rpms/audit/devel audit-1.7.2-avc.patch, NONE, 1.1 audit-1.7.3-cmd.patch, NONE, 1.1 audit-1.7.3-prelude.patch, NONE, 1.1 audit.spec, 1.173, 1.174 sources, 1.114, 1.115
Steve Grubb (sgrubb)
fedora-extras-commits at redhat.com
Thu Apr 17 21:15:03 UTC 2008
- Previous message (by thread): rpms/speedcrunch/F-7 sources,1.4,1.5 speedcrunch.spec,1.8,1.9
- Next message (by thread): rpms/mkinitrd/devel .cvsignore, 1.189, 1.190 mkinitrd.spec, 1.268, 1.269 sources, 1.231, 1.232
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sgrubb
Update of /cvs/pkgs/rpms/audit/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14909
Modified Files:
audit.spec sources
Added Files:
audit-1.7.2-avc.patch audit-1.7.3-cmd.patch
audit-1.7.3-prelude.patch
Log Message:
* Tue Apr 08 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-2
- Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
audit-1.7.2-avc.patch:
--- NEW FILE audit-1.7.2-avc.patch ---
diff -urp audit-1.7.2.orig/src/ausearch-parse.c audit-1.7.2/src/ausearch-parse.c
--- audit-1.7.2.orig/src/ausearch-parse.c 2008-04-09 14:26:27.000000000 -0400
+++ audit-1.7.2/src/ausearch-parse.c 2008-04-17 10:44:10.000000000 -0400
@@ -1208,6 +1212,17 @@ static int parse_avc(const lnode *n, sea
term = str + 6;
}
}
+ if (event_filename) {
+ // do we have a path?
+ str = strstr(term, " path=");
+ if (str) {
+ str += 6;
+ rc = common_path_parser(s, str);
+ if (rc)
+ goto err;
+ term += 7;
+ }
+ }
if (event_subject) {
// scontext
str = strstr(term, "scontext=");
audit-1.7.3-cmd.patch:
--- NEW FILE audit-1.7.3-cmd.patch ---
diff -urp audit-1.7.2/lib/audit_logging.c audit-1.7.3/lib/audit_logging.c
--- audit-1.7.2/lib/audit_logging.c 2008-04-01 12:25:33.000000000 -0400
+++ audit-1.7.3/lib/audit_logging.c 2008-04-11 17:07:24.000000000 -0400
@@ -633,7 +633,6 @@ int audit_log_user_command(int audit_fd,
// We borrow the commname buffer
if (getcwd(commname, PATH_MAX) == NULL)
strcpy(commname, "?");
- strcpy(cwdname, commname);
p = commname;
len = strlen(commname);
while (*p) {
@@ -644,6 +643,8 @@ int audit_log_user_command(int audit_fd,
}
p++;
}
+ if (cwdenc == 0)
+ strcpy(cwdname, commname);
len = strlen(cmd);
// Trim the trailing carriage return and spaces
@@ -665,6 +666,8 @@ int audit_log_user_command(int audit_fd,
}
p++;
}
+ if (cmdenc == 0)
+ strcpy(commname, cmd);
free(cmd);
// Make the format string
audit-1.7.3-prelude.patch:
--- NEW FILE audit-1.7.3-prelude.patch ---
diff -urp audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c
--- audit-1.7.2.orig/audisp/plugins/prelude/audisp-prelude.c 2008-04-07 16:57:12.000000000 -0400
+++ audit-1.7.2/audisp/plugins/prelude/audisp-prelude.c 2008-04-17 16:27:51.000000000 -0400
@@ -228,7 +228,8 @@ int main(int argc, char *argv[])
return -1;
}
- syslog(LOG_INFO, "audisp-prelude is ready for events");
+ if (mode != M_TEST)
+ syslog(LOG_INFO, "audisp-prelude is ready for events");
do {
/* Load configuration */
if (hup) {
@@ -248,9 +249,10 @@ int main(int argc, char *argv[])
/* Flush any accumulated events from queue */
auparse_flush_feed(au);
- syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
if (mode == M_TEST)
puts("audisp-prelude is exiting on stop request");
+ else
+ syslog(LOG_INFO, "audisp-prelude is exiting on stop request");
/* Cleanup subsystems */
if (client)
@@ -1938,6 +1940,7 @@ static void handle_event(auparse_state_t
break;
case AUDIT_SYSCALL:
handle_watched_syscalls(au, &idmef, &alert);
+ goto_record_type(au, AUDIT_SYSCALL);
break;
default:
break;
Index: audit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/audit/devel/audit.spec,v
retrieving revision 1.173
retrieving revision 1.174
diff -u -r1.173 -r1.174
--- audit.spec 8 Apr 2008 17:28:30 -0000 1.173
+++ audit.spec 17 Apr 2008 21:14:24 -0000 1.174
@@ -1,17 +1,20 @@
%define sca_version 0.4.6
-%define sca_release 5
+%define sca_release 6
%define selinux_variants mls strict targeted
%define selinux_policyver 3.2.5
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
Summary: User space tools for 2.6 kernel auditing
Name: audit
-Version: 1.7.1
-Release: 1%{?dist}
+Version: 1.7.2
+Release: 2%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
+Patch1: audit-1.7.3-cmd.patch
+Patch2: audit-1.7.2-avc.patch
+Patch3: audit-1.7.3-prelude.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gettext-devel intltool libtool swig python-devel
BuildRequires: kernel-headers >= 2.6.18
@@ -95,6 +98,9 @@
%prep
%setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
mkdir zos-remote-policy
cp -p audisp/plugins/zos-remote/policy/audispd-zos-remote.* zos-remote-policy
@@ -106,9 +112,14 @@
cd zos-remote-policy
for selinuxvariant in %{selinux_variants}
do
- make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+ if [ "${selinuxvariant}" = "mls" ]; then
+ TYPE=mls-mls
+ else
+ TYPE=${selinuxvariant}-mcs
+ fi
+ make -f /usr/share/selinux/devel/Makefile
mv audispd-zos-remote.pp audispd-zos-remote.pp.${selinuxvariant}
- make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+ make -f /usr/share/selinux/devel/Makefile clean
done
cd -
@@ -315,6 +326,12 @@
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server
%changelog
+* Tue Apr 08 2008 Steve Grubb <sgrubb at redhat.com> 1.7.2-2
+- Fix overflow in audit_log_user_command, better (#438840)
+- ausearch was not matching path in avc records
+- audisp-prelude attempt to reposition index after examining each type
+- correct building of mls policy
+
* Tue Apr 08 2008 Steve Grubb <sgrubb at redhat.com> 1.7.1-1
- Fix buffer overflow in audit_log_user_command, again (#438840)
- Fix memory leak in EOE code in auditd (#440075)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/audit/devel/sources,v
retrieving revision 1.114
retrieving revision 1.115
diff -u -r1.114 -r1.115
--- sources 8 Apr 2008 17:10:03 -0000 1.114
+++ sources 17 Apr 2008 21:14:24 -0000 1.115
@@ -1 +1 @@
-c9d9fcfc19bdc131cc7bcf53b9b2dba4 audit-1.7.1.tar.gz
+1415749e73fbee34ff5f5f78ab92386a audit-1.7.2.tar.gz
- Previous message (by thread): rpms/speedcrunch/F-7 sources,1.4,1.5 speedcrunch.spec,1.8,1.9
- Next message (by thread): rpms/mkinitrd/devel .cvsignore, 1.189, 1.190 mkinitrd.spec, 1.268, 1.269 sources, 1.231, 1.232
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list