diff --git a/audit-3.1.2.tar.gz b/audit-3.1.2.tar.gz deleted file mode 100644 index 3fcd3f92372652ab8711121afa1caf6a889ec525..0000000000000000000000000000000000000000 Binary files a/audit-3.1.2.tar.gz and /dev/null differ diff --git a/audit-3.1.5.tar.gz b/audit-3.1.5.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..8d29c74b262abc4b2505558f5a8590e1467041d4 Binary files /dev/null and b/audit-3.1.5.tar.gz differ diff --git a/audit.spec b/audit.spec index 8fb4bd6f462a67505d06040bcc4a8c060a1b5cec..ba1b36cf94191d0c24fdf0b2de92fbf98f3283b4 100644 --- a/audit.spec +++ b/audit.spec @@ -1,50 +1,17 @@ Summary: User space tools for kernel auditing Name: audit Epoch: 1 -Version: 3.1.2 -Release: 7 -License: GPLv2+ and LGPLv2+ +Version: 3.1.5 +Release: 1 +License: GPL-2.0-or-later AND LGPL-2.0-or-later URL: https://people.redhat.com/sgrubb/audit/ Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz -Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Patch0: bugfix-audit-support-armv7b.patch Patch1: bugfix-audit-userspace-missing-syscalls-for-aarm64.patch Patch2: bugfix-audit-reload-coredump.patch Patch3: audit-Add-sw64-architecture.patch -Patch4: backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch -Patch5: backport-Error-out-if-required-zos-parameters-missing.patch -Patch6: backport-Fix-deprecated-python-function.patch -Patch7: backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch -Patch8: backport-lib-enclose-macro-to-avoid-precedence-issues.patch -Patch9: backport-memory-allocation-updates-341.patch -Patch10: backport-lib-cast-to-unsigned-char-for-character-test-functio.patch -Patch11: backport-Make-session-id-consistently-typed-327.patch -Patch12: backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch -Patch13: backport-fix-the-use-of-isdigit-everywhere.patch -Patch14: backport-Fix-new-warnings-for-unused-results.patch -Patch15: backport-Change-the-first-iteration-test-so-static-analysis-b.patch -Patch16: backport-Consolidate-end-of-event-detection-to-a-common-funct.patch -Patch17: backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch -Patch18: backport-lib-avoid-UB-on-sequence-wrap-around-347.patch -Patch19: backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch -Patch20: backport-Cleanup-shell-script-warnings.patch -Patch21: backport-Solve-issue-363-by-moving-check-to-after-load_config.patch -Patch22: backport-first-part-of-NULL-pointer-checks.patch -Patch23: backport-second-part-of-NULL-pointer-checks.patch -Patch24: backport-last-part-of-NULL-pointer-checks.patch -Patch25: backport-Fixed-NULL-checks.patch -Patch26: backport-update-error-messages-in-NULL-Checks.patch -Patch27: backport-adding-the-file-descriptor-closure.patch -Patch28: backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch -Patch29: backport-Use-atomic_int-if-available-for-signal-related-flags.patch -Patch30: backport-Use-atomic_uint-if-available-for-signal-related-flag.patch -Patch31: backport-avoiding-of-NULL-pointers-dereference-366.patch -Patch32: backport-Cleanup-code-in-LRU.patch -Patch33: backport-Fix-memory-leaks.patch -Patch34: backport-fix-one-more-leak.patch -Patch35: backport-Correct-output-when-displaying-rules-with-exe-path-d.patch -Patch36: backport-ausearch-format-Fix-display-of-renamed-file-411.patch +Patch4: backport-ausearch-format-Fix-display-of-renamed-file-411.patch BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: openldap-devel krb5-devel libcap-ng-devel @@ -64,7 +31,7 @@ kernels. %package libs Summary: Dynamic library for libaudit -License: LGPLv2+ +License: LGPL-2.0-or-later %description libs The audit-libs package contains the dynamic libraries needed for @@ -72,7 +39,7 @@ applications to use the audit framework. %package -n audispd-plugins Summary: Plugins for audit event dispatcher -License: GPLv2+ +License: GPL-2.0-or-later Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name}-libs = %{epoch}:%{version}-%{release} @@ -81,7 +48,7 @@ This package provides plugins for the real-time interface to audispd. %package -n audispd-plugins-zos Summary: z/OS plugin for audit event dispatcher -License: GPLv2+ +License: GPL-2.0-or-later Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: openldap @@ -93,7 +60,7 @@ database. %package devel Summary: Header files for libaudit -License: LGPLv2+ +License: LGPL-2.0-or-later Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Requires: kernel-headers >= 2.6.29 Provides: audit-libs-devel audit-libs-static @@ -104,7 +71,7 @@ applications that need to use the audit framework libraries. %package -n python3-audit Summary: Python3 bindings for libaudit -License: LGPLv2+ +License: LGPL-2.0-or-later BuildRequires: python3-devel Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Provides: audit-libs-python3 = %{version}-%{release} @@ -119,11 +86,10 @@ libauparse can be used by python3. %prep %autosetup -n %{name}-%{version} -p1 -cp %{SOURCE1} . cp /usr/include/linux/audit.h lib/ -autoreconf -f -i %build +autoreconf -fi %configure --sbindir=/sbin --libdir=/%{_lib} --with-python=no \ --with-python3=yes \ --enable-gssapi-krb5=yes --with-arm --with-aarch64 \ @@ -133,7 +99,7 @@ autoreconf -f -i %endif --enable-systemd -make CC=%{__cc} CFLAGS="%{optflags}" %{?_smp_mflags} +%make_build %install mkdir -p $RPM_BUILD_ROOT/{sbin,etc/audit/plugins.d,etc/audit/rules.d} @@ -142,7 +108,7 @@ mkdir -p $RPM_BUILD_ROOT/%{_lib} mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit -make DESTDIR=$RPM_BUILD_ROOT install +%make_install mkdir -p $RPM_BUILD_ROOT/%{_libdir} mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir} @@ -162,7 +128,7 @@ find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*. mv $RPM_BUILD_ROOT/%{_lib}/pkgconfig $RPM_BUILD_ROOT%{_libdir} touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf -touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz +touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5 cur=`pwd` cd $RPM_BUILD_ROOT @@ -172,7 +138,7 @@ cd $cur %delete_la %check -make check +%make_build check rm -f rules/Makefile* %pre @@ -200,7 +166,6 @@ if [ -d "/etc/audisp/" ];then fi %post -/sbin/ldconfig files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` if [ "$files" -eq 0 ] ; then if [ -e /usr/share/doc/audit/rules/10-no-audit.rules ] ; then @@ -296,15 +261,13 @@ if [ $1 -eq 0 ]; then fi %postun -/sbin/ldconfig if [ $1 -ge 1 ]; then /sbin/service auditd condrestart > /dev/null 2>&1 || : fi %files %doc README -%{!?_licensedir:%global license %%doc} -%license COPYING lgpl-2.1.txt +%license COPYING COPYING.LIB %attr(755,root,root) /sbin/auditctl %attr(755,root,root) /sbin/auditd %attr(755,root,root) /sbin/ausearch @@ -355,10 +318,8 @@ fi %attr(750,root,root) /sbin/audispd-zos-remote %files devel -%defattr(-,root,root) %doc contrib/plugin -%{!?_licensedir:%global license %%doc} -%license lgpl-2.1.txt +%license COPYING.LIB %{_libdir}/libaudit.so %{_libdir}/libauparse.so %ifarch %{golang_arches} @@ -378,22 +339,21 @@ fi %attr(755,root,root) %{python3_sitearch}/* %files help -%defattr(-,root,root) %doc ChangeLog rules init.d/auditd.cron -%attr(644,root,root) %{_datadir}/%{name}/sample-rules/* -%attr(644,root,root) %{_mandir}/man3/*.3.gz -%attr(644,root,root) %{_mandir}/man5/*.5.gz -%attr(644,root,root) %{_mandir}/man7/*.7.gz -%attr(644,root,root) %{_mandir}/man8/*.8.gz +%{_datadir}/%{name}/sample-rules/* +%{_mandir}/man?/* %changelog +* Wed Dec 25 2024 Funda Wang - 1:3.1.5-1 +- update to 3.1.5 + * Wed Dec 11 2024 wangjiang - 1:3.1.2-7 - backport patches to fix bug -* Sat Aug 24 2024 xuraoqing - 1:3.1.2-6 +* Sat Aug 24 2024 xuraoqing - 1:3.1.2-6 - backport patches to fix bug -* Wed Jul 17 2024 xuraoqing - 1:3.1.2-5 +* Wed Jul 17 2024 xuraoqing - 1:3.1.2-5 - backport patches to fix bugs * Thu Jun 06 2024 fuanan - 1:3.1.2-4 diff --git a/audit.yaml b/audit.yaml index 5f2d821ed84489f6963b60def035e23720faec15..03dee9074b122155bfce9e6c8d6318f6a81a7728 100644 --- a/audit.yaml +++ b/audit.yaml @@ -1,4 +1,4 @@ version_control: github src_repo: linux-audit/audit-userspace tag_prefix: ^v -seperator: . +separator: . diff --git a/backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch b/backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch deleted file mode 100644 index afaebfee169437897bf6807bc72737f47c5ac7a8..0000000000000000000000000000000000000000 --- a/backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 2663987c5088924bce510fcf8e7891d6aae976ba Mon Sep 17 00:00:00 2001 -From: cgzones -Date: Sat, 4 Nov 2023 03:48:39 +0100 -Subject: [PATCH] Avoid file descriptor leaks in multi-threaded applications - (#339) - -* lib: set close-on-exec flag - -libaudit may be called from a multi-threaded application. -Avoid leaking local file descriptors on a concurrent execve. - -* lib: simplify SOCK_CLOEXEC - -SOCK_CLOEXEC is supported since Linux 2.6.27. - -Reference:https://github.com/linux-audit/audit-userspace/commit/2663987c5088924bce510fcf8e7891d6aae976ba -Conflict:lib/audit_logging.c,lib/netlink.c,lib/libaudit.c - ---- - lib/audit_logging.c | 2 +- - lib/libaudit.c | 14 +++++++------- - lib/netlink.c | 12 +----------- - 3 files changed, 9 insertions(+), 19 deletions(-) - -diff --git a/lib/audit_logging.c b/lib/audit_logging.c -index 302c242..08b53aa 100644 ---- a/lib/audit_logging.c -+++ b/lib/audit_logging.c -@@ -177,7 +177,7 @@ static char *_get_commname(const char *comm, char *commname, unsigned int size) - - if (comm == NULL) { - int len; -- int fd = open("/proc/self/comm", O_RDONLY); -+ int fd = open("/proc/self/comm", O_RDONLY|O_CLOEXEC); - if (fd < 0) { - strcpy(commname, "\"?\""); - return commname; -diff --git a/lib/libaudit.c b/lib/libaudit.c -index 2cc7afd..74fa2f3 100644 ---- a/lib/libaudit.c -+++ b/lib/libaudit.c -@@ -221,7 +221,7 @@ static int load_libaudit_config(const char *path) - char buf[128]; - - /* open the file */ -- rc = open(path, O_NOFOLLOW|O_RDONLY); -+ rc = open(path, O_NOFOLLOW|O_RDONLY|O_CLOEXEC); - if (rc < 0) { - if (errno != ENOENT) { - audit_msg(LOG_ERR, "Error opening %s (%s)", -@@ -261,7 +261,7 @@ static int load_libaudit_config(const char *path) - } - - /* it's ok, read line by line */ -- f = fdopen(fd, "rm"); -+ f = fdopen(fd, "rme"); - if (f == NULL) { - audit_msg(LOG_ERR, "Error - fdopen failed (%s)", - strerror(errno)); -@@ -705,7 +705,7 @@ char *audit_format_signal_info(char *buf, int len, char *op, - char path[32], ses[16]; - int rlen; - snprintf(path, sizeof(path), "/proc/%u", rep->signal_info->pid); -- int fd = open(path, O_RDONLY); -+ int fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC); - if (fd >= 0) { - if (fstat(fd, &sb) < 0) - sb.st_uid = -1; -@@ -714,7 +714,7 @@ char *audit_format_signal_info(char *buf, int len, char *op, - sb.st_uid = -1; - snprintf(path, sizeof(path), "/proc/%u/sessionid", - rep->signal_info->pid); -- fd = open(path, O_RDONLY, rep->signal_info->pid); -+ fd = open(path, O_RDONLY|O_CLOEXEC, rep->signal_info->pid); - if (fd < 0) - strcpy(ses, "4294967295"); - else { -@@ -918,7 +918,7 @@ uid_t audit_getloginuid(void) - char buf[16]; - - errno = 0; -- in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY); -+ in = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC); - if (in < 0) - return -1; - do { -@@ -946,7 +946,7 @@ int audit_setloginuid(uid_t uid) - - errno = 0; - count = snprintf(loginuid, sizeof(loginuid), "%u", uid); -- o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); -+ o = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC|O_CLOEXEC); - if (o >= 0) { - int block, offset = 0; - -@@ -982,7 +982,7 @@ uint32_t audit_get_session(void) - char buf[16]; - - errno = 0; -- in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY); -+ in = open("/proc/self/sessionid", O_NOFOLLOW|O_RDONLY|O_CLOEXEC); - if (in < 0) - return -2; - do { -diff --git a/lib/netlink.c b/lib/netlink.c -index 66a1e7c..f862da4 100644 ---- a/lib/netlink.c -+++ b/lib/netlink.c -@@ -47,7 +47,7 @@ static int check_ack(int fd); - int audit_open(void) - { - int saved_errno; -- int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT); -+ int fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_AUDIT); - - if (fd < 0) { - saved_errno = errno; -@@ -60,16 +60,6 @@ int audit_open(void) - "Error opening audit netlink socket (%s)", - strerror(errno)); - errno = saved_errno; -- return fd; -- } -- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { -- saved_errno = errno; -- audit_msg(LOG_ERR, -- "Error setting audit netlink socket CLOEXEC flag (%s)", -- strerror(errno)); -- close(fd); -- errno = saved_errno; -- return -1; - } - return fd; - } --- -2.33.0 - diff --git a/backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch b/backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch deleted file mode 100644 index 3f21a1159f4203211fc17a8fb0992d2c3fe424ed..0000000000000000000000000000000000000000 --- a/backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch +++ /dev/null @@ -1,30 +0,0 @@ -From cd7599210fe398360ddb81c0c2453a085d408089 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Mon, 19 Feb 2024 10:50:42 -0500 -Subject: [PATCH] Change python bindings to switch from PyEval_CallObject on - 3.12 and later to silence warning - - -Reference:https://github.com/linux-audit/audit-userspace/commit/cd7599210fe398360ddb81c0c2453a085d408089 -Conflict:NA - ---- - bindings/python/auparse_python.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c -index 99d37cca..9ab919b3 100644 ---- a/bindings/python/auparse_python.c -+++ b/bindings/python/auparse_python.c -@@ -290,7 +290,7 @@ static void auparse_callback(auparse_state_t *au, - if (debug) printf("<< auparse_callback\n"); - arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type, - cb->user_data); --#if PY_MINOR_VERSION >= 13 -+#if PY_MINOR_VERSION >= 12 - result = PyObject_CallObject(cb->func, arglist); - #else - result = PyEval_CallObject(cb->func, arglist); --- -2.33.0 - diff --git a/backport-Change-the-first-iteration-test-so-static-analysis-b.patch b/backport-Change-the-first-iteration-test-so-static-analysis-b.patch deleted file mode 100644 index bf5a1931ca8d8578e0898714eff53172ff6c0499..0000000000000000000000000000000000000000 --- a/backport-Change-the-first-iteration-test-so-static-analysis-b.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b84b007cd0ef504e8c86b8cc73646f3119ed343c Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Wed, 29 Nov 2023 15:49:21 -0500 -Subject: [PATCH] Change the first iteration test so static analysis better - understands the code - -Reference:https://github.com/linux-audit/audit-userspace/commit/b84b007cd0ef504e8c86b8cc73646f3119ed343c -Conflict:NA - ---- - tools/aulast/aulast-llist.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/tools/aulast/aulast-llist.c b/tools/aulast/aulast-llist.c -index 87638ebc..d7765ba4 100644 ---- a/tools/aulast/aulast-llist.c -+++ b/tools/aulast/aulast-llist.c -@@ -140,11 +140,15 @@ int list_update_logout(llist* l, time_t t, unsigned long serial) - lnode *list_delete_cur(llist *l) - { - register lnode *cur, *prev; -- -- prev = cur = l->head; /* start at the beginning */ -+ -+ if (l == NULL || l->head == NULL) -+ return NULL; -+ -+ prev = cur = l->head; /* start at the beginning */ - while (cur) { - if (cur == l->cur) { -- if (cur == prev && cur == l->head) { -+ // If the first iteration -+ if (prev == l->head && cur == l->head) { - l->head = cur->next; - l->cur = cur->next; - free((void *)cur->name); --- -2.33.0 - diff --git a/backport-Cleanup-code-in-LRU.patch b/backport-Cleanup-code-in-LRU.patch deleted file mode 100644 index ffd5ce2eda5364842a486ba39cf161ae6f867dde..0000000000000000000000000000000000000000 --- a/backport-Cleanup-code-in-LRU.