From 7e1b0e83b816985d641fcba464c6d05e8ec241408cba91d30cf05f5ee34bb8ea Mon Sep 17 00:00:00 2001 From: Enzo Matsumiya Date: Mon, 19 Dec 2022 19:54:31 +0000 Subject: [PATCH 1/3] Accepting request 1043243 from home:ematsumiya:branches:security - Enable build for ARM (32-bit) - Update to version 3.0.9: * In auditd, release the async flush lock on stop * Don't allow auditd to log directly into /var/log when log_group is non-zero * Cleanup krb5 memory leaks on error paths * Update auditd.cron to use auditctl --signal * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) * In auparse, special case kernel module name interpretation * If overflow_action is ignore, don't treat as an error (3.0.8) * Add gcc function attributes for access and allocation * Add some more man pages (MIZUTA Takeshi) * In auditd, change the reinitializing of the plugin queue * Fix path normalization in auparse (Sergio Correia) * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) * Drop ProtectHome from auditd.service as it interferes with rules (3.0.7) * Add support for the OPENAT2 record type (Richard Guy Briggs) * In auditd, close the logging file descriptor when logging is suspended * Update the capabilities lookup table to match 5.16 kernel * Improve interpretation of renamat & faccessat family of syscalls * Update syscall table for the 5.16 kernel * Reduce dependency from initscripts to initscripts-service - Refresh patches (context adjusment): * audit-allow-manual-stop.patch * audit-ausearch-do-not-require-tclass.patch * audit-no-gss.patch * enable-stop-rules.patch * fix-hardened-service.patch * harden_auditd.service.patch - Remove patches (fixed by version update): * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch - Enable build for ARM (32-bit) - Update to version 3.0.9: * In auditd, release the async flush lock on stop * Don't allow auditd to log directly into /var/log when log_group is non-zero * Cleanup krb5 memory leaks on error paths * Update auditd.cron to use auditctl --signal * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) * In auparse, special case kernel module name interpretation * If overflow_action is ignore, don't treat as an error (3.0.8) * Add gcc function attributes for access and allocation * Add some more man pages (MIZUTA Takeshi) * In auditd, change the reinitializing of the plugin queue * Fix path normalization in auparse (Sergio Correia) * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) * Drop ProtectHome from auditd.service as it interferes with rules (3.0.7) * Add support for the OPENAT2 record type (Richard Guy Briggs) * In auditd, close the logging file descriptor when logging is suspended * Update the capabilities lookup table to match 5.16 kernel * Improve interpretation of renamat & faccessat family of syscalls * Update syscall table for the 5.16 kernel * Reduce dependency from initscripts to initscripts-service - Refresh patches (context adjusment): * audit-allow-manual-stop.patch * audit-ausearch-do-not-require-tclass.patch * audit-no-gss.patch * enable-stop-rules.patch * fix-hardened-service.patch * harden_auditd.service.patch - Remove patches (fixed by version update): * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch OBS-URL: https://build.opensuse.org/request/show/1043243 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=141 --- audit-3.0.9.tar.gz | 3 ++ audit-allow-manual-stop.patch | 10 +++--- audit-ausearch-do-not-require-tclass.patch | 8 +++-- audit-no-gss.patch | 8 +++-- audit-secondary.changes | 38 ++++++++++++++++++++ audit-secondary.spec | 7 ++-- audit.changes | 40 +++++++++++++++++++++- audit.spec | 5 ++- create-augenrules-service.patch | 37 ++++++++++---------- enable-stop-rules.patch | 8 ++--- fix-hardened-service.patch | 8 +++-- harden_auditd.service.patch | 10 +++--- 12 files changed, 138 insertions(+), 44 deletions(-) create mode 100644 audit-3.0.9.tar.gz diff --git a/audit-3.0.9.tar.gz b/audit-3.0.9.tar.gz new file mode 100644 index 0000000..3595002 --- /dev/null +++ b/audit-3.0.