From a026abd99406b0917422ee9a5402047d18b58b032a2da8f585a3d040e926b221 Mon Sep 17 00:00:00 2001 From: Tony Jones Date: Thu, 17 Oct 2019 14:14:02 +0000 Subject: [PATCH 1/3] Accepting request 739736 from home:RBrownSUSE:branches:security Remove obsolete Groups tag (fate#326485) OBS-URL: https://build.opensuse.org/request/show/739736 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=106 --- audit-secondary.changes | 5 +++++ audit-secondary.spec | 5 ----- audit.changes | 5 +++++ audit.spec | 4 ---- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/audit-secondary.changes b/audit-secondary.changes index 24eebd9..855db98 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Oct 17 13:54:21 UTC 2019 - Richard Brown + +- Remove obsolete Groups tag (fate#326485) + ------------------------------------------------------------------- Thu Mar 21 10:32:43 UTC 2019 - Jan Engelhardt diff --git a/audit-secondary.spec b/audit-secondary.spec index 6d7aae9..4c8d373 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -26,7 +26,6 @@ Version: 2.8.4 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later -Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Patch1: audit-plugins-path.patch @@ -60,7 +59,6 @@ Linux kernel. %package -n audit Summary: User Space Tools for Kernel Auditing License: LGPL-2.1-or-later -Group: System/Monitoring Requires: %{_name}-libs = %{version} Requires: coreutils %{?systemd_ordering} @@ -73,7 +71,6 @@ Linux kernel. %package -n python2-audit Summary: Python Bindings for libaudit License: LGPL-2.1-or-later -Group: Development/Languages/Python Provides: audit-libs-python = %{version} Obsoletes: audit-libs-python < %{version} @@ -84,7 +81,6 @@ by python. %package -n python3-audit Summary: Python3 Bindings for libaudit License: LGPL-2.1-or-later -Group: Development/Languages/Python Provides: audit-libs-python3 = %{version} Obsoletes: audit-libs-python3 < %{version} @@ -95,7 +91,6 @@ by python3. %package -n audit-audispd-plugins Summary: Default plugins for the audit dispatcher License: GPL-2.0-or-later -Group: System/Monitoring %description -n audit-audispd-plugins The audit-audispd-plugins package contains plugin components for the diff --git a/audit.changes b/audit.changes index 5eb1e70..55d3bd1 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Oct 17 13:54:22 UTC 2019 - Richard Brown + +- Remove obsolete Groups tag (fate#326485) + ------------------------------------------------------------------- Thu Mar 21 10:33:03 UTC 2019 - Jan Engelhardt diff --git a/audit.spec b/audit.spec index a52739f..6d90274 100644 --- a/audit.spec +++ b/audit.spec @@ -21,7 +21,6 @@ Version: 2.8.4 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later -Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: baselibs.conf @@ -42,7 +41,6 @@ Linux kernel. %package -n libaudit1 Summary: Library for interfacing with the kernel audit subsystem License: LGPL-2.1-or-later -Group: System/Libraries Obsoletes: %{name}-libs < 2.0.4 Provides: %{name}-libs = %{version} @@ -53,7 +51,6 @@ applications to use the audit framework. %package -n libauparse0 Summary: Library for parsing and interpreting audit events License: LGPL-2.1-or-later -Group: System/Libraries %description -n libauparse0 The libauparse package contains the shared libraries needed to @@ -62,7 +59,6 @@ parse audit records. %package -n audit-devel Summary: Header files for libaudit License: LGPL-2.1-or-later -Group: Development/Libraries/C and C++ Requires: libaudit1 = %{version} Requires: libauparse0 = %{version} From 4971d594a2a6185fca096ac60e09e121987e54e80aa7be138c33f11ea5ee5b39 Mon Sep 17 00:00:00 2001 From: Tony Jones Date: Fri, 18 Oct 2019 17:26:13 +0000 Subject: [PATCH 2/3] osc copypac from project:security package:audit revision:105 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=107 --- audit-secondary.changes | 5 ----- audit-secondary.spec | 5 +++++ audit.changes | 5 ----- audit.spec | 4 ++++ 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/audit-secondary.changes b/audit-secondary.changes index 855db98..24eebd9 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Thu Oct 17 13:54:21 UTC 2019 - Richard Brown - -- Remove obsolete Groups tag (fate#326485) - ------------------------------------------------------------------- Thu Mar 21 10:32:43 UTC 2019 - Jan Engelhardt diff --git a/audit-secondary.spec b/audit-secondary.spec index 4c8d373..6d7aae9 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -26,6 +26,7 @@ Version: 2.8.4 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later +Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Patch1: audit-plugins-path.patch @@ -59,6 +60,7 @@ Linux kernel. %package -n audit Summary: User Space Tools for Kernel Auditing License: LGPL-2.1-or-later +Group: System/Monitoring Requires: %{_name}-libs = %{version} Requires: coreutils %{?systemd_ordering} @@ -71,6 +73,7 @@ Linux kernel. %package -n python2-audit Summary: Python Bindings for libaudit License: LGPL-2.1-or-later +Group: Development/Languages/Python Provides: audit-libs-python = %{version} Obsoletes: audit-libs-python < %{version} @@ -81,6 +84,7 @@ by python. %package -n python3-audit Summary: Python3 Bindings for libaudit License: LGPL-2.1-or-later +Group: Development/Languages/Python Provides: audit-libs-python3 = %{version} Obsoletes: audit-libs-python3 < %{version} @@ -91,6 +95,7 @@ by python3. %package -n audit-audispd-plugins Summary: Default plugins for the audit dispatcher License: GPL-2.0-or-later +Group: System/Monitoring %description -n audit-audispd-plugins The audit-audispd-plugins package contains plugin components for the diff --git a/audit.changes b/audit.changes index 55d3bd1..5eb1e70 100644 --- a/audit.changes +++ b/audit.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Thu Oct 17 13:54:22 UTC 2019 - Richard Brown - -- Remove obsolete Groups tag (fate#326485) - ------------------------------------------------------------------- Thu Mar 21 10:33:03 UTC 2019 - Jan Engelhardt diff --git a/audit.spec b/audit.spec index 6d90274..a52739f 100644 --- a/audit.spec +++ b/audit.spec @@ -21,6 +21,7 @@ Version: 2.8.4 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later +Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: baselibs.conf @@ -41,6 +42,7 @@ Linux kernel. %package -n libaudit1 Summary: Library for interfacing with the kernel audit subsystem License: LGPL-2.1-or-later +Group: System/Libraries Obsoletes: %{name}-libs < 2.0.4 Provides: %{name}-libs = %{version} @@ -51,6 +53,7 @@ applications to use the audit framework. %package -n libauparse0 Summary: Library for parsing and interpreting audit events License: LGPL-2.1-or-later +Group: System/Libraries %description -n libauparse0 The libauparse package contains the shared libraries needed to @@ -59,6 +62,7 @@ parse audit records. %package -n audit-devel Summary: Header files for libaudit License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ Requires: libaudit1 = %{version} Requires: libauparse0 = %{version} From 74524fcb7359458b6f6d6f2f09072728e48eaf623470bf308dc31ceea59acba4 Mon Sep 17 00:00:00 2001 From: Tony Jones Date: Thu, 16 Jan 2020 20:02:22 +0000 Subject: [PATCH 3/3] - Update to version 2.6.5: * Fix segfault on shutdown * Fix hang on startup (#1587995) * Add sleep to script to dump state so file is ready when needed * Add auparse_normalizer support for SOFTWARE_UPDATE event * Mark netlabel events as simple events so that get processed quicker * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) * Add 30-ospp-v42.rules to meet new Common Criteria requirements * Update lookup tables for the 4.18 kernel * In aureport, fix segfault in file report * Add auparse_normalizer support for labeled networking events * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) * Event aging is off by a second * In ausearch/auparse, correct event ordering to process oldest first * auparse_reset was not clearing everything it should * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events * In ausearch/report, lightly parse selinux portion of USER_AVC events * In ausearch/report, limit record size when malformed * In auditd, fix extract_type function for network originating events * In auditd, calculate right size and location for network originating events * Treat all network originating events as VER2 so dispatcher doesn't format it * In audisp-remote do an initial connection attempt (#1625156) * In auditd, allow expression of space left as a percentage (#1650670) * On PPC64LE systems, only allow 64 bit rules (#1462178) * Make some parts of auditd state report optional based on config * Fix ausearch when checkpointing a single file (Burn Alting) * Fix scripting in 31-privileged.rules wrt filecap (#1662516) * In ausearch, do not checkpt if stdin is input source * In libev, remove __cold__ attribute for functions to allow proper hardening * Add tests to configure.ac for openldap support OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=108 --- audit-2.8.4.tar.gz | 3 --- audit-2.8.5.tar.gz | 3 +++ audit-allow-manual-stop.patch | 6 ++--- audit-fno-common.patch | 24 +++++++++++++++++++ audit-secondary.changes | 43 +++++++++++++++++++++++++++++++++++ audit-secondary.spec | 8 ++++--- audit.changes | 41 +++++++++++++++++++++++++++++++++ audit.spec | 9 ++++---- 8 files changed, 124 insertions(+), 13 deletions(-) delete mode 100644 audit-2.8.4.tar.gz create mode 100644 audit-2.8.5.tar.gz create mode 100644 audit-fno-common.patch diff --git a/audit-2.8.4.tar.gz b/audit-2.8.4.tar.gz deleted file mode 100644 index 4147853..0000000 --- a/audit-2.8.