audit: update to 3.0.1

Closes: #28447 [via git-merge-pr]
This commit is contained in:
Paper 2021-02-03 20:30:36 +01:00 committed by Érico Nogueira
parent 2376856b1e
commit 550a07b08b
5 changed files with 18 additions and 174 deletions

View file

@ -1,31 +0,0 @@
From c2544c220bb1b1045589ceae3dbb69f195b860e5 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 26 Mar 2019 09:18:00 -0400
Subject: [PATCH 1/2] Fix memleak in auparse caused by corrected event ordering
---
auparse/auparse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git auparse/auparse.c auparse/auparse.c
index 34aa90c..ecea88e 100644
--- auparse/auparse.c
+++ auparse/auparse.c
@@ -265,6 +265,14 @@ static event_list_t *au_get_ready_event(auparse_state_t *au, int is_test)
au_lolnode *ptr = lowest;
while (ptr->status == EBS_EMPTY && lol->maxi > 0) {
lol->maxi--;
+ if (ptr->l) {
+ aup_list_clear(ptr->l);
+ free(ptr->l);
+ ptr->l = NULL;
+ au->le = NULL; // this should crash
+ // usage of au->le
+ // until reset
+ }
ptr = &lol->array[lol->maxi];
}
}
--
2.24.0

View file

@ -1,41 +0,0 @@
From ce0debf94f93d787d3bed635952133b2a5ff3551 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 26 Mar 2019 17:24:37 -0400
Subject: [PATCH 2/2] Fix memleak in auparse caused by corrected event ordering
part 2
---
auparse/auparse.c | 17 -----------------
1 file changed, 17 deletions(-)
diff --git auparse/auparse.c auparse/auparse.c
index ecea88e..5318d25 100644
--- auparse/auparse.c
+++ auparse/auparse.c
@@ -259,23 +259,6 @@ static event_list_t *au_get_ready_event(auparse_state_t *au, int is_test)
if (lowest && lowest->status == EBS_COMPLETE) {
lowest->status = EBS_EMPTY;
au->au_ready--;
- // Try to consolidate the array so that we iterate
- // over a smaller portion next time
- if (lowest == &lol->array[lol->maxi]) {
- au_lolnode *ptr = lowest;
- while (ptr->status == EBS_EMPTY && lol->maxi > 0) {
- lol->maxi--;
- if (ptr->l) {
- aup_list_clear(ptr->l);
- free(ptr->l);
- ptr->l = NULL;
- au->le = NULL; // this should crash
- // usage of au->le
- // until reset
- }
- ptr = &lol->array[lol->maxi];
- }
- }
return lowest->l;
}
--
2.24.0

View file

@ -1,97 +0,0 @@
From d579a08bb1cde71f939c13ac6b2261052ae9f77e Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Tue, 26 Feb 2019 18:33:33 -0500
Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
diff --git auparse/auparse.c auparse/auparse.c
index 69127b7a..042ea2b0 100644
--- auparse/auparse.c
+++ auparse/auparse.c
@@ -1119,6 +1119,16 @@ static int str2event(char *s, au_event_t *e)
return 0;
}
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+ size_t len = strnlen(old, n);
+ char *tmp = alloca(len + 1);
+ tmp[len] = 0;
+ return memcpy(tmp, old, len);
+}
+#endif
+
/* Returns 0 on success and 1 on error */
static int extract_timestamp(const char *b, au_event_t *e)
{
diff --git auparse/interpret.c auparse/interpret.c
index 88523c6d..f19ee854 100644
--- auparse/interpret.c
+++ auparse/interpret.c
@@ -855,6 +855,13 @@ static const char *print_escaped_ext(const idata *id)
return print_escaped(id->val);
}
+// rawmemchr is faster. Let's use it if we have it.
+#ifdef HAVE_RAWMEMCHR
+#define STRCHR rawmemchr
+#else
+#define STRCHR strchr
+#endif
+
static const char *print_proctitle(const char *val)
{
char *out = (char *)print_escaped(val);
@@ -865,7 +872,7 @@ static const char *print_proctitle(const char *val)
// Proctitle has arguments separated by NUL bytes
// We need to write over the NUL bytes with a space
// so that we can see the arguments
- while ((ptr = rawmemchr(ptr, '\0'))) {
+ while ((ptr = STRCHR(ptr, '\0'))) {
if (ptr >= end)
break;
*ptr = ' ';
diff --git configure.ac configure.ac
index acd6d615..00658d4f 100644
--- configure.ac
+++ configure.ac
@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
AC_CHECK_FUNCS([posix_fallocate])
dnl; signalfd is needed for libev
AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
+dnl; check if rawmemchr is available
+AC_CHECK_FUNCS([rawmemchr])
+dnl; check if strndupa is available
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE(
+ [[
+ #define _GNU_SOURCE
+ #include <string.h>
+ int main() { (void) strndupa("test", 10); return 0; }]])],
+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
+ []
+)
ALLWARNS=""
ALLDEBUG="-g"
diff --git src/ausearch-lol.c src/ausearch-lol.c
index bebbcf4b..0babd517 100644
--- src/ausearch-lol.c
+++ src/ausearch-lol.c
@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
return 0;
}
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+ size_t len = strnlen(old, n);
+ char *tmp = alloca(len + 1);
+ tmp[len] = 0;
+ return memcpy(tmp, old, len);
+}
+#endif
+
/*
* This function will look at the line and pick out pieces of it.
*/

View file

@ -0,0 +1,13 @@
diff --git a/lib/test/lookup_test.c b/lib/test/lookup_test.c
index 03f40aa..7d17a90 100644
--- a/lib/test/lookup_test.c
+++ b/lib/test/lookup_test.c
@@ -48,6 +48,7 @@ gen_id(char *dest)
{
size_t i, len;
+ srand(300);
assert(S_LEN >= 2);
len = 1 + rand() % (S_LEN - 1);
assert('A' == 0x41 && 'a' == 0x61); /* ASCII */

View file

@ -1,7 +1,7 @@
# Template file for 'audit' # Template file for 'audit'
pkgname=audit pkgname=audit
version=2.8.5 version=3.0.1
revision=5 revision=1
build_style=gnu-configure build_style=gnu-configure
configure_args="--libdir=/usr/lib --enable-shared=audit --enable-gssapi-krb5 configure_args="--libdir=/usr/lib --enable-shared=audit --enable-gssapi-krb5
--with-apparmor --with-libcap-ng --with-python3" --with-apparmor --with-libcap-ng --with-python3"
@ -13,10 +13,10 @@ short_desc="Linux Security Auditing Framework"
maintainer="Cameron Nemo <cnemo@tutanota.com>" maintainer="Cameron Nemo <cnemo@tutanota.com>"
license="GPL-2.0-or-later, LGPL-2.0-or-later" license="GPL-2.0-or-later, LGPL-2.0-or-later"
homepage="https://people.redhat.com/sgrubb/audit" homepage="https://people.redhat.com/sgrubb/audit"
changelog="https://raw.githubusercontent.com/linux-audit/audit-userspace/master/ChangeLog"
distfiles="${homepage}/${pkgname}-${version}.tar.gz" distfiles="${homepage}/${pkgname}-${version}.tar.gz"
checksum=0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7 checksum=994c4250d8fd43f3087a3c2ce73461832e30f1e9b278bf5bb03c3e07091155a5
patch_args=-Np1
CFLAGS="-fcommon"
case "$XBPS_TARGET_MACHINE" in case "$XBPS_TARGET_MACHINE" in
*-musl) configure_args+=" --disable-zos-remote" ;; *-musl) configure_args+=" --disable-zos-remote" ;;