From 1f866afd4b0ea22e1f5125e65ab3e303697389da Mon Sep 17 00:00:00 2001
From: Steve Grubb <ausearch.1@gmail.com>
Date: Sat, 4 Nov 2023 11:13:13 -0400
Subject: [PATCH] Bug fixes pulled from upstrean

---
 audit-3.9-1-aureport.patch    | 285 ++++++++++++++++++++++++++++++++++
 audit-3.9-2-no-io_uring.patch |  19 +++
 audit-3.9-3-fix-arg.patch     |  19 +++
 audit-3.9-4-fix-leak.patch    |  25 +++
 audit-3.9-5-mk-static.patch   |  19 +++
 audit.spec                    |  15 +-
 6 files changed, 381 insertions(+), 1 deletion(-)
 create mode 100644 audit-3.9-1-aureport.patch
 create mode 100644 audit-3.9-2-no-io_uring.patch
 create mode 100644 audit-3.9-3-fix-arg.patch
 create mode 100644 audit-3.9-4-fix-leak.patch
 create mode 100644 audit-3.9-5-mk-static.patch

diff --git a/audit-3.9-1-aureport.patch b/audit-3.9-1-aureport.patch
new file mode 100644
index 0000000..165ab55
--- /dev/null
+++ b/audit-3.9-1-aureport.patch
@@ -0,0 +1,285 @@
+commit 5ccc65eba1807c12e603c4bdf6590d91cc52499a
+Author: Steve Grubb <sgrubb@redhat.com>
+Date:   Sat Sep 2 09:58:46 2023 -0400
+
+    Speed up aureport --summary reports
+
+diff --git a/src/ausearch-string.c b/src/ausearch-string.c
+index 8dbec53..484c232 100644
+--- a/src/ausearch-string.c
++++ b/src/ausearch-string.c
+@@ -1,27 +1,28 @@
+ /*
+-* ausearch-string.c - Minimal linked list library for strings
+-* Copyright (c) 2005,2008,2014 Red Hat Inc., Durham, North Carolina.
+-* All Rights Reserved. 
+-*
+-* This software may be freely redistributed and/or modified under the
+-* terms of the GNU General Public License as published by the Free
+-* Software Foundation; either version 2, or (at your option) any
+-* later version.
+-*
+-* This program is distributed in the hope that it will be useful,
+-* but WITHOUT ANY WARRANTY; without even the implied warranty of
+-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+-* GNU General Public License for more details.
+-*
+-* You should have received a copy of the GNU General Public License
+-* along with this program; see the file COPYING. If not, write to the
+-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 
+-* Boston, MA 02110-1335, USA.
+-*
+-* Authors:
+-*   Steve Grubb <sgrubb@redhat.com>
+-*/
+-
++ * ausearch-string.c - Minimal linked list library for strings
++ * Copyright (c) 2005,2008,2014,2023 Red Hat Inc.
++ * All Rights Reserved.
++ *
++ * This software may be freely redistributed and/or modified under the
++ * terms of the GNU General Public License as published by the Free
++ * Software Foundation; either version 2, or (at your option) any
++ * later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; see the file COPYING. If not, write to the
++ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
++ * Boston, MA 02110-1335, USA.
