!106 backport upstream patches

From: @fangxiuning 
Reviewed-by: @huangzq6 
Signed-off-by: @huangzq6

audit.spec

@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.0.1
-Release:            12
+Release:            13
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -46,11 +46,16 @@ Patch34:         backport-Try-to-interpret-OPENAT2-fields-correctly.patch
 Patch35:         backport-Add-a-buffer-limit-just-in-case.patch
 Patch36:         backport-Teardown-SIGCONT-watcher-on-exit.patch
 Patch37:         backport-Correct-path-of-config-file.patch
-Patch38:	 backport-Fix-the-error-found-by-clang-tidy-313.patch
+Patch38:         backport-Fix-the-error-found-by-clang-tidy-313.patch
-Patch39:	 backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch
+Patch39:         backport-Fix-segfault-in-python-bindings-around-the-feed-API.patch
-Patch40:	 backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch
+Patch40:         backport-Rewrite-legacy-service-functions-in-terms-of-systemc.patch
-Patch41:	 backport-Error-out-if-required-zos-parameters-missing.patch
+Patch41:         backport-Error-out-if-required-zos-parameters-missing.patch
-Patch42:	 backport-Fix-deprecated-python-function.patch
+Patch42:         backport-Fix-deprecated-python-function.patch
+Patch43:         backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch
+Patch44:         backport-lib-enclose-macro-to-avoid-precedence-issues.patch
+Patch45:         backport-memory-allocation-updates-341.patch
+Patch46:         backport-lib-cast-to-unsigned-char-for-character-test-functio.patch
+Patch47:         backport-Make-session-id-consistently-typed-327.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -386,6 +391,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Fri Feb 2 2024 fangxiuning <fangxiuning@huawei.com> - 1:3.0.1-13
+- backport patches from upstream
+
 * Thu Dec 28 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.1-12
 - backport patches from upstream
 

backport-Make-session-id-consistently-typed-327.patch

@@ -0,0 +1,62 @@
+From 8359a7004de5e22c5a9b85c01c56e3b376d84a81 Mon Sep 17 00:00:00 2001                                       
+From: Michael Tautschnig <mt@debian.org>
+Date: Thu, 2 Nov 2023 21:53:29 +0100
+Subject: [PATCH] Make session id consistently typed (#327)
+
+This fixes type-conflicting definitions and declarations.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/8359a7004de5e22c5a9b85c01c56e3b376d84a81
+Conflict:src/ausearch-options.c
+
+---
+ src/aureport-options.c |  3 ++-
+ src/ausearch-options.c | 10 ++++++----
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/aureport-options.c b/src/aureport-options.c
+index 167157a..7a8d92a 100644
+--- a/src/aureport-options.c
++++ b/src/aureport-options.c
+@@ -61,7 +61,8 @@ const char *event_uuid = NULL;
+ const char *event_vmname = NULL;
+ long long event_exit = 0;
+ int event_exit_is_set = 0;
+-int event_ppid = -1, event_session_id = -2;
++pid_t event_ppid = -1;
++uint32_t event_session_id = -2;
+ int event_debug = 0, event_machine = -1;
+ time_t	arg_eoe_timeout = (time_t)0;
+ 
+diff --git a/src/ausearch-options.c b/src/ausearch-options.c
+index 5f6aace..eff0596 100644
+--- a/src/ausearch-options.c
++++ b/src/ausearch-options.c
+@@ -888,19 +888,21 @@ int check_params(int count, char *vars[])
+ 			size_t len = strlen(optarg);
+ 			if (isdigit(optarg[0])) {
+ 				errno = 0;
+-				event_session_id = strtoul(optarg,NULL,10);
+-				if (errno)
++				unsigned long optval = strtoul(optarg,NULL,10);
++				if (errno || optval >= (1ul << 32))
+ 					retval = -1;
++				event_session_id = optval;
+ 				c++;
+                         } else if (len >= 2 && *(optarg)=='-' &&
+                                                 (isdigit(optarg[1]))) {
+ 				errno = 0;
+-                                event_session_id = strtoul(optarg, NULL, 0);
+-				if (errno) {
++				long optval = strtol(optarg, NULL, 0);
++				if (errno || optval < INT_MIN || optval > INT_MAX) {
+ 					retval = -1;
+ 					fprintf(stderr, "Error converting %s\n",
+ 						optarg);
+ 				}
++				event_session_id = optval;
+ 				c++;
+ 			} else {
+ 				fprintf(stderr, 
+-- 
+2.33.0
+

