SHA256
1
0
forked from pool/audit

Accepting request 383796 from security

1

OBS-URL: https://build.opensuse.org/request/show/383796
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=80
This commit is contained in:
Dominique Leuenberger 2016-04-11 08:27:30 +00:00 committed by Git OBS Bridge
commit 0dd7220473
9 changed files with 157 additions and 127 deletions

View File

@ -1,5 +1,5 @@
All patches need to have a patch description header similar to what is used in
SuSE kernel git tree. Patches added without this will be reverted. Thanks.
SUSE kernel git tree. Patches added without this will be reverted. Thanks.
From: Name <email>
Subject: Summary of fix

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:25f57f465f3230d7b1166b615ffd6748818a3dc225d0e8b396c5b2e951674e23
size 1004024

3
audit-2.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9b0a0760c6f37d80cbbfe46a74db722e60ac8100b28eb31953878ffca8ac14b4
size 1034200

View File

@ -5,7 +5,7 @@ References: https://www.redhat.com/archives/linux-audit/2013-July/msg00048.html
---
legacy-actions is Fedora specific, so blocking manual stop won't work for
SuSE since we lack the ability to use a custom stop/restart
SUSE since we lack the ability to use a custom stop/restart
init.d/auditd.service | 1 -

View File

@ -3,7 +3,7 @@ Subject: Adjust location of plugins built by audit-secondary
Upsteam: never
Adjust location of plugins built by audit-secondary. These should never have
been in /sbin plus some (for SuSE) require lib dependancies on /usr/lib
been in /sbin plus some (for SUSE) require lib dependancies on /usr/lib
--- audit-1.7.2/audisp/plugins/prelude/au-prelude.conf.orig 2008-04-23 11:56:11.946681000 +0200
+++ audit-1.7.2/audisp/plugins/prelude/au-prelude.conf 2008-04-23 11:56:22.789827000 +0200

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Fri Apr 1 14:59:05 UTC 2016 - tchvatal@suse.com
- Version update to 2.5. See audit.spec (libaudit1) for upstream
changelog
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
-------------------------------------------------------------------
Fri Aug 21 19:00:36 UTC 2015 - tonyj@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package audit-secondary
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -18,36 +18,33 @@
# This package contains all audit functionality except for audit-libs.
# The seperation is required to minimize unnecessary build cycles.
%define _name audit
Name: audit-secondary
BuildRequires: gcc-c++
BuildRequires: openldap2-devel
BuildRequires: pkg-config
BuildRequires: python-devel
BuildRequires: python3-devel
BuildRequires: swig
Version: 2.5
Release: 0
Summary: Secondary packages for audit
License: GPL-2.0+
Group: System/Monitoring
Version: 2.4.4
Release: 0
Url: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
Patch1: audit-plugins-path.patch
Patch2: audit-no-gss.patch
Patch3: audit-allow-manual-stop.patch
Patch4: audit-ausearch-do-not-require-tclass.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: audit-devel = %{version}
BuildRequires: autoconf >= 2.12
BuildRequires: gcc-c++
BuildRequires: kernel-headers >= 2.6.30
BuildRequires: libtool
BuildRequires: openldap2-devel
BuildRequires: pkg-config
BuildRequires: python-devel
BuildRequires: python3-devel
BuildRequires: swig
BuildRequires: systemd-rpm-macros
BuildRequires: tcpd-devel
BuildRequires: pkgconfig(libcap-ng)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Secondary packages for system auditing.
@ -69,7 +66,6 @@ Linux 2.6 kernel.
Summary: Python Bindings for libaudit
License: LGPL-2.1+
Group: System/Monitoring
%py_requires
%description -n audit-libs-python
The audit-libs-python package contains the bindings for using libaudit
@ -79,7 +75,6 @@ by python.
Summary: Python3 Bindings for libaudit
License: LGPL-2.1+
Group: System/Monitoring
%py_requires
%description -n audit-libs-python3
The audit-libs-python3 package contains the bindings for using libaudit
@ -105,79 +100,82 @@ rm -rf audisp/plugins/prelude
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
autoreconf -fi
export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS"
export LDFLAGS="-Wl,-z,relro,-z,now"
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
%configure --sbindir=/sbin --enable-systemd \
--libexecdir=%{_prefix}/lib/%{_name} \
--with-apparmor --with-libwrap --with-libcap-ng=yes \
--disable-static --with-pic
%{__make} %{?_smp_mflags}
%configure \
--enable-systemd \
--libexecdir=%{_libexecdir}/%{_name} \
--with-apparmor \
--with-libwrap \
--with-libcap-ng=yes \
--disable-static \
--with-pic
make %{?_smp_mflags}
%install
mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{audispd/plugins.d,init.d}}
mkdir -p $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
make DESTDIR=$RPM_BUILD_ROOT install
make %{?_smp_mflags} DESTDIR=%{buildroot} install
mkdir -p $RPM_BUILD_ROOT/var/log/audit/
touch $RPM_BUILD_ROOT/var/log/audit/audit.log
mkdir -p $RPM_BUILD_ROOT/var/spool/audit/
mkdir -p %{buildroot}%{_localstatedir}/log/audit/
touch %{buildroot}%{_localstatedir}/log/audit/audit.log
mkdir -p %{buildroot}%{_localstatedir}/spool/audit/
# For ghost below, so that old location files will still be there when
# post copy runs
touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules} $RPM_BUILD_ROOT/etc/audit/auditd.conf
mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/
mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/rules.d/
touch %{buildroot}%{_sysconfdir}/{auditd.conf,audit.rules} %{buildroot}%{_sysconfdir}/audit/auditd.conf
# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
touch -r ./audit.spec %{buildroot}%{_sysconfdir}/libaudit.conf
# Starting with audit 2.5 no config is installed so start with no rules
install -m 0644 rules/10-no-audit.rules %{buildroot}%{_sysconfdir}/%{_name}/rules.d/audit.rules
# delete redhat scripts, use ours
rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd
rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd
rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d
rm -rf %{buildroot}%{_sysconfdir}/sysconfig/auditd
rm -rf %{buildroot}%{_initddir}/auditd
rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d
# delete redhat systemd legacy scripts, our systemd doesn't support the feature
# https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
rm -rf $RPM_BUILD_ROOT/usr/lib/audit
rm -rf %{buildroot}%{_libexecdir}/audit
# Clean up some unneeded library files
for ver in %{py_ver} %{py3_ver}; do
rm -f $RPM_BUILD_ROOT/%{_libdir}/python${ver}/site-packages/{_audit,_auparse,auparse}.{a,la}
rm -f $RPM_BUILD_ROOT/%{_libdir}/python${ver}/site-packages/auparse-1.0-py${ver}.egg-info
rm -f %{buildroot}/%{_libdir}/python${ver}/site-packages/{_audit,_auparse,auparse}.{a,la}
done
rm -f $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/{audit,auparse}.pc
# cleanup makefiles for the rules (installed by %%docs command)
rm -f %{buildroot}/%{_libdir}/pkgconfig/{audit,auparse}.pc
# cleanup files handled by audit.spec
rm -rf $RPM_BUILD_ROOT/%{_includedir}
