From 00c4f6f323f0e0388adce71a9dee782e9914f487 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 13:04:32 +0000 Subject: import audit-3.0.7-100.el9 --- diff --git a/.audit.metadata b/.audit.metadata index 60da4ee..ed32e02 100644 --- a/.audit.metadata +++ b/.audit.metadata @@ -1 +1 @@ -b109c5bfae1ea3641523f693ce54a4746ba5a034 SOURCES/audit-3.0.5.tar.gz +7c485e7c97eb25f7413eaf1dd3edb03ad0b2619f SOURCES/audit-3.0.7.tar.gz diff --git a/.gitignore b/.gitignore index fd0e6fa..945427a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/audit-3.0.5.tar.gz +SOURCES/audit-3.0.7.tar.gz diff --git a/SOURCES/0002-audit-3.0.6-time.patch b/SOURCES/0002-audit-3.0.6-time.patch deleted file mode 100644 index 37c564e..0000000 --- a/SOURCES/0002-audit-3.0.6-time.patch +++ /dev/null @@ -1,34 +0,0 @@ ---- - auparse/auparse.c | 2 +- - src/ausearch-lol.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/auparse/auparse.c b/auparse/auparse.c -index cc7ba5c..75ad8e7 100644 ---- a/auparse/auparse.c -+++ b/auparse/auparse.c -@@ -1202,7 +1202,7 @@ static int extract_timestamp(const char *b, au_event_t *e) - // at this point we have type= - ptr = audit_strsplit(NULL); - // strlen is for fuzzers that make invalid lines -- if (ptr && strnlen(ptr, 28) > 24) { -+ if (ptr && strnlen(ptr, 20) > 18) { - if (*(ptr+9) == '(') - ptr+=9; - else -diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c -index bb596a2..4a7e5fd 100644 ---- a/src/ausearch-lol.c -+++ b/src/ausearch-lol.c -@@ -194,7 +194,7 @@ static int extract_timestamp(const char *b, event *e) - // Now should be pointing to msg= - ptr = audit_strsplit(NULL); - // strlen is for fuzzers that make invalid lines -- if (ptr && strlen(ptr) > 24) { -+ if (ptr && strnlen(ptr, 20) > 18) { - if (*(ptr+9) == '(') - ptr+=9; - else --- -2.31.1 - diff --git a/SOURCES/0003-Carry-functions-file-from-initscripts-in-audit.patch b/SOURCES/0003-Carry-functions-file-from-initscripts-in-audit.patch deleted file mode 100644 index d94e3d3..0000000 --- a/SOURCES/0003-Carry-functions-file-from-initscripts-in-audit.patch +++ /dev/null @@ -1,801 +0,0 @@ -From a474b904deb127a766ef8c9b5ef899e5ff801346 Mon Sep 17 00:00:00 2001 -From: Sergio Correia -Date: Tue, 31 Aug 2021 11:04:42 -0300 -Subject: [PATCH] Carry functions file from initscripts in audit - -Also update legacy service actions to use updated functions file. ---- - init.d/auditd.init | 2 +- - init.d/auditd.reload | 2 +- - init.d/auditd.resume | 2 +- - init.d/auditd.rotate | 2 +- - init.d/auditd.state | 2 +- - init.d/auditd.stop | 2 +- - init.d/functions | 697 +++++++++++++++++++++++++++++++++++++++++++ - 7 files changed, 703 insertions(+), 6 deletions(-) - create mode 100644 init.d/functions - -diff --git a/init.d/auditd.init b/init.d/auditd.init -index cfb4af8..f2150f2 100644 ---- a/init.d/auditd.init -+++ b/init.d/auditd.init -@@ -29,7 +29,7 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" - - # Source function library. --. /etc/init.d/functions -+. /usr/share/audit/functions - - # Allow anyone to run status - if [ "$1" = "status" ] ; then -diff --git a/init.d/auditd.reload b/init.d/auditd.reload -index 9c30295..5341a9a 100644 ---- a/init.d/auditd.reload -+++ b/init.d/auditd.reload -@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" --. /etc/rc.d/init.d/functions -+. /usr/share/audit/functions - - printf "Reconfiguring: " - /sbin/augenrules --load -diff --git a/init.d/auditd.resume b/init.d/auditd.resume -index f1d2157..01cc42d 100644 ---- a/init.d/auditd.resume -+++ b/init.d/auditd.resume -@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" --. /etc/rc.d/init.d/functions -+. /usr/share/audit/functions - - printf "Resuming logging: " - killproc $prog -USR2 -diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate -index 2b13cf7..94728c8 100644 ---- a/init.d/auditd.rotate -+++ b/init.d/auditd.rotate -@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" --. /etc/rc.d/init.d/functions -+. /usr/share/audit/functions - - printf "Rotating logs: " - killproc $prog -USR1 -diff --git a/init.d/auditd.state b/init.d/auditd.state -index c7e291e..04bb4f5 100644 ---- a/init.d/auditd.state -+++ b/init.d/auditd.state -@@ -8,7 +8,7 @@ test $(id -u) = 0 || exit 4 - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" - state_file="/var/run/auditd.state" --. /etc/rc.d/init.d/functions -+. /usr/share/audit/functions - - printf "Getting auditd internal state: " - killproc $prog -CONT -diff --git a/init.d/auditd.stop b/init.d/auditd.stop -index 7c74723..de6f264 100644 ---- a/init.d/auditd.stop -+++ b/init.d/auditd.stop -@@ -7,7 +7,7 @@ test $(id -u) = 0 || exit 4 - - PATH=/sbin:/bin:/usr/bin:/usr/sbin - prog="auditd" --. /etc/rc.d/init.d/functions -+. /usr/share/audit/functions - pid="$(__pids_pidof "$prog")" - - printf "Stopping logging: " -diff --git a/init.d/functions b/init.d/functions -new file mode 100644 -index 0000000..e557619 ---- /dev/null -+++ b/init.d/functions -@@ -0,0 +1,697 @@ -+# -*-Shell-script-*- -+# -+# functions This file contains functions to be used by most or all -+# shell scripts in the /etc/init.d directory. -+# -+ -+TEXTDOMAIN=initscripts -+ -+# Make sure umask is sane -+umask 022 -+ -+# Set up a default search path. -+PATH="/sbin:/usr/sbin:/bin:/usr/bin" -+export PATH -+ -+if [ $PPID -ne 1 -a -z "$SYSTEMCTL_SKIP_REDIRECT" ] && \ -+ [ -d /run/systemd/system ] ; then -+ case "$0" in -+ /etc/init.d/*|/etc/rc.d/init.d/*) -+ _use_systemctl=1 -+ ;; -+ esac -+fi -+ -+systemctl_redirect () { -+ local s -+ local prog=${1##*/} -+ local command=$2 -+ local options="" -+ -+ case "$command" in -+ start) -+ s=$"Starting $prog (via systemctl): " -+ ;; -+ stop) -+ s=$"Stopping $prog (via systemctl): " -+ ;; -+ reload|try-reload) -+ s=$"Reloading $prog configuration (via systemctl): " -+ ;; -+ restart|try-restart|condrestart) -+ s=$"Restarting $prog (via systemctl): " -+ ;; -+ esac -+ -+ if [ -n "$SYSTEMCTL_IGNORE_DEPENDENCIES" ] ; then -+ options="--ignore-dependencies" -+ fi -+ -+ if ! systemctl show "$prog.service" > /dev/null 2>&1 || \ -+ systemctl show -p LoadState "$prog.service" | grep -q 'not-found' ; then -+ action $"Reloading systemd: " /bin/systemctl daemon-reload -+ fi -+ -+ action "$s" /bin/systemctl $options $command "$prog.service" -+} -+ -+# Get a sane screen width -+[ -z "${COLUMNS:-}" ] && COLUMNS=80 -+ -+# Read in our configuration -+if [ -z "${BOOTUP:-}" ]; then -+ if [ -f /etc/sysconfig/init ]; then -+ . /etc/sysconfig/init -+ else -+ # verbose ->> very (very!) old bootup look (prior to RHL-6.0?) -+ # color ->> default bootup look -+ # other ->> default bootup look without ANSI colors or positioning -+ BOOTUP=color -+ # Column to start "[ OK ]" label in: -+ RES_COL=60 -+ # terminal sequence to move to that column: -+ MOVE_TO_COL="echo -en \\033[${RES_COL}G" -+ # Terminal sequence to set color to a 'success' (bright green): -+ SETCOLOR_SUCCESS="echo -en \\033[1;32m" -+ # Terminal sequence to set color to a 'failure' (bright red): -+ SETCOLOR_FAILURE="echo -en \\033[1;31m" -+ # Terminal sequence to set color to a 'warning' (bright yellow): -+ SETCOLOR_WARNING="echo -en \\033[1;33m" -+ # Terminal sequence to reset to the default color: -+ SETCOLOR_NORMAL="echo -en \\033[0;39m" -+ -+ # Verbosity of logging: -+ LOGLEVEL=1 -+ fi -+ -+ # NOTE: /dev/ttyS* is serial console. "not a tty" is such as -+ # /dev/null associated when executed under systemd service units. -+ if LANG=C tty | grep -q -e '\(/dev/ttyS\|not