backport patches from upstream

audit.spec

@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.0.9
-Release:            1
+Release:            2
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -14,6 +14,7 @@ Patch2:          bugfix-audit-reload-coredump.patch
 Patch3:          audit-Add-sw64-architecture.patch
 Patch4:          backport-audit-flex-array-workaround.patch
 Patch5:          backport-audit-undo-flex-array.patch
+Patch6:          backport-Try-to-interpret-OPENAT2-fields-correctly.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -95,6 +96,8 @@ cp /usr/include/linux/audit.h lib/
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+#The patch5 will be patched after the installation phase
+%patch6 -p1
 autoreconf -f -i
 
 %build
@@ -362,6 +365,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Fri Mar 24 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1:3.0.9-2
+- backport patches from upstream
+
 * Thu Feb 2 2023 zhangguangzhi<zhangguangzhi3@huawei.com> - 1:3.0.9-1
 - update version to 3.0.9
 

backport-Try-to-interpret-OPENAT2-fields-correctly.patch

@@ -0,0 +1,75 @@
+From 83214d7469274dbd60959e32f6c26dda016de048 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Wed, 8 Feb 2023 13:45:32 -0500
+Subject: [PATCH] Try to interpret OPENAT2 fields correctly
+
+Conflict: delete ChangeLog
+Reference:https://github.com/linux-audit/audit-userspace/commit/83214d7469274dbd60959e32f6c26dda016de048
+---
+ auparse/interpret.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 373851f..4d2f0d4 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -1490,15 +1490,15 @@ static const char *print_success(const char *val)
+ 		return strdup(val);
+ }
+ 
+-static const char *print_open_flags(const char *val)
++static const char *print_open_flags(const char *val, int base)
+ {
+ 	size_t i;
+-	unsigned int flags;
++	unsigned long flags;
+ 	int cnt = 0;
+ 	char *out, buf[sizeof(open_flag_strings)+OPEN_FLAG_NUM_ENTRIES+1];
+ 
+ 	errno = 0;
+-	flags = strtoul(val, NULL, 16);
++	flags = strtoul(val, NULL, base);
+         if (errno) {
+ 		if (asprintf(&out, "conversion error(%s)", val) < 0)
+ 			out = NULL;
+@@ -2504,10 +2504,10 @@ static const char *print_a1(const char *val, const idata *id)
+ 			else if (strcmp(sys, "mknod") == 0)
+ 				return print_mode(val, 16);
+ 			else if (strcmp(sys, "mq_open") == 0)
+-				return print_open_flags(val);
++				return print_open_flags(val, 16);
+ 		}
+ 		else if (strcmp(sys, "open") == 0)
+-			return print_open_flags(val);
++			return print_open_flags(val, 16);
+ 		else if (strcmp(sys, "access") == 0)
+ 			return print_access(val);
+ 		else if (strcmp(sys, "epoll_ctl") == 0)
+@@ -2581,11 +2581,11 @@ static const char *print_a2(const char *val, const idata *id)
+ 				goto normal;
+ 		} else if (*sys == 'o') {
+ 			if (strcmp(sys, "openat") == 0)
+-				return print_open_flags(val);
++				return print_open_flags(val, 16);
+ 			if ((strcmp(sys, "open") == 0) && (id->a1 & O_CREAT))
+ 				return print_mode_short(val, 16);
+ 			if (strcmp(sys, "open_by_handle_at") == 0)
+-			    return print_open_flags(val);
++			    return print_open_flags(val, 16);
+ 		} else if (*sys == 'f') {
+ 			if (strcmp(sys, "fchmodat") == 0)
+ 				return print_mode_short(val, 16);
+@@ -3256,8 +3256,8 @@ unknown:
+ 		case AUPARSE_TYPE_SECCOMP:
+ 			out = print_seccomp_code(id->val);
+ 			break;
+-		case AUPARSE_TYPE_OFLAG:
+-			out = print_open_flags(id->val);
++		case AUPARSE_TYPE_OFLAG: // AUDIT_OPENAT2,MQ_OPEN
++			out = print_open_flags(id->val, 0);
+ 			break;
+ 		case AUPARSE_TYPE_MMAP:
+ 			out = print_mmap(id->val);
+-- 
+2.33.0
+