3 files changed, 183 insertions, 0 deletions
diff --git a/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch b/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch
new file mode 100644
index 0000000..38029aa
--- /dev/null
+++ b/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch
@@ -0,0 +1,47 @@
+From a1782b58b687b74249dc8b2411a3f646b821ebd6 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Thu, 4 Oct 2018 08:45:47 -0400
+Subject: [PATCH] Remove strdupa as suggested in pull request #25
+---
+ src/auditd.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+Origin: https://github.com/linux-audit/audit-userspace/commit/a1782b58b687b74249dc8b2411a3f646b821ebd6
+Applied-Upstream: yes
+diff --git a/src/auditd.c b/src/auditd.c
+index b0952db..c826ec0 100644
+--- a/src/auditd.c
+++ b/src/auditd.c
+@@ -209,21 +209,22 @@ static void cont_handler(struct ev_loop *loop, struct ev_signal *sig,
+ 
+ static int extract_type(const char *str)
+ {
+-       const char *tptr, *ptr2, *ptr = str;
+       const char *ptr2, *ptr = str;
+        if (*str == 'n') {
+                ptr = strchr(str+1, ' ');
+                if (ptr == NULL)
+                        return -1; // Malformed - bomb out
+                ptr++;
+        }
+
+        // ptr should be at 't'
+        ptr2 = strchr(ptr, ' ');
+-       // get type=xxx in a buffer
+-       tptr = strndupa(ptr, ptr2 - ptr);
+
+        // find =
+-       str = strchr(tptr, '=');
+-       if (str == NULL)
+       str = strchr(ptr, '=');
+       if (str == NULL || str >= ptr2)
+                return -1; // Malformed - bomb out
+
+        // name is 1 past
+        str++;
+        return audit_name_to_msg_type(str);
+-- 
+2.20.1
diff --git a/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch b/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
new file mode 100644
index 0000000..c948aa3
--- /dev/null
+++ b/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
@@ -0,0 +1,134 @@
+From 5346b6af0ca67a2965ca5846ae150f3021a2aa17 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Tue, 26 Feb 2019 18:33:33 -0500
+Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
+---
+Origin: https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e
+Applied-Upstream: yes
+ auparse/auparse.c   | 12 +++++++++++-
+ auparse/interpret.c |  9 ++++++++-
+ configure.ac        | 14 +++++++++++++-
+ src/ausearch-lol.c  | 12 +++++++++++-
+ 4 files changed, 43 insertions(+), 4 deletions(-)
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index f84712e..3764046 100644
+--- a/auparse/auparse.c
+++ b/auparse/auparse.c
+@@ -1,5 +1,5 @@
+ /* auparse.c --
+- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
+  * All Rights Reserved.
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -1100,6 +1100,16 @@ static int str2event(char *s, au_event_t *e)
+        return 0;
+ }
+ 
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+       size_t len = strnlen(old, n);
+       char *tmp = alloca(len + 1);
+       tmp[len] = 0;
+       return memcpy(tmp, old, len);
+}
+#endif
+
+ /* Returns 0 on success and 1 on error */
+ static int extract_timestamp(const char *b, au_event_t *e)
+ {
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 1846f9d..8540bd1 100644
+--- a/auparse/interpret.c
+++ b/auparse/interpret.c
+@@ -853,6 +853,13 @@ err_out:
+                return print_escaped(id->val);
+ }
+ 
+// rawmemchr is faster. Let's use it if we have it.
+#ifdef HAVE_RAWMEMCHR
+#define STRCHR rawmemchr
+#else
+#define STRCHR strchr
+#endif
+
+ static const char *print_proctitle(const char *val)
+ {
+        char *out = (char *)print_escaped(val);
+@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
+                // Proctitle has arguments separated by NUL bytes
+                // We need to write over the NUL bytes with a space
+                // so that we can see the arguments
+-               while ((ptr  = rawmemchr(ptr, '\0'))) {
+               while ((ptr  = STRCHR(ptr, '\0'))) {
+                        if (ptr >= end)
+                                break;
+                        *ptr = ' ';
+diff --git a/configure.ac b/configure.ac
+index ede7109..97b547f 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -1,7 +1,7 @@
+ dnl
+ define([AC_INIT_NOTICE],
+ [### Generated automatically using autoconf version] AC_ACVERSION [
+-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
+ ###
+ ### Permission is hereby granted, free of charge, to any person obtaining a
+ ### copy of this software and associated documentation files (the "Software"),
+@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
+ AC_CHECK_FUNCS([posix_fallocate])
+ dnl; signalfd is needed for libev
+ AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
+dnl; check if rawmemchr is available
+AC_CHECK_FUNCS([rawmemchr])
+dnl; check if strndupa is available
+AC_LINK_IFELSE(
+  [AC_LANG_SOURCE(
+    [[
+      #define _GNU_SOURCE
+      #include <string.h>
+      int main() { (void) strndupa("test", 10); return 0; }]])],
+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
+ []
+)
+ 
+ ALLWARNS=""
+ ALLDEBUG="-g"
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index 4fbfbae..5eecefe 100644
+--- a/src/ausearch-lol.c
+++ b/src/ausearch-lol.c
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-lol.c - linked list of linked lists library
+-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
+ * All Rights Reserved. 
