sys-process/audit: add 4.0.1

Signed-off-by: Jason Zaman <perfinion@gentoo.org>

4 files changed, 792 insertions, 0 deletions

diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest
index 32dd6e54f424..efb7e2180891 100644
--- a/sys-process/audit/Manifest
+++ b/sys-process/audit/Manifest
@@ -1,3 +1,4 @@
 DIST audit-3.1.2.tar.gz 1219860 BLAKE2B dfdec470bf12cce6c570b3d260e65e2b49e8ac0761e6a6fbf7b4f4a57f92e88367cd74bfcb88e6d718619b88fea27ce963a977c9f4346c95d18a5310e217accb SHA512 a97003a294ed3671df01e2952688e7d5eef59a35f6891feb53e67c4c7eab9ae8c2d18de41a5b5b20e0ad7156fac93aec05f32f6bc5eea706b42b6f27f676446a
 DIST audit-3.1.3.tar.gz 1225761 BLAKE2B 97ee35fc722083d541e164b27fd318ec7be2a4e4e8774767d14c6a2e800092a37b7042a272db5d208c913fb36d295c5343bd6082237caf0fb561ec3c7a2883db SHA512 7d6399ca97b171d5ea3cf7f7566bdabe9d5677a3a54c75411146dc2971106809a90d1a9cd0b1ba9b8af4cc409e6bee5876c7f2a0c54c42400fdcf9cfade58a8c
 DIST audit-3.1.4.tar.gz 1225648 BLAKE2B c6875f7d031e810469511ac8f86f05b2de7f19c044dbf67bc9d66430167fcf0f031e0279ce170a496b672a6fc99ee18b8cc39943e6faf3c19a24a381d2701439 SHA512 d26c498c91e838d97d3f199630650f509bb1e82b44d364306b20db32d4116fa73d775ef56c0fed2ec8d548b19215052691cbc80c74699bc87f2a0ea08cf664f5
+DIST audit-4.0.1.tar.gz 1194961 BLAKE2B 590abf58e672921a432348f48936cfbff0b6ddfa47e77b3b20eaa00e5d1c4ce2fc8d10c1fc1cbc19d44c09a9f7dfbca76778c94d8d340485c2bb1bb3b5a3c95a SHA512 7fbc426d0ddea340a36ceab52ac090e8e3dfb3450ebf50b478324a097f19ab4bb2cf78a2532644acb17e6114b59b8fda718affda9da62fb84181e3abf76039df
diff --git a/sys-process/audit/audit-4.0.1.ebuild b/sys-process/audit/audit-4.0.1.ebuild
new file mode 100644
index 000000000000..fead7ccba13f
--- /dev/null
+++ b/sys-process/audit/audit-4.0.1.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# As with sys-libs/libcap-ng, same maintainer in Fedora as upstream, so
+# check Fedora's packaging (https://src.fedoraproject.org/rpms/audit/tree/rawhide)
+# on bumps (or if hitting a bug) to see what they've done there.
+
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit autotools multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2+ LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="gssapi io-uring ldap python static-libs test"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	sys-libs/libcap-ng
+	gssapi? ( virtual/krb5 )
+	ldap? ( net-nds/openldap:= )
+	python? ( ${PYTHON_DEPS} )
+"
+DEPEND="
+	${RDEPEND}
+	>=sys-kernel/linux-headers-2.6.34
+	test? ( dev-libs/check )
+"
+BDEPEND="
+	python? (
+		dev-lang/swig
+		$(python_gen_cond_dep '
+			dev-python/setuptools[${PYTHON_USEDEP}]
+		' python3_12)
+	)
+"
+
+CONFIG_CHECK="~AUDIT"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	# missing on musl. Uses handrolled AC_LINK_IFELSE but fails at link time
+	# for older compilers regardless. bug #898828
+	strndupa
+)
+
+PATCHES=(
+	"${FILESDIR}/${P}-implicit-builtin-functions.patch"
+	"${FILESDIR}/${P}-null-deref.patch"
+)
+
+src_prepare() {
+	# audisp-remote moved in multilib_src_install_all
+	sed -i \
+		-e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
+		audisp/plugins/remote/au-remote.conf || die
+
+	# Disable installing sample rules so they can be installed as docs.