a tty\)'; then -+ BOOTUP=serial -+ MOVE_TO_COL= -+ SETCOLOR_SUCCESS= -+ SETCOLOR_FAILURE= -+ SETCOLOR_WARNING= -+ SETCOLOR_NORMAL= -+ fi -+fi -+ -+# Check if any of $pid (could be plural) are running -+checkpid() { -+ local i -+ -+ for i in $* ; do -+ [ -d "/proc/$i" ] && return 0 -+ done -+ return 1 -+} -+ -+__kill_pids_term_kill_checkpids() { -+ local base_stime=$1 -+ shift 1 -+ local pid= -+ local pids=$* -+ local remaining= -+ local stat= -+ local stime= -+ -+ for pid in $pids ; do -+ [ ! -e "/proc/$pid" ] && continue -+ read -r line < "/proc/$pid/stat" 2> /dev/null -+ -+ stat=($line) -+ stime=${stat[21]} -+ -+ [ -n "$stime" ] && [ "$base_stime" -lt "$stime" ] && continue -+ remaining+="$pid " -+ done -+ -+ echo "$remaining" -+ [ -n "$remaining" ] && return 1 -+ -+ return 0 -+} -+ -+__kill_pids_term_kill() { -+ local try=0 -+ local delay=3; -+ local pid= -+ local stat= -+ local base_stime= -+ -+ # We can't initialize stat & base_stime on the same line where 'local' -+ # keyword is, otherwise the sourcing of this file will fail for ksh... -+ stat=($(< /proc/self/stat)) -+ base_stime=${stat[21]} -+ -+ if [ "$1" = "-d" ]; then -+ delay=$2 -+ shift 2 -+ fi -+ -+ local kill_list=$* -+ -+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list) -+ -+ [ -z "$kill_list" ] && return 0 -+ -+ kill -TERM $kill_list >/dev/null 2>&1 -+ sleep 0.1 -+ -+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list) -+ if [ -n "$kill_list" ] ; then -+ while [ $try -lt $delay ] ; do -+ sleep 1 -+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list) -+ [ -z "$kill_list" ] && break -+ let try+=1 -+ done -+ if [ -n "$kill_list" ] ; then -+ kill -KILL $kill_list >/dev/null 2>&1 -+ sleep 0.1 -+ kill_list=$(__kill_pids_term_kill_checkpids $base_stime $kill_list) -+ fi -+ fi -+ -+ [ -n "$kill_list" ] && return 1 -+ return 0 -+} -+ -+# __proc_pids {program} [pidfile] -+# Set $pid to pids from /run* for {program}. $pid should be declared -+# local in the caller. -+# Returns LSB exit code for the 'status' action. -+__pids_var_run() { -+ local base=${1##*/} -+ local pid_file=${2:-/run/$base.pid} -+ local pid_dir=$(/usr/bin/dirname $pid_file > /dev/null) -+ local binary=$3 -+ -+ [ -d "$pid_dir" ] && [ ! -r "$pid_dir" ] && return 4 -+ -+ pid= -+ if [ -f "$pid_file" ] ; then -+ local line p -+ -+ [ ! -r "$pid_file" ] && return 4 # "user had insufficient privilege" -+ while : ; do -+ read line -+ [ -z "$line" ] && break -+ for p in $line ; do -+ if [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] ; then -+ if [ -n "$binary" ] ; then -+ local b=$(readlink /proc/$p/exe | sed -e 's/\s*(deleted)$//') -+ [ "$b" != "$binary" ] && continue -+ fi -+ pid="$pid $p" -+ fi -+ done -+ done < "$pid_file" -+ -+ if [ -n "$pid" ]; then -+ return 0 -+ fi -+ return 1 # "Program is dead and /run pid file exists" -+ fi -+ return 3 # "Program is not running" -+} -+ -+# Output PIDs of matching processes, found using pidof -+__pids_pidof() { -+ pidof -c -o $$ -o $PPID -o %PPID -x "$1" || \ -+ pidof -c -o $$ -o $PPID -o %PPID -x "${1##*/}" -+} -+ -+ -+# A function to start a program. -+daemon() { -+ # Test syntax. -+ local gotbase= force= nicelevel corelimit -+ local pid base= user= nice= bg= pid_file= -+ local cgroup= -+ nicelevel=0 -+ while [ "$1" != "${1##[-+]}" ]; do -+ case $1 in -+ '') -+ echo $"$0: Usage: daemon [+/-nicelevel] {program}" "[arg1]..." -+ return 1 -+ ;; -+ --check) -+ base=$2 -+ gotbase="yes" -+ shift 2 -+ ;; -+ --check=?*) -+ base=${1#--check=} -+ gotbase="yes" -+ shift -+ ;; -+ --user) -+ user=$2 -+ shift 2 -+ ;; -+ --user=?*) -+ user=${1#--user=} -+ shift -+ ;; -+ --pidfile) -+ pid_file=$2 -+ shift 2 -+ ;; -+ --pidfile=?