import audit-3.0.7-4.el8

2022-09-27 16:26:00 -04:00 · 2022-09-27 16:26:00 -04:00 · fa88729004
commit fa88729004
parent 86ff2b4470
3 changed files with 71 additions and 1 deletions
--- a/SOURCES/audit-3.0.8-auparse-path-norm.patch
+++ b/SOURCES/audit-3.0.8-auparse-path-norm.patch
@ -0,0 +1,31 @@
+From becc1c297279f757835943e2cad63992134511f9 Mon Sep 17 00:00:00 2001
+From: Sergio Correia <scorreia@redhat.com>
+Date: Mon, 7 Mar 2022 13:11:09 -0300
+Subject: [PATCH] auparse: fix off-by-one issue in path_norm() (#242)
+
+When defining dest = rpath + 1, we end up having the first char of
+`dest' as NULL -- since `rpath' points to `working', which is a static
+buffer.
+
+With the first char as NULL, path_norm() ends up producing an empty string.
+
+This commit fixes the issue reported in this [1] mailing list post.
+
+[1] https://listman.redhat.com/archives/linux-audit/2022-February/018844.html
+---
+ auparse/interpret.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index c8a0d96dd..df593c44c 100644
+--- a/auparse/interpret.c
+++ b/auparse/interpret.c
+@@ -895,7 +895,7 @@ static char *path_norm(const char *name)
+ 		return strdup(name);
+ 
+ 	rpath = working;
+-	dest = rpath + 1;
+	dest = rpath;
+ 	rpath_limit = rpath + PATH_MAX;
+ 
+ 	for (start = name; *start; start = end) {
--- a/SOURCES/audit-3.0.8-drop-protecthome.patch
+++ b/SOURCES/audit-3.0.8-drop-protecthome.patch
@ -0,0 +1,26 @@
+From c426507a501efde0367a09a81e917d1d10722b78 Mon Sep 17 00:00:00 2001
+From: Sergio Correia <scorreia@redhat.com>
+Date: Thu, 31 Mar 2022 15:00:57 -0300
+Subject: [PATCH] Drop ProtectHome from auditd.service as it interferes with
+ rules
+
+Upstream: https://github.com/linux-audit/audit-userspace/commit/12cf14ed
+---
+ init.d/auditd.service | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/init.d/auditd.service b/init.d/auditd.service
+index e801281..0a4c498 100644
+--- a/init.d/auditd.service
+++ b/init.d/auditd.service
+@@ -36,7 +36,6 @@ MemoryDenyWriteExecute=true
+ LockPersonality=true
+ ProtectControlGroups=true
+ ProtectKernelModules=true
+-ProtectHome=true
+ RestrictRealtime=true
+ 
+ [Install]
+-- 
+2.35.1
+
--- a/SPECS/audit.spec
+++ b/SPECS/audit.spec
@ -3,12 +3,15 @@
 Summary: User space tools for kernel auditing
 Name: audit
 Version: 3.0.7
-Release: 2%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt

+Patch1: audit-3.0.8-auparse-path-norm.patch
+Patch2: audit-3.0.8-drop-protecthome.patch
+
 BuildRequires: gcc swig make
 BuildRequires: openldap-devel
 BuildRequires: krb5-devel libcap-ng-devel
@ -83,6 +86,8 @@ Management Facility) database, through an IBM Tivoli Directory Server
 %prep
 %setup -q
 cp %{SOURCE1} .
+%patch1 -p1
+%patch2 -p1

 %build
 %configure --with-python=no \
@ -235,6 +240,14 @@ fi
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote

 %changelog
+* Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-4
+- Drop ProtectHome from auditd.service as it interferes with rules
+  Resolves: rhbz#2071727 - Default systemd service config blocks audit watch rules in some directories
+
+* Mon Mar 14 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-3
+- Fix path normalization in auparse
+  Resolves: rhbz#2062612 - auparse missing information when used with --format-text
+
 * Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-2
 - Adjust sample-rules dir permissions
  Resolves: rhbz#2054727 - /usr/share/audit/sample-rules is no longer readable by non-root users