!156 backport patches to fix bugs

From: @fangxiuning 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001

audit.spec

@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.0.1
-Release:            13
+Release:            18
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -60,6 +60,29 @@ Patch48:         backport-Avoid-file-descriptor-leaks-in-multi-threaded-applic.p
 Patch49:         backport-fix-the-use-of-isdigit-everywhere.patch
 Patch50:         backport-Fix-new-warnings-for-unused-results.patch
 Patch51:         backport-Change-the-first-iteration-test-so-static-analysis-b.patch
+Patch52:         backport-Consolidate-end-of-event-detection-to-a-common-funct.patch
+Patch53:         backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch
+Patch54:         backport-lib-avoid-UB-on-sequence-wrap-around-347.patch
+Patch55:         backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch
+Patch56:         backport-Cleanup-shell-script-warnings.patch
+Patch57:         backport-Solve-issue-363-by-moving-check-to-after-load_config.patch
+Patch58:         backport-first-part-of-NULL-pointer-checks.patch
+Patch59:         backport-second-part-of-NULL-pointer-checks.patch
+Patch60:         backport-last-part-of-NULL-pointer-checks.patch
+Patch61:         backport-Fixed-NULL-checks.patch
+Patch62:         backport-update-error-messages-in-NULL-Checks.patch
+Patch63:         backport-adding-the-file-descriptor-closure.patch
+Patch64:         backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch
+Patch65:         backport-Use-atomic_int-if-available-for-signal-related-flags.patch
+Patch66:         backport-Use-atomic_uint-if-available-for-signal-related-flag.patch
+Patch67:         backport-avoiding-of-NULL-pointers-dereference-366.patch
+Patch68:         backport-Cleanup-code-in-LRU.patch
+Patch69:         backport-Fix-memory-leaks.patch
+Patch70:         backport-fix-one-more-leak.patch
+Patch71:         backport-Correct-output-when-displaying-rules-with-exe-path-d.patch
+Patch72:         backport-ausearch-format-Fix-display-of-renamed-file-411.patch
+Patch73:         backport-Fix-a-maybe-uninitialized-warning.patch
+Patch74:         backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -395,6 +418,21 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Tue Feb 25 2025 fangxiuning <fangxiuning@huawei.com> - 1:3.0.1-18
+- backport patches to fix bug
+
+* Wed Dec 11 2024 wangjiang <app@cameyan.coom> - 1:3.0.1-17
+- backport patches to fix bug
+
+* Sat Aug 24 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-16
+- backport patches to fix bug
+
+* Wed Jun 19 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-15
+- backport patches from upstream
+
+* Tue Mar 19 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-14
+- backport patches from upstream
+
 * Thu Feb 1 2024 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-13
 - backport patches from upstream
 

backport-Change-python-bindings-to-switch-from-PyEval_CallObj.patch

@@ -0,0 +1,29 @@
+From cd7599210fe398360ddb81c0c2453a085d408089 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Mon, 19 Feb 2024 10:50:42 -0500
+Subject: [PATCH] Change python bindings to switch from PyEval_CallObject on
+ 3.12 and later to silence warning
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/cd7599210fe398360ddb81c0c2453a085d408089
+Conflict:NA
+
+---
+ bindings/python/auparse_python.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bindings/python/auparse_python.c b/bindings/python/auparse_python.c
+index 99d37cca..9ab919b3 100644
+--- a/bindings/python/auparse_python.c
++++ b/bindings/python/auparse_python.c
+@@ -290,7 +290,7 @@ static void auparse_callback(auparse_state_t *au,
+     if (debug) printf("<< auparse_callback\n");
+     arglist = Py_BuildValue("OiO", cb->py_AuParser, cb_event_type,
+ 			    cb->user_data);
+-#if PY_MINOR_VERSION >= 13
++#if PY_MINOR_VERSION >= 12
+     result = PyObject_CallObject(cb->func, arglist);
+ #else
+     result = PyEval_CallObject(cb->func, arglist);
+-- 
+2.33.0
+

backport-Cleanup-code-in-LRU.patch

@@ -0,0 +1,77 @@
+From 4939b8541322cbf3a53affc28e71ce53d92f121f Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Fri, 3 May 2024 17:50:35 -0400
+Subject: [PATCH] Cleanup code in LRU
+
+Dont dereference anything until after checking if the queue is not empty.
+Also, leave a note disputing static analysis thinking there is a use after
+free destroying the queue.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/4939b8541322cbf3a53affc28e71ce53d92f121f
+Conflict:NA
+
+---
+ auparse/lru.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/auparse/lru.c b/auparse/lru.c
+index 05c4088d..f30bcf41 100644
+--- a/auparse/lru.c
++++ b/auparse/lru.c
+@@ -116,6 +116,11 @@ static void destroy_queue(Queue *queue)
+ 	dump_queue_stats(queue);
+ #endif
+ 
++	// Some static analysis scanners try to flag this as a use after
++	// free accessing queue->end. This is a false positive. It is freed.
++	// However, static analysis apps are incapable of seeing that in
++	// remove_node, end is updated to a prior node as part of detaching
++	// the current end node.
+ 	while (queue->count)
+ 		dequeue(queue);
+ 
+@@ -252,34 +257,33 @@ out:
+ 	sanity_check_queue(queue, "2 remove_node");
+ }
+ 
+-// Remove from the end of the queue 
++// Remove from the end of the queue
+ static void dequeue(Queue *queue)
+ {
+-	QNode *temp = queue->end;
+-
+ 	if (queue_is_empty(queue))
+ 		return;
+ 
++	QNode *temp = queue->end;
+ 	remove_node(queue, queue->end);
+ 
+ //	if (queue->cleanup)
+ //		queue->cleanup(temp->str); 
+ 	free(temp->str);
+ 	free(temp);
+- 
++
+ 	// decrement the total of full slots by 1
+ 	queue->count--;
+ }
+- 
++
+ // Remove front of the queue because its a mismatch
+ void lru_evict(Queue *queue, unsigned int key)
+ {
++	if (queue_is_empty(queue))
++		return;
++
+ 	Hash *hash = queue->hash;
+ 	QNode *temp = queue->front;
+ 
+-	if (queue_is_empty(queue))
+-		return;
+- 
+ 	hash->array[key] = NULL;
+ 	remove_node(queue, queue->front);
+ 
+-- 
+2.33.0
+

backport-Cleanup-shell-script-warnings.patch

@@ -0,0 +1,107 @@
+From 79c1212ff38254a961c27d8eb10bc766e412ffe9 Mon Sep 17 00:00:00 2001                                                                                            
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Fri, 23 Feb 2024 12:26:05 -0500
+Subject: [PATCH] Cleanup shell script warnings
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/79c1212ff38254a961c27d8eb10bc766e412ffe9
+Conflict:init.d/augenrules,init.d/auditd.state
+
+---
+ init.d/auditd.reload | 2 +-
+ init.d/auditd.resume | 2 +-
+ init.d/auditd.rotate | 2 +-
+ init.d/auditd.state  | 4 ++--
+ init.d/auditd.stop   | 2 +-
+ init.d/augenrules    | 2 +-
+ 6 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/init.d/auditd.reload b/init.d/auditd.reload
+index 9c30295..2ea8f7e 100644
+--- a/init.d/auditd.reload
++++ b/init.d/auditd.reload
+@@ -3,7 +3,7 @@
+ # directly supported by systemd
+ 
+ # Check that we are root ... so non-root users stop here
+-test $(id -u) = 0  ||  exit 4
++test "$(id -u)" = "0"  ||  exit 4
+ 
+ PATH=/sbin:/bin:/usr/bin:/usr/sbin
+ prog="auditd"
+diff --git a/init.d/auditd.resume b/init.d/auditd.resume
+index f1d2157..23219bc 100644
+--- a/init.d/auditd.resume
++++ b/init.d/auditd.resume
+@@ -3,7 +3,7 @@
+ # directly supported by systemd
+ 
+ # Check that we are root ... so non-root users stop here
+-test $(id -u) = 0  ||  exit 4
++test "$(id -u)" = "0"  ||  exit 4
+ 
+ PATH=/sbin:/bin:/usr/bin:/usr/sbin
+ prog="auditd"
+diff --git a/init.d/auditd.rotate b/init.d/auditd.rotate
+index 2b13cf7..0764ac0 100644
+--- a/init.d/auditd.rotate
++++ b/init.d/auditd.rotate
+@@ -3,7 +3,7 @@
+ # directly supported by systemd
+ 
+ # Check that we are root ... so non-root users stop here
+-test $(id -u) = 0  ||  exit 4
++test "$(id -u)" = "0"  ||  exit 4
+ 
+ PATH=/sbin:/bin:/usr/bin:/usr/sbin
+ prog="auditd"
+diff --git a/init.d/auditd.state b/init.d/auditd.state
+index c7e291e..c93df8b 100644
+--- a/init.d/auditd.state
++++ b/init.d/auditd.state
+@@ -3,7 +3,7 @@
+ # directly supported by systemd
+ 
+ # Check that we are root ... so non-root users stop here
+-test $(id -u) = 0  ||  exit 4
++test "$(id -u)" = "0"  ||  exit 4
+ 
+ PATH=/sbin:/bin:/usr/bin:/usr/sbin
+ prog="auditd"
+@@ -15,7 +15,7 @@ killproc $prog -CONT
+ RETVAL=$?
+ echo -e "\n"
+ sleep 1
+-if [ $? -eq 0 ] ; then
++if [ $RETVAL -eq 0 ] ; then
+ 	if [ -e $state_file ] ; then
+ 		cat $state_file
+ 	fi
+diff --git a/init.d/auditd.stop b/init.d/auditd.stop
+index ed8207b..08db366 100644
+--- a/init.d/auditd.stop
++++ b/init.d/auditd.stop
+@@ -3,7 +3,7 @@
+ # directly supported by systemd
+ 
+ # Check that we are root ... so non-root users stop here
+-test $(id -u) = 0  ||  exit 4
++test "$(id -u)" = "0"  ||  exit 4
+ 
+ PATH=/sbin:/bin:/usr/bin:/usr/sbin
+ prog="auditd"
+diff --git a/init.d/augenrules b/init.d/augenrules
+index d482d2e..7a512bf 100644
+--- a/init.d/augenrules
++++ b/init.d/augenrules
+@@ -35,7 +35,7 @@ RETVAL=0
+ usage="Usage: $0 [--check|--load]"
+ 
+ # Delete the interim file on faults
+-trap 'rm -f ${TmpRules}; exit 1' 1 2 3 13 15
++trap 'rm -f ${TmpRules}; exit 1' HUP INT QUIT PIPE TERM
+ 
+ try_load() {
+ 	if [ $LoadRules -eq 1 ] ; then
+-- 
+2.33.0
+

