From c0d7309b6212cc04210484247b51425b1bc1be09 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Tue, 5 Dec 2023 14:12:37 +0800 Subject: [PATCH 1/3] update to audit-3.0.7-5.src.rpm Signed-off-by: Zhao Hang --- audit-3.0.8-flex-array-workaround.patch | 39 ++++++++ audit-3.0.8-undo-flex-array.patch | 13 +++ audit-3.1-fanotify-records.patch | 122 ++++++++++++++++++++++++ audit.spec | 49 ++++++---- 4 files changed, 202 insertions(+), 21 deletions(-) create mode 100644 audit-3.0.8-flex-array-workaround.patch create mode 100644 audit-3.0.8-undo-flex-array.patch create mode 100644 audit-3.1-fanotify-records.patch diff --git a/audit-3.0.8-flex-array-workaround.patch b/audit-3.0.8-flex-array-workaround.patch new file mode 100644 index 0000000..e9bd391 --- /dev/null +++ b/audit-3.0.8-flex-array-workaround.patch @@ -0,0 +1,39 @@ +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i +index 21aafca..8c48123 100644 +--- a/bindings/swig/src/auditswig.i ++++ b/bindings/swig/src/auditswig.i +@@ -39,7 +39,7 @@ signed + #define __attribute(X) /*nothing*/ + typedef unsigned __u32; + typedef unsigned uid_t; +-%include "/usr/include/linux/audit.h" ++%include "../lib/audit.h" + #define __extension__ /*nothing*/ + %include + %include "../lib/libaudit.h" +diff --git a/lib/audit.h b/lib/audit.h +index 51d7f2b..b2f306d 100644 +--- a/lib/audit.h ++++ b/lib/audit.h +@@ -514,7 +514,7 @@ struct audit_rule_data { + __u32 values[AUDIT_MAX_FIELDS]; + __u32 fieldflags[AUDIT_MAX_FIELDS]; + __u32 buflen; /* total length of string fields */ +- char buf[]; /* string fields buffer */ ++ char buf[0]; /* string fields buffer */ + }; + + #endif /* _LINUX_AUDIT_H_ */ +diff --git a/lib/libaudit.h b/lib/libaudit.h +index 08b7d22..6b7408c 100644 +--- a/lib/libaudit.h ++++ b/lib/libaudit.h +@@ -32,7 +32,7 @@ extern "C" { + #include + #include + #include +-#include ++#include "audit.h" + #include + #include + diff --git a/audit-3.0.8-undo-flex-array.patch b/audit-3.0.8-undo-flex-array.patch new file mode 100644 index 0000000..917eaf3 --- /dev/null +++ b/audit-3.0.8-undo-flex-array.patch @@ -0,0 +1,13 @@ +diff --git a/usr/include/libaudit.h b/usr/include/libaudit.h +index 6b7408c..08b7d22 100644 +--- a/usr/include/libaudit.h ++++ b/usr/include/libaudit.h +@@ -32,7 +32,7 @@ extern "C" { + #include + #include + #include +-#include "audit.h" ++#include + #include + #include + diff --git a/audit-3.1-fanotify-records.patch b/audit-3.1-fanotify-records.patch new file mode 100644 index 0000000..b3195b9 --- /dev/null +++ b/audit-3.1-fanotify-records.patch @@ -0,0 +1,122 @@ +From d1aec22f62b1cd95c16b26b67a9268ed27713f84 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Tue, 7 Feb 2023 10:32:11 -0500 +Subject: [PATCH] Add support for new FANOTIFY record fields + +--- + ChangeLog | 1 + + auparse/auparse-defs.h | 5 ++-- + auparse/interpret.c | 65 +++++++++++++++++++++++++++++++++++++++++- + auparse/typetab.h | 4 +++ + 4 files changed, 72 insertions(+), 3 deletions(-) + +diff --git a/auparse/auparse-defs.h b/auparse/auparse-defs.h +index 7c0ac76..81a85a4 100644 +--- a/auparse/auparse-defs.h ++++ b/auparse/auparse-defs.h +@@ -88,7 +88,8 @@ typedef enum { AUPARSE_TYPE_UNCLASSIFIED, AUPARSE_TYPE_UID, AUPARSE_TYPE_GID, + AUPARSE_TYPE_NETACTION, AUPARSE_TYPE_MACPROTO, + AUPARSE_TYPE_IOCTL_REQ, AUPARSE_TYPE_ESCAPED_KEY, + AUPARSE_TYPE_ESCAPED_FILE, AUPARSE_TYPE_FANOTIFY, +- AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE ++ AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE, AUPARSE_TYPE_TRUST, ++ AUPARSE_TYPE_FAN_TYPE, AUPARSE_TYPE_FAN_INFO + } auparse_type_t; + + /* This type determines what escaping if any gets applied to interpreted fields */ +diff --git a/auparse/interpret.c b/auparse/interpret.c +index 373851f..f106056 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -2372,6 +2372,60 @@ static const char *print_openat2_resolve(const char *val) + return strdup(buf); + } + ++static const char *print_trust(const char *val) ++{ ++ const char *out; ++ ++ if (strcmp(val, "0") == 0) ++ out = strdup("no"); ++ else if (strcmp(val, "1") == 0) ++ out = strdup("yes"); ++ else ++ out = strdup("unknown"); ++ ++ return out; ++} ++ ++// fan_type always preceeds fan_info ++static int last_type = 2; ++static const char *print_fan_type(const char *val) ++{ ++ const char *out; ++ ++ if (strcmp(val, "0") == 0) { ++ out = strdup("none"); ++ last_type = 0; ++ } else if (strcmp(val, "1") == 0) { ++ out = strdup("rule_info"); ++ last_type = 1; ++ } else { ++ out = strdup("unknown"); ++ last_type = 2; ++ } ++ ++ return out; ++} ++ ++static const char *print_fan_info(const char *val) ++{ ++ const char *out; ++ if (last_type == 1) { ++ errno = 0; ++ unsigned long info = strtoul(val, NULL, 16); ++ if (errno) { ++ if (asprintf(&out, "conversion error(%s)", val) < 0) ++ out = NULL; ++ return out; ++ } else { ++ if (asprintf(&out, "%lu", info) < 0) ++ out = NULL; ++ return out; ++ } ++ } else ++ out = strdup(val); ++ return out; ++} ++ + static const char *print_a0(const char *val, const idata *id) + { + char *out; +@@ -3286,6 +3340,15 @@ unknown: + case AUPARSE_TYPE_RESOLVE: + out = print_openat2_resolve(id->val); + break; ++ case AUPARSE_TYPE_TRUST: ++ out = print_trust(id->val); ++ break; ++ case AUPARSE_TYPE_FAN_TYPE: ++ out = print_fan_type(id->val); ++ break; ++ case AUPARSE_TYPE_FAN_INFO: ++ out = print_fan_info(id->val); ++ break; + case AUPARSE_TYPE_MAC_LABEL: + case AUPARSE_TYPE_UNCLASSIFIED: + default: +diff --git a/auparse/typetab.h b/auparse/typetab.h +index 0e37d02..5c8fca8 100644 +--- a/auparse/typetab.h ++++ b/auparse/typetab.h +@@ -145,3 +145,7 @@ _S(AUPARSE_TYPE_ESCAPED, "sw" ) + _S(AUPARSE_TYPE_ESCAPED, "root_dir" ) + _S(AUPARSE_TYPE_NLMCGRP, "nl-mcgrp" ) + _S(AUPARSE_TYPE_RESOLVE, "resolve" ) ++_S(AUPARSE_TYPE_TRUST, "subj_trust" ) ++_S(AUPARSE_TYPE_TRUST, "obj_trust" ) ++_S(AUPARSE_TYPE_FAN_TYPE, "fan_type" ) ++_S(AUPARSE_TYPE_FAN_INFO, "fan_info" ) +-- +2.41.0 + diff --git a/audit.spec b/audit.spec index 7ee5bd8..f5a44e9 100644 --- a/audit.spec +++ b/audit.spec @@ -1,10 +1,9 @@ -%define anolis_release .0.1 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Summary: User space tools for kernel auditing Name: audit Version: 3.0.7 -Release: 4%{anolis_release}%{?dist} +Release: 5%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz @@ -12,20 +11,21 @@ Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Patch1: audit-3.0.8-auparse-path-norm.patch Patch2: audit-3.0.8-drop-protecthome.patch +Patch3: audit-3.1-fanotify-records.patch +Patch4: audit-3.0.8-flex-array-workaround.patch +Patch5: audit-3.0.8-undo-flex-array.patch BuildRequires: gcc swig make BuildRequires: openldap-devel BuildRequires: krb5-devel libcap-ng-devel BuildRequires: kernel-headers >= 2.6.29 BuildRequires: systemd +#BuildRequires: autoconf automake libtool Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires(post): systemd coreutils Requires(preun): systemd initscripts Requires(postun): systemd coreutils initscripts -Requires: glibc - -Provides: /sbin/auditd %description The audit package contains the user space utilities for @@ -87,19 +87,18 @@ incoming audit events, as they happen, to a configured z/OS SMF (Service Management Facility) database, through an IBM Tivoli Directory Server (ITDS) set for Remote Audit service. -%package doc -Summary: Documents for %{name} -BuildArch: noarch -Requires: %{name} = %{version}-%{release} - -%description doc -Doc pages for %{name}. - %prep %setup -q cp %{SOURCE1} . -%patch1 -p1 -%patch2 -p1 + +#autoreconf -fv --install + +cp /usr/include/linux/audit.h lib/ + +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 +%patch -P 4 -p1 %build %configure --with-python=no \ @@ -124,12 +123,19 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a find $RPM_BUILD_ROOT -name '*.la' -delete -find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete +find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete || true # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz +# undo the workaround +cur=`pwd` +cd $RPM_BUILD_ROOT +patch -p1 < %{PATCH5} +find . -name '*.orig' -delete +cd $cur + %check make check # Get rid of make files so that they don't get packaged. @@ -183,6 +189,7 @@ fi %attr(755,root,root) %{python3_sitearch}/* %files +%doc README ChangeLog init.d/auditd.cron %{!?