From 9f92a2cf4ca86d3d7a14ca3b0366978dfe5a9fce Mon Sep 17 00:00:00 2001
From: xuraoqing <xuraoqing@huawei.com>
Date: Fri, 30 Aug 2024 11:01:18 +0800
Subject: [PATCH] backport patches to fix display rules bug

Signed-off-by: xuraoqing <xuraoqing@huawei.com>
---
 audit.spec                                    |  6 ++-
 ...hen-displaying-rules-with-exe-path-d.patch | 52 +++++++++++++++++++
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 backport-Correct-output-when-displaying-rules-with-exe-path-d.patch

diff --git a/audit.spec b/audit.spec
index 45415b9..a25daa3 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.0.1
-Release:            16
+Release:            17
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -79,6 +79,7 @@ Patch67:         backport-avoiding-of-NULL-pointers-dereference-366.patch
 Patch68:         backport-Cleanup-code-in-LRU.patch
 Patch69:         backport-Fix-memory-leaks.patch
 Patch70:         backport-fix-one-more-leak.patch
+Patch71:         backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -414,6 +415,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Fri Aug 30 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-17
+- backport patches from upstream
+
 * Wed Jun 19 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-16
 - backport patches from upstream
 
diff --git a/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch b/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
new file mode 100644
index 0000000..aa9ade3
--- /dev/null
+++ b/backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
@@ -0,0 +1,52 @@
+From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001
+From: Attila Lakatos <Cropi@users.noreply.github.com>
+Date: Wed, 12 Jun 2024 18:22:00 +0200
+Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)
+
+Some audit operators were not displayed properly
+because auditctl used the "=" operator in all
+the scenarios mentioned above.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898
+Conflict:NA
+
+---
+ src/auditctl-listing.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c
+index 57ae1837..9c322670 100644
+--- a/src/auditctl-listing.c
++++ b/src/auditctl-listing.c
+@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)
+ 					printf("-w %.*s", r->values[i],
+ 						&r->buf[boffset]);
+ 				else
+-					printf(" -F path=%.*s",	r->values[i],
++					printf(" -F path%s%.*s",
++						audit_operator_to_symbol(op),
++						r->values[i],
+ 						&r->buf[boffset]);
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_DIR) {
+@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)
+ 					printf("-w %.*s", r->values[i],
+ 						&r->buf[boffset]);
+ 				else
+-					printf(" -F dir=%.*s", r->values[i],
++					printf(" -F dir%s%.*s",
++						audit_operator_to_symbol(op),
++						r->values[i],
+ 						&r->buf[boffset]);
+ 
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_EXE) {
+-				printf(" -F exe=%.*s",
++				printf(" -F exe%s%.*s",
++					audit_operator_to_symbol(op),
+ 					r->values[i], &r->buf[boffset]);
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_FILTERKEY) {
+-- 
+2.33.0
+
-- 
Gitee