backport-Consolidate-end-of-event-detection-to-a-common-funct.patch

@@ -0,0 +1,143 @@
+From 6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Sat, 26 Aug 2023 08:52:25 -0400
+Subject: [PATCH] Consolidate end of event detection to a common function
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/6dabe8de1c502b4bcd0ad945f6d7636d5aeb9fed
+Conflict:ChangeLog,auparse/auparse.c,common/common.h
+
+---
+ auparse/auparse.c  |  9 +--------
+ common/Makefile.am |  2 +-
+ common/common.c    | 43 +++++++++++++++++++++++++++++++++++++++++++
+ common/common.h    |  3 ++-
+ src/ausearch-lol.c |  9 ++-------
+ 5 files changed, 49 insertions(+), 17 deletions(-)
+ create mode 100644 common/common.c
+
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index 474e536..afc6741 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -293,14 +293,7 @@ static void au_check_events(auparse_state_t *au, time_t sec)
+                         if (cur->l->e.sec + eoe_timeout <= sec) {
+                                 cur->status = EBS_COMPLETE;
+ 				au->au_ready++;
+-                        } else if ( // FIXME: Check this v remains true
+-				r->type == AUDIT_PROCTITLE ||
+-				r->type == AUDIT_EOE || 
+-				r->type < AUDIT_FIRST_EVENT ||
+-				r->type >= AUDIT_FIRST_ANOM_MSG ||
+-				r->type == AUDIT_KERNEL ||
+-				(r->type >= AUDIT_MAC_UNLBL_ALLOW &&
+-                                 r->type <= AUDIT_MAC_CALIPSO_DEL)) {
++                        } else if (audit_is_last_record(r->type)) {
+                                 // If known to be 1 record event, we are done
+ 				cur->status = EBS_COMPLETE;
+ 				au->au_ready++;
+diff --git a/common/Makefile.am b/common/Makefile.am
+index 8b9aacb..fb78c35 100644
+--- a/common/Makefile.am
++++ b/common/Makefile.am
+@@ -25,6 +25,6 @@ AM_CPPFLAGS = -D_GNU_SOURCE -fPIC -DPIC -I${top_srcdir} -I${top_srcdir}/lib
+ 
+ noinst_HEADERS = common.h
+ libaucommon_la_DEPENDENCIES = ../config.h
+-libaucommon_la_SOURCES = audit-fgets.c strsplit.c
++libaucommon_la_SOURCES = audit-fgets.c strsplit.c common.c
+ noinst_LTLIBRARIES = libaucommon.la
+ 
+diff --git a/common/common.c b/common/common.c
+new file mode 100644
+index 0000000..cbfa46c
+--- /dev/null
++++ b/common/common.c
+@@ -0,0 +1,43 @@
++/* common.c --
++ * Copyright 2023 Red Hat Inc.
++ * All Rights Reserved.
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
++ *
++ * Authors:
++ *      Steve Grubb <sgrubb@redhat.com>
++ */
++
++#include "libaudit.h"
++#include "common.h"
++
++/*
++ * This function returns 1 if it is the last record in an event.
++ * It returns 0 otherwise.
++ */
++int audit_is_last_record(int type)
++{
++	if (type == AUDIT_PROCTITLE ||
++			type == AUDIT_EOE ||
++			type < AUDIT_FIRST_EVENT ||
++			type >= AUDIT_FIRST_ANOM_MSG ||
++			type == AUDIT_KERNEL ||
++			(type >= AUDIT_MAC_UNLBL_ALLOW &&
++			type <= AUDIT_MAC_CALIPSO_DEL)) {
++		return 1;
++	}
++	return 0;
++}
++
+diff --git a/common/common.h b/common/common.h
+index 011be46..b706784 100644
+--- a/common/common.h
++++ b/common/common.h
+@@ -1,5 +1,5 @@
+ /* audit-fgets.h -- a replacement for glibc's fgets
+- * Copyright 2018 Red Hat Inc., Durham, North Carolina.
++ * Copyright 2018-23 Red Hat Inc.
+  * All Rights Reserved.
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -33,6 +33,7 @@ int audit_fgets(char *buf, size_t blen, int fd);
+ 
+ char *audit_strsplit_r(char *s, char **savedpp);
+ char *audit_strsplit(char *s);
++int audit_is_last_record(int type);
+ 
+ AUDIT_HIDDEN_END
+ #endif
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index 6d378cc..b09228f 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -250,16 +250,11 @@ static void check_events(lol *lo, time_t sec)
+ 			if (cur->l->e.sec + eoe_timeout <= sec) {
+ 				cur->status = L_COMPLETE;
+ 				ready++;
+-			} else if (cur->l->e.type == AUDIT_PROCTITLE ||
+-				    cur->l->e.type < AUDIT_FIRST_EVENT ||
+-				    cur->l->e.type >= AUDIT_FIRST_ANOM_MSG ||
+-				    cur->l->e.type == AUDIT_KERNEL ||
+-				    (cur->l->e.type >= AUDIT_MAC_UNLBL_ALLOW &&
+-				    cur->l->e.type <= AUDIT_MAC_CALIPSO_DEL)) {
++			} else if (audit_is_last_record(cur->l->e.type)) {
+ 				// If known to be 1 record event, we are done
+ 				cur->status = L_COMPLETE;
+ 				ready++;
+-			} 
++			}
+ 		}
+ 	}
+ }
+-- 
+2.33.0
+

backport-Correct-output-when-displaying-rules-with-exe-path-d.patch

@@ -0,0 +1,52 @@
+From e5b0c9d74a54e0c6c83ba402807a53e4544b7898 Mon Sep 17 00:00:00 2001
+From: Attila Lakatos <Cropi@users.noreply.github.com>
+Date: Wed, 12 Jun 2024 18:22:00 +0200
+Subject: [PATCH] Correct output when displaying rules with exe/path/dir (#379)
+
+Some audit operators were not displayed properly
+because auditctl used the "=" operator in all
+the scenarios mentioned above.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/e5b0c9d74a54e0c6c83ba402807a53e4544b7898
+Conflict:NA
+
+---
+ src/auditctl-listing.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/auditctl-listing.c b/src/auditctl-listing.c
+index 57ae1837..9c322670 100644
+--- a/src/auditctl-listing.c
++++ b/src/auditctl-listing.c
+@@ -380,7 +380,9 @@ static void print_rule(const struct audit_rule_data *r)
+ 					printf("-w %.*s", r->values[i],
+ 						&r->buf[boffset]);
+ 				else
+-					printf(" -F path=%.*s",	r->values[i],
++					printf(" -F path%s%.*s",
++						audit_operator_to_symbol(op),
++						r->values[i],
+ 						&r->buf[boffset]);
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_DIR) {
+@@ -388,12 +390,15 @@ static void print_rule(const struct audit_rule_data *r)
+ 					printf("-w %.*s", r->values[i],
+ 						&r->buf[boffset]);
+ 				else
+-					printf(" -F dir=%.*s", r->values[i],
++					printf(" -F dir%s%.*s",
++						audit_operator_to_symbol(op),
++						r->values[i],
+ 						&r->buf[boffset]);
+ 
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_EXE) {
+-				printf(" -F exe=%.*s",
++				printf(" -F exe%s%.*s",
++					audit_operator_to_symbol(op),
+ 					r->values[i], &r->buf[boffset]);
+ 				boffset += r->values[i];
+ 			} else if (field == AUDIT_FILTERKEY) {
+-- 
+2.33.0
+

