Accepting request 209367 from security

(forwarded request 209366 from jones_tony) OBS-URL: https://build.opensuse.org/request/show/209367 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=68
2013-12-05 05:48:07 +00:00 · 2013-12-05 05:48:07 +00:00 · b010bc3721
commit b010bc3721
parent 26b27d74e6 87bc3dd49c
10 changed files with 117 additions and 91 deletions
--- a/audit-2.2.3.tar.gz
+++ b/audit-2.2.3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2fc8f97020121593f516dc011ef61f39043c4cea9b2cb9ab3849bf9e41dedf02
-size 910762
--- a/audit-2.3.2.tar.gz
+++ b/audit-2.3.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8872e0b5392888789061db8034164305ef0e1b34543e1e7004d275f039081d29
+size 947897
--- a/audit-allow-manual-stop.patch
+++ b/audit-allow-manual-stop.patch
@ -0,0 +1,23 @@
+From: Tony Jones <tonyj@suse.de>
+Subject: allow service stop
+References: https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
+References: https://www.redhat.com/archives/linux-audit/2013-July/msg00048.html
+---
+
+legacy-actions is Fedora specific, so blocking manual stop won't work for
+SuSE since we lack the ability to use a custom stop/restart
+
+
+ init.d/auditd.service |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/init.d/auditd.service
+++ b/init.d/auditd.service
+@@ -4,7 +4,6 @@ DefaultDependencies=no
+ After=local-fs.target
+ Conflicts=shutdown.target
+ Before=sysinit.target shutdown.target
+-RefuseManualStop=yes
+ 
+ [Service]
+ ExecStart=/sbin/auditd -n
--- a/audit-fix-implicit-defn.patch
+++ b/audit-fix-implicit-defn.patch
@ -1,16 +0,0 @@
-From: Tony Jones <tonyj@suse.de>
-Subject: fix implicit definition warnings
-Upstream: pending
-
-Fixes "W: audit-secondary implicit-pointer-decl auvirt.c:984"
-
--- a/tools/auvirt/auvirt.c
-+++ b/tools/auvirt/auvirt.c
-@@ -25,6 +25,7 @@
- #include <stdlib.h>
- #include <stdio.h>
- #include <errno.h>
-+#include <ctype.h>
- #include <locale.h>
- #include <string.h>
- #include <regex.h>
--- a/audit-no_plugins.patch
+++ b/audit-no_plugins.patch
@ -1,33 +0,0 @@
-From: Tony Jones <tonyj@suse.de>
-Subject: Disable automatic building of plugins
-Upsteam: never
-
-Non builtin plugins is build as part of phase2 by audit-secondary.spec.
-Conf files for builtins are still installed
-
---
- audisp/plugins/Makefile.am |    2 +-
- docs/Makefile.am           |    3 +--
- 2 files changed, 2 insertions(+), 3 deletions(-)
-
--- a/audisp/plugins/Makefile.am
-+++ b/audisp/plugins/Makefile.am
-@@ -22,7 +22,7 @@
- 
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
- 
-SUBDIRS = builtins zos-remote remote
-+SUBDIRS = builtins
- #SUBDIRS = builtins zos-remote
- if HAVE_PRELUDE
- SUBDIRS += prelude
--- a/docs/Makefile.am
-+++ b/docs/Makefile.am
-@@ -53,6 +53,5 @@ ausearch_add_expression.3 ausearch_add_t
- ausearch_clear.3 \
- ausearch_next_event.3 ausearch_set_stop.3 \
- autrace.8 get_auditfail_action.3 set_aumessage_mode.3 \
-audispd.8 audispd.conf.5 audispd-zos-remote.8 libaudit.conf.5 \
-zos-remote.conf.5 
-+audispd.8 audispd.conf.5 libaudit.conf.5
- 
--- a/audit-secondary.changes
+++ b/audit-secondary.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Nov 26 18:28:58 UTC 2013 - tonyj@suse.com
+
+- Update to version 2.3.2. See audit.spec (libaudit1) for upstream 
+  changelog
+- Drop patch 'audit-fix-implicit-defn.patch' (upstream)
+- Add patch 'audit-allow-manual-stop.patch' to reinstate service 
+  stop/restart.
+- /etc/sysconfig/audit still existed but was no longer referenced
+  by systemd, so remove
+- Delete audit-no_plugins.patch, it was stale (no longer referenced
+  by specfiles) but had not been removed.
+
 -------------------------------------------------------------------
 Wed Oct  2 12:48:50 UTC 2013 - opensuse@cboltz.de

--- a/audit-secondary.spec
+++ b/audit-secondary.spec
@ -30,17 +30,15 @@ BuildRequires:  swig
 Summary:        Secondary packages for audit
 License:        GPL-2.0+
 Group:          System/Monitoring
-Version:        2.2.3
+Version:        2.3.2
 Release:        0
 Url:            http://people.redhat.com/sgrubb/audit/
 Source0:        http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
-Source2:        auditd.sysconfig
 Patch1:         audit-plugins-path.patch
 Patch2:         audit-no-gss.patch
 Patch3:         audit-no_m4_dir.patch
-Patch4:         audit-fix-implicit-defn.patch
+Patch4:         audit-allow-manual-stop.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-PreReq:         %insserv_prereq %fillup_prereq
 BuildRequires:  audit-devel = %{version}
 BuildRequires:  autoconf >= 2.12
 BuildRequires:  gcc-c++
@ -108,19 +106,17 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
 %{__make} %{?_smp_mflags}

 %install
-mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
+mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{audispd/plugins.d,init.d}}
 mkdir -p $RPM_BUILD_ROOT/usr/sbin
 mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
 make DESTDIR=$RPM_BUILD_