*) -+ pid_file=${1#--pidfile=} -+ shift -+ ;; -+ --force) -+ force="force" -+ shift -+ ;; -+ [-+][0-9]*) -+ nice="nice -n $1" -+ shift -+ ;; -+ *) -+ echo $"$0: Usage: daemon [+/-nicelevel] {program}" "[arg1]..." -+ return 1 -+ ;; -+ esac -+ done -+ -+ # Save basename. -+ [ -z "$gotbase" ] && base=${1##*/} -+ -+ # See if it's already running. Look *only* at the pid file. -+ __pids_var_run "$base" "$pid_file" -+ -+ [ -n "$pid" -a -z "$force" ] && return -+ -+ # make sure it doesn't core dump anywhere unless requested -+ corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}" -+ -+ # if they set NICELEVEL in /etc/sysconfig/foo, honor it -+ [ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL" -+ -+ # Echo daemon -+ [ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base" -+ -+ # And start it up. -+ if [ -z "$user" ]; then -+ $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*" -+ else -+ $nice runuser -s /bin/bash $user -c "$corelimit >/dev/null 2>&1 ; $*" -+ fi -+ -+ [ "$?" -eq 0 ] && success $"$base startup" || failure $"$base startup" -+} -+ -+# A function to stop a program. -+killproc() { -+ local RC killlevel= base pid pid_file= delay try binary= -+ -+ RC=0; delay=3; try=0 -+ # Test syntax. -+ if [ "$#" -eq 0 ]; then -+ echo $"Usage: killproc [-p {pidfile} [-b {binary}]] [-d {delay}] {program} [-signal]" -+ return 1 -+ fi -+ if [ "$1" = "-p" ]; then -+ pid_file=$2 -+ shift 2 -+ fi -+ if [ "$1" = "-b" ]; then -+ if [ -z $pid_file ]; then -+ echo $"-b option can be used only with -p" -+ echo $"Usage: killproc [-p {pidfile} [-b {binary}]] [-d {delay}] {program} [-signal]" -+ return 1 -+ fi -+ binary=$2 -+ shift 2 -+ fi -+ if [ "$1" = "-d" ]; then -+ delay=$(echo $2 | awk -v RS=' ' -v IGNORECASE=1 '{if($1!~/^[0-9.]+[smhd]?$/) exit 1;d=$1~/s$|^[0-9.]*$/?1:$1~/m$/?60:$1~/h$/?60*60:$1~/d$/?24*60*60:-1;if(d==-1) exit 1;delay+=d*$1} END {printf("%d",delay+0.5)}') -+ if [ "$?" -eq 1 ]; then -+ echo $"Usage: killproc [-p {pidfile} [-b {binary}]] [-d {delay}] {program} [-signal]" -+ return 1 -+ fi -+ shift 2 -+ fi -+ -+ -+ # check for second arg to be kill level -+ [ -n "${2:-}" ] && killlevel=$2 -+ -+ # Save basename. -+ base=${1##*/} -+ -+ # Find pid. -+ __pids_var_run "$1" "$pid_file" "$binary" -+ RC=$? -+ if [ -z "$pid" ]; then -+ if [ -z "$pid_file" ]; then -+ pid="$(__pids_pidof "$1")" -+ else -+ [ "$RC" = "4" ] && { failure $"$base shutdown" ; return $RC ;} -+ fi -+ fi -+ -+ # Kill it. -+ if [ -n "$pid" ] ; then -+ [ "$BOOTUP" = "verbose" -a -z "${LSB:-}" ] && echo -n "$base " -+ if [ -z "$killlevel" ] ; then -+ __kill_pids_term_kill -d $delay $pid -+ RC=$? -+ [ "$RC" -eq 0 ] && success $"$base shutdown" || failure $"$base shutdown" -+ # use specified level only -+ else -+ if checkpid $pid; then -+ kill $killlevel $pid >/dev/null 2>&1 -+ RC=$? -+ [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel" -+ elif [ -n "${LSB:-}" ]; then -+ RC=7 # Program is not running -+ fi -+ fi -+ else -+ if [ -n "${LSB:-}" -a -n "$killlevel" ]; then -+ RC=7 # Program is not running -+ else -+ failure $"$base shutdown" -+ RC=0 -+ fi -+ fi -+ -+ # Remove pid file if any. -+ if [ -z "$killlevel" ]; then -+ rm -f "${pid_file:-/run/$base.pid}" -+ fi -+ return $RC -+} -+ -+# A function to find the pid of a program. Looks *only* at the pidfile -+pidfileofproc() { -+ local pid -+ -+ # Test syntax. -+ if [ "$#" = 0 ] ; then -+ echo $"Usage: pidfileofproc {program}" -+ return 1 -+ fi -+ -+ __pids_var_run "$1" -+ [ -n "$pid" ] && echo $pid -+ return 0 -+} -+ -+# A function to find the pid of a program. -+pidofproc() { -+ local RC pid pid_file= -+ -+ # Test syntax. -+ if [ "$#" = 0 ]; then -+ echo $"Usage: pidofproc [-p {pidfile}] {program}" -+ return 1 -+ fi -+ if [ "$1" = "-p" ]; then -+ pid_file=$2 -+ shift 2 -+ fi -+ fail_code=3 # "Program is not running" -+ -+ # First try "/run/*.pid" files -+ __pids_var_run "$1" "$pid_file" -+ RC=$? -+ if [ -n "$pid" ]; then -+ echo $pid -+ return 0 -+ fi -+ -+ [ -n "$pid_file" ] && return $RC -+ __pids_pidof "$1" || return $RC -+} -+ -+status() { -+ local base pid lock_file= pid_file= binary= -+ -+ # Test syntax. -+ if [ "$#" = 0 ] ; then -+ echo $"Usage: status [-p {pidfile}] [-l {lockfile}] [-b {binary}] {program}" -+ return 1 -+ fi -+ if [ "$1" = "-p" ]; then -+ pid_file=$2 -+ shift 2 -+ fi -+ if [ "$1" = "-l" ]; then -+ lock_file=$2 -+ shift 2 -+ fi -+ if [ "$1" = "-b" ]; then -+ if [ -z $pid_file ]; then -+ echo $"-b option can be used only with -p" -+ echo $"Usage: status [-p {pidfile}] [-l {lockfile}] [-b {binary}] {program}" -+ return 1 -+ fi -+ binary=$2 -+ shift 2 -+ fi -+ base=${1##*/} -+ -+ if [ "$_use_systemctl" = "1" ]; then -+ systemctl status ${0##*/}.service -+ ret=$? -+ # LSB daemons that dies abnormally in systemd looks alive in systemd's eyes due to RemainAfterExit=yes -+ # lets adjust the reality a little bit -+ if systemctl show -p ActiveState ${0##*/}.service | grep -q '=active$' && \ -+ systemctl show -p SubState ${0##*/}.service | grep -q '=exited$' ; then -+ ret=3 -+ fi -+ return $ret -+ fi -+ -+ # First try "pidof" -+ __pids_var_run "$1" "$pid_file" "$binary" -+ RC=$? -+ if [ -z "$pid_file" -a -z "$pid" ]; then -+ pid="$(__pids_pidof "$1")" -+ fi -+ if [ -n "$pid" ]; then -+ echo $"${base} (pid $pid) is running..." -+ return 0 -+ fi -+ -+ case "$RC" in -+ 0) -+ echo $"${base} (pid $pid) is running..." -+ return 0 -+ ;; -+ 1) -+ echo $"${base} dead but pid file exists" -+ return 1 -+ ;; -+ 4) -+ echo $"${base} status unknown due to insufficient privileges." -+ return 4 -+ ;; -+ esac -+ if [ -z "${lock_file}" ]; then -+ lock_file=${base} -+ fi -+ # See if /var/lock/subsys/${lock_file} exists -+ if [ -f /var/lock/subsys/${lock_file} ]; then -+ echo $"${base} dead but subsys locked" -+ return 2 -+ fi -+ echo $"${base} is stopped" -+ return 3 -+} -+ -+echo_success() { -+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL -+ echo -n "[" -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS -+ echo -n $" OK " -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL -+ echo -n "]" -+ echo -ne "\r" -+ return 0 -+} -+ -+echo_failure() { -+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL -+ echo -n "[" -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE -+ echo -n $"FAILED" -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL -+ echo -n "]" -+ echo -ne "\r" -+ return 1 -+} -+ -+echo_passed() { -+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL -+ echo -n "[" -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING -+ echo -n $"PASSED" -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL -+ echo -n "]" -+ echo -ne "\r" -+ return 1 -+} -+ -+echo_warning() { -+ [ "$BOOTUP" = "color" ] && $MOVE_TO_COL -+ echo -n "[" -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING -+ echo -n $"WARNING" -+ [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL -+ echo -n "]" -+ echo -ne "\r" -+ return 1 -+} -+ -+# Inform the graphical boot of our current state -+update_boot_stage() { -+ if [ -x /bin/plymouth ]; then -+ /bin/plymouth --update="$1" -+ fi -+ return 0 -+} -+ -+# Log that something succeeded -+success() { -+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_success -+ return 0 -+} -+ -+# Log that something failed -+failure() { -+ local rc=$? -+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_failure -+ [ -x /bin/plymouth ] && /bin/plymouth --details -+ return $rc -+} -+ -+# Log that something passed, but may have had errors. Useful for fsck -+passed() { -+ local rc=$? -+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_passed -+ return $rc -+} -+ -+# Log a warning -+warning() { -+ local rc=$? -+ [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_warning -+ return $rc -+} -+ -+# Run some action. Log its output. -+action() { -+ local STRING rc -+ -+ STRING=$1 -+ echo -n "$STRING " -+ shift -+ "$@" && success $"$STRING" || failure $"$STRING" -+ rc=$? -+ echo -+ return $rc -+} -+ -+# returns OK if $1 contains $2 -+strstr() { -+ [ "${1#*$2*}" = "$1" ] && return 1 -+ return 0 -+} -+ -+# Check whether file $1 is a backup or rpm-generated file and should be ignored -+# Copy of the function is present in usr/sbin/service -+is_ignored_file() { -+ case "$1" in -+ *~ | *.bak | *.old | *.orig | *.rpmnew | *.rpmorig | *.rpmsave) -+ return 0 -+ ;; -+ esac -+ return 1 -+} -+ -+# Convert the value ${1} of time unit ${2}-seconds into seconds: -+convert2sec() { -+ local retval="" -+ -+ case "${2}" in -+ deci) retval=$(awk "BEGIN {printf \"%.1f\", ${1} / 10}") ;; -+ centi) retval=$(awk "BEGIN {printf \"%.2f\", ${1} / 100}") ;; -+ mili) retval=$(awk "BEGIN {printf \"%.3f\", ${1} / 1000}") ;; -+ micro) retval=$(awk "BEGIN {printf \"%.6f\", ${1} / 1000000}") ;; -+ nano) retval=$(awk "BEGIN {printf \"%.9f\", ${1} / 1000000000}") ;; -+ piko) retval=$(awk "BEGIN {printf \"%.12f\", ${1} / 1000000000000}") ;; -+ esac -+ -+ echo "${retval}" -+} -+ -+# Evaluate shvar-style booleans -+is_true() { -+ case "$1" in -+ [tT] | [yY] | [yY][eE][sS] | [oO][nN] | [tT][rR][uU][eE] | 1) -+ return 0 -+ ;; -+ esac -+ return 1 -+} -+ -+# Evaluate shvar-style booleans -+is_false() { -+ case "$1" in -+ [fF] | [nN] | [nN][oO] | [oO][fF][fF] | [fF][aA][lL][sS][eE] | 0) -+ return 0 -+ ;; -+ esac -+ return 1 -+} -+ -+# Apply sysctl settings, including files in /etc/sysctl.d -+apply_sysctl() { -+ if [ -x /lib/systemd/systemd-sysctl ]; then -+ /lib/systemd/systemd-sysctl -+ else -+ for file in /usr/lib/sysctl.d/*.conf ; do -+ is_ignored_file "$file" && continue -+ [ -f /run/sysctl.d/${file##*/} ] && continue -+ [ -f /etc/sysctl.d/${file##*/} ] && continue -+ test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1 -+ done -+ for file in /run/sysctl.d/*.conf ; do -+ is_ignored_file "$file" && continue -+ [ -f /etc/sysctl.d/${file##*/} ] && continue -+ test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1 -+ done -+ for file in /etc/sysctl.d/*.conf ; do -+ is_ignored_file "$file" && continue -+ test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1 -+ done -+ sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1 -+ fi -+} -+ -+# A sed expression to filter out the files that is_ignored_file recognizes -+__sed_discard_ignored_files='/\(~\|\.bak\|\.old\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' -+ -+if [ "$_use_systemctl" = "1" ]; then -+ if [ "x$1" = xstart -o \ -+ "x$1" = xstop -o \ -+ "x$1" = xrestart -o \ -+ "x$1" = xreload -o \ -+ "x$1" = xtry-restart -o \ -+ "x$1" = xforce-reload -o \ -+ "x$1" = xcondrestart ] ; then -+ -+ systemctl_redirect $0 $1 -+ exit $? -+ fi -+fi -+ -+strstr "$(cat /proc/cmdline)" "rc.debug" && set -x -+return 0 -+ --- -2.31.1 - diff --git a/SOURCES/0004-When-interpreting-if-val-is-NULL-return-an-empty-str.patch b/SOURCES/0004-When-interpreting-if-val-is-NULL-return-an-empty-str.patch deleted file mode 100644 index a0e5ba2..0000000 --- a/SOURCES/0004-When-interpreting-if-val-is-NULL-return-an-empty-str.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ae210cb59accb6ee03488b6ec14fb67aca22660f Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Sat, 21 Aug 2021 10:20:11 -0400 -Subject: [PATCH 4/4] When interpreting, if val is NULL return an empty string - ---- - auparse/interpret.