backport-Fix-a-maybe-uninitialized-warning.patch

@@ -0,0 +1,53 @@
+From 25d5458a396a07e56f36f651da2c51b528fb293a Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Thu, 2 Jan 2025 16:32:34 -0500
+Subject: [PATCH] Fix a maybe uninitialized warning
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/25d5458a396a07e56f36f651da2c51b528fb293a
+Conflict:NA
+
+---
+ src/ausearch-parse.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index e15396d7..68e2b29e 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -1556,7 +1556,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 		if (str) {
+ 			ptr = str + 5;
+ 			term = strchr(ptr, ' ');
+-			if (term == NULL) 
++			if (term == NULL)
+ 				return 7;
+ 			saved = *term;
+ 			*term = 0;
+@@ -1565,13 +1565,11 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 			if (errno)
+ 				return 8;
+ 			*term = saved;
+-		} else
+-			term = ptr;
++		}
+ 	}
+ 
+ 	// ses - optional
+ 	if (event_session_id != -2) {
+-		ptr = term;
+ 		str = strstr(term, "ses=");
+ 		if (str) {
+ 			ptr = str + 4;
+@@ -1585,8 +1583,7 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 			if (errno)
+ 				return 10;
+ 			*term = saved;
+-		} else
+-			term = ptr;
++		}
+ 	}
+ 
+ 	if (event_subject) {
+-- 
+2.33.0
+

backport-Fix-memory-leaks.patch

@@ -0,0 +1,69 @@
+From 289dc3a077f05fba93816fbdfbbfe032322d7f64 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Tue, 21 May 2024 12:28:29 -0400
+Subject: [PATCH] Fix memory leaks
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/289dc3a077f05fba93816fbdfbbfe032322d7f64
+Conflict:NA
+
+---
+ src/auditd-listen.c  | 2 +-
+ src/ausearch-lol.c   | 2 ++
+ src/ausearch-parse.c | 6 ++++--
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/auditd-listen.c b/src/auditd-listen.c
+index ea3f137c..52076361 100644
+--- a/src/auditd-listen.c
++++ b/src/auditd-listen.c
+@@ -443,8 +443,8 @@ static int negotiate_credentials(ev_tcp *io)
+ 				gss_release_name(&min_stat, &client);
+ 				return -1;
+ 			}
+-			gss_release_buffer(&min_stat, &send_tok);
+ 		}
++		gss_release_buffer(&min_stat, &send_tok);
+ 	} while (maj_stat == GSS_S_CONTINUE_NEEDED);
+ 
+ 	maj_stat = gss_display_name(&min_stat, client, &recv_tok, NULL);
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index a5418079..784c58f6 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -311,6 +311,7 @@ int lol_add_record(lol *lo, char *buff)
+ 	n.type = e.type;
+ 	n.message = strdup(buff);
+ 	if(n.message == NULL) {
++		free((char *)e.node);
+ 		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return 0;
+ 	}
+@@ -369,6 +370,7 @@ int lol_add_record(lol *lo, char *buff)
+ 	// Create new event and fill it in
+ 	l = malloc(sizeof(llist));
+ 	if (l == NULL) {
++		free((char *)e.node);
+ 		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return 0;
+ 	}
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index be57606b..4c9bef0d 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -769,9 +769,11 @@ static int common_path_parser(search_items *s, char *path)
+ 			if ((sn.str[0] == '.') && ((sn.str[1] == '.') ||
+ 				(sn.str[1] == '/')) && s->cwd) {
+ 				char *tmp = malloc(PATH_MAX);
+-				if (tmp == NULL)
++				if (tmp == NULL) {
++					free(sn.str);
+ 					return 6;
+-				snprintf(tmp, PATH_MAX, "%s/%s", 
++				}
++				snprintf(tmp, PATH_MAX, "%s/%s",
+ 					s->cwd, sn.str);
+ 				free(sn.str);
+ 				sn.str = tmp;
+-- 
+2.33.0
+

backport-Fixed-NULL-checks.patch

@@ -0,0 +1,54 @@
+From 68131717821ee5c946fb561218551c98e46d7d06 Mon Sep 17 00:00:00 2001
+From: Yugend <jugendd@mail.ru>
+Date: Tue, 19 Mar 2024 17:01:53 +0300
+Subject: [PATCH] Fixed NULL checks
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/68131717821ee5c946fb561218551c98e46d7d06
+Conflict:NA
+
+---
+ audisp/plugins/zos-remote/zos-remote-queue.c | 2 +-
+ auparse/auparse.c                            | 1 +
+ src/ausearch-lol.c                           | 1 +
+ 3 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
+index 47dd006e..f8019890 100644
+--- a/audisp/plugins/zos-remote/zos-remote-queue.c
++++ b/audisp/plugins/zos-remote/zos-remote-queue.c
+@@ -131,7 +131,7 @@ void increase_queue_depth(unsigned int size)
+ 
+         tmp_q = realloc(q, size * sizeof(BerElement *));
+         if (tmp_q == NULL) {
+-			log_err("Memory allocation error");;
++		    log_err("Memory allocation error");;
+ 			pthread_mutex_unlock(&queue_lock);
+ 			return;
+ 		}
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index 516ee8f1..e782058d 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -116,6 +116,7 @@ static int setup_log_file_array(auparse_state_t *au)
+ 	if (!tmp) {
+ 		fprintf(stderr, "No memory\n");
+ 		aup_free_config(&config);
++		free(filename);
+ 		return 1;
+ 	}
+ 
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index c2140b7e..7562dc21 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -49,6 +49,7 @@ void lol_create(lol *lo)
+ 	lo->array = (lolnode *)malloc(size);
+ 	if (lo->array == NULL) {
+ 		fprintf(stderr, "Memory allocation error");
++		lo->limit = 0;
+ 		return;
+ 	}
+ 	memset(lo->array, 0, size);
+-- 
+2.33.0
+

backport-Issue343-Fix-checkpoint-issue-to-ensure-all-complete.patch

@@ -0,0 +1,114 @@
+From 139c61a9007600c93702947179d7836be1bc8403 Mon Sep 17 00:00:00 2001                                  
+From: burnalting <burnalting@users.noreply.github.com>
+Date: Thu, 11 Jan 2024 08:22:32 +1100
+Subject: [PATCH] Issue343: Fix checkpoint issue to ensure all complete events
+ are gained (#345)
+
+Co-authored-by: Burn Alting <burn@auditdtest.swtf.dyndns.org>
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/139c61a9007600c93702947179d7836be1bc8403
+Conflict:NA
+
+---
+ src/ausearch-lol.c | 33 +++++++++++++++++++++++++++++++++
+ src/ausearch-lol.h |  1 +
+ src/ausearch.c     | 12 +++++++-----
+ 3 files changed, 41 insertions(+), 5 deletions(-)
+
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index f22f358..dc91034 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -283,6 +283,32 @@ static void check_events(lol *lo, time_t sec)
+ 	}
+ }
+ 
++// This function will check events to see if they are complete but not compare against a given time
++static void check_events_without_time(lol *lo)
++{
++	int i;
++
++	for(i=0;i<=lo->maxi; i++) {
++		lolnode *cur = &lo->array[i];
++		if (cur->status == L_BUILDING) {
++			/* We now iterate over the event's records but without affecting the node's current
++			 * pointer (cur->l->cur). That is, we don't call the list-* routines
++			 * We could jump to the last record in the list which is normally a PROCTITLE, but this
++			 * may not be guaranteed, so we check all record types
++			 */
++			lnode *ln = cur->l->head;
++			while (ln) {
++				if (audit_is_last_record(ln->type)) {
++					cur->status = L_COMPLETE;
++					ready++;
++					break;
++				}
++				ln = ln->next;
++			}
++		}
++	}
++}
++
+ // This function adds a new record to an existing linked list
+ // or creates a new one if its a new event
+ int lol_add_record(lol *lo, char *buff)
+@@ -382,6 +408,13 @@ void terminate_all_events(lol *lo)
+ 	}
+ }
+ 
++// This function will mark all events as complete if it can.
++void complete_all_events(lol *lo)
++{
++
++	check_events_without_time(lo);
++}
++
+ /* Search the list for any event that is ready to go. The caller
+  * takes custody of the memory */
+ llist* get_ready_event(lol *lo)
+diff --git a/src/ausearch-lol.h b/src/ausearch-lol.h
+index 21f2c15..bab0c81 100644
+--- a/src/ausearch-lol.h
++++ b/src/ausearch-lol.h
+@@ -49,6 +49,7 @@ void lol_create(lol *lo);
+ void lol_clear(lol *lo);
+ int lol_add_record(lol *lo, char *buff);
+ void terminate_all_events(lol *lo);
++void complete_all_events(lol *lo);
+ llist* get_ready_event(lol *lo);
+ 
+ void lol_set_eoe_timeout(time_t new_eoe_tmo);
+diff --git a/src/ausearch.c b/src/ausearch.c
+index 0091a1c..f54eda9 100644
+--- a/src/ausearch.c
++++ b/src/ausearch.c
+@@ -593,19 +593,21 @@ static int get_next_event(llist **l)
+ 			 * If we get an EINTR error or we are at EOF, we check
+ 			 * to see if we have any events to print and return
+ 			 * appropriately. If we are the last file being
+-			 * processed, we mark all incomplete events as
+-			 * complete so they will be printed.
++			 * processed, and we are not checkpointing, we mark all incomplete
++			 * events as complete so they will be printed. If we are checkpointing
++			 * we do an exhaustive validation to see if there are complete events still
+ 			 */
+ 			if ((ferror_unlocked(log_fd) &&
+ 			     errno == EINTR) || feof_unlocked(log_fd)) {
+ 				/*
+-				 * Only mark all events as L_COMPLETE if we are
++				 * Only attempt to mark all events as L_COMPLETE if we are
+ 				 * the last file being processed.
+-				 * We DO NOT do this if we are checkpointing.
+ 				 */
+ 				if (files_to_process == 0) {
+ 					if (!checkpt_filename)
+-					terminate_all_events(&lo);
++					 	terminate_all_events(&lo);	// terminate as we are not checkpointing
++					else
++					 	complete_all_events(&lo);	// exhaustively check if we can complete events
+ 				}
+ 				*l = get_ready_event(&lo);
+ 				if (*l)
+-- 
+2.33.0
+

