From 47ff4a71f1bcf6f8834d33f6de2009fb79c1fe93 Mon Sep 17 00:00:00 2001
From: fangxiuning <fangxiuning@huawei.com>
Date: Sat, 24 Aug 2024 14:36:14 +0800
Subject: [PATCH] change

---
 audit.spec                                    |  6 ++-
 ...hen-displaying-rules-with-exe-path-d.patch | 52 +++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 backport-Correct-output-when-displaying-rules-with-exe-path-d.patch

diff --git a/audit.spec b/audit.spec
index 1539b8c..708b4cb 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.1.2
-Release:            5
+Release:            6
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -43,6 +43,7 @@ Patch31:   backport-avoiding-of-NULL-pointers-dereference-366.patch
 Patch32:   backport-Cleanup-code-in-LRU.patch
 Patch33:   backport-Fix-memory-leaks.patch
 Patch34:   backport-fix-one-more-leak.patch
+Patch35:   backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -385,6 +386,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Sat Aug 24 2024 fangxiuning<fangxiuning@huawei.com> - 1:3.1.2-6
+- backport patches to fix bug
+
 * Wed Jul 17 2024 xuraoqing<xuraoqing@huawei.com> - 1:3.1.2-5
 - backport patches to fix bugs
 
diff --git a/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch b/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
new file mode 100644
index 0000000..aa9ade3
--- /dev/null
+++ b/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
@@ -0,0 +1,52 @@
+From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001
+From: Attila Lakatos <Cropi@users.noreply.github.com>
+Date: Wed, 12 Jun 2024 18:22:00 +0200
+Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)
+
+Some audit operators were not displayed properly
+because auditctl used the "=" operator in all
+the scenarios mentioned above.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898
+Conflict:NA
+
+---
+ src/auditctl-listing.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c
+index 57ae1837..9c322670 100644
+--- a/src/auditctl-listing.c
++++ b/src/auditctl-listing.c
+@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)
+ 					printf("-w %.*s", r->values[i],
+ 						&r->buf[boffset]);
+ 				else
+-					printf(" -F path=%.*s",	r->values[i],
++					printf(" -F path%s%.*s",
++						audit_operator_to_symbol(op),
++						r->values[i],
+ 						&r->buf[boffset]);
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_DIR) {
+@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)
+ 					printf("-w %.*s", r->values[i],
+ 						&r->buf[boffset]);
+ 				else
+-					printf(" -F dir=%.*s", r->values[i],
++					printf(" -F dir%s%.*s",
++						audit_operator_to_symbol(op),
++						r->values[i],
+ 						&r->buf[boffset]);
+ 
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_EXE) {
+-				printf(" -F exe=%.*s",
++				printf(" -F exe%s%.*s",
++					audit_operator_to_symbol(op),
+ 					r->values[i], &r->buf[boffset]);
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_FILTERKEY) {
+-- 
+2.33.0
+
-- 
Gitee