SHA256
3
0
forked from pool/audit

clean up stale archiv and removed patches

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=143
This commit is contained in:
Robert Frohl 2023-02-16 11:01:07 +00:00 committed by Git OBS Bridge
parent 70202c4f18
commit e33aeccfc5
3 changed files with 0 additions and 98 deletions

View File

@ -1,31 +0,0 @@
From b6c474b22f6e76969221138d0d9ec8d97cb217ee Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.com>
Date: Thu, 24 Mar 2022 23:38:24 -0300
Subject: [PATCH] audisp-remote: fix hang with disk_low_action=suspend (#254)
If auditd.conf has disk_low_action=suspend and the partition where the
log is triggers the disk_low_action, audisp-remote will hang in
infinite loop.
Fixes: 10dde069d1ac ("Dont look for stop on exit while draining the queue")
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
audisp/plugins/remote/audisp-remote.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/audisp/plugins/remote/audisp-remote.c b/audisp/plugins/remote/audisp-remote.c
index b7e610e8ca32..3be91b3d5190 100644
--- a/audisp/plugins/remote/audisp-remote.c
+++ b/audisp/plugins/remote/audisp-remote.c
@@ -619,7 +619,7 @@ int main(int argc, char *argv[])
// If stdin is a pipe, then flush the queue
if (is_pipe(0)) {
- while (q_queue_length(queue) && transport_ok)
+ while (q_queue_length(queue) && !suspend && transport_ok)
send_one(queue);
}
--
2.35.1

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c3e44d77513a42401d417dd0ceb203cf23886cb89402dea7b9494faa3f4fcc5e
size 1190011

View File

@ -1,64 +0,0 @@
From 614edbe52180698c5b447ff4c3e7031ff0721683 Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.com>
Date: Thu, 24 Mar 2022 23:36:53 -0300
Subject: [PATCH] libaudit: fix unhandled ECONNREFUSED from getpwnam() (#255)
From: Luis Galdos <luis.galdos@suse.com>
In some very specific scenarios with LDAP + network issues,
getpwnam() and getgrnam() might return ECONNREFUSED.
Up in the call chain to audit_name_to_uid()/audit_name_to_gid(),
ECONNREFUSED will be handled as kernel auditd is not running,
showing "The audit system is disabled" and stopping parsing rules.
This patch manually sets errno to ENOENT after those affected calls, in
case they fail, so rule parsing can continue cleanly.
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
---
lib/libaudit.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/lib/libaudit.c b/lib/libaudit.c
index 54e276156ef0..41303c244aee 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -1830,9 +1830,17 @@ static int audit_name_to_uid(const char *name, uid_t *uid)
{
struct passwd *pw;
+ errno = 0;
pw = getpwnam(name);
- if (pw == NULL)
+ if (pw == NULL) {
+ /* getpwnam() might return ECONNREFUSED in some very
+ * specific cases when using LDAP.
+ * Manually set it to ENOENT so callers don't get confused
+ * with netlink's ECONNREFUSED */
+ if (errno == ECONNREFUSED)
+ errno = ENOENT;
return 1;
+ }
memset(pw->pw_passwd, ' ', strlen(pw->pw_passwd));
*uid = pw->pw_uid;
@@ -1843,9 +1851,14 @@ static int audit_name_to_gid(const char *name, gid_t *gid)
{
struct group *gr;
+ errno = 0;
gr = getgrnam(name);
- if (gr == NULL)
+ if (gr == NULL) {
+ /* See above for explanation. */
+ if (errno == ECONNREFUSED)
+ errno = ENOENT;
return 1;
+ }
*gid = gr->gr_gid;
return 0;
--
2.35.1