backport-lib-cast-to-unsigned-char-for-character-test-functio.patch

@@ -0,0 +1,156 @@
+From 3aa3ccb2bb1c8804fbf43b260c93b65e831242c1 Mon Sep 17 00:00:00 2001                                                        
+From: cgzones <cgzones@googlemail.com>
+Date: Thu, 2 Nov 2023 21:20:40 +0100
+Subject: [PATCH] lib: cast to unsigned char for character test functions
+ (#338)
+
+Passing a value not representable by unsigned char is undefined
+behavior.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/3aa3ccb2bb1c8804fbf43b260c93b65e831242c1
+Conflict:lib/libaudit.c
+
+---
+ lib/libaudit.c     | 30 +++++++++++++++---------------
+ lib/lookup_table.c |  2 +-
+ 2 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/lib/libaudit.c b/lib/libaudit.c
+index 02c263e..5843ac0 100644
+--- a/lib/libaudit.c
++++ b/lib/libaudit.c
+@@ -1006,7 +1006,7 @@ int audit_rule_syscallbyname_data(struct audit_rule_data *rule,
+ 		return -2;
+ 	nr = audit_name_to_syscall(scall, machine);
+ 	if (nr < 0) {
+-		if (isdigit(scall[0]))
++		if (isdigit((unsigned char)scall[0]))
+ 			nr = strtol(scall, NULL, 0);
+ 	}
+ 	if (nr >= 0)
+@@ -1535,11 +1535,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 		case AUDIT_OBJ_UID:
+ 			// Do positive & negative separate for 32 bit systems
+ 			vlen = strlen(v);
+-			if (isdigit((char)*(v)))
++			if (isdigit((unsigned char)*(v)))
+ 				rule->values[rule->field_count] =
+ 					strtoul(v, NULL, 0);
+ 			else if (vlen >= 2 && *(v)=='-' &&
+-						(isdigit((char)*(v+1))))
++						(isdigit((unsigned char)*(v+1))))
+ 				rule->values[rule->field_count] =
+ 					strtol(v, NULL, 0);
+ 			else {
+@@ -1559,7 +1559,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 		case AUDIT_SGID:
+ 		case AUDIT_FSGID:
+ 		case AUDIT_OBJ_GID:
+-			if (isdigit((char)*(v)))
++			if (isdigit((unsigned char)*(v)))
+ 				rule->values[rule->field_count] =
+ 					strtol(v, NULL, 0);
+ 			else {
+@@ -1575,11 +1575,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 			if (flags != AUDIT_FILTER_EXIT)
+ 				return -EAU_EXITONLY;
+ 			vlen = strlen(v);
+-			if (isdigit((char)*(v)))
++			if (isdigit((unsigned char)*(v)))
+ 				rule->values[rule->field_count] =
+ 					strtol(v, NULL, 0);
+ 			else if (vlen >= 2 && *(v)=='-' &&
+-						(isdigit((char)*(v+1))))
++						(isdigit((unsigned char)*(v+1))))
+ 				rule->values[rule->field_count] =
+ 					strtol(v, NULL, 0);
+ 			else {
+@@ -1594,7 +1594,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 					flags != AUDIT_FILTER_USER)
+ 				return -EAU_MSGTYPEEXCLUDEUSER;
+ 
+-			if (isdigit((char)*(v)))
++			if (isdigit((unsigned char)*(v)))
+ 				rule->values[rule->field_count] =
+ 					strtol(v, NULL, 0);
+ 			else
