packages/secDetector
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some bugfix patches

Browse Source
This commit is contained in:
zcfsite 2023-12-14 21:54:15 +08:00
parent 650a1f7375
commit 45ee54d25f
6 changed files with 658 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
Backport-fix-invalid-TUF-8-data-in-memory-corruption-module.patch Normal file
View File

@ -0,0 +1,63 @@
From b1a7122cfd360a9a3012555bc7e5821e1fbe7a34 Mon Sep 17 00:00:00 2001
From: yieux <yangxy79315@sina.com>
Date: Thu, 14 Dec 2023 17:02:34 +0800
Subject: [PATCH 4/4] fix invalid TUF-8 data in memory corruption module
---
.../analyze_unit/secDetector_save_check.c | 22 +++++++++----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/kerneldriver/core/analyze_unit/secDetector_save_check.c b/kerneldriver/core/analyze_unit/secDetector_save_check.c
index 72c4948..0ab40ce 100644
--- a/kerneldriver/core/analyze_unit/secDetector_save_check.c
+++ b/kerneldriver/core/analyze_unit/secDetector_save_check.c
@@ -124,25 +124,25 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
break;
}
if (measure_value != analyze_status_data->sc_data.data[data_index]) {
- pr_debug("[save_check]%s: original: %llx; now: %llx.!\n",
+ pr_debug("[save_check]%s: original: %lld; now: %lld.!\n",
cd->name, analyze_status_data->sc_data.data[data_index], measure_value);
- response_arrays[response_array_index] = kmalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
+ response_arrays[response_array_index] = kzalloc(strlen(cd->name) + REPORT_MORE_CHAR_LEN, GFP_KERNEL);
if (response_arrays[response_array_index] == NULL) {
- pr_err("kmalloc failed");
+ pr_err("kzalloc failed");
ret = -ENOMEM;
goto end;
}
- strcpy(response_arrays[response_array_index], "[save_check]");
+ strcpy(response_arrays[response_array_index], " secswitch_name=");
//应该有 workflow的名字
strncat(response_arrays[response_array_index], cd->name, strlen(cd->name));
- strcat(response_arrays[response_array_index],": original: ");
- sprintf(int_str, "%llx", analyze_status_data->sc_data.data[data_index]);
+ strcat(response_arrays[response_array_index]," old_value=");
+ sprintf(int_str, "%lld", analyze_status_data->sc_data.data[data_index]);
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
- strcat(response_arrays[response_array_index],"; now: ");
- sprintf(int_str, "%llx", measure_value);
+ strcat(response_arrays[response_array_index]," new_value=");
+ sprintf(int_str, "%lld", measure_value);
strncat(response_arrays[response_array_index], int_str, strlen(int_str));
- strcat(response_arrays[response_array_index],".!\n");
+ strcat(response_arrays[response_array_index],".\n");
response_data_char_len += strlen(response_arrays[response_array_index]);
ret = RESPONSE_REPORT;
@@ -156,9 +156,9 @@ static int analyze_save_check_normal(struct list_head *collect_data_list, analyz
timestamp_len = get_timestamp_str(&timestamp);
response_data->report_data.type = event_type;
response_data->report_data.len = response_data_char_len + timestamp_len;
- response_data->report_data.text = kmalloc(response_data->report_data.len + 1, GFP_KERNEL);
+ response_data->report_data.text = kzalloc(response_data->report_data.len + 1, GFP_KERNEL);
if (response_data->report_data.text == NULL) {
- pr_err("kmalloc failed");
+ pr_err("kzalloc failed");
ret = -ENOMEM;
goto end;
}
--
2.33.0

265
Backport-grpc-fix-coredump-in-Publish.patch Normal file
View File

@ -0,0 +1,265 @@
