rpms/audit/devel audit-1.7.3-prelude.patch, 1.1, 1.2 audit.spec, 1.174, 1.175
Steve Grubb (sgrubb)
fedora-extras-commits at redhat.com
Fri Apr 18 19:47:47 UTC 2008
- Previous message: rpms/emacs/devel .cvsignore,1.22,1.23 sources,1.24,1.25
- Next message: devel/anaconda .cvsignore, 1.530, 1.531 anaconda.spec, 1.672, 1.673 sources, 1.663, 1.664 revert-discinfo-check.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sgrubb
Update of /cvs/pkgs/rpms/audit/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5235
Modified Files:
audit-1.7.3-prelude.patch audit.spec
Log Message:
* Fri Apr 18 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-6
- Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
- Fix auparse iterating in auparse_find_field and next_field
- Don't alert on USER_AVC's - they are not quite right
audit-1.7.3-prelude.patch:
Index: audit-1.7.3-prelude.patch
===================================================================
RCS file: /cvs/pkgs/rpms/audit/devel/audit-1.7.3-prelude.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- audit-1.7.3-prelude.patch 17 Apr 2008 21:14:24 -0000 1.1
+++ audit-1.7.3-prelude.patch 18 Apr 2008 19:47:43 -0000 1.2
@@ -1,6 +1,6 @@
diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c
--- audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c 2008-04-07 16:57:12.000000000 -0400
-+++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c 2008-04-17 16:27:51.000000000 -0400
++++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c 2008-04-18 14:23:06.000000000 -0400
@@ -228,7 +228,8 @@ int main(int argc, char *argv[])
return -1;
}
@@ -23,11 +23,92 @@
/* Cleanup subsystems */
if (client)
-@@ -1938,6 +1940,7 @@ static void handle_event(auparse_state_t
- break;
- case AUDIT_SYSCALL:
- handle_watched_syscalls(au, &idmef, &alert);
-+ goto_record_type(au, AUDIT_SYSCALL);
- break;
- default:
- break;
+@@ -609,7 +611,7 @@ static int get_login_exe_info(auparse_st
+ base = basename(exe);
+ ret = prelude_string_new(&name_str);
+ PRELUDE_FAIL_CHECK;
+- ret = prelude_string_set_ref(name_str, base);
++ ret = prelude_string_set_dup(name_str, base);
+ PRELUDE_FAIL_CHECK;
+ idmef_process_set_name(process, name_str);
+ }
+@@ -708,7 +710,7 @@ static int get_comm_info(auparse_state_t
+ char *base = basename(exe);
+ ret = prelude_string_new(&name_str);
+ PRELUDE_FAIL_CHECK;
+- ret = prelude_string_set_ref(name_str, base);
++ ret = prelude_string_set_dup(name_str, base);
+ idmef_process_set_name(process, name_str);
+ }
+ }
+@@ -760,7 +762,7 @@ static int get_file_info(auparse_state_t
+ ret = prelude_string_new(&str);
+ PRELUDE_FAIL_CHECK;
+
+- ret = prelude_string_set_ref(str, path);
++ ret = prelude_string_set_dup(str, path);
+ PRELUDE_FAIL_CHECK;
+ if (path[0] == '/') {
+ char *base;
+@@ -772,7 +774,7 @@ static int get_file_info(auparse_state_t
+ base = "/";
+ ret = prelude_string_new(&name_str);
+ PRELUDE_FAIL_CHECK;
+- ret = prelude_string_set_ref(name_str, base);
++ ret = prelude_string_set_dup(name_str, base);
+ PRELUDE_FAIL_CHECK;
+ idmef_file_set_name(file, name_str);
+ } else
+@@ -1811,7 +1813,7 @@ static void handle_event(auparse_state_t
+ rc = 0;
+ switch (type) {
+ case AUDIT_AVC:
+- case AUDIT_USER_AVC:
++// case AUDIT_USER_AVC:
+ if (config.avcs == E_NO)
+ break;
+ if (config.avcs_act != A_IDMEF)
+diff -urp audit-1.7.2.orig/auparse/auparse.c audit-1.7.2/auparse/auparse.c
+--- audit-1.7.2.orig/auparse/auparse.c 2008-04-08 12:37:09.000000000 -0400
++++ audit-1.7.2/auparse/auparse.c 2008-04-18 14:10:36.000000000 -0400
+@@ -1130,6 +1130,7 @@ int auparse_first_record(auparse_state_t
+ return rc;
+ }
+ aup_list_first(&au->le);
++ aup_list_first_field(&au->le);
+
+ return 1;
+ }
+@@ -1236,7 +1237,22 @@ const char *auparse_find_field(auparse_s
+ {
+ free(au->find_field);
+ au->find_field = strdup(name);
+- return auparse_find_field_next(au);
++
++ if (au->le.e.sec) {
++ const char *cur_name;
++ rnode *r;
++
++ // look at current record before moving
++ r = aup_list_get_cur(&au->le);
++ if (r == NULL)
++ return NULL;
++ cur_name = nvlist_get_cur_name(&r->nv);
++ if (cur_name && strcmp(cur_name, name) == 0)
++ return nvlist_get_cur_val(&r->nv);
++
++ return auparse_find_field_next(au);
++ }
++ return NULL;
+ }
+
+ /* Increment 1 location and then scan for next field */
+@@ -1258,6 +1274,8 @@ const char *auparse_find_field_next(aupa
+ if (nvlist_find_name(&r->nv, au->find_field))
+ return nvlist_get_cur_val(&r->nv);
+ r = aup_list_next(&au->le);
++ if (r)
++ aup_list_first_field(&au->le);
+ }
+ }
+ return NULL;
Index: audit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audit/devel/audit.spec,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175
--- audit.spec 17 Apr 2008 21:14:24 -0000 1.174
+++ audit.spec 18 Apr 2008 19:47:43 -0000 1.175
@@ -7,7 +7,7 @@
Summary: User space tools for 2.6 kernel auditing
Name: audit
Version: 1.7.2
-Release: 2%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/
@@ -326,11 +326,13 @@
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
%changelog
-* Tue Apr 08 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-2
+* Fri Apr 18 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-6
- Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
+- Fix auparse iterating in auparse_find_field and next_field
+- Don't alert on USER_AVC's - they are not quite right
* Tue Apr 08 2008 Steve Grubb <sgrubb at redhat.com> 1.7.1-1
- Fix buffer overflow in audit_log_user_command, again (#438840)
- Previous message: rpms/emacs/devel .cvsignore,1.22,1.23 sources,1.24,1.25
- Next message: devel/anaconda .cvsignore, 1.530, 1.531 anaconda.spec, 1.672, 1.673 sources, 1.663, 1.664 revert-discinfo-check.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list