backport-Solve-issue-363-by-moving-check-to-after-load_config.patch

@@ -0,0 +1,62 @@
+From 0604569e79a5d1c76b32f15576e129e0b813659f Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Sun, 24 Mar 2024 13:06:59 -0400
+Subject: [PATCH] Solve issue #363 by moving check to after load_config
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/0604569e79a5d1c76b32f15576e129e0b813659f
+Conflict:NA
+
+---
+ src/auditd.c | 29 +++++++++++++++--------------
+ 1 file changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/src/auditd.c b/src/auditd.c
+index e0fe9925..67ce06c0 100644
+--- a/src/auditd.c
++++ b/src/auditd.c
+@@ -676,20 +676,6 @@ int main(int argc, char *argv[])
+ 	}
+ 	session = audit_get_session();
+ 
+-#ifndef DEBUG
+-	/* Make sure we can do our job. Containers may not give you
+-	 * capabilities, so we revert to a uid check for that case. */
+-	if (!audit_can_control()) {
+-		if (!config.local_events && geteuid() == 0)
+-			;
+-		else {
+-			fprintf(stderr,
+-		"You must be root or have capabilities to run this program.\n");
+-			return 4;
+-		}
+-	}
+-#endif
+-
+ 	/* Register sighandlers */
+ 	sa.sa_flags = 0 ;
+ 	sigemptyset( &sa.sa_mask ) ;
+@@ -717,6 +703,21 @@ int main(int argc, char *argv[])
+ 		free_config(&config);
+ 		return 6;
+ 	}
++
++#ifndef DEBUG
++	/* Make sure we can do our job. Containers may not give you
++	 * capabilities, so we revert to a uid check for that case. */
++	if (!audit_can_control()) {
++		if (!config.local_events && geteuid() == 0)
++			;
++		else {
++			fprintf(stderr,
++		"You must be root or have capabilities to run this program.\n");
++			return 4;
++		}
++	}
++#endif
++
+ 	if (config.daemonize == D_FOREGROUND)
+ 		config.write_logs = 0;
+ 
+-- 
+2.33.0
+

backport-Use-atomic_int-if-available-for-signal-related-flags.patch

@@ -0,0 +1,94 @@
+From 184f20c56576300343b8f8b60a8bebb185074485 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Fri, 26 Apr 2024 12:44:56 -0400
+Subject: [PATCH] Use atomic_int if available for signal related flags
+
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/184f20c56576300343b8f8b60a8bebb185074485
+Conflict:configure.ac
+
+---
+ configure.ac       | 8 ++++++++
+ src/auditd-event.c | 5 ++++-
+ src/auditd.c       | 9 ++++++---
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f2f2950..96a0fcc 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -85,6 +85,14 @@ AC_LINK_IFELSE(
+  [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
+  []
+ )
++
++AC_CHECK_HEADERS([stdatomic.h], [
++    AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the <stdatomic.h> header file.])
++    AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the <stdatomic.h> header file.])
++  ], [
++    AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if <stdatomic.h> is not available.])
++])
++
+ dnl; pthread_yield is used in zos-remote
+ AC_SEARCH_LIBS(pthread_yield, pthread, 
+ 	[AC_DEFINE(HAVE_PTHREAD_YIELD, 1, [Define to 1 if we have pthread_yield])], [])
+diff --git a/src/auditd-event.c b/src/auditd-event.c
+index 847f5fe..c1e4b5a 100644
+--- a/src/auditd-event.c
++++ b/src/auditd-event.c
+@@ -36,6 +36,9 @@
+ #include <limits.h>     /* POSIX_HOST_NAME_MAX */
+ #include <ctype.h>	/* toupper */
+ #include <libgen.h>	/* dirname */
++#ifdef HAVE_ATOMIC
++#include <stdatomic.h>
++#endif
+ #include "auditd-event.h"
+ #include "auditd-dispatch.h"
+ #include "auditd-listen.h"
+@@ -45,7 +48,7 @@
+ #include "auparse-idata.h"
+ 
+ /* This is defined in auditd.c */
+-extern volatile int stop;
++extern volatile ATOMIC_INT stop;
+ 
+ /* Local function prototypes */
+ static void send_ack(const struct auditd_event *e, int ack_type,
+diff --git a/src/auditd.c b/src/auditd.c
+index 34a9b57..75a180e 100644
+--- a/src/auditd.c
++++ b/src/auditd.c
+@@ -38,6 +38,9 @@
+ #include <pthread.h>
+ #include <sys/utsname.h>
+ #include <getopt.h>
++#ifdef HAVE_ATOMIC
++#include <stdatomic.h>
++#endif
+ 
+ #include "libaudit.h"
+ #include "auditd-event.h"
+@@ -62,7 +65,7 @@
+ #define SUBJ_LEN 4097
+ 
+ /* Global Data */
+-volatile int stop = 0;
++volatile ATOMIC_INT stop = 0;
+ 
+ /* Local data */
+ static int fd = -1, pipefds[2] = {-1, -1};
+@@ -72,8 +75,8 @@ static const char *state_file = "/var/run/auditd.state";
+ static int init_pipe[2];
+ static int do_fork = 1, opt_aggregate_only = 0, config_dir_set = 0;
+ static struct auditd_event *cur_event = NULL, *reconfig_ev = NULL;
+-static int hup_info_requested = 0;
+-static int usr1_info_requested = 0, usr2_info_requested = 0;
++static ATOMIC_INT hup_info_requested = 0;
++static ATOMIC_INT usr1_info_requested = 0, usr2_info_requested = 0;
+ static char subj[SUBJ_LEN];
+ static uint32_t session;
+ static int hup_flag = 0;
+-- 
+2.33.0
+

backport-Use-atomic_uint-if-available-for-signal-related-flag.patch

@@ -0,0 +1,85 @@
+From 3955b5e29e119122dc2fc0a53ba82529613e4e1c Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Fri, 26 Apr 2024 14:03:02 -0400
+Subject: [PATCH] Use atomic_uint if available for signal related flags
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/3955b5e29e119122dc2fc0a53ba82529613e4e1c
+Conflict:configure.ac
+
+---
+ audisp/audispd.c | 7 +++++--
+ audisp/queue.c   | 9 ++++++---
+ configure.ac     | 2 ++
+ 3 files changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/audisp/audispd.c b/audisp/audispd.c
+index 0172e12..8be0e8f 100644
+--- a/audisp/audispd.c
++++ b/audisp/audispd.c
+@@ -41,6 +41,9 @@
+ #include <limits.h>
+ #include <sys/uio.h>
+ #include <getopt.h>
++#ifdef HAVE_ATOMIC
++#include <stdatomic.h>
++#endif
+ 
+ #include "audispd-pconfig.h"
+ #include "audispd-config.h"
+@@ -51,8 +54,8 @@
+ #include "private.h"
+ 
+ /* Global Data */
+-static volatile int stop = 0;
+-volatile int disp_hup = 0;
++static volatile ATOMIC_INT stop = 0;
++volatile ATOMIC_INT disp_hup = 0;
+ 
+ /* Local data */
+ static daemon_conf_t daemon_config;
+diff --git a/audisp/queue.c b/audisp/queue.c
+index 2b7ea43..6204453 100644
+--- a/audisp/queue.c
++++ b/audisp/queue.c
+@@ -25,17 +25,20 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <syslog.h>
++#ifdef HAVE_ATOMIC
++#include <stdatomic.h>
++#endif
+ #include "queue.h"
+ 
+ static volatile event_t **q;
+ static pthread_mutex_t queue_lock;
+ static pthread_cond_t queue_nonempty;
+-static unsigned int q_next, q_last, q_depth, processing_suspended;
+-static unsigned int currently_used, max_used, overflowed;
++static unsigned int q_next, q_last, q_depth, processing_suspended, overflowed;
++static ATOMIC_UNSIGNED currently_used, max_used;
+ static const char *SINGLE = "1";
+ static const char *HALT = "0";
+ static int queue_full_warning = 0;
+-extern volatile int disp_hup;
++extern volatile ATOMIC_INT disp_hup;
+ #define QUEUE_FULL_LIMIT 5
+ 
+ void reset_suspended(void)
+diff --git a/configure.ac b/configure.ac
+index 96a0fcc..57c961a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -89,8 +89,10 @@ AC_LINK_IFELSE(
+ AC_CHECK_HEADERS([stdatomic.h], [
+     AC_DEFINE([HAVE_ATOMIC], 1, [Define to 1 if you have the <stdatomic.h> header file.])
+     AC_DEFINE([ATOMIC_INT], atomic_int, [Define atomic_int if you have the <stdatomic.h> header file.])
++    AC_DEFINE([ATOMIC_UNSIGNED], atomic_uint, [Define atomic_uint if you have the <stdatomic.h> header file.])
+   ], [
+     AC_DEFINE([ATOMIC_INT], int, [Define to the type of an int if <stdatomic.h> is not available.])
++    AC_DEFINE([ATOMIC_UNSIGNED], unsigned, [Define to the type of an unsigned if <stdatomic.h> is not available.])
+ ])
+ 
+ dnl; pthread_yield is used in zos-remote
+-- 
+2.33.0
+