From 8dd0f6984ef002e30f3d7aa133a1a439fc5d0f95 Mon Sep 17 00:00:00 2001
From: chenjingwen <lhchenjw@gmail.com>
Date: Thu, 14 Dec 2023 21:55:10 +0800
Subject: [PATCH] grpc: fix coredump in Publish
fix coredump in Publish
Signed-off-by: chenjingwen <lhchenjw@gmail.com>
---
observer_agent/grpc_comm/server.cpp | 165 +++++++++++-----------------
1 file changed, 62 insertions(+), 103 deletions(-)
diff --git a/observer_agent/grpc_comm/server.cpp b/observer_agent/grpc_comm/server.cpp
index 938d09c..b858853 100644
--- a/observer_agent/grpc_comm/server.cpp
+++ b/observer_agent/grpc_comm/server.cpp
@@ -33,16 +33,21 @@ using grpc::ServerWriter;
static bool killed = false;
+class Subscribers {
+public:
+ int topic;
+ ServerWriter<Message> *writer;
+
+ Subscribers(int t, ServerWriter<Message> *w) : topic(t), writer(w) {}
+ Subscribers() : topic(0), writer(nullptr) {}
+};
+
class PubSubServiceImpl final : public SubManager::Service
{
public:
void CloseAllConnection(void)
{
- std::lock_guard<std::mutex> lk(wait_mutex);
-
- for (int i = 0; i < MAX_CONNECTION; i++) {
- connect_status[i] = false;
- }
+ std::lock_guard<std::mutex> lk(wait_mutex);
killed = true;
cv.notify_all();
@@ -55,50 +60,21 @@ class PubSubServiceImpl final : public SubManager::Service
std::string cli_name = request->sub_name();
Message msg;
Message keepalive_msg;
- int i = 0, tmp_index;
+ sub_mutex.lock();
if (connection_num >= MAX_CONNECTION) {
msg.set_text("over max connection number!");
- if (!writer->Write(msg))
- {
- std::cerr << "Failed to write the initial message" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- return grpc::Status(grpc::StatusCode::INTERNAL, "over max connection number, Failed to Subscribe the topic");
- }
-
- for (auto iter = suber_topic_[cli_name].begin(); iter != suber_topic_[cli_name].end(); iter++)
- {
- if ((*iter & cli_topic) != 0)
- {
- msg.set_text("this client name already subscribe the topic");
- if (!writer->Write(msg))
- {
- std::cerr << "Failed to write the initial message" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- return grpc::Status(grpc::StatusCode::INTERNAL, "this client name already subscribe the topic");
- }
- }
-
- sub_mutex.lock();
-
- for (tmp_index = 0; tmp_index < MAX_CONNECTION; tmp_index++)
- {
- if (!connect_status[tmp_index])
- break;
+ writer->Write(msg);
+ sub_mutex.unlock();
+ return grpc::Status(grpc::StatusCode::INTERNAL, "over max connection number");
}
- if (tmp_index == MAX_CONNECTION)
- {
+ auto iter = suber_topic_.find(cli_name);
+ if (iter != suber_topic_.end()) {
+ msg.set_text("this client name already subscribe the topic");
+ writer->Write(msg);
sub_mutex.unlock();
- msg.set_text("multi-process max connection number!");
- if (!writer->Write(msg))
- {
- std::cerr << "Failed to write the initial message" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- return grpc::Status(grpc::StatusCode::INTERNAL, "multi-process max connection number, Failed to Subscribe the topic");
+ return grpc::Status(grpc::StatusCode::INTERNAL, "this client name already subscribe the topic");
}
msg.set_text("topic: " + std::to_string(cli_topic) + " Subscribe success!");
@@ -109,65 +85,50 @@ class PubSubServiceImpl final : public SubManager::Service
return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
}
- suber_topic_[cli_name].push_back(cli_topic);
- suber_writer_[cli_name].push_back(writer);
- suber_connection_[cli_name].push_back(tmp_index);
