diff options
author | Anderson Torres <torres.anderson.85@protonmail.com> | 2023-05-20 20:44:20 -0300 |
---|---|---|
committer | Anderson Torres <torres.anderson.85@protonmail.com> | 2023-05-22 18:54:00 -0300 |
commit | 7b4c521005a73d5b30f5947467e637e15c5c06a0 (patch) | |
tree | 2fa5a3d0dad141943c5e4cba80d86dd836e58ff3 /pkgs/os-specific/linux/audit | |
parent | 38ed36c8dc47880c0d429b7bfe22e723a97e01de (diff) | |
download | nixpkgs-7b4c521005a73d5b30f5947467e637e15c5c06a0.tar nixpkgs-7b4c521005a73d5b30f5947467e637e15c5c06a0.tar.gz nixpkgs-7b4c521005a73d5b30f5947467e637e15c5c06a0.tar.bz2 nixpkgs-7b4c521005a73d5b30f5947467e637e15c5c06a0.tar.lz nixpkgs-7b4c521005a73d5b30f5947467e637e15c5c06a0.tar.xz nixpkgs-7b4c521005a73d5b30f5947467e637e15c5c06a0.tar.zst nixpkgs-7b4c521005a73d5b30f5947467e637e15c5c06a0.zip |
audit: 3.1 -> 3.1.1
Diffstat (limited to 'pkgs/os-specific/linux/audit')
-rw-r--r-- | pkgs/os-specific/linux/audit/000-fix-static-attribute-malloc.diff (renamed from pkgs/os-specific/linux/audit/fix-static.patch) | 0 | ||||
-rw-r--r-- | pkgs/os-specific/linux/audit/001-ignore-flexible-array.patch | 35 | ||||
-rw-r--r-- | pkgs/os-specific/linux/audit/default.nix | 98 |
3 files changed, 91 insertions, 42 deletions
diff --git a/pkgs/os-specific/linux/audit/fix-static.patch b/pkgs/os-specific/linux/audit/000-fix-static-attribute-malloc.diff index ce76fc3b87a..ce76fc3b87a 100644 --- a/pkgs/os-specific/linux/audit/fix-static.patch +++ b/pkgs/os-specific/linux/audit/000-fix-static-attribute-malloc.diff diff --git a/pkgs/os-specific/linux/audit/001-ignore-flexible-array.patch b/pkgs/os-specific/linux/audit/001-ignore-flexible-array.patch new file mode 100644 index 00000000000..e072cc942cf --- /dev/null +++ b/pkgs/os-specific/linux/audit/001-ignore-flexible-array.patch @@ -0,0 +1,35 @@ +From beed138222421a2eb4212d83cb889404bd7efc49 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyich@gmail.com> +Date: Wed, 23 Mar 2022 07:27:05 +0000 +Subject: [PATCH] auditswig.i: avoid setter generation for audit_rule_data::buf + +As it's a flexible array generated code was never safe to use. +With kernel's https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed98ea2128b6fd83bce13716edf8f5fe6c47f574 +change it's a build failure now: + + audit> audit_wrap.c:5010:15: error: invalid use of flexible array member + audit> 5010 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); + audit> | ^ + +Let's avoid setter generation entirely. + +Closes: https://github.com/linux-audit/audit-userspace/issues/252 +--- + bindings/swig/src/auditswig.i | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i +index 21aafca31..9a2c5661d 100644 +--- a/bindings/swig/src/auditswig.i ++++ b/bindings/swig/src/auditswig.i +@@ -39,6 +39,10 @@ signed + #define __attribute(X) /*nothing*/ + typedef unsigned __u32; + typedef unsigned uid_t; ++/* Sidestep SWIG's limitation of handling c99 Flexible arrays by not: ++ * generating setters against them: https://github.com/swig/swig/issues/1699 ++ */ ++%ignore audit_rule_data::buf; + %include "/usr/include/linux/audit.h" + #define __extension__ /*nothing*/ + %include <stdint.i> diff --git a/pkgs/os-specific/linux/audit/default.nix b/pkgs/os-specific/linux/audit/default.nix index 34043ce083c..0fd96892013 100644 --- a/pkgs/os-specific/linux/audit/default.nix +++ b/pkgs/os-specific/linux/audit/default.nix @@ -1,65 +1,79 @@ -{ - lib, stdenv, buildPackages, fetchurl, fetchpatch, - runCommand, - autoreconfHook, - autoconf, automake, libtool, bash, - # Enabling python support while cross compiling would be possible, but - # the configure script tries executing python to gather info instead of - # relying on python3-config exclusively - enablePython ? stdenv.hostPlatform == stdenv.buildPlatform, python3, swig, - linuxHeaders ? stdenv.cc.libc.linuxHeaders +{ lib +, stdenv +, fetchurl +, fetchpatch +, autoreconfHook +, bash +, buildPackages +, libtool +, linuxHeaders +, python3 +, swig + +# Enabling python support while cross compiling would be possible, but the +# configure script tries executing python to gather info instead of relying on +# python3-config exclusively +, enablePython ? stdenv.hostPlatform == stdenv.buildPlatform, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "audit"; - version = "3.1"; + version = "3.1.1"; src = fetchurl { - url = "https://people.redhat.com/sgrubb/audit/audit-${version}.tar.gz"; - sha256 = "sha256-tc882rsnhsCLHeNZmjsaVH5V96n5wesgePW0TPROg3g="; + url = "https://people.redhat.com/sgrubb/audit/audit-${finalAttrs.version}.tar.gz"; + hash = "sha256-RuRrN2I8zgnm7hNOeNZor8NPThyHDIU+8S5BkweM/oc="; }; + patches = [ + ./000-fix-static-attribute-malloc.diff + ./001-ignore-flexible-array.patch + ]; + + postPatch = '' + sed -i 's,#include <sys/poll.h>,#include <poll.h>\n#include <limits.h>,' audisp/audispd.c + substituteInPlace bindings/swig/src/auditswig.i \ + --replace "/usr/include/linux/audit.h" \ + "${linuxHeaders}/include/linux/audit.h" + ''; + outputs = [ "bin" "dev" "out" "man" ]; strictDeps = true; - depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ autoreconfHook ] - ++ lib.optionals enablePython [ python3 swig ]; - buildInputs = [ bash ]; + + depsBuildBuild = [ + buildPackages.stdenv.cc + ]; + + nativeBuildInputs = [ + autoreconfHook + ] + ++ lib.optionals enablePython [ + python3 + swig + ]; + + buildInputs = [ + bash + ]; configureFlags = [ - # z/OS plugin is not useful on Linux, - # and pulls in an extra openldap dependency otherwise + # z/OS plugin is not useful on Linux, and pulls in an extra openldap + # dependency otherwise "--disable-zos-remote" - (if enablePython then "--with-python" else "--without-python") "--with-arm" "--with-aarch64" + (if enablePython then "--with-python" else "--without-python") ]; enableParallelBuilding = true; - patches = [ - ./fix-static.patch - - # Fix pending upstream inclusion for linux-headers-5.17 support: - # https://github.com/linux-audit/audit-userspace/pull/253 - (fetchpatch { - name = "ignore-flexible-array.patch"; - url = "https://github.com/linux-audit/audit-userspace/commit/beed138222421a2eb4212d83cb889404bd7efc49.patch"; - sha256 = "1hf02zaxv6x0wmn4ca9fj48y2shks7vfna43i1zz58xw9jq7sza0"; - }) - ]; - postPatch = '' - sed -i 's,#include <sys/poll.h>,#include <poll.h>\n#include <limits.h>,' audisp/audispd.c - substituteInPlace bindings/swig/src/auditswig.i \ - --replace "/usr/include/linux/audit.h" \ - "${linuxHeaders}/include/linux/audit.h" - ''; meta = { - description = "Audit Library"; homepage = "https://people.redhat.com/sgrubb/audit/"; - license = lib.licenses.gpl2; + description = "Audit Library"; + changelog = "https://github.com/linux-audit/audit-userspace/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.gpl2Plus; + maintainers = with lib.maintainers; [ AndersonTorres ]; platforms = lib.platforms.linux; - maintainers = with lib.maintainers; [ ]; }; -} +}) |