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 4939b8541322cbf3a53affc28e71ce53d92f121f Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Fri, 3 May 2024 17:50:35 -0400 -Subject: [PATCH] Cleanup code in LRU - -Dont dereference anything until after checking if the queue is not empty. -Also, leave a note disputing static analysis thinking there is a use after -free destroying the queue. - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/4939b8541322cbf3a53affc28e71ce53d92f121f - ---- - auparse/lru.c | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/auparse/lru.c b/auparse/lru.c -index 05c4088d..f30bcf41 100644 ---- a/auparse/lru.c -+++ b/auparse/lru.c -@@ -116,6 +116,11 @@ static void destroy_queue(Queue *queue) - dump_queue_stats(queue); - #endif - -+ // Some static analysis scanners try to flag this as a use after -+ // free accessing queue->end. This is a false positive. It is freed. -+ // However, static analysis apps are incapable of seeing that in -+ // remove_node, end is updated to a prior node as part of detaching -+ // the current end node. - while (queue->count) - dequeue(queue); - -@@ -252,34 +257,33 @@ out: - sanity_check_queue(queue, "2 remove_node"); - } - --// Remove from the end of the queue -+// Remove from the end of the queue - static void dequeue(Queue *queue) - { -- QNode *temp = queue->end; -- - if (queue_is_empty(queue)) - return; - -+ QNode *temp = queue->end; - remove_node(queue, queue->end); - - // if (queue->cleanup) - // queue->cleanup(temp->str); - free(temp->str); - free(temp); -- -+ - // decrement the total of full slots by 1 - queue->count--; - } -- -+ - // Remove front of the queue because its a mismatch - void lru_evict(Queue *queue, unsigned int key) - { -+ if (queue_is_empty(queue)) -+ return; -+ - Hash *hash = queue->hash; - QNode *temp = queue->front; - -- if (queue_is_empty(queue)) -- return; -- - hash->array[key] = NULL; - remove_node(queue, queue->front); - --- -2.33.0 - diff --git a/backport-Cleanup-shell-script-warnings.patch b/backport-Cleanup-shell-script-warnings.patch deleted file mode 100644 index e56ecfdf9cd311052a3898741add57386df96967..0000000000000000000000000000000000000000 --- a/backport-Cleanup-shell-script-warnings.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 79c1212ff38254a961c27d8eb10bc766e412ffe9 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Fri, 23 Feb 2024 12:26:05 -0500 -Subject: [PATCH] Cleanup shell script warnings - -Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9 -Conflict:NA - ---- - init.d/auditd.reload | 2 +- - init.d/auditd.resume | 2 +- - init.d/auditd.rotate | 2 +- - init.d/auditd.state | 6 +++--- - init.d/auditd.stop | 2 +- - init.d/augenrules | 2 +- - 6 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/init.d/auditd.reload b/init.d/auditd.reload -index 53ff2f4..4f09d00 100644 ---- a/init.d/auditd.reload -+++ b/init.d/auditd.reload -@@ -3,7 +3,7 @@ - # directly supported by systemd - - # Check that we are root ... so non-root users stop here --test $(id -u) = 0 || exit 4 -+test "$(id -u)" = "0" || exit 4 - - printf "Reconfiguring: " - /sbin/augenrules --load -diff --git a/init.d/auditd.resume b/init.d/auditd.resume -index 96189eb..8193bea 100644 ---- a/init.d/auditd.resume -+++ b/init.d/auditd.resume -@@ -3,7 +3,7 @@ - # directly supported by systemd - - # Check that we are root ... so non-root users stop here --test $(id -u) = 0 || exit 4 -+test "$(id -u)" = "0" || exit 4 - - printf "Resuming logging: " - /sbin/auditctl --signal resume -diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate -index dcb12c2..8bb6553 100644 ---- a/init.d/auditd.rotate -+++ b/init.d/auditd.rotate -@@ -3,7 +3,7 @@ - # directly supported by systemd - - # Check that we are root ... so non-root users stop here --test $(id -u) = 0 || exit 4 -+test "$(id -u)" = "0" || exit 4 - - printf "Rotating logs: " - /sbin/auditctl --signal rotate -diff --git a/init.d/auditd.state b/init.d/auditd.state -index 6ae0845..c59fe5a 100644 ---- a/init.d/auditd.state -+++ b/init.d/auditd.state -@@ -3,7 +3,7 @@ - # directly supported by systemd - - # Check that we are root ... so non-root users stop here --test $(id -u) = 0 || exit 4 -+test "$(id -u)" = "0" || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin - state_file="/var/run/auditd.state" -@@ -11,10 +11,10 @@ state_file="/var/run/auditd.state" - printf "Getting auditd internal state: " - /sbin/auditctl --signal state - RETVAL=$? --echo -e "\n" - sleep 1 --if [ $? -eq 0 ] ; then -+if [ $RETVAL -eq 0 ] ; then - if [ -e $state_file ] ; then -+ printf "\n\n" - cat $state_file - fi - fi -diff --git a/init.d/auditd.stop b/init.d/auditd.stop -index 5049285..41c67d6 100644 ---- a/init.d/auditd.stop -+++ b/init.d/auditd.stop -@@ -3,7 +3,7 @@ - # directly supported by systemd - - # Check that we are root ... so non-root users stop here --test $(id -u) = 0 || exit 4 -+test "$(id -u)" = "0" || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" -diff --git a/init.d/augenrules b/init.d/augenrules -index ea96aa7..605cfef 100644 ---- a/init.d/augenrules -+++ b/init.d/augenrules -@@ -35,7 +35,7 @@ RETVAL=0 - usage="Usage: $0 [--check|--load]" - - # Delete the interim file on faults --trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15 -+trap 'rm -f ${TmpRules}; exit 1' HUP INT QUIT PIPE TERM - - try_load() { - if [ $LoadRules -eq 1 ] ; then --- -2.33.0 - diff --git a/backport-Consolidate-end-of-event-detection-to-a-common-funct.patch b/backport-Consolidate-end-of-event-detection-to-a-common-funct.patch deleted file mode 100644 index 4045db46ad1ffb10b8d916fc588acd5720d3f62c..0000000000000000000000000000000000000000 --- a/backport-Consolidate-end-of-event-detection-to-a-common-funct.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Sat, 26 Aug 2023 08:52:25 -0400 -Subject: [PATCH] Consolidate end of event detection to a common function - -Reference:https://github.com/linux-audit/audit-userspace/commit/6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed -Conflict:ChangeLog - ---- - auparse/auparse.c | 9 +-------- - common/Makefile.am | 2 +- - common/common.c | 43 +++++++++++++++++++++++++++++++++++++++++++ - common/common.h | 3 ++- - src/ausearch-lol.c | 9 ++------- - 5 files changed, 49 insertions(+), 17 deletions(-) - create mode 100644 common/common.c - -diff --git a/auparse/auparse.c b/auparse/auparse.c -index 6f3fb945..359b1875 100644 ---- a/auparse/auparse.c -+++ b/auparse/auparse.c -@@ -309,14 +309,7 @@ static void au_check_events(auparse_state_t *au, time_t sec) - if (cur->l->e.sec + eoe_timeout <= sec) { - cur->status = EBS_COMPLETE; - au->au_ready++; -- } else if ( // FIXME: Check this v remains true -- r->type == AUDIT_PROCTITLE || -- r->type == AUDIT_EOE || -- r->type < AUDIT_FIRST_EVENT || -- r->type >= AUDIT_FIRST_ANOM_MSG || -- r->type == AUDIT_KERNEL || -- (r->type >= AUDIT_MAC_UNLBL_ALLOW && -- r->type <= AUDIT_MAC_CALIPSO_DEL)) { -+ } else if (audit_is_last_record(r->type)) { - // If known to be 1 record event, we are done - cur->status = EBS_COMPLETE; - au->au_ready++; -diff --git a/common/Makefile.am b/common/Makefile.am -index dbf0f76c..9738ee87 100644 ---- a/common/Makefile.am -+++ b/common/Makefile.am -@@ -27,6 +27,6 @@ AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib - - noinst_HEADERS = common.h - libaucommon_la_DEPENDENCIES = ../config.h --libaucommon_la_SOURCES = audit-fgets.c strsplit.c -+libaucommon_la_SOURCES = audit-fgets.c strsplit.c common.c - noinst_LTLIBRARIES = libaucommon.la - -diff --git a/common/common.c b/common/common.c -new file mode 100644 -index 00000000..cbfa46cb ---- /dev/null -+++ b/common/common.c -@@ -0,0 +1,43 @@ -+/* common.c -- -+ * Copyright 2023 Red Hat Inc. -+ * All Rights Reserved. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ * -+ * Authors: -+ * Steve Grubb -+ */ -+ -+#include "libaudit.h" -+#include "common.h" -+ -+/* -+ * This function returns 1 if it is the last record in an event. -+ * It returns 0 otherwise. -+ */ -+int audit_is_last_record(int type) -+{ -+ if (type == AUDIT_PROCTITLE || -+ type == AUDIT_EOE || -+ type < AUDIT_FIRST_EVENT || -+ type >= AUDIT_FIRST_ANOM_MSG || -+ type == AUDIT_KERNEL || -+ (type >= AUDIT_MAC_UNLBL_ALLOW && -+ type <= AUDIT_MAC_CALIPSO_DEL)) { -+ return 1; -+ } -+ return 0; -+} -+ -diff --git a/common/common.h b/common/common.h -index 6a5437e9..1db80d4b 100644 ---- a/common/common.h -+++ b/common/common.h -@@ -1,5 +1,5 @@ - /* audit-fgets.h -- a replacement for glibc's fgets -- * Copyright 2018,2022 Red Hat Inc. -+ * Copyright 2018-23 Red Hat Inc. - * All Rights Reserved. - * - * This library is free software; you can redistribute it and/or -@@ -38,6 +38,7 @@ int audit_fgets(char *buf, size_t blen, int fd) - - char *audit_strsplit_r(char *s, char **savedpp); - char *audit_strsplit(char *s); -+int audit_is_last_record(int type); - - AUDIT_HIDDEN_END - #endif -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index 4a7e5fdf..9ed39d4f 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -252,16 +252,11 @@ static void check_events(lol *lo, time_t sec) - if (cur->l->e.sec + eoe_timeout <= sec) { - cur->status = L_COMPLETE; - ready++; -- } else if (cur->l->e.type == AUDIT_PROCTITLE || -- cur->l->e.type < AUDIT_FIRST_EVENT || -- cur->l->e.type >= AUDIT_FIRST_ANOM_MSG || -- cur->l->e.type == AUDIT_KERNEL || -- (cur->l->e.type >= AUDIT_MAC_UNLBL_ALLOW && -- cur->l->e.type <= AUDIT_MAC_CALIPSO_DEL)) { -+ } else if (audit_is_last_record(cur->l->e.type)) { - // If known to be 1 record event, we are done - cur->status = L_COMPLETE; - ready++; -- } -+ } - } - } - } --- -2.33.0 - diff --git a/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch b/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch deleted file mode 100644 index aa9ade30abb5361ba8e5443aa0c3618182c234f8..0000000000000000000000000000000000000000 --- a/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch +++ /dev/null @@ -1,52 +0,0 @@ -From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001 -From: Attila Lakatos -Date: Wed, 12 Jun 2024 18:22:00 +0200 -Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379) - -Some audit operators were not displayed properly -because auditctl used the "=" operator in all -the scenarios mentioned above. - -Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898 -Conflict:NA - ---- - src/auditctl-listing.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c -index 57ae1837..9c322670 100644 ---- a/src/auditctl-listing.c -+++ b/src/auditctl-listing.c -@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r) - printf("-w %.*s", r->values[i], - &r->buf[boffset]); - else -- printf(" -F path=%.*s", r->values[i], -+ printf(" -F path%s%.*s", -+ audit_operator_to_symbol(op), -+ r->values[i], - &r->buf[boffset]); - boffset += r->values[i]; - } else if (field == AUDIT_DIR) { -@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r) - printf("-w %.*s", r->values[i], - &r->buf[boffset]); - else -- printf(" -F dir=%.*s", r->values[i], -+ printf(" -F dir%s%.*s", -+ audit_operator_to_symbol(op), -+ r->values[i], - &r->buf[boffset]); - - boffset += r->values[i]; - } else if (field == AUDIT_EXE) { -- printf(" -F exe=%.*s", -+ printf(" -F exe%s%.*s", -+ audit_operator_to_symbol(op), - r->values[i], &r->buf[boffset]); - boffset += r->values[i]; - } else if (field == AUDIT_FILTERKEY) { --- -2.33.0 - diff --git a/backport-Error-out-if-required-zos-parameters-missing.patch b/backport-Error-out-if-required-zos-parameters-missing.patch deleted file mode 100644 index 33f31416d401ab0ab1ac2cdd7671c8d54ef9d7b4..0000000000000000000000000000000000000000 --- a/backport-Error-out-if-required-zos-parameters-missing.patch +++ /dev/null @@ -1,41 +0,0 @@ -From bbe96f9798451129ae2555f92e2f698f842f7833 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Tue, 10 Oct 2023 08:22:49 -0400 -Subject: [PATCH] Error out if required zos parameters missing - - -Reference:https://github.com/linux-audit/audit-userspace/commit/bbe96f9798451129ae2555f92e2f698f842f7833 -Conflict:NA - ---- - audisp/plugins/zos-remote/zos-remote-ldap.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/audisp/plugins/zos-remote/zos-remote-ldap.c b/audisp/plugins/zos-remote/zos-remote-ldap.c -index 7dd1424f..7e27eda4 100644 ---- a/audisp/plugins/zos-remote/zos-remote-ldap.c -+++ b/audisp/plugins/zos-remote/zos-remote-ldap.c -@@ -134,14 +134,18 @@ retry: - - int zos_remote_init(ZOS_REMOTE *zos_remote, const char *server, int port, - const char *user, const char *password, int timeout) --{ -+{ -+ if (server == NULL || user == NULL || password == NULL) { -+ log_err("Error: required parameters are not present in config file"); -+ return ICTX_E_FATAL; -+ } - zos_remote->server = strdup(server); - zos_remote->port = port; - zos_remote->user = strdup(user); - zos_remote->password = strdup(password); - zos_remote->timeout = timeout; - zos_remote->connected = 0; -- -+ - if (!zos_remote->server || !zos_remote->user || !zos_remote->password) { - log_err("Error allocating memory for session members"); - return ICTX_E_FATAL; --- -2.33.0 - diff --git a/backport-Fix-deprecated-python-function.patch b/backport-Fix-deprecated-python-function.patch deleted file mode 100644 index fa26127a06516ba31def30255588c395673f60d2..0000000000000000000000000000000000000000 --- a/backport-Fix-deprecated-python-function.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c344a8a370afed66e78db88c2d129f6672dae1e6 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Tue, 24 Oct 2023 11:51:04 -0400 -Subject: [PATCH] Fix deprecated python function - -Reference:https://github.com/linux-audit/audit-userspace/commit/c344a8a370afed66e78db88c2d129f6672dae1e6 -Conflict:NA - ---- - bindings/python/auparse_python.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c -index 78ef832c..1371ed54 100644 ---- a/bindings/python/auparse_python.c -+++ b/bindings/python/auparse_python.c -@@ -290,7 +290,11 @@ static void auparse_callback(auparse_state_t *au, - if (debug) printf("<< auparse_callback\n"); - arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type, - cb->user_data); -+#if PY_MINOR_VERSION >= 13 -+ result = PyObject_CallObject(cb->func, arglist); -+#else - result = PyEval_CallObject(cb->func, arglist); -+#endif - Py_DECREF(arglist); - Py_XDECREF(result); - } --- -2.33.0 - diff --git a/backport-Fix-memory-leaks.patch b/backport-Fix-memory-leaks.patch deleted file mode 100644 index 8afde8832006a9960fbc9aa4ea31a2fbd86a5d06..0000000000000000000000000000000000000000 --- a/backport-Fix-memory-leaks.