Bug fixes pulled from upstrean
This commit is contained in:
parent
894f78aa4a
commit
1f866afd4b
285
audit-3.9-1-aureport.patch
Normal file
285
audit-3.9-1-aureport.patch
Normal file
@ -0,0 +1,285 @@
|
|||||||
|
commit 5ccc65eba1807c12e603c4bdf6590d91cc52499a
|
||||||
|
Author: Steve Grubb <sgrubb@redhat.com>
|
||||||
|
Date: Sat Sep 2 09:58:46 2023 -0400
|
||||||
|
|
||||||
|
Speed up aureport --summary reports
|
||||||
|
|
||||||
|
diff --git a/src/ausearch-string.c b/src/ausearch-string.c
|
||||||
|
index 8dbec53..484c232 100644
|
||||||
|
--- a/src/ausearch-string.c
|
||||||
|
+++ b/src/ausearch-string.c
|
||||||
|
@@ -1,27 +1,28 @@
|
||||||
|
/*
|
||||||
|
-* ausearch-string.c - Minimal linked list library for strings
|
||||||
|
-* Copyright (c) 2005,2008,2014 Red Hat Inc., Durham, North Carolina.
|
||||||
|
-* All Rights Reserved.
|
||||||
|
-*
|
||||||
|
-* This software may be freely redistributed and/or modified under the
|
||||||
|
-* terms of the GNU General Public License as published by the Free
|
||||||
|
-* Software Foundation; either version 2, or (at your option) any
|
||||||
|
-* later version.
|
||||||
|
-*
|
||||||
|
-* This program is distributed in the hope that it will be useful,
|
||||||
|
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
-* GNU General Public License for more details.
|
||||||
|
-*
|
||||||
|
-* You should have received a copy of the GNU General Public License
|
||||||
|
-* along with this program; see the file COPYING. If not, write to the
|
||||||
|
-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
|
||||||
|
-* Boston, MA 02110-1335, USA.
|
||||||
|
-*
|
||||||
|
-* Authors:
|
||||||
|
-* Steve Grubb <sgrubb@redhat.com>
|
||||||
|
-*/
|
||||||
|
-
|
||||||
|
+ * ausearch-string.c - Minimal linked list library for strings
|
||||||
|
+ * Copyright (c) 2005,2008,2014,2023 Red Hat Inc.
|
||||||
|
+ * All Rights Reserved.
|
||||||
|
+ *
|
||||||
|
+ * This software may be freely redistributed and/or modified under the
|
||||||
|
+ * terms of the GNU General Public License as published by the Free
|
||||||
|
+ * Software Foundation; either version 2, or (at your option) any
|
||||||
|
+ * later version.
|
||||||
|
+ *
|
||||||
|
+ * This program is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License
|
||||||
|
+ * along with this program; see the file COPYING. If not, write to the
|
||||||
|
+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
|
||||||
|
+ * Boston, MA 02110-1335, USA.
|
||||||
|
+ *
|
||||||
|
+ * Authors:
|
||||||
|
+ * Steve Grubb <sgrubb@redhat.com>
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#pragma GCC optimize("O3,inline")
|
||||||
|
#include "ausearch-string.h"
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
@@ -31,28 +32,10 @@ void slist_create(slist *l)
|
||||||
|
{
|
||||||
|
l->head = NULL;
|
||||||
|
l->cur = NULL;
|
||||||
|
+ l->last = NULL;
|
||||||
|
l->cnt = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
-void slist_last(slist *l)
|
||||||
|
-{
|
||||||
|
- register snode* cur;
|
||||||
|
-
|
||||||
|
- if (l->head == NULL)
|
||||||
|
- return;
|
||||||
|
-
|
||||||
|
- // Try using cur so that we don't have to start at beginnning
|
||||||
|
- if (l->cur)
|
||||||
|
- cur = l->cur;
|
||||||
|
- else
|
||||||
|
- cur = l->head;
|
||||||
|
-
|
||||||
|
- // Loop until no next value
|
||||||
|
- while (cur->next)
|
||||||
|
- cur = cur->next;
|
||||||
|
- l->cur = cur;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
snode *slist_next(slist *l)
|
||||||
|
{
|
||||||
|
if (l->cur == NULL)
|
||||||
|
@@ -80,14 +63,14 @@ void slist_append(slist *l, snode *node)
|
||||||
|
newnode->hits = node->hits;
|
||||||
|
newnode->next = NULL;
|
||||||
|
|
||||||
|
- // Make sure cursor is at the end
|
||||||
|
- slist_last(l);
|
||||||
|
-
|
||||||
|
- // if we are at top, fix this up
|
||||||
|
- if (l->head == NULL)
|
||||||
|
+ // if the top is empty, add it there
|
||||||
|
+ if (l->head == NULL) {
|
||||||
|
l->head = newnode;
|
||||||
|
- else // Otherwise add pointer to newnode
|
||||||
|
- l->cur->next = newnode;
|
||||||
|
+ l->last = newnode;
|
||||||
|
+ } else { // Otherwise put at the end
|
||||||
|
+ l->last->next = newnode;
|
||||||
|
+ l->last = newnode;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
// make newnode current
|
||||||
|
l->cur = newnode;
|
||||||
|
@@ -109,25 +92,25 @@ void slist_clear(slist* l)
|
||||||
|
}
|
||||||
|
l->head = NULL;
|
||||||
|
l->cur = NULL;
|
||||||
|
+ l->last = NULL;
|
||||||
|
l->cnt = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
-/* This function dominates the timing of aureport. Needs to be more efficient */
|
||||||
|
int slist_add_if_uniq(slist *l, const char *str)
|
||||||
|
{
|
||||||
|
snode sn;
|
||||||
|
- register snode *cur;
|
||||||
|
+ register snode *cur;
|
||||||
|
|
||||||
|
if (str == NULL)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
- cur = l->head;
|
||||||
|
+ cur = l->head;
|
||||||
|
while (cur) {
|
||||||
|
if (strcmp(str, cur->str) == 0) {
|
||||||
|
cur->hits++;
|
||||||
|
l->cur = cur;
|
||||||
|
return 0;
|
||||||
|
- } else
|
||||||
|
+ } else
|
||||||
|
cur = cur->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -140,7 +123,7 @@ int slist_add_if_uniq(slist *l, const char *str)
|
||||||
|
}
|
||||||
|
|
||||||
|
// If lprev would be NULL, use l->head
|
||||||
|
-static void swap_nodes(snode *lprev, snode *left, snode *right)
|
||||||
|
+static inline void swap_nodes(snode *lprev, snode *left, snode *right)
|
||||||
|
{
|
||||||
|
snode *t = right->next;
|
||||||
|
if (lprev)
|
||||||
|
@@ -150,17 +133,13 @@ static void swap_nodes(snode *lprev, snode *left, snode *right)
|
||||||
|
}
|
||||||
|
|
||||||
|
// This will sort the list from most hits to least
|
||||||
|
-void slist_sort_by_hits(slist *l)
|
||||||
|
+static void old_sort_by_hits(slist *l)
|
||||||
|
{
|
||||||
|
register snode* cur, *prev;
|
||||||
|
-
|
||||||
|
- if (l->cnt <= 1)
|
||||||
|
- return;
|
||||||
|
-
|
||||||
|
prev = cur = l->head;
|
||||||
|
|
||||||
|
while (cur && cur->next) {
|
||||||
|
- /* If the next node is bigger */
|
||||||
|
