 49 insertions(+), 17 deletions(-)
create mode 100644 common/common.c
diff --git a/auparse/auparse.c b/auparse/auparse.c
index 6f3fb945..359b1875 100644
--- a/auparse/auparse.c
+++ b/auparse/auparse.c
@@ -309,14 +309,7 @@ static void au_check_events(auparse_state_t *au, time_t sec)
if (cur->l->e.sec + eoe_timeout <= sec) {
cur->status = EBS_COMPLETE;
au->au_ready++;
- } else if ( // FIXME: Check this v remains true
- r->type == AUDIT_PROCTITLE ||
- r->type == AUDIT_EOE ||
- r->type < AUDIT_FIRST_EVENT ||
- r->type >= AUDIT_FIRST_ANOM_MSG ||
- r->type == AUDIT_KERNEL ||
- (r->type >= AUDIT_MAC_UNLBL_ALLOW &&
- r->type <= AUDIT_MAC_CALIPSO_DEL)) {
+ } else if (audit_is_last_record(r->type)) {
// If known to be 1 record event, we are done
cur->status = EBS_COMPLETE;
au->au_ready++;
diff --git a/common/Makefile.am b/common/Makefile.am
index dbf0f76c..9738ee87 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -27,6 +27,6 @@ AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib
noinst_HEADERS = common.h
libaucommon_la_DEPENDENCIES = ../config.h
-libaucommon_la_SOURCES = audit-fgets.c strsplit.c
+libaucommon_la_SOURCES = audit-fgets.c strsplit.c common.c
noinst_LTLIBRARIES = libaucommon.la
diff --git a/common/common.c b/common/common.c
new file mode 100644
index 00000000..cbfa46cb
--- /dev/null
+++ b/common/common.c
@@ -0,0 +1,43 @@
+/* common.c --
+ * Copyright 2023 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Authors:
+ * Steve Grubb <sgrubb@redhat.com>
+ */
+
+#include "libaudit.h"
+#include "common.h"
+
+/*
+ * This function returns 1 if it is the last record in an event.
+ * It returns 0 otherwise.
+ */
+int audit_is_last_record(int type)
+{
+ if (type == AUDIT_PROCTITLE ||
+ type == AUDIT_EOE ||
+ type < AUDIT_FIRST_EVENT ||
+ type >= AUDIT_FIRST_ANOM_MSG ||
+ type == AUDIT_KERNEL ||
+ (type >= AUDIT_MAC_UNLBL_ALLOW &&
+ type <= AUDIT_MAC_CALIPSO_DEL)) {
+ return 1;
+ }
+ return 0;
+}
+
diff --git a/common/common.h b/common/common.h
index 6a5437e9..1db80d4b 100644
--- a/common/common.h
+++ b/common/common.h
@@ -1,5 +1,5 @@
/* audit-fgets.h -- a replacement for glibc's fgets
- * Copyright 2018,2022 Red Hat Inc.
+ * Copyright 2018-23 Red Hat Inc.
* All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
@@ -38,6 +38,7 @@ int audit_fgets(char *buf, size_t blen, int fd)
char *audit_strsplit_r(char *s, char **savedpp);
char *audit_strsplit(char *s);
+int audit_is_last_record(int type);
AUDIT_HIDDEN_END
#endif
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index 4a7e5fdf..9ed39d4f 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -252,16 +252,11 @@ static void check_events(lol *lo, time_t sec)
if (cur->l->e.sec + eoe_timeout <= sec) {
cur->status = L_COMPLETE;
ready++;
- } else if (cur->l->e.type == AUDIT_PROCTITLE ||
- cur->l->e.type < AUDIT_FIRST_EVENT ||
- cur->l->e.type >= AUDIT_FIRST_ANOM_MSG ||
- cur->l->e.type == AUDIT_KERNEL ||
- (cur->l->e.type >= AUDIT_MAC_UNLBL_ALLOW &&
- cur->l->e.type <= AUDIT_MAC_CALIPSO_DEL)) {
+ } else if (audit_is_last_record(cur->l->e.type)) {
// If known to be 1 record event, we are done
cur->status = L_COMPLETE;
ready++;
- }
+ }
}
}
}
--
2.33.0

31
backport-Fix-deprecated-python-function.patch Normal file
View File

@ -0,0 +1,31 @@
From c344a8a370afed66e78db88c2d129f6672dae1e6 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 24 Oct 2023 11:51:04 -0400
Subject: [PATCH] Fix deprecated python function
Reference:https://github.com/linux-audit/audit-userspace/commit/c344a8a370afed66e78db88c2d129f6672dae1e6
Conflict:NA
---
bindings/python/auparse_python.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c
index 78ef832c..1371ed54 100644
--- a/bindings/python/auparse_python.c
+++ b/bindings/python/auparse_python.c
@@ -290,7 +290,11 @@ static void auparse_callback(auparse_state_t *au,
if (debug) printf("<< auparse_callback\n");
arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type,
cb->user_data);
+#if PY_MINOR_VERSION >= 13
+ result = PyObject_CallObject(cb->func, arglist);
+#else
result = PyEval_CallObject(cb->func, arglist);
+#endif
Py_DECREF(arglist);
Py_XDECREF(result);
}
--
2.33.0

114
backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch Normal file
View File

