import CS audit-3.1.2-2.el9

2024-03-28 09:47:25 +00:00 · 2024-03-28 09:47:25 +00:00 · 6fcd224d96
commit 6fcd224d96
parent 51464ddeef
9 changed files with 19 additions and 339 deletions
--- a/.audit.metadata
+++ b/.audit.metadata
@ -1 +1 @@
-7c485e7c97eb25f7413eaf1dd3edb03ad0b2619f SOURCES/audit-3.0.7.tar.gz
+45cffb1ded9a57a79b33547f58228131d3eb14a6 SOURCES/audit-3.1.2.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/audit-3.0.7.tar.gz
+SOURCES/audit-3.1.2.tar.gz
--- a/SOURCES/audit-3.0.7-gcc-flags.patch
+++ b/SOURCES/audit-3.0.7-gcc-flags.patch
@ -1,77 +0,0 @@
 From 36beaefbb4ecb0a222ac68ec9f17f854a82f7235 Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Mon, 14 Feb 2022 15:30:09 -0500
 Subject: [PATCH] Adjust compile flags
 ---
 audisp/plugins/remote/Makefile.am |  2 +-
 auparse/Makefile.am               |  2 +-
 configure.ac                      | 15 +++++++++++++++
 src/Makefile.am                   |  2 +-
 4 files changed, 18 insertions(+), 3 deletions(-)
 diff --git a/audisp/plugins/remote/Makefile.am b/audisp/plugins/remote/Makefile.am
 index 217d477c5..1ac77ee8d 100644
 --- a/audisp/plugins/remote/Makefile.am
 +++ b/audisp/plugins/remote/Makefile.am
@@ -36,7 +36,7 @@ TESTS = $(check_PROGRAMS)
 audisp_remote_DEPENDENCIES = ${top_builddir}/common/libaucommon.la
 audisp_remote_SOURCES = audisp-remote.c remote-config.c queue.c
 -audisp_remote_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -Wundef
 +audisp_remote_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -Wundef ${WFLAGS}
 audisp_remote_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now
 audisp_remote_LDADD = $(CAPNG_LDADD) $(gss_libs) ${top_builddir}/common/libaucommon.la
 diff --git a/auparse/Makefile.am b/auparse/Makefile.am
 index b34b6c042..1eb5352cf 100644
 --- a/auparse/Makefile.am
 +++ b/auparse/Makefile.am
@@ -26,7 +26,7 @@ SUBDIRS = test
 EXTRA_DIST = expression-design.txt
 CLEANFILES = $(BUILT_SOURCES)
 CONFIG_CLEAN_FILES = *.loT *.rej *.orig
 -AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG} -Wno-pointer-sign -Wno-enum-compare -Wno-switch
 +AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG} -Wno-pointer-sign -Wno-enum-compare -Wno-switch ${WFLAGS}
 AM_CPPFLAGS = -I. -I${top_srcdir} -I${top_srcdir}/src -I${top_srcdir}/lib -I${top_srcdir}/common
 LIBS =
 diff --git a/configure.ac b/configure.ac
 index e40d41e14..e74fd7036 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -341,6 +341,21 @@ else
 fi
 ],WARNS="$ALLWARNS")
 +WFLAGS=""
 +AC_MSG_CHECKING(for -Wformat-truncation)
 +TMPCFLAGS="${CFLAGS}"
 +CFLAGS="${CFLAGS} -Wformat-truncation"
 +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[WFLAGS="-Wno-format-truncation"
 +	AC_MSG_RESULT(yes)],
 +	[AC_MSG_RESULT(no)])
 +CFLAGS="${TMPCFLAGS}"
 +CFLAGS="${CFLAGS} -Wunused-but-set-variable"
 +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[WFLAGS="${WFLAGS} -Wno-unused-but-set-variable"
 +	AC_MSG_RESULT(yes)],
 +	[AC_MSG_RESULT(no)])
 +CFLAGS="${TMPCFLAGS}"
 +AC_SUBST(WFLAGS)
 +
 withval=""