+ // If the next node is bigger
|
||||||
|
if (cur->hits < cur->next->hits) {
|
||||||
|
if (cur == l->head) {
|
||||||
|
// Update the actual list head
|
||||||
|
@@ -180,3 +159,82 @@ void slist_sort_by_hits(slist *l)
|
||||||
|
l->cur = l->head;
|
||||||
|
}
|
||||||
|
|
||||||
|
+// Merge two sorted lists
|
||||||
|
+static snode* slist_merge_sorted_lists(snode *a, snode *b)
|
||||||
|
+{
|
||||||
|
+ snode dummy;
|
||||||
|
+ snode *tail = &dummy;
|
||||||
|
+ dummy.next = NULL;
|
||||||
|
+
|
||||||
|
+ while (a && b) {
|
||||||
|
+ if (a->hits >= b->hits) {
|
||||||
|
+ tail->next = a;
|
||||||
|
+ a = a->next;
|
||||||
|
+ } else {
|
||||||
|
+ tail->next = b;
|
||||||
|
+ b = b->next;
|
||||||
|
+ }
|
||||||
|
+ tail = tail->next;
|
||||||
|
+ }
|
||||||
|
+ tail->next = a ? a : b;
|
||||||
|
+ return dummy.next;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// Split the list into two halves
|
||||||
|
+static void slist_split_list(snode *head, snode **front, snode **back)
|
||||||
|
+{
|
||||||
|
+ snode *fast, *slow;
|
||||||
|
+ slow = head;
|
||||||
|
+ fast = head->next;
|
||||||
|
+
|
||||||
|
+ while (fast) {
|
||||||
|
+ fast = fast->next;
|
||||||
|
+ if (fast) {
|
||||||
|
+ slow = slow->next;
|
||||||
|
+ fast = fast->next;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ *front = head;
|
||||||
|
+ *back = slow->next;
|
||||||
|
+ slow->next = NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// Merge sort for linked list
|
||||||
|
+static void slist_merge_sort(snode **head_ref)
|
||||||
|
+{
|
||||||
|
+ snode *head = *head_ref;
|
||||||
|
+ snode *a, *b;
|
||||||
|
+
|
||||||
|
+ if (!head || !head->next)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ slist_split_list(head, &a, &b);
|
||||||
|
+
|
||||||
|
+ slist_merge_sort(&a);
|
||||||
|
+ slist_merge_sort(&b);
|
||||||
|
+
|
||||||
|
+ *head_ref = slist_merge_sorted_lists(a, b);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// This function dominates aureport --summary --kind output
|
||||||
|
+void slist_sort_by_hits(slist *l)
|
||||||
|
+{
|
||||||
|
+ if (l->cnt <= 1)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ // If the list is small, use old algorithm because
|
||||||
|
+ // the new one has some overhead that makes it slower
|
||||||
|
+ // until the list is big enough that the inefficiencies
|
||||||
|
+ // of the old algorithm cause slowness. The value chosen
|
||||||
|
+ // below is just a guess. At 100, the old algorithm is
|
||||||
|
+ // faster. At 1000, the new one is 5x faster.
|
||||||
|
+ if (l->cnt < 200)
|
||||||
|
+ return old_sort_by_hits(l);
|
||||||
|
+
|
||||||
|
+ slist_merge_sort(&l->head);
|
||||||
|
+
|
||||||
|
+ // End with cur pointing at first record
|
||||||
|
+ l->cur = l->head;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
diff --git a/src/ausearch-string.h b/src/ausearch-string.h
|
||||||
|
index 1cfc4a6..5fcf1ee 100644
|
||||||
|
--- a/src/ausearch-string.h
|
||||||
|
+++ b/src/ausearch-string.h
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* ausearch-string.h - Header file for ausearch-string.c
|
||||||
|
-* Copyright (c) 2005,2008 Red Hat Inc., Durham, North Carolina.
|
||||||
|
+* Copyright (c) 2005,2008,2023 Red Hat Inc.
|
||||||
|
* All Rights Reserved.
|
||||||
|
*
|
||||||
|
* This software may be freely redistributed and/or modified under the
|
||||||
|
@@ -15,7 +15,7 @@
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; see the file COPYING. If not, write to the
|
||||||
|
-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
|
||||||
|
+* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
|
||||||
|
* Boston, MA 02110-1335, USA.