backport-adding-the-file-descriptor-closure.patch

@@ -0,0 +1,27 @@
+From 5eef876b3eb2fa3348be6cd31bd651a98b164deb Mon Sep 17 00:00:00 2001
+From: Yugend <jugendd@mail.ru>
+Date: Wed, 27 Mar 2024 17:34:33 +0300
+Subject: [PATCH] adding the file descriptor closure
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/5eef876b3eb2fa3348be6cd31bd651a98b164deb
+Conflict:NA
+
+---
+ src/auditctl.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/auditctl.c b/src/auditctl.c
+index 503b4e2b..7949d95c 100644
+--- a/src/auditctl.c
++++ b/src/auditctl.c
+@@ -1393,6 +1393,7 @@ static int fileopt(const char *file)
+ 		fields = malloc(nf * sizeof(char *));
+ 		if (fields == NULL) {
+ 			audit_msg(LOG_ERR, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
++			fclose(f);
+ 			return 1;
+ 		}
+ 		
+-- 
+2.33.0
+

backport-ausearch-format-Fix-display-of-renamed-file-411.patch

@@ -0,0 +1,48 @@
+From 7cdcfd30c6122acc6b2e54e1ad8cd1a12dd537d2 Mon Sep 17 00:00:00 2001
+From: Attila Lakatos <Cropi@users.noreply.github.com>
+Date: Mon, 21 Oct 2024 04:25:37 +0200
+Subject: [PATCH] ausearch format: Fix display of renamed file (#411)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+ 
+In some cases, ausearch was not correctly showing
+the new name of a renamed file when searching for
+audit events. If the target file didn’t exist prior
+to the rename, ausearch was unable to parse the new
+file name. This occurred because ausearch attempted
+to retrieve this information from the 7th record,
+which is absent when the target file does not exist.
+---
+ auparse/normalize.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+ 
+diff --git a/auparse/normalize.c b/auparse/normalize.c
+index 036c0b86..f1a07d18 100644
+--- a/auparse/normalize.c
++++ b/auparse/normalize.c
+@@ -693,7 +693,20 @@ static int normalize_syscall(auparse_state_t *au, const char *syscall)
+ 		case NORM_FILE_RENAME:
+ 			act = "renamed";
+ 			D.thing.what = NORM_WHAT_FILE; // this gets overridden
+-			set_prime_object2(au, "name", 4);
++			/* A sucessfull syscall from the rename family will provide
++			 * the following items:
++			 *  0 - new dir, in which the file will be located
++			 *  1 - old dir, in which the file was located
++			 *  2 - old name, the name of the original file
++			 * 	if the file was already present in the new dir:
++			 *   3 - removal of the new file
++			 *   4 - creation of the new file
++			 *  otherwise:
++			 *  3 - creation of the new file
++			 */
++
++			// The 3rd record will always contain the name of the new file
++			set_prime_object2(au, "name", 3);
+ 			set_file_object(au, 2); // Thing renamed is 2 after
+ 			simple_file_attr(au);
+ 			break;
+-- 
+2.33.0
+ 

backport-ausearch-parse-fix-parsing-for-success-uid-in-parse_.patch

@@ -0,0 +1,43 @@
+From f97f0579fafcd9fc58d892699a22ae7ee68aeff3 Mon Sep 17 00:00:00 2001
+From: Sergio Correia <scorreia@redhat.com>
+Date: Mon, 16 Dec 2024 09:06:13 +0000
+Subject: [PATCH] ausearch-parse: fix parsing for success/uid  in
+ parse_daemon1() (#394)
+
+In parse_daemon1(), we may have the uid= field appear both before and
+after pid=, which may cause our parsing of it to fail, as we may have
+skipped past it. For uid=, let us search from the beginning.
+
+Example for this case:
+
+type=DAEMON_END msg=audit(1709723032.140:753): op=terminate auid=0 uid=0 ses=8 pid=107086 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=success
+
+ausearch -if sample.log -a 753 -m DAEMON_END  -ui 0 --session 8 -p 107086 --success yes
+
+Signed-off-by: Sergio Correia <scorreia@redhat.com>
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/f97f0579fafcd9fc58d892699a22ae7ee68aeff3
+Conflict:NA
+
+---
+ src/ausearch-parse.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index 4c9bef0d..e15396d7 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -1549,7 +1549,9 @@ static int parse_daemon1(const lnode *n, search_items *s)
+ 
+ 	// uid - optional
+ 	if (event_uid != -1) {
+-		ptr = term;
++		// As the uid= field may happen in different orders, e.g. both before
++		// and after pid=, let us search for the uid from the beginning.
++		term = mptr;
+ 		str = strstr(term, " uid=");
+ 		if (str) {
+ 			ptr = str + 5;
+-- 
+2.33.0
+

backport-avoiding-of-NULL-pointers-dereference-366.patch

@@ -0,0 +1,41 @@
+From 4780cd1a790286213dda646f782fa7128fb092a9 Mon Sep 17 00:00:00 2001
+From: Yugend <77495782+Yugend@users.noreply.github.com>
+Date: Sat, 4 May 2024 00:39:36 +0300
+Subject: [PATCH] avoiding of NULL pointers dereference (#366)
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/4780cd1a790286213dda646f782fa7128fb092a9
+Conflict:NA
+
+---
+ src/ausearch-parse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/ausearch-parse.c b/src/ausearch-parse.c
+index 1a5b047f..be57606b 100644
+--- a/src/ausearch-parse.c
++++ b/src/ausearch-parse.c
+@@ -719,6 +719,10 @@ static int common_path_parser(search_items *s, char *path)
+ 			// append
+ 			snode sn;
+ 			sn.str = strdup(path);
++			if (sn.str == NULL) {
++				fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__);
++				return 8;
++			}
+ 			sn.key = NULL;
+ 			sn.hits = 1;
+ 			// Attempt to rebuild path if relative
+@@ -1217,6 +1221,10 @@ skip:
+ 			saved = *term;
+ 			*term = 0;
+ 			s->hostname = strdup(str);
++			if (s->hostname == NULL) {
++				fprintf(stderr, "Out of memory. Check %s file, %d line\n", __FILE__, __LINE__);
++				return 33;
++			}
+ 			*term = saved;
+ 
+ 			// Lets see if there is something more
+-- 
+2.33.0
+

backport-correcting-memcmp-args-in-check_rule_mismatch-functi.patch

@@ -0,0 +1,28 @@
+From 3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0 Mon Sep 17 00:00:00 2001
+From: Yugend <jugendd@mail.ru>
+Date: Wed, 27 Mar 2024 17:41:07 +0300
+Subject: [PATCH] correcting memcmp args in check_rule_mismatch function
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/3f3b3a2377ce1977dd4136aa653f2f65c3cd2fe0
+Conflict:src/auditctl.c
+
+---
+ src/auditctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/auditctl.c b/src/auditctl.c
+index d55f7d8..6274f6d 100644
+--- a/src/auditctl.c
++++ b/src/auditctl.c
+@@ -388,7 +388,7 @@ static void check_rule_mismatch(int lineno, const char *option)
+ 	}
+ 	memset(&tmprule, 0, sizeof(struct audit_rule_data));
+ 	audit_rule_syscallbyname_data(&tmprule, option);
+-	if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE))
++	if (memcmp(tmprule.mask, rule_new->mask, AUDIT_BITMASK_SIZE * sizeof(tmprule.mask[0])))
+ 		rc = 1;
+ 	_audit_elf = old_audit_elf;
+ 	if (rc) { 
+-- 
+2.33.0
+