 AC_MSG_CHECKING(whether to include arm eabi processor support)
 AC_ARG_WITH(arm,
 diff --git a/src/Makefile.am b/src/Makefile.am
 index 9c68b42db..2bebf8d50 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
@@ -25,7 +25,7 @@ CONFIG_CLEAN_FILES = *.rej *.orig
 SUBDIRS = test
 AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src/libev -I${top_srcdir}/auparse -I${top_srcdir}/audisp -I${top_srcdir}/common
 sbin_PROGRAMS = auditd auditctl aureport ausearch autrace
 -AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign
 +AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign ${WFLAGS}
 noinst_HEADERS = auditd-config.h auditd-event.h auditd-listen.h ausearch-llist.h ausearch-options.h auditctl-llist.h aureport-options.h ausearch-parse.h aureport-scan.h ausearch-lookup.h ausearch-int.h auditd-dispatch.h ausearch-string.h ausearch-nvpair.h ausearch-common.h ausearch-avc.h ausearch-time.h ausearch-lol.h auditctl-listing.h ausearch-checkpt.h
 auditd_SOURCES = auditd.c auditd-event.c auditd-config.c auditd-reconfig.c auditd-sendmail.c auditd-dispatch.c
--- a/SOURCES/audit-3.0.8-auparse-path-norm.patch
+++ b/SOURCES/audit-3.0.8-auparse-path-norm.patch
@ -1,31 +0,0 @@
 From becc1c297279f757835943e2cad63992134511f9 Mon Sep 17 00:00:00 2001
 From: Sergio Correia <scorreia@redhat.com>
 Date: Mon, 7 Mar 2022 13:11:09 -0300
 Subject: [PATCH] auparse: fix off-by-one issue in path_norm() (#242)
 When defining dest = rpath + 1, we end up having the first char of
 `dest' as NULL -- since `rpath' points to `working', which is a static
 buffer.
 With the first char as NULL, path_norm() ends up producing an empty string.
 This commit fixes the issue reported in this [1] mailing list post.
 [1] https://listman.redhat.com/archives/linux-audit/2022-February/018844.html
 ---
 auparse/interpret.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/auparse/interpret.c b/auparse/interpret.c
 index c8a0d96dd..df593c44c 100644
 --- a/auparse/interpret.c
 +++ b/auparse/interpret.c
@@ -895,7 +895,7 @@ static char *path_norm(const char *name)
 		return strdup(name);
 	rpath = working;
 -	dest = rpath + 1;
 +	dest = rpath;
 	rpath_limit = rpath + PATH_MAX;
 	for (start = name; *start; start = end) {
--- a/SOURCES/audit-3.0.8-drop-protecthome.patch
+++ b/SOURCES/audit-3.0.8-drop-protecthome.patch
@ -1,26 +0,0 @@
 From c426507a501efde0367a09a81e917d1d10722b78 Mon Sep 17 00:00:00 2001
 From: Sergio Correia <scorreia@redhat.com>
 Date: Thu, 31 Mar 2022 15:00:57 -0300
 Subject: [PATCH] Drop ProtectHome from auditd.service as it interferes with
 rules
 Upstream: https://github.com/linux-audit/audit-userspace/commit/12cf14ed
 ---
 init.d/auditd.service | 1 -
 1 file changed, 1 deletion(-)
 diff --git a/init.d/auditd.service b/init.d/auditd.service
 index e801281..0a4c498 100644
 --- a/init.d/auditd.service
 +++ b/init.d/auditd.service
@@ -36,7 +36,6 @@ MemoryDenyWriteExecute=true
 LockPersonality=true
 ProtectControlGroups=true
 ProtectKernelModules=true
 -ProtectHome=true
