From 8c6f87555056f23b137dbaa42d536eb372605c64781884428422bf9e5a10249d Mon Sep 17 00:00:00 2001 From: Enzo Matsumiya Date: Fri, 25 Mar 2022 14:41:23 +0000 Subject: [PATCH] Accepting request 964336 from home:dirkmueller:Factory - add audit-userspace-517-compat.patch OBS-URL: https://build.opensuse.org/request/show/964336 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=135 --- audit-secondary.changes | 5 +++++ audit-secondary.spec | 3 ++- audit-userspace-517-compat.patch | 38 ++++++++++++++++++++++++++++++++ audit.spec | 2 +- 4 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 audit-userspace-517-compat.patch diff --git a/audit-secondary.changes b/audit-secondary.changes index 098dda5..eb9deb0 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 23 16:37:06 UTC 2022 - Dirk Müller + +- add audit-userspace-517-compat.patch + ------------------------------------------------------------------- Mon Nov 29 13:13:56 UTC 2021 - Fabian Vogt diff --git a/audit-secondary.spec b/audit-secondary.spec index efed795..ca9799c 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -1,7 +1,7 @@ # # spec file for package audit-secondary # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -41,6 +41,7 @@ Patch8: change-default-log_format.patch Patch9: fix-hardened-service.patch Patch10: enable-stop-rules.patch Patch11: create-augenrules-service.patch +Patch12: audit-userspace-517-compat.patch BuildRequires: audit-devel = %{version} BuildRequires: autoconf >= 2.12 BuildRequires: gcc-c++ diff --git a/audit-userspace-517-compat.patch b/audit-userspace-517-compat.patch new file mode 100644 index 0000000..6d3b72e --- /dev/null +++ b/audit-userspace-517-compat.patch @@ -0,0 +1,38 @@ +From: Sergei Trofimovich +Date: Wed, 23 Mar 2022 07:27:05 +0000 +Subject: [PATCH] auditswig.i: avoid setter generation for audit_rule_data::buf +References: https://github.com/linux-audit/audit-userspace/issues/252 +Git-commit: https://github.com/linux-audit/audit-userspace/pull/253/commits/beed138222421a2eb4212d83cb889404bd7efc49 +Git-repo: [if different from https://github.com/linux-audit/audit-userspace.git] +Patch-mainline: submitted for review upstream + +As it's a flexible array generated code was never safe to use. +With kernel's https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed98ea2128b6fd83bce13716edf8f5fe6c47f574 +change it's a build failure now: + + audit> audit_wrap.c:5010:15: error: invalid use of flexible array member + audit> 5010 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); + audit> | ^ + +Let's avoid setter generation entirely. + +Closes: https://github.com/linux-audit/audit-userspace/issues/252 +--- + bindings/swig/src/auditswig.i | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i +index 21aafca31..9a2c5661d 100644 +--- a/bindings/swig/src/auditswig.i ++++ b/bindings/swig/src/auditswig.i +@@ -39,6 +39,10 @@ signed + #define __attribute(X) /*nothing*/ + typedef unsigned __u32; + typedef unsigned uid_t; ++/* Sidestep SWIG's limitation of handling c99 Flexible arrays by not: ++ * generating setters against them: https://github.com/swig/swig/issues/1699 ++ */ ++%ignore audit_rule_data::buf; + %include "/usr/include/linux/audit.h" + #define __extension__ /*nothing*/ + %include diff --git a/audit.spec b/audit.spec index 4f7a1a5..98109a9 100644 --- a/audit.spec +++ b/audit.spec @@ -1,7 +1,7 @@ # # spec file for package audit # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed