diff --git a/audit-1.7.4.tar.bz2 b/audit-1.7.4.tar.bz2 deleted file mode 100644 index 997822e..0000000 --- a/audit-1.7.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aeb9652be811b7f4a695031dfd115c6d2209fe08601335772e727a183d756b06 -size 626976 diff --git a/audit-1.7.7.tar.bz2 b/audit-1.7.7.tar.bz2 new file mode 100644 index 0000000..3c4327b --- /dev/null +++ b/audit-1.7.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bd635c98f200d0b436e69fb2cb074386dd9f557ca7e2479e1de0cb0f7b2eea6d +size 934496 diff --git a/audit-no-gss.patch b/audit-no-gss.patch new file mode 100644 index 0000000..f5e28d8 --- /dev/null +++ b/audit-no-gss.patch @@ -0,0 +1,16 @@ +From: Tony Jones +Subject: Disable GSS options from config file +Upsteam: never + +Disable GSS/Kerberos options from config file. They are disabled from configure +but need manual removal here. + +--- audit-1.7.7/init.d/auditd.conf.orig 2008-09-26 02:40:48.458847000 +0200 ++++ audit-1.7.7/init.d/auditd.conf 2008-09-26 02:41:13.600681000 +0200 +@@ -26,6 +26,3 @@ + tcp_listen_queue = 5 + ##tcp_client_ports = 1024-65535 + tcp_client_max_idle = 0 +-enable_krb5 = no +-krb5_principal = auditd +-##krb5_key_file = /etc/audit/audit.key diff --git a/audit-no_python.patch b/audit-no_python.patch index 69c0551..de3b541 100644 --- a/audit-no_python.patch +++ b/audit-no_python.patch @@ -6,37 +6,46 @@ Python code is disabled for audit.spec. Built manually by audit-libs-python.spe This is apparantly necessary due to the SuSE build system. Bit of a PITA but there you have it. ---- audit-1.6.8/configure.ac.old 2008-02-29 22:20:13.248763000 +0100 -+++ audit-1.6.8/configure.ac 2008-02-29 22:23:10.703128000 +0100 +--- audit-1.7.7/configure.ac.orig 2008-09-23 01:24:06.345492000 +0200 ++++ audit-1.7.7/configure.ac 2008-09-23 01:25:15.325453000 +0200 @@ -39,7 +39,6 @@ AM_INIT_AUTOMAKE AM_PROG_LIBTOOL AC_SUBST(LIBTOOL_DEPS) -AM_PATH_PYTHON + OLDLIBS="$LIBS" + m4_include([src/libev/libev.m4]) + libev_LIBS="$LIBS" +@@ -195,7 +195,8 @@ + AC_SUBST(LIBWRAP_LIBS) + AC_SUBST(libev_LIBS) - echo . - echo Checking for programs -@@ -124,7 +124,8 @@ - fi - AM_CONDITIONAL(HAVE_PRELUDE, test x$have_prelude = xyes) - --AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) +-AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) +# SuSE: remove swig/Makefile + bindings/Makefile + bindings/python/Makefile -+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) ++AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) echo . echo " - ---- audit-1.6.8/Makefile.am.old 2008-02-29 22:25:06.872840000 +0100 -+++ audit-1.6.8/Makefile.am 2008-02-29 22:25:40.149532000 +0100 -@@ -21,7 +21,8 @@ +--- audit-1.7.7/Makefile.am.orig 2008-09-23 01:24:26.915901000 +0200 ++++ audit-1.7.7/Makefile.am 2008-09-23 01:25:43.035708000 +0200 +@@ -21,8 +21,8 @@ # Rickard E. (Rik) Faith # --SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d \ +-SUBDIRS = lib auparse src/mt src/libev src audisp tools swig bindings init.d \ +- docs +# SuSE: remove swig + bindings -+SUBDIRS = lib auparse src/mt src audisp tools init.d \ - docs - EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \ ++SUBDIRS = lib auparse src/mt src/libev src audisp tools init.d docs + EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \ contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \ - + contrib/stig.rules contrib/skeleton.c contrib/avc_snap \ +--- audit-1.7.7/auparse/Makefile.am.orig 2008-09-23 20:45:53.245409000 +0200 ++++ audit-1.7.7/auparse/Makefile.am 2008-09-23 20:46:02.659985000 +0200 +@@ -20,7 +20,6 @@ + # Steve Grubb + # + +-SUBDIRS = test + CLEANFILES = $(BUILT_SOURCES) + CONFIG_CLEAN_FILES = Makefile.in *.loT *.rej *.orig + AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g diff --git a/audit-no_sca.patch b/audit-no_sca.patch index 03ffc78..1e32752 100644 --- a/audit-no_sca.patch +++ b/audit-no_sca.patch @@ -4,26 +4,24 @@ Upsteam: never Disable system-config-audit. A Yast equivalent would be useful though. ---- audit-1.6.8/configure.ac.old 2007-07-25 02:13:48.399097000 +0200 -+++ audit-1.6.8/configure.ac 2007-07-25 02:14:25.113347000 +0200 -@@ -108,7 +108,6 @@ - fi - AM_CONDITIONAL(HAVE_PRELUDE, test x$have_prelude = xyes) +--- audit-1.7.7/configure.ac.orig 2008-09-23 00:59:29.976782000 +0200 ++++ audit-1.7.7/configure.ac 2008-09-23 01:19:31.984128000 +0200 +@@ -195,7 +195,6 @@ + AC_SUBST(LIBWRAP_LIBS) + AC_SUBST(libev_LIBS) -AC_CONFIG_SUBDIRS([system-config-audit]) - AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) + AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) echo . - ---- audit-1.6.8/Makefile.am.old 2008-02-29 21:53:11.791067000 +0100 -+++ audit-1.6.8/Makefile.am 2008-02-29 21:53:24.682161000 +0100 +--- audit-1.7.7/Makefile.am.orig 2008-09-23 01:20:05.010072000 +0200 ++++ audit-1.7.7/Makefile.am 2008-09-23 01:20:10.039036000 +0200 @@ -22,7 +22,7 @@ # - SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d \ + SUBDIRS = lib auparse src/mt src/libev src audisp tools swig bindings init.d \ - docs system-config-audit + docs - EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \ + EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \ contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \ - contrib/skeleton.c contrib/avc_snap contrib/avc_syslog \ - + contrib/stig.rules contrib/skeleton.c contrib/avc_snap \ diff --git a/audit-secondary.changes b/audit-secondary.changes index 640208b..b61b381 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 26 23:27:36 CEST 2008 - tonyj@suse.de + +- Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change + history) + ------------------------------------------------------------------- Fri Aug 1 17:12:46 CEST 2008 - ro@suse.de diff --git a/audit-secondary.spec b/audit-secondary.spec index 769e3af..979ee62 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -1,5 +1,5 @@ # -# spec file for package audit-secondary (Version 1.7.4) +# spec file for package audit-secondary (Version 1.7.7) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -25,8 +25,8 @@ BuildRequires: audit audit-devel gcc-c++ openldap2-devel pkg-config python-deve Summary: Python Bindings for libaudit License: GPL v2 or later Group: System/Monitoring -Version: 1.7.4 -Release: 3 +Version: 1.7.7 +Release: 1 Url: http://people.redhat.com/sgrubb/audit/ Source0: audit-%{version}.tar.bz2 Patch0: audit-no_sca.patch @@ -108,6 +108,10 @@ make DESTDIR=$RPM_BUILD_ROOT/_tmp install -C docs # Clean up some unneeded library files rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_auparse.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_auparse.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.la rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py%{py_ver}.egg-info # Cleanup plugins # audispd-zos-remote uses ldap which is in /usr/lib so move to /usr/sbin @@ -120,6 +124,9 @@ mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man8/audispd-zos-remote.8 $RPM_BUILD_ROOT/%{_ mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man5/zos-remote.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5 rm -rf $RPM_BUILD_ROOT/_tmp +%check +make check + %clean rm -rf $RPM_BUILD_ROOT @@ -143,6 +150,9 @@ rm -rf $RPM_BUILD_ROOT %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %changelog +* Sat Sep 27 2008 tonyj@suse.de +- Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change + history) * Fri Aug 01 2008 ro@suse.de - disable debuginfo for secondary specfile * Wed Jun 25 2008 tonyj@suse.de diff --git a/audit.changes b/audit.changes index 830d4db..2b5291f 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Fri Sep 26 23:27:59 CEST 2008 - tonyj@suse.de + +- Update from 1.7.4 to 1.7.7. GSS support disabled for present +- Redhat changelog for 1.7.5 - 1.7.7 follows: + * Wed Sep 11 2008 Steve Grubb 1.7.7-1 + - Bug fixes for gss code in remote logging (DJ Delorie) + - Fix ausearch -i to keep the node field in the output + - ausyscall now does strstr match on syscall names + - Makefile cleanup (Philipp Hahn) + - Add watched syscall support to audisp-prelude + - Use the right define for tcp_wrappers in auditd + - Expose encoding API for fields being logged from user space + + * Wed Sep 11 2008 Steve Grubb 1.7.6-1 + - Update event record list and aureport classifications (Yu Zhiguo/Peng Haitao) + - Add subject to audit daemon events (Chu Li) + - Fix parsing of acct & exe fields