backport-first-part-of-NULL-pointer-checks.patch

@@ -0,0 +1,147 @@
+From b046de44454fa2616dbb8899f1b41d65ce876e33 Mon Sep 17 00:00:00 2001
+From: Yugend <jugendd@mail.ru>
+Date: Fri, 15 Mar 2024 17:08:16 +0300
+Subject: [PATCH] first part of NULL pointer checks
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/b046de44454fa2616dbb8899f1b41d65ce876e33
+Conflict:auparse/auparse.c
+
+---
+ audisp/audispd-llist.c            | 3 +++
+ auparse/auparse.c                 | 7 +++++++
+ src/auditctl-llist.c              | 3 +++
+ src/auditctl.c                    | 5 +++++
+ src/ausearch-avc.c                | 3 +++
+ src/ausearch-int.c                | 3 +++
+ src/ausearch-llist.c              | 3 +++
+ tools/aulastlog/aulastlog-llist.c | 3 +++
+ 8 files changed, 30 insertions(+)
+
+diff --git a/audisp/audispd-llist.c b/audisp/audispd-llist.c
+index c562a72..c338327 100644
+--- a/audisp/audispd-llist.c
++++ b/audisp/audispd-llist.c
+@@ -74,6 +74,9 @@ void plist_append(conf_llist *l, plugin_conf_t *p)
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	if (p) {
+ 		void *pp = malloc(sizeof(struct plugin_conf));
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index 036f022..abbc17b 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -95,6 +95,11 @@ static int setup_log_file_array(auparse_state_t *au)
+ 	}
+ 	num--;
+ 	tmp = malloc((num+2)*sizeof(char *));
++	if (!tmp) {
++		fprintf(stderr, "No memory\n");
++		aup_free_config(&config);
++		return 1;
++	}
+ 
+         /* Got it, now process logs from last to first */
+ 	if (num > 0)
+@@ -468,6 +473,8 @@ auparse_state_t *auparse_init(ausource_t source, const void *b)
+ 			if (access(b, R_OK))
+ 				goto bad_exit;
+ 			tmp = malloc(2*sizeof(char *));
++			if (tmp == NULL) 
++				goto bad_exit;
+ 			tmp[0] = strdup(b);
+ 			tmp[1] = NULL;
+ 			au->source_list = tmp;
+diff --git a/src/auditctl-llist.c b/src/auditctl-llist.c
+index 6e70ef1..ae9776b 100644
+--- a/src/auditctl-llist.c
++++ b/src/auditctl-llist.c
+@@ -64,6 +64,9 @@ void list_append(llist *l, struct audit_rule_data *r, size_t sz)
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	if (r) {
+ 		void *rr = malloc(sz);
+diff --git a/src/auditctl.c b/src/auditctl.c
+index 778b374..8942195 100644
+--- a/src/auditctl.c
++++ b/src/auditctl.c
+@@ -1323,6 +1323,11 @@ static int fileopt(const char *file)
+ 		}
+ 		i = 0;
+ 		fields = malloc(nf * sizeof(char *));
++		if (fields == NULL) {
++			audit_msg(LOG_ERR, "Memory allocation error");
++			return 1;
++		}
++		
+ 		fields[i++] = "auditctl";
+ 		fields[i++] = ptr;
+ 		while( (ptr=audit_strsplit(NULL)) && (i < nf-1)) {
+diff --git a/src/ausearch-avc.c b/src/ausearch-avc.c
+index 10d153f..6aa98c7 100644
+--- a/src/ausearch-avc.c
++++ b/src/ausearch-avc.c
+@@ -67,6 +67,9 @@ void alist_append(alist *l, anode *node)
+ 	anode* newnode;
+ 
+ 	newnode = malloc(sizeof(anode));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	if (node->scontext)
+ 		newnode->scontext = node->scontext;
+diff --git a/src/ausearch-int.c b/src/ausearch-int.c
+index 718dacd..0e8b0ff 100644
+--- a/src/ausearch-int.c
++++ b/src/ausearch-int.c
+@@ -46,6 +46,9 @@ void ilist_append(ilist *l, int num, unsigned int hits, int aux)
+ 	int_node* newnode;
+ 
+ 	newnode = malloc(sizeof(int_node));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	newnode->num = num;
+ 	newnode->hits = hits;
+diff --git a/src/ausearch-llist.c b/src/ausearch-llist.c
+index ef5503c..3b4ff26 100644
+--- a/src/ausearch-llist.c
++++ b/src/ausearch-llist.c
+@@ -107,6 +107,9 @@ void list_append(llist *l, lnode *node)
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	if (node->message)
+ 		newnode->message = node->message;
+diff --git a/tools/aulastlog/aulastlog-llist.c b/tools/aulastlog/aulastlog-llist.c
+index 84882ca..779afb5 100644
+--- a/tools/aulastlog/aulastlog-llist.c
++++ b/tools/aulastlog/aulastlog-llist.c
+@@ -46,6 +46,9 @@ void list_append(llist *l, lnode *node)
+ 	lnode* newnode;
+ 
+ 	newnode = malloc(sizeof(lnode));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	newnode->sec = node->sec;
+ 	newnode->uid = node->uid;
+-- 
+2.33.0
+

backport-fix-one-more-leak.patch

@@ -0,0 +1,30 @@
+From 613ccbdd1011692c6724a11cc8798112dd26d202 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Tue, 21 May 2024 13:17:38 -0400
+Subject: [PATCH] fix one more leak
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/613ccbdd1011692c6724a11cc8798112dd26d202
+Conflict:NA
+
+---
+ src/ausearch-lol.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index 784c58f6..d156ce42 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -371,7 +371,9 @@ int lol_add_record(lol *lo, char *buff)
+ 	l = malloc(sizeof(llist));
+ 	if (l == NULL) {
+ 		free((char *)e.node);
+-		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
++		free(n.message);
++		fprintf(stderr, "Out of memory. Check %s file, %d line",
++			__FILE__, __LINE__);
+ 		return 0;
+ 	}
+ 	list_create(l);
+-- 
+2.33.0
+

backport-last-part-of-NULL-pointer-checks.patch

@@ -0,0 +1,53 @@
+From 97f3c78b6b31126c1128927d9c85bb794a1efa17 Mon Sep 17 00:00:00 2001
+From: Yugend <jugendd@mail.ru>
+Date: Fri, 15 Mar 2024 18:13:36 +0300
+Subject: [PATCH] last part of NULL pointer checks
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/97f3c78b6b31126c1128927d9c85bb794a1efa17
+Conflict:auparse/interpret.c
+
+---
+ auparse/interpret.c   | 4 ++++
+ src/ausearch-lookup.c | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index cc03a15..19934a2 100644
+--- a/auparse/interpret.c
++++ b/auparse/interpret.c
+@@ -415,6 +415,9 @@ int load_interpretation_list(const char *buffer)
+ 		return 0;
+ 
+ 	buf = strdup(buffer);
++	if (buf == NULL) {
++		goto err_out;
++	}	
+ 	if (strncmp(buf, "SADDR=", 6) == 0) {
+ 		// We have SOCKADDR record. It has no other values.
+ 		// Handle it by itself.
+@@ -431,6 +434,7 @@ int load_interpretation_list(const char *buffer)
+ 				return 1;
+ 			}
+ 		}
++err_out:
+ 		free(buf);
+ 		return 0;
+ 	} else {
+diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c
+index dd58c36..8ff881e 100644
+--- a/src/ausearch-lookup.c
++++ b/src/ausearch-lookup.c
+@@ -304,6 +304,10 @@ char *unescape(const char *buf)
+ 		return NULL;
+ 
+ 	str = strndup(buf, ptr - buf);
++	if (str == NULL) {
++		fprintf(stderr, "Memory alocation error");
++		return NULL;
++	}
+ 
+ 	if (*buf == '(')
+ 		return str;
+-- 
+2.33.0
+

backport-lib-avoid-UB-on-sequence-wrap-around-347.patch

@@ -0,0 +1,42 @@
+From f5c35d7d5e064af5ad31d22f900d148d932ad9b1 Mon Sep 17 00:00:00 2001                                                                                                        
+From: cgzones <cgzones@googlemail.com>
+Date: Mon, 15 Jan 2024 21:44:04 +0100
+Subject: [PATCH] lib: avoid UB on sequence wrap-around (#347)
+
+Signed integer overflow is undefined, allowing compilers to optimize the
+condition `++sequence < 0` away.
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/f5c35d7d5e064af5ad31d22f900d148d932ad9b1
+Conflict:NA
+
+---
+ lib/netlink.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/netlink.c b/lib/netlink.c
+index e643e4e..7e81ab5 100644
+--- a/lib/netlink.c
++++ b/lib/netlink.c
+@@ -26,6 +26,7 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <limits.h>
+ #include <time.h>
+ #include <sys/poll.h>
+ #include "libaudit.h"
+@@ -210,8 +211,10 @@ int __audit_send(int fd, int type, const void *data, unsigned int size, int *seq
+ 		return -errno;
+ 	}
+ 
+-	if (++sequence < 0) 
++	if (sequence == INT_MAX)
+ 		sequence = 1;
++	else
++		sequence++;
+ 	*seq = sequence;
+ 
+ 	memset(&req, 0, sizeof(req));
+-- 
+2.33.0
+