- connect_status[tmp_index] = true;
+ std::cout << "Subscribe " << cli_name << " ok" << std::endl;
+ suber_topic_[cli_name] = Subscribers(cli_topic, writer);
connection_num++;
-
sub_mutex.unlock();
- keepalive_msg.set_text("keepalive");
- while (connect_status[tmp_index])
+ /* loop until connot write */
+ while (!killed)
{
- if (!writer->Write(keepalive_msg))
- {
- for (auto topic_item : suber_topic_[cli_name])
- {
- if (topic_item == cli_topic)
- {
- sub_mutex.lock();
- suber_topic_[cli_name].erase(suber_topic_[cli_name].begin() + i);
- suber_writer_[cli_name].erase(suber_writer_[cli_name].begin() + i);
- connect_status[suber_connection_[cli_name].at(i)] = false;
- suber_connection_[cli_name].erase(suber_connection_[cli_name].begin() + i);
- connection_num--;
- sub_mutex.unlock();
- break;
- }
- i++;
- }
+ sub_mutex.lock();
+ if (suber_topic_.count(cli_name) == 0) {
+ sub_mutex.unlock();
+ return grpc::Status::OK;
+ }
+
+ keepalive_msg.set_text("keepalive");
+ if (!writer->Write(keepalive_msg)) {
+ DeleteSubscriberByCliName(cli_name);
+ sub_mutex.unlock();
return grpc::Status(grpc::StatusCode::INTERNAL, "writer is lose!");
}
+ sub_mutex.unlock();
WaitKeeplive();
}
+
+ std::cout << cli_name << " is dead" << std::endl;
return grpc::Status::OK;
}
grpc::Status Publish(ServerContext *context, const PublishRequest *request, Message *response) override
{
+ std::lock_guard<std::mutex> lock(sub_mutex);
int cli_topic = request->topic();
std::string cli_data = request->data();
- int i = 0;
Message msg;
msg.set_text(cli_data);
for (auto iter = suber_topic_.begin(); iter != suber_topic_.end(); iter++)
{
- i = 0;
- for (auto topic_item : iter->second)
- {
- if ((topic_item & cli_topic) != 0)
- {
- auto &subscriber = suber_writer_[iter->first][i];
- if (!subscriber->Write(msg))
- {
- std::cerr << "Failed to write to a subscriber" << std::endl;
- return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
- }
- break;
+ Subscribers subscriber = iter->second;
+ if ((subscriber.topic & cli_topic) != 0) {
+ if (!subscriber.writer->Write(msg)) {
+ std::cerr << "Failed to write to a subscriber: " << iter->first << std::endl;
+ return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to write the message");
}
- i++;
}
}
@@ -177,8 +138,7 @@ class PubSubServiceImpl final : public SubManager::Service
grpc::Status UnSubscribe(ServerContext *context, const UnSubscribeRequest *request, Message *response) override
{
std::string cli_name = request->sub_name();
- int i = 0;
- int unsub_flag = 0;
+ std::lock_guard<std::mutex> lock(sub_mutex);
if (connection_num <= 0) {
response->set_text("connection_num <= 0, don't UnSubscribe!");
@@ -186,20 +146,7 @@ class PubSubServiceImpl final : public SubManager::Service
return grpc::Status(grpc::StatusCode::INTERNAL, "connection_num <= 0, Failed to UnSubscribe topic!");
}
- std::lock_guard<std::mutex> lock(sub_mutex);
-
- std::unordered_map<std::string, std::vector<int>>::iterator iter = suber_topic_.find(cli_name);
- if (iter != suber_topic_.end())
- {
- suber_topic_[cli_name].erase(suber_topic_[cli_name].begin() + i);
- suber_writer_[cli_name].erase(suber_writer_[cli_name].begin() + i);
- connect_status[suber_connection_[cli_name].at(i)] = false;
- suber_connection_[cli_name].erase(suber_connection_[cli_name].begin() + i);
- connection_num--;
- unsub_flag = 1;
- }
-
- if (!unsub_flag)
+ if (!DeleteSubscriberByCliName(cli_name))