+@@ -1665,7 +1665,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 				return -EAU_ARCHMISPLACED;
+ 			if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
+ 				return -EAU_OPEQNOTEQ;
+-			if (isdigit((char)*(v))) {
++			if (isdigit((unsigned char)*(v))) {
+ 				int machine;
+ 
+ 				errno = 0;
+@@ -1706,7 +1706,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 					return -EAU_STRTOOLONG;
+ 
+ 				for (i = 0; i < len; i++) {
+-					switch (tolower(v[i])) {
++					switch (tolower((unsigned char)v[i])) {
+ 						case 'r':
+ 							val |= AUDIT_PERM_READ;
+ 							break;
+@@ -1740,7 +1740,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 				return -EAU_FIELDUNAVAIL;
+ 			if (!(op == AUDIT_NOT_EQUAL || op == AUDIT_EQUAL))
+ 				return -EAU_OPEQNOTEQ;
+-			if (isdigit((char)*(v)))
++			if (isdigit((unsigned char)*(v)))
+ 				rule->values[rule->field_count] =
+ 					strtoul(v, NULL, 0);
+ 			else
+@@ -1753,11 +1753,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 			break;
+ 		case AUDIT_ARG0...AUDIT_ARG3:
+ 			vlen = strlen(v);
+-			if (isdigit((char)*(v)))
++			if (isdigit((unsigned char)*(v)))
+ 				rule->values[rule->field_count] =
+ 					strtoul(v, NULL, 0);
+ 			else if (vlen >= 2 && *(v)=='-' &&
+-						(isdigit((char)*(v+1))))
++						(isdigit((unsigned char)*(v+1))))
+ 				rule->values[rule->field_count] =
+ 					strtol(v, NULL, 0);
+ 			else
+@@ -1773,11 +1773,11 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 				return -EAU_FIELDNOFILTER;
+ 			// Do positive & negative separate for 32 bit systems
+ 			vlen = strlen(v);
+-			if (isdigit((char)*(v)))
++			if (isdigit((unsigned char)*(v)))
+ 				rule->values[rule->field_count] =
+ 					strtoul(v, NULL, 0);
+ 			else if (vlen >= 2 && *(v)=='-' &&
+-						(isdigit((char)*(v+1))))
++						(isdigit((unsigned char)*(v+1))))
+ 				rule->values[rule->field_count] =
+ 					strtol(v, NULL, 0);
+ 			else if (strcmp(v, "unset") == 0)
+@@ -1803,7 +1803,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const char *pair,
+ 			if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT))
+ 				return -EAU_EXITONLY;
+ 
+-			if (!isdigit((char)*(v)))
++			if (!isdigit((unsigned char)*(v)))
+ 				return -EAU_FIELDVALNUM;
+ 
+ 			if (field == AUDIT_INODE)
+diff --git a/lib/lookup_table.c b/lib/lookup_table.c
+index 23678a4..d97c5fb 100644
+--- a/lib/lookup_table.c
++++ b/lib/lookup_table.c
+@@ -223,7 +223,7 @@ int audit_name_to_msg_type(const char *msg_type)
+ 		strncpy(buf, msg_type + 8, len);
+ 		errno = 0;
+ 		return strtol(buf, NULL, 10);
+-	} else if (isdigit(*msg_type)) {
++	} else if (isdigit((unsigned char)*msg_type)) {
+ 		errno = 0;
+ 		return strtol(msg_type, NULL, 10);
+ 	}
+-- 
+2.33.0
+