rm -f $RPM_BUILD_ROOT/%{_libdir}/lib{audit,auparse}.*
rm -f $RPM_BUILD_ROOT/etc/libaudit.conf
rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/libaudit.conf.5
rm -rf $RPM_BUILD_ROOT/%{_mandir}/man3
rm -rf %{buildroot}/%{_datadir}/aclocal/
rm -rf %{buildroot}/%{_includedir}
rm -f %{buildroot}/%{_libdir}/lib{audit,auparse}.*
rm -f %{buildroot}%{_sysconfdir}/libaudit.conf
rm -f %{buildroot}/%{_mandir}/man5/libaudit.conf.5
rm -rf %{buildroot}/%{_mandir}/man3
# Cleanup plugins
# audispd-zos-remote uses ldap which is in /usr/lib so move to /usr/sbin
# audisp-remote shouldn't be in /sbin either, it's not 'essential'
mv $RPM_BUILD_ROOT/sbin/{audispd-zos-remote,audisp-remote} $RPM_BUILD_ROOT/usr/sbin
#USR-MERGE
mkdir %{buildroot}/sbin/
for prog in auditctl auditd ausearch autrace audispd aureport augenrules; do
[ \! -f %{buildroot}/sbin/$prog ] || mv %{buildroot}/sbin/$prog %{buildroot}/usr/sbin/$prog
ln -s %{_prefix}/sbin/$prog %{buildroot}/sbin/$prog
ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog
done
#END-USR-MERGE
# rcauditd symlink
( cd $RPM_BUILD_ROOT/usr/sbin && ln -s service rcauditd )
ln -s service %{buildroot}%{_sbindir}/rcauditd
chmod 0644 %{buildroot}%{_unitdir}/auditd.service
%check
make check
make %{?_smp_mflags} check
%post -n audit
# Save existing audit files if any (from old locations)
if [ -f /etc/auditd.conf ]; then
mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new
mv /etc/auditd.conf /etc/audit/auditd.conf
if [ -f %{_sysconfdir}/auditd.conf ]; then
mv %{_sysconfdir}/audit/auditd.conf %{_sysconfdir}/audit/auditd.conf.new
mv %{_sysconfdir}/auditd.conf %{_sysconfdir}/audit/auditd.conf
fi
if [ -f /etc/audit.rules ]; then
mv /etc/audit.rules /etc/audit/audit.rules
elif [ ! -f /etc/audit/audit.rules ]; then
cp /etc/audit/rules.d/audit.rules /etc/audit/audit.rules
if [ -f %{_sysconfdir}/audit.rules ]; then
mv %{_sysconfdir}/audit.rules %{_sysconfdir}/audit/audit.rules
elif [ ! -f %{_sysconfdir}/audit/audit.rules ]; then
cp %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules
fi
%service_add_post auditd.service
@ -192,7 +190,7 @@ fi
%files -n audit
%defattr(-,root,root,-)
%doc README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron
%doc README COPYING ChangeLog rules/[0-9]* rules/README-rules init.d/auditd.cron
%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
@ -209,39 +207,39 @@ fi
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
/sbin/auditctl
%attr(750,root,root) /usr/sbin/auditctl
%attr(750,root,root) %{_sbindir}/auditctl
/sbin/auditd
%attr(750,root,root) /usr/sbin/auditd
%attr(750,root,root) %{_sbindir}/auditd
/sbin/ausearch
%attr(755,root,root) /usr/sbin/ausearch
%attr(755,root,root) %{_sbindir}/ausearch
/sbin/autrace
%attr(750,root,root) /usr/sbin/autrace
%attr(750,root,root) %{_sbindir}/autrace
/sbin/audispd
%attr(750,root,root) /usr/sbin/augenrules
%attr(750,root,root) %{_sbindir}/augenrules
/sbin/augenrules
%attr(750,root,root) /usr/sbin/audispd
%attr(755,root,root) /usr/bin/aulast
%attr(755,root,root) /usr/bin/aulastlog
%attr(755,root,root) /usr/bin/ausyscall
%attr(750,root,root) %{_sbindir}/audispd
%attr(755,root,root) %{_bindir}/aulast
%attr(755,root,root) %{_bindir}/aulastlog
%attr(755,root,root) %{_bindir}/ausyscall
/sbin/aureport
%attr(755,root,root) /usr/sbin/aureport
%attr(755,root,root) /usr/bin/auvirt
%dir %attr(750,root,root) /etc/audit
%attr(750,root,root) %dir /etc/audisp
%attr(750,root,root) %dir /etc/audisp/plugins.d
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
%ghost /etc/auditd.conf
%ghost /etc/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
%dir %attr(750,root,root) /etc/audit/rules.d
%config %attr(640,root,root) /etc/audit/rules.d/audit.rules
%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
%dir %attr(700,root,root) /var/log/audit
%ghost %config(noreplace) /var/log/audit/audit.log
%dir %attr(700,root,root) /var/spool/audit
%attr(755,root,root) %{_sbindir}/aureport
%attr(755,root,root) %{_bindir}/auvirt
%dir %attr(750,root,root) %{_sysconfdir}/audit
%attr(750,root,root) %dir %{_sysconfdir}/audisp
%attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
%ghost %{_sysconfdir}/auditd.conf
%ghost %{_sysconfdir}/audit.rules
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf
%dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf
%dir %attr(700,root,root) %{_localstatedir}/log/audit
%ghost %config(noreplace) %{_localstatedir}/log/audit/audit.log
%dir %attr(700,root,root) %{_localstatedir}/spool/audit
%{_unitdir}/auditd.service
/usr/sbin/rcauditd
%{_sbindir}/rcauditd
%files -n audit-libs-python
%defattr(-,root,root,-)
@ -261,13 +259,13 @@ fi
%attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
%attr(750,root,root) %dir /etc/audisp
%attr(750,root,root) %dir /etc/audisp/plugins.d
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
%attr(750,root,root) /usr/sbin/audisp-remote
%attr(750,root,root) /usr/sbin/audispd-zos-remote
%config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
%attr(750,root,root) %dir %{_sysconfdir}/audisp
%attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
%attr(750,root,root) %{_sbindir}/audisp-remote
%attr(750,root,root) %{_sbindir}/audispd-zos-remote
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
%changelog