{
response->set_text("don't exist the reader");
return grpc::Status(grpc::StatusCode::INTERNAL, "Failed to UnSubscribe reader!");
@@ -209,19 +156,31 @@ class PubSubServiceImpl final : public SubManager::Service
}
private:
- std::unordered_map<std::string, std::vector<int>> suber_topic_;
- std::unordered_map<std::string, std::vector<ServerWriter<Message> *>> suber_writer_;
- std::unordered_map<std::string, std::vector<int>> suber_connection_;
+ std::unordered_map<std::string, Subscribers> suber_topic_;
std::mutex sub_mutex;
std::mutex wait_mutex;
std::condition_variable cv;
int connection_num = 0;
- bool connect_status[MAX_CONNECTION] = {false};
void WaitKeeplive(void)
{
- std::unique_lock<std::mutex> lk(wait_mutex);
- cv.wait_for(lk, std::chrono::seconds(CHECK_TIME), []{ return killed; });
+ std::unique_lock<std::mutex> lk(wait_mutex);
+ cv.wait_for(lk, std::chrono::seconds(CHECK_TIME), []{ return killed; });
+ }
+
+ /* Must called with sub_mutex */
+ bool DeleteSubscriberByCliName(std::string &cli_name)
+ {
+ bool exist = false;
+ std::cout << "UnSubscribe " << cli_name << " ok" << std::endl;
+
+ auto it = suber_topic_.find(cli_name);
+ if (it != suber_topic_.end()) {
+ suber_topic_.erase(it);
+ connection_num--;
+ exist = true;
+ }
+ return exist;
}
};
--
2.33.0

224
Backport-modify-for-code-review.patch Normal file
View File

@ -0,0 +1,224 @@
From ea375b56fb92a954fcf16901773b3b8442128a5c Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Wed, 13 Dec 2023 15:34:53 +0800
Subject: [PATCH 2/4] modify for code review
---
.../cases/file_block/secDetector_file_block.c | 16 ++++++++--------
.../secDetector_kmodule_baseline.c | 5 ++++-
.../secDetector_mc_kmodule_baseline.c | 4 ++--
.../cases/task_block/secDetector_task_block.c | 16 ++++++++--------
.../core/analyze_unit/secDetector_analyze.c | 4 ++--
kerneldriver/core/secDetector_manager.c | 4 +++-
lib/secDetector_sdk.cpp | 6 +++---
7 files changed, 30 insertions(+), 25 deletions(-)
diff --git a/kerneldriver/cases/file_block/secDetector_file_block.c b/kerneldriver/cases/file_block/secDetector_file_block.c
index 7e0963d..b4972ee 100644
--- a/kerneldriver/cases/file_block/secDetector_file_block.c
+++ b/kerneldriver/cases/file_block/secDetector_file_block.c
@@ -35,7 +35,7 @@ static int file_write_check(struct secDetector_workflow *wf, struct file *file)
char *pathname = NULL;
response_data_t log;
bool matched = false;
- struct file_block_rules_item *item;
+ struct file_block_rules_item *item = NULL;
int ret = 0;
buf = kzalloc(BUF_SIZE, GFP_ATOMIC);
@@ -87,7 +87,7 @@ static struct secDetector_workflow workflow_array[] = {
static int proc_show(struct seq_file *m, void *v)
{
- struct file_block_rules_item *item;
+ struct file_block_rules_item *item = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry (item, &file_block_rule_list, list) {
@@ -104,8 +104,8 @@ static int proc_open(struct inode *inode, struct file *file)
static void clear_file_rule_list(void)
{
- struct file_block_rules_item *item;
- struct file_block_rules_item *tmp;
+ struct file_block_rules_item *item = NULL;
+ struct file_block_rules_item *tmp = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry_safe (item, tmp, &file_block_rule_list, list) {
@@ -121,10 +121,10 @@ static void clear_file_rule_list(void)
static ssize_t proc_write(struct file *file, const char __user *buffer,
size_t len, loff_t *offset)
{