|
||||||
|
*
|
||||||
|
* Authors:
|
||||||
|
@@ -41,6 +41,7 @@ typedef struct _snode{
|
||||||
|
typedef struct {
|
||||||
|
snode *head; // List head
|
||||||
|
snode *cur; // Pointer to current node
|
||||||
|
+ snode *last; // Pointer to current node
|
||||||
|
unsigned int cnt; // How many items in this list
|
||||||
|
} slist;
|
||||||
|
|
19
audit-3.9-2-no-io_uring.patch
Normal file
19
audit-3.9-2-no-io_uring.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
commit b4cc077dac3e9bee1df59ee04cb2c466bc603033
|
||||||
|
Author: Steve Grubb <sgrubb@redhat.com>
|
||||||
|
Date: Wed Nov 1 15:14:25 2023 -0400
|
||||||
|
|
||||||
|
completely disable io_uring code in libev
|
||||||
|
|
||||||
|
diff --git a/src/libev/ev.c b/src/libev/ev.c
|
||||||
|
index a4ef36f..c4a0070 100644
|
||||||
|
--- a/src/libev/ev.c
|
||||||
|
+++ b/src/libev/ev.c
|
||||||
|
@@ -128,7 +128,7 @@
|
||||||
|
|
||||||
|
# if HAVE_LINUX_FS_H && HAVE_SYS_TIMERFD_H && HAVE_KERNEL_RWF_T
|
||||||
|
# ifndef EV_USE_IOURING
|
||||||
|
-# define EV_USE_IOURING EV_FEATURE_BACKENDS
|
||||||
|
+# define EV_USE_IOURING 0 // Intentionally drop the io_uring backend
|
||||||
|
# endif
|
||||||
|
# else
|
||||||
|
# undef EV_USE_IOURING
|
19
audit-3.9-3-fix-arg.patch
Normal file
19
audit-3.9-3-fix-arg.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
commit 59c886a671c53741399fe9dea710c2bf1ae3d8f4
|
||||||
|
Author: Steve Grubb <sgrubb@redhat.com>
|
||||||
|
Date: Wed Nov 1 15:40:32 2023 -0400
|
||||||
|
|
||||||
|
use correct arg in audit_add_perm_syscalls
|
||||||
|
|
||||||
|
diff --git a/lib/libaudit.c b/lib/libaudit.c
|
||||||
|
index 563cc2f..0a52285 100644
|
||||||
|
--- a/lib/libaudit.c
|
||||||
|
+++ b/lib/libaudit.c
|
||||||
|
@@ -1522,7 +1522,7 @@ static int audit_add_perm_syscalls(int perm, struct audit_rule_data *rule)
|
||||||
|
_audit_syscalladded = 1;
|
||||||
|
break;
|
||||||
|
case -1: // Should never happen
|
||||||
|
- audit_msg(LOG_ERR, "Syscall name unknown: %s", syscall);
|
||||||
|
+ audit_msg(LOG_ERR, "Syscall name unknown: %s", syscalls);
|
||||||
|
break;
|
||||||
|
default: // Error reported - do nothing here
|
||||||
|
break;
|
25
audit-3.9-4-fix-leak.patch
Normal file
25
audit-3.9-4-fix-leak.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
commit e1b75c41b3bd4f7de981b1c89b3a23c64cda53e1
|
||||||
|
Author: cgzones <cgzones@googlemail.com>
|
||||||
|
Date: Wed Nov 1 20:35:40 2023 +0100
|
||||||
|
|
||||||
|
lib: close audit socket in load_feature_bitmap() (#334)
|
||||||
|
|
||||||
|
diff --git a/lib/libaudit.c b/lib/libaudit.c
|
||||||
|
index 0a52285..72b25a9 100644
|
||||||
|
--- a/lib/libaudit.c
|
||||||
|
+++ b/lib/libaudit.c
|
||||||
|
@@ -657,12 +657,14 @@ static void load_feature_bitmap(void)
|
||||||
|
|
||||||
|
/* Found it... */
|
||||||
|
features_bitmap = rep.status->feature_bitmap;
|
||||||
|
+ audit_close(fd);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
features_bitmap = AUDIT_FEATURES_UNSUPPORTED;