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd9570444df1573a274ca8ba23590082298a083cfc0618138957f590e845bc78 +size 1210655 diff --git a/audit-allow-manual-stop.patch b/audit-allow-manual-stop.patch index 01399fe..82663c3 100644 --- a/audit-allow-manual-stop.patch +++ b/audit-allow-manual-stop.patch @@ -11,13 +11,15 @@ SUSE since we lack the ability to use a custom stop/restart init.d/auditd.service | 1 - 1 file changed, 1 deletion(-) ---- a/init.d/auditd.service -+++ b/init.d/auditd.service -@@ -11,7 +11,6 @@ +Index: audit-3.0.9/init.d/auditd.service +=================================================================== +--- audit-3.0.9.orig/init.d/auditd.service ++++ audit-3.0.9/init.d/auditd.service +@@ -11,7 +11,6 @@ After=local-fs.target systemd-tmpfiles-s Before=sysinit.target shutdown.target ##Before=shutdown.target Conflicts=shutdown.target -RefuseManualStop=yes ConditionKernelCommandLine=!audit=0 - Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation + ConditionKernelCommandLine=!audit=off diff --git a/audit-ausearch-do-not-require-tclass.patch b/audit-ausearch-do-not-require-tclass.patch index 251860c..91c8fe7 100644 --- a/audit-ausearch-do-not-require-tclass.patch +++ b/audit-ausearch-do-not-require-tclass.patch @@ -9,9 +9,11 @@ Signed-off-by: Tony Jones src/ausearch-parse.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) ---- a/src/ausearch-parse.c -+++ b/src/ausearch-parse.c -@@ -2061,17 +2061,15 @@ other_avc: +Index: audit-3.0.9/src/ausearch-parse.c +=================================================================== +--- audit-3.0.9.orig/src/ausearch-parse.c ++++ audit-3.0.9/src/ausearch-parse.c +@@ -2062,17 +2062,15 @@ other_avc: // Now get the class...its at the end, so we do things different str = strstr(term, "tclass="); diff --git a/audit-no-gss.patch b/audit-no-gss.patch index 10c50af..feadd9c 100644 --- a/audit-no-gss.patch +++ b/audit-no-gss.patch @@ -9,8 +9,10 @@ but need manual removal here. init.d/auditd.conf | 3 --- 1 file changed, 3 deletions(-) ---- a/init.d/auditd.conf -+++ b/init.d/auditd.conf +Index: audit-3.0.9/init.d/auditd.conf +=================================================================== +--- audit-3.0.9.orig/init.d/auditd.conf ++++ audit-3.0.9/init.d/auditd.conf @@ -30,8 +30,6 @@ tcp_max_per_addr = 1 ##tcp_client_ports = 1024-65535 tcp_client_max_idle = 0 @@ -18,5 +20,5 @@ but need manual removal here. -krb5_principal = auditd -##krb5_key_file = /etc/audit/audit.key distribute_network = no - q_depth = 1200 + q_depth = 2000 overflow_action = SYSLOG diff --git a/audit-secondary.changes b/audit-secondary.changes index 8456660..5a41a9b 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya + +- Enable build for ARM (32-bit) +- Update to version 3.0.9: + * In auditd, release the async flush lock on stop + * Don't allow auditd to log directly into /var/log when log_group is non-zero + * Cleanup krb5 memory leaks on error paths + * Update auditd.cron to use auditctl --signal + * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) + * In auparse, special case kernel module name interpretation + * If overflow_action is ignore, don't treat as an error + (3.0.8) + * Add gcc function attributes for access and allocation + * Add some more man pages (MIZUTA Takeshi) + * In auditd, change the reinitializing of the plugin queue + * Fix path normalization in auparse (Sergio Correia) + * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) + * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) + * Drop ProtectHome from auditd.service as it interferes with rules + (3.0.7) + * Add support for the OPENAT2 record type (Richard Guy Briggs) + * In auditd, close the logging file descriptor when logging is suspended + * Update the capabilities lookup table to match 5.16 kernel + * Improve interpretation of renamat & faccessat family of syscalls + * Update syscall table for the 5.16 kernel + * Reduce dependency from initscripts to initscripts-service +- Refresh patches (context adjusment): + * audit-allow-manual-stop.patch + * audit-ausearch-do-not-require-tclass.patch + * audit-no-gss.patch + * enable-stop-rules.patch + * fix-hardened-service.patch + * harden_auditd.service.patch +- Remove patches (fixed by version update): + * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch + * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch + ------------------------------------------------------------------- Mon Apr 11 20:44:34 UTC 2022 - Jan Engelhardt diff --git a/audit-secondary.spec b/audit-secondary.spec index fb309b1..4481040 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -22,7 +22,7 @@ # The seperation is required to minimize unnecessary build cycles. %define _name audit Name: audit-secondary -Version: 3.0.6 +Version: 3.0.9 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later @@ -42,8 +42,6 @@ Patch9: fix-hardened-service.patch Patch10: enable-stop-rules.patch Patch11: create-augenrules-service.patch Patch12: audit-userspace-517-compat.patch -Patch13: audisp-remote-fix-hang-with-disk_low_action-suspend-.patch -Patch14: libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch BuildRequires: audit-devel = %{version} BuildRequires: autoconf >= 2.12 BuildRequires: kernel-headers >= 2.6.30 @@ -146,6 +144,9 @@ export LDFLAGS="-Wl,-z,relro,-z,now" %configure \ %ifarch aarch64 --with-aarch64 \ +%endif +%ifarch arm + --with-arm \ %endif --enable-systemd \ --libexecdir=%{_libexecdir}/%{_name} \ diff --git a/audit.changes b/audit.changes index b59e61a..22981df 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya + +- Enable build for ARM (32-bit) +- Update to version 3.0.9: + * In auditd, release the async flush lock on stop + * Don't allow auditd to log directly into /var/log when log_group is non-zero + * Cleanup krb5 memory leaks on error paths + * Update auditd.cron to use auditctl --signal + * In auparse, if too many fields, realloc array bigger (Paul Wolneykien) + * In auparse, special case kernel module name interpretation + * If overflow_action is ignore, don't treat as an error + (3.0.8) + * Add gcc function attributes for access and allocation + * Add some more man pages (MIZUTA Takeshi) + * In auditd, change the reinitializing of the plugin queue + * Fix path normalization in auparse (Sergio Correia) + * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya) + * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya) + * Drop ProtectHome from auditd.service as it interferes with rules + (3.0.7) + * Add support for the OPENAT2 record type (Richard Guy Briggs) + * In auditd, close the logging file descriptor when logging is suspended + * Update the capabilities lookup table to match 5.16 kernel + * Improve interpretation of renamat & faccessat family of syscalls + * Update syscall table for the 5.16 kernel + * Reduce dependency from initscripts to initscripts-service +- Refresh patches (context adjusment): + * audit-allow-manual-stop.patch + * audit-ausearch-do-not-require-tclass.patch + * audit-no-gss.patch + * enable-stop-rules.patch + * fix-hardened-service.patch + * harden_auditd.service.patch +- Remove patches (fixed by version update): + * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch + * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch + ------------------------------------------------------------------- Mon Apr 11 20:45:33 UTC 2022 - Jan Engelhardt @@ -1013,8 +1051,8 @@ Mon May 11 17:20:28 CEST 2009 - tonyj@suse.de - Add --exit search option to ausearch - Fix parsing config file when kerberos is disabled -------------------------------------------------------------------- +------------------------------------------------------------------- Tue Apr 14 14:52:39 CEST 2009 - dmueller@suse.de - refresh patches diff --git a/audit.spec b/audit.spec index 5c6b237..4e077bb 100644 --- a/audit.spec +++ b/audit.spec @@ -17,7 +17,7 @@ Name: audit -Version: 3.0.6 +Version: 3.0.9 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later @@ -85,6 +85,9 @@ export LDFLAGS="-Wl,-z,relro,-z,now" %configure \ %ifarch