++ *
++ * Authors:
++ *   Steve Grubb <sgrubb@redhat.com>
++ */
++
++#pragma GCC optimize("O3,inline")
+ #include "ausearch-string.h"
+ #include <stdlib.h>
+ #include <string.h>
+@@ -31,28 +32,10 @@ void slist_create(slist *l)
+ {
+ 	l->head = NULL;
+ 	l->cur = NULL;
++	l->last = NULL;
+ 	l->cnt = 0;
+ }
+ 
+-void slist_last(slist *l)
+-{
+-        register snode* cur;
+-	
+-	if (l->head == NULL)
+-		return;
+-
+-	// Try using cur so that we don't have to start at beginnning
+-	if (l->cur)
+-		cur = l->cur;
+-	else
+-	        cur = l->head;
+-
+-	// Loop until no next value
+-	while (cur->next)
+-		cur = cur->next;
+-	l->cur = cur;
+-}
+-
+ snode *slist_next(slist *l)
+ {
+ 	if (l->cur == NULL)
+@@ -80,14 +63,14 @@ void slist_append(slist *l, snode *node)
+ 	newnode->hits = node->hits;
+ 	newnode->next = NULL;
+ 
+-	// Make sure cursor is at the end
+-	slist_last(l);
+-
+-	// if we are at top, fix this up
+-	if (l->head == NULL)
++	// if the top is empty, add it there
++	if (l->head == NULL) {
+ 		l->head = newnode;
+-	else	// Otherwise add pointer to newnode
+-		l->cur->next = newnode;
++		l->last = newnode;
++	} else { // Otherwise put at the end
++		l->last->next = newnode;
++		l->last = newnode;
++	}
+ 
+ 	// make newnode current
+ 	l->cur = newnode;
+@@ -109,25 +92,25 @@ void slist_clear(slist* l)
+ 	}
+ 	l->head = NULL;
+ 	l->cur = NULL;
++	l->last = NULL;
+ 	l->cnt = 0;
+ }
+ 
+-/* This function dominates the timing of aureport. Needs to be more efficient */
+ int slist_add_if_uniq(slist *l, const char *str)
+ {
+ 	snode sn;
+-        register snode *cur;
++	register snode *cur;
+ 
+ 	if (str == NULL)
+ 		return -1;
+ 
+-       	cur = l->head;
++	cur = l->head;
+ 	while (cur) {
+ 		if (strcmp(str, cur->str) == 0) {
+ 			cur->hits++;
+ 			l->cur = cur;
+ 			return 0;
+-		} else 
++		} else
+ 			cur = cur->next;
+ 	}
+ 
+@@ -140,7 +123,7 @@ int slist_add_if_uniq(slist *l, const char *str)
+ }
+ 
+ // If lprev would be NULL, use l->head
+-static void swap_nodes(snode *lprev, snode *left, snode *right)
++static inline void swap_nodes(snode *lprev, snode *left, snode *right)
+ {
+ 	snode *t = right->next;
+ 	if (lprev)
+@@ -150,17 +133,13 @@ static void swap_nodes(snode *lprev, snode *left, snode *right)
+ }
+ 
+ // This will sort the list from most hits to least
+-void slist_sort_by_hits(slist *l)
++static void old_sort_by_hits(slist *l)
+ {
+ 	register snode* cur, *prev;
+-
+-	if (l->cnt <= 1)
+-		return;
+-
+ 	prev = cur = l->head;
+ 
+ 	while (cur && cur->next) {
+-		/* If the next node is bigger */
++		// If the next node is bigger
+ 		if (cur->hits < cur->next->hits) {
+ 			if (cur == l->head) {
+ 				// Update the actual list head
+@@ -180,3 +159,82 @@ void slist_sort_by_hits(slist *l)
+ 	l->cur = l->head;
+ }
+ 
++// Merge two sorted lists
++static snode* slist_merge_sorted_lists(snode *a, snode *b)
++{
++	snode dummy;
++	snode *tail = &dummy;
++	dummy.next = NULL;
++
++	while (a && b) {
++		if (a->hits >= b->hits) {
++			tail->next = a;
++			a = a->next;
++		} else {
++			tail->next = b;
++			b = b->next;
++		}
++		tail = tail->next;
++	}
++	tail->next = a ? a : b;
++	return dummy.next;
++}
++
++// Split the list into two halves
++static void slist_split_list(snode *head, snode **front, snode **back)
++{
++	snode *fast, *slow;
++	slow = head;
++	fast = head->next;
++
++	while (fast) {
++		fast = fast->next;
++		if (fast) {
++			slow = slow->next;
++			fast = fast->next;
++		}
++	}
++
++	*front = head;
++	*back = slow->next;
++	slow->next = NULL;
++}
++
++// Merge sort for linked list
++static void slist_merge_sort(snode **head_ref)
++{
++	snode *head = *head_ref;
++	snode *a, *b;
++
++	if (!head || !head->next)
++		return;
++
++	slist_split_list(head, &a, &b);
++
++	slist_merge_sort(&a);
++	slist_merge_sort(&b);
++
++	*head_ref = slist_merge_sorted_lists(a, b);
++}
++
++// This function dominates aureport --summary --kind output
++void slist_sort_by_hits(slist *l)
++{
++	if (l->cnt <= 1)
++		return;
++
++	// If the list is small, use old algorithm because
++	// the new one has some overhead that makes it slower
++	// until the list is big enough that the inefficiencies
++	// of the old algorithm cause slowness. The value chosen
++	// below is just a guess. At 100, the old algorithm is
++	// faster. At 1000, the new one is 5x faster.
++	if (l->cnt < 200)
++		return old_sort_by_hits(l);
++
++	slist_merge_sort(&l->head);
++
++	// End with cur pointing at first record
++	l->cur = l->head;
++}
++
+diff --git a/src/ausearch-string.h b/src/ausearch-string.h
+index 1cfc4a6..5fcf1ee 100644
+--- a/src/ausearch-string.h
++++ b/src/ausearch-string.h
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-string.h - Header file for ausearch-string.c
+-* Copyright (c) 2005,2008 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2005,2008,2023 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -15,7 +15,7 @@
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING. If not, write to the
+-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 
++* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
+ * Boston, MA 02110-1335, USA.
+ *
+ * Authors:
+@@ -41,6 +41,7 @@ typedef struct _snode{
+ typedef struct {
+   snode *head;		// List head
+   snode *cur;		// Pointer to current node
++  snode *last;		// Pointer to current node
+   unsigned int cnt;	// How many items in this list
+ } slist;
+ 
diff --git a/audit-3.9-2-no-io_uring.patch b/audit-3.9-2-no-io_uring.patch
new file mode 100644
index 0000000..a72d8a7
--- /dev/null
+++ b/audit-3.9-2-no-io_uring.patch
@@ -0,0 +1,19 @@
+commit b4cc077dac3e9bee1df59ee04cb2c466bc603033
+Author: Steve Grubb <sgrubb@redhat.com>
+Date:   Wed Nov 1 15:14:25 2023 -0400
+
+    completely disable io_uring code in libev
+
+diff --git a/src/libev/ev.c b/src/libev/ev.c
+index a4ef36f..c4a0070 100644
+--- a/src/libev/ev.c
++++ b/src/libev/ev.c
+@@ -128,7 +128,7 @@
+    
+ # if HAVE_LINUX_FS_H && HAVE_SYS_TIMERFD_H && HAVE_KERNEL_RWF_T
+ #  ifndef EV_USE_IOURING
+-#   define EV_USE_IOURING EV_FEATURE_BACKENDS
++#   define EV_USE_IOURING 0  // Intentionally drop the io_uring backend
+ #  endif
+ # else
+ #  undef EV_USE_IOURING
diff --git a/audit-3.9-3-fix-arg.patch b/audit-3.9-3-fix-arg.patch
new file mode 100644
index 0000000..be67c37
--- /dev/null
+++ b/audit-3.9-3-fix-arg.patch
@@ -0,0 +1,19 @@
+commit 59c886a671c53741399fe9dea710c2bf1ae3d8f4
+Author: Steve Grubb <sgrubb@redhat.com>
+Date:   Wed Nov 1 15:40:32 2023 -0400
+
+    use correct arg in audit_add_perm_syscalls
+
+diff --git a/lib/libaudit.c b/lib/libaudit.c
+index 563cc2f..0a52285 100644
+--- a/lib/libaudit.c
++++ b/lib/libaudit.c
+@@ -1522,7 +1522,7 @@ static int audit_add_perm_syscalls(int perm, struct audit_rule_data *rule)
+ 		_audit_syscalladded = 1;
+ 		break;
+ 	case -1: // Should never happen
+-		audit_msg(LOG_ERR, "Syscall name unknown: %s", syscall);
++		audit_msg(LOG_ERR, "Syscall name unknown: %s", syscalls);
+ 		break;
+ 	default: // Error reported - do nothing here