in user records (Peng Haitao) + - Make client error handling in audisp-remote robust (DJ Delorie) + - Add tcp_wrappers support for auditd + - Updated syscall tables for 2.6.27 kernel + - Add heartbeat exchange to remote logging protocol (DJ Delorie) + - Audit connect/disconnect of remote clients + - In ausearch, collect pid from AVC records (Peng Haitao) + - Add auparse_get_field_type function to describe field's contents + - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie) + + * Mon Aug 25 2008 Steve Grubb 1.7.5-1 + - Update system-config-audit to 0.4.8 + - Whole lot of bug fixes - see ChangeLog for details + - Reimplement auditd main loop using libev + - Add TCP listener to auditd to receive remote events + ------------------------------------------------------------------- Tue Aug 5 03:13:56 CEST 2008 - tonyj@suse.de diff --git a/audit.spec b/audit.spec index 18bbd84..b2c580d 100644 --- a/audit.spec +++ b/audit.spec @@ -1,5 +1,5 @@ # -# spec file for package audit (Version 1.7.4) +# spec file for package audit (Version 1.7.7) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,10 +19,10 @@ Name: audit -BuildRequires: gcc-c++ +BuildRequires: gcc-c++ tcpd-devel Summary: User Space Tools for 2.6 Kernel Auditing -Version: 1.7.4 -Release: 13 +Version: 1.7.7 +Release: 1 License: GPL v2 or later Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ @@ -32,6 +32,7 @@ Source2: auditd.sysconfig Patch0: audit-no_sca.patch Patch1: audit-no_python.patch Patch2: audit-no_plugins.patch +Patch3: audit-no-gss.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-libs = %{version}-%{release} PreReq: %insserv_prereq %fillup_prereq @@ -84,12 +85,13 @@ Authors: %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" -./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor +./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor --with-libwrap pushd src/mt make libaudit.h popd @@ -127,6 +129,9 @@ touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules} # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf +%check +make check + %clean rm -rf $RPM_BUILD_ROOT @@ -168,7 +173,6 @@ fi %{_includedir}/auparse.h %{_includedir}/auparse-defs.h %{_mandir}/man3/* -%{_mandir}/man5/ausearch-expression.5.gz %files %defattr(-,root,root,-) @@ -183,6 +187,7 @@ fi %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz +%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz %attr(750,root,root) /sbin/auditctl %attr(750,root,root) /sbin/auditd %attr(755,root,root) /sbin/ausearch @@ -209,6 +214,34 @@ fi %attr(755,root,root) /usr/bin/ausyscall %changelog +* Sat Sep 27 2008 tonyj@suse.de +- Update from 1.7.4 to 1.7.7. GSS support disabled for present +- Redhat changelog for 1.7.5 - 1.7.7 follows: + * Wed Sep 11 2008 Steve Grubb 1.7.7-1 + - Bug fixes for gss code in remote logging (DJ Delorie) + - Fix ausearch -i to keep the node field in the output + - ausyscall now does strstr match on syscall names + - Makefile cleanup (Philipp Hahn) + - Add watched syscall support to audisp-prelude + - Use the right define for tcp_wrappers in auditd + - Expose encoding API for fields being logged from user space + * Wed Sep 11 2008 Steve Grubb 1.7.6-1 + - Update event record list and aureport classifications (Yu Zhiguo/Peng Haitao) + - Add subject to audit daemon events (Chu Li) + - Fix parsing of acct & exe fields in user records (Peng Haitao) + - Make client error handling in audisp-remote robust (DJ Delorie) + - Add tcp_wrappers support for auditd + - Updated syscall tables for 2.6.27 kernel + - Add heartbeat exchange to remote logging protocol (DJ Delorie) + - Audit connect/disconnect of remote clients + - In ausearch, collect pid from AVC records (Peng Haitao) + - Add auparse_get_field_type function to describe field's contents + - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie) + * Mon Aug 25 2008 Steve Grubb 1.7.5-1 + - Update system-config-audit to 0.4.8 + - Whole lot of bug fixes - see ChangeLog for details + - Reimplement auditd main loop using libev + - Add TCP listener to auditd to receive remote events * Tue Aug 05 2008 tonyj@suse.de - Remove audit rules on audit stop (bnc#409093) * Wed Jun 25 2008 tonyj@suse.de