backport-lib-close-audit-socket-in-load_feature_bitmap-334.patch

@@ -0,0 +1,35 @@
+From 3f928b21486369c495d9eaca46eb9d506ae576b3 Mon Sep 17 00:00:00 2001
+From: cgzones <cgzones@googlemail.com>
+Date: Wed, 1 Nov 2023 20:35:40 +0100
+Subject: [PATCH] lib: close audit socket in load_feature_bitmap() (#334)
+
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/3f928b21486369c495d9eaca46eb9d506ae576b3
+Conflict:NA
+
+---
+ lib/libaudit.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/libaudit.c b/lib/libaudit.c
+index ded3ab47..4c317c87 100644
+--- a/lib/libaudit.c
++++ b/lib/libaudit.c
+@@ -657,12 +657,14 @@ static void load_feature_bitmap(void)
+ 
+ 				/* Found it... */
+ 				features_bitmap = rep.status->feature_bitmap;
++				audit_close(fd);
+ 				return;
+ 			}
+ 		}
+ 	}
+ #endif
+ 	features_bitmap = AUDIT_FEATURES_UNSUPPORTED;
++	audit_close(fd);
+ }
+ 
+ uint32_t audit_get_features(void)
+-- 
+2.33.0
+

backport-lib-enclose-macro-to-avoid-precedence-issues.patch

@@ -0,0 +1,29 @@
+From e97c79260a2e7bdbf02c5162b0c40451c9555111 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Tue, 31 Oct 2023 16:49:10 +0100
+Subject: [PATCH] lib: enclose macro to avoid precedence issues
+
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/e97c79260a2e7bdbf02c5162b0c40451c9555111
+Conflict:NA
+
+---
+ lib/audit_logging.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/audit_logging.c b/lib/audit_logging.c
+index 8b8b6207..e8b79d3e 100644
+--- a/lib/audit_logging.c
++++ b/lib/audit_logging.c
+@@ -38,7 +38,7 @@
+ #include "private.h"
+ 
+ #define TTY_PATH	32
+-#define MAX_USER	(UT_NAMESIZE * 2) + 8
++#define MAX_USER	((UT_NAMESIZE * 2) + 8)
+ 
+ // NOTE: The kernel fills in pid, uid, and loginuid of sender. Therefore,
+ // these routines do not need to send them.
+-- 
+2.33.0
+

backport-memory-allocation-updates-341.patch

@@ -0,0 +1,56 @@
+From b92027ac9e29659483a5e920e548fe74126f72af Mon Sep 17 00:00:00 2001
+From: cgzones <cgzones@googlemail.com>
+Date: Wed, 1 Nov 2023 22:15:40 +0100
+Subject: [PATCH] memory allocation updates (#341)
+
+* Check memory allocation
+
+Avoid later NULL dereference.
+
+* Check memory allocation and merge zeroing
+
+Avoid later NULL dereference.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/b92027ac9e29659483a5e920e548fe74126f72af
+Conflict:NA
+
+---
+ auparse/interpret.c | 2 ++
+ lib/libaudit.c      | 7 +++++--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index ecde07ae..76ca2814 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -366,6 +366,8 @@ char *au_unescape(char *buf)
+ 	// strlen(buf) / 2.
+ 	olen = strlen(buf);
+ 	str = malloc(olen+1);
++	if (!str)
++		return NULL;
+ 
+         saved = *ptr;
+         *ptr = 0;
+diff --git a/lib/libaudit.c b/lib/libaudit.c
+index 6a42871b..d90d83b8 100644
+--- a/lib/libaudit.c
++++ b/lib/libaudit.c
+@@ -891,9 +891,12 @@ int audit_make_equivalent(int fd, const char *mount_point,
+ 	struct {
+ 		uint32_t sizes[2];
+ 		unsigned char buf[];
+-	} *cmd = malloc(sizeof(*cmd) + len1 + len2);
++	} *cmd = calloc(1, sizeof(*cmd) + len1 + len2);
+ 
+-	memset(cmd, 0, sizeof(*cmd) + len1 + len2);
++	if (!cmd) {
++		audit_msg(LOG_ERR, "Cannot allocate memory!");
++		return -ENOMEM;
++	}
+ 
+ 	cmd->sizes[0] = len1;
+ 	cmd->sizes[1] = len2;
+-- 
+2.33.0
+