+	echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null || die
+
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable gssapi gssapi-krb5)
+		$(use_enable ldap zos-remote)
+		$(use_enable static-libs static)
+		$(use_with io-uring io_uring)
+		--without-golang
+		--without-libwrap
+		--without-python3
+	)
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+
+	if multilib_is_native_abi && use python; then
+		python_configure() {
+			mkdir -p "${BUILD_DIR}" || die
+			pushd "${BUILD_DIR}" &>/dev/null || die
+
+			ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" --with-python3
+
+			popd &>/dev/null || die
+		}
+
+		python_foreach_impl python_configure
+	fi
+}
+
+src_configure() {
+	tc-export_build_env BUILD_{CC,CPP}
+
+	local -x CC_FOR_BUILD="${BUILD_CC}"
+	local -x CPP_FOR_BUILD="${BUILD_CPP}"
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		default
+
+		local native_build="${BUILD_DIR}"
+
+		python_compile() {
+			emake -C "${BUILD_DIR}"/bindings/swig top_builddir="${native_build}"
+			emake -C "${BUILD_DIR}"/bindings/python/python3 top_builddir="${native_build}"
+		}
+
+		use python && python_foreach_impl python_compile
+	else
+		emake -C common
+		emake -C lib
+		emake -C auparse
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
+
+		local native_build="${BUILD_DIR}"
+
+		python_install() {
+			emake -C "${BUILD_DIR}"/bindings/swig DESTDIR="${D}" top_builddir="${native_build}" install
+			emake -C "${BUILD_DIR}"/bindings/python/python3 DESTDIR="${D}" top_builddir="${native_build}" install
+			python_optimize
+		}
+
+		use python && python_foreach_impl python_install
+
+		# Things like shadow use this so we need to be in /
+		gen_usr_ldscript -a audit auparse
+	else
+		emake -C lib DESTDIR="${D}" install
+		emake -C auparse DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc AUTHORS ChangeLog README* THANKS
+	docinto contrib
+	dodoc contrib/avc_snap
+	docinto contrib/plugin
+	dodoc contrib/plugin/*
+	docinto rules
+	dodoc rules/*rules
+
+	newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+	if [[ -f "${ED}"/sbin/audisp-remote ]] ; then
+		dodir /usr/sbin
+		mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
+	fi
+
+	# Gentoo rules
+	insinto /etc/audit
+	newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+	doins "${FILESDIR}"/audit.rules.stop*
+	keepdir /etc/audit/rules.d
+
+	# audit logs go here
+	keepdir /var/log/audit
+
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	# Security
+	lockdown_perms "${ED}"
+}
+
+pkg_postinst() {
+	lockdown_perms "${EROOT}"
+}
+
+lockdown_perms() {
+	# Upstream wants these to have restrictive perms.
+	# Should not || die as not all paths may exist.
+	local basedir="${1}"
+	chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null
+	chmod 0750 "${basedir}"/var/log/audit 2>/dev/null
+	chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null
+}
diff --git a/sys-process/audit/files/audit-4.0.1-implicit-builtin-functions.patch b/sys-process/audit/files/audit-4.0.1-implicit-builtin-functions.patch
new file mode 100644
index 000000000000..cd0f0f7e727b
--- /dev/null
+++ b/sys-process/audit/files/audit-4.0.1-implicit-builtin-functions.patch
@@ -0,0 +1,563 @@
+Backport of https://github.com/linux-audit/audit-userspace/commit/8c7eaa7ead6c70486623674c19d649f3831578ad
+
+diff -ur audit-4.0.1.orig/audisp/audispd-llist.c audit-4.0.1/audisp/audispd-llist.c
+--- audit-4.0.1.orig/audisp/audispd-llist.c
++++ audit-4.0.1/audisp/audispd-llist.c
+@@ -69,11 +69,13 @@ unsigned int plist_count_active(const co
+ 	return cnt;
+ }
+ 
+-void plist_append(conf_llist *l, plugin_conf_t *p)