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 289dc3a077f05fba93816fbdfbbfe032322d7f64 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Tue, 21 May 2024 12:28:29 -0400 -Subject: [PATCH] Fix memory leaks - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/289dc3a077f05fba93816fbdfbbfe032322d7f64 - ---- - src/auditd-listen.c | 2 +- - src/ausearch-lol.c | 2 ++ - src/ausearch-parse.c | 6 ++++-- - 3 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/auditd-listen.c b/src/auditd-listen.c -index ea3f137c..52076361 100644 ---- a/src/auditd-listen.c -+++ b/src/auditd-listen.c -@@ -443,8 +443,8 @@ static int negotiate_credentials(ev_tcp *io) - gss_release_name(&min_stat, &client); - return -1; - } -- gss_release_buffer(&min_stat, &send_tok); - } -+ gss_release_buffer(&min_stat, &send_tok); - } while (maj_stat == GSS_S_CONTINUE_NEEDED); - - maj_stat = gss_display_name(&min_stat, client, &recv_tok, NULL); -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index a5418079..784c58f6 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -311,6 +311,7 @@ int lol_add_record(lol *lo, char *buff) - n.type = e.type; - n.message = strdup(buff); - if(n.message == NULL) { -+ free((char *)e.node); - fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return 0; - } -@@ -369,6 +370,7 @@ int lol_add_record(lol *lo, char *buff) - // Create new event and fill it in - l = malloc(sizeof(llist)); - if (l == NULL) { -+ free((char *)e.node); - fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return 0; - } -diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c -index be57606b..4c9bef0d 100644 ---- a/src/ausearch-parse.c -+++ b/src/ausearch-parse.c -@@ -769,9 +769,11 @@ static int common_path_parser(search_items *s, char *path) - if ((sn.str[0] == '.') && ((sn.str[1] == '.') || - (sn.str[1] == '/')) && s->cwd) { - char *tmp = malloc(PATH_MAX); -- if (tmp == NULL) -+ if (tmp == NULL) { -+ free(sn.str); - return 6; -- snprintf(tmp, PATH_MAX, "%s/%s", -+ } -+ snprintf(tmp, PATH_MAX, "%s/%s", - s->cwd, sn.str); - free(sn.str); - sn.str = tmp; --- -2.33.0 - diff --git a/backport-Fix-new-warnings-for-unused-results.patch b/backport-Fix-new-warnings-for-unused-results.patch deleted file mode 100644 index 2c30d9dab059ab6f84562744d255ff65348dfa60..0000000000000000000000000000000000000000 --- a/backport-Fix-new-warnings-for-unused-results.patch +++ /dev/null @@ -1,107 +0,0 @@ -From a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Mon, 20 Nov 2023 16:37:46 -0500 -Subject: [PATCH] Fix new warnings for unused results - -Reference:https://github.com/linux-audit/audit-userspace/commit/a4e8b7e18f249fe5decdd2fe748a5068ffeaee57 -Conflict:NA - ---- - audisp/plugins/ids/ids.c | 5 +++-- - audisp/plugins/ids/ids.h | 2 +- - audisp/plugins/statsd/audisp-statsd.c | 4 ++-- - lib/libaudit.c | 3 ++- - lib/netlink.c | 3 ++- - src/auditd.c | 3 ++- - 6 files changed, 12 insertions(+), 8 deletions(-) - -diff --git a/audisp/plugins/ids/ids.c b/audisp/plugins/ids/ids.c -index d28237e5..1446ca71 100644 ---- a/audisp/plugins/ids/ids.c -+++ b/audisp/plugins/ids/ids.c -@@ -107,9 +107,10 @@ static void destroy_audit(void) - } - - --void log_audit_event(int type, const char *text, int res) -+int log_audit_event(int type, const char *text, int res) - { -- audit_log_user_message(audit_fd, type, text, NULL, NULL, NULL, res); -+ return audit_log_user_message(audit_fd, type, text, -+ NULL, NULL, NULL, res); - } - - -diff --git a/audisp/plugins/ids/ids.h b/audisp/plugins/ids/ids.h -index f3710066..cb98cdba 100644 ---- a/audisp/plugins/ids/ids.h -+++ b/audisp/plugins/ids/ids.h -@@ -15,6 +15,6 @@ - extern int debug; - extern void my_printf(const char *fmt, ...) - __attribute__ (( format(printf, 1, 2) )); --extern void log_audit_event(int type, const char *text, int res); -+extern int log_audit_event(int type, const char *text, int res); - - #endif -diff --git a/audisp/plugins/statsd/audisp-statsd.c b/audisp/plugins/statsd/audisp-statsd.c -index db2c6111..912f9171 100644 ---- a/audisp/plugins/statsd/audisp-statsd.c -+++ b/audisp/plugins/statsd/audisp-statsd.c -@@ -218,9 +218,9 @@ static void get_kernel_status(void) - struct audit_reply rep; - - audit_request_status(audit_fd); -- audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0); -+ int rc = audit_get_reply(audit_fd, &rep, GET_REPLY_BLOCKING, 0); - -- if (rep.type == AUDIT_GET) { -+ if (rc > 0 && rep.type == AUDIT_GET) { - // add info to global audit event struct - r.lost = rep.status->lost; - r.backlog = rep.status->backlog; -diff --git a/lib/libaudit.c b/lib/libaudit.c -index e5f2a7c5..3decff12 100644 ---- a/lib/libaudit.c -+++ b/lib/libaudit.c -@@ -473,7 +473,8 @@ int audit_set_pid(int fd, uint32_t pid, rep_wait_t wmode) - rc = poll(pfd, 1, 100); /* .1 second */ - } while (rc < 0 && errno == EINTR); - -- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); -+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0)) -+ ; // intentionally empty - return 1; - } - -diff --git a/lib/netlink.c b/lib/netlink.c -index eeeefc26..3381651a 100644 ---- a/lib/netlink.c -+++ b/lib/netlink.c -@@ -280,7 +280,8 @@ retry: - else if (rc > 0 && rep.type == NLMSG_ERROR) { - int error = rep.error->error; - /* Eat the message */ -- (void)audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0); -+ if (audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0)) -+ ; // intentionally empty - - /* NLMSG_ERROR can indicate success, only report nonzero */ - if (error) { -diff --git a/src/auditd.c b/src/auditd.c -index 2dedf35b..54b407f3 100644 ---- a/src/auditd.c -+++ b/src/auditd.c -@@ -1044,7 +1044,8 @@ static void clean_exit(void) - audit_msg(LOG_INFO, "The audit daemon is exiting."); - if (fd >= 0) { - if (!opt_aggregate_only) -- audit_set_pid(fd, 0, WAIT_NO); -+ if (audit_set_pid(fd, 0, WAIT_NO)) -+ ; // intentionally empty - audit_close(fd); - } - if (pidfile) --- -2.33.0 - diff --git a/backport-Fixed-NULL-checks.patch b/backport-Fixed-NULL-checks.patch deleted file mode 100644 index d188bf72069a6c17b3f8418af82c2efb376debab..0000000000000000000000000000000000000000 --- a/backport-Fixed-NULL-checks.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 68131717821ee5c946fb561218551c98e46d7d06 Mon Sep 17 00:00:00 2001 -From: Yugend -Date: Tue, 19 Mar 2024 17:01:53 +0300 -Subject: [PATCH] Fixed NULL checks - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/68131717821ee5c946fb561218551c98e46d7d06 - ---- - audisp/plugins/zos-remote/zos-remote-queue.c | 2 +- - auparse/auparse.c | 1 + - src/ausearch-lol.c | 1 + - 3 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c -index 47dd006e..f8019890 100644 ---- a/audisp/plugins/zos-remote/zos-remote-queue.c -+++ b/audisp/plugins/zos-remote/zos-remote-queue.c -@@ -131,7 +131,7 @@ void increase_queue_depth(unsigned int size) - - tmp_q = realloc(q, size * sizeof(BerElement *)); - if (tmp_q == NULL) { -- log_err("Memory allocation error");; -+ log_err("Memory allocation error");; - pthread_mutex_unlock(&queue_lock); - return; - } -diff --git a/auparse/auparse.c b/auparse/auparse.c -index 516ee8f1..e782058d 100644 ---- a/auparse/auparse.c -+++ b/auparse/auparse.c -@@ -116,6 +116,7 @@ static int setup_log_file_array(auparse_state_t *au) - if (!tmp) { - fprintf(stderr, "No memory\n"); - aup_free_config(&config); -+ free(filename); - return 1; - } - -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index c2140b7e..7562dc21 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -49,6 +49,7 @@ void lol_create(lol *lo) - lo->array = (lolnode *)malloc(size); - if (lo->array == NULL) { - fprintf(stderr, "Memory allocation error"); -+ lo->limit = 0; - return; - } - memset(lo->array, 0, size); --- -2.33.0 - diff --git a/backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch b/backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch deleted file mode 100644 index aa12a467555fcce041c2dd01f535745729fd3ddf..0000000000000000000000000000000000000000 --- a/backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 139c61a9007600c93702947179d7836be1bc8403 Mon Sep 17 00:00:00 2001 -From: burnalting -Date: Thu, 11 Jan 2024 08:22:32 +1100 -Subject: [PATCH] Issue343: Fix checkpoint issue to ensure all complete events - are gained (#345) - -Co-authored-by: Burn Alting - -Reference:https://github.com/linux-audit/audit-userspace/commit/139c61a9007600c93702947179d7836be1bc8403 -Conflict:NA - ---- - src/ausearch-lol.c | 33 +++++++++++++++++++++++++++++++++ - src/ausearch-lol.h | 1 + - src/ausearch.c | 12 +++++++----- - 3 files changed, 41 insertions(+), 5 deletions(-) - -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index 9ed39d4f..bcfb9ad8 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -261,6 +261,32 @@ static void check_events(lol *lo, time_t sec) - } - } - -+// This function will check events to see if they are complete but not compare against a given time -+static void check_events_without_time(lol *lo) -+{ -+ int i; -+ -+ for(i=0;i<=lo->maxi; i++) { -+ lolnode *cur = &lo->array[i]; -+ if (cur->status == L_BUILDING) { -+ /* We now iterate over the event's records but without affecting the node's current -+ * pointer (cur->l->cur). That is, we don't call the list-* routines -+ * We could jump to the last record in the list which is normally a PROCTITLE, but this -+ * may not be guaranteed, so we check all record types -+ */ -+ lnode *ln = cur->l->head; -+ while (ln) { -+ if (audit_is_last_record(ln->type)) { -+ cur->status = L_COMPLETE; -+ ready++; -+ break; -+ } -+ ln = ln->next; -+ } -+ } -+ } -+} -+ - // This function adds a new record to an existing linked list - // or creates a new one if its a new event - int lol_add_record(lol *lo, char *buff) -@@ -360,6 +386,13 @@ void terminate_all_events(lol *lo) - } - } - -+// This function will mark all events as complete if it can. -+void complete_all_events(lol *lo) -+{ -+ -+ check_events_without_time(lo); -+} -+ - /* Search the list for any event that is ready to go. The caller - * takes custody of the memory */ - llist* get_ready_event(lol *lo) -diff --git a/src/ausearch-lol.h b/src/ausearch-lol.h -index e189491e..427d083c 100644 ---- a/src/ausearch-lol.h -+++ b/src/ausearch-lol.h -@@ -49,6 +49,7 @@ void lol_create(lol *lo); - void lol_clear(lol *lo); - int lol_add_record(lol *lo, char *buff); - void terminate_all_events(lol *lo); -+void complete_all_events(lol *lo); - llist* get_ready_event(lol *lo); - - void lol_set_eoe_timeout(time_t new_eoe_tmo); -diff --git a/src/ausearch.c b/src/ausearch.c -index c8cafb5f..409e43e9 100644 ---- a/src/ausearch.c -+++ b/src/ausearch.c -@@ -610,19 +610,21 @@ static int get_next_event(llist **l) - * If we get an EINTR error or we are at EOF, we check - * to see if we have any events to print and return - * appropriately. If we are the last file being -- * processed, we mark all incomplete events as -- * complete so they will be printed. -+ * processed, and we are not checkpointing, we mark all incomplete -+ * events as complete so they will be printed. If we are checkpointing -+ * we do an exhaustive validation to see if there are complete events still - */ - if ((ferror_unlocked(log_fd) && - errno == EINTR) || feof_unlocked(log_fd)) { - /* -- * Only mark all events as L_COMPLETE if we are -+ * Only attempt to mark all events as L_COMPLETE if we are - * the last file being processed. -- * We DO NOT do this if we are checkpointing. - */ - if (files_to_process == 0) { - if (!checkpt_filename) -- terminate_all_events(&lo); -+ terminate_all_events(&lo); // terminate as we are not checkpointing -+ else -+ complete_all_events(&lo); // exhaustively check if we can complete events - } - *l = get_ready_event(&lo); - if (*l) --- -2.33.0 - diff --git a/backport-Make-session-id-consistently-typed-327.patch b/backport-Make-session-id-consistently-typed-327.patch deleted file mode 100644 index 9a5bbc0deed4b4945c878b274266a47ed12851db..0000000000000000000000000000000000000000 --- a/backport-Make-session-id-consistently-typed-327.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 8359a7004de5e22c5a9b85c01c56e3b376d84a81 Mon Sep 17 00:00:00 2001 -From: Michael Tautschnig -Date: Thu, 2 Nov 2023 21:53:29 +0100 -Subject: [PATCH] Make session id consistently typed (#327) - -This fixes type-conflicting definitions and declarations. - -Reference:https://github.com/linux-audit/audit-userspace/commit/8359a7004de5e22c5a9b85c01c56e3b376d84a81 -Conflict:NA - ---- - src/aureport-options.c | 3 ++- - src/ausearch-options.c | 10 ++++++---- - 2 files changed, 8 insertions(+), 5 deletions(-) - -diff --git a/src/aureport-options.c b/src/aureport-options.c -index 93621e25..76a4b9f1 100644 ---- a/src/aureport-options.c -+++ b/src/aureport-options.c -@@ -61,7 +61,8 @@ const char *event_uuid = NULL; - const char *event_vmname = NULL; - long long event_exit = 0; - int event_exit_is_set = 0; --int event_ppid = -1, event_session_id = -2; -+pid_t event_ppid = -1; -+uint32_t event_session_id = -2; - int event_debug = 0, event_machine = -1; - time_t arg_eoe_timeout = (time_t)0; - -diff --git a/src/ausearch-options.c b/src/ausearch-options.c -index 8a1f4772..499c2aa3 100644 ---- a/src/ausearch-options.c -+++ b/src/ausearch-options.c -@@ -895,19 +895,21 @@ int check_params(int count, char *vars[]) - size_t len = strlen(optarg); - if (isdigit(optarg[0])) { - errno = 0; -- event_session_id = strtoul(optarg,NULL,10); -- if (errno) -+ unsigned long optval = strtoul(optarg,NULL,10); -+ if (errno || optval >= (1ul << 32)) - retval = -1; -+ event_session_id = optval; - c++; - } else if (len >= 2 && *(optarg)=='-' && - (isdigit(optarg[1]))) { - errno = 0; -- event_session_id = strtoul(optarg, NULL, 0); -- if (errno) { -+ long optval = strtol(optarg, NULL, 0); -+ if (errno || optval < INT_MIN || optval > INT_MAX) { - retval = -1; - fprintf(stderr, "Error converting %s\n", - optarg); - } -+ event_session_id = optval; - c++; - } else { - fprintf(stderr, --- -2.33.0 - diff --git a/backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch b/backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch deleted file mode 100644 index ab59a6dd0585b73fa7350a6edd5a9d1d612444c3..0000000000000000000000000000000000000000 --- a/backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch +++ /dev/null @@ -1,214 +0,0 @@ -From 38572e7eead76015b388723038f03e2ef0b1e3c1 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Fri, 25 Aug 2023 10:41:20 -0400 -Subject: [PATCH] Rewrite legacy service functions in terms of systemctl - -Reference:https://github.com/linux-audit/audit-userspace/commit/38572e7eead76015b388723038f03e2ef0b1e3c1 -Conflict:init.d/Makefile.am,ChangeLog - ---- - init.d/Makefile.am | 3 +-- - init.d/audit-functions | 52 --------------------------------------- - init.d/auditd.condrestart | 7 +++--- - init.d/auditd.reload | 6 +---- - init.d/auditd.resume | 6 +---- - init.d/auditd.rotate | 6 +---- - init.d/auditd.state | 4 +-- - init.d/auditd.stop | 3 +-- - 8 files changed, 10 insertions(+), 77 deletions(-) - delete mode 100644 init.d/audit-functions - -diff --git a/init.d/Makefile.am b/init.d/Makefile.am -index fdbf81c..3a73697 100644 ---- a/init.d/Makefile.am -+++ b/init.d/Makefile.am -@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service auditd.sysconfig auditd.conf \ - auditd.cron libaudit.conf auditd.condrestart \ - auditd.reload auditd.restart auditd.resume \ - auditd.rotate auditd.state auditd.stop \ -- audit-stop.rules augenrules audit-functions -+ audit-stop.rules augenrules - libconfig = libaudit.conf - if ENABLE_SYSTEMD - initdir = /usr/lib/systemd/system -@@ -61,7 +61,6 @@ if ENABLE_SYSTEMD - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.stop ${DESTDIR}${legacydir}/stop - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.restart ${DESTDIR}${legacydir}/restart - $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.condrestart ${DESTDIR}${legacydir}/condrestart -- $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/audit-functions ${DESTDIR}${libexecdir} - else - $(INSTALL_SCRIPT) -D ${srcdir}/auditd.init ${DESTDIR}${initdir}/auditd - endif -diff --git a/init.d/audit-functions b/init.d/audit-functions -deleted file mode 100644 -index 12f5023..0000000 ---- a/init.d/audit-functions -+++ /dev/null -@@ -1,52 +0,0 @@ --# -*-Shell-script-*- -- --# Make sure umask is sane --umask 022 -- --#/usr/libexec/audit/audit-functions -- --# killproc {program} [-signal] --killproc () --{ -- local daemon="$1" -- local sig= -- [ -n "${2:-}" ] && sig=$2 -- -- # This matches src/auditd.c -- local pid_file="/var/run/auditd.pid" -- local pid_dir=$(dirname $pid_file) -- -- if [ ! -d "$pid_dir" ] ; then -- return 4 -- fi -- -- local pid= -- if [ -f "$pid_file" ] ; then -- # pid file exists, use it -- while : ; do -- read line -- [ -z "$line" ] && break -- for p in $line ; do -- # pid is numeric and corresponds to a process -- if [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] ; then -- d=$(cat "/proc/$p/comm") -- if [ "$d" = "$daemon" ] ; then -- pid="$p" -- break -- fi -- fi -- done -- done < "$pid_file" -- else -- # need to search /proc -- p=$(pidof "$daemon") -- if [ -n "$p" ] ; then -- pid="$p" -- fi -- fi -- -- # At this point we should have a pid or the