rpms/audit/devel audit-1.7.3-prelude.patch, 1.1, 1.2 audit.spec, 1.174, 1.175

Steve Grubb (sgrubb) fedora-extras-commits at redhat.com
Fri Apr 18 19:47:47 UTC 2008 

Author: sgrubb

Update of /cvs/pkgs/rpms/audit/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5235

Modified Files:
	audit-1.7.3-prelude.patch audit.spec 
Log Message:
* Fri Apr 18 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-6
- Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
- Fix auparse iterating in auparse_find_field and next_field
- Don't alert on USER_AVC's - they are not quite right


audit-1.7.3-prelude.patch:

Index: audit-1.7.3-prelude.patch
===================================================================
RCS file: /cvs/pkgs/rpms/audit/devel/audit-1.7.3-prelude.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- audit-1.7.3-prelude.patch	17 Apr 2008 21:14:24 -0000	1.1
+++ audit-1.7.3-prelude.patch	18 Apr 2008 19:47:43 -0000	1.2
@@ -1,6 +1,6 @@
 diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c
 --- audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c	2008-04-07 16:57:12.000000000 -0400
-+++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c	2008-04-17 16:27:51.000000000 -0400
++++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c	2008-04-18 14:23:06.000000000 -0400
 @@ -228,7 +228,8 @@ int main(int argc, char *argv[])
  		return -1;
  	}
@@ -23,11 +23,92 @@
  
  	/* Cleanup subsystems */
  	if (client) 
-@@ -1938,6 +1940,7 @@ static void handle_event(auparse_state_t
- 				break;
- 			case AUDIT_SYSCALL:
- 				handle_watched_syscalls(au, &idmef, &alert);
-+				goto_record_type(au, AUDIT_SYSCALL);
- 				break;
- 			default:
- 				break;
+@@ -609,7 +611,7 @@ static int get_login_exe_info(auparse_st
+ 		base = basename(exe);
+ 		ret = prelude_string_new(&name_str);
+ 		PRELUDE_FAIL_CHECK;
+-		ret = prelude_string_set_ref(name_str, base);
++		ret = prelude_string_set_dup(name_str, base);
+ 		PRELUDE_FAIL_CHECK;
+ 		idmef_process_set_name(process, name_str);
+ 	}
+@@ -708,7 +710,7 @@ static int get_comm_info(auparse_state_t
+ 			char *base = basename(exe);
+ 			ret = prelude_string_new(&name_str);
+ 			PRELUDE_FAIL_CHECK;
+-			ret = prelude_string_set_ref(name_str, base);
++			ret = prelude_string_set_dup(name_str, base);
+ 			idmef_process_set_name(process, name_str);
+ 		}
+ 	}
+@@ -760,7 +762,7 @@ static int get_file_info(auparse_state_t
+ 		ret = prelude_string_new(&str);
+ 		PRELUDE_FAIL_CHECK;
+ 
+-		ret = prelude_string_set_ref(str, path);
++		ret = prelude_string_set_dup(str, path);
+ 		PRELUDE_FAIL_CHECK;
+ 		if (path[0] == '/') {
+ 			char *base;
+@@ -772,7 +774,7 @@ static int get_file_info(auparse_state_t
+ 				base = "/";
+ 			ret = prelude_string_new(&name_str);
+ 			PRELUDE_FAIL_CHECK;
+-			ret = prelude_string_set_ref(name_str, base);
++			ret = prelude_string_set_dup(name_str, base);
+ 			PRELUDE_FAIL_CHECK;
+ 			idmef_file_set_name(file, name_str);
+ 		} else
+@@ -1811,7 +1813,7 @@ static void handle_event(auparse_state_t
+ 		rc = 0;
+ 		switch (type) {
+ 			case AUDIT_AVC:
+-			case AUDIT_USER_AVC:
++//			case AUDIT_USER_AVC:
+ 				if (config.avcs == E_NO)
+ 					break;
+ 				if (config.avcs_act != A_IDMEF)
+diff -urp audit-1.7.2.orig/auparse/auparse.c audit-1.7.2/auparse/auparse.c
+--- audit-1.7.2.orig/auparse/auparse.c	2008-04-08 12:37:09.000000000 -0400
++++ audit-1.7.2/auparse/auparse.c	2008-04-18 14:10:36.000000000 -0400
+@@ -1130,6 +1130,7 @@ int auparse_first_record(auparse_state_t
+ 			return rc;
+ 	}
+ 	aup_list_first(&au->le);
++	aup_list_first_field(&au->le);
+ 	
+ 	return 1;
+ }
+@@ -1236,7 +1237,22 @@ const char *auparse_find_field(auparse_s
+ {
+ 	free(au->find_field);
+ 	au->find_field = strdup(name);
+-	return auparse_find_field_next(au);
++
++	if (au->le.e.sec) {
++		const char *cur_name;
++		rnode *r;
++
++		// look at current record before moving
++		r = aup_list_get_cur(&au->le);
++		if (r == NULL)
++			return NULL;
++		cur_name = nvlist_get_cur_name(&r->nv);
++		if (cur_name && strcmp(cur_name, name) == 0)
++			return nvlist_get_cur_val(&r->nv);
++
++		return auparse_find_field_next(au);
++	}
++	return NULL;
+ }
+ 
+ /* Increment 1 location and then scan for next field */
+@@ -1258,6 +1274,8 @@ const char *auparse_find_field_next(aupa
+ 			if (nvlist_find_name(&r->nv, au->find_field))
+ 				return nvlist_get_cur_val(&r->nv);
+ 			r = aup_list_next(&au->le);
++			if (r)
++				aup_list_first_field(&au->le);
+ 		}
+ 	}
+ 	return NULL;


Index: audit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audit/devel/audit.spec,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175
--- audit.spec	17 Apr 2008 21:14:24 -0000	1.174
+++ audit.spec	18 Apr 2008 19:47:43 -0000	1.175
@@ -7,7 +7,7 @@
 Summary: User space tools for 2.6 kernel auditing
 Name: audit
 Version: 1.7.2
-Release: 2%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://people.redhat.com/sgrubb/audit/
@@ -326,11 +326,13 @@
 %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
 
 %changelog
-* Tue Apr 08 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-2
+* Fri Apr 18 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-6
 - Fix overflow in audit_log_user_command, better (#438840)
 - ausearch was not matching path in avc records
 - audisp-prelude attempt to reposition index after examining each type
 - correct building of mls policy
+- Fix auparse iterating in auparse_find_field and next_field
+- Don't alert on USER_AVC's - they are not quite right
 
 * Tue Apr 08 2008 Steve Grubb <sgrubb at redhat.com> 1.7.1-1
 - Fix buffer overflow in audit_log_user_command, again (#438840)

More information about the scm-commits mailing list