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -131,6 +131,16 @@ static int inline events_are_equal(event *e1, event *e2)
+        return 1;
+ }
+ 
+#ifndef HAVE_STRNDUPA
+static inline char *strndupa(const char *old, size_t n)
+{
+       size_t len = strnlen(old, n);
+       char *tmp = alloca(len + 1);
+       tmp[len] = 0;
+       return memcpy(tmp, old, len);
+}
+#endif
+
+ /*
+  * This function will look at the line and pick out pieces of it.
+  */
+-- 
+2.20.1
diff --git a/recipes-security/audit/audit_2.8.4.bb b/recipes-security/audit/audit_2.8.4.bb
index c756552..c29bb74 100644
--- a/recipes-security/audit/audit_2.8.4.bb
+++ b/recipes-security/audit/audit_2.8.4.bb
@@ -11,6 +11,8 @@ SRC_URI = "http://people.redhat.com/sgrubb/${BPN}/${BPN}-${PV}.tar.gz \
           file://audit-python-configure.patch \
           file://audit-python.patch \
           file://fix-swig-host-contamination.patch \
+           file://0001-Remove-strdupa-as-suggested-in-pull-request-25.patch \
+           file://0002-Add-substitue-functions-for-strndupa-rawmemchr.patch \
           file://auditd \
           file://auditd.service \
           file://audit-volatile.conf \

diff --git a/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch b/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch new file mode 100644 index 0000000..38029aa --- /dev/null +++ b/recipes-security/audit/audit/0001-Remove-strdupa-as-suggested-in-pull-request-25.patch
@@ -0,0 +1,47 @@
		1	From a1782b58b687b74249dc8b2411a3f646b821ebd6 Mon Sep 17 00:00:00 2001
		2	From: Steve Grubb <sgrubb@redhat.com>
		3	Date: Thu, 4 Oct 2018 08:45:47 -0400
		4	Subject: [PATCH] Remove strdupa as suggested in pull request #25
		5
		6	---
		7	src/auditd.c \| 11 ++++++-----
		8	1 file changed, 6 insertions(+), 5 deletions(-)
		9
		10	Origin: https://github.com/linux-audit/audit-userspace/commit/a1782b58b687b74249dc8b2411a3f646b821ebd6
		11	Applied-Upstream: yes
		12
		13	diff --git a/src/auditd.c b/src/auditd.c
		14	index b0952db..c826ec0 100644
		15	--- a/src/auditd.c
		16	+++ b/src/auditd.c
		17	@@ -209,21 +209,22 @@ static void cont_handler(struct ev_loop loop, struct ev_signal sig,
		18
		19	static int extract_type(const char *str)
		20	{
		21	- const char tptr, ptr2, *ptr = str;
		22	+ const char ptr2, ptr = str;
		23	if (*str == 'n') {
		24	ptr = strchr(str+1, ' ');
		25	if (ptr == NULL)
		26	return -1; // Malformed - bomb out
		27	ptr++;
		28	}
		29	+
		30	// ptr should be at 't'
		31	ptr2 = strchr(ptr, ' ');
		32	- // get type=xxx in a buffer
		33	- tptr = strndupa(ptr, ptr2 - ptr);
		34	+
		35	// find =
		36	- str = strchr(tptr, '=');
		37	- if (str == NULL)
		38	+ str = strchr(ptr, '=');
		39	+ if (str == NULL \|\| str >= ptr2)
		40	return -1; // Malformed - bomb out
		41	+
		42	// name is 1 past
		43	str++;
		44	return audit_name_to_msg_type(str);
		45	--
		46	2.20.1
		47


diff --git a/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch b/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch new file mode 100644 index 0000000..c948aa3 --- /dev/null +++ b/recipes-security/audit/audit/0002-Add-substitue-functions-for-strndupa-rawmemchr.patch
@@ -0,0 +1,134 @@
		1	From 5346b6af0ca67a2965ca5846ae150f3021a2aa17 Mon Sep 17 00:00:00 2001
		2	From: Steve Grubb <sgrubb@redhat.com>
		3	Date: Tue, 26 Feb 2019 18:33:33 -0500
		4	Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
		5
		6	---
		7	Origin: https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e
		8	Applied-Upstream: yes
		9
		10	auparse/auparse.c \| 12 +++++++++++-
		11	auparse/interpret.c \| 9 ++++++++-
		12	configure.ac \| 14 +++++++++++++-
		13	src/ausearch-lol.c \| 12 +++++++++++-
		14	4 files changed, 43 insertions(+), 4 deletions(-)
		15
		16	diff --git a/auparse/auparse.c b/auparse/auparse.c
		17	index f84712e..3764046 100644
		18	--- a/auparse/auparse.c
		19	+++ b/auparse/auparse.c
		20	@@ -1,5 +1,5 @@
		21	/* auparse.c --
		22	- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
		23	+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
		24	* All Rights Reserved.