++int plist_append(conf_llist *l, plugin_conf_t *p)
+ {
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	if (p) {
+ 		void *pp = malloc(sizeof(struct plugin_conf));
+@@ -94,6 +96,8 @@ void plist_append(conf_llist *l, plugin_
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ void plist_clear(conf_llist* l)
+diff -ur audit-4.0.1.orig/audisp/audispd-llist.h audit-4.0.1/audisp/audispd-llist.h
+--- audit-4.0.1.orig/audisp/audispd-llist.h
++++ audit-4.0.1/audisp/audispd-llist.h
+@@ -1,6 +1,6 @@
+ /*
+ * audispd-llist.h - Header file for ausearch-conf_llist.c
+-* Copyright (c) 2007,2013 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2007,2013 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -51,7 +51,7 @@ unsigned int plist_count_active(const co
+ void plist_last(conf_llist *l);
+ lnode *plist_next(conf_llist *l);
+ static inline lnode *plist_get_cur(conf_llist *l) { return l->cur; }
+-void plist_append(conf_llist *l, plugin_conf_t *p);
++int plist_append(conf_llist *l, plugin_conf_t *p);
+ void plist_clear(conf_llist* l);
+ void plist_mark_all_unchecked(conf_llist* l);
+ lnode *plist_find_unchecked(conf_llist* l);
+diff -ur audit-4.0.1.orig/auparse/normalize-llist.c audit-4.0.1/auparse/normalize-llist.c
+--- audit-4.0.1.orig/auparse/normalize-llist.c
++++ audit-4.0.1/auparse/normalize-llist.c
+@@ -1,6 +1,6 @@
+ /*
+  * normalize-llist.c - Minimal linked list library
+- * Copyright (c) 2016-17 Red Hat Inc., Durham, North Carolina.
++ * Copyright (c) 2016-17 Red Hat Inc.
+  * All Rights Reserved. 
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -61,11 +61,14 @@ data_node *cllist_next(cllist *l)
+ 	return l->cur;
+ }
+ 
+-void cllist_append(cllist *l, uint32_t num, void *data)
++// Returns 0 on success and 1 on error
++int cllist_append(cllist *l, uint32_t num, void *data)
+ {
+ 	data_node *newnode;
+ 
+ 	newnode = malloc(sizeof(data_node));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	newnode->num = num;
+ 	newnode->data = data;
+@@ -80,5 +83,6 @@ void cllist_append(cllist *l, uint32_t n
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++	return 0;
+ }
+ 
+diff -ur audit-4.0.1.orig/auparse/normalize-llist.h audit-4.0.1/auparse/normalize-llist.h
+--- audit-4.0.1.orig/auparse/normalize-llist.h
++++ audit-4.0.1/auparse/normalize-llist.h
+@@ -1,6 +1,6 @@
+ /*
+  * normalize-llist.h - Header file for normalize-llist.c
+- * Copyright (c) 2016-17 Red Hat Inc., Durham, North Carolina.
++ * Copyright (c) 2016-17 Red Hat Inc.
+  * All Rights Reserved.
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -53,7 +53,7 @@ AUDIT_HIDDEN_START
+ void cllist_create(cllist *l, void (*cleanup)(void *));
+ void cllist_clear(cllist* l);
+ data_node *cllist_next(cllist *l);
+-void cllist_append(cllist *l, uint32_t num, void *data);
++int cllist_append(cllist *l, uint32_t num, void *data);
+ 
+ AUDIT_HIDDEN_END
+ 
+diff -ur audit-4.0.1.orig/auparse/normalize.c audit-4.0.1/auparse/normalize.c
+--- audit-4.0.1.orig/auparse/normalize.c
++++ audit-4.0.1/auparse/normalize.c
+@@ -179,7 +179,8 @@ static unsigned int add_subj_attr(aupars
+ 	if ((auparse_find_field(au, str))) {
+ 		attr = set_record(0, rnum);
+ 		attr = set_field(attr, auparse_get_field_num(au));
+-		cllist_append(&D.actor.attr, attr, NULL);
++		if (cllist_append(&D.actor.attr, attr, NULL))
++			return 1;
+ 		return 0;
+ 	} else
+ 		auparse_goto_record_num(au, rnum);
+@@ -224,7 +225,8 @@ static unsigned int add_obj_attr(auparse
+ 	if ((auparse_find_field(au, str))) {
+ 		attr = set_record(0, rnum);
+ 		attr = set_field(attr, auparse_get_field_num(au));
+-		cllist_append(&D.thing.attr, attr, NULL);
