From 61865e3305a2381de732345193efaa43432227cb Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 02 2017 15:24:21 +0000 Subject: import audit-2.6.5-3.el7_3.1 --- diff --git a/SOURCES/audit-2.6.7-segfault-fix.patch b/SOURCES/audit-2.6.7-segfault-fix.patch new file mode 100644 index 0000000..7c71fa2 --- /dev/null +++ b/SOURCES/audit-2.6.7-segfault-fix.patch @@ -0,0 +1,14 @@ +Index: /trunk/src/auditd-event.c +=================================================================== +--- /trunk/src/auditd-event.c (revision 1420) ++++ /trunk/src/auditd-event.c (revision 1421) +@@ -444,5 +444,8 @@ + void cleanup_event(struct auditd_event *e) + { +- free((void *)e->reply.message); ++ // Over in send_audit_event we sometimes have message pointing ++ // into the middle of the reply allocation. Check for it. ++ if (e->reply.message != e->reply.msg.data) ++ free((void *)e->reply.message); + free(e); + } diff --git a/SOURCES/audit-2.7-write-log.patch b/SOURCES/audit-2.7-write-log.patch new file mode 100644 index 0000000..9d8c0cc --- /dev/null +++ b/SOURCES/audit-2.7-write-log.patch @@ -0,0 +1,46 @@ +diff -urp audit-2.6.5.orig/src/auditd-config.c audit-2.6.5/src/auditd-config.c +--- audit-2.6.5.orig/src/auditd-config.c 2016-07-14 15:53:39.000000000 +0000 ++++ audit-2.6.5/src/auditd-config.c 2017-01-20 15:59:31.719704789 +0000 +@@ -841,8 +841,7 @@ static int log_format_parser(struct nv_p + if (config->log_format == LF_NOLOG) { + audit_msg(LOG_WARNING, + "The NOLOG option to log_format is deprecated. Please use the write_logs option."); +- if (config->log_format == LF_NOLOG && +- config->write_logs != 0) ++ if (config->write_logs != 0) + audit_msg(LOG_WARNING, + "The NOLOG option is overriding the write_logs current setting."); + config->write_logs = 0; +diff -urp audit-2.6.5.orig/src/auditd-event.c audit-2.6.5/src/auditd-event.c +--- audit-2.6.5.orig/src/auditd-event.c 2017-01-20 15:54:57.969419865 +0000 ++++ audit-2.6.5/src/auditd-event.c 2017-01-20 16:04:17.562133973 +0000 +@@ -48,6 +48,8 @@ + extern volatile int stop; + + /* Local function prototypes */ ++static void send_ack(const struct auditd_event *e, int ack_type, ++ const char *msg); + static void write_to_log(const struct auditd_event *e); + static void check_log_file_size(void); + static void check_space_left(void); +@@ -496,7 +498,7 @@ void handle_event(struct auditd_event *e + if (config->write_logs == 0) + return; + } +- if (!logging_suspended) { ++ if (!logging_suspended && config->write_logs) { + write_to_log(e); + + /* See if we need to flush to disk manually */ +@@ -537,7 +539,10 @@ void handle_event(struct auditd_event *e + } + } + } +- } ++ } else if (!config->write_logs) ++ send_ack(e, AUDIT_RMW_TYPE_ACK, ""); ++ // FIXME: When logging is suspended, what should remote do? ++ // Should probably be new response type + } + + static void send_ack(const struct auditd_event *e, int ack_type, diff --git a/SPECS/audit.spec b/SPECS/audit.spec index cfb38d3..74b6e7a 100644 --- a/SPECS/audit.spec +++ b/SPECS/audit.spec @@ -3,7 +3,7 @@ Summary: User space tools for 2.6 kernel auditing Name: audit Version: 2.6.5 -Release: 3%{?dist} +Release: 3%{?dist}.1 License: GPLv2+ Group: System Environment/Daemons URL: http://people.redhat.com/sgrubb/audit/ @@ -16,6 +16,10 @@ Patch2: audit-2.6.5-autrace.patch Patch3: audit-2.6.7-augenrules.patch Patch4: audit-2.6.7-log-perms.patch Patch5: audit-2.6.7-syslog.patch +# bz 1415726 - Setting log_format to NOLOG make auditd core dump +Patch6: audit-2.6.7-segfault-fix.patch +# bz 1415724 - write_logs option is not correctly handled +Patch7: audit-2.7-write-log.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openldap-devel BuildRequires: swig @@ -95,6 +99,8 @@ behavior. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p2 +%patch7 -p1 %build %configure --sbindir=/sbin --libdir=/%{_lib} --with-python=yes --with-libwrap --enable-gssapi-krb5=yes --with-libcap-ng=yes --with-arm --with-aarch64 \ @@ -268,6 +274,10 @@ fi %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %changelog +* Fri Jan 20 2017 Steve Grubb 2.6.5-3.1 +resolves: #1415724 - write_logs option is not correctly handled +resolves: #1415726 - Setting log_format to NOLOG make auditd core dump + * Wed Aug 10 2016 Steve Grubb 2.6.5-3 resolves: #1296204 - Rebase audit package