 RestrictRealtime=true
 [Install]
 -- 
 2.35.1
--- a/SOURCES/audit-3.0.8-flex-array-workaround.patch
+++ b/SOURCES/audit-3.0.8-flex-array-workaround.patch
@ -1,39 +0,0 @@
 diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
 index 21aafca..8c48123 100644
 --- a/bindings/swig/src/auditswig.i
 +++ b/bindings/swig/src/auditswig.i
@@ -39,7 +39,7 @@ signed
 #define __attribute(X) /*nothing*/
 typedef unsigned __u32;
 typedef unsigned uid_t;
 -%include "/usr/include/linux/audit.h"
 +%include "../lib/audit.h"
 #define __extension__ /*nothing*/
 %include <stdint.i>
 %include "../lib/libaudit.h"
 diff --git a/lib/audit.h b/lib/audit.h
 index 51d7f2b..b2f306d 100644
 --- a/lib/audit.h
 +++ b/lib/audit.h
@@ -514,7 +514,7 @@ struct audit_rule_data {
 	__u32		values[AUDIT_MAX_FIELDS];
 	__u32		fieldflags[AUDIT_MAX_FIELDS];
 	__u32		buflen;	/* total length of string fields */
 -	char		buf[];	/* string fields buffer */
 +	char		buf[0];	/* string fields buffer */
 };
 #endif /* _LINUX_AUDIT_H_ */
 diff --git a/lib/libaudit.h b/lib/libaudit.h
 index 08b7d22..6b7408c 100644
 --- a/lib/libaudit.h
 +++ b/lib/libaudit.h
@@ -32,7 +32,7 @@ extern "C" {
 #include <stdint.h>
 #include <sys/socket.h>
 #include <linux/netlink.h>
 -#include <linux/audit.h>
 +#include "audit.h"
 #include <stdarg.h>
 #include <syslog.h>
--- a/SOURCES/audit-3.0.8-undo-flex-array.patch
+++ b/SOURCES/audit-3.0.8-undo-flex-array.patch
@ -1,13 +0,0 @@
 diff --git a/usr/include/libaudit.h b/usr/include/libaudit.h
 index 6b7408c..08b7d22 100644
 --- a/usr/include/libaudit.h
 +++ b/usr/include/libaudit.h
@@ -32,7 +32,7 @@ extern "C" {
 #include <stdint.h>
 #include <sys/socket.h>
 #include <linux/netlink.h>
 -#include "audit.h"
 +#include <linux/audit.h>
 #include <stdarg.h>
 #include <syslog.h>
--- a/SOURCES/audit-3.1-fanotify-records.patch
+++ b/SOURCES/audit-3.1-fanotify-records.patch
@ -1,122 +0,0 @@
 From d1aec22f62b1cd95c16b26b67a9268ed27713f84 Mon Sep 17 00:00:00 2001
 From: Steve Grubb <sgrubb@redhat.com>
 Date: Tue, 7 Feb 2023 10:32:11 -0500
 Subject: [PATCH] Add support for new FANOTIFY record fields
 ---
 ChangeLog              |  1 +
 auparse/auparse-defs.h |  5 ++--
 auparse/interpret.c    | 65 +++++++++++++++++++++++++++++++++++++++++-
 auparse/typetab.h      |  4 +++
 4 files changed, 72 insertions(+), 3 deletions(-)
 diff --git a/auparse/auparse-defs.h b/auparse/auparse-defs.h
 index 7c0ac76..81a85a4 100644
 --- a/auparse/auparse-defs.h
 +++ b/auparse/auparse-defs.h
@@ -88,7 +88,8 @@ typedef enum {  AUPARSE_TYPE_UNCLASSIFIED,  AUPARSE_TYPE_UID, AUPARSE_TYPE_GID,
 	AUPARSE_TYPE_NETACTION, AUPARSE_TYPE_MACPROTO,
 	AUPARSE_TYPE_IOCTL_REQ, AUPARSE_TYPE_ESCAPED_KEY,
 	AUPARSE_TYPE_ESCAPED_FILE, AUPARSE_TYPE_FANOTIFY,
 -	AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE
 +	AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE, AUPARSE_TYPE_TRUST,
 +	AUPARSE_TYPE_FAN_TYPE, AUPARSE_TYPE_FAN_INFO
 } auparse_type_t;
 /* This type determines what escaping if any gets applied to interpreted fields */