++		if (cllist_append(&D.thing.attr, attr, NULL))
++			return 1;
+ 		return 0;
+ 	} else
+ 		auparse_goto_record_num(au, rnum);
+@@ -360,21 +362,23 @@ static void collect_id_obj2(auparse_stat
+ 	}
+ }
+ 
+-static void collect_path_attrs(auparse_state_t *au)
++static int collect_path_attrs(auparse_state_t *au)
+ {
+ 	value_t attr;
+ 	unsigned int rnum = auparse_get_record_num(au);
+ 
+ 	auparse_first_field(au);
+ 	if (add_obj_attr(au, "mode", rnum))
+-		return;	// Failed opens don't have anything else
++		return 1;	// Failed opens don't have anything else
+ 
+ 	// All the rest of the fields matter
+ 	while ((auparse_next_field(au))) {
+ 		attr = set_record(0, rnum);
+ 		attr = set_field(attr, auparse_get_field_num(au));
+-		cllist_append(&D.thing.attr, attr, NULL);
++		if (cllist_append(&D.thing.attr, attr, NULL))
++			return 1;
+ 	}
++	return 0;
+ }
+ 
+ static void collect_cwd_attrs(auparse_state_t *au)
+diff -ur audit-4.0.1.orig/src/auditctl-llist.c audit-4.0.1/src/auditctl-llist.c
+--- audit-4.0.1.orig/src/auditctl-llist.c
++++ audit-4.0.1/src/auditctl-llist.c
+@@ -1,7 +1,7 @@
+ /*
+ * ausearch-llist.c - Minimal linked list library
+-* Copyright (c) 2005 Red Hat Inc., Durham, North Carolina.
+-* All Rights Reserved. 
++* Copyright (c) 2005 Red Hat Inc.
++* All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+ * terms of the GNU General Public License as published by the Free
+@@ -15,7 +15,7 @@
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING. If not, write to the
+-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 
++* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
+ * Boston, MA 02110-1335, USA.
+ *
+ * Authors:
+@@ -59,11 +59,13 @@ lnode *list_next(llist *l)
+ 	return l->cur;
+ }
+ 
+-void list_append(llist *l, const struct audit_rule_data *r, size_t sz)
++int list_append(llist *l, const struct audit_rule_data *r, size_t sz)
+ {
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	if (r) {
+ 		void *rr = malloc(sz);
+@@ -85,6 +87,8 @@ void list_append(llist *l, const struct
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ void list_clear(llist* l)
+diff -ur audit-4.0.1.orig/src/auditctl-llist.h audit-4.0.1/src/auditctl-llist.h
+--- audit-4.0.1.orig/src/auditctl-llist.h
++++ audit-4.0.1/src/auditctl-llist.h
+@@ -1,6 +1,6 @@
+ /*
+ * auditctl-llist.h - Header file for ausearch-llist.c
+-* Copyright (c) 2005 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2005 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -50,7 +50,7 @@ void list_first(llist *l);
+ void list_last(llist *l);
+ lnode *list_next(llist *l);
+ static inline lnode *list_get_cur(const llist *l) { return l->cur; }
+-void list_append(llist *l, const struct audit_rule_data *r, size_t sz);
++int list_append(llist *l, const struct audit_rule_data *r, size_t sz);
+ void list_clear(llist* l);
+ 
+ #endif
+diff -ur audit-4.0.1.orig/src/ausearch-avc.c audit-4.0.1/src/ausearch-avc.c
+--- audit-4.0.1.orig/src/ausearch-avc.c
++++ audit-4.0.1/src/ausearch-avc.c
+@@ -1,7 +1,7 @@
+ /*
+ * ausearch-avc.c - Minimal linked list library for avcs
+-* Copyright (c) 2006,2008,2014 Red Hat Inc., Durham, North Carolina.
+-* All Rights Reserved. 
++* Copyright (c) 2006,2008,2014 Red Hat Inc.
++* All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+ * terms of the GNU General Public License as published by the Free
+@@ -15,7 +15,7 @@
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING. If not, write to the
+-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 
++* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
+ * Boston, MA 02110-1335, USA.