process is dead -- if [ -n "$pid" ] && [ -n "$sig" ] ; then -- kill "$sig" "$pid" >/dev/null 2>&1 -- fi --} -diff --git a/init.d/auditd.condrestart b/init.d/auditd.condrestart -index d86e5e4..c5803ff 100644 ---- a/init.d/auditd.condrestart -+++ b/init.d/auditd.condrestart -@@ -2,9 +2,10 @@ - # Helper script to provide legacy auditd service options not - # directly supported by systemd. - --state=`service auditd status | awk '/^ Active/ { print $2 }'` --if [ $state = "active" ] ; then -- /usr/libexec/initscripts/legacy-actions/auditd/restart -+state=$(systemctl status auditd | awk '/Active:/ { print $2 }') -+if [ "$state" = "active" ] ; then -+ /usr/libexec/initscripts/legacy-actions/auditd/stop -+ /bin/systemctl start auditd - RETVAL="$?" - exit $RETVAL - fi -diff --git a/init.d/auditd.reload b/init.d/auditd.reload -index e689534..53ff2f4 100644 ---- a/init.d/auditd.reload -+++ b/init.d/auditd.reload -@@ -5,13 +5,9 @@ - # Check that we are root ... so non-root users stop here - test $(id -u) = 0 || exit 4 - --PATH=/sbin:/bin:/usr/bin:/usr/sbin --prog="auditd" --. /usr/libexec/audit-functions -- - printf "Reconfiguring: " - /sbin/augenrules --load --killproc $prog -HUP -+/sbin/auditctl --signal reload - RETVAL=$? - echo - exit $RETVAL -diff --git a/init.d/auditd.resume b/init.d/auditd.resume -index 6852fd6..96189eb 100644 ---- a/init.d/auditd.resume -+++ b/init.d/auditd.resume -@@ -5,12 +5,8 @@ - # Check that we are root ... so non-root users stop here - test $(id -u) = 0 || exit 4 - --PATH=/sbin:/bin:/usr/bin:/usr/sbin --prog="auditd" --. /usr/libexec/audit-functions -- - printf "Resuming logging: " --killproc $prog -USR2 -+/sbin/auditctl --signal resume - RETVAL=$? - echo - exit $RETVAL -diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate -index 643b935..dcb12c2 100644 ---- a/init.d/auditd.rotate -+++ b/init.d/auditd.rotate -@@ -5,12 +5,8 @@ - # Check that we are root ... so non-root users stop here - test $(id -u) = 0 || exit 4 - --PATH=/sbin:/bin:/usr/bin:/usr/sbin --prog="auditd" --. /usr/libexec/audit-functions -- - printf "Rotating logs: " --killproc $prog -USR1 -+/sbin/auditctl --signal rotate - RETVAL=$? - echo - exit $RETVAL -diff --git a/init.d/auditd.state b/init.d/auditd.state -index 4724c4f..6ae0845 100644 ---- a/init.d/auditd.state -+++ b/init.d/auditd.state -@@ -6,12 +6,10 @@ - test $(id -u) = 0 || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin --prog="auditd" - state_file="/var/run/auditd.state" --. /usr/libexec/audit-functions - - printf "Getting auditd internal state: " --killproc $prog -CONT -+/sbin/auditctl --signal state - RETVAL=$? - echo -e "\n" - sleep 1 -diff --git a/init.d/auditd.stop b/init.d/auditd.stop -index d3fbc79..5049285 100644 ---- a/init.d/auditd.stop -+++ b/init.d/auditd.stop -@@ -7,7 +7,6 @@ test $(id -u) = 0 || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" --. /usr/libexec/audit-functions - pid= - p=$(pidof "$prog") - if [ -n "$p" ] ; then -@@ -15,7 +14,7 @@ if [ -n "$p" ] ; then - fi - - printf "Stopping logging: " --killproc $prog -TERM -+/sbin/auditctl --signal stop - RETVAL=$? - if [ -n "$pid" ] ; then - # Wait up to 20 seconds for auditd to shutdown --- -2.33.0 - diff --git a/backport-Solve-issue-363-by-moving-check-to-after-load_config.patch b/backport-Solve-issue-363-by-moving-check-to-after-load_config.patch deleted file mode 100644 index 3af513bd02f3b9a7ebc3dbb9258a4ea32c0b25dd..0000000000000000000000000000000000000000 --- a/backport-Solve-issue-363-by-moving-check-to-after-load_config.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0604569e79a5d1c76b32f15576e129e0b813659f Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Sun, 24 Mar 2024 13:06:59 -0400 -Subject: [PATCH] Solve issue #363 by moving check to after load_config - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/0604569e79a5d1c76b32f15576e129e0b813659f - ---- - src/auditd.c | 29 +++++++++++++++-------------- - 1 file changed, 15 insertions(+), 14 deletions(-) - -diff --git a/src/auditd.c b/src/auditd.c -index e0fe9925..67ce06c0 100644 ---- a/src/auditd.c -+++ b/src/auditd.c -@@ -676,20 +676,6 @@ int main(int argc, char *argv[]) - } - session = audit_get_session(); - --#ifndef DEBUG -- /* Make sure we can do our job. Containers may not give you -- * capabilities, so we revert to a uid check for that case. */ -- if (!audit_can_control()) { -- if (!config.local_events && geteuid() == 0) -- ; -- else { -- fprintf(stderr, -- "You must be root or have capabilities to run this program.\n"); -- return 4; -- } -- } --#endif -- - /* Register sighandlers */ - sa.sa_flags = 0 ; - sigemptyset( &sa.sa_mask ) ; -@@ -717,6 +703,21 @@ int main(int argc, char *argv[]) - free_config(&config); - return 6; - } -+ -+#ifndef DEBUG -+ /* Make sure we can do our job. Containers may not give you -+ * capabilities, so we revert to a uid check for that case. */ -+ if (!audit_can_control()) { -+ if (!config.local_events && geteuid() == 0) -+ ; -+ else { -+ fprintf(stderr, -+ "You must be root or have capabilities to run this program.\n"); -+ return 4; -+ } -+ } -+#endif -+ - if (config.daemonize == D_FOREGROUND) - config.write_logs = 0; - --- -2.33.0 - diff --git a/backport-Use-atomic_int-if-available-for-signal-related-flags.patch b/backport-Use-atomic_int-if-available-for-signal-related-flags.patch deleted file mode 100644 index bd7bb3cbc8aa8a0168d2e9ffa29825f270ecf93d..0000000000000000000000000000000000000000 --- a/backport-Use-atomic_int-if-available-for-signal-related-flags.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 184f20c56576300343b8f8b60a8bebb185074485 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Fri, 26 Apr 2024 12:44:56 -0400 -Subject: [PATCH] Use atomic_int if available for signal related flags - -Conflict:src/auditd.c -Reference:https://github.com/linux-audit/audit-userspace/commit/184f20c56576300343b8f8b60a8bebb185074485 - ---- - configure.ac | 7 ++++++- - src/auditd-event.c | 5 ++++- - src/auditd.c | 9 ++++++--- - 3 files changed, 16 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 8644ccc..61d32a8 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -87,7 +87,12 @@ AC_LINK_IFELSE( - [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])], - [] - ) -- -+AC_CHECK_HEADERS([stdatomic.h], [ -+ AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the header file.]) -+ AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the header file.]) -+ ], [ -+ AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if is not available.]) -+]) - AC_MSG_CHECKING(__attr_access support) - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE( -diff --git a/src/auditd-event.c b/src/auditd-event.c -index c74b420..74c4fbd 100644 ---- a/src/auditd-event.c -+++ b/src/auditd-event.c -@@ -36,6 +36,9 @@ - #include /* POSIX_HOST_NAME_MAX */ - #include /* toupper */ - #include /* dirname */ -+#ifdef HAVE_ATOMIC -+#include -+#endif - #include "auditd-event.h" - #include "auditd-dispatch.h" - #include "auditd-listen.h" -@@ -45,7 +48,7 @@ - #include "auparse-idata.h" - - /* This is defined in auditd.c */ --extern volatile int stop; -+extern volatile ATOMIC_INT stop; - - /* Local function prototypes */ - static void send_ack(const struct auditd_event *e, int ack_type, -diff --git a/src/auditd.c b/src/auditd.c -index 901f741..aebb919 100644 ---- a/src/auditd.c -+++ b/src/auditd.c -@@ -38,6 +38,9 @@ - #include - #include - #include -+#ifdef HAVE_ATOMIC -+#include -+#endif - - #include "libaudit.h" - #include "auditd-event.h" -@@ -62,7 +65,7 @@ - #define SUBJ_LEN 4097 - - /* Global Data */ --volatile int stop = 0; -+volatile ATOMIC_INT stop = 0; - - /* Local data */ - static int fd = -1, pipefds[2] = {-1, -1}; -@@ -72,8 +75,8 @@ static const char *state_file = "/var/run/auditd.state"; - static int init_pipe[2]; - static int do_fork = 1, opt_aggregate_only = 0, config_dir_set = 0; - static struct auditd_event *cur_event = NULL, *reconfig_ev = NULL; --static int hup_info_requested = 0; --static int usr1_info_requested = 0, usr2_info_requested = 0; -+static ATOMIC_INT hup_info_requested = 0; -+static ATOMIC_INT usr1_info_requested = 0, usr2_info_requested = 0; - static char subj[SUBJ_LEN]; - static uint32_t session; - static int hup_flag = 0; --- -2.33.0 - diff --git a/backport-Use-atomic_uint-if-available-for-signal-related-flag.patch b/backport-Use-atomic_uint-if-available-for-signal-related-flag.patch deleted file mode 100644 index 6e8f9a85c8ea5f11c02b1d10143dc35210ac87e6..0000000000000000000000000000000000000000 --- a/backport-Use-atomic_uint-if-available-for-signal-related-flag.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 3955b5e29e119122dc2fc0a53ba82529613e4e1c Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Fri, 26 Apr 2024 14:03:02 -0400 -Subject: [PATCH] Use atomic_uint if available for signal related flags - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/3955b5e29e119122dc2fc0a53ba82529613e4e1c - ---- - audisp/audispd.c | 7 +++++-- - audisp/queue.c | 9 ++++++--- - configure.ac | 2 ++ - 3 files changed, 13 insertions(+), 5 deletions(-) - -diff --git a/audisp/audispd.c b/audisp/audispd.c -index 0902a073..e4e49087 100644 ---- a/audisp/audispd.c -+++ b/audisp/audispd.c -@@ -37,6 +37,9 @@ - #include - #include - #include -+#ifdef HAVE_ATOMIC -+#include -+#endif - - #include "audispd-pconfig.h" - #include "audispd-config.h" -@@ -46,8 +49,8 @@ - #include "private.h" - - /* Global Data */ --static volatile int stop = 0; --volatile int disp_hup = 0; -+static volatile ATOMIC_INT stop = 0; -+volatile ATOMIC_INT disp_hup = 0; - - /* Local data */ - static daemon_conf_t daemon_config; -diff --git a/audisp/queue.c b/audisp/queue.c -index 8bd20ea1..183a5af8 100644 ---- a/audisp/queue.c -+++ b/audisp/queue.c -@@ -25,17 +25,20 @@ - #include - #include - #include -+#ifdef HAVE_ATOMIC -+#include -+#endif - #include "queue.h" - - static volatile event_t **q; - static pthread_mutex_t queue_lock; - static pthread_cond_t queue_nonempty; --static unsigned int q_next, q_last, q_depth, processing_suspended; --static unsigned int currently_used, max_used, overflowed; -+static unsigned int q_next, q_last, q_depth, processing_suspended, overflowed; -+static ATOMIC_UNSIGNED currently_used, max_used; - static const char *SINGLE = "1"; - static const char *HALT = "0"; - static int queue_full_warning = 0; --extern volatile int disp_hup; -+extern volatile ATOMIC_INT disp_hup; - #define QUEUE_FULL_LIMIT 5 - - void reset_suspended(void) -diff --git a/configure.ac b/configure.ac -index f0650f3f..969d36e8 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -89,8 +89,10 @@ AC_LINK_IFELSE( - AC_CHECK_HEADERS([stdatomic.h], [ - AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the header file.]) - AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the header file.]) -+ AC_DEFINE([ATOMIC_UNSIGNED], atomic_uint, [Define atomic_uint if you have the header file.]) - ], [ - AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if is not available.]) -+ AC_DEFINE([ATOMIC_UNSIGNED], unsigned, [Define to the type of an unsigned if is not available.]) - ]) - AC_MSG_CHECKING(__attr_access support) - AC_COMPILE_IFELSE( --- -2.33.0 - diff --git a/backport-adding-the-file-descriptor-closure.patch b/backport-adding-the-file-descriptor-closure.patch deleted file mode 100644 index 49d846a9847307e114f77085f6cdb91d422fc9fc..0000000000000000000000000000000000000000 --- a/backport-adding-the-file-descriptor-closure.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5eef876b3eb2fa3348be6cd31bd651a98b164deb Mon Sep 17 00:00:00 2001 -From: Yugend -Date: Wed, 27 Mar 2024 17:34:33 +0300 -Subject: [PATCH] adding the file descriptor closure - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/5eef876b3eb2fa3348be6cd31bd651a98b164deb - ---- - src/auditctl.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/auditctl.c b/src/auditctl.c -index 503b4e2b..7949d95c 100644 ---- a/src/auditctl.c -+++ b/src/auditctl.c -@@ -1393,6 +1393,7 @@ static int fileopt(const char *file) - fields = malloc(nf * sizeof(char *)); - if (fields == NULL) { - audit_msg(LOG_ERR, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); -+ fclose(f); - return 1; - } - --- -2.33.0 - diff --git a/backport-avoiding-of-NULL-pointers-dereference-366.patch b/backport-avoiding-of-NULL-pointers-dereference-366.patch deleted file mode 100644 index 9d630bfd8aeb372aca66312991b6f9b99486f735..0000000000000000000000000000000000000000 --- a/backport-avoiding-of-NULL-pointers-dereference-366.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 4780cd1a790286213dda646f782fa7128fb092a9 Mon Sep 17 00:00:00 2001 -From: Yugend <77495782+Yugend@users.noreply.github.com> -Date: Sat, 4 May 2024 00:39:36 +0300 -Subject: [PATCH] avoiding of NULL pointers dereference (#366) - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/4780cd1a790286213dda646f782fa7128fb092a9 - ---- - src/ausearch-parse.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c -index 1a5b047f..be57606b 100644 ---- a/src/ausearch-parse.c -+++ b/src/ausearch-parse.c -@@ -719,6 +719,10 @@ static int common_path_parser(search_items *s, char *path) - // append - snode sn; - sn.str = strdup(path); -+ if (sn.str == NULL) { -+ fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__); -+ return 8; -+ } - sn.key = NULL; - sn.hits = 1; - // Attempt to rebuild path if relative -@@ -1217,6 +1221,10 @@ skip: - saved = *term; - *term = 0; - s->hostname = strdup(str); -+ if (s->hostname == NULL) { -+ fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__); -+ return 33; -+ } - *term = saved; - - // Lets see if there is something more --- -2.33.0 - diff --git a/backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch b/backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch deleted file mode 100644 index 312fca2c61bab0414e09a893fc552245f26eb261..0000000000000000000000000000000000000000 --- a/backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0 Mon Sep 17 00:00:00 2001 -From: Yugend -Date: Wed, 27 Mar 2024 17:41:07 +0300 -Subject: [PATCH] correcting memcmp args in check_rule_mismatch function - -Conflict:src/auditctl.c -Reference:https://github.com/linux-audit/audit-userspace/commit/3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0 - ---- - src/auditctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/auditctl.c b/src/auditctl.c -index 7949d95c..acb1e518 100644 ---- a/src/auditctl.c -+++ b/src/auditctl.c -@@ -392,7 +392,7 @@ static int check_rule_mismatch(int lineno, const char *option) - audit_rule_syscallbyname_data(&tmprule, ptr); - ptr = strtok_r(NULL, ",", &saved); - } -- if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE)) -+ if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE * sizeof(tmprule.mask[0]))) - rc = 1; - free(tmp); - --- -2.33.0 - diff --git a/backport-first-part-of-NULL-pointer-checks.patch b/backport-first-part-of-NULL-pointer-checks.patch deleted file mode 100644 index f1aa1603106bd75a6b08f20a967b30cff5344b29..0000000000000000000000000000000000000000 --- a/backport-first-part-of-NULL-pointer-checks.patch +++ /dev/null @@ -1,147 +0,0 @@ -From b046de44454fa2616dbb8899f1b41d65ce876e33 Mon Sep 17 00:00:00 2001 -From: Yugend -Date: Fri, 15 Mar 2024 17:08:16 +0300 -Subject: [PATCH] first part of NULL pointer checks - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/b046de44454fa2616dbb8899f1b41d65ce876e33 - ---- - audisp/audispd-llist.c | 3 +++ - auparse/auparse.c | 7 +++++++ - src/auditctl-llist.c | 3 +++ - src/auditctl.c | 5 +++++ - src/ausearch-avc.c | 3 +++ - src/ausearch-int.c | 3 +++ - src/ausearch-llist.c | 3 +++ - tools/aulastlog/aulastlog-llist.c | 3 +++ - 8 files changed, 30 insertions(+) - -diff --git a/audisp/audispd-llist.c b/audisp/audispd-llist.c -index c562a72a..c338327d 100644 ---- a/audisp/audispd-llist.c -+++ b/audisp/audispd-llist.c -@@ -74,6 +74,9 @@ void plist_append(conf_llist *l, plugin_conf_t *p) - lnode* newnode; - - newnode = malloc(sizeof(lnode)); -+ if (newnode == NULL) { -+ return; -+ } - - if (p) { - void *pp = malloc(sizeof(struct plugin_conf)); -diff --git a/auparse/auparse.c b/auparse/auparse.c -index e196373b..516ee8f1 100644 ---- a/auparse/auparse.c -+++ b/auparse/auparse.c -@@ -113,6 +113,11 @@ static int setup_log_file_array(auparse_state_t *au) - } - num--; - tmp = malloc((num+2)*sizeof(char *)); -+ if (!tmp) { -+ fprintf(stderr, "No memory\n"); -+ aup_free_config(&config); -+ return 1; -+ } - - /* Got it, now process logs from last to first */ - if (num > 0) -@@ -489,6 +494,8 @@ auparse_state_t *auparse_init(ausource_t source, const void *b) - if (access_ok(b)) - goto bad_exit; - tmp = malloc(2*sizeof(char *)); -+ if (tmp == NULL) -+ goto bad_exit; - tmp[0] = strdup(b); - tmp[1] = NULL; - au->source_list = tmp; -diff --git a/src/auditctl-llist.c b/src/auditctl-llist.c -index 182d88b5..0f81d4c8 100644 ---- a/src/auditctl-llist.c -+++ b/src/auditctl-llist.c -@@ -64,6 +64,9 @@ void list_append(llist *l, const struct audit_rule_data *r, size_t sz) - lnode* newnode; - - newnode = malloc(sizeof(lnode)); -+ if (newnode == NULL) { -+ return; -+ } - - if (r) { - void *rr = malloc(sz); -diff --git a/src/auditctl.c b/src/auditctl.c -index dac5118a..ee7e33c8 100644 ---- a/src/auditctl.c -+++ b/src/auditctl.c -@@ -1391,6 +1391,11 @@ static int fileopt(const char *file) - } - i = 0; - fields = malloc(nf * sizeof(char *)); -+ if (fields == NULL) { -+ audit_msg(LOG_ERR, "Memory allocation error"); -+ return 1; -+ } -+ - fields[i++] = "auditctl"; - fields[i++] = ptr; - while( (ptr=audit_strsplit(NULL)) && (i < nf-1)) { -diff --git a/src/ausearch-avc.c b/src/ausearch-avc.c -index 10d153f6..6aa98c70 100644 ---- a/src/ausearch-avc.c -+++ b/src/ausearch-avc.c -@@ -67,6 +67,9 @@ void alist_append(alist *l, anode *node) - anode* newnode; - - newnode = malloc(sizeof(anode)); -+ if (newnode == NULL) { -+ return; -+ } - - if (node->scontext) - newnode->scontext = node->scontext; -diff --git a/src/ausearch-int.c b/src/ausearch-int.c -index 718dacda..0e8b0ffe 100644 ---- a/src/ausearch-int.c -+++ b/src/ausearch-int.c -@@ -46,6 +46,9 @@ void ilist_append(ilist *l, int num, unsigned int hits, int aux) - int_node* newnode; - - newnode = malloc(sizeof(int_node)); -+ if (newnode == NULL) { -+ return; -+ } - - newnode->num = num; - newnode->hits = hits; -diff --git a/src/ausearch-llist.c b/src/ausearch-llist.c -index 0fa6f671..36fcae6d 100644 ---- a/src/ausearch-llist.c -+++ b/src/ausearch-llist.c -@@ -107,6 +107,9 @@ void list_append(llist *l, lnode *node) - lnode* newnode; - - newnode = malloc(sizeof(lnode)); -+ if (newnode == NULL) { -+ return; -+ } - - if (node->message) - newnode->message = node->message; -diff --git a/tools/aulastlog/aulastlog-llist.c b/tools/aulastlog/aulastlog-llist.c -index 84882ca8..779afb50 100644 ---- a/tools/aulastlog/aulastlog-llist.c -+++ b/tools/aulastlog/aulastlog-llist.c -@@ -46,6 +46,9 @@ void list_append(llist *l, lnode *node) - lnode* newnode; - - newnode = malloc(sizeof(lnode)); -+ if (newnode == NULL) { -+ return; -+ } - - newnode->sec = node->sec; - newnode->uid = node->uid; --- -2.33.0 - diff --git a/backport-fix-one-more-leak.patch b/backport-fix-one-more-leak.patch deleted file mode 100644 index af271ffa06a469d7d096e2736b45ce2f17f387b2..0000000000000000000000000000000000000000 --- a/backport-fix-one-more-leak.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 613ccbdd1011692c6724a11cc8798112dd26d202 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Tue, 21 May 2024 13:17:38 -0400 -Subject: [PATCH] fix one more leak - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/613ccbdd1011692c6724a11cc8798112dd26d202 - ---- - src/ausearch-lol.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index 784c58f6..d156ce42 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -371,7 +371,9 @@ int lol_add_record(lol *lo, char *buff) - l = malloc(sizeof(llist)); - if (l == NULL) { - free((char *)e.node); -- fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); -+ free(n.message); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", -+ __FILE__, __LINE__); - return 0; - } - list_create(l); --- -2.33.0 - diff --git a/backport-fix-the-use-of-isdigit-everywhere.patch b/backport-fix-the-use-of-isdigit-everywhere.patch deleted file mode 100644 index b558044f2f1fd7944e401a7bd59cc53be9dbcc35..0000000000000000000000000000000000000000 --- a/backport-fix-the-use-of-isdigit-everywhere.patch +++ /dev/null @@ -1,401 +0,0 @@ -From 149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Sun, 5 Nov 2023 14:24:49 -0500 -Subject: [PATCH] fix the use of isdigit everywhere - -Reference:https://github.com/linux-audit/audit-userspace/commit/149a3464ef35fbaa98c57e2775a7a4ab20c2ee75 -Conflict:NA - ---- - audisp/plugins/af_unix/audisp-af_unix.c | 2 +- - audisp/plugins/ids/ids_config.c | 2 +- - audisp/plugins/remote/remote-config.c | 2 +- - audisp/plugins/zos-remote/zos-remote-config.c | 6 ++-- - auparse/auditd-config.c | 2 +- - auparse/interpret.c | 6 ++-- - src/auditctl.c | 6 ++-- - src/aureport-options.c | 4 +-- - src/aureport-output.c | 2 +- - src/ausearch-options.c | 36 +++++++++---------- - src/ausearch-parse.c | 2 +- - tools/ausyscall/ausyscall.c | 4 +-- - 12 files changed, 37 insertions(+), 37 deletions(-) - -diff --git a/audisp/plugins/af_unix/audisp-af_unix.c b/audisp/plugins/af_unix/audisp-af_unix.c -index ffcc7603..ffbf2ac0 100644 ---- a/audisp/plugins/af_unix/audisp-af_unix.c -+++ b/audisp/plugins/af_unix/audisp-af_unix.c -@@ -126,7 +126,7 @@ int setup_socket(int argc, char *argv[]) - } else { - int i; - for (i=1; i < 3; i++) { -- if (isdigit(argv[i][0])) { -+ if (isdigit((unsigned char)argv[i][0])) { - errno = 0; - mode = strtoul(argv[i], NULL, 8); - if (errno) { -diff --git a/audisp/plugins/ids/ids_config.c b/audisp/plugins/ids/ids_config.c -index 4da5ca93..f773794a 100644 ---- a/audisp/plugins/ids/ids_config.c -+++ b/audisp/plugins/ids/ids_config.c -@@ -345,7 +345,7 @@ static int unsigned_int_parser(struct nv_pair *nv, int line, unsigned int *val) - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { -- if (!isdigit(ptr[i])) { -+ if (!isdigit((unsigned char)ptr[i])) { - syslog(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); -diff --git a/audisp/plugins/remote/remote-config.c b/audisp/plugins/remote/remote-config.c -index 02b51337..8de7b27f 100644 ---- a/audisp/plugins/remote/remote-config.c -+++ b/audisp/plugins/remote/remote-config.c -@@ -484,7 +484,7 @@ static int parse_uint (const struct nv_pair *nv, int line, unsigned int *valp, - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { -- if (!isdigit(ptr[i])) { -+ if (!isdigit((unsigned char)ptr[i])) { - syslog(LOG_ERR, - "Value %s should only be numbers - line %d", - nv->value, line); -diff --git a/audisp/plugins/zos-remote/zos-remote-config.c b/audisp/plugins/zos-remote/zos-remote-config.c -index b92dc778..2f7e42f5 100644 ---- a/audisp/plugins/zos-remote/zos-remote-config.c -+++ b/audisp/plugins/zos-remote/zos-remote-config.c -@@ -301,7 +301,7 @@ static int port_parser(struct nv_pair *nv, int line, plugin_conf_t * c) - - /* check that all chars are numbers */ - for (i = 0; ptr[i]; i++) { -- if (!isdigit(ptr[i])) { -+ if (!isdigit((unsigned char)ptr[i])) { - log_err("Value %s should only be numbers - line %d", nv->value, line); - return 1; - } -@@ -327,7 +327,7 @@ static int timeout_parser(struct nv_pair *nv, int line, plugin_conf_t * c) - - /* check that all chars are numbers */ - for (i = 0; ptr[i]; i++) { -- if (!isdigit(ptr[i])) { -+ if (!isdigit((unsigned char)ptr[i])) { - log_err("Value %s should only be numbers - line %d", nv->value, line); - return 1; - } -@@ -376,7 +376,7 @@ static int q_depth_parser(struct nv_pair *nv, int line, plugin_conf_t * c) - - /* check that all chars are numbers */ - for (i = 0; ptr[i]; i++) { -- if (!isdigit(ptr[i])) { -+ if (!isdigit((unsigned char)ptr[i])) { - log_err("Value %s should only be numbers - line %d", nv->value, line); - return 1; - } -diff --git a/auparse/auditd-config.c b/auparse/auditd-config.c -index 9a6a6a71..6e5c86a8 100644 ---- a/auparse/auditd-config.c -+++ b/auparse/auditd-config.c -@@ -340,7 +340,7 @@ static int eoe_timeout_parser(auparse_state_t *au, const char *val, int line, - - /* check that all chars are numbers */ - for (i=0; ptr[i]; i++) { -- if (!isdigit(ptr[i])) { -+ if (!isdigit((unsigned char)ptr[i])) { - audit_msg(au, LOG_ERR, - "Value %s should only be numbers - line %d", - val, line); -diff --git a/auparse/interpret.c b/auparse/interpret.c -index f13723b6..77c96468 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -325,7 +325,7 @@ static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode) - static int is_int_string(const char *str) - { - while (*str) { -- if (!isdigit(*str)) -+ if (!isdigit((unsigned char)*str)) - return 0; - str++; - } -@@ -1485,7 +1485,7 @@ static const char *print_success(const char *val) - { - int res; - -- if (isdigit(*val)) { -+ if (isdigit((unsigned char)*val)) { - errno = 0; - res = strtoul(val, NULL, 10); - if (errno) { -@@ -2319,7 +2319,7 @@ static const char *print_fanotify(const char *val) - { - int res; - -- if (isdigit(*val)) { -+ if (isdigit((unsigned char)*val)) { - errno = 0; - res = strtoul(val, NULL, 10); - if (errno) { -diff --git a/src/auditctl.c b/src/auditctl.c -index ccd62bc3..e1ca0f83 100644 ---- a/src/auditctl.c -+++ b/src/auditctl.c -@@ -680,7 +680,7 @@ static int setopt(int count, int lineno, char *vars[]) - } - break; - case 'r': -- if (optarg && isdigit(optarg[0])) { -+ if (optarg && isdigit((unsigned char)optarg[0])) { - uint32_t rate; - errno = 0; - rate = strtoul(optarg,NULL,0); -@@ -699,7 +699,7 @@ static int setopt(int count, int lineno, char *vars[]) - } - break; - case 'b': -- if (optarg && isdigit(optarg[0])) { -+ if (optarg && isdigit((unsigned char)optarg[0])) { - uint32_t limit; - errno = 0; - limit = strtoul(optarg,NULL,0); -@@ -1134,7 +1134,7 @@ process_keys: - case 2: - #if HAVE_DECL_AUDIT_VERSION_BACKLOG_WAIT_TIME == 1 || \ - HAVE_DECL_AUDIT_STATUS_BACKLOG_WAIT_TIME == 1 -- if (optarg && isdigit(optarg[0])) { -+ if (optarg && isdigit((unsigned char)optarg[0])) { - uint32_t bwt; - errno = 0; - bwt = strtoul(optarg,NULL,0); -diff --git a/src/aureport-options.c b/src/aureport-options.c -index 203c3880..7480c8a9 100644 ---- a/src/aureport-options.c -+++ b/src/aureport-options.c -@@ -385,7 +385,7 @@ int check_params(int count, char *vars[]) - // } else { - // UNIMPLEMENTED; - // set_detail(D_SPECIFIC); --// if (isdigit(optarg[0])) { -+// if (isdigit((unsigned char)optarg[0])) { - // errno = 0; - // event_id = strtoul(optarg, - // NULL, 10); -@@ -764,7 +764,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10); - if (errno || arg_eoe_timeout == 0) { -diff --git a/src/aureport-output.c b/src/aureport-output.c -index a635d536..27a2ce25 100644 ---- a/src/aureport-output.c -+++ b/src/aureport-output.c -@@ -976,7 +976,7 @@ static void do_user_summary_output(slist *sptr) - long uid; - char name[64]; - -- if (sn->str[0] == '-' || isdigit(sn->str[0])) { -+ if (sn->str[0] == '-' || isdigit((unsigned char)sn->str[0])) { - uid = strtol(sn->str, NULL, 10); - printf("%u ", sn->hits); - safe_print_string(aulookup_uid(uid, name, -diff --git a/src/ausearch-options.c b/src/ausearch-options.c -index 53d0db64..1c653648 100644 ---- a/src/ausearch-options.c -+++ b/src/ausearch-options.c -@@ -253,7 +253,7 @@ static int convert_str_to_msg(const char *optarg) - { - int tmp, retval = 0; - -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - tmp = strtoul(optarg, NULL, 10); - if (errno) { -@@ -335,7 +335,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_id = strtoul(optarg, NULL, 10); - if (errno) { -@@ -357,7 +357,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - arg_eoe_timeout = (time_t)strtoul(optarg, NULL, 10); - if (errno || arg_eoe_timeout == 0) { -@@ -463,7 +463,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_gid = strtoul(optarg,NULL,10); - if (errno) { -@@ -497,7 +497,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_egid = strtoul(optarg,NULL,10); - if (errno) { -@@ -529,7 +529,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_gid = strtoul(optarg,NULL,10); - if (errno) { -@@ -655,7 +655,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_ppid = strtol(optarg,NULL,10); - if (errno) -@@ -676,7 +676,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_pid = strtol(optarg,NULL,10); - if (errno) -@@ -794,7 +794,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_syscall = (int)strtoul(optarg, NULL, 10); - if (errno) { -@@ -893,7 +893,7 @@ int check_params(int count, char *vars[]) - } - { - size_t len = strlen(optarg); -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - unsigned long optval = strtoul(optarg,NULL,10); - if (errno || optval >= (1ul << 32)) -@@ -901,7 +901,7 @@ int check_params(int count, char *vars[]) - event_session_id = optval; - c++; - } else if (len >= 2 && *(optarg)=='-' && -- (isdigit(optarg[1]))) { -+ (isdigit((unsigned char)optarg[1]))) { - errno = 0; - long optval = strtol(optarg, NULL, 0); - if (errno || optval < INT_MIN || optval > INT_MAX) { -@@ -933,7 +933,7 @@ int check_params(int count, char *vars[]) - } - { - size_t len = strlen(optarg); -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_exit = strtoll(optarg, NULL, 0); - if (errno) { -@@ -942,7 +942,7 @@ int check_params(int count, char *vars[]) - optarg); - } - } else if (len >= 2 && *(optarg)=='-' && -- (isdigit(optarg[1]))) { -+ (isdigit((unsigned char)optarg[1]))) { - errno = 0; - event_exit = strtoll(optarg, NULL, 0); - if (errno) { -@@ -1074,7 +1074,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_uid = strtoul(optarg,NULL,10); - if (errno) { -@@ -1107,7 +1107,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_euid = strtoul(optarg,NULL,10); - if (errno) { -@@ -1140,7 +1140,7 @@ int check_params(int count, char *vars[]) - retval = -1; - break; - } -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_uid = strtoul(optarg,NULL,10); - if (errno) { -@@ -1184,7 +1184,7 @@ int check_params(int count, char *vars[]) - } - { - size_t len = strlen(optarg); -- if (isdigit(optarg[0])) { -+ if (isdigit((unsigned char)optarg[0])) { - errno = 0; - event_loginuid = strtoul(optarg,NULL,10); - if (errno) { -@@ -1194,7 +1194,7 @@ int check_params(int count, char *vars[]) - retval = -1; - } - } else if (len >= 2 && *(optarg)=='-' && -- (isdigit(optarg[1]))) { -+ (isdigit((unsigned char)optarg[1]))) { - errno = 0; - event_loginuid = strtol(optarg, NULL, 0); - if (errno) { -diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c -index e6868c6e..1a5b047f 100644 ---- a/src/ausearch-parse.c -+++ b/src/ausearch-parse.c -@@ -1128,7 +1128,7 @@ try_again: - return 25; - ptr = str + 4; - term = ptr; -- while (isdigit(*term)) -+ while (isdigit((unsigned char)*term)) - term++; - if (term == ptr) - return 14; -diff --git a/tools/ausyscall/ausyscall.c b/tools/ausyscall/ausyscall.c -index bf751f17..489b1095 100644 ---- a/tools/ausyscall/ausyscall.c -+++ b/tools/ausyscall/ausyscall.c -@@ -47,9 +47,9 @@ int main(int argc, char *argv[]) - usage(); - } else if (argc < 2) - usage(); -- -+ - for (i=1; i -Date: Fri, 15 Mar 2024 18:13:36 +0300 -Subject: [PATCH] last part of NULL pointer checks - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/97f3c78b6b31126c1128927d9c85bb794a1efa17 - ---- - auparse/interpret.c | 3 +++ - src/ausearch-lookup.c | 4 ++++ - 2 files changed, 7 insertions(+) - -diff --git a/auparse/interpret.c b/auparse/interpret.c -index 12ae35e2..f6f39449 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -420,6 +420,9 @@ int load_interpretation_list(const char *buffer) - il.cnt = 0; - - il.record = buf = strdup(buffer); -+ if (buf == NULL) { -+ goto err_out; -+ } - if (strncmp(buf, "SADDR=", 6) == 0) { - // We have SOCKADDR record. It has no other values. - // Handle it by itself. -diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c -index bdcd7aaf..86239f39 100644 ---- a/src/ausearch-lookup.c -+++ b/src/ausearch-lookup.c -@@ -302,6 +302,10 @@ char *unescape(const char *buf) - return NULL; - - str = strndup(buf, ptr - buf); -+ if (str == NULL) { -+ fprintf(stderr, "Memory alocation error"); -+ return NULL; -+ } - - if (*buf == '(') - return str; --- -2.33.0 - diff --git a/backport-lib-avoid-UB-on-sequence-wrap-around-347.patch b/backport-lib-avoid-UB-on-sequence-wrap-around-347.patch deleted file mode 100644 index 24b5056b4950f9e1cdfb8021f070f47b597c34e9..0000000000000000000000000000000000000000 --- a/backport-lib-avoid-UB-on-sequence-wrap-around-347.patch +++ /dev/null @@ -1,42 +0,0 @@ -From f5c35d7d5e064af5ad31d22f900d148d932ad9b1 Mon Sep 17 00:00:00 2001 -From: cgzones -Date: Mon, 15 Jan 2024 21:44:04 +0100 -Subject: [PATCH] lib: avoid UB on sequence wrap-around (#347) - -Signed integer overflow is undefined, allowing compilers to optimize the -condition `++sequence < 0` away. - -Reference:https://github.com/linux-audit/audit-userspace/commit/f5c35d7d5e064af5ad31d22f900d148d932ad9b1 -Conflict:NA - ---- - lib/netlink.