|
||||||
|
+ audit_close(fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
uint32_t audit_get_features(void)
|
19
audit-3.9-5-mk-static.patch
Normal file
19
audit-3.9-5-mk-static.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
commit 73c9ce37b15a963c6e609906d232b0a6ea9c741f
|
||||||
|
Author: Steve Grubb <sgrubb@redhat.com>
|
||||||
|
Date: Wed Nov 1 17:22:47 2023 -0400
|
||||||
|
|
||||||
|
declare file local function static
|
||||||
|
|
||||||
|
diff --git a/lib/libaudit.c b/lib/libaudit.c
|
||||||
|
index 72b25a9..cfbad1d 100644
|
||||||
|
--- a/lib/libaudit.c
|
||||||
|
+++ b/lib/libaudit.c
|
||||||
|
@@ -997,7 +997,7 @@ uint32_t audit_get_session(void)
|
||||||
|
return ses;
|
||||||
|
}
|
||||||
|
|
||||||
|
-int audit_rule_syscall_data(struct audit_rule_data *rule, int scall)
|
||||||
|
+static int audit_rule_syscall_data(struct audit_rule_data *rule, int scall)
|
||||||
|
{
|
||||||
|
int word = AUDIT_WORD(scall);
|
||||||
|
int bit = AUDIT_BIT(scall);
|
15
audit.spec
15
audit.spec
@ -2,11 +2,16 @@
|
|||||||
Summary: User space tools for kernel auditing
|
Summary: User space tools for kernel auditing
|
||||||
Name: audit
|
Name: audit
|
||||||
Version: 3.1.2
|
Version: 3.1.2
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
License: GPL-2.0-or-later AND LGPL-2.0-or-later
|
License: GPL-2.0-or-later AND LGPL-2.0-or-later
|
||||||
URL: http://people.redhat.com/sgrubb/audit/
|
URL: http://people.redhat.com/sgrubb/audit/
|
||||||
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
||||||
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
|
||||||
|
Patch1: audit-3.9-1-aureport.patch
|
||||||
|
Patch2: audit-3.9-2-no-io_uring.patch
|
||||||
|
Patch3: audit-3.9-3-fix-arg.patch
|
||||||
|
Patch4: audit-3.9-4-fix-leak.patch
|
||||||
|
Patch5: audit-3.9-5-mk-static.patch
|
||||||
|
|
||||||
BuildRequires: make gcc
|
BuildRequires: make gcc
|
||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
@ -89,6 +94,11 @@ Management Facility) database, through an IBM Tivoli Directory Server
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
|
%patch 1 -p1
|
||||||
|
%patch 2 -p1
|
||||||
|
%patch 3 -p1
|
||||||
|
%patch 4 -p1
|
||||||
|
%patch 5 -p1
|
||||||
|
|
||||||
# Remove the ids code, its not ready
|
# Remove the ids code, its not ready
|
||||||
sed -i 's/ ids / /' audisp/plugins/Makefile.am
|
sed -i 's/ ids / /' audisp/plugins/Makefile.am
|
||||||
@ -268,6 +278,9 @@ fi
|
|||||||
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
|
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Nov 04 2023 Steve Grubb <sgrubb@redhat.com> 3.1.2-5
|
||||||
|
- Bug fixes pulled from upstrean
|
||||||
|
|
||||||
* Wed Sep 13 2023 Dusty Mabe <dusty@dustymabe.com> 3.1.2-4
|
* Wed Sep 13 2023 Dusty Mabe <dusty@dustymabe.com> 3.1.2-4
|
||||||
- Remove initscripts-service from Requires(postun)
|
- Remove initscripts-service from Requires(postun)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user