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Sat Apr 2 18:14:51 UTC 2016 - tchvatal@suse.com
- Create folder for the m4 file from previous commit to avoid install
failure
-------------------------------------------------------------------
Fri Apr 1 14:15:58 UTC 2016 - tchvatal@suse.com
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
* audit-allow-manual-stop.patch
* audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
-C parameter of make
- Install m4 file to the devel package
-------------------------------------------------------------------
Wed Dec 2 12:14:38 UTC 2015 - p.drouand@gmail.com

View File

@ -1,7 +1,7 @@
#
# spec file for package audit
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,16 +17,15 @@
Name: audit
Version: 2.5
Release: 0
Summary: First part of auditing package
License: GPL-2.0+
Group: System/Monitoring
Version: 2.4.4
Release: 0
Url: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
Source1: baselibs.conf
Source2: README-BEFORE-ADDING-PATCHES
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf >= 2.12
BuildRequires: gcc-c++
BuildRequires: kernel-headers >= 2.6.30
@ -34,11 +33,12 @@ BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: tcpd-devel
Requires: %{name}-libs = %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
The audit package contains the user space utilities for storing and
processing the audit records generated by the audit subsystem in the
Linux 2.6 kernel.
Linux kernel.
%package -n libaudit1
Summary: Dynamic library for libaudit
@ -73,7 +73,7 @@ needed for developing applications that need to use the audit framework
libraries.
%prep
%setup -q -n %{name}-%{version}
%setup -q
%build
autoreconf -fi
@ -81,45 +81,49 @@ export CFLAGS="%{optflags} -fno-strict-aliasing"
export CXXFLAGS="$CFLAGS"
export LDFLAGS="-Wl,-z,relro,-z,now"
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
%configure --enable-systemd --libexecdir=%{_prefix}/lib/%{name} \
--with-apparmor --with-libwrap --without-libcap-ng \
--disable-static --with-pic --without-python
(cd lib ; %{__make} %{?_smp_mflags})
(cd auparse ; %{__make} %{?_smp_mflags})
(cd docs ; %{__make} %{?_smp_mflags})
%configure \
--enable-systemd \
--libexecdir=%{_libexecdir}/%{name} \
--with-apparmor \
--with-libwrap \
--without-libcap-ng \
--disable-static \
--with-pic \
--without-python
make %{?_smp_mflags} -C lib
make %{?_smp_mflags} -C auparse
make %{?_smp_mflags} -C docs
%install
(cd lib ; make DESTDIR=$RPM_BUILD_ROOT install)
(cd auparse ; make DESTDIR=$RPM_BUILD_ROOT install)
(cd docs ; make DESTDIR=$RPM_BUILD_ROOT install)
rm -rf $RPM_BUILD_ROOT/%{_mandir}/man[578]
mkdir -p $RPM_BUILD_ROOT/etc
mkdir -p $RPM_BUILD_ROOT/%{_includedir}
mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man5
make DESTDIR=%{buildroot} install -C lib
make DESTDIR=%{buildroot} install -C auparse
make DESTDIR=%{buildroot} install -C docs
rm -rf %{buildroot}/%{_mandir}/man[578]
mkdir -p %{buildroot}/etc
mkdir -p %{buildroot}/%{_includedir}
mkdir -p %{buildroot}/%{_mandir}/man5
# We manually install this since Makefile doesn't
install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir}
install -m 0644 lib/libaudit.h %{buildroot}/%{_includedir}
install -D -m 0644 ./m4/audit.m4 %{buildroot}%{_datadir}/aclocal/audit.m4
# Install libaudit.conf files by hand
install -m 0644 docs/libaudit.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5
install -m 0644 init.d/libaudit.conf $RPM_BUILD_ROOT/etc
install -m 0644 docs/libaudit.conf.5 %{buildroot}/%{_mandir}/man5
install -m 0644 init.d/libaudit.conf %{buildroot}/etc
%{__rm} -fv %{buildroot}/%{_libdir}/lib{audit,auparse}.la
find %{buildroot} -type f -name "*.la" -delete -print
%check
(cd lib ; make check)
(cd auparse ; make check)
make %{?_smp_mflags} check -C lib
make %{?_smp_mflags} check -C auparse
%post -n libaudit1 -p /sbin/ldconfig
%post -n libauparse0 -p /sbin/ldconfig
%postun -n libaudit1 -p /sbin/ldconfig
%postun -n libauparse0 -p /sbin/ldconfig
%files -n libaudit1
%defattr(-,root,root)
%{_libdir}/libaudit.so.*
%config(noreplace) %attr(640,root,root) /etc/libaudit.conf
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf
%{_mandir}/man5/libaudit.conf.5.gz
%files -n libauparse0
@ -135,6 +139,7 @@ install -m 0644 init.d/libaudit.conf $RPM_BUILD_ROOT/etc
%{_includedir}/auparse.h
%{_includedir}/auparse-defs.h
%{_mandir}/man3/*
%{_datadir}/aclocal/audit.m4
%{_libdir}/pkgconfig/audit.pc
%{_libdir}/pkgconfig/auparse.pc