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/netlink.c b/lib/netlink.c -index 3381651a..4a6bd54d 100644 ---- a/lib/netlink.c -+++ b/lib/netlink.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - #include - #include - #include "libaudit.h" -@@ -204,8 +205,10 @@ int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq - return -errno; - } - -- if (++sequence < 0) -+ if (sequence == INT_MAX) - sequence = 1; -+ else -+ sequence++; - *seq = sequence; - - memset(&req, 0, sizeof(req)); --- -2.33.0 - diff --git a/backport-lib-cast-to-unsigned-char-for-character-test-functio.patch b/backport-lib-cast-to-unsigned-char-for-character-test-functio.patch deleted file mode 100644 index eab74d64c9ab557d23dd0fcdc5a83ffeb044332d..0000000000000000000000000000000000000000 --- a/backport-lib-cast-to-unsigned-char-for-character-test-functio.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 Mon Sep 17 00:00:00 2001 -From: cgzones -Date: Thu, 2 Nov 2023 21:20:40 +0100 -Subject: [PATCH] lib: cast to unsigned char for character test functions - (#338) - -Passing a value not representable by unsigned char is undefined -behavior. - -Reference:https://github.com/linux-audit/audit-userspace/commit/3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 -Conflict:NA - ---- - lib/libaudit.c | 32 ++++++++++++++++---------------- - lib/lookup_table.c | 2 +- - 2 files changed, 17 insertions(+), 17 deletions(-) - -diff --git a/lib/libaudit.c b/lib/libaudit.c -index 960525a..abcdf4a 100644 ---- a/lib/libaudit.c -+++ b/lib/libaudit.c -@@ -1031,7 +1031,7 @@ int audit_rule_syscallbyname_data(struct audit_rule_data *rule, - return -2; - nr = audit_name_to_syscall(scall, machine); - if (nr < 0) { -- if (isdigit(scall[0])) -+ if (isdigit((unsigned char)scall[0])) - nr = strtol(scall, NULL, 0); - } - if (nr >= 0) -@@ -1056,7 +1056,7 @@ int audit_rule_io_uringbyname_data(struct audit_rule_data *rule, - } - nr = audit_name_to_uringop(scall); - if (nr < 0) { -- if (isdigit(scall[0])) -+ if (isdigit((unsigned char)scall[0])) - nr = strtol(scall, NULL, 0); - } - if (nr >= 0) -@@ -1585,11 +1585,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - case AUDIT_OBJ_UID: - // Do positive & negative separate for 32 bit systems - vlen = strlen(v); -- if (isdigit((char)*(v))) -+ if (isdigit((unsigned char)*(v))) - rule->values[rule->field_count] = - strtoul(v, NULL, 0); - else if (vlen >= 2 && *(v)=='-' && -- (isdigit((char)*(v+1)))) -+ (isdigit((unsigned char)*(v+1)))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else { -@@ -1609,7 +1609,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - case AUDIT_SGID: - case AUDIT_FSGID: - case AUDIT_OBJ_GID: -- if (isdigit((char)*(v))) -+ if (isdigit((unsigned char)*(v))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else { -@@ -1625,11 +1625,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - if (flags != AUDIT_FILTER_EXIT) - return -EAU_EXITONLY; - vlen = strlen(v); -- if (isdigit((char)*(v))) -+ if (isdigit((unsigned char)*(v))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else if (vlen >= 2 && *(v)=='-' && -- (isdigit((char)*(v+1)))) -+ (isdigit((unsigned char)*(v+1)))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else { -@@ -1644,7 +1644,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - flags != AUDIT_FILTER_USER) - return -EAU_MSGTYPEEXCLUDEUSER; - -- if (isdigit((char)*(v))) -+ if (isdigit((unsigned char)*(v))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else -@@ -1715,7 +1715,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - return -EAU_ARCHMISPLACED; - if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) - return -EAU_OPEQNOTEQ; -- if (isdigit((char)*(v))) { -+ if (isdigit((unsigned char)*(v))) { - int machine; - - errno = 0; -@@ -1757,7 +1757,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - return -EAU_STRTOOLONG; - - for (i = 0; i < len; i++) { -- switch (tolower(v[i])) { -+ switch (tolower((unsigned char)v[i])) { - case 'r': - val |= AUDIT_PERM_READ; - break; -@@ -1791,7 +1791,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - return -EAU_FIELDUNAVAIL; - if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL)) - return -EAU_OPEQNOTEQ; -- if (isdigit((char)*(v))) -+ if (isdigit((unsigned char)*(v))) - rule->values[rule->field_count] = - strtoul(v, NULL, 0); - else -@@ -1804,11 +1804,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - break; - case AUDIT_ARG0...AUDIT_ARG3: - vlen = strlen(v); -- if (isdigit((char)*(v))) -+ if (isdigit((unsigned char)*(v))) - rule->values[rule->field_count] = - strtoul(v, NULL, 0); - else if (vlen >= 2 && *(v)=='-' && -- (isdigit((char)*(v+1)))) -+ (isdigit((unsigned char)*(v+1)))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else -@@ -1824,11 +1824,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - return -EAU_FIELDNOFILTER; - // Do positive & negative separate for 32 bit systems - vlen = strlen(v); -- if (isdigit((char)*(v))) -+ if (isdigit((unsigned char)*(v))) - rule->values[rule->field_count] = - strtoul(v, NULL, 0); - else if (vlen >= 2 && *(v)=='-' && -- (isdigit((char)*(v+1)))) -+ (isdigit((unsigned char)*(v+1)))) - rule->values[rule->field_count] = - strtol(v, NULL, 0); - else if (strcmp(v, "unset") == 0) -@@ -1854,7 +1854,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair, - if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT)) - return -EAU_EXITONLY; - -- if (!isdigit((char)*(v))) -+ if (!isdigit((unsigned char)*(v))) - return -EAU_FIELDVALNUM; - - if (field == AUDIT_INODE) -diff --git a/lib/lookup_table.c b/lib/lookup_table.c -index 2f5e6cd..d839205 100644 ---- a/lib/lookup_table.c -+++ b/lib/lookup_table.c -@@ -255,7 +255,7 @@ int audit_name_to_msg_type(const char *msg_type) - strncpy(buf, msg_type + 8, len); - errno = 0; - return strtol(buf, NULL, 10); -- } else if (isdigit(*msg_type)) { -+ } else if (isdigit((unsigned char)*msg_type)) { - errno = 0; - return strtol(msg_type, NULL, 10); - } --- -2.33.0 - diff --git a/backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch b/backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch deleted file mode 100644 index 02367cc1c975c1a4eec0f1d97acee093d1132fff..0000000000000000000000000000000000000000 --- a/backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3f928b21486369c495d9eaca46eb9d506ae576b3 Mon Sep 17 00:00:00 2001 -From: cgzones -Date: Wed, 1 Nov 2023 20:35:40 +0100 -Subject: [PATCH] lib: close audit socket in load_feature_bitmap() (#334) - - -Reference:https://github.com/linux-audit/audit-userspace/commit/3f928b21486369c495d9eaca46eb9d506ae576b3 -Conflict:NA - ---- - lib/libaudit.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/libaudit.c b/lib/libaudit.c -index ded3ab47..4c317c87 100644 ---- a/lib/libaudit.c -+++ b/lib/libaudit.c -@@ -657,12 +657,14 @@ static void load_feature_bitmap(void) - - /* Found it... */ - features_bitmap = rep.status->feature_bitmap; -+ audit_close(fd); - return; - } - } - } - #endif - features_bitmap = AUDIT_FEATURES_UNSUPPORTED; -+ audit_close(fd); - } - - uint32_t audit_get_features(void) --- -2.33.0 - diff --git a/backport-lib-enclose-macro-to-avoid-precedence-issues.patch b/backport-lib-enclose-macro-to-avoid-precedence-issues.patch deleted file mode 100644 index 22b74bcbfc94725167bdb252f4fd71247ed479a4..0000000000000000000000000000000000000000 --- a/backport-lib-enclose-macro-to-avoid-precedence-issues.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e97c79260a2e7bdbf02c5162b0c40451c9555111 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Tue, 31 Oct 2023 16:49:10 +0100 -Subject: [PATCH] lib: enclose macro to avoid precedence issues - - -Reference:https://github.com/linux-audit/audit-userspace/commit/e97c79260a2e7bdbf02c5162b0c40451c9555111 -Conflict:NA - ---- - lib/audit_logging.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/audit_logging.c b/lib/audit_logging.c -index 8b8b6207..e8b79d3e 100644 ---- a/lib/audit_logging.c -+++ b/lib/audit_logging.c -@@ -38,7 +38,7 @@ - #include "private.h" - - #define TTY_PATH 32 --#define MAX_USER (UT_NAMESIZE * 2) + 8 -+#define MAX_USER ((UT_NAMESIZE * 2) + 8) - - // NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore, - // these routines do not need to send them. --- -2.33.0 - diff --git a/backport-memory-allocation-updates-341.patch b/backport-memory-allocation-updates-341.patch deleted file mode 100644 index 254e6b3114924889ec81c8bc16ce1a0cac578269..0000000000000000000000000000000000000000 --- a/backport-memory-allocation-updates-341.patch +++ /dev/null @@ -1,56 +0,0 @@ -From b92027ac9e29659483a5e920e548fe74126f72af Mon Sep 17 00:00:00 2001 -From: cgzones -Date: Wed, 1 Nov 2023 22:15:40 +0100 -Subject: [PATCH] memory allocation updates (#341) - -* Check memory allocation - -Avoid later NULL dereference. - -* Check memory allocation and merge zeroing - -Avoid later NULL dereference. - -Reference:https://github.com/linux-audit/audit-userspace/commit/b92027ac9e29659483a5e920e548fe74126f72af -Conflict:NA - ---- - auparse/interpret.c | 2 ++ - lib/libaudit.c | 7 +++++-- - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/auparse/interpret.c b/auparse/interpret.c -index ecde07ae..76ca2814 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -366,6 +366,8 @@ char *au_unescape(char *buf) - // strlen(buf) / 2. - olen = strlen(buf); - str = malloc(olen+1); -+ if (!str) -+ return NULL; - - saved = *ptr; - *ptr = 0; -diff --git a/lib/libaudit.c b/lib/libaudit.c -index 6a42871b..d90d83b8 100644 ---- a/lib/libaudit.c -+++ b/lib/libaudit.c -@@ -891,9 +891,12 @@ int audit_make_equivalent(int fd, const char *mount_point, - struct { - uint32_t sizes[2]; - unsigned char buf[]; -- } *cmd = malloc(sizeof(*cmd) + len1 + len2); -+ } *cmd = calloc(1, sizeof(*cmd) + len1 + len2); - -- memset(cmd, 0, sizeof(*cmd) + len1 + len2); -+ if (!cmd) { -+ audit_msg(LOG_ERR, "Cannot allocate memory!"); -+ return -ENOMEM; -+ } - - cmd->sizes[0] = len1; - cmd->sizes[1] = len2; --- -2.33.0 - diff --git a/backport-second-part-of-NULL-pointer-checks.patch b/backport-second-part-of-NULL-pointer-checks.patch deleted file mode 100644 index 868286be5ab752c232ae79feb51aad2c8279bfa0..0000000000000000000000000000000000000000 --- a/backport-second-part-of-NULL-pointer-checks.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 15d29a145ebe67cae52316871fcdedb5a19ce628 Mon Sep 17 00:00:00 2001 -From: Yugend -Date: Fri, 15 Mar 2024 18:00:54 +0300 -Subject: [PATCH] second part of NULL pointer checks - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/15d29a145ebe67cae52316871fcdedb5a19ce628 - ---- - audisp/plugins/zos-remote/zos-remote-queue.c | 5 +++++ - audisp/queue.c | 5 +++++ - auparse/normalize-llist.c | 3 +++ - auparse/normalize.c | 9 +++++++++ - lib/gen_tables.c | 10 ++++++++-- - src/ausearch-lol.c | 12 ++++++++++++ - src/ausearch-nvpair.c | 3 +++ - src/ausearch-string.c | 3 +++ - 8 files changed, 48 insertions(+), 2 deletions(-) - -diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c -index 37d91bd8..47dd006e 100644 ---- a/audisp/plugins/zos-remote/zos-remote-queue.c -+++ b/audisp/plugins/zos-remote/zos-remote-queue.c -@@ -130,6 +130,11 @@ void increase_queue_depth(unsigned int size) - void *tmp_q; - - tmp_q = realloc(q, size * sizeof(BerElement *)); -+ if (tmp_q == NULL) { -+ log_err("Memory allocation error");; -+ pthread_mutex_unlock(&queue_lock); -+ return; -+ } - q = tmp_q; - for (i=q_depth; inum = num; - newnode->data = data; -diff --git a/auparse/normalize.c b/auparse/normalize.c -index ae6e3d2d..58d28213 100644 ---- a/auparse/normalize.c -+++ b/auparse/normalize.c -@@ -1191,6 +1191,11 @@ static int normalize_compound(auparse_state_t *au) - if (f) { - const char *exe = auparse_interpret_field(au); - D.how = strdup(exe); -+ if (D.how == NULL) { -+ fprintf(stderr, "Memory allocation error"); -+ free((void *)syscall); -+ return 1; -+ } - if ((strncmp(D.how, "/usr/bin/python", 15) == 0) || - (strncmp(D.how, "/usr/bin/sh", 11) == 0) || - (strncmp(D.how, "/usr/bin/bash", 13) == 0) || -@@ -1999,6 +2004,10 @@ map: - if (f) { - const char *exe = auparse_interpret_field(au); - D.how = strdup(exe); -+ if (D.how == NULL) { -+ fprintf(stderr, "Memory allocation error"); -+ return 1; -+ } - if ((strncmp(D.how, "/usr/bin/python", 15) == 0) || - (strncmp(D.how, "/usr/bin/sh", 11) == 0) || - (strncmp(D.how, "/usr/bin/bash", 13) == 0) || -diff --git a/lib/gen_tables.c b/lib/gen_tables.c -index 3326759d..4ff233d0 100644 ---- a/lib/gen_tables.c -+++ b/lib/gen_tables.c -@@ -271,7 +271,10 @@ output_i2s(const char *prefix) - } - - unique_values = malloc(NUM_VALUES * sizeof(*unique_values)); -- assert(unique_values != NULL); -+ if (unique_values == NULL) { -+ fprintf(stderr, "Memory allocation error"); -+ abort(); -+ } - n = 0; - for (i = 0; i < NUM_VALUES; i++) { - if (n == 0 || unique_values[n - 1].val != values[i].val) { -@@ -351,7 +354,10 @@ output_i2s_transtab(const char *prefix) - printf("{%d,%zu},", values[i].val, values[i].s_offset); - } - uc_prefix = strdup(prefix); -- assert(uc_prefix != NULL); -+ if (uc_prefix == NULL) { -+ fprintf(stderr, "Memory allocation error"); -+ abort(); -+ } - for (i = 0; uc_prefix[i] != '\0'; i++) - uc_prefix[i] = toupper((unsigned char)uc_prefix[i]); - printf("\n" -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index bcfb9ad8..c2140b7e 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -47,6 +47,10 @@ void lol_create(lol *lo) - lo->maxi = -1; - lo->limit = ARRAY_LIMIT; - lo->array = (lolnode *)malloc(size); -+ if (lo->array == NULL) { -+ fprintf(stderr, "Memory allocation error"); -+ return; -+ } - memset(lo->array, 0, size); - } - -@@ -305,6 +309,10 @@ int lol_add_record(lol *lo, char *buff) - n.a1 = 0L; - n.type = e.type; - n.message = strdup(buff); -+ if(n.message == NULL) { -+ fprintf(stderr, "Memory allocation error"); -+ return 0; -+ } - ptr = strchr(n.message, AUDIT_INTERP_SEPARATOR); - if (ptr) { - n.mlen = ptr - n.message; -@@ -359,6 +367,10 @@ int lol_add_record(lol *lo, char *buff) - - // Create new event and fill it in - l = malloc(sizeof(llist)); -+ if (l == NULL) { -+ fprintf(stderr, "Memory allocation error"); -+ return 0; -+ } - list_create(l); - l->e.milli = e.milli; - l->e.sec = e.sec; -diff --git a/src/ausearch-nvpair.c b/src/ausearch-nvpair.c -index 8d0088e5..c344c27c 100644 ---- a/src/ausearch-nvpair.c -+++ b/src/ausearch-nvpair.c -@@ -37,6 +37,9 @@ void search_list_create(nvlist *l) - void search_list_append(nvlist *l, nvnode *node) - { - nvnode* newnode = malloc(sizeof(nvnode)); -+ if (newnode == NULL) { -+ return; -+ } - - newnode->name = node->name; - newnode->val = node->val; -diff --git a/src/ausearch-string.c b/src/ausearch-string.c -index fbbacd77..f875bb2c 100644 ---- a/src/ausearch-string.c -+++ b/src/ausearch-string.c -@@ -49,6 +49,9 @@ void slist_append(slist *l, const snode *node) - snode* newnode; - - newnode = malloc(sizeof(snode)); -+ if (newnode == NULL) { -+ return; -+ } - - if (node->str) - newnode->str = node->str; --- -2.33.0 - diff --git a/backport-update-error-messages-in-NULL-Checks.patch b/backport-update-error-messages-in-NULL-Checks.patch deleted file mode 100644 index c3af0443e281507cd55fcff8583da9ad98981014..0000000000000000000000000000000000000000 --- a/backport-update-error-messages-in-NULL-Checks.patch +++ /dev/null @@ -1,279 +0,0 @@ -From dc7450f2fd056c7ca5eb29182ccb30ec0a4228c5 Mon Sep 17 00:00:00 2001 -From: Yugend -Date: Fri, 22 Mar 2024 14:01:59 +0300 -Subject: [PATCH] update error messages in NULL Checks - -Conflict:NA -Reference:https://github.com/linux-audit/audit-userspace/commit/dc7450f2fd056c7ca5eb29182ccb30ec0a4228c5 - ---- - audisp/audispd-llist.c | 1 + - audisp/plugins/zos-remote/zos-remote-queue.c | 2 +- - audisp/queue.c | 2 +- - auparse/auparse.c | 2 +- - auparse/normalize-llist.c | 1 + - auparse/normalize.c | 4 ++-- - lib/gen_tables.c | 4 ++-- - src/auditctl-llist.c | 1 + - src/auditctl.c | 2 +- - src/ausearch-avc.c | 1 + - src/ausearch-int.c | 1 + - src/ausearch-llist.c | 1 + - src/ausearch-lol.c | 6 +++--- - src/ausearch-lookup.c | 2 +- - src/ausearch-nvpair.c | 1 + - src/ausearch-string.c | 1 + - tools/aulastlog/aulastlog-llist.c | 1 + - 17 files changed, 21 insertions(+), 12 deletions(-) - -diff --git a/audisp/audispd-llist.c b/audisp/audispd-llist.c -index c338327d..30d7f03b 100644 ---- a/audisp/audispd-llist.c -+++ b/audisp/audispd-llist.c -@@ -75,6 +75,7 @@ void plist_append(conf_llist *l, plugin_conf_t *p) - - newnode = malloc(sizeof(lnode)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c -index f8019890..67397f38 100644 ---- a/audisp/plugins/zos-remote/zos-remote-queue.c -+++ b/audisp/plugins/zos-remote/zos-remote-queue.c -@@ -131,7 +131,7 @@ void increase_queue_depth(unsigned int size) - - tmp_q = realloc(q, size * sizeof(BerElement *)); - if (tmp_q == NULL) { -- log_err("Memory allocation error");; -+ log_err("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - pthread_mutex_unlock(&queue_lock); - return; - } -diff --git a/audisp/queue.c b/audisp/queue.c -index 76b62593..8bd20ea1 100644 ---- a/audisp/queue.c -+++ b/audisp/queue.c -@@ -230,7 +230,7 @@ void increase_queue_depth(unsigned int size) - - tmp_q = realloc(q, size * sizeof(event_t *)); - if (tmp_q == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of Memory. Check %s file, %d line", __FILE__, __LINE__); - pthread_mutex_unlock(&queue_lock); - return; - } -diff --git a/auparse/auparse.c b/auparse/auparse.c -index e782058d..c423ffa8 100644 ---- a/auparse/auparse.c -+++ b/auparse/auparse.c -@@ -114,7 +114,7 @@ static int setup_log_file_array(auparse_state_t *au) - num--; - tmp = malloc((num+2)*sizeof(char *)); - if (!tmp) { -- fprintf(stderr, "No memory\n"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - aup_free_config(&config); - free(filename); - return 1; -diff --git a/auparse/normalize-llist.c b/auparse/normalize-llist.c -index 32d5f124..433c457f 100644 ---- a/auparse/normalize-llist.c -+++ b/auparse/normalize-llist.c -@@ -67,6 +67,7 @@ void cllist_append(cllist *l, uint32_t num, void *data) - - newnode = malloc(sizeof(data_node)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/auparse/normalize.c b/auparse/normalize.c -index 58d28213..d4f6c441 100644 ---- a/auparse/normalize.c -+++ b/auparse/normalize.c -@@ -1192,7 +1192,7 @@ static int normalize_compound(auparse_state_t *au) - const char *exe = auparse_interpret_field(au); - D.how = strdup(exe); - if (D.how == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - free((void *)syscall); - return 1; - } -@@ -2005,7 +2005,7 @@ map: - const char *exe = auparse_interpret_field(au); - D.how = strdup(exe); - if (D.how == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return 1; - } - if ((strncmp(D.how, "/usr/bin/python", 15) == 0) || -diff --git a/lib/gen_tables.c b/lib/gen_tables.c -index 4ff233d0..a2930ff9 100644 ---- a/lib/gen_tables.c -+++ b/lib/gen_tables.c -@@ -272,7 +272,7 @@ output_i2s(const char *prefix) - - unique_values = malloc(NUM_VALUES * sizeof(*unique_values)); - if (unique_values == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - abort(); - } - n = 0; -@@ -355,7 +355,7 @@ output_i2s_transtab(const char *prefix) - } - uc_prefix = strdup(prefix); - if (uc_prefix == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - abort(); - } - for (i = 0; uc_prefix[i] != '\0'; i++) -diff --git a/src/auditctl-llist.c b/src/auditctl-llist.c -index 0f81d4c8..5282ee32 100644 ---- a/src/auditctl-llist.c -+++ b/src/auditctl-llist.c -@@ -65,6 +65,7 @@ void list_append(llist *l, const struct audit_rule_data *r, size_t sz) - - newnode = malloc(sizeof(lnode)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/src/auditctl.c b/src/auditctl.c -index ee7e33c8..093dca00 100644 ---- a/src/auditctl.c -+++ b/src/auditctl.c -@@ -1392,7 +1392,7 @@ static int fileopt(const char *file) - i = 0; - fields = malloc(nf * sizeof(char *)); - if (fields == NULL) { -- audit_msg(LOG_ERR, "Memory allocation error"); -+ audit_msg(LOG_ERR, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return 1; - } - -diff --git a/src/ausearch-avc.c b/src/ausearch-avc.c -index 6aa98c70..38576563 100644 ---- a/src/ausearch-avc.c -+++ b/src/ausearch-avc.c -@@ -68,6 +68,7 @@ void alist_append(alist *l, anode *node) - - newnode = malloc(sizeof(anode)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/src/ausearch-int.c b/src/ausearch-int.c -index 0e8b0ffe..5f57b059 100644 ---- a/src/ausearch-int.c -+++ b/src/ausearch-int.c -@@ -47,6 +47,7 @@ void ilist_append(ilist *l, int num, unsigned int hits, int aux) - - newnode = malloc(sizeof(int_node)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/src/ausearch-llist.c b/src/ausearch-llist.c -index 36fcae6d..7926980c 100644 ---- a/src/ausearch-llist.c -+++ b/src/ausearch-llist.c -@@ -108,6 +108,7 @@ void list_append(llist *l, lnode *node) - - newnode = malloc(sizeof(lnode)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index 7562dc21..a5418079 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -48,7 +48,7 @@ void lol_create(lol *lo) - lo->limit = ARRAY_LIMIT; - lo->array = (lolnode *)malloc(size); - if (lo->array == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - lo->limit = 0; - return; - } -@@ -311,7 +311,7 @@ int lol_add_record(lol *lo, char *buff) - n.type = e.type; - n.message = strdup(buff); - if(n.message == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return 0; - } - ptr = strchr(n.message, AUDIT_INTERP_SEPARATOR); -@@ -369,7 +369,7 @@ int lol_add_record(lol *lo, char *buff) - // Create new event and fill it in - l = malloc(sizeof(llist)); - if (l == NULL) { -- fprintf(stderr, "Memory allocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return 0; - } - list_create(l); -diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c -index 86239f39..2d6f48ca 100644 ---- a/src/ausearch-lookup.c -+++ b/src/ausearch-lookup.c -@@ -303,7 +303,7 @@ char *unescape(const char *buf) - - str = strndup(buf, ptr - buf); - if (str == NULL) { -- fprintf(stderr, "Memory alocation error"); -+ fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return NULL; - } - -diff --git a/src/ausearch-nvpair.c b/src/ausearch-nvpair.c -index c344c27c..3a1b27db 100644 ---- a/src/ausearch-nvpair.c -+++ b/src/ausearch-nvpair.c -@@ -38,6 +38,7 @@ void search_list_append(nvlist *l, nvnode *node) - { - nvnode* newnode = malloc(sizeof(nvnode)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/src/ausearch-string.c b/src/ausearch-string.c -index f875bb2c..bd317b96 100644 ---- a/src/ausearch-string.c -+++ b/src/ausearch-string.c -@@ -50,6 +50,7 @@ void slist_append(slist *l, const snode *node) - - newnode = malloc(sizeof(snode)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - -diff --git a/tools/aulastlog/aulastlog-llist.c b/tools/aulastlog/aulastlog-llist.c -index 779afb50..0b89be65 100644 ---- a/tools/aulastlog/aulastlog-llist.c -+++ b/tools/aulastlog/aulastlog-llist.c -@@ -47,6 +47,7 @@ void list_append(llist *l, lnode *node) - - newnode = malloc(sizeof(lnode)); - if (newnode == NULL) { -+ printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__); - return; - } - --- -2.33.0 - diff --git a/bugfix-audit-reload-coredump.patch b/bugfix-audit-reload-coredump.patch index 8cd0a452aeea41115d786c21b0763b94615299af..757212d0121cdea3b2cb8f99b7a3fa0d99436fa7 100644 --- a/bugfix-audit-reload-coredump.patch +++ b/bugfix-audit-reload-coredump.patch @@ -32,15 +32,15 @@ diff --git a/src/auditd.c b/src/auditd.c index 5933703..53f4803 100644 --- a/src/auditd.c +++ b/src/auditd.c -@@ -76,6 +76,7 @@ static int hup_info_requested = 0; - static int usr1_info_requested = 0, usr2_info_requested = 0; +@@ -79,6 +79,7 @@ + static ATOMIC_INT usr1_info_requested = 0, usr2_info_requested = 0; static char subj[SUBJ_LEN]; static uint32_t session; +static int hup_flag = 0; /* Local function prototypes */ int send_audit_event(int type, const char *str); -@@ -525,8 +526,23 @@ static void netlink_handler(struct ev_loop *loop, struct ev_io *io, +@@ -529,8 +530,23 @@ char hup[MAX_AUDIT_MESSAGE_LENGTH]; audit_msg(LOG_DEBUG, "HUP detected, starting config manager"); @@ -66,7 +66,7 @@ index 5933703..53f4803 100644 audit_format_signal_info(hup, sizeof(hup), "reconfigure state=no-change", -@@ -576,9 +592,15 @@ static void pipe_handler(struct ev_loop *loop, struct ev_io *io, +@@ -580,9 +596,15 @@ // Drain the pipe - won't block because libev sets non-blocking mode read(pipefds[0], buf, sizeof(buf)); enqueue_event(reconfig_ev); diff --git a/lgpl-2.1.txt b/lgpl-2.1.txt deleted file mode 100644 index 4362b49151d7b34ef83b3067a8f9c9f877d72a0e..0000000000000000000000000000000000000000 --- a/lgpl-2.1.txt +++ /dev/null @@ -1,502 +0,0 @@ - GNU LESSER GENERAL PUBLIC LICENSE - Version 2.1, February 1999 - - Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - -[This is the first released version of the Lesser GPL. It also counts - as the successor of the GNU Library Public License, version 2, hence - the version number 2.1.] - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -Licenses are intended to guarantee your freedom to share and change -free software--to make sure the software is free for all its users. - - This license, the Lesser General Public License, applies to some -specially designated software packages--typically libraries--of the -Free Software Foundation and other authors who decide to use it. You -can use it too, but we suggest you first think carefully about whether -this license or the ordinary General Public License is the better -strategy to use in any particular case, based on the explanations below. - - When we speak of free software, we are referring to freedom of use, -not price. Our General Public Licenses are designed to make sure that -you have the freedom to distribute copies of free software (and charge -for this service if you wish); that you receive source code or can get -it if you want it; that you can change the software and use pieces of -it in new free programs; and that you are informed that you can do -these things. - - To protect your rights, we need to make restrictions that forbid -distributors to deny you these rights or to ask you to surrender these -rights. These restrictions translate to certain responsibilities for -you if you distribute copies of the library or if you modify it. - - For example, if you distribute copies of the library, whether gratis -or for a fee, you must give the recipients all the rights that we gave -you. You must make sure that they, too, receive or can get the source -code. If you link other code with the library, you must provide -complete object files to the recipients, so that they can relink them -with the library after making changes to the library and recompiling -it. And you must show them these terms so they know their rights. - - We protect your rights with a two-step method: (1) we copyright the -library, and (2) we offer you this license, which gives you legal -permission to copy, distribute and/or modify the library. - - To protect each distributor, we want to make it very clear that -there is no warranty for the free library. Also, if the library is -modified by someone else and passed on, the recipients should know -that what they have is not the original version, so that the original -author's reputation will not be affected by problems that might be -introduced by others. - - Finally, software patents pose a constant threat to the existence of -any free program. We wish to make sure that a company cannot -effectively restrict the users of a free program by obtaining a -restrictive license from a patent holder. Therefore, we insist that -any patent license obtained for a version of the library must be -consistent with the full freedom of use specified in this license. - - Most GNU software, including some libraries, is covered by the -ordinary GNU General Public License. This license, the GNU Lesser -General Public License, applies to certain designated libraries, and -is quite different from the ordinary General Public License. We use -this license for certain libraries in order to permit linking those -libraries into non-free programs. - - When a program is linked with a library, whether statically or using -a shared library, the combination of the two is legally speaking a -combined work, a derivative of the original library. The ordinary -General Public License therefore permits such linking only if the -entire combination fits its criteria of freedom. The Lesser General -Public License permits more lax criteria for linking other code with -the library. - - We call this license the "Lesser" General Public License because it -does Less to protect the user's freedom than the ordinary General -Public License. It also provides other free software developers Less -of an advantage over competing non-free programs. These disadvantages -are the reason we use the ordinary General Public License for many -libraries. However, the Lesser license provides advantages in certain -special circumstances. - - For example, on rare occasions, there may be a special need to -encourage the widest possible use of a certain library, so that it becomes -a de-facto standard. To achieve this, non-free programs must be -allowed to use the library. A more frequent case is that a free -library does the same job as widely used non-free libraries. In this -case, there is little to gain by limiting the free library to free -software only, so we use the Lesser General Public License. - - In other cases, permission to use a particular library in non-free -programs enables a greater number of people to use a large body of -free software. For example, permission to use the GNU C Library in -non-free programs enables many more people to use the whole GNU -operating system, as well as its variant, the GNU/Linux operating -system. - - Although the Lesser General Public License is Less protective of the -users' freedom, it does ensure that the user of a program that is -linked with the Library has the freedom and the wherewithal to run -that program using a modified version of the Library. - - The precise terms and conditions for copying, distribution and -modification follow. Pay close