aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch47
-rw-r--r--recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch134
-rw-r--r--recipes-security/audit/audit_2.8.4.bb2
3 files changed, 183 insertions, 0 deletions
diff --git a/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch b/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch
new file mode 100644
index 0000000..38029aa
--- /dev/null
+++ b/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch
@@ -0,0 +1,47 @@
+From a1782b58b687b74249dc8b2411a3f646b821ebd6 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Thu, 4 Oct 2018 08:45:47 -0400
+Subject: [PATCH] Remove strdupa as suggested in pull request #25
+
+---
+ src/auditd.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+Origin: https://github.com/linux-audit/audit-userspace/commit/a1782b58b687b74249dc8b2411a3f646b821ebd6
+Applied-Upstream: yes
+
+diff --git a/src/auditd.c b/src/auditd.c
+index b0952db..c826ec0 100644
+--- a/src/auditd.c
++++ b/src/auditd.c
+@@ -209,21 +209,22 @@ static void cont_handler(struct ev_loop *loop, struct ev_signal *sig,
+
+ static int extract_type(const char *str)
+ {
+- const char *tptr, *ptr2, *ptr = str;
++ const char *ptr2, *ptr = str;
+ if (*str == 'n') {
+ ptr = strchr(str+1, ' ');
+ if (ptr == NULL)
+ return -1; // Malformed - bomb out
+ ptr++;
+ }
++
+ // ptr should be at 't'
+ ptr2 = strchr(ptr, ' ');
+- // get type=xxx in a buffer
+- tptr = strndupa(ptr, ptr2 - ptr);
++
+ // find =
+- str = strchr(tptr, '=');
+- if (str == NULL)
++ str = strchr(ptr, '=');
++ if (str == NULL || str >= ptr2)
+ return -1; // Malformed - bomb out
++
+ // name is 1 past
+ str++;
+ return audit_name_to_msg_type(str);
+--
+2.20.1
+
diff --git a/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch b/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
new file mode 100644
index 0000000..c948aa3
--- /dev/null
+++ b/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
@@ -0,0 +1,134 @@
+From 5346b6af0ca67a2965ca5846ae150f3021a2aa17 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Tue, 26 Feb 2019 18:33:33 -0500
+Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
+
+---
+Origin: https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e
+Applied-Upstream: yes
+
+ auparse/auparse.c | 12 +++++++++++-
+ auparse/interpret.c | 9 ++++++++-
+ configure.ac | 14 +++++++++++++-
+ src/ausearch-lol.c | 12 +++++++++++-
+ 4 files changed, 43 insertions(+), 4 deletions(-)
+
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index f84712e..3764046 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -1,5 +1,5 @@
+ /* auparse.c --
+- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
++ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+@@ -1100,6 +1100,16 @@ static int str2event(char *s, au_event_t *e)
+ return 0;
+ }
+
++#ifndef HAVE_STRNDUPA
++static inline char *strndupa(const char *old, size_t n)
++{
++ size_t len = strnlen(old, n);
++ char *tmp = alloca(len + 1);
++ tmp[len] = 0;
++ return memcpy(tmp, old, len);
++}
++#endif
++
+ /* Returns 0 on success and 1 on error */
+ static int extract_timestamp(const char *b, au_event_t *e)
+ {
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 1846f9d..8540bd1 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -853,6 +853,13 @@ err_out:
+ return print_escaped(id->val);
+ }
+
++// rawmemchr is faster. Let's use it if we have it.
++#ifdef HAVE_RAWMEMCHR
++#define STRCHR rawmemchr
++#else
++#define STRCHR strchr
++#endif
++
+ static const char *print_proctitle(const char *val)
+ {
+ char *out = (char *)print_escaped(val);
+@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
+ // Proctitle has arguments separated by NUL bytes
+ // We need to write over the NUL bytes with a space
+ // so that we can see the arguments
+- while ((ptr = rawmemchr(ptr, '\0'))) {
++ while ((ptr = STRCHR(ptr, '\0'))) {
+ if (ptr >= end)
+ break;
+ *ptr = ' ';
+diff --git a/configure.ac b/configure.ac
+index ede7109..97b547f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1,7 +1,7 @@
+ dnl
+ define([AC_INIT_NOTICE],
+ [### Generated automatically using autoconf version] AC_ACVERSION [
+-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
++### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
+ ###
+ ### Permission is hereby granted, free of charge, to any person obtaining a
+ ### copy of this software and associated documentation files (the "Software"),
+@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
+ AC_CHECK_FUNCS([posix_fallocate])
+ dnl; signalfd is needed for libev
+ AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
++dnl; check if rawmemchr is available
++AC_CHECK_FUNCS([rawmemchr])
++dnl; check if strndupa is available
++AC_LINK_IFELSE(
++ [AC_LANG_SOURCE(
++ [[
++ #define _GNU_SOURCE
++ #include <string.h>
++ int main() { (void) strndupa("test", 10); return 0; }]])],
++ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
++ []
++)
+
+ ALLWARNS=""
+ ALLDEBUG="-g"
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index 4fbfbae..5eecefe 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-lol.c - linked list of linked lists library
+-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -131,6 +131,16 @@ static int inline events_are_equal(event *e1, event *e2)
+ return 1;
+ }
+
++#ifndef HAVE_STRNDUPA
++static inline char *strndupa(const char *old, size_t n)
++{
++ size_t len = strnlen(old, n);
++ char *tmp = alloca(len + 1);
++ tmp[len] = 0;
++ return memcpy(tmp, old, len);
++}
++#endif
++
+ /*
+ * This function will look at the line and pick out pieces of it.
+ */
+--
+2.20.1
+
diff --git a/recipes-security/audit/audit_2.8.4.bb b/recipes-security/audit/audit_2.8.4.bb
index c756552..c29bb74 100644
--- a/recipes-security/audit/audit_2.8.4.bb
+++ b/recipes-security/audit/audit_2.8.4.bb
@@ -11,6 +11,8 @@ SRC_URI = "http://people.redhat.com/sgrubb/${BPN}/${BPN}-${PV}.tar.gz \
file://audit-python-configure.patch \
file://audit-python.patch \
file://fix-swig-host-contamination.patch \
+ file://0001-Remove-strdupa-as-suggested-in-pull-request-25.patch \
+ file://0002-Add-substitue-functions-for-strndupa-rawmemchr.patch \
file://auditd \
file://auditd.service \
file://audit-volatile.conf \