From 68bd3dbf949f7ea37d71c8624d53153746877df4 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 27 Sep 2023 12:41:46 +0000 Subject: [PATCH] import CS audit-3.0.7-5.el8 --- .../audit-3.0.8-flex-array-workaround.patch | 39 ++++++ SOURCES/audit-3.0.8-undo-flex-array.patch | 13 ++ SOURCES/audit-3.1-fanotify-records.patch | 122 ++++++++++++++++++ SPECS/audit.spec | 32 ++++- 4 files changed, 202 insertions(+), 4 deletions(-) create mode 100644 SOURCES/audit-3.0.8-flex-array-workaround.patch create mode 100644 SOURCES/audit-3.0.8-undo-flex-array.patch create mode 100644 SOURCES/audit-3.1-fanotify-records.patch diff --git a/SOURCES/audit-3.0.8-flex-array-workaround.patch b/SOURCES/audit-3.0.8-flex-array-workaround.patch new file mode 100644 index 0000000..e9bd391 --- /dev/null +++ b/SOURCES/audit-3.0.8-flex-array-workaround.patch @@ -0,0 +1,39 @@ +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i +index 21aafca..8c48123 100644 +--- a/bindings/swig/src/auditswig.i ++++ b/bindings/swig/src/auditswig.i +@@ -39,7 +39,7 @@ signed + #define __attribute(X) /*nothing*/ + typedef unsigned __u32; + typedef unsigned uid_t; +-%include "/usr/include/linux/audit.h" ++%include "../lib/audit.h" + #define __extension__ /*nothing*/ + %include + %include "../lib/libaudit.h" +diff --git a/lib/audit.h b/lib/audit.h +index 51d7f2b..b2f306d 100644 +--- a/lib/audit.h ++++ b/lib/audit.h +@@ -514,7 +514,7 @@ struct audit_rule_data { + __u32 values[AUDIT_MAX_FIELDS]; + __u32 fieldflags[AUDIT_MAX_FIELDS]; + __u32 buflen; /* total length of string fields */ +- char buf[]; /* string fields buffer */ ++ char buf[0]; /* string fields buffer */ + }; + + #endif /* _LINUX_AUDIT_H_ */ +diff --git a/lib/libaudit.h b/lib/libaudit.h +index 08b7d22..6b7408c 100644 +--- a/lib/libaudit.h ++++ b/lib/libaudit.h +@@ -32,7 +32,7 @@ extern "C" { + #include + #include + #include +-#include ++#include "audit.h" + #include + #include + diff --git a/SOURCES/audit-3.0.8-undo-flex-array.patch b/SOURCES/audit-3.0.8-undo-flex-array.patch new file mode 100644 index 0000000..917eaf3 --- /dev/null +++ b/SOURCES/audit-3.0.8-undo-flex-array.patch @@ -0,0 +1,13 @@ +diff --git a/usr/include/libaudit.h b/usr/include/libaudit.h +index 6b7408c..08b7d22 100644 +--- a/usr/include/libaudit.h ++++ b/usr/include/libaudit.h +@@ -32,7 +32,7 @@ extern "C" { + #include + #include + #include +-#include "audit.h" ++#include + #include + #include + diff --git a/SOURCES/audit-3.1-fanotify-records.patch b/SOURCES/audit-3.1-fanotify-records.patch new file mode 100644 index 0000000..b3195b9 --- /dev/null +++ b/SOURCES/audit-3.1-fanotify-records.patch @@ -0,0 +1,122 @@ +From d1aec22f62b1cd95c16b26b67a9268ed27713f84 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Tue, 7 Feb 2023 10:32:11 -0500 +Subject: [PATCH] Add support for new FANOTIFY record fields + +--- + ChangeLog | 1 + + auparse/auparse-defs.h | 5 ++-- + auparse/interpret.c | 65 +++++++++++++++++++++++++++++++++++++++++- + auparse/typetab.h | 4 +++ + 4 files changed, 72 insertions(+), 3 deletions(-) + +diff --git a/auparse/auparse-defs.h b/auparse/auparse-defs.h +index 7c0ac76..81a85a4 100644 +--- a/auparse/auparse-defs.h ++++ b/auparse/auparse-defs.h +@@ -88,7 +88,8 @@ typedef enum { AUPARSE_TYPE_UNCLASSIFIED, AUPARSE_TYPE_UID, AUPARSE_TYPE_GID, + AUPARSE_TYPE_NETACTION, AUPARSE_TYPE_MACPROTO, + AUPARSE_TYPE_IOCTL_REQ, AUPARSE_TYPE_ESCAPED_KEY, + AUPARSE_TYPE_ESCAPED_FILE, AUPARSE_TYPE_FANOTIFY, +- AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE ++ AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE, AUPARSE_TYPE_TRUST, ++ AUPARSE_TYPE_FAN_TYPE, AUPARSE_TYPE_FAN_INFO + } auparse_type_t; + + /* This type determines what escaping if any gets applied to interpreted fields */ +diff --git a/auparse/interpret.c b/auparse/interpret.c +index 373851f..f106056 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -2372,6 +2372,60 @@ static const char *print_openat2_resolve(const char *val) + return strdup(buf); + } + ++static const char *print_trust(const char *val) ++{ ++ const char *out; ++ ++ if (strcmp(val, "0") == 0) ++ out = strdup("no"); ++ else if (strcmp(val, "1") == 0) ++ out = strdup("yes"); ++ else ++ out = strdup("unknown"); ++ ++ return out; ++} ++ ++// fan_type always preceeds fan_info ++static int last_type = 2; ++static const char *print_fan_type(const char *val) ++{ ++ const char *out; ++ ++ if (strcmp(val, "0") == 0) { ++ out = strdup("none"); ++ last_type = 0; ++ } else if (strcmp(val, "1") == 0) { ++ out = strdup("rule_info"); ++ last_type = 1; ++ } else { ++ out = strdup("unknown"); ++ last_type = 2; ++ } ++ ++ return out; ++} ++ ++static const char *print_fan_info(const char *val) ++{ ++ const char *out; ++ if (last_type == 1) { ++ errno = 0; ++ unsigned long info = strtoul(val, NULL, 16); ++ if (errno) { ++ if (asprintf(&out, "conversion error(%s)", val) < 0) ++ out = NULL; ++ return out; ++ } else { ++ if (asprintf(&out, "%lu", info) < 0) ++ out = NULL; ++ return out; ++ } ++ } else ++ out = strdup(val); ++ return out; ++} ++ + static const char *print_a0(const char *val, const idata *id) + { + char *out; +@@ -3286,6 +3340,15 @@ unknown: + case AUPARSE_TYPE_RESOLVE: + out = print_openat2_resolve(id->val); + break; ++ case AUPARSE_TYPE_TRUST: ++ out = print_trust(id->val); ++ break; ++ case AUPARSE_TYPE_FAN_TYPE: ++ out = print_fan_type(id->val); ++ break; ++ case AUPARSE_TYPE_FAN_INFO: ++ out = print_fan_info(id->val); ++ break; + case AUPARSE_TYPE_MAC_LABEL: + case AUPARSE_TYPE_UNCLASSIFIED: + default: +diff --git a/auparse/typetab.h b/auparse/typetab.h +index 0e37d02..5c8fca8 100644 +--- a/auparse/typetab.h ++++ b/auparse/typetab.h +@@ -145,3 +145,7 @@ _S(AUPARSE_TYPE_ESCAPED, "sw" ) + _S(AUPARSE_TYPE_ESCAPED, "root_dir" ) + _S(AUPARSE_TYPE_NLMCGRP, "nl-mcgrp" ) + _S(AUPARSE_TYPE_RESOLVE, "resolve" ) ++_S(AUPARSE_TYPE_TRUST, "subj_trust" ) ++_S(AUPARSE_TYPE_TRUST, "obj_trust" ) ++_S(AUPARSE_TYPE_FAN_TYPE, "fan_type" ) ++_S(AUPARSE_TYPE_FAN_INFO, "fan_info" ) +-- +2.41.0 + diff --git a/SPECS/audit.spec b/SPECS/audit.spec index 9d3e94b..f5a44e9 100644 --- a/SPECS/audit.spec +++ b/SPECS/audit.spec @@ -3,7 +3,7 @@ Summary: User space tools for kernel auditing Name: audit Version: 3.0.7 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz @@ -11,12 +11,16 @@ Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Patch1: audit-3.0.8-auparse-path-norm.patch Patch2: audit-3.0.8-drop-protecthome.patch +Patch3: audit-3.1-fanotify-records.patch +Patch4: audit-3.0.8-flex-array-workaround.patch +Patch5: audit-3.0.8-undo-flex-array.patch BuildRequires: gcc swig make BuildRequires: openldap-devel BuildRequires: krb5-devel libcap-ng-devel BuildRequires: kernel-headers >= 2.6.29 BuildRequires: systemd +#BuildRequires: autoconf automake libtool Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires(post): systemd coreutils @@ -86,8 +90,15 @@ Management Facility) database, through an IBM Tivoli Directory Server %prep %setup -q cp %{SOURCE1} . -%patch1 -p1 -%patch2 -p1 + +#autoreconf -fv --install + +cp /usr/include/linux/audit.h lib/ + +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 +%patch -P 4 -p1 %build %configure --with-python=no \ @@ -112,12 +123,19 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a find $RPM_BUILD_ROOT -name '*.la' -delete -find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete +find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete || true # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz +# undo the workaround +cur=`pwd` +cd $RPM_BUILD_ROOT +patch -p1 < %{PATCH5} +find . -name '*.orig' -delete +cd $cur + %check make check # Get rid of make files so that they don't get packaged. @@ -240,6 +258,12 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Thu Jun 22 2023 Radovan Sroka - 3.0.7-5 +- Introduce new fanotify record fields +Resolves: rhbz#2216668 +- invalid use of flexible array member +Resolves: rhbz#2116867 + * Mon May 02 2022 Sergio Correia - 3.0.7-4 - Drop ProtectHome from auditd.service as it interferes with rules Resolves: rhbz#2071727 - Default systemd service config blocks audit watch rules in some directories