attention to the difference between a -"work based on the library" and a "work that uses the library". The -former contains code derived from the library, whereas the latter must -be combined with the library in order to run. - - GNU LESSER GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License Agreement applies to any software library or other -program which contains a notice placed by the copyright holder or -other authorized party saying it may be distributed under the terms of -this Lesser General Public License (also called "this License"). -Each licensee is addressed as "you". - - A "library" means a collection of software functions and/or data -prepared so as to be conveniently linked with application programs -(which use some of those functions and data) to form executables. - - The "Library", below, refers to any such software library or work -which has been distributed under these terms. A "work based on the -Library" means either the Library or any derivative work under -copyright law: that is to say, a work containing the Library or a -portion of it, either verbatim or with modifications and/or translated -straightforwardly into another language. (Hereinafter, translation is -included without limitation in the term "modification".) - - "Source code" for a work means the preferred form of the work for -making modifications to it. For a library, complete source code means -all the source code for all modules it contains, plus any associated -interface definition files, plus the scripts used to control compilation -and installation of the library. - - Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running a program using the Library is not restricted, and output from -such a program is covered only if its contents constitute a work based -on the Library (independent of the use of the Library in a tool for -writing it). Whether that is true depends on what the Library does -and what the program that uses the Library does. - - 1. You may copy and distribute verbatim copies of the Library's -complete source code as you receive it, in any medium, provided that -you conspicuously and appropriately publish on each copy an -appropriate copyright notice and disclaimer of warranty; keep intact -all the notices that refer to this License and to the absence of any -warranty; and distribute a copy of this License along with the -Library. - - You may charge a fee for the physical act of transferring a copy, -and you may at your option offer warranty protection in exchange for a -fee. - - 2. You may modify your copy or copies of the Library or any portion -of it, thus forming a work based on the Library, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) The modified work must itself be a software library. - - b) You must cause the files modified to carry prominent notices - stating that you changed the files and the date of any change. - - c) You must cause the whole of the work to be licensed at no - charge to all third parties under the terms of this License. - - d) If a facility in the modified Library refers to a function or a - table of data to be supplied by an application program that uses - the facility, other than as an argument passed when the facility - is invoked, then you must make a good faith effort to ensure that, - in the event an application does not supply such function or - table, the facility still operates, and performs whatever part of - its purpose remains meaningful. - - (For example, a function in a library to compute square roots has - a purpose that is entirely well-defined independent of the - application. Therefore, Subsection 2d requires that any - application-supplied function or table used by this function must - be optional: if the application does not supply it, the square - root function must still compute square roots.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Library, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Library, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote -it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Library. - -In addition, mere aggregation of another work not based on the Library -with the Library (or with a work based on the Library) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may opt to apply the terms of the ordinary GNU General Public -License instead of this License to a given copy of the Library. To do -this, you must alter all the notices that refer to this License, so -that they refer to the ordinary GNU General Public License, version 2, -instead of to this License. (If a newer version than version 2 of the -ordinary GNU General Public License has appeared, then you can specify -that version instead if you wish.) Do not make any other change in -these notices. - - Once this change is made in a given copy, it is irreversible for -that copy, so the ordinary GNU General Public License applies to all -subsequent copies and derivative works made from that copy. - - This option is useful when you wish to copy part of the code of -the Library into a program that is not a library. - - 4. You may copy and distribute the Library (or a portion or -derivative of it, under Section 2) in object code or executable form -under the terms of Sections 1 and 2 above provided that you accompany -it with the complete corresponding machine-readable source code, which -must be distributed under the terms of Sections 1 and 2 above on a -medium customarily used for software interchange. - - If distribution of object code is made by offering access to copy -from a designated place, then offering equivalent access to copy the -source code from the same place satisfies the requirement to -distribute the source code, even though third parties are not -compelled to copy the source along with the object code. - - 5. A program that contains no derivative of any portion of the -Library, but is designed to work with the Library by being compiled or -linked with it, is called a "work that uses the Library". Such a -work, in isolation, is not a derivative work of the Library, and -therefore falls outside the scope of this License. - - However, linking a "work that uses the Library" with the Library -creates an executable that is a derivative of the Library (because it -contains portions of the Library), rather than a "work that uses the -library". The executable is therefore covered by this License. -Section 6 states terms for distribution of such executables. - - When a "work that uses the Library" uses material from a header file -that is part of the Library, the object code for the work may be a -derivative work of the Library even though the source code is not. -Whether this is true is especially significant if the work can be -linked without the Library, or if the work is itself a library. The -threshold for this to be true is not precisely defined by law. - - If such an object file uses only numerical parameters, data -structure layouts and accessors, and small macros and small inline -functions (ten lines or less in length), then the use of the object -file is unrestricted, regardless of whether it is legally a derivative -work. (Executables containing this object code plus portions of the -Library will still fall under Section 6.) - - Otherwise, if the work is a derivative of the Library, you may -distribute the object code for the work under the terms of Section 6. -Any executables containing that work also fall under Section 6, -whether or not they are linked directly with the Library itself. - - 6. As an exception to the Sections above, you may also combine or -link a "work that uses the Library" with the Library to produce a -work containing portions of the Library, and distribute that work -under terms of your choice, provided that the terms permit -modification of the work for the customer's own use and reverse -engineering for debugging such modifications. - - You must give prominent notice with each copy of the work that the -Library is used in it and that the Library and its use are covered by -this License. You must supply a copy of this License. If the work -during execution displays copyright notices, you must include the -copyright notice for the Library among them, as well as a reference -directing the user to the copy of this License. Also, you must do one -of these things: - - a) Accompany the work with the complete corresponding - machine-readable source code for the Library including whatever - changes were used in the work (which must be distributed under - Sections 1 and 2 above); and, if the work is an executable linked - with the Library, with the complete machine-readable "work that - uses the Library", as object code and/or source code, so that the - user can modify the Library and then relink to produce a modified - executable containing the modified Library. (It is understood - that the user who changes the contents of definitions files in the - Library will not necessarily be able to recompile the application - to use the modified definitions.) - - b) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (1) uses at run time a - copy of the library already present on the user's computer system, - rather than copying library functions into the executable, and (2) - will operate properly with a modified version of the library, if - the user installs one, as long as the modified version is - interface-compatible with the version that the work was made with. - - c) Accompany the work with a written offer, valid for at - least three years, to give the same user the materials - specified in Subsection 6a, above, for a charge no more - than the cost of performing this distribution. - - d) If distribution of the work is made by offering access to copy - from a designated place, offer equivalent access to copy the above - specified materials from the same place. - - e) Verify that the user has already received a copy of these - materials or that you have already sent this user a copy. - - For an executable, the required form of the "work that uses the -Library" must include any data and utility programs needed for -reproducing the executable from it. However, as a special exception, -the materials to be distributed need not include anything that is -normally distributed (in either source or binary form) with the major -components (compiler, kernel, and so on) of the operating system on -which the executable runs, unless that component itself accompanies -the executable. - - It may happen that this requirement contradicts the license -restrictions of other proprietary libraries that do not normally -accompany the operating system. Such a contradiction means you cannot -use both them and the Library together in an executable that you -distribute. - - 7. You may place library facilities that are a work based on the -Library side-by-side in a single library together with other library -facilities not covered by this License, and distribute such a combined -library, provided that the separate distribution of the work based on -the Library and of the other library facilities is otherwise -permitted, and provided that you do these two things: - - a) Accompany the combined library with a copy of the same work - based on the Library, uncombined with any other library - facilities. This must be distributed under the terms of the - Sections above. - - b) Give prominent notice with the combined library of the fact - that part of it is a work based on the Library, and explaining - where to find the accompanying uncombined form of the same work. - - 8. You may not copy, modify, sublicense, link with, or distribute -the Library except as expressly provided under this License. Any -attempt otherwise to copy, modify, sublicense, link with, or -distribute the Library is void, and will automatically terminate your -rights under this License. However, parties who have received copies, -or rights, from you under this License will not have their licenses -terminated so long as such parties remain in full compliance. - - 9. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Library or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Library (or any work based on the -Library), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Library or works based on it. - - 10. Each time you redistribute the Library (or any work based on the -Library), the recipient automatically receives a license from the -original licensor to copy, distribute, link with or modify the Library -subject to these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties with -this License. - - 11. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Library at all. For example, if a patent -license would not permit royalty-free redistribution of the Library by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Library. - -If any portion of this section is held invalid or unenforceable under any -particular circumstance, the balance of the section is intended to apply, -and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 12. If the distribution and/or use of the Library is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Library under this License may add -an explicit geographical distribution limitation excluding those countries, -so that distribution is permitted only in or among countries not thus -excluded. In such case, this License incorporates the limitation as if -written in the body of this License. - - 13. The Free Software Foundation may publish revised and/or new -versions of the Lesser General Public License from time to time. -Such new versions will be similar in spirit to the present version, -but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Library -specifies a version number of this License which applies to it and -"any later version", you have the option of following the terms and -conditions either of that version or of any later version published by -the Free Software Foundation. If the Library does not specify a -license version number, you may choose any version ever published by -the Free Software Foundation. - - 14. If you wish to incorporate parts of the Library into other free -programs whose distribution conditions are incompatible with these, -write to the author to ask for permission. For software which is -copyrighted by the Free Software Foundation, write to the Free -Software Foundation; we sometimes make exceptions for this. Our -decision will be guided by the two goals of preserving the free status -of all derivatives of our free software and of promoting the sharing -and reuse of software generally. - - NO WARRANTY - - 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. -EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR -OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY -KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN -WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY -AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU -FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Libraries - - If you develop a new library, and you want it to be of the greatest -possible use to the public, we recommend making it free software that -everyone can redistribute and change. You can do so by permitting -redistribution under these terms (or, alternatively, under the terms of the -ordinary General Public License). - - To apply these terms, attach the following notices to the library. It is -safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -Also add information on how to contact you by electronic and paper mail. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the library, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written by James Random Hacker. - - , 1 April 1990 - Ty Coon, President of Vice - -That's all there is to it!