- char *data;
- char *str;
- char *rule;
- struct file_block_rules_item *item;
+ char *data = NULL;
+ char *str = NULL;
+ char *rule = NULL;
+ struct file_block_rules_item *item = NULL;
ssize_t r = -EINVAL;
data = memdup_user_nul(buffer, len);
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
index 85411c0..4f59c14 100644
--- a/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_kmodule_baseline.c
@@ -17,7 +17,10 @@ DEFINE_MUTEX(case_kmodule_mutex);
static void check_watching_kmodule(void)
{
- mutex_lock(&case_kmodule_mutex);
+ if (mutex_trylock(&case_kmodule_mutex) == 0) {
+ pr_warn("[secDetector case kmodule baseline] check cann't getlock, ret\n");
+ return;
+ }
check_kmodule_baseline();
mutex_unlock(&case_kmodule_mutex);
}
diff --git a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
index cff1ff5..9a051ca 100644
--- a/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
+++ b/kerneldriver/cases/kmodule_baseline/secDetector_mc_kmodule_baseline.c
@@ -43,7 +43,7 @@ static int add_kmodule_baseline_name(const char *name)
return -1;
}
- name_len = strlen(name) < NAME_LEN ? strlen(name) : NAME_LEN;
+ name_len = strlen(name) < NAME_LEN ? strlen(name) : NAME_LEN - 1;
memcpy(module->module_name, name, name_len);
list_add(&module->list, &chkrkatt_module_list);
return 0;
@@ -86,7 +86,7 @@ static void report_kmodule_baseline(void)
list_for_each_entry_safe(get_module_name, get_module_name_next, &chkrkatt_module_list, list) {
if (get_module_name != NULL && get_module_name_next != NULL) {
/* 2: ', ' */
- if(sizeof(module_name_all) + sizeof(get_module_name->module_name) < NAME_LEN - 2 - header_msg_len) {
+ if(strlen(module_name_all) + strlen(get_module_name->module_name) < NAME_LEN - 2 - header_msg_len) {
strcat(module_name_all, get_module_name->module_name);
strcat(module_name_all, strtmp);
}
diff --git a/kerneldriver/cases/task_block/secDetector_task_block.c b/kerneldriver/cases/task_block/secDetector_task_block.c
index 94859e4..a46c5f5 100644
--- a/kerneldriver/cases/task_block/secDetector_task_block.c
+++ b/kerneldriver/cases/task_block/secDetector_task_block.c
@@ -37,7 +37,7 @@ static int task_bprm_check(struct secDetector_workflow *wf,
char *pathname = NULL;
response_data_t log;
bool matched = false;
- struct task_block_rules_item *item;
+ struct task_block_rules_item *item = NULL;
int ret = 0;
buf = kzalloc(BUF_SIZE, GFP_ATOMIC);
@@ -88,7 +88,7 @@ static struct secDetector_workflow workflow_array[] = {
static int proc_show(struct seq_file *m, void *v)
{
- struct task_block_rules_item *item;
+ struct task_block_rules_item *item = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry (item, &task_block_rule_list, list) {
@@ -105,8 +105,8 @@ static int proc_open(struct inode *inode, struct file *file)
static void clear_task_rule_list(void)
{
- struct task_block_rules_item *item;
- struct task_block_rules_item *tmp;
+ struct task_block_rules_item *item = NULL;
+ struct task_block_rules_item *tmp = NULL;
mutex_lock(&rules_mutex);
list_for_each_entry_safe (item, tmp, &task_block_rule_list, list) {
@@ -122,10 +122,10 @@ static void clear_task_rule_list(void)
static ssize_t proc_write(struct file *file, const char __user *buffer,
size_t len, loff_t *offset)
{
- char *data;
- char *str;
- char *rule;
- struct task_block_rules_item *item;
+ char *data = NULL;
+ char *str = NULL;
+ char *rule = NULL;
+ struct task_block_rules_item *item = NULL;
