From 50c40a8f6ab80600cf095855ecd7aa972cb6eac3 Mon Sep 17 00:00:00 2001 From: Henri Rosten Date: Wed, 12 Apr 2023 13:00:22 +0300 Subject: audit: 2.8.5 -> 3.1 Signed-off-by: Henri Rosten --- pkgs/os-specific/linux/audit/default.nix | 44 +----- pkgs/os-specific/linux/audit/fix-static.patch | 12 ++ .../linux/audit/patches/weak-symbols.patch | 147 --------------------- 3 files changed, 15 insertions(+), 188 deletions(-) create mode 100644 pkgs/os-specific/linux/audit/fix-static.patch delete mode 100644 pkgs/os-specific/linux/audit/patches/weak-symbols.patch diff --git a/pkgs/os-specific/linux/audit/default.nix b/pkgs/os-specific/linux/audit/default.nix index bda8d8ab30c..34043ce083c 100644 --- a/pkgs/os-specific/linux/audit/default.nix +++ b/pkgs/os-specific/linux/audit/default.nix @@ -12,11 +12,11 @@ stdenv.mkDerivation rec { pname = "audit"; - version = "2.8.5"; # at the next release, remove the patches below! + version = "3.1"; src = fetchurl { url = "https://people.redhat.com/sgrubb/audit/audit-${version}.tar.gz"; - sha256 = "1dzcwb2q78q7x41shcachn7f4aksxbxd470yk38zh03fch1l2p8f"; + sha256 = "sha256-tc882rsnhsCLHeNZmjsaVH5V96n5wesgePW0TPROg3g="; }; outputs = [ "bin" "dev" "out" "man" ]; @@ -37,40 +37,9 @@ stdenv.mkDerivation rec { ]; enableParallelBuilding = true; - - # TODO: Remove the musl patches when - # https://github.com/linux-audit/audit-userspace/pull/25 - # is available with the next release. patches = [ - ./patches/weak-symbols.patch - (fetchpatch { - # upstream build fix against -fno-common compilers like >=gcc-10 - url = "https://github.com/linux-audit/audit-userspace/commit/017e6c6ab95df55f34e339d2139def83e5dada1f.patch"; - sha256 = "100xa1rzkv0mvhjbfgpfm72f7c4p68syflvgc3xm6pxgrqqmfq8h"; - }) + ./fix-static.patch - ( - let patch = fetchpatch { - url = "https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e.patch"; - name = "Add-substitue-functions-for-strndupa-rawmemchr.patch"; - sha256 = "015bvzflg1s1k5viap30nznlpjj44a66khyc8yq0waa68qwvdlsd"; - }; - in - runCommand "Add-substitue-functions-for-strndupa-rawmemchr.patch-fix-copyright-merge-conflict" {} '' - cp ${patch} $out - substituteInPlace $out --replace \ - '-* Copyright (c) 2007-09,2011-16,2018 Red Hat Inc., Durham, North Carolina.' \ - '-* Copyright (c) 2007-09,2011-16 Red Hat Inc., Durham, North Carolina.' - '' - ) - - # upstream fix for linux-headers-5.15 which removed ipx.h - (fetchpatch { - name = "no-ipx.patch"; - url = "https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch"; - sha256 = "0qjq41ridyamajz9v9nyplgq7f8nn3fxw375s9sa5a0igsrx9pm0"; - excludes = [ "ChangeLog" ]; - }) # Fix pending upstream inclusion for linux-headers-5.17 support: # https://github.com/linux-audit/audit-userspace/pull/253 (fetchpatch { @@ -85,13 +54,6 @@ stdenv.mkDerivation rec { substituteInPlace bindings/swig/src/auditswig.i \ --replace "/usr/include/linux/audit.h" \ "${linuxHeaders}/include/linux/audit.h" - '' - # According to https://stackoverflow.com/questions/13089166 - # --whole-archive linker flag is required to be sure that linker - # correctly chooses strong version of symbol regardless of order of - # object files at command line. - + lib.optionalString stdenv.hostPlatform.isStatic '' - export LDFLAGS=-Wl,--whole-archive ''; meta = { description = "Audit Library"; diff --git a/pkgs/os-specific/linux/audit/fix-static.patch b/pkgs/os-specific/linux/audit/fix-static.patch new file mode 100644 index 00000000000..ce76fc3b87a --- /dev/null +++ b/pkgs/os-specific/linux/audit/fix-static.patch @@ -0,0 +1,12 @@ +--- a/auparse/auparse.h ++++ b/auparse/auparse.h +@@ -32,6 +32,9 @@ + # define __attr_dealloc(dealloc, argno) + # define __attr_dealloc_free + #endif ++#ifndef __attribute_malloc__ ++# define __attribute_malloc__ __attribute__ ((__malloc__)) ++#endif + + #ifdef __cplusplus + extern "C" { \ No newline at end of file diff --git a/pkgs/os-specific/linux/audit/patches/weak-symbols.patch b/pkgs/os-specific/linux/audit/patches/weak-symbols.patch deleted file mode 100644 index 301ea9a5476..00000000000 --- a/pkgs/os-specific/linux/audit/patches/weak-symbols.patch +++ /dev/null @@ -1,147 +0,0 @@ -Executables in src/ directory are built from source files in src/ -and are linked to libauparse, with both src/auditd-config.c and -auparse/auditd-config.c defining "free_config" function. - -It is known (although obscure) behaviour of shared libraries that -symbol defined in binary itself overrides symbol in shared library; -with static linkage it expectedly results in multiple definition -error. - -This set of fixes explicitly marks libauparse versions of -conflicting functions as weak to have behaviour coherent with -dynamic linkage version -- definitions in src/ overriding definition -in auparse/. - -Still, this architecture is very strange and confusing. - -diff -r -U5 audit-2.8.5-orig/auparse/auditd-config.c audit-2.8.5/auparse/auditd-config.c ---- audit-2.8.5-orig/auparse/auditd-config.c 2019-03-01 20:19:13.000000000 +0000 -+++ audit-2.8.5/auparse/auditd-config.c 2021-01-13 11:36:12.716226498 +0000 -@@ -68,10 +68,11 @@ - }; - - /* - * Set everything to its default value - */ -+#pragma weak clear_config - void clear_config(struct daemon_conf *config) - { - config->local_events = 1; - config->qos = QOS_NON_BLOCKING; - config->sender_uid = 0; -@@ -322,10 +323,11 @@ - if (config->log_file == NULL) - return 1; - return 0; - } - -+#pragma weak free_config - void free_config(struct daemon_conf *config) - { - free((void*)config->log_file); - } - -diff -r -U5 audit-2.8.5-orig/auparse/interpret.c audit-2.8.5/auparse/interpret.c ---- audit-2.8.5-orig/auparse/interpret.c 2019-03-01 20:19:13.000000000 +0000 -+++ audit-2.8.5/auparse/interpret.c 2021-01-13 11:39:42.107217224 +0000 -@@ -545,10 +545,11 @@ - else - snprintf(buf, size, "unknown(%d)", uid); - return buf; - } - -+#pragma weak aulookup_destroy_uid_list - void aulookup_destroy_uid_list(void) - { - if (uid_cache_created == 0) - return; - -@@ -2810,10 +2811,11 @@ - - /* - * This is the main entry point for the auparse library. Call chain is: - * auparse_interpret_field -> nvlist_interp_cur_val -> interpret - */ -+#pragma weak interpret - const char *interpret(const rnode *r, auparse_esc_t escape_mode) - { - const nvlist *nv = &r->nv; - int type; - idata id; -diff -r -U5 audit-2.8.5-orig/auparse/nvlist.c audit-2.8.5/auparse/nvlist.c ---- audit-2.8.5-orig/auparse/nvlist.c 2019-02-04 14:26:52.000000000 +0000 -+++ audit-2.8.5/auparse/nvlist.c 2021-01-13 11:37:37.190222757 +0000 -@@ -27,10 +27,11 @@ - #include "nvlist.h" - #include "interpret.h" - #include "auparse-idata.h" - - -+#pragma weak nvlist_create - void nvlist_create(nvlist *l) - { - l->head = NULL; - l->cur = NULL; - l->cnt = 0; -@@ -47,17 +48,19 @@ - while (node->next) - node = node->next; - l->cur = node; - } - -+#pragma weak nvlist_next - nvnode *nvlist_next(nvlist *l) - { - if (l->cur) - l->cur = l->cur->next; - return l->cur; - } - -+#pragma weak nvlist_append - void nvlist_append(nvlist *l, nvnode *node) - { - nvnode* newnode = malloc(sizeof(nvnode)); - - newnode->name = node->name; -@@ -141,10 +144,11 @@ - if (l->cur->interp_val) - return l->cur->interp_val; - return interpret(r, escape_mode); - } - -+#pragma weak nvlist_clear - void nvlist_clear(nvlist* l) - { - nvnode* nextnode; - register nvnode* current; - -diff -r -U5 audit-2.8.5-orig/auparse/strsplit.c audit-2.8.5/auparse/strsplit.c ---- audit-2.8.5-orig/auparse/strsplit.c 2019-03-01 21:15:30.000000000 +0000 -+++ audit-2.8.5/auparse/strsplit.c 2021-01-13 11:38:04.306221556 +0000 -@@ -54,10 +54,11 @@ - return NULL; - return s; - } - } - -+#pragma weak audit_strsplit - char *audit_strsplit(char *s) - { - static char *str = NULL; - char *ptr; - -diff -r -U5 audit-2.8.5-orig/lib/strsplit.c audit-2.8.5/lib/strsplit.c ---- audit-2.8.5-orig/lib/strsplit.c 2019-03-01 20:19:13.000000000 +0000 -+++ audit-2.8.5/lib/strsplit.c 2021-01-13 11:38:29.444220443 +0000 -@@ -23,10 +23,11 @@ - - #include - #include "libaudit.h" - #include "private.h" - -+#pragma weak audit_strsplit_r - char *audit_strsplit_r(char *s, char **savedpp) - { - char *ptr; - - if (s) -- cgit 1.4.1