+ 		break;
diff --git a/audit-3.9-4-fix-leak.patch b/audit-3.9-4-fix-leak.patch
new file mode 100644
index 0000000..c5da715
--- /dev/null
+++ b/audit-3.9-4-fix-leak.patch
@@ -0,0 +1,25 @@
+commit e1b75c41b3bd4f7de981b1c89b3a23c64cda53e1
+Author: cgzones <cgzones@googlemail.com>
+Date:   Wed Nov 1 20:35:40 2023 +0100
+
+    lib: close audit socket in load_feature_bitmap() (#334)
+
+diff --git a/lib/libaudit.c b/lib/libaudit.c
+index 0a52285..72b25a9 100644
+--- a/lib/libaudit.c
++++ b/lib/libaudit.c
+@@ -657,12 +657,14 @@ static void load_feature_bitmap(void)
+ 
+ 				/* Found it... */
+ 				features_bitmap = rep.status->feature_bitmap;
++				audit_close(fd);
+ 				return;
+ 			}
+ 		}
+ 	}
+ #endif
+ 	features_bitmap = AUDIT_FEATURES_UNSUPPORTED;
++	audit_close(fd);
+ }
+ 
+ uint32_t audit_get_features(void)
diff --git a/audit-3.9-5-mk-static.patch b/audit-3.9-5-mk-static.patch
new file mode 100644
index 0000000..f2bcb5a
--- /dev/null
+++ b/audit-3.9-5-mk-static.patch
@@ -0,0 +1,19 @@
+commit 73c9ce37b15a963c6e609906d232b0a6ea9c741f
+Author: Steve Grubb <sgrubb@redhat.com>
+Date:   Wed Nov 1 17:22:47 2023 -0400
+
+    declare file local function static
+
+diff --git a/lib/libaudit.c b/lib/libaudit.c
+index 72b25a9..cfbad1d 100644
+--- a/lib/libaudit.c
++++ b/lib/libaudit.c
+@@ -997,7 +997,7 @@ uint32_t audit_get_session(void)
+ 		return ses;
+ }
+ 
+-int audit_rule_syscall_data(struct audit_rule_data *rule, int scall)
++static int audit_rule_syscall_data(struct audit_rule_data *rule, int scall)
+ {
+ 	int word = AUDIT_WORD(scall);
+ 	int bit  = AUDIT_BIT(scall);
diff --git a/audit.spec b/audit.spec
index ae9888f..e5ab485 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,11 +2,16 @@
 Summary: User space tools for kernel auditing
 Name: audit
 Version: 3.1.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
+Patch1: audit-3.9-1-aureport.patch
+Patch2: audit-3.9-2-no-io_uring.patch
+Patch3: audit-3.9-3-fix-arg.patch
+Patch4: audit-3.9-4-fix-leak.patch
+Patch5: audit-3.9-5-mk-static.patch
 
 BuildRequires: make gcc
 BuildRequires: krb5-devel
@@ -89,6 +94,11 @@ Management Facility) database, through an IBM Tivoli Directory Server
 %prep
 %setup -q
 cp %{SOURCE1} .
+%patch 1 -p1 
+%patch 2 -p1 
+%patch 3 -p1 
+%patch 4 -p1 
+%patch 5 -p1 
 
 # Remove the ids code, its not ready
 sed -i 's/ ids / /' audisp/plugins/Makefile.am
@@ -268,6 +278,9 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
 
 %changelog
+* Sat Nov 04 2023 Steve Grubb <sgrubb@redhat.com> 3.1.2-5
+- Bug fixes pulled from upstrean
+
 * Wed Sep 13 2023 Dusty Mabe <dusty@dustymabe.com> 3.1.2-4
 - Remove initscripts-service from Requires(postun)