ssize_t r = -EINVAL;
data = memdup_user_nul(buffer, len);
diff --git a/kerneldriver/core/analyze_unit/secDetector_analyze.c b/kerneldriver/core/analyze_unit/secDetector_analyze.c
index 226e245..f345412 100644
--- a/kerneldriver/core/analyze_unit/secDetector_analyze.c
+++ b/kerneldriver/core/analyze_unit/secDetector_analyze.c
@@ -33,7 +33,7 @@ int get_timestamp_str(char **ret_str)
{
struct timespec64 ts;
struct tm stm;
- char *stm_str;
+ char *stm_str = NULL;
int stm_str_len = 0;
ktime_get_real_ts64(&ts);
@@ -65,4 +65,4 @@ int get_timestamp_str(char **ret_str)
kfree(stm_str);
return stm_str_len;
}
-EXPORT_SYMBOL_GPL(get_timestamp_str);
\ No newline at end of file
+EXPORT_SYMBOL_GPL(get_timestamp_str);
diff --git a/kerneldriver/core/secDetector_manager.c b/kerneldriver/core/secDetector_manager.c
index 4c88386..07b45d8 100644
--- a/kerneldriver/core/secDetector_manager.c
+++ b/kerneldriver/core/secDetector_manager.c
@@ -115,13 +115,15 @@ int secDetector_module_register(struct secDetector_module *module)
int i;
int module_id;
unsigned int callback_id = 0;
- struct secDetector_parameter *param = module->parameter;
+ struct secDetector_parameter *param = NULL;
if (module == NULL) {
pr_err("[secDetector] register module is null\n");
return -EINVAL;
}
+ param = module->parameter;
+
module_id = idr_alloc(&g_module_idr, module, 0, INT_MAX, GFP_KERNEL);
if (module_id < 0) {
pr_err("[secDetector] alloc module id failed\n");
diff --git a/lib/secDetector_sdk.cpp b/lib/secDetector_sdk.cpp
index 6b00953..a431377 100644
--- a/lib/secDetector_sdk.cpp
+++ b/lib/secDetector_sdk.cpp
@@ -34,7 +34,7 @@ extern "C" {
void *secSub(const int topic)
{
- PubSubClient *cur_client;
+ PubSubClient *cur_client = nullptr;
if (topic <= 0 || topic > ALLTOPIC) {
printf("lib secSub failed, topic:%d is error\n", topic);
return NULL;
@@ -64,7 +64,7 @@ void *secSub(const int topic)
void secUnsub(void *reader)
{
- PubSubClient *cur_client;
+ PubSubClient *cur_client = nullptr;
if (!reader)
return;
@@ -84,7 +84,7 @@ void secUnsub(void *reader)
void secReadFrom(void *reader, char *data, int data_len)
{
string msg("");
- PubSubClient *cur_client;
+ PubSubClient *cur_client = nullptr;
if (!data || data_len <= 1)
return
--
2.33.0

29
Backport-modify-for-secReadFrom-error.patch Normal file
View File

@ -0,0 +1,29 @@
From 2ed3096cab89564b1e7b95318260517b51573709 Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Thu, 14 Dec 2023 18:21:30 +0800
Subject: [PATCH 3/4] modify for secReadFrom error
---
lib/secDetector_sdk.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/secDetector_sdk.cpp b/lib/secDetector_sdk.cpp
index a431377..5bc189e 100644
--- a/lib/secDetector_sdk.cpp
+++ b/lib/secDetector_sdk.cpp
@@ -86,8 +86,10 @@ void secReadFrom(void *reader, char *data, int data_len)
string msg("");
PubSubClient *cur_client = nullptr;
- if (!data || data_len <= 1)
- return
+ if (!data || data_len <= 1) {
+ printf("lib secReadFrom data or data_len error\n");
+ return;
+ }
(void)memset(data, 0, data_len);
--
2.33.0

68
Backport-set-cmake-minimum-required-to-VERSION-3.22.patch Normal file
View File

@ -0,0 +1,68 @@
From 0a89d59f076bd9de9e997f76fd5088cf600bb685 Mon Sep 17 00:00:00 2001
From: zcfsite <zhchf2010@126.com>
Date: Wed, 6 Dec 2023 10:14:56 +0800
Subject: [PATCH 1/4] set cmake minimum required to VERSION 3.22
---
CMakeLists.txt | 2 +-
lib/CMakeLists.txt | 2 +-
observer_agent/CMakeLists.txt | 2 +-
