parent
2376856b1e
commit
550a07b08b
5 changed files with 18 additions and 174 deletions
|
@ -1,31 +0,0 @@
|
||||||
From c2544c220bb1b1045589ceae3dbb69f195b860e5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Steve Grubb <sgrubb@redhat.com>
|
|
||||||
Date: Tue, 26 Mar 2019 09:18:00 -0400
|
|
||||||
Subject: [PATCH 1/2] Fix memleak in auparse caused by corrected event ordering
|
|
||||||
|
|
||||||
---
|
|
||||||
auparse/auparse.c | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git auparse/auparse.c auparse/auparse.c
|
|
||||||
index 34aa90c..ecea88e 100644
|
|
||||||
--- auparse/auparse.c
|
|
||||||
+++ auparse/auparse.c
|
|
||||||
@@ -265,6 +265,14 @@ static event_list_t *au_get_ready_event(auparse_state_t *au, int is_test)
|
|
||||||
au_lolnode *ptr = lowest;
|
|
||||||
while (ptr->status == EBS_EMPTY && lol->maxi > 0) {
|
|
||||||
lol->maxi--;
|
|
||||||
+ if (ptr->l) {
|
|
||||||
+ aup_list_clear(ptr->l);
|
|
||||||
+ free(ptr->l);
|
|
||||||
+ ptr->l = NULL;
|
|
||||||
+ au->le = NULL; // this should crash
|
|
||||||
+ // usage of au->le
|
|
||||||
+ // until reset
|
|
||||||
+ }
|
|
||||||
ptr = &lol->array[lol->maxi];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.24.0
|
|
||||||
|
|
|
@ -1,41 +0,0 @@
|
||||||
From ce0debf94f93d787d3bed635952133b2a5ff3551 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Steve Grubb <sgrubb@redhat.com>
|
|
||||||
Date: Tue, 26 Mar 2019 17:24:37 -0400
|
|
||||||
Subject: [PATCH 2/2] Fix memleak in auparse caused by corrected event ordering
|
|
||||||
part 2
|
|
||||||
|
|
||||||
---
|
|
||||||
auparse/auparse.c | 17 -----------------
|
|
||||||
1 file changed, 17 deletions(-)
|
|
||||||
|
|
||||||
diff --git auparse/auparse.c auparse/auparse.c
|
|
||||||
index ecea88e..5318d25 100644
|
|
||||||
--- auparse/auparse.c
|
|
||||||
+++ auparse/auparse.c
|
|
||||||
@@ -259,23 +259,6 @@ static event_list_t *au_get_ready_event(auparse_state_t *au, int is_test)
|
|
||||||
if (lowest && lowest->status == EBS_COMPLETE) {
|
|
||||||
lowest->status = EBS_EMPTY;
|
|
||||||
au->au_ready--;
|
|
||||||
- // Try to consolidate the array so that we iterate
|
|
||||||
- // over a smaller portion next time
|
|
||||||
- if (lowest == &lol->array[lol->maxi]) {
|
|
||||||
- au_lolnode *ptr = lowest;
|
|
||||||
- while (ptr->status == EBS_EMPTY && lol->maxi > 0) {
|
|
||||||
- lol->maxi--;
|
|
||||||
- if (ptr->l) {
|
|
||||||
- aup_list_clear(ptr->l);
|
|
||||||
- free(ptr->l);
|
|
||||||
- ptr->l = NULL;
|
|
||||||
- au->le = NULL; // this should crash
|
|
||||||
- // usage of au->le
|
|
||||||
- // until reset
|
|
||||||
- }
|
|
||||||
- ptr = &lol->array[lol->maxi];
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
return lowest->l;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.24.0
|
|
||||||
|
|
|
@ -1,97 +0,0 @@
|
||||||
From d579a08bb1cde71f939c13ac6b2261052ae9f77e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Steve Grubb <sgrubb@redhat.com>
|
|
||||||
Date: Tue, 26 Feb 2019 18:33:33 -0500
|
|
||||||
Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
|
|
||||||
|
|
||||||
diff --git auparse/auparse.c auparse/auparse.c
|
|
||||||
index 69127b7a..042ea2b0 100644
|
|
||||||
--- auparse/auparse.c
|
|
||||||
+++ auparse/auparse.c
|
|
||||||
@@ -1119,6 +1119,16 @@ static int str2event(char *s, au_event_t *e)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifndef HAVE_STRNDUPA
|
|
||||||
+static inline char *strndupa(const char *old, size_t n)
|
|
||||||
+{
|
|
||||||
+ size_t len = strnlen(old, n);
|
|
||||||
+ char *tmp = alloca(len + 1);
|
|
||||||
+ tmp[len] = 0;
|
|
||||||
+ return memcpy(tmp, old, len);
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/* Returns 0 on success and 1 on error */
|
|
||||||
static int extract_timestamp(const char *b, au_event_t *e)
|
|
||||||
{
|
|
||||||
diff --git auparse/interpret.c auparse/interpret.c
|
|
||||||
index 88523c6d..f19ee854 100644
|
|
||||||
--- auparse/interpret.c
|
|
||||||
+++ auparse/interpret.c
|
|
||||||
@@ -855,6 +855,13 @@ static const char *print_escaped_ext(const idata *id)
|
|
||||||
return print_escaped(id->val);
|
|
||||||
}
|
|
||||||
|
|
||||||
+// rawmemchr is faster. Let's use it if we have it.