 diff --git a/auparse/interpret.c b/auparse/interpret.c
 index 373851f..f106056 100644
 --- a/auparse/interpret.c
 +++ b/auparse/interpret.c
@@ -2372,6 +2372,60 @@ static const char *print_openat2_resolve(const char *val)
 	return strdup(buf);
 }
 +static const char *print_trust(const char *val)
 +{
 +	const char *out;
 +
 +	if (strcmp(val, "0") == 0)
 +		out = strdup("no");
 +	else if (strcmp(val, "1") == 0)
 +		out = strdup("yes");
 +	else
 +		out = strdup("unknown");
 +
 +	return out;
 +}
 +
 +// fan_type always preceeds fan_info
 +static int last_type = 2;
 +static const char *print_fan_type(const char *val)
 +{
 +	const char *out;
 +
 +	if (strcmp(val, "0") == 0) {
 +		out = strdup("none");
 +		last_type = 0;
 +	} else if (strcmp(val, "1") == 0) {
 +		out = strdup("rule_info");
 +		last_type = 1;
 +	} else {
 +		out = strdup("unknown");
 +		last_type = 2;
 +	}
 +
 +	return out;
 +}
 +
 +static const char *print_fan_info(const char *val)
 +{
 +	const char *out;
 +	if (last_type == 1) {
 +		errno = 0;
 +		unsigned long info = strtoul(val, NULL, 16);
 +		if (errno) {
 +			if (asprintf(&out, "conversion error(%s)", val) < 0)
 +				out = NULL;
 +			return out;
 +		} else {
 +			if (asprintf(&out, "%lu", info) < 0)
 +				out = NULL;
 +			return out;
 +		}
 +	} else
 +		out = strdup(val);
 +	return out;
 +}
 +
 static const char *print_a0(const char *val, const idata *id)
 {
 	char *out;
@@ -3286,6 +3340,15 @@ unknown:
 		case AUPARSE_TYPE_RESOLVE:
 			out = print_openat2_resolve(id->val);
 			break;
 +		case AUPARSE_TYPE_TRUST:
 +			out = print_trust(id->val);
 +			break;
 +		case AUPARSE_TYPE_FAN_TYPE:
 +			out = print_fan_type(id->val);
 +			break;
 +		case AUPARSE_TYPE_FAN_INFO:
 +			out = print_fan_info(id->val);
 +			break;
 		case AUPARSE_TYPE_MAC_LABEL:
 		case AUPARSE_TYPE_UNCLASSIFIED:
 		default:
 diff --git a/auparse/typetab.h b/auparse/typetab.h
 index 0e37d02..5c8fca8 100644
 --- a/auparse/typetab.h
 +++ b/auparse/typetab.h
@@ -145,3 +145,7 @@ _S(AUPARSE_TYPE_ESCAPED,	"sw"		)
 _S(AUPARSE_TYPE_ESCAPED,	"root_dir"	)
 _S(AUPARSE_TYPE_NLMCGRP,	"nl-mcgrp"	)
 _S(AUPARSE_TYPE_RESOLVE,	"resolve"	)
 +_S(AUPARSE_TYPE_TRUST,		"subj_trust"	)
 +_S(AUPARSE_TYPE_TRUST,		"obj_trust"	)
 +_S(AUPARSE_TYPE_FAN_TYPE,	"fan_type"	)
 +_S(AUPARSE_TYPE_FAN_INFO,	"fan_info"	)
 -- 
 2.41.0
--- a/SPECS/audit.spec
+++ b/SPECS/audit.spec
@ -1,21 +1,14 @@
 Summary: User space tools for kernel auditing
 Name: audit
-Version: 3.0.7
+Version: 3.1.2
-Release: 104%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
 Patch1: 0001-Add-ausysrulevalidate.patch
 Patch2: audit-3.0.7-gcc-flags.patch
 Patch3: audit-3.0.8-auparse-path-norm.patch
 Patch4: audit-3.0.8-drop-protecthome.patch
 Patch5: audit-3.0.8-flex-array-workaround.patch
 Patch6: audit-3.0.8-undo-flex-array.patch
 Patch7: audit-3.1-fanotify-records.patch
 BuildRequires: make gcc swig
 BuildRequires: openldap-devel
@ -98,14 +91,6 @@ Management Facility) database, through an IBM Tivoli Directory Server
 %setup -q
 cp %{SOURCE1} .