+ *
+ * Authors:
+@@ -62,11 +62,13 @@ static void alist_last(alist *l)
+ 	l->cur = cur;
+ }
+ 
+-void alist_append(alist *l, anode *node)
++int alist_append(alist *l, anode *node)
+ {
+ 	anode* newnode;
+ 
+ 	newnode = malloc(sizeof(anode));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	if (node->scontext)
+ 		newnode->scontext = node->scontext;
+@@ -104,6 +106,8 @@ void alist_append(alist *l, anode *node)
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ int alist_find_subj(alist *l)
+diff -ur audit-4.0.1.orig/src/ausearch-avc.h audit-4.0.1/src/ausearch-avc.h
+--- audit-4.0.1.orig/src/ausearch-avc.h
++++ audit-4.0.1/src/ausearch-avc.h
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-avc.h - Header file for ausearch-string.c
+-* Copyright (c) 2006,2008 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2006,2008 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -54,7 +54,7 @@ void alist_create(alist *l);
+ static inline void alist_first(alist *l) { l->cur = l->head; }
+ anode *alist_next(alist *l);
+ static inline anode *alist_get_cur(const alist *l) { return l->cur; }
+-void alist_append(alist *l, anode *node);
++int alist_append(alist *l, anode *node);
+ void anode_init(anode *an);
+ void anode_clear(anode *an);
+ void alist_clear(alist* l);
+diff -ur audit-4.0.1.orig/src/ausearch-int.c audit-4.0.1/src/ausearch-int.c
+--- audit-4.0.1.orig/src/ausearch-int.c
++++ audit-4.0.1/src/ausearch-int.c
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-int.c - Minimal linked list library for integers
+-* Copyright (c) 2005,2008 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2005,2008 Red Hat Inc.
+ * All Rights Reserved. 
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -41,11 +41,13 @@ int_node *ilist_next(ilist *l)
+ 	return l->cur;
+ }
+ 
+-void ilist_append(ilist *l, int num, unsigned int hits, int aux)
++int ilist_append(ilist *l, int num, unsigned int hits, int aux)
+ {
+ 	int_node* newnode;
+ 
+ 	newnode = malloc(sizeof(int_node));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	newnode->num = num;
+ 	newnode->hits = hits;
+@@ -61,6 +63,8 @@ void ilist_append(ilist *l, int num, uns
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ void ilist_clear(ilist* l)
+diff -ur audit-4.0.1.orig/src/ausearch-int.h audit-4.0.1/src/ausearch-int.h
+--- audit-4.0.1.orig/src/ausearch-int.h
++++ audit-4.0.1/src/ausearch-int.h
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-int.h - Header file for ausearch-int.c
+-* Copyright (c) 2005,2008 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2005,2008 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -48,7 +48,7 @@ void ilist_create(ilist *l);
+ static inline void ilist_first(ilist *l) { l->cur = l->head; }
+ int_node *ilist_next(ilist *l);
+ static inline int_node *ilist_get_cur(const ilist *l) { return l->cur; }
+-void ilist_append(ilist *l, int num, unsigned int hits, int aux);
++int ilist_append(ilist *l, int num, unsigned int hits, int aux);
+ void ilist_clear(ilist* l);
+ 
+ /* append a number if its not already on the list */
+diff -ur audit-4.0.1.orig/src/ausearch-llist.c audit-4.0.1/src/ausearch-llist.c
+--- audit-4.0.1.orig/src/ausearch-llist.c
++++ audit-4.0.1/src/ausearch-llist.c
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-llist.c - Minimal linked list library
+-* Copyright (c) 2005-2008,2011,2016 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2005-2008,2011,2016 Red Hat Inc.
+ * Copyright (c) 2011 IBM Corp.
+ * All Rights Reserved. 