|
|
||||||
+#ifdef HAVE_RAWMEMCHR
|
|
||||||
+#define STRCHR rawmemchr
|
|
||||||
+#else
|
|
||||||
+#define STRCHR strchr
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static const char *print_proctitle(const char *val)
|
|
||||||
{
|
|
||||||
char *out = (char *)print_escaped(val);
|
|
||||||
@@ -865,7 +872,7 @@ static const char *print_proctitle(const char *val)
|
|
||||||
// Proctitle has arguments separated by NUL bytes
|
|
||||||
// We need to write over the NUL bytes with a space
|
|
||||||
// so that we can see the arguments
|
|
||||||
- while ((ptr = rawmemchr(ptr, '\0'))) {
|
|
||||||
+ while ((ptr = STRCHR(ptr, '\0'))) {
|
|
||||||
if (ptr >= end)
|
|
||||||
break;
|
|
||||||
*ptr = ' ';
|
|
||||||
diff --git configure.ac configure.ac
|
|
||||||
index acd6d615..00658d4f 100644
|
|
||||||
--- configure.ac
|
|
||||||
+++ configure.ac
|
|
||||||
@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
|
|
||||||
AC_CHECK_FUNCS([posix_fallocate])
|
|
||||||
dnl; signalfd is needed for libev
|
|
||||||
AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
|
|
||||||
+dnl; check if rawmemchr is available
|
|
||||||
+AC_CHECK_FUNCS([rawmemchr])
|
|
||||||
+dnl; check if strndupa is available
|
|
||||||
+AC_LINK_IFELSE(
|
|
||||||
+ [AC_LANG_SOURCE(
|
|
||||||
+ [[
|
|
||||||
+ #define _GNU_SOURCE
|
|
||||||
+ #include <string.h>
|
|
||||||
+ int main() { (void) strndupa("test", 10); return 0; }]])],
|
|
||||||
+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
|
|
||||||
+ []
|
|
||||||
+)
|
|
||||||
|
|
||||||
ALLWARNS=""
|
|
||||||
ALLDEBUG="-g"
|
|
||||||
diff --git src/ausearch-lol.c src/ausearch-lol.c
|
|
||||||
index bebbcf4b..0babd517 100644
|
|
||||||
--- src/ausearch-lol.c
|
|
||||||
+++ src/ausearch-lol.c
|
|
||||||
@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifndef HAVE_STRNDUPA
|
|
||||||
+static inline char *strndupa(const char *old, size_t n)
|
|
||||||
+{
|
|
||||||
+ size_t len = strnlen(old, n);
|
|
||||||
+ char *tmp = alloca(len + 1);
|
|
||||||
+ tmp[len] = 0;
|
|
||||||
+ return memcpy(tmp, old, len);
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* This function will look at the line and pick out pieces of it.
|
|
||||||
*/
|
|
13
srcpkgs/audit/patches/seed-random.patch
Normal file
13
srcpkgs/audit/patches/seed-random.patch
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
diff --git a/lib/test/lookup_test.c b/lib/test/lookup_test.c
|
||||||
|
index 03f40aa..7d17a90 100644
|
||||||
|
--- a/lib/test/lookup_test.c
|
||||||
|
+++ b/lib/test/lookup_test.c
|
||||||
|
@@ -48,6 +48,7 @@ gen_id(char *dest)
|
||||||
|
{
|
||||||
|
size_t i, len;
|
||||||
|
|
||||||
|
+ srand(300);
|
||||||
|
assert(S_LEN >= 2);
|
||||||
|
len = 1 + rand() % (S_LEN - 1);
|
||||||
|
assert('A' == 0x41 && 'a' == 0x61); /* ASCII */
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'audit'
|
# Template file for 'audit'
|
||||||
pkgname=audit
|
pkgname=audit
|
||||||
version=2.8.5
|
version=3.0.1
|
||||||
revision=5
|
revision=1
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--libdir=/usr/lib --enable-shared=audit --enable-gssapi-krb5
|
configure_args="--libdir=/usr/lib --enable-shared=audit --enable-gssapi-krb5
|
||||||
--with-apparmor --with-libcap-ng --with-python3"
|
--with-apparmor --with-libcap-ng --with-python3"
|
||||||
|
@ -13,10 +13,10 @@ short_desc="Linux Security Auditing Framework"
|
||||||
maintainer="Cameron Nemo <cnemo@tutanota.com>"
|
maintainer="Cameron Nemo <cnemo@tutanota.com>"
|
||||||
license="GPL-2.0-or-later, LGPL-2.0-or-later"
|
license="GPL-2.0-or-later, LGPL-2.0-or-later"
|
||||||
homepage="https://people.redhat.com/sgrubb/audit"
|
homepage="https://people.redhat.com/sgrubb/audit"
|
||||||
|
changelog="https://raw.githubusercontent.com/linux-audit/audit-userspace/master/ChangeLog"
|
||||||
distfiles="${homepage}/${pkgname}-${version}.tar.gz"
|
distfiles="${homepage}/${pkgname}-${version}.tar.gz"
|
||||||
checksum=0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7
|
checksum=994c4250d8fd43f3087a3c2ce73461832e30f1e9b278bf5bb03c3e07091155a5
|
||||||
|
patch_args=-Np1
|
||||||
CFLAGS="-fcommon"
|
|
||||||
|
|
||||||
case "$XBPS_TARGET_MACHINE" in
|
case "$XBPS_TARGET_MACHINE" in
|
||||||
*-musl) configure_args+=" --disable-zos-remote" ;;
|
*-musl) configure_args+=" --disable-zos-remote" ;;
|
||||||
|
|
Loading…
Reference in a new issue