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a410694d09fc5708d980a61a5abcb9633a591364f1ecc7e97ad5daef9c898c38 -size 1123889 diff --git a/audit-2.8.5.tar.gz b/audit-2.8.5.tar.gz new file mode 100644 index 0000000..aa95d73 --- /dev/null +++ b/audit-2.8.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0e5d4103646e00f8d1981e1cd2faea7a2ae28e854c31a803e907a383c5e2ecb7 +size 1140694 diff --git a/audit-allow-manual-stop.patch b/audit-allow-manual-stop.patch index c617e70..01399fe 100644 --- a/audit-allow-manual-stop.patch +++ b/audit-allow-manual-stop.patch @@ -13,10 +13,10 @@ SUSE since we lack the ability to use a custom stop/restart --- a/init.d/auditd.service +++ b/init.d/auditd.service -@@ -7,7 +7,6 @@ DefaultDependencies=no - After=local-fs.target systemd-tmpfiles-setup.service - Conflicts=shutdown.target +@@ -11,7 +11,6 @@ Before=sysinit.target shutdown.target + ##Before=shutdown.target + Conflicts=shutdown.target -RefuseManualStop=yes ConditionKernelCommandLine=!audit=0 Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation diff --git a/audit-fno-common.patch b/audit-fno-common.patch new file mode 100644 index 0000000..4ac3388 --- /dev/null +++ b/audit-fno-common.patch @@ -0,0 +1,24 @@ +From: Tony Jones +Subject: Resolve errors when compiling with -fno-common +Git-commmit: 017e6c6ab95df55f34e339d2139def83e5dada1f +References: bsc#1160384 +Upsteam: pending + +Header definitios need to be external when building with -fno-common (which +is default in GCC 10). + +Fixes: ff25054df7ed +Signed-off-by: Tony Jones + +--- a/src/ausearch-common.h ++++ b/src/ausearch-common.h +@@ -50,7 +50,7 @@ extern pid_t event_pid; + extern int event_exact_match; + extern uid_t event_uid, event_euid, event_loginuid; + extern const char *event_tuid, *event_teuid, *event_tauid; +-slist *event_node_list; ++extern slist *event_node_list; + extern const char *event_comm; + extern const char *event_filename; + extern const char *event_hostname; + diff --git a/audit-secondary.changes b/audit-secondary.changes index 24eebd9..74efbd0 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,46 @@ +------------------------------------------------------------------- +Mon Jan 13 17:39:03 UTC 2020 - Tony Jones + +- Update to version 2.6.5: + * Fix segfault on shutdown + * Fix hang on startup (#1587995) + * Add sleep to script to dump state so file is ready when needed + * Add auparse_normalizer support for SOFTWARE_UPDATE event + * Mark netlabel events as simple events so that get processed quicker + * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) + * Add 30-ospp-v42.rules to meet new Common Criteria requirements + * Update lookup tables for the 4.18 kernel + * In aureport, fix segfault in file report + * Add auparse_normalizer support for labeled networking events + * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) + * Event aging is off by a second + * In ausearch/auparse, correct event ordering to process oldest first + * auparse_reset was not clearing everything it should + * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events + * In ausearch/report, lightly parse selinux portion of USER_AVC events + * In ausearch/report, limit record size when malformed + * In auditd, fix extract_type function for network originating events + * In auditd, calculate right size and location for network originating events + * Treat all network originating events as VER2 so dispatcher doesn't format it + * In audisp-remote do an initial connection attempt (#1625156) + * In auditd, allow expression of space left as a percentage (#1650670) + * On PPC64LE systems, only allow 64 bit rules (#1462178) + * Make some parts of auditd state report optional based on config + * Fix ausearch when checkpointing a single file (Burn Alting) + * Fix scripting in 31-privileged.rules wrt filecap (#1662516) + * In ausearch, do not checkpt if stdin is input source + * In libev, remove __cold__ attribute for functions to allow proper hardening + * Add tests to configure.ac for openldap support + * Make systemd support files use /run rather than /var/run (Christian Hesse) + * Fix minor memory leak in auditd kerberos credentials code + * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test + * In ausearch/report fix --end to use midnight time instead of now (#1671338) + +- Fix build errors when using gcc-10 no-common default (bsc#1160384) + New patch: audit-fno-common.patch + +- Refresh audit-allow-manual-stop.patch + ------------------------------------------------------------------- Thu Mar 21 10:32:43 UTC 2019 - Jan Engelhardt diff --git a/audit-secondary.spec b/audit-secondary.spec index 6d7aae9..3f11838 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -1,7 +1,7 @@ # # spec file for package audit-secondary # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,18 +22,19 @@ # The seperation is required to minimize unnecessary build cycles. %define _name audit Name: audit-secondary -Version: 2.8.4 +Version: 2.8.5 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later Group: System/Monitoring -Url: http://people.redhat.com/sgrubb/audit/ +URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Patch1: audit-plugins-path.patch Patch2: audit-no-gss.patch Patch3: audit-allow-manual-stop.patch Patch4: audit-ausearch-do-not-require-tclass.patch Patch5: audit-python3.patch +Patch6: audit-fno-common.patch BuildRequires: audit-devel = %{version} BuildRequires: autoconf >= 2.12 BuildRequires: gcc-c++ @@ -112,6 +113,7 @@ rm -rf audisp/plugins/prelude %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %if %{without python2} && %{with python3} # Fix python env call in tests if we only have Python3. diff --git a/audit.changes b/audit.changes index 5eb1e70..479d975 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Mon Jan 13 17:39:03 UTC 2020 - Tony Jones + +- Update to version 2.6.5: + * Fix segfault on shutdown + * Fix hang on startup (#1587995) + * Add sleep to script to dump state so file is ready when needed + * Add auparse_normalizer support for SOFTWARE_UPDATE event + * Mark netlabel events as simple events so that get processed quicker + * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) + * Add 30-ospp-v42.rules to meet new Common Criteria requirements + * Update lookup tables for the 4.18 kernel + * In aureport, fix segfault in file report + * Add auparse_normalizer support for labeled networking events + * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) + * Event aging is off by a second + * In ausearch/auparse, correct event ordering to process oldest first + * auparse_reset was not clearing everything it should + * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events + * In ausearch/report, lightly parse selinux portion of USER_AVC events + * In ausearch/report, limit record size when malformed + * In auditd, fix extract_type function for network originating events + * In auditd, calculate right size and location for network originating events + * Treat all network originating events as VER2 so dispatcher doesn't format it + * In audisp-remote do an initial connection attempt (#1625156) + * In auditd, allow expression of space left as a percentage (#1650670) + * On PPC64LE systems, only allow 64 bit rules (#1462178) + * Make some parts of auditd state report optional based on config + * Fix ausearch when checkpointing a single file (Burn Alting) + * Fix scripting in 31-privileged.rules wrt filecap (#1662516) + * In ausearch, do not checkpt if stdin is input source + * In libev, remove __cold__ attribute for functions to allow proper hardening + * Add tests to configure.ac for openldap support + * Make systemd support files use /run rather than /var/run (Christian Hesse) + * Fix minor memory leak in auditd kerberos credentials code + * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test + * In ausearch/report fix --end to use midnight time instead of now (#1671338) + +- Remote zos building is now a configurable option. + It should be disabled in audit (and left enabled in audit-secondary). + ------------------------------------------------------------------- Thu Mar 21 10:33:03 UTC 2019 - Jan Engelhardt diff --git a/audit.spec b/audit.spec index a52739f..775281c 100644 --- a/audit.spec +++ b/audit.spec @@ -1,7 +1,7 @@ # # spec file for package audit # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,12 +17,12 @@ Name: audit -Version: 2.8.4 +Version: 2.8.5 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later Group: System/Monitoring -Url: http://people.redhat.com/sgrubb/audit/ +URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: baselibs.conf Source2: README-BEFORE-ADDING-PATCHES @@ -87,7 +87,8 @@ export LDFLAGS="-Wl,-z,relro,-z,now" --with-libwrap \ --without-libcap-ng \ --disable-static \ - --without-python + --without-python \ + --disable-zos-remote make %{?_smp_mflags} -C lib make %{?_smp_mflags} -C auparse make %{?_smp_mflags} -C docs