 %patch -P 1 -p1
 %patch -P 2 -p1
 %patch -P 3 -p1
 %patch -P 4 -p1
 cp /usr/include/linux/audit.h lib/
 %patch -P 5 -p1
 %patch -P 7 -p1
 autoreconf -fv --install
@ -116,8 +101,8 @@ sed -i 's/ ids / /' audisp/plugins/Makefile.in
 %configure --with-python=no \
 	   --with-python3=yes \
 	   --enable-gssapi-krb5=yes --with-arm --with-aarch64 \
-	   --with-libcap-ng=yes --enable-zos-remote \
+	   --with-libcap-ng=yes --enable-zos-remote --without-golang \
-	   --enable-systemd --enable-experimental
+	   --enable-systemd --enable-experimental --with-io_uring
 make CFLAGS="%{optflags}" %{?_smp_mflags}
@ -134,6 +119,7 @@ make DESTDIR=$RPM_BUILD_ROOT install
 # Validate sample rules shipped.
 for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do
    PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \
    LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \
        %{_builddir}/%{name}-%{version}/contrib/ausysrulevalidate \
        --update --rules-file "${r}"
 done
@ -149,13 +135,6 @@ find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*.
 touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
 touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
 # undo the workaround
 cur=`pwd`
 cd $RPM_BUILD_ROOT
 patch -p1 < %{PATCH6}
 find . -name '*.orig' -delete
 cd $cur
 %check
 make check
 # Get rid of make files so that they don't get packaged.
@ -175,7 +154,6 @@ fi
 %systemd_post auditd.service
 %preun
 %systemd_preun auditd.service
 if [ $1 -eq 0 ]; then
    /sbin/service auditd stop > /dev/null 2>&1
 fi
@ -257,7 +235,6 @@ fi
 %ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules
 %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
 %files -n audispd-plugins
 %config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
@ -265,13 +242,16 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf
 %attr(750,root,root) %{_sbindir}/audisp-remote
 %attr(750,root,root) %{_sbindir}/audisp-syslog
 %attr(750,root,root) %{_sbindir}/audisp-af_unix
 %attr(750,root,root) %{_sbindir}/audisp-statsd
 %attr(700,root,root) %dir %{_var}/spool/audit
 %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz
 %files -n audispd-plugins-zos
@ -282,9 +262,17 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
 %changelog
 * Wed Nov 08 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-2
 - Remove %systemd_preun from %preun scriptlet, as it was causing troubles when removing audit
  Related: RHEL-14896
 * Fri Oct 27 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-1
 - New upstream release, 3.1.2
  Resolves: RHEL-14896
 * Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-104
 - Introduce new fanotify record fields
-Resolves: rhbz#2216666
+  Resolves: rhbz#2216666
 * Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103
 - Drop ProtectHome from auditd.service as it interferes with rules
`@ -1 +1 @@`
	`7c485e7c97eb25f7413eaf1dd3edb03ad0b2619f SOURCES/audit-3.0.7.tar.gz`	`45cffb1ded9a57a79b33547f58228131d3eb14a6 SOURCES/audit-3.1.2.tar.gz`
`@ -1 +1 @@`
	`SOURCES/audit-3.0.7.tar.gz`	`SOURCES/audit-3.1.2.tar.gz`