backport-second-part-of-NULL-pointer-checks.patch

@@ -0,0 +1,188 @@
+From 15d29a145ebe67cae52316871fcdedb5a19ce628 Mon Sep 17 00:00:00 2001
+From: Yugend <jugendd@mail.ru>
+Date: Fri, 15 Mar 2024 18:00:54 +0300
+Subject: [PATCH] second part of NULL pointer checks
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/15d29a145ebe67cae52316871fcdedb5a19ce628
+Conflict:NA
+
+---
+ audisp/plugins/zos-remote/zos-remote-queue.c |  5 +++++
+ audisp/queue.c                               |  5 +++++
+ auparse/normalize-llist.c                    |  3 +++
+ auparse/normalize.c                          |  9 +++++++++
+ lib/gen_tables.c                             | 10 ++++++++--
+ src/ausearch-lol.c                           | 12 ++++++++++++
+ src/ausearch-nvpair.c                        |  3 +++
+ src/ausearch-string.c                        |  3 +++
+ 8 files changed, 48 insertions(+), 2 deletions(-)
+
+diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
+index 37d91bd8..47dd006e 100644
+--- a/audisp/plugins/zos-remote/zos-remote-queue.c
++++ b/audisp/plugins/zos-remote/zos-remote-queue.c
+@@ -130,6 +130,11 @@ void increase_queue_depth(unsigned int size)
+         void *tmp_q;
+ 
+         tmp_q = realloc(q, size * sizeof(BerElement *));
++        if (tmp_q == NULL) {
++			log_err("Memory allocation error");;
++			pthread_mutex_unlock(&queue_lock);
++			return;
++		}
+         q = tmp_q;
+         for (i=q_depth; i<size; i++)
+             q[i] = NULL;
+diff --git a/audisp/queue.c b/audisp/queue.c
+index 6898d09f..76b62593 100644
+--- a/audisp/queue.c
++++ b/audisp/queue.c
+@@ -229,6 +229,11 @@ void increase_queue_depth(unsigned int size)
+ 		void *tmp_q;
+ 
+ 		tmp_q = realloc(q, size * sizeof(event_t *));
++		if (tmp_q == NULL) {
++			fprintf(stderr, "Memory allocation error");
++			pthread_mutex_unlock(&queue_lock);
++			return;
++		}
+ 		q = tmp_q;
+ 		for (i=q_depth; i<size; i++)
+ 			q[i] = NULL;
+diff --git a/auparse/normalize-llist.c b/auparse/normalize-llist.c
+index fd9d6cc8..32d5f124 100644
+--- a/auparse/normalize-llist.c
++++ b/auparse/normalize-llist.c
+@@ -66,6 +66,9 @@ void cllist_append(cllist *l, uint32_t num, void *data)
+ 	data_node *newnode;
+ 
+ 	newnode = malloc(sizeof(data_node));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	newnode->num = num;
+ 	newnode->data = data;
+diff --git a/auparse/normalize.c b/auparse/normalize.c
+index ae6e3d2d..58d28213 100644
+--- a/auparse/normalize.c
++++ b/auparse/normalize.c
+@@ -1191,6 +1191,11 @@ static int normalize_compound(auparse_state_t *au)
+ 		if (f) {
+ 			const char *exe = auparse_interpret_field(au);
+ 			D.how = strdup(exe);
++			if (D.how == NULL) {
++				fprintf(stderr, "Memory allocation error");
++				free((void *)syscall);
++				return 1;
++			}
+ 			if ((strncmp(D.how, "/usr/bin/python", 15) == 0) ||
+ 			    (strncmp(D.how, "/usr/bin/sh", 11) == 0) ||
+ 			    (strncmp(D.how, "/usr/bin/bash", 13) == 0) ||
+@@ -1999,6 +2004,10 @@ map:
+ 	if (f) {
+ 		const char *exe = auparse_interpret_field(au);
+ 		D.how = strdup(exe);
++		if (D.how == NULL) {
++			fprintf(stderr, "Memory allocation error");
++			return 1;
++		}
+ 		if ((strncmp(D.how, "/usr/bin/python", 15) == 0) ||
+ 		    (strncmp(D.how, "/usr/bin/sh", 11) == 0) ||
+ 		    (strncmp(D.how, "/usr/bin/bash", 13) == 0) ||
+diff --git a/lib/gen_tables.c b/lib/gen_tables.c
+index 3326759d..4ff233d0 100644
+--- a/lib/gen_tables.c
++++ b/lib/gen_tables.c
+@@ -271,7 +271,10 @@ output_i2s(const char *prefix)
+ 	}
+ 
+ 	unique_values = malloc(NUM_VALUES * sizeof(*unique_values));
+-	assert(unique_values != NULL);
++	if (unique_values == NULL) {
++		fprintf(stderr, "Memory allocation error");
++		abort();
++	}
+ 	n = 0;
+ 	for (i = 0; i < NUM_VALUES; i++) {
+ 		if (n == 0 || unique_values[n - 1].val != values[i].val) {
+@@ -351,7 +354,10 @@ output_i2s_transtab(const char *prefix)
+ 		printf("{%d,%zu},", values[i].val, values[i].s_offset);
+ 	}
+ 	uc_prefix = strdup(prefix);
+-	assert(uc_prefix != NULL);
++	if (uc_prefix == NULL) {
++		fprintf(stderr, "Memory allocation error");
++		abort();
++	}
+ 	for (i = 0; uc_prefix[i] != '\0'; i++)
+ 		uc_prefix[i] = toupper((unsigned char)uc_prefix[i]);
+ 	printf("\n"
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index bcfb9ad8..c2140b7e 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -47,6 +47,10 @@ void lol_create(lol *lo)
+ 	lo->maxi = -1;
+ 	lo->limit = ARRAY_LIMIT;
+ 	lo->array = (lolnode *)malloc(size);
++	if (lo->array == NULL) {
++		fprintf(stderr, "Memory allocation error");
++		return;
++	}
+ 	memset(lo->array, 0, size);
+ }
+ 
+@@ -305,6 +309,10 @@ int lol_add_record(lol *lo, char *buff)
+ 	n.a1 = 0L;
+ 	n.type = e.type;
+ 	n.message = strdup(buff);
++	if(n.message == NULL) {
++		fprintf(stderr, "Memory allocation error");
++		return 0;
++	}
+ 	ptr = strchr(n.message, AUDIT_INTERP_SEPARATOR);
+ 	if (ptr) {
+ 		n.mlen = ptr - n.message;
+@@ -359,6 +367,10 @@ int lol_add_record(lol *lo, char *buff)
+ 
+ 	// Create new event and fill it in
+ 	l = malloc(sizeof(llist));
++	if (l == NULL) {
++		fprintf(stderr, "Memory allocation error");
++		return 0;
++	}
+ 	list_create(l);
+ 	l->e.milli = e.milli;
+ 	l->e.sec = e.sec;
+diff --git a/src/ausearch-nvpair.c b/src/ausearch-nvpair.c
+index 8d0088e5..c344c27c 100644
+--- a/src/ausearch-nvpair.c
++++ b/src/ausearch-nvpair.c
+@@ -37,6 +37,9 @@ void search_list_create(nvlist *l)
+ void search_list_append(nvlist *l, nvnode *node)
+ {
+ 	nvnode* newnode = malloc(sizeof(nvnode));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	newnode->name = node->name;
+ 	newnode->val = node->val;
+diff --git a/src/ausearch-string.c b/src/ausearch-string.c
+index fbbacd77..f875bb2c 100644
+--- a/src/ausearch-string.c
++++ b/src/ausearch-string.c
+@@ -49,6 +49,9 @@ void slist_append(slist *l, const snode *node)
+ 	snode* newnode;
+ 
+ 	newnode = malloc(sizeof(snode));
++	if (newnode == NULL) {
++		return;
++	}
+ 
+ 	if (node->str)
+ 		newnode->str = node->str;
+-- 
+2.33.0
+

