Projects
openEuler:20.03:LTS:SP3
audit
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 8
View file
_service:tar_scm_kernel_repo:audit.spec
Changed
@@ -4,7 +4,7 @@ Name: audit Epoch: 1 Version: 3.0 -Release: 6 +Release: 7 License: GPLv2+ and LGPLv2+ URL: https://people.redhat.com/sgrubb/audit/ Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz @@ -41,6 +41,8 @@ Patch28: backport-Final-kerberos-leak-fixups.patch Patch29: backport-time_t-is-not-an-int-anymore.patch Patch30: backport-krb5_cc_store_cred-takes-custody-of-my_creds-so-we-do-not-need-to-keep-it-around.patch +Patch31: backport-asprintf-can-return-a-negative-number.patch +Patch32: backport-Cleanup-gssapi-code.patch BuildRequires: gcc swig libtool systemd kernel-headers >= 2.6.29 BuildRequires: openldap-devel krb5-devel libcap-ng-devel @@ -395,6 +397,11 @@ %attr(644,root,root) %{_mandir}/man8/*.8.gz %changelog +* Tue Feb 14 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 1:3.0-7 +- backport some patches + asprintf can return a negative number patch + Cleanup gssapi code + * Tue Feb 14 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 1:3.0-6 - backport some patches In auditd release the async flush lock on stop
View file
_service:tar_scm_kernel_repo:backport-Cleanup-gssapi-code.patch
Added
@@ -0,0 +1,67 @@ +From ff0b0a11497fe9360e3aaa448c8744955f8c0fc9 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Fri, 15 Jul 2022 16:09:10 -0400 +Subject: Cleanup gssapi code + +--- + src/auditd-listen.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/src/auditd-listen.c b/src/auditd-listen.c +index 34a142a..61a3480 100644 +--- a/src/auditd-listen.c ++++ b/src/auditd-listen.c +@@ -414,10 +414,9 @@ static int negotiate_credentials(ev_tcp *io) + GSS_C_NO_CHANNEL_BINDINGS, &client, + NULL, &send_tok, &sess_flags, + NULL, NULL); +- if (recv_tok.value) { +- free(recv_tok.value); +- recv_tok.value = NULL; +- } ++ if (recv_tok.value) ++ gss_release_buffer(&min_stat, &recv_tok); ++ + if (maj_stat != GSS_S_COMPLETE + && maj_stat != GSS_S_CONTINUE_NEEDED) { + gss_release_buffer(&min_stat, &send_tok); +@@ -441,6 +440,7 @@ static int negotiate_credentials(ev_tcp *io) + if (*context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, + context, GSS_C_NO_BUFFER); ++ gss_release_name(&min_stat, &client); + return -1; + } + gss_release_buffer(&min_stat, &send_tok); +@@ -455,14 +455,22 @@ static int negotiate_credentials(ev_tcp *io) + return -1; + } + +- audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s", +- (char *)recv_tok.value); +- io->remote_name = strdup(recv_tok.value); +- io->remote_name_len = strlen(recv_tok.value); ++ if (asprintf(&io->remote_name, "%.*s", (int)recv_tok.length, ++ (char *)recv_tok.value) < 0) { ++ io->remote_name = strdup("?"); ++ io->remote_name_len = 1; ++ } else ++ io->remote_name_len = recv_tok.length; ++ ++ audit_msg(LOG_INFO, "GSS-API Accepted connection from: %s", ++ io->remote_name); + gss_release_buffer(&min_stat, &recv_tok); + +- slashptr = strchr(io->remote_name, '/'); +- atptr = strchr(io->remote_name, '@'); ++ if (io->remote_name) { ++ slashptr = strchr(io->remote_name, '/'); ++ atptr = strchr(io->remote_name, '@'); ++ } else ++ slashptr = NULL; + + if (!slashptr || !atptr) { + audit_msg(LOG_ERR, "Invalid GSS name from remote client: %s", +-- +2.27.0 +
View file
_service:tar_scm_kernel_repo:backport-asprintf-can-return-a-negative-number.patch
Added
@@ -0,0 +1,26 @@ +From a75e42921997cab4cb9b2a01107441695239f764 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Mon, 11 Jul 2022 17:53:26 -0400 +Subject: asprintf can return a negative number + +Conflict:context adaptation +--- + audisp/audispd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/audisp/audispd.c b/audisp/audispd.c +index f20b38d..77cb7b2 100644 +--- a/audisp/audispd.c ++++ b/audisp/audispd.c +@@ -476,7 +476,7 @@ static int event_loop(void) + event_t *e; + const char *type; + char *v, *ptr, unknown[32]; +- unsigned int len; ++ int len; + lnode *conf; + + /* This is where we block until we have an event */ +-- +2.27.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.