diff --git a/afunix-memleak.patch b/afunix-memleak.patch new file mode 100644 index 0000000..16b41b6 --- /dev/null +++ b/afunix-memleak.patch @@ -0,0 +1,12 @@ +diff --git a/audisp/plugins/af_unix/audisp-af_unix.c b/audisp/plugins/af_unix/audisp-af_unix.c +index 578533f52..e2e7dc7ef 100644 +--- a/audisp/plugins/af_unix/audisp-af_unix.c ++++ b/audisp/plugins/af_unix/audisp-af_unix.c +@@ -253,6 +253,7 @@ void read_audit_record(int ifd) + do { + rc = write(conn, str, str_len); + } while (rc < 0 && errno == EINTR); ++ free(str); + } else if (format == F_BINARY) { + struct iovec vec[2]; + diff --git a/audit.spec b/audit.spec index ca54644..38eabe1 100644 --- a/audit.spec +++ b/audit.spec @@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing Name: audit Version: 3.1.5 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz @@ -16,6 +16,10 @@ Patch5: disable-protectkernmelmodules.patch Patch6: remote-logging-ordering-cycle.patch Patch7: permtab-filter-unsupport.patch Patch8: auditctl-permtab.patch +Patch9: interpret-tty-data.patch +Patch10: tty-hostname.patch +Patch11: ausearch-DAEMON_END.patch +Patch12: afunix-memleak.patch BuildRequires: make gcc swig BuildRequires: openldap-devel @@ -106,6 +110,10 @@ cp %{SOURCE1} . %patch -P 6 -p1 %patch -P 7 -p1 %patch -P 8 -p1 +%patch -P 9 -p1 +%patch -P 10 -p1 +%patch -P 11 -p1 +%patch -P 12 -p1 autoreconf -fv --install @@ -294,6 +302,13 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Fri Mar 28 2025 Attila Lakatos - 3.1.5-5 +- ausearch: correct search for DAEMON related events +- allow hex digits when interpreting tty data + Resolves: RHEL-82279 +- Fix TTY hostname in log messages + Resolves: RHEL-78323 + * Tue Feb 11 2025 Attila Lakatos - 3.1.5-4 - auditctl: correct buffer in filter_supported_syscalls to avoid overflow Resolves: RHEL-59585 diff --git a/ausearch-DAEMON_END.patch b/ausearch-DAEMON_END.patch new file mode 100644 index 0000000..5f47bc9 --- /dev/null +++ b/ausearch-DAEMON_END.patch @@ -0,0 +1,15 @@ +diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c +index 7d9731842..e77fbf129 100644 +--- a/src/ausearch-parse.c ++++ b/src/ausearch-parse.c +@@ -1549,7 +1549,9 @@ static int parse_daemon1(const lnode *n, search_items *s) + + // uid - optional + if (event_uid != -1) { +- ptr = term; ++ // As the uid= field may happen in different orders, e.g. both before ++ // and after pid=, let us search for the uid from the beginning. ++ term = mptr; + str = strstr(term, " uid="); + if (str) { + ptr = str + 5; diff --git a/interpret-tty-data.patch b/interpret-tty-data.patch new file mode 100644 index 0000000..beeb98d --- /dev/null +++ b/interpret-tty-data.patch @@ -0,0 +1,13 @@ +diff --git a/auparse/interpret.c b/auparse/interpret.c +index ad949c90f..5c182ae69 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -331,7 +331,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode) + static int is_hex_string(const char *str) + { + while (*str) { +- if (!isdigit((unsigned char)*str)) ++ if (!isxdigit((unsigned char)*str)) + return 0; + str++; + } diff --git a/tty-hostname.patch b/tty-hostname.patch new file mode 100644 index 0000000..5c7055e --- /dev/null +++ b/tty-hostname.patch @@ -0,0 +1,14 @@ +diff --git a/lib/audit_logging.c b/lib/audit_logging.c +index f89a13bb0..70205b332 100644 +--- a/lib/audit_logging.c ++++ b/lib/audit_logging.c +@@ -243,7 +243,8 @@ static const char *_get_hostname(const char *ttyn) + { + if (ttyn && ((strncmp(ttyn, "pts", 3) == 0) || + (strncmp(ttyn, "tty", 3) == 0) || +- (strncmp(ttyn, "/dev/tty", 8) == 0) )) { ++ (strncmp(ttyn, "/dev/tty", 8) == 0) || ++ (strncmp(ttyn, "/dev/pts", 8) == 0) )) { + if (_host[0] == 0) { + gethostname(_host, HOSTLEN); + _host[HOSTLEN - 1] = 0;