@ -0,0 +1,114 @@
From 139c61a9007600c93702947179d7836be1bc8403 Mon Sep 17 00:00:00 2001
From: burnalting <burnalting@users.noreply.github.com>
Date: Thu, 11 Jan 2024 08:22:32 +1100
Subject: [PATCH] Issue343: Fix checkpoint issue to ensure all complete events
are gained (#345)
Co-authored-by: Burn Alting <burn@auditdtest.swtf.dyndns.org>
Reference:https://github.com/linux-audit/audit-userspace/commit/139c61a9007600c93702947179d7836be1bc8403
Conflict:NA
---
src/ausearch-lol.c | 33 +++++++++++++++++++++++++++++++++
src/ausearch-lol.h | 1 +
src/ausearch.c | 12 +++++++-----
3 files changed, 41 insertions(+), 5 deletions(-)
diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
index 9ed39d4f..bcfb9ad8 100644
--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
@@ -261,6 +261,32 @@ static void check_events(lol *lo, time_t sec)
}
}
+// This function will check events to see if they are complete but not compare against a given time
+static void check_events_without_time(lol *lo)
+{
+ int i;
+
+ for(i=0;i<=lo->maxi; i++) {
+ lolnode *cur = &lo->array[i];
+ if (cur->status == L_BUILDING) {
+ /* We now iterate over the event's records but without affecting the node's current
+ * pointer (cur->l->cur). That is, we don't call the list-* routines
+ * We could jump to the last record in the list which is normally a PROCTITLE, but this
+ * may not be guaranteed, so we check all record types
+ */
+ lnode *ln = cur->l->head;
+ while (ln) {
+ if (audit_is_last_record(ln->type)) {
+ cur->status = L_COMPLETE;
+ ready++;
+ break;
+ }
+ ln = ln->next;
+ }
+ }
+ }
+}
+
// This function adds a new record to an existing linked list
// or creates a new one if its a new event
int lol_add_record(lol *lo, char *buff)
@@ -360,6 +386,13 @@ void terminate_all_events(lol *lo)
}
}
+// This function will mark all events as complete if it can.
+void complete_all_events(lol *lo)
+{
+
+ check_events_without_time(lo);
+}
+
/* Search the list for any event that is ready to go. The caller
* takes custody of the memory */
llist* get_ready_event(lol *lo)
diff --git a/src/ausearch-lol.h b/src/ausearch-lol.h
index e189491e..427d083c 100644
--- a/src/ausearch-lol.h
+++ b/src/ausearch-lol.h
@@ -49,6 +49,7 @@ void lol_create(lol *lo);
void lol_clear(lol *lo);
int lol_add_record(lol *lo, char *buff);
void terminate_all_events(lol *lo);
+void complete_all_events(lol *lo);
llist* get_ready_event(lol *lo);
void lol_set_eoe_timeout(time_t new_eoe_tmo);
diff --git a/src/ausearch.c b/src/ausearch.c
index c8cafb5f..409e43e9 100644
--- a/src/ausearch.c
+++ b/src/ausearch.c
@@ -610,19 +610,21 @@ static int get_next_event(llist **l)
* If we get an EINTR error or we are at EOF, we check
* to see if we have any events to print and return
* appropriately. If we are the last file being
- * processed, we mark all incomplete events as
- * complete so they will be printed.
+ * processed, and we are not checkpointing, we mark all incomplete
+ * events as complete so they will be printed. If we are checkpointing
+ * we do an exhaustive validation to see if there are complete events still
*/
if ((ferror_unlocked(log_fd) &&
errno == EINTR) || feof_unlocked(log_fd)) {
/*
- * Only mark all events as L_COMPLETE if we are
+ * Only attempt to mark all events as L_COMPLETE if we are
* the last file being processed.
- * We DO NOT do this if we are checkpointing.
*/
if (files_to_process == 0) {
if (!checkpt_filename)
- terminate_all_events(&lo);
+ terminate_all_events(&lo); // terminate as we are not checkpointing
+ else
+ complete_all_events(&lo); // exhaustively check if we can complete events
}
*l = get_ready_event(&lo);
if (*l)
--
2.33.0

42
backport-lib-avoid-UB-on-sequence-wrap-around-347.patch Normal file
View File

@ -0,0 +1,42 @@
From f5c35d7d5e064af5ad31d22f900d148d932ad9b1 Mon Sep 17 00:00:00 2001
From: cgzones <cgzones@googlemail.com>
Date: Mon, 15 Jan 2024 21:44:04 +0100
Subject: [PATCH] lib: avoid UB on sequence wrap-around (#347)
Signed integer overflow is undefined, allowing compilers to optimize the
condition `++sequence < 0` away.
Reference:https://github.com/linux-audit/audit-userspace/commit/f5c35d7d5e064af5ad31d22f900d148d932ad9b1
Conflict:NA
---
lib/netlink.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/netlink.c b/lib/netlink.c
index 3381651a..4a6bd54d 100644
--- a/lib/netlink.c
+++ b/lib/netlink.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <errno.h>
#include <fcntl.h>
+#include <limits.h>
#include <time.h>
#include <sys/poll.h>
#include "libaudit.h"
@@ -204,8 +205,10 @@ int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq
return -errno;
}
- if (++sequence < 0)
+ if (sequence == INT_MAX)
sequence = 1;
+ else
+ sequence++;
*seq = sequence;
memset(&req, 0, sizeof(req));
--
2.33.0