+ *
+@@ -102,11 +102,13 @@ lnode *list_prev(llist *l)
+ 	return l->cur;
+ }
+ 
+-void list_append(llist *l, lnode *node)
++int list_append(llist *l, lnode *node)
+ {
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	if (node->message)
+ 		newnode->message = node->message;
+@@ -119,7 +121,7 @@ void list_append(llist *l, lnode *node)
+ 	newnode->type = node->type;
+ 	newnode->a0 = node->a0;
+ 	newnode->a1 = node->a1;
+-	newnode->item = l->cnt; 
++	newnode->item = l->cnt;
+ 	newnode->next = NULL;
+ 
+ 	// if we are at top, fix this up
+@@ -131,6 +133,8 @@ void list_append(llist *l, lnode *node)
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ int list_find_item(llist *l, unsigned int i)
+diff -ur audit-4.0.1.orig/src/ausearch-llist.h audit-4.0.1/src/ausearch-llist.h
+--- audit-4.0.1.orig/src/ausearch-llist.h
++++ audit-4.0.1/src/ausearch-llist.h
+@@ -107,7 +107,7 @@ void list_last(llist *l);
+ lnode *list_next(llist *l);
+ lnode *list_prev(llist *l);
+ static inline lnode *list_get_cur(llist *l) { return l->cur; }
+-void list_append(llist *l, lnode *node);
++int list_append(llist *l, lnode *node);
+ void list_clear(llist* l);
+ int list_get_event(llist* l, event *e);
+ 
+diff -ur audit-4.0.1.orig/src/ausearch-nvpair.c audit-4.0.1/src/ausearch-nvpair.c
+--- audit-4.0.1.orig/src/ausearch-nvpair.c
++++ audit-4.0.1/src/ausearch-nvpair.c
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-nvpair.c - Minimal linked list library for name-value pairs
+-* Copyright (c) 2006-08 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2006-08 Red Hat Inc.
+ * All Rights Reserved. 
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -34,9 +34,11 @@ void search_list_create(nvlist *l)
+ 	l->cnt = 0;
+ }
+ 
+-void search_list_append(nvlist *l, nvnode *node)
++int search_list_append(nvlist *l, nvnode *node)
+ {
+ 	nvnode* newnode = malloc(sizeof(nvnode));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	newnode->name = node->name;
+ 	newnode->val = node->val;
+@@ -54,6 +56,8 @@ void search_list_append(nvlist *l, nvnod
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ int search_list_find_val(nvlist *l, long val)
+diff -ur audit-4.0.1.orig/src/ausearch-nvpair.h audit-4.0.1/src/ausearch-nvpair.h
+--- audit-4.0.1.orig/src/ausearch-nvpair.h
++++ audit-4.0.1/src/ausearch-nvpair.h
+@@ -1,6 +1,6 @@
+ /*
+ * ausearch-nvpair.h - Header file for ausearch-nvpair.c
+-* Copyright (c) 2006-08 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2006-08 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -46,7 +46,7 @@ typedef struct {
+ 
+ void search_list_create(nvlist *l);
+ static inline nvnode *search_list_get_cur(nvlist *l) { return l->cur; }
+-void search_list_append(nvlist *l, nvnode *node);
++int search_list_append(nvlist *l, nvnode *node);
+ void search_list_clear(nvlist* l);
+ 
+ /* Given a numeric index, find that record. */
+diff -ur audit-4.0.1.orig/src/ausearch-string.c audit-4.0.1/src/ausearch-string.c
+--- audit-4.0.1.orig/src/ausearch-string.c
++++ audit-4.0.1/src/ausearch-string.c
+@@ -44,11 +44,13 @@ snode *slist_next(slist *l)
+ 	return l->cur;
+ }
+ 
+-void slist_append(slist *l, const snode *node)
++int slist_append(slist *l, const snode *node)
+ {
+ 	snode* newnode;
+ 
+ 	newnode = malloc(sizeof(snode));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	if (node->str)
+ 		newnode->str = node->str;
+@@ -75,6 +77,8 @@ void slist_append(slist *l, const snode
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ void slist_clear(slist* l)
+diff -ur audit-4.0.1.orig/src/ausearch-string.h audit-4.0.1/src/ausearch-string.h
+--- audit-4.0.1.orig/src/ausearch-string.h
++++ audit-4.0.1/src/ausearch-string.h
+@@ -49,7 +49,7 @@ void slist_create(slist *l);
+ static inline void slist_first(slist *l) { l->cur = l->head; }
+ snode *slist_next(slist *l);
+ static inline snode *slist_get_cur(const slist *l) { return l->cur; }
+-void slist_append(slist *l, const snode *node);
++int slist_append(slist *l, const snode *node);
+ void slist_clear(slist* l);
+ 
+ /* append a string if its not already on the list */
+diff -ur audit-4.0.1.orig/tools/aulastlog/aulastlog-llist.c audit-4.0.1/tools/aulastlog/aulastlog-llist.c
+--- audit-4.0.1.orig/tools/aulastlog/aulastlog-llist.c
++++ audit-4.0.1/tools/aulastlog/aulastlog-llist.c
+@@ -1,7 +1,7 @@
+ /*
+ * aulastlog-llist.c - Minimal linked list library
+-* Copyright (c) 2008 Red Hat Inc., Durham, North Carolina.
