From 2281cf5185cec9c78ec31152399c2d2da389320d Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Thu, 22 Jun 2023 09:40:53 +0200
Subject: [PATCH] RHEL 9.3.0 ERRATUM

- Introduce new fanotify record fields
Resolves: rhbz#2216666

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
 audit-3.1-fanotify-records.patch | 122 +++++++++++++++++++++++++++++++
 audit.spec                       |  20 +++--
 2 files changed, 136 insertions(+), 6 deletions(-)
 create mode 100644 audit-3.1-fanotify-records.patch

diff --git a/audit-3.1-fanotify-records.patch b/audit-3.1-fanotify-records.patch
new file mode 100644
index 0000000..b3195b9
--- /dev/null
+++ b/audit-3.1-fanotify-records.patch
@@ -0,0 +1,122 @@
+From d1aec22f62b1cd95c16b26b67a9268ed27713f84 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Tue, 7 Feb 2023 10:32:11 -0500
+Subject: [PATCH] Add support for new FANOTIFY record fields
+
+---
+ ChangeLog              |  1 +
+ auparse/auparse-defs.h |  5 ++--
+ auparse/interpret.c    | 65 +++++++++++++++++++++++++++++++++++++++++-
+ auparse/typetab.h      |  4 +++
+ 4 files changed, 72 insertions(+), 3 deletions(-)
+
+diff --git a/auparse/auparse-defs.h b/auparse/auparse-defs.h
+index 7c0ac76..81a85a4 100644
+--- a/auparse/auparse-defs.h
++++ b/auparse/auparse-defs.h
+@@ -88,7 +88,8 @@ typedef enum {  AUPARSE_TYPE_UNCLASSIFIED,  AUPARSE_TYPE_UID, AUPARSE_TYPE_GID,
+ 	AUPARSE_TYPE_NETACTION, AUPARSE_TYPE_MACPROTO,
+ 	AUPARSE_TYPE_IOCTL_REQ, AUPARSE_TYPE_ESCAPED_KEY,
+ 	AUPARSE_TYPE_ESCAPED_FILE, AUPARSE_TYPE_FANOTIFY,
+-	AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE
++	AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE, AUPARSE_TYPE_TRUST,
++	AUPARSE_TYPE_FAN_TYPE, AUPARSE_TYPE_FAN_INFO
+ } auparse_type_t;
+ 
+ /* This type determines what escaping if any gets applied to interpreted fields */
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 373851f..f106056 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -2372,6 +2372,60 @@ static const char *print_openat2_resolve(const char *val)
+ 	return strdup(buf);
+ }
+ 
++static const char *print_trust(const char *val)
++{
++	const char *out;
++
++	if (strcmp(val, "0") == 0)
++		out = strdup("no");
++	else if (strcmp(val, "1") == 0)
++		out = strdup("yes");
++	else
++		out = strdup("unknown");
++
++	return out;
++}
++
++// fan_type always preceeds fan_info
++static int last_type = 2;
++static const char *print_fan_type(const char *val)
++{
++	const char *out;
++
++	if (strcmp(val, "0") == 0) {
++		out = strdup("none");
++		last_type = 0;
++	} else if (strcmp(val, "1") == 0) {
++		out = strdup("rule_info");
++		last_type = 1;
++	} else {
++		out = strdup("unknown");
++		last_type = 2;
++	}
++
++	return out;
++}
++
++static const char *print_fan_info(const char *val)
++{
++	const char *out;
++	if (last_type == 1) {
++		errno = 0;
++		unsigned long info = strtoul(val, NULL, 16);
++		if (errno) {
++			if (asprintf(&out, "conversion error(%s)", val) < 0)
++				out = NULL;
++			return out;
++		} else {
++			if (asprintf(&out, "%lu", info) < 0)
++				out = NULL;
++			return out;
++		}
++	} else
++		out = strdup(val);
++	return out;
++}
++
+ static const char *print_a0(const char *val, const idata *id)
+ {
+ 	char *out;
+@@ -3286,6 +3340,15 @@ unknown:
+ 		case AUPARSE_TYPE_RESOLVE:
+ 			out = print_openat2_resolve(id->val);
+ 			break;
++		case AUPARSE_TYPE_TRUST:
++			out = print_trust(id->val);
++			break;
++		case AUPARSE_TYPE_FAN_TYPE:
++			out = print_fan_type(id->val);
++			break;
++		case AUPARSE_TYPE_FAN_INFO:
++			out = print_fan_info(id->val);
++			break;
+ 		case AUPARSE_TYPE_MAC_LABEL:
+ 		case AUPARSE_TYPE_UNCLASSIFIED:
+ 		default:
+diff --git a/auparse/typetab.h b/auparse/typetab.h
+index 0e37d02..5c8fca8 100644
+--- a/auparse/typetab.h
++++ b/auparse/typetab.h
+@@ -145,3 +145,7 @@ _S(AUPARSE_TYPE_ESCAPED,	"sw"		)
+ _S(AUPARSE_TYPE_ESCAPED,	"root_dir"	)
+ _S(AUPARSE_TYPE_NLMCGRP,	"nl-mcgrp"	)
+ _S(AUPARSE_TYPE_RESOLVE,	"resolve"	)
++_S(AUPARSE_TYPE_TRUST,		"subj_trust"	)
++_S(AUPARSE_TYPE_TRUST,		"obj_trust"	)
++_S(AUPARSE_TYPE_FAN_TYPE,	"fan_type"	)
++_S(AUPARSE_TYPE_FAN_INFO,	"fan_info"	)
+-- 
+2.41.0
+
diff --git a/audit.spec b/audit.spec
index 60f96b8..2533d84 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,7 +2,7 @@
 Summary: User space tools for kernel auditing
 Name: audit
 Version: 3.0.7
-Release: 103%{?dist}
+Release: 104%{?dist}
 License: GPLv2+
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -15,6 +15,8 @@ Patch4: audit-3.0.8-drop-protecthome.patch
 Patch5: audit-3.0.8-flex-array-workaround.patch
 Patch6: audit-3.0.8-undo-flex-array.patch
 
+Patch7: audit-3.1-fanotify-records.patch
+
 BuildRequires: make gcc swig
 BuildRequires: openldap-devel
 BuildRequires: krb5-devel libcap-ng-devel
@@ -95,13 +97,15 @@ Management Facility) database, through an IBM Tivoli Directory Server
 %prep
 %setup -q
 cp %{SOURCE1} .
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
+%patch -P 4 -p1
 
 cp /usr/include/linux/audit.h lib/
-%patch5 -p1
+%patch -P 5 -p1
+
+%patch -P 7 -p1
 
 autoreconf -fv --install
 
@@ -278,6 +282,10 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
 
 %changelog
+* Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-104
+- Introduce new fanotify record fields
+Resolves: rhbz#2216666
+
 * Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
 - Drop ProtectHome from auditd.service as it interferes with rules
   Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0]