diff --git a/0002-audit-3.0.6-time.patch b/0002-audit-3.0.6-time.patch new file mode 100644 index 0000000..37c564e --- /dev/null +++ b/0002-audit-3.0.6-time.patch @@ -0,0 +1,34 @@ +--- + auparse/auparse.c | 2 +- + src/ausearch-lol.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/auparse/auparse.c b/auparse/auparse.c +index cc7ba5c..75ad8e7 100644 +--- a/auparse/auparse.c ++++ b/auparse/auparse.c +@@ -1202,7 +1202,7 @@ static int extract_timestamp(const char *b, au_event_t *e) + // at this point we have type= + ptr = audit_strsplit(NULL); + // strlen is for fuzzers that make invalid lines +- if (ptr && strnlen(ptr, 28) > 24) { ++ if (ptr && strnlen(ptr, 20) > 18) { + if (*(ptr+9) == '(') + ptr+=9; + else +diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c +index bb596a2..4a7e5fd 100644 +--- a/src/ausearch-lol.c ++++ b/src/ausearch-lol.c +@@ -194,7 +194,7 @@ static int extract_timestamp(const char *b, event *e) + // Now should be pointing to msg= + ptr = audit_strsplit(NULL); + // strlen is for fuzzers that make invalid lines +- if (ptr && strlen(ptr) > 24) { ++ if (ptr && strnlen(ptr, 20) > 18) { + if (*(ptr+9) == '(') + ptr+=9; + else +-- +2.31.1 + diff --git a/audit.spec b/audit.spec index 31f0033..d3026b0 100644 --- a/audit.spec +++ b/audit.spec @@ -2,13 +2,14 @@ Summary: User space tools for kernel auditing Name: audit Version: 3.0.5 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Patch1: 0001-Add-ausysrulevalidate.patch +Patch2: 0002-audit-3.0.6-time.patch BuildRequires: make gcc swig BuildRequires: openldap-devel @@ -90,6 +91,7 @@ Management Facility) database, through an IBM Tivoli Directory Server %setup -q cp %{SOURCE1} . %patch1 -p1 +%patch2 -p1 # Remove the ids code, its not ready sed -i 's/ ids / /' audisp/plugins/Makefile.in @@ -254,6 +256,10 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Tue Aug 17 2021 Sergio Correia - 3.0.5-2 +- Fix timestamp parsing + Related: rhbz#1938680 + * Mon Aug 16 2021 Sergio Correia - 3.0.5-1 - New upstream release, 3.0.5 Related: rhbz#1938680