rpms/audit/F-8 audit-1.7-ausearch.patch, NONE, 1.1 audit-1.7.1-log-cmd-overflow.patch, NONE, 1.1 audit-1.7.1-lsb-headers.patch, NONE, 1.1 audit.spec, 1.156, 1.157
Steve Grubb (sgrubb)
fedora-extras-commits at redhat.com
Wed Apr 2 22:23:14 UTC 2008
Author: sgrubb
Update of /cvs/pkgs/rpms/audit/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3879
Modified Files:
audit.spec
Added Files:
audit-1.7-ausearch.patch audit-1.7.1-log-cmd-overflow.patch
audit-1.7.1-lsb-headers.patch
Log Message:
* Wed Apr 02 2008 Steve Grubb <sgrubb at redhat.com> 1.6.8-4
- Fix overflow in audit_log_user_command bz 438840
- Remove LSB headers from init scripts
- Fix ausearch to not escape saddr in avcs
audit-1.7-ausearch.patch:
--- NEW FILE audit-1.7-ausearch.patch ---
diff -up audit-1.6.5/src/ausearch-report.c.ausearch audit-1.6.5/src/ausearch-report.c
--- audit-1.6.5/src/ausearch-report.c.ausearch 2007-12-20 21:02:15.000000000 +0100
+++ audit-1.6.5/src/ausearch-report.c 2008-04-02 18:33:16.000000000 +0200
@@ -36,6 +36,7 @@
#include <linux/net.h>
#include <time.h>
#include <stdlib.h>
+#include <ctype.h>
#include "libaudit.h"
#include "ausearch-options.h"
#include "ausearch-parse.h"
@@ -59,7 +60,7 @@ static void output_raw(llist *l);
static void output_default(llist *l);
static void output_interpreted(llist *l);
static void output_interpreted_node(const lnode *n);
-static void interpret(char *name, char *val, int comma);
+static void interpret(char *name, char *val, int comma, int rtype);
/* The machine based on elf type */
static int machine = 0;
@@ -287,7 +288,7 @@ no_print:
val = ptr;
// print interpreted string
- interpret(name, val, comma);
+ interpret(name, val, comma, n->type);
}
printf("\n");
}
@@ -838,13 +839,37 @@ static void print_signals(char *val)
printf("%s", strsignal(i));
}
-static void interpret(char *name, char *val, int comma)
+static int is_hex_string(const char *str)
+{
+ while (*str) {
+ if (!isxdigit(*str))
+ return 0;
+ str++;
+ }
+ return 1;
+}
+
+static void interpret(char *name, char *val, int comma, int rtype)
{
int type;
while (*name == ' ')
name++;
- type = audit_lookup_type(name);
+
+ /* Do some fixups */
+ if (rtype == AUDIT_EXECVE && name[0] == 'a')
+ type = T_ESCAPED;
+ else if (rtype == AUDIT_AVC && strcmp(name, "saddr") == 0)
+ type = -1;
+ else if (strcmp(name, "acct") == 0) {
+ if (val[0] == '"')
+ type = T_ESCAPED;
+ else if (is_hex_string(val))
+ type = T_ESCAPED;
+ else
+ type = -1;
+ } else
+ type = audit_lookup_type(name);
switch(type) {
case T_UID:
audit-1.7.1-log-cmd-overflow.patch:
--- NEW FILE audit-1.7.1-log-cmd-overflow.patch ---
diff -urp audit-1.6.5.orig/lib/audit_logging.c audit-1.6.5/lib/audit_logging.c
--- audit-1.6.5.orig/lib/audit_logging.c 2008-04-01 16:33:34.000000000 -0400
+++ audit-1.6.5/lib/audit_logging.c 2008-04-01 16:34:12.000000000 -0400
@@ -652,7 +652,10 @@ int audit_log_user_command(int audit_fd,
}
p = cmd;
- strcpy(commname, cmd);
+ if (len >= PATH_MAX) {
+ cmd[PATH_MAX] = 0;
+ len = PATH_MAX-1;
+ }
while (*p) {
if (*p == '"' || *p < 0x21 || (unsigned)*p > 0x7f) {
_audit_c2x(commname, cmd, len);
audit-1.7.1-lsb-headers.patch:
--- NEW FILE audit-1.7.1-lsb-headers.patch ---
diff -ur audit-1.6.10.orig/init.d/auditd.init audit-1.6.10/init.d/auditd.init
--- audit-1.6.10.orig/init.d/auditd.init 2008-03-27 10:53:28.000000000 -0400
+++ audit-1.6.10/init.d/auditd.init 2008-03-27 14:17:10.000000000 -0400
@@ -23,16 +23,6 @@
# 6 - program is not configured
# 7 - program is not running
#
-### BEGIN INIT INFO
-# Provides: audit
-# Required-Start: $syslog $local_fs
-# Required-Stop: $syslog $local_fs
-# Should-Start: $network
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: audit daemon
-# Description: The audit daemon collects system security events
-### END INIT INFO
PATH=/sbin:/bin:/usr/bin:/usr/sbin
Index: audit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audit/F-8/audit.spec,v
retrieving revision 1.156
retrieving revision 1.157
diff -u -r1.156 -r1.157
--- audit.spec 14 Mar 2008 15:15:58 -0000 1.156
+++ audit.spec 2 Apr 2008 22:22:30 -0000 1.157
@@ -1,18 +1,21 @@
%define sca_version 0.4.5
-%define sca_release 6
+%define sca_release 7
%define selinux_variants mls strict targeted
%define selinux_policyver 3.0.8
Summary: User space tools for 2.6 kernel auditing
Name: audit
Version: 1.6.8
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Patch0: audit-1.6.8-zos.patch
Patch1: audit-1.6.8-audispd-memleak.patch
+Patch2: audit-1.7.1-lsb-headers.patch
+Patch3: audit-1.7.1-log-cmd-overflow.patch
+Patch4: audit-1.7-ausearch.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gettext-devel intltool libtool swig python-devel
BuildRequires: kernel-headers >= 2.6.18
@@ -98,6 +101,9 @@
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
mkdir zos-remote-policy
cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
@@ -105,7 +111,7 @@
(cd system-config-audit; ./autogen.sh)
aclocal && autoconf && autoheader && automake
%configure --sbindir=/sbin --libdir=/%{_lib} --with-prelude
-make
+make %{?_smp_mflags}
cd zos-remote-policy
for selinuxvariant in %{selinux_variants}
do
@@ -122,7 +128,7 @@
mkdir -p $RPM_BUILD_ROOT/%{_lib}
mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit
mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit
-make DESTDIR=$RPM_BUILD_ROOT install
+make DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} install
make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora
for selinuxvariant in %{selinux_variants}
do
@@ -308,6 +314,11 @@
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
%changelog
+* Wed Apr 02 2008 Steve Grubb <sgrubb at redhat.com> 1.6.8-4
+- Fix overflow in audit_log_user_command bz 438840
+- Remove LSB headers from init scripts
+- Fix ausearch to not escape saddr in avcs
+
* Fri Mar 14 2008 Steve Grubb <sgrubb at redhat.com> 1.6.8-3
- Better fix for memleak in audit event dispatcher
More information about the fedora-extras-commits
mailing list