rpms/audit/F-8 audit-1.7-ausearch.patch, NONE, 1.1 audit-1.7.1-log-cmd-overflow.patch, NONE, 1.1 audit-1.7.1-lsb-headers.patch, NONE, 1.1 audit.spec, 1.156, 1.157

Steve Grubb (sgrubb) fedora-extras-commits at redhat.com
Wed Apr 2 22:23:14 UTC 2008 

Author: sgrubb

Update of /cvs/pkgs/rpms/audit/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3879

Modified Files:
	audit.spec 
Added Files:
	audit-1.7-ausearch.patch audit-1.7.1-log-cmd-overflow.patch 
	audit-1.7.1-lsb-headers.patch 
Log Message:
* Wed Apr 02 2008 Steve Grubb <sgrubb at redhat.com> 1.6.8-4
- Fix overflow in audit_log_user_command bz 438840
- Remove LSB headers from init scripts
- Fix ausearch to not escape saddr in avcs


audit-1.7-ausearch.patch:

--- NEW FILE audit-1.7-ausearch.patch ---
diff -up audit-1.6.5/src/ausearch-report.c.ausearch audit-1.6.5/src/ausearch-report.c
--- audit-1.6.5/src/ausearch-report.c.ausearch	2007-12-20 21:02:15.000000000 +0100
+++ audit-1.6.5/src/ausearch-report.c	2008-04-02 18:33:16.000000000 +0200
@@ -36,6 +36,7 @@
 #include <linux/net.h>
 #include <time.h>
 #include <stdlib.h>
+#include <ctype.h>
 #include "libaudit.h"
 #include "ausearch-options.h"
 #include "ausearch-parse.h"
@@ -59,7 +60,7 @@ static void output_raw(llist *l);
 static void output_default(llist *l);
 static void output_interpreted(llist *l);
 static void output_interpreted_node(const lnode *n);
-static void interpret(char *name, char *val, int comma);
+static void interpret(char *name, char *val, int comma, int rtype);
 
 /* The machine based on elf type */
 static int machine = 0;
@@ -287,7 +288,7 @@ no_print:
 		val = ptr;
 		
 		// print interpreted string
-		interpret(name, val, comma);
+		interpret(name, val, comma, n->type);
 	}
 	printf("\n");
 }
@@ -838,13 +839,37 @@ static void print_signals(char *val)
 	printf("%s", strsignal(i));
 }
 
-static void interpret(char *name, char *val, int comma)
+static int is_hex_string(const char *str)
+{
+        while (*str) {
+                if (!isxdigit(*str))
+                        return 0;
+                str++;
+        }
+        return 1;
+}
+
+static void interpret(char *name, char *val, int comma, int rtype)
 {
 	int type;
 
 	while (*name == ' ')
 		name++;
-	type = audit_lookup_type(name);
+
+        /* Do some fixups */
+        if (rtype == AUDIT_EXECVE && name[0] == 'a')
+                type = T_ESCAPED;
+        else if (rtype == AUDIT_AVC && strcmp(name, "saddr") == 0)
+                type = -1;
+        else if (strcmp(name, "acct") == 0) {
+                if (val[0] == '"')
+                        type = T_ESCAPED;
+                else if (is_hex_string(val))
+                        type = T_ESCAPED;
+                else
+                        type = -1;
+        } else
+                type = audit_lookup_type(name);
 
 	switch(type) {
 		case T_UID:

audit-1.7.1-log-cmd-overflow.patch:

--- NEW FILE audit-1.7.1-log-cmd-overflow.patch ---
diff -urp audit-1.6.5.orig/lib/audit_logging.c audit-1.6.5/lib/audit_logging.c
--- audit-1.6.5.orig/lib/audit_logging.c	2008-04-01 16:33:34.000000000 -0400
+++ audit-1.6.5/lib/audit_logging.c	2008-04-01 16:34:12.000000000 -0400
@@ -652,7 +652,10 @@ int audit_log_user_command(int audit_fd,
 	}
 
 	p = cmd;
-	strcpy(commname, cmd);
+	if (len >= PATH_MAX) {
+		cmd[PATH_MAX] = 0;
+		len = PATH_MAX-1;
+	}
 	while (*p) {
 		if (*p == '"' || *p < 0x21 || (unsigned)*p > 0x7f) {
 			_audit_c2x(commname, cmd, len);

audit-1.7.1-lsb-headers.patch:

--- NEW FILE audit-1.7.1-lsb-headers.patch ---
diff -ur audit-1.6.10.orig/init.d/auditd.init audit-1.6.10/init.d/auditd.init
--- audit-1.6.10.orig/init.d/auditd.init	2008-03-27 10:53:28.000000000 -0400
+++ audit-1.6.10/init.d/auditd.init	2008-03-27 14:17:10.000000000 -0400
@@ -23,16 +23,6 @@
 # 6 - program is not configured
 # 7 - program is not running
 #
-### BEGIN INIT INFO
-# Provides: audit
-# Required-Start: $syslog $local_fs
-# Required-Stop: $syslog $local_fs
-# Should-Start: $network
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: audit daemon
-# Description: The audit daemon collects system security events
-### END INIT INFO
 
 
 PATH=/sbin:/bin:/usr/bin:/usr/sbin


Index: audit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audit/F-8/audit.spec,v
retrieving revision 1.156
retrieving revision 1.157
diff -u -r1.156 -r1.157
--- audit.spec	14 Mar 2008 15:15:58 -0000	1.156
+++ audit.spec	2 Apr 2008 22:22:30 -0000	1.157
@@ -1,18 +1,21 @@
 %define sca_version 0.4.5
-%define sca_release 6
+%define sca_release 7
 %define selinux_variants mls strict targeted
 %define selinux_policyver 3.0.8 
 
 Summary: User space tools for 2.6 kernel auditing
 Name: audit
 Version: 1.6.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Patch0: audit-1.6.8-zos.patch
 Patch1: audit-1.6.8-audispd-memleak.patch
+Patch2: audit-1.7.1-lsb-headers.patch
+Patch3: audit-1.7.1-log-cmd-overflow.patch
+Patch4: audit-1.7-ausearch.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: gettext-devel intltool libtool swig python-devel
 BuildRequires: kernel-headers >= 2.6.18
@@ -98,6 +101,9 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 mkdir zos-remote-policy
 cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
 
@@ -105,7 +111,7 @@
 (cd system-config-audit; ./autogen.sh)
 aclocal && autoconf && autoheader && automake
 %configure --sbindir=/sbin --libdir=/%{_lib} --with-prelude
-make
+make %{?_smp_mflags}
 cd zos-remote-policy
 for selinuxvariant in %{selinux_variants}
 do
@@ -122,7 +128,7 @@
 mkdir -p $RPM_BUILD_ROOT/%{_lib}
 mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
 mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit
-make DESTDIR=$RPM_BUILD_ROOT install
+make DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} install
 make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora
 for selinuxvariant in %{selinux_variants}
 do
@@ -308,6 +314,11 @@
 %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
 
 %changelog
+* Wed Apr 02 2008 Steve Grubb <sgrubb at redhat.com> 1.6.8-4
+- Fix overflow in audit_log_user_command bz 438840
+- Remove LSB headers from init scripts
+- Fix ausearch to not escape saddr in avcs
+
 * Fri Mar 14 2008 Steve Grubb <sgrubb at redhat.com> 1.6.8-3
 - Better fix for memleak in audit event dispatcher

More information about the fedora-extras-commits mailing list