Open Build Service

_service:tar_scm_kernel_repo:audit.spec Changed

@@ -4,7 +4,7 @@
 Name:               audit
 Epoch:              1
 Version:            3.0
-Release:            6
+Release:            7
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -41,6 +41,8 @@
 Patch28:            backport-Final-kerberos-leak-fixups.patch
 Patch29:            backport-time_t-is-not-an-int-anymore.patch
 Patch30:            backport-krb5_cc_store_cred-takes-custody-of-my_creds-so-we-do-not-need-to-keep-it-around.patch
+Patch31:            backport-asprintf-can-return-a-negative-number.patch
+Patch32:            backport-Cleanup-gssapi-code.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -395,6 +397,11 @@
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Tue Feb 14 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 1:3.0-7
+- backport some patches
+  asprintf can return a negative number patch
+  Cleanup gssapi code
+
 * Tue Feb 14 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 1:3.0-6
 - backport some patches
   In auditd release the async flush lock on stop

_service:tar_scm_kernel_repo:backport-Cleanup-gssapi-code.patch Added

@@ -0,0 +1,67 @@
+From ff0b0a11497fe9360e3aaa448c8744955f8c0fc9 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Fri, 15 Jul 2022 16:09:10 -0400
+Subject: Cleanup gssapi code
+
+---
+ src/auditd-listen.c | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/src/auditd-listen.c b/src/auditd-listen.c
+index 34a142a..61a3480 100644
+--- a/src/auditd-listen.c
++++ b/src/auditd-listen.c
+@@ -414,10 +414,9 @@ static int negotiate_credentials(ev_tcp *io)
+ 					GSS_C_NO_CHANNEL_BINDINGS, &client,
+ 					NULL, &send_tok, &sess_flags,
+ 					NULL, NULL);
+-		if (recv_tok.value) {
+-			free(recv_tok.value);
+-			recv_tok.value = NULL;
+-		}
++		if (recv_tok.value)
++			gss_release_buffer(&min_stat, &recv_tok);
++
+ 		if (maj_stat != GSS_S_COMPLETE
+ 		    && maj_stat != GSS_S_CONTINUE_NEEDED) {
+ 			gss_release_buffer(&min_stat, &send_tok);
+@@ -441,6 +440,7 @@ static int negotiate_credentials(ev_tcp *io)
+ 				if (*context != GSS_C_NO_CONTEXT)
+ 					gss_delete_sec_context(&min_stat,
+ 						context, GSS_C_NO_BUFFER);
++				gss_release_name(&min_stat, &client);
+ 				return -1;
+ 			}
+ 			gss_release_buffer(&min_stat, &send_tok);
+@@ -455,14 +455,22 @@ static int negotiate_credentials(ev_tcp *io)
+ 		return -1;
+ 	}
+ 
+-	audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s",
+-		  (char *)recv_tok.value);
+-	io->remote_name = strdup(recv_tok.value);
+-	io->remote_name_len = strlen(recv_tok.value);
++	if (asprintf(&io->remote_name, "%.*s", (int)recv_tok.length,
++		    (char *)recv_tok.value) < 0) {
++		io->remote_name = strdup("?");
++		io->remote_name_len = 1;
++	} else
++		io->remote_name_len = recv_tok.length;
++
++	audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s", 
++		  io->remote_name);
+ 	gss_release_buffer(&min_stat, &recv_tok);
+ 
+-	slashptr = strchr(io->remote_name, '/');
+-	atptr = strchr(io->remote_name, '@');
++	if (io->remote_name) {
++		slashptr = strchr(io->remote_name, '/');
++		atptr = strchr(io->remote_name, '@');
++	} else
++		slashptr = NULL;
+ 
+ 	if (!slashptr || !atptr) {
+ 		audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s",
+-- 
+2.27.0
+

_service:tar_scm_kernel_repo:backport-asprintf-can-return-a-negative-number.patch Added

Changes of Revision 8