+-* All Rights Reserved. 
++* Copyright (c) 2008 Red Hat Inc..
++* All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+ * terms of the GNU General Public License as published by the Free
+@@ -15,7 +15,7 @@
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING. If not, write to the
+-* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor 
++* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor
+ * Boston, MA 02110-1335, USA.
+ *
+ * Authors:
+@@ -41,11 +41,13 @@ lnode *list_next(llist *l)
+ 	return l->cur;
+ }
+ 
+-void list_append(llist *l, lnode *node)
++int list_append(llist *l, lnode *node)
+ {
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL)
++		return 1;
+ 
+ 	newnode->sec = node->sec;
+ 	newnode->uid = node->uid;
+@@ -58,7 +60,7 @@ void list_append(llist *l, lnode *node)
+ 		newnode->term = strdup(node->term);
+ 	else
+ 		newnode->term = NULL;
+-	newnode->item = l->cnt; 
++	newnode->item = l->cnt;
+ 	newnode->next = NULL;
+ 
+ 	// if we are at top, fix this up
+@@ -70,6 +72,8 @@ void list_append(llist *l, lnode *node)
+ 	// make newnode current
+ 	l->cur = newnode;
+ 	l->cnt++;
++
++	return 0;
+ }
+ 
+ void list_clear(llist* l)
+diff -ur audit-4.0.1.orig/tools/aulastlog/aulastlog-llist.h audit-4.0.1/tools/aulastlog/aulastlog-llist.h
+--- audit-4.0.1.orig/tools/aulastlog/aulastlog-llist.h
++++ audit-4.0.1/tools/aulastlog/aulastlog-llist.h
+@@ -1,6 +1,6 @@
+ /*
+ * aulastlog-llist.h - Header file for aulastlog-llist.c
+-* Copyright (c) 2008 Red Hat Inc., Durham, North Carolina.
++* Copyright (c) 2008 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This software may be freely redistributed and/or modified under the
+@@ -53,7 +53,7 @@ static inline void list_first(llist *l)
+ lnode *list_next(llist *l);
+ static inline lnode *list_get_cur(llist *l) { return l->cur; }
+ static inline unsigned int list_get_cnt(llist *l) { return l->cnt; }
+-void list_append(llist *l, lnode *node);
++int list_append(llist *l, lnode *node);
+ void list_clear(llist* l);
+ int list_update_login(llist* l, time_t t);
+ int list_update_host(llist* l, const char *h);
diff --git a/sys-process/audit/files/audit-4.0.1-null-deref.patch b/sys-process/audit/files/audit-4.0.1-null-deref.patch
new file mode 100644
index 000000000000..c18322ad2797
--- /dev/null
+++ b/sys-process/audit/files/audit-4.0.1-null-deref.patch
@@ -0,0 +1,35 @@
+From 4780cd1a790286213dda646f782fa7128fb092a9 Mon Sep 17 00:00:00 2001
+From: Yugend <77495782+Yugend@users.noreply.github.com>
+Date: Sat, 4 May 2024 00:39:36 +0300
+Subject: [PATCH] avoiding of NULL pointers dereference (#366)
+
+---
+ src/ausearch-parse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index 1a5b047f3..be57606bd 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -719,6 +719,10 @@ static int common_path_parser(search_items *s, char *path)
+ 			// append
+ 			snode sn;
+ 			sn.str = strdup(path);
++			if (sn.str == NULL) {
++				fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__);
++				return 8;
++			}
+ 			sn.key = NULL;
+ 			sn.hits = 1;
+ 			// Attempt to rebuild path if relative
+@@ -1217,6 +1221,10 @@ static int parse_user(const lnode *n, search_items *s, anode *avc)
+ 			saved = *term;
+ 			*term = 0;
+ 			s->hostname = strdup(str);
++			if (s->hostname == NULL) {
++				fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__);
++				return 33;
++			}
+ 			*term = saved;
+ 
+ 			// Lets see if there is something more