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/auparse/interpret.c b/auparse/interpret.c -index 177ab82..63829aa 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -840,6 +840,9 @@ static char *print_escaped(const char *val) - { - char *out; - -+ if (val == NULL) -+ return strdup(" "); -+ - if (*val == '"') { - char *term; - val++; --- -2.33.1 - diff --git a/SOURCES/0005-auparse-refact-nvlist-cleanup-cod.patch b/SOURCES/0005-auparse-refact-nvlist-cleanup-cod.patch deleted file mode 100644 index fa27506..0000000 --- a/SOURCES/0005-auparse-refact-nvlist-cleanup-cod.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 96a197fb642933b625996947b2e18ff2ed1df261 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Wed, 3 Nov 2021 10:22:55 -0300 -Subject: [PATCH 5/5] auparse: refact nvlist cleanup cod - -The nvlist_clear function tries to guess whether we allocated a buffer -or if the pointer points to a spot in the parsed up record by using a -name. This is fragile because someone actually used a reserved name in -a record unexpectedly. The refactored code does a range check to see if -the pointer is within the parsed up buffer area. If not, it can free the -buffer. - -Backport of upstream 5baa2a860c ---- - auparse/ellist.c | 12 ++++++++++-- - auparse/nvlist.c | 23 +++++++++++++++++------ - auparse/nvlist.h | 2 +- - auparse/rnode.h | 1 + - 4 files changed, 29 insertions(+), 9 deletions(-) - -diff --git a/auparse/ellist.c b/auparse/ellist.c -index bbb4064..048ac4c 100644 ---- a/auparse/ellist.c -+++ b/auparse/ellist.c -@@ -103,7 +103,7 @@ static char *escape(const char *tmp) - static int parse_up_record(rnode* r) - { - char *ptr, *buf, *saved=NULL; -- unsigned int offset = 0; -+ unsigned int offset = 0, len; - - // Potentially cut the record in two - ptr = strchr(r->record, AUDIT_INTERP_SEPARATOR); -@@ -112,7 +112,15 @@ static int parse_up_record(rnode* r) - ptr++; - } - r->interp = ptr; -- r->nv.record = buf = strdup(r->record); -+ // Rather than call strndup, we will do it ourselves to reduce -+ // the number of interations across the record. -+ // len includes the string terminator. -+ len = strlen(r->record) + 1; -+ r->nv.record = buf = malloc(len); -+ if (r->nv.record == NULL) -+ return -1; -+ memcpy(r->nv.record, r->record, len); -+ r->nv.end = r->nv.record + len; - ptr = audit_strsplit_r(buf, &saved); - if (ptr == NULL) { - free(buf); -diff --git a/auparse/nvlist.c b/auparse/nvlist.c -index 99c7c2b..c9ccc8f 100644 ---- a/auparse/nvlist.c -+++ b/auparse/nvlist.c -@@ -36,11 +36,13 @@ void nvlist_create(nvlist *l) - l->cur = 0; - l->cnt = 0; - l->record = NULL; -+ l->end = NULL; - } - } - - nvnode *nvlist_next(nvlist *l) - { -+ // Since cur will be incremented, check for 1 less that total - if (l->cnt && l->cur < (l->cnt - 1)) { - l->cur++; - return &l->array[l->cur]; -@@ -125,11 +127,21 @@ const char *nvlist_interp_cur_val(rnode *r, auparse_esc_t escape_mode) - return do_interpret(r, escape_mode); - } - -+// This function determines if a chunk of memory is part of the parsed up -+// record. If it is, do not free it since it gets free'd at the very end. -+// NOTE: This function causes invalid-pointer-pair errors with ASAN -+static inline int not_in_rec_buf(nvlist *l, const char *ptr) -+{ -+ if (ptr >= l->record && ptr < l->end) -+ return 0; -+ return 1; -+} -+ - // free_interp does not apply to thing coming from interpretation_list --void nvlist_clear(nvlist* l, int free_interp) -+void nvlist_clear(nvlist *l, int free_interp) - { - unsigned int i = 0; -- register nvnode* current; -+ register nvnode *current; - - if (l->cnt == 0) - return; -@@ -140,11 +152,9 @@ void nvlist_clear(nvlist* l, int free_interp) - free(current->interp_val); - // A couple items are not in parsed up list. - // These all come from the aup_list_append path. -- if ((strcmp(current->name, "key") == 0) || -- (strcmp(current->name, "seperms") == 0) || -- (strcmp(current->name, "seresult") == 0)) { -+ if (not_in_rec_buf(l, current->name)) { - // seperms & key values are strdup'ed -- if (current->name[2] != 'r') -+ if (not_in_rec_buf(l, current->val)) - free(current->val); - free(current->name); - } -@@ -153,6 +163,7 @@ void nvlist_clear(nvlist* l, int free_interp) - } - free((void *)l->record); - l->record = NULL; -+ l->end = NULL; - l->cur = 0; - l->cnt = 0; - } -diff --git a/auparse/nvlist.h b/auparse/nvlist.h -index b006caa..59f3e13 100644 ---- a/auparse/nvlist.h -+++ b/auparse/nvlist.h -@@ -45,7 +45,7 @@ static inline const char *nvlist_get_cur_val_interp(nvlist *l) - AUDIT_HIDDEN_START - - void nvlist_create(nvlist *l); --void nvlist_clear(nvlist* l, int free_interp); -+void nvlist_clear(nvlist *l, int free_interp); - nvnode *nvlist_next(nvlist *l); - int nvlist_get_cur_type(rnode *r); - const char *nvlist_interp_cur_val(rnode *r, auparse_esc_t escape_mode); -diff --git a/auparse/rnode.h b/auparse/rnode.h -index 06303c7..69f0843 100644 ---- a/auparse/rnode.h -+++ b/auparse/rnode.h -@@ -40,6 +40,7 @@ typedef struct { - unsigned int cur; // Index to current node - unsigned int cnt; // How many items in this list - char *record; // Holds the parsed up record -+ char *end; // End of the parsed up record - } nvlist; - - --- -2.33.1 - diff --git a/SPECS/audit.spec b/SPECS/audit.spec index ffdcea6..2baf3ad 100644 --- a/SPECS/audit.spec +++ b/SPECS/audit.spec @@ -1,18 +1,14 @@ Summary: User space tools for kernel auditing Name: audit -Version: 3.0.5 -Release: 5%{?dist} +Version: 3.0.7 +Release: 100%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Patch1: 0001-Add-ausysrulevalidate.patch -Patch2: 0002-audit-3.0.6-time.patch -Patch3: 0003-Carry-functions-file-from-initscripts-in-audit.patch -Patch4: 0004-When-interpreting-if-val-is-NULL-return-an-empty-str.patch -Patch5: 0005-auparse-refact-nvlist-cleanup-cod.patch BuildRequires: make gcc swig BuildRequires: openldap-devel @@ -94,10 +90,6 @@ Management Facility) database, through an IBM Tivoli Directory Server %setup -q cp %{SOURCE1} . %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 # Remove the ids code, its not ready sed -i 's/ ids / /' audisp/plugins/Makefile.in @@ -121,10 +113,6 @@ mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit mkdir -p $RPM_BUILD_ROOT/%{_datadir} make DESTDIR=$RPM_BUILD_ROOT install -# Copy functions file. -install -m750 %{_builddir}/%{name}-%{version}/init.d/functions \ - $RPM_BUILD_ROOT/%{_datadir}/%{name}/functions - # Validate sample rules shipped. for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \ @@ -199,6 +187,7 @@ fi %doc README ChangeLog init.d/auditd.cron %{!?_licensedir:%global license %%doc} %license COPYING +%attr(750,root,root) %{_datadir}/%{name} %attr(644,root,root) %{_datadir}/%{name}/sample-rules/* %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz %attr(644,root,root) %{_mandir}/man8/auditd.8.gz @@ -233,7 +222,7 @@ fi %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop -%attr(750,root,root) %{_datadir}/%{name}/functions +%attr(750,root,root) %{_libexecdir}/audit-functions %ghost %{_localstatedir}/run/auditd.state %attr(-,root,-) %dir %{_var}/log/audit %attr(750,root,root) %dir /etc/audit @@ -268,6 +257,10 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Tue Jan 25 2022 Sergio Correia - 3.0.7-100 +- New upstream release, 3.0.7 + Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages + * Wed Nov 03 2021 Sergio Correia - 3.0.5-5 - auparse: refact nvlist cleanup code Resolves: rhbz#2008965