diff --git a/SOURCES/audit-3.0.8-auparse-path-norm.patch b/SOURCES/audit-3.0.8-auparse-path-norm.patch new file mode 100644 index 0000000..2fb20fb --- /dev/null +++ b/SOURCES/audit-3.0.8-auparse-path-norm.patch @@ -0,0 +1,31 @@ +From becc1c297279f757835943e2cad63992134511f9 Mon Sep 17 00:00:00 2001 +From: Sergio Correia +Date: Mon, 7 Mar 2022 13:11:09 -0300 +Subject: [PATCH] auparse: fix off-by-one issue in path_norm() (#242) + +When defining dest = rpath + 1, we end up having the first char of +`dest' as NULL -- since `rpath' points to `working', which is a static +buffer. + +With the first char as NULL, path_norm() ends up producing an empty string. + +This commit fixes the issue reported in this [1] mailing list post. + +[1] https://listman.redhat.com/archives/linux-audit/2022-February/018844.html +--- + auparse/interpret.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/auparse/interpret.c b/auparse/interpret.c +index c8a0d96dd..df593c44c 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -895,7 +895,7 @@ static char *path_norm(const char *name) + return strdup(name); + + rpath = working; +- dest = rpath + 1; ++ dest = rpath; + rpath_limit = rpath + PATH_MAX; + + for (start = name; *start; start = end) { diff --git a/SOURCES/audit-3.0.8-drop-protecthome.patch b/SOURCES/audit-3.0.8-drop-protecthome.patch new file mode 100644 index 0000000..a9a70de --- /dev/null +++ b/SOURCES/audit-3.0.8-drop-protecthome.patch @@ -0,0 +1,26 @@ +From c426507a501efde0367a09a81e917d1d10722b78 Mon Sep 17 00:00:00 2001 +From: Sergio Correia +Date: Thu, 31 Mar 2022 15:00:57 -0300 +Subject: [PATCH] Drop ProtectHome from auditd.service as it interferes with + rules + +Upstream: https://github.com/linux-audit/audit-userspace/commit/12cf14ed +--- + init.d/auditd.service | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/init.d/auditd.service b/init.d/auditd.service +index e801281..0a4c498 100644 +--- a/init.d/auditd.service ++++ b/init.d/auditd.service +@@ -36,7 +36,6 @@ MemoryDenyWriteExecute=true + LockPersonality=true + ProtectControlGroups=true + ProtectKernelModules=true +-ProtectHome=true + RestrictRealtime=true + + [Install] +-- +2.35.1 + diff --git a/SPECS/audit.spec b/SPECS/audit.spec index e8c8853..9d3e94b 100644 --- a/SPECS/audit.spec +++ b/SPECS/audit.spec @@ -3,12 +3,15 @@ Summary: User space tools for kernel auditing Name: audit Version: 3.0.7 -Release: 2%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt +Patch1: audit-3.0.8-auparse-path-norm.patch +Patch2: audit-3.0.8-drop-protecthome.patch + BuildRequires: gcc swig make BuildRequires: openldap-devel BuildRequires: krb5-devel libcap-ng-devel @@ -83,6 +86,8 @@ Management Facility) database, through an IBM Tivoli Directory Server %prep %setup -q cp %{SOURCE1} . +%patch1 -p1 +%patch2 -p1 %build %configure --with-python=no \ @@ -235,6 +240,14 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Mon May 02 2022 Sergio Correia - 3.0.7-4 +- Drop ProtectHome from auditd.service as it interferes with rules + Resolves: rhbz#2071727 - Default systemd service config blocks audit watch rules in some directories + +* Mon Mar 14 2022 Sergio Correia - 3.0.7-3 +- Fix path normalization in auparse + Resolves: rhbz#2062612 - auparse missing information when used with --format-text + * Tue Feb 22 2022 Sergio Correia - 3.0.7-2 - Adjust sample-rules dir permissions Resolves: rhbz#2054727 - /usr/share/audit/sample-rules is no longer readable by non-root users