aarch64 --with-aarch64 \ +%endif +%ifarch arm + --with-arm \ %endif --enable-systemd \ --libexecdir=%{_libexecdir}/%{name} \ diff --git a/create-augenrules-service.patch b/create-augenrules-service.patch index f876a69..72c8745 100644 --- a/create-augenrules-service.patch +++ b/create-augenrules-service.patch @@ -1,7 +1,7 @@ -Index: audit-3.0.6/init.d/augenrules.service +Index: audit-3.0.9/init.d/augenrules.service =================================================================== --- /dev/null -+++ audit-3.0.6/init.d/augenrules.service ++++ audit-3.0.9/init.d/augenrules.service @@ -0,0 +1,29 @@ +[Unit] +Description=auditd rules generation @@ -32,13 +32,13 @@ Index: audit-3.0.6/init.d/augenrules.service +ProtectKernelTunables=true +ProtectKernelLogs=true +ReadWritePaths=/etc/audit -Index: audit-3.0.6/init.d/auditd.service +Index: audit-3.0.9/init.d/auditd.service =================================================================== ---- audit-3.0.6.orig/init.d/auditd.service -+++ audit-3.0.6/init.d/auditd.service -@@ -13,15 +13,16 @@ Before=sysinit.target shutdown.target - Conflicts=shutdown.target - ConditionKernelCommandLine=!audit=0 +--- audit-3.0.9.orig/init.d/auditd.service ++++ audit-3.0.9/init.d/auditd.service +@@ -15,15 +15,16 @@ ConditionKernelCommandLine=!audit=0 + ConditionKernelCommandLine=!audit=off + Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation +Requires=augenrules.service +# This unit clears rules on stop, so make sure that augenrules runs again @@ -57,7 +57,7 @@ Index: audit-3.0.6/init.d/auditd.service #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules # By default we clear the rules on exit. To disable this, comment # the next line after copying the file to /etc/systemd/system/auditd.service -@@ -45,7 +46,6 @@ ProtectClock=true +@@ -46,7 +47,6 @@ ProtectClock=true ProtectKernelTunables=true ProtectKernelLogs=true # end of automatic additions @@ -65,28 +65,29 @@ Index: audit-3.0.6/init.d/auditd.service [Install] WantedBy=multi-user.target -Index: audit-3.0.6/init.d/Makefile.am +Index: audit-3.0.9/init.d/Makefile.am =================================================================== ---- audit-3.0.6.orig/init.d/Makefile.am -+++ audit-3.0.6/init.d/Makefile.am -@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service +--- audit-3.0.9.orig/init.d/Makefile.am ++++ audit-3.0.9/init.d/Makefile.am +@@ -26,7 +26,8 @@ EXTRA_DIST = auditd.init auditd.service auditd.cron libaudit.conf auditd.condrestart \ auditd.reload auditd.restart auditd.resume \ auditd.rotate auditd.state auditd.stop \ -- audit-stop.rules augenrules -+ audit-stop.rules augenrules augenrules.service +- audit-stop.rules augenrules audit-functions ++ audit-stop.rules augenrules audit-functions \ ++ augenrules.service libconfig = libaudit.conf if ENABLE_SYSTEMD initdir = /usr/lib/systemd/system -@@ -53,6 +53,7 @@ if ENABLE_SYSTEMD - mkdir -p ${DESTDIR}${initdir} +@@ -54,6 +55,7 @@ if ENABLE_SYSTEMD mkdir -p ${DESTDIR}${legacydir} + mkdir -p ${DESTDIR}${libexecdir} $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/auditd.service ${DESTDIR}${initdir} + $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/augenrules.service ${DESTDIR}${initdir} $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate ${DESTDIR}${legacydir}/rotate $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume ${DESTDIR}${legacydir}/resume $(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.reload ${DESTDIR}${legacydir}/reload -@@ -70,6 +71,7 @@ uninstall-hook: +@@ -72,6 +74,7 @@ uninstall-hook: rm ${DESTDIR}${sysconfdir}/${libconfig} if ENABLE_SYSTEMD rm ${DESTDIR}${initdir}/auditd.service diff --git a/enable-stop-rules.patch b/enable-stop-rules.patch index 9d405f0..5ef0d37 100644 --- a/enable-stop-rules.patch +++ b/enable-stop-rules.patch @@ -11,11 +11,11 @@ Disable audit when auditd.service stops, so kauditd stops logging/running. Signed-off-by: Enzo Matsumiya -Index: audit-3.0.6/init.d/auditd.service +Index: audit-3.0.9/init.d/auditd.service =================================================================== ---- audit-3.0.6.orig/init.d/auditd.service -+++ audit-3.0.6/init.d/auditd.service -@@ -23,9 +23,9 @@ ExecStart=/sbin/auditd +--- audit-3.0.9.orig/init.d/auditd.service ++++ audit-3.0.9/init.d/auditd.service +@@ -25,9 +25,9 @@ ExecStart=/sbin/auditd ## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/ ExecStartPost=-/sbin/augenrules --load #ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules diff --git a/fix-hardened-service.patch b/fix-hardened-service.patch index 34f97c1..0fe1648 100644 --- a/fix-hardened-service.patch +++ b/fix-hardened-service.patch @@ -12,9 +12,11 @@ Also remove PrivateDevices=true so /dev/* are exposed to auditd. Signed-off-by: Enzo Matsumiya ---- a/init.d/auditd.service -+++ b/init.d/auditd.service -@@ -37,12 +37,12 @@ RestrictRealtime=true +Index: audit-3.0.9/init.d/auditd.service +=================================================================== +--- audit-3.0.9.orig/init.d/auditd.service ++++ audit-3.0.9/init.d/auditd.service +@@ -41,12 +41,12 @@ RestrictRealtime=true # added automatically, for details please see # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full diff --git a/harden_auditd.service.patch b/harden_auditd.service.patch index 8dc1528..3e3ad0f 100644 --- a/harden_auditd.service.patch +++ b/harden_auditd.service.patch @@ -1,8 +1,10 @@ ---- a/init.d/auditd.service -+++ b/init.d/auditd.service -@@ -34,6 +34,15 @@ ProtectControlGroups=true +Index: audit-3.0.9/init.d/auditd.service +=================================================================== +--- audit-3.0.9.orig/init.d/auditd.service ++++ audit-3.0.9/init.d/auditd.service +@@ -38,6 +38,15 @@ LockPersonality=true + ProtectControlGroups=true ProtectKernelModules=true - ProtectHome=true RestrictRealtime=true +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort From 70202c4f18901990c0c08872024ffc979f79794d38bf6526f541309be96de7e2 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Tue, 31 Jan 2023 13:00:20 +0000 Subject: [PATCH 2/3] Accepting request 1051400 from home:lnussel:usrmerge - Replace transitional %usrmerged macro with regular version check (boo#1206798) OBS-URL: https://build.opensuse.org/request/show/1051400 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=142 --- audit-secondary.changes | 5 +++++ audit-secondary.spec | 6 +++--- audit.spec | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/audit-secondary.changes b/audit-secondary.changes index 5a41a9b..f1c1137 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Dec 27 10:21:56 UTC 2022 - Ludwig Nussel + +- Replace transitional %usrmerged macro with regular version check (boo#1206798) + ------------------------------------------------------------------- Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya diff --git a/audit-secondary.spec b/audit-secondary.spec index 4481040..1315a16 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -1,7 +1,7 @@ # # spec file for package audit-secondary # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -199,7 +199,7 @@ rm -f %{buildroot}/%{_mandir}/man5/libaudit.conf.5 rm -rf %{buildroot}/%{_mandir}/man3 # Cleanup plugins #USR-MERGE -%if !0%{?usrmerged} +%if 0%{?suse_version} < 1550 mkdir %{buildroot}/sbin/ for prog in auditctl auditd ausearch autrace aureport augenrules; do ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog @@ -258,7 +258,7 @@ fi %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz -%if !0%{?usrmerged} +%if 0%{?suse_version} < 1550 /sbin/auditctl /sbin/auditd /sbin/ausearch diff --git a/audit.spec b/audit.spec index 4e077bb..ac8a617 100644 --- a/audit.spec +++ b/audit.spec @@ -1,7 +1,7 @@ # # spec file for package audit # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed From e33aeccfc568d3c03809d199155730dad0757008e5d2dddde176628397cf9bf1 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Thu, 16 Feb 2023 11:01:07 +0000 Subject: [PATCH 3/3] clean up stale archiv and removed patches OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=143 --- ...x-hang-with-disk_low_action-suspend-.patch | 31 --------- audit-3.0.6.tar.gz | 3 - ...andled-ECONNREFUSED-from-getpwnam-25.patch | 64 ------------------- 3 files changed, 98 deletions(-) delete mode 100644 audisp-remote-fix-hang-with-disk_low_action-suspend-.patch delete mode 100644 audit-3.0.6.tar.gz delete mode 100644 libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch diff --git a/audisp-remote-fix-hang-with-disk_low_action-suspend-.patch b/audisp-remote-fix-hang-with-disk_low_action-suspend-.patch deleted file mode 100644 index 8d03c49..0000000 --- a/audisp-remote-fix-hang-with-disk_low_action-suspend-.patch +++ /dev/null @@ -1,31 +0,0 @@ -From b6c474b22f6e76969221138d0d9ec8d97cb217ee Mon Sep 17 00:00:00 2001 -From: Enzo Matsumiya -Date: Thu, 24 Mar 2022 23:38:24 -0300 -Subject: [PATCH] audisp-remote: fix hang with disk_low_action=suspend (#254) - -If auditd.conf has disk_low_action=suspend and the partition where the -log is triggers the disk_low_action, audisp-remote will hang in -infinite loop. - -Fixes: 10dde069d1ac ("Dont look for stop on exit while draining the queue") -Signed-off-by: Enzo Matsumiya ---- - audisp/plugins/remote/audisp-remote.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/audisp/plugins/remote/audisp-remote.c b/audisp/plugins/remote/audisp-remote.c -index b7e610e8ca32..3be91b3d5190 100644 ---- a/audisp/plugins/remote/audisp-remote.c -+++ b/audisp/plugins/remote/audisp-remote.c -@@ -619,7 +619,7 @@ int main(int argc, char *argv[]) - - // If stdin is a pipe, then flush the queue - if (is_pipe(0)) { -- while (q_queue_length(queue) && transport_ok) -+ while (q_queue_length(queue) && !suspend && transport_ok) - send_one(queue); - } - --- -2.35.1 - diff --git a/audit-3.0.6.tar.gz b/audit-3.0.6.tar.gz deleted file mode 100644 index 9d3e3a5..0000000 --- a/audit-3.0.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c3e44d77513a42401d417dd0ceb203cf23886cb89402dea7b9494faa3f4fcc5e -size 1190011 diff --git a/libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch b/libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch deleted file mode 100644 index cce6813..0000000 --- a/libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 614edbe52180698c5b447ff4c3e7031ff0721683 Mon Sep 17 00:00:00 2001 -From: Enzo Matsumiya -Date: Thu, 24 Mar 2022 23:36:53 -0300 -Subject: [PATCH] libaudit: fix unhandled ECONNREFUSED from getpwnam() (#255) - -From: Luis Galdos - -In some very specific scenarios with LDAP + network issues, -getpwnam() and getgrnam() might return ECONNREFUSED. - -Up in the call chain to audit_name_to_uid()/audit_name_to_gid(), -ECONNREFUSED will be handled as kernel auditd is not running, -showing "The audit system is disabled" and stopping parsing rules. - -This patch manually sets errno to ENOENT after those affected calls, in -case they fail, so rule parsing can continue cleanly. - -Signed-off-by: Enzo Matsumiya ---- - lib/libaudit.c | 17 +++++++++++++++-- - 1 file changed, 15 insertions(+), 2 deletions(-) - -diff --git a/lib/libaudit.c b/lib/libaudit.c -index 54e276156ef0..41303c244aee 100644 ---- a/lib/libaudit.c -+++ b/lib/libaudit.c -@@ -1830,9 +1830,17 @@ static int audit_name_to_uid(const char *name, uid_t *uid) - { - struct passwd *pw; - -+ errno = 0; - pw = getpwnam(name); -- if (pw == NULL) -+ if (pw == NULL) { -+ /* getpwnam() might return ECONNREFUSED in some very -+ * specific cases when using LDAP. -+ * Manually set it to ENOENT so callers don't get confused -+ * with netlink's ECONNREFUSED */ -+ if (errno == ECONNREFUSED) -+ errno = ENOENT; - return 1; -+ } - - memset(pw->pw_passwd, ' ', strlen(pw->pw_passwd)); - *uid = pw->pw_uid; -@@ -1843,9 +1851,14 @@ static int audit_name_to_gid(const char *name, gid_t *gid) - { - struct group *gr; - -+ errno = 0; - gr = getgrnam(name); -- if (gr == NULL) -+ if (gr == NULL) { -+ /* See above for explanation. */ -+ if (errno == ECONNREFUSED) -+ errno = ENOENT; - return 1; -+ } - - *gid = gr->gr_gid; - return 0; --- -2.35.1 -