observer_agent/ebpf/CMakeLists.txt | 2 +-
observer_agent/ebpf/file_ebpf/CMakeLists.txt | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1f44e4a..56c31c9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.1)
+cmake_minimum_required(VERSION 3.22)
project(secDetector)
add_subdirectory(observer_agent)
add_subdirectory(lib)
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index b3f61f1..6b1ee78 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.14.1)
+cmake_minimum_required(VERSION 3.22)
project(secDetector_sdk)
diff --git a/observer_agent/CMakeLists.txt b/observer_agent/CMakeLists.txt
index 8465044..f110b49 100644
--- a/observer_agent/CMakeLists.txt
+++ b/observer_agent/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.1)
+cmake_minimum_required(VERSION 3.22)
add_subdirectory(ebpf)
set(CMAKE_CXX_STANDARD 11)
diff --git a/observer_agent/ebpf/CMakeLists.txt b/observer_agent/ebpf/CMakeLists.txt
index 6b97de4..a5c9bbe 100644
--- a/observer_agent/ebpf/CMakeLists.txt
+++ b/observer_agent/ebpf/CMakeLists.txt
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.16)
+cmake_minimum_required(VERSION 3.22)
project(ebpf)
add_subdirectory(file_ebpf)
add_custom_target(ebpf
diff --git a/observer_agent/ebpf/file_ebpf/CMakeLists.txt b/observer_agent/ebpf/file_ebpf/CMakeLists.txt
index 9517832..e9e073a 100644
--- a/observer_agent/ebpf/file_ebpf/CMakeLists.txt
+++ b/observer_agent/ebpf/file_ebpf/CMakeLists.txt
@@ -1,6 +1,6 @@
# SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
-cmake_minimum_required(VERSION 3.16)
+cmake_minimum_required(VERSION 3.22)
project(file_ebpf)
add_custom_target(file_ebpf
COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/.output
--
2.33.0

10
secDetector.spec
View File

@ -5,7 +5,7 @@
Name : secDetector Name : secDetector
Summary : OS Security Intrusion Detection System Summary : OS Security Intrusion Detection System
Version : 1.0 Version : 1.0
Release : 11 Release : 12
License : GPL-2.0 License : GPL-2.0
Source0 : %{name}-v%{version}.tar.gz Source0 : %{name}-v%{version}.tar.gz
BuildRequires: kernel-devel kernel-headers BuildRequires: kernel-devel kernel-headers
@ -38,6 +38,11 @@ Patch0021: Backport-add-lock-limit-publish-API.patch
Patch0022: Backport-secDetectord-fix-a-grpc-hang-bug.patch Patch0022: Backport-secDetectord-fix-a-grpc-hang-bug.patch
Patch0023: Backport-secUnsub-del-topic.patch Patch0023: Backport-secUnsub-del-topic.patch
Patch0024: Backport-secUnsub-del-topic-in-README.patch Patch0024: Backport-secUnsub-del-topic-in-README.patch
Patch0025: Backport-modify-for-code-review.patch
Patch0026: Backport-modify-for-secReadFrom-error.patch
Patch0027: Backport-fix-invalid-TUF-8-data-in-memory-corruption-module.patch
Patch0028: Backport-set-cmake-minimum-required-to-VERSION-3.22.patch
Patch0029: Backport-grpc-fix-coredump-in-Publish.patch
%description %description
OS Security Intrusion Detection System OS Security Intrusion Detection System
@ -111,6 +116,9 @@ rm -rf %{buildroot}
%attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h %attr(0644,root,root) /usr/include/secDetector/secDetector_topic.h
%changelog %changelog
* Thu Dec 14 2023 zcfsite <zhchf2010@126.com> 1.0-12
- fix secReadFrom error,invalid TUF-8 data in mc module,publish coredump
* Mon Dec 11 2023 zhangguangzhi <zhangguangzhi3@huawei.com> 1.0-11 * Mon Dec 11 2023 zhangguangzhi <zhangguangzhi3@huawei.com> 1.0-11
- backport patch - backport patch