diff --git a/audit.spec b/audit.spec index c219489a57dc332ff0484fc8c7b9990aeb6da100..31e7904cf068320f11238589342af7fff5c9f3ad 100644 --- a/audit.spec +++ b/audit.spec @@ -2,7 +2,7 @@ Summary: User space tools for kernel auditing Name: audit Epoch: 1 Version: 3.0.1 -Release: 11 +Release: 12 License: GPLv2+ and LGPLv2+ URL: https://people.redhat.com/sgrubb/audit/ Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz @@ -46,6 +46,8 @@ Patch34: backport-Try-to-interpret-OPENAT2-fields-correctly.patch Patch35: backport-Add-a-buffer-limit-just-in-case.patch Patch36: backport-Teardown-SIGCONT-watcher-on-exit.patch Patch37: backport-Correct-path-of-config-file.patch +Patch38: backport-Fix-the-error-found-by-clang-tidy-313.patch +Patch39: backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: openldap-devel krb5-devel libcap-ng-devel @@ -381,6 +383,9 @@ fi %attr(644,root,root) %{_mandir}/man8/*.8.gz %changelog +* Thu Sep 14 2023 xuraoqing - 1:3.0.1-12 +- backport patches from upstream + * Mon Aug 7 2023 panchenbo - 1:3.0.1-11 - fix sw_64 support incomplete diff --git a/backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch b/backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch new file mode 100644 index 0000000000000000000000000000000000000000..a108130648438dfd2522ab74980a4ffc490e1605 --- /dev/null +++ b/backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch @@ -0,0 +1,96 @@ +From 85d34b6bdba8e5c0fd9fda8eca5b19919a3e4944 Mon Sep 17 00:00:00 2001 +From: Steve Grubb +Date: Fri, 4 Aug 2023 17:15:51 -0400 +Subject: [PATCH] Fix segfault in python bindings around the feed API + + +Reference:https://github.com/linux-audit/audit-userspace/commit/85d34b6bdba8e5c0fd9fda8eca5b19919a3e4944 +Conflict:ChangeLog + +--- + bindings/python/auparse_python.c | 32 ++++++++++++++++++++++++++------ + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c +index 85fb26e..3a60fa6 100644 +--- a/bindings/python/auparse_python.c ++++ b/bindings/python/auparse_python.c +@@ -284,13 +284,16 @@ void callback_data_destroy(void *user_data) + } + } + +-static void auparse_callback(auparse_state_t *au, auparse_cb_event_t cb_event_type, void *user_data) ++static void auparse_callback(auparse_state_t *au, ++ auparse_cb_event_t cb_event_type, void *user_data) + { + CallbackData *cb = (CallbackData *)user_data; + PyObject *arglist; + PyObject *result; + +- arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type, cb->user_data); ++ if (debug) printf("<< auparse_callback\n"); ++ arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type, ++ cb->user_data); + result = PyEval_CallObject(cb->func, arglist); + Py_DECREF(arglist); + Py_XDECREF(result); +@@ -518,6 +521,7 @@ AuParser_feed(AuParser *self, PyObject *args) + + if (!PyArg_ParseTuple(args, "s#:feed", &data, &data_len)) return NULL; + PARSER_CHECK; ++ if (debug) printf("<< AuParser_feed\n"); + result = auparse_feed(self->au, data, data_len); + if (result == 0) Py_RETURN_NONE; + PyErr_SetFromErrno(PyExc_EnvironmentError); +@@ -618,9 +622,10 @@ static PyObject * + AuParser_add_callback(AuParser *self, PyObject *args) + { + PyObject *func; +- PyObject *user_data; ++ PyObject *user_data = NULL; + +- if (!PyArg_ParseTuple(args, "O|O:add_callback", &func, &user_data)) return NULL; ++ if (!PyArg_ParseTuple(args, "O|O:add_callback", &func, &user_data)) ++ return NULL; + if (!PyFunction_Check(func)) { + PyErr_SetString(PyExc_ValueError, "callback must be a function"); + return NULL; +@@ -628,6 +633,13 @@ AuParser_add_callback(AuParser *self, PyObject *args) + PARSER_CHECK; + + { ++ /* ++ * The way this works is that we gather up all of the pieces that ++ * were passed to the bindings and bundle them up in a callback data ++ * structure and register _that_ with the auparse library. This user ++ * supplied data is then used in the callback to rebuild a python ++ * function call which is then called. ++ */ + CallbackData *cb; + + cb = PyMem_New(CallbackData, 1); +@@ -635,11 +647,19 @@ AuParser_add_callback(AuParser *self, PyObject *args) + return PyErr_NoMemory(); + cb->py_AuParser = self; + cb->func = func; ++ /* ++ * The second parameter to this function is optional. If it were not ++ * passed, convert it to the None object for the python function ++ * call later. ++ */ ++ if (user_data == NULL) ++ user_data = Py_None; + cb->user_data = user_data; + Py_INCREF(cb->func); + Py_XINCREF(cb->user_data); +- auparse_add_callback(self->au, auparse_callback, cb, callback_data_destroy); +-} ++ auparse_add_callback(self->au, auparse_callback, cb, ++ callback_data_destroy); ++ } + + Py_RETURN_NONE; + } +-- +2.33.0 + diff --git a/backport-Fix-the-error-found-by-clang-tidy-313.patch b/backport-Fix-the-error-found-by-clang-tidy-313.patch new file mode 100644 index 0000000000000000000000000000000000000000..cec1f1ebf4ca7026928671de03a5195b3bc1ab4b --- /dev/null +++ b/backport-Fix-the-error-found-by-clang-tidy-313.patch @@ -0,0 +1,32 @@ +From 163ef48105ff44925a3086dc2012e27b679f5d7e Mon Sep 17 00:00:00 2001 +From: DmitryTD <79697994+DmitryTD@users.noreply.github.com> +Date: Fri, 14 Jul 2023 00:46:53 +0300 +Subject: [PATCH] Fix the error found by clang-tidy (#313) + +auditd-reconfig.c: In function 'start_config_manager': +auditd-reconfig.c:63:42: warning: the comparison always evaluates to false +because pthread_create always returns non-negative values + +Reference:https://github.com/linux-audit/audit-userspace/commit/163ef48105ff44925a3086dc2012e27b679f5d7e +Conflict:src/auditd-reconfig.c + +--- + src/auditd-reconfig.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/auditd-reconfig.c b/src/auditd-reconfig.c +index 5ea9126..007ab52 100644 +--- a/src/auditd-reconfig.c ++++ b/src/auditd-reconfig.c +@@ -61,7 +61,7 @@ int start_config_manager(struct auditd_event *e) + PTHREAD_CREATE_DETACHED); + + if (pthread_create(&config_thread, &detached, +- config_thread_main, e) < 0) { ++ config_thread_main, e) > 0) { + audit_msg(LOG_ERR, + "Couldn't create config thread, no config changes"); + free(e); +-- +2.33.0 +