From 2df7e62393cd4f1319779b0a8835f178cb55df6e Mon Sep 17 00:00:00 2001
From: xuraoqing <xuraoqing@huawei.com>
Date: Wed, 26 Feb 2025 12:55:36 +0800
Subject: [PATCH] backport patches to fix bugs

Signed-off-by: xuraoqing <xuraoqing@huawei.com>
---
 audit.spec                                    |  7 ++-
 ...rt-Fix-a-maybe-uninitialized-warning.patch | 53 +++++++++++++++++++
 ...ix-parsing-for-success-uid-in-parse_.patch | 43 +++++++++++++++
 3 files changed, 102 insertions(+), 1 deletion(-)
 create mode 100644 backport-Fix-a-maybe-uninitialized-warning.patch
 create mode 100644 backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch

diff --git a/audit.spec b/audit.spec
index f18eb6a..5943816 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.1.2
-Release:            7
+Release:            8
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -45,6 +45,8 @@ Patch33:   backport-Fix-memory-leaks.patch
 Patch34:   backport-fix-one-more-leak.patch
 Patch35:   backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
 Patch36:   backport-ausearch-format-Fix-display-of-renamed-file-411.patch
+Patch37:   backport-Fix-a-maybe-uninitialized-warning.patch
+Patch38:   backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -387,6 +389,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Wed Feb 26 2025 xuraoqing <xuraoqing@huawei.com> - 1:3.1.2-8
+- backport patches from upstream
+
 * Wed Dec 11 2024 wangjiang <app@cameyan.coom> - 1:3.1.2-7
 - backport patches to fix bug
 
diff --git a/backport-Fix-a-maybe-uninitialized-warning.patch b/backport-Fix-a-maybe-uninitialized-warning.patch
new file mode 100644
index 0000000..70cfe57
--- /dev/null
+++ b/backport-Fix-a-maybe-uninitialized-warning.patch
@@ -0,0 +1,53 @@
+From 25d5458a396a07e56f36f651da2c51b528fb293a Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Thu, 2 Jan 2025 16:32:34 -0500
+Subject: [PATCH] Fix a maybe uninitialized warning
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/25d5458a396a07e56f36f651da2c51b528fb293a
+Conflict:NA
+
+---
+ src/ausearch-parse.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index e15396d7..68e2b29e 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -1556,7 +1556,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 		if (str) {
+ 			ptr = str + 5;
+ 			term = strchr(ptr, ' ');
+-			if (term == NULL) 
++			if (term == NULL)
+ 				return 7;
+ 			saved = *term;
+ 			*term = 0;
+@@ -1565,13 +1565,11 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 			if (errno)
+ 				return 8;
+ 			*term = saved;
+-		} else
+-			term = ptr;
++		}
+ 	}
+ 
+ 	// ses - optional
+ 	if (event_session_id != -2) {
+-		ptr = term;
+ 		str = strstr(term, "ses=");
+ 		if (str) {
+ 			ptr = str + 4;
+@@ -1585,8 +1583,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 			if (errno)
+ 				return 10;
+ 			*term = saved;
+-		} else
+-			term = ptr;
++		}
+ 	}
+ 
+ 	if (event_subject) {
+-- 
+2.33.0
+
diff --git a/backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch b/backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch
new file mode 100644
index 0000000..faf1f73
--- /dev/null
+++ b/backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch
@@ -0,0 +1,43 @@
+From f97f0579fafcd9fc58d892699a22ae7ee68aeff3 Mon Sep 17 00:00:00 2001
+From: Sergio Correia <scorreia@redhat.com>
+Date: Mon, 16 Dec 2024 09:06:13 +0000
+Subject: [PATCH] ausearch-parse: fix parsing for success/uid  in
+ parse_daemon1() (#394)
+
+In parse_daemon1(), we may have the uid= field appear both before and
+after pid=, which may cause our parsing of it to fail, as we may have
+skipped past it. For uid=, let us search from the beginning.
+
+Example for this case:
+
+type=DAEMON_END msg=audit(1709723032.140:753): op=terminate auid=0 uid=0 ses=8 pid=107086 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=success
+
+ausearch -if sample.log -a 753 -m DAEMON_END  -ui 0 --session 8 -p 107086 --success yes
+
+Signed-off-by: Sergio Correia <scorreia@redhat.com>
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/f97f0579fafcd9fc58d892699a22ae7ee68aeff3
+Conflict:NA
+
+---
+ src/ausearch-parse.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index 4c9bef0d..e15396d7 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -1549,7 +1549,9 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 
+ 	// uid - optional
+ 	if (event_uid != -1) {
+-		ptr = term;
++		// As the uid= field may happen in different orders, e.g. both before
++		// and after pid=, let us search for the uid from the beginning.
++		term = mptr;
+ 		str = strstr(term, " uid=");
+ 		if (str) {
+ 			ptr = str + 5;
+-- 
+2.33.0
+
-- 
Gitee