backport-update-error-messages-in-NULL-Checks.patch

@@ -0,0 +1,279 @@
+From dc7450f2fd056c7ca5eb29182ccb30ec0a4228c5 Mon Sep 17 00:00:00 2001
+From: Yugend <jugendd@mail.ru>
+Date: Fri, 22 Mar 2024 14:01:59 +0300
+Subject: [PATCH] update error messages in NULL Checks
+
+Reference:https://github.com/linux-audit/audit-userspace/commit/dc7450f2fd056c7ca5eb29182ccb30ec0a4228c5
+Conflict:NA
+
+---
+ audisp/audispd-llist.c                       | 1 +
+ audisp/plugins/zos-remote/zos-remote-queue.c | 2 +-
+ audisp/queue.c                               | 2 +-
+ auparse/auparse.c                            | 2 +-
+ auparse/normalize-llist.c                    | 1 +
+ auparse/normalize.c                          | 4 ++--
+ lib/gen_tables.c                             | 4 ++--
+ src/auditctl-llist.c                         | 1 +
+ src/auditctl.c                               | 2 +-
+ src/ausearch-avc.c                           | 1 +
+ src/ausearch-int.c                           | 1 +
+ src/ausearch-llist.c                         | 1 +
+ src/ausearch-lol.c                           | 6 +++---
+ src/ausearch-lookup.c                        | 2 +-
+ src/ausearch-nvpair.c                        | 1 +
+ src/ausearch-string.c                        | 1 +
+ tools/aulastlog/aulastlog-llist.c            | 1 +
+ 17 files changed, 21 insertions(+), 12 deletions(-)
+
+diff --git a/audisp/audispd-llist.c b/audisp/audispd-llist.c
+index c338327d..30d7f03b 100644
+--- a/audisp/audispd-llist.c
++++ b/audisp/audispd-llist.c
+@@ -75,6 +75,7 @@ void plist_append(conf_llist *l, plugin_conf_t *p)
+ 
+ 	newnode = malloc(sizeof(lnode));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
+index f8019890..67397f38 100644
+--- a/audisp/plugins/zos-remote/zos-remote-queue.c
++++ b/audisp/plugins/zos-remote/zos-remote-queue.c
+@@ -131,7 +131,7 @@ void increase_queue_depth(unsigned int size)
+ 
+         tmp_q = realloc(q, size * sizeof(BerElement *));
+         if (tmp_q == NULL) {
+-		    log_err("Memory allocation error");;
++		    log_err("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 			pthread_mutex_unlock(&queue_lock);
+ 			return;
+ 		}
+diff --git a/audisp/queue.c b/audisp/queue.c
+index 76b62593..8bd20ea1 100644
+--- a/audisp/queue.c
++++ b/audisp/queue.c
+@@ -230,7 +230,7 @@ void increase_queue_depth(unsigned int size)
+ 
+ 		tmp_q = realloc(q, size * sizeof(event_t *));
+ 		if (tmp_q == NULL) {
+-			fprintf(stderr, "Memory allocation error");
++			fprintf(stderr, "Out of Memory. Check %s file, %d line", __FILE__, __LINE__);
+ 			pthread_mutex_unlock(&queue_lock);
+ 			return;
+ 		}
+diff --git a/auparse/auparse.c b/auparse/auparse.c
+index e782058d..c423ffa8 100644
+--- a/auparse/auparse.c
++++ b/auparse/auparse.c
+@@ -114,7 +114,7 @@ static int setup_log_file_array(auparse_state_t *au)
+ 	num--;
+ 	tmp = malloc((num+2)*sizeof(char *));
+ 	if (!tmp) {
+-		fprintf(stderr, "No memory\n");
++		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		aup_free_config(&config);
+ 		free(filename);
+ 		return 1;
+diff --git a/auparse/normalize-llist.c b/auparse/normalize-llist.c
+index 32d5f124..433c457f 100644
+--- a/auparse/normalize-llist.c
++++ b/auparse/normalize-llist.c
+@@ -67,6 +67,7 @@ void cllist_append(cllist *l, uint32_t num, void *data)
+ 
+ 	newnode = malloc(sizeof(data_node));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/auparse/normalize.c b/auparse/normalize.c
+index 58d28213..d4f6c441 100644
+--- a/auparse/normalize.c
++++ b/auparse/normalize.c
+@@ -1192,7 +1192,7 @@ static int normalize_compound(auparse_state_t *au)
+ 			const char *exe = auparse_interpret_field(au);
+ 			D.how = strdup(exe);
+ 			if (D.how == NULL) {
+-				fprintf(stderr, "Memory allocation error");
++				fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 				free((void *)syscall);
+ 				return 1;
+ 			}
+@@ -2005,7 +2005,7 @@ map:
+ 		const char *exe = auparse_interpret_field(au);
+ 		D.how = strdup(exe);
+ 		if (D.how == NULL) {
+-			fprintf(stderr, "Memory allocation error");
++			fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 			return 1;
+ 		}
+ 		if ((strncmp(D.how, "/usr/bin/python", 15) == 0) ||
+diff --git a/lib/gen_tables.c b/lib/gen_tables.c
+index 4ff233d0..a2930ff9 100644
+--- a/lib/gen_tables.c
++++ b/lib/gen_tables.c
+@@ -272,7 +272,7 @@ output_i2s(const char *prefix)
+ 
+ 	unique_values = malloc(NUM_VALUES * sizeof(*unique_values));
+ 	if (unique_values == NULL) {
+-		fprintf(stderr, "Memory allocation error");
++		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		abort();
+ 	}
+ 	n = 0;
+@@ -355,7 +355,7 @@ output_i2s_transtab(const char *prefix)
+ 	}
+ 	uc_prefix = strdup(prefix);
+ 	if (uc_prefix == NULL) {
+-		fprintf(stderr, "Memory allocation error");
++		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		abort();
+ 	}
+ 	for (i = 0; uc_prefix[i] != '\0'; i++)
+diff --git a/src/auditctl-llist.c b/src/auditctl-llist.c
+index 0f81d4c8..5282ee32 100644
+--- a/src/auditctl-llist.c
++++ b/src/auditctl-llist.c
+@@ -65,6 +65,7 @@ void list_append(llist *l, const struct audit_rule_data *r, size_t sz)
+ 
+ 	newnode = malloc(sizeof(lnode));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/src/auditctl.c b/src/auditctl.c
+index ee7e33c8..093dca00 100644
+--- a/src/auditctl.c
++++ b/src/auditctl.c
+@@ -1392,7 +1392,7 @@ static int fileopt(const char *file)
+ 		i = 0;
+ 		fields = malloc(nf * sizeof(char *));
+ 		if (fields == NULL) {
+-			audit_msg(LOG_ERR, "Memory allocation error");
++			audit_msg(LOG_ERR, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 			return 1;
+ 		}
+ 		
+diff --git a/src/ausearch-avc.c b/src/ausearch-avc.c
+index 6aa98c70..38576563 100644
+--- a/src/ausearch-avc.c
++++ b/src/ausearch-avc.c
+@@ -68,6 +68,7 @@ void alist_append(alist *l, anode *node)
+ 
+ 	newnode = malloc(sizeof(anode));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/src/ausearch-int.c b/src/ausearch-int.c
+index 0e8b0ffe..5f57b059 100644
+--- a/src/ausearch-int.c
++++ b/src/ausearch-int.c
+@@ -47,6 +47,7 @@ void ilist_append(ilist *l, int num, unsigned int hits, int aux)
+ 
+ 	newnode = malloc(sizeof(int_node));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/src/ausearch-llist.c b/src/ausearch-llist.c
+index 36fcae6d..7926980c 100644
+--- a/src/ausearch-llist.c
++++ b/src/ausearch-llist.c
+@@ -108,6 +108,7 @@ void list_append(llist *l, lnode *node)
+ 
+ 	newnode = malloc(sizeof(lnode));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
+index 7562dc21..a5418079 100644
+--- a/src/ausearch-lol.c
++++ b/src/ausearch-lol.c
+@@ -48,7 +48,7 @@ void lol_create(lol *lo)
+ 	lo->limit = ARRAY_LIMIT;
+ 	lo->array = (lolnode *)malloc(size);
+ 	if (lo->array == NULL) {
+-		fprintf(stderr, "Memory allocation error");
++		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		lo->limit = 0;
+ 		return;
+ 	}
+@@ -311,7 +311,7 @@ int lol_add_record(lol *lo, char *buff)
+ 	n.type = e.type;
+ 	n.message = strdup(buff);
+ 	if(n.message == NULL) {
+-		fprintf(stderr, "Memory allocation error");
++		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return 0;
+ 	}
+ 	ptr = strchr(n.message, AUDIT_INTERP_SEPARATOR);
+@@ -369,7 +369,7 @@ int lol_add_record(lol *lo, char *buff)
+ 	// Create new event and fill it in
+ 	l = malloc(sizeof(llist));
+ 	if (l == NULL) {
+-		fprintf(stderr, "Memory allocation error");
++		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return 0;
+ 	}
+ 	list_create(l);
+diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c
+index 86239f39..2d6f48ca 100644
+--- a/src/ausearch-lookup.c
++++ b/src/ausearch-lookup.c
+@@ -303,7 +303,7 @@ char *unescape(const char *buf)
+ 
+ 	str = strndup(buf, ptr - buf);
+ 	if (str == NULL) {
+-		fprintf(stderr, "Memory alocation error");
++		fprintf(stderr, "Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return NULL;
+ 	}
+ 
+diff --git a/src/ausearch-nvpair.c b/src/ausearch-nvpair.c
+index c344c27c..3a1b27db 100644
+--- a/src/ausearch-nvpair.c
++++ b/src/ausearch-nvpair.c
+@@ -38,6 +38,7 @@ void search_list_append(nvlist *l, nvnode *node)
+ {
+ 	nvnode* newnode = malloc(sizeof(nvnode));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/src/ausearch-string.c b/src/ausearch-string.c
+index f875bb2c..bd317b96 100644
+--- a/src/ausearch-string.c
++++ b/src/ausearch-string.c
+@@ -50,6 +50,7 @@ void slist_append(slist *l, const snode *node)
+ 
+ 	newnode = malloc(sizeof(snode));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+diff --git a/tools/aulastlog/aulastlog-llist.c b/tools/aulastlog/aulastlog-llist.c
+index 779afb50..0b89be65 100644
+--- a/tools/aulastlog/aulastlog-llist.c
++++ b/tools/aulastlog/aulastlog-llist.c
+@@ -47,6 +47,7 @@ void list_append(llist *l, lnode *node)
+ 
+ 	newnode = malloc(sizeof(lnode));
+ 	if (newnode == NULL) {
++		printf("Out of memory. Check %s file, %d line", __FILE__, __LINE__);
+ 		return;
+ 	}
+ 
+-- 
+2.33.0
+