diff --git a/bash-3.2-audit.patch b/bash-3.2-audit.patch new file mode 100644 index 0000000..f1046fd --- /dev/null +++ b/bash-3.2-audit.patch @@ -0,0 +1,104 @@ +--- bash-3.2/lib/readline/readline.c.audit 2008-01-18 13:06:25.000000000 +0100 ++++ bash-3.2/lib/readline/readline.c 2008-01-18 13:06:25.000000000 +0100 +@@ -55,6 +55,12 @@ + extern int errno; + #endif /* !errno */ + ++#if defined (HAVE_DECL_AUDIT_USER_TTY) ++# include ++# include ++# include ++#endif ++ + /* System-specific feature definitions and include files. */ + #include "rldefs.h" + #include "rlmbutil.h" +@@ -292,7 +298,47 @@ + rl_visible_prompt_length = rl_expand_prompt (rl_prompt); + return 0; + } +- ++ ++#if defined (HAVE_DECL_AUDIT_USER_TTY) ++/* Report STRING to the audit system. */ ++static void ++audit_tty (char *string) ++{ ++ struct sockaddr_nl addr; ++ struct msghdr msg; ++ struct nlmsghdr nlm; ++ struct iovec iov[2]; ++ size_t size; ++ int fd; ++ ++ size = strlen (string) + 1; ++ fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT); ++ if (fd < 0) ++ return; ++ nlm.nlmsg_len = NLMSG_LENGTH (size); ++ nlm.nlmsg_type = AUDIT_USER_TTY; ++ nlm.nlmsg_flags = NLM_F_REQUEST; ++ nlm.nlmsg_seq = 0; ++ nlm.nlmsg_pid = 0; ++ iov[0].iov_base = &nlm; ++ iov[0].iov_len = sizeof (nlm); ++ iov[1].iov_base = string; ++ iov[1].iov_len = size; ++ addr.nl_family = AF_NETLINK; ++ addr.nl_pid = 0; ++ addr.nl_groups = 0; ++ msg.msg_name = &addr; ++ msg.msg_namelen = sizeof (addr); ++ msg.msg_iov = iov; ++ msg.msg_iovlen = 2; ++ msg.msg_control = NULL; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++ (void)sendmsg (fd, &msg, 0); ++ close (fd); ++} ++#endif ++ + /* Read a line of input. Prompt with PROMPT. An empty PROMPT means + none. A return value of NULL means that EOF was encountered. */ + char * +@@ -326,6 +372,11 @@ + rl_clear_signals (); + #endif + ++#if defined (HAVE_DECL_AUDIT_USER_TTY) ++ if (value != NULL) ++ audit_tty (value); ++#endif ++ + return (value); + } + +--- bash-3.2/configure.in.audit 2008-01-18 13:06:25.000000000 +0100 ++++ bash-3.2/configure.in 2008-01-18 13:06:25.000000000 +0100 +@@ -871,6 +871,8 @@ + BASH_SYS_PGRP_SYNC + BASH_SYS_SIGNAL_VINTAGE + ++AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include ]]) ++ + dnl checking for the presence of certain library symbols + BASH_SYS_ERRLIST + BASH_SYS_SIGLIST +--- bash-3.2/config.h.in.audit 2008-01-18 13:06:25.000000000 +0100 ++++ bash-3.2/config.h.in 2008-01-18 13:10:19.000000000 +0100 +@@ -1058,6 +1058,14 @@ + + /* End additions for lib/intl */ + ++ ++/* Additions for lib/readline */ ++ ++/* Define if you have and it defines AUDIT_USER_TTY */ ++#undef HAVE_DECL_AUDIT_USER_TTY ++ ++/* End additions for lib/readline */ ++ + #include "config-bot.h" + + #endif /* _CONFIG_H_ */ diff --git a/bash.spec b/bash.spec index 717bd13..7f847a8 100644 --- a/bash.spec +++ b/bash.spec @@ -1,7 +1,7 @@ Version: 3.2 Name: bash Summary: The GNU Bourne Again shell (bash) version %{version} -Release: 29%{?dist} +Release: 30%{?dist} Group: System Environment/Shells License: GPLv2+ Url: http://www.gnu.org/software/bash @@ -76,6 +76,7 @@ Patch140: bash-3.2-man-page-suspend.patch Patch141: bash-3.2-patch035.patch Patch142: bash-3.2-execve_catch_signals.patch Patch143: bash-3.2-ssh_source_bash.patch +Patch144: bash-3.2-audit.patch Requires(post): ncurses-libs BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -163,6 +164,7 @@ compliance over previous versions. %patch140 -p1 -b .man-page-suspend %patch142 -p1 -b .execve_catch_signals %patch143 -p1 -b .ssh_source_bash +%patch144 -p1 -b .audit echo %{version} > _distribution echo %{release} > _patchlevel @@ -304,6 +306,10 @@ fi %doc doc/*.ps doc/*.0 doc/*.html doc/article.txt %changelog +* Mon Dec 15 2008 Roman Rakus - 3.2-30 +- Enabling auditing + Resolves: #476216 + * Tue Oct 28 2008 Jesse Keating - 3.2-29 - Add the Requires(post) back for ncurses-libs, so that rpm knows where to break the loop. The post actually does require the curses