_licensedir:%global license %%doc} %license COPYING %attr(755,root,root) %{_datadir}/%{name} @@ -250,12 +257,12 @@ fi %config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf %attr(750,root,root) %{_sbindir}/audispd-zos-remote -%files doc -%doc README ChangeLog init.d/auditd.cron - %changelog -* Fri Jul 21 2023 Bo Ren - 3.0.7-4.0.1 -- Add doc sub package +* Thu Jun 22 2023 Radovan Sroka - 3.0.7-5 +- Introduce new fanotify record fields +Resolves: rhbz#2216668 +- invalid use of flexible array member +Resolves: rhbz#2116867 * Mon May 02 2022 Sergio Correia - 3.0.7-4 - Drop ProtectHome from auditd.service as it interferes with rules -- Gitee From 04c4e0e53be817ce41644d48825e3c3a7ad738f2 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Mon, 25 Dec 2023 10:08:32 +0800 Subject: [PATCH 2/3] spec: remove unneeded modification Signed-off-by: Zhao Hang --- audit-3.0.8-flex-array-workaround.patch | 13 ------------- audit.spec | 6 +++++- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/audit-3.0.8-flex-array-workaround.patch b/audit-3.0.8-flex-array-workaround.patch index e9bd391..bb6f632 100644 --- a/audit-3.0.8-flex-array-workaround.patch +++ b/audit-3.0.8-flex-array-workaround.patch @@ -11,19 +11,6 @@ index 21aafca..8c48123 100644 #define __extension__ /*nothing*/ %include %include "../lib/libaudit.h" -diff --git a/lib/audit.h b/lib/audit.h -index 51d7f2b..b2f306d 100644 ---- a/lib/audit.h -+++ b/lib/audit.h -@@ -514,7 +514,7 @@ struct audit_rule_data { - __u32 values[AUDIT_MAX_FIELDS]; - __u32 fieldflags[AUDIT_MAX_FIELDS]; - __u32 buflen; /* total length of string fields */ -- char buf[]; /* string fields buffer */ -+ char buf[0]; /* string fields buffer */ - }; - - #endif /* _LINUX_AUDIT_H_ */ diff --git a/lib/libaudit.h b/lib/libaudit.h index 08b7d22..6b7408c 100644 --- a/lib/libaudit.h diff --git a/audit.spec b/audit.spec index f5a44e9..c132fcb 100644 --- a/audit.spec +++ b/audit.spec @@ -1,9 +1,10 @@ +%define anolis_release .0.1 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Summary: User space tools for kernel auditing Name: audit Version: 3.0.7 -Release: 5%{?dist} +Release: 5%{anolis_release}%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz @@ -258,6 +259,9 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Mon Dec 25 2023 Zhao Hang - 3.0.7-5.0.1 +- Remove unneeded modification + * Thu Jun 22 2023 Radovan Sroka - 3.0.7-5 - Introduce new fanotify record fields Resolves: rhbz#2216668 -- Gitee From f0724863e427885c4e537912a5eaa2f317b860d8 Mon Sep 17 00:00:00 2001 From: Bo Ren Date: Sat, 16 Jul 2022 11:50:59 +0800 Subject: [PATCH 3/3] spec: add doc sub package Signed-off-by: Bo Ren --- audit.spec | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/audit.spec b/audit.spec index c132fcb..251a66b 100644 --- a/audit.spec +++ b/audit.spec @@ -27,6 +27,9 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires(post): systemd coreutils Requires(preun): systemd initscripts Requires(postun): systemd coreutils initscripts +Requires: glibc + +Provides: /sbin/auditd %description The audit package contains the user space utilities for @@ -88,6 +91,14 @@ incoming audit events, as they happen, to a configured z/OS SMF (Service Management Facility) database, through an IBM Tivoli Directory Server (ITDS) set for Remote Audit service. +%package doc +Summary: Documents for %{name} +BuildArch: noarch +Requires: %{name} = %{version}-%{release} + +%description doc +Doc pages for %{name}. + %prep %setup -q cp %{SOURCE1} . @@ -190,7 +201,6 @@ fi %attr(755,root,root) %{python3_sitearch}/* %files -%doc README ChangeLog init.d/auditd.cron %{!?_licensedir:%global license %%doc} %license COPYING %attr(755,root,root) %{_datadir}/%{name} @@ -258,9 +268,13 @@ fi %config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf %attr(750,root,root) %{_sbindir}/audispd-zos-remote +%files doc +%doc README ChangeLog init.d/auditd.cron + %changelog * Mon Dec 25 2023 Zhao Hang - 3.0.7-5.0.1 - Remove unneeded modification +- Add doc sub package (Bo Ren) * Thu Jun 22 2023 Radovan Sroka - 3.0.7-5 - Introduce new fanotify record fields -- Gitee