		25	*
		26	* This library is free software; you can redistribute it and/or
		27	@@ -1100,6 +1100,16 @@ static int str2event(char s, au_event_t e)
		28	return 0;
		29	}
		30
		31	+#ifndef HAVE_STRNDUPA
		32	+static inline char strndupa(const char old, size_t n)
		33	+{
		34	+ size_t len = strnlen(old, n);
		35	+ char *tmp = alloca(len + 1);
		36	+ tmp[len] = 0;
		37	+ return memcpy(tmp, old, len);
		38	+}
		39	+#endif
		40	+
		41	/* Returns 0 on success and 1 on error */
		42	static int extract_timestamp(const char b, au_event_t e)
		43	{
		44	diff --git a/auparse/interpret.c b/auparse/interpret.c
		45	index 1846f9d..8540bd1 100644
		46	--- a/auparse/interpret.c
		47	+++ b/auparse/interpret.c
		48	@@ -853,6 +853,13 @@ err_out:
		49	return print_escaped(id->val);
		50	}
		51
		52	+// rawmemchr is faster. Let's use it if we have it.
		53	+#ifdef HAVE_RAWMEMCHR
		54	+#define STRCHR rawmemchr
		55	+#else
		56	+#define STRCHR strchr
		57	+#endif
		58	+
		59	static const char print_proctitle(const char val)
		60	{
		61	char out = (char )print_escaped(val);
		62	@@ -863,7 +870,7 @@ static const char print_proctitle(const char val)
		63	// Proctitle has arguments separated by NUL bytes
		64	// We need to write over the NUL bytes with a space
		65	// so that we can see the arguments
		66	- while ((ptr = rawmemchr(ptr, '\0'))) {
		67	+ while ((ptr = STRCHR(ptr, '\0'))) {
		68	if (ptr >= end)
		69	break;
		70	*ptr = ' ';
		71	diff --git a/configure.ac b/configure.ac
		72	index ede7109..97b547f 100644
		73	--- a/configure.ac
		74	+++ b/configure.ac
		75	@@ -1,7 +1,7 @@
		76	dnl
		77	define([AC_INIT_NOTICE],
		78	[### Generated automatically using autoconf version] AC_ACVERSION [
		79	-### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
		80	+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
		81	###
		82	### Permission is hereby granted, free of charge, to any person obtaining a
		83	### copy of this software and associated documentation files (the "Software"),
		84	@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
		85	AC_CHECK_FUNCS([posix_fallocate])
		86	dnl; signalfd is needed for libev
		87	AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
		88	+dnl; check if rawmemchr is available
		89	+AC_CHECK_FUNCS([rawmemchr])
		90	+dnl; check if strndupa is available
		91	+AC_LINK_IFELSE(
		92	+ [AC_LANG_SOURCE(
		93	+ [[
		94	+ #define _GNU_SOURCE
		95	+ #include <string.h>
		96	+ int main() { (void) strndupa("test", 10); return 0; }]])],
		97	+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
		98	+ []
		99	+)
		100
		101	ALLWARNS=""
		102	ALLDEBUG="-g"
		103	diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
		104	index 4fbfbae..5eecefe 100644
		105	--- a/src/ausearch-lol.c
		106	+++ b/src/ausearch-lol.c
		107	@@ -1,6 +1,6 @@
		108	/*
		109	* ausearch-lol.c - linked list of linked lists library
		110	-* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
		111	+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
		112	* All Rights Reserved.
		113	*
		114	* This software may be freely redistributed and/or modified under the
		115	@@ -131,6 +131,16 @@ static int inline events_are_equal(event e1, event e2)
		116	return 1;
		117	}
		118
		119	+#ifndef HAVE_STRNDUPA
		120	+static inline char strndupa(const char old, size_t n)
		121	+{
		122	+ size_t len = strnlen(old, n);
		123	+ char *tmp = alloca(len + 1);
		124	+ tmp[len] = 0;
		125	+ return memcpy(tmp, old, len);
		126	+}
		127	+#endif
		128	+
		129	/*
		130	* This function will look at the line and pick out pieces of it.
		131	*/
		132	--
		133	2.20.1
		134


diff --git a/recipes-security/audit/audit_2.8.4.bb b/recipes-security/audit/audit_2.8.4.bb index c756552..c29bb74 100644 --- a/recipes-security/audit/audit_2.8.4.bb +++ b/recipes-security/audit/audit_2.8.4.bb
@@ -11,6 +11,8 @@ SRC_URI = "http://people.redhat.com/sgrubb/${BPN}/${BPN}-${PV}.tar.gz \
11	file://audit-python-configure.patch \	11	file://audit-python-configure.patch \
12	file://audit-python.patch \	12	file://audit-python.patch \
13	file://fix-swig-host-contamination.patch \	13	file://fix-swig-host-contamination.patch \
		14	file://0001-Remove-strdupa-as-suggested-in-pull-request-25.patch \
		15	file://0002-Add-substitue-functions-for-strndupa-rawmemchr.patch \
14	file://auditd \	16	file://auditd \
15	file://auditd.service \	17	file://auditd.service \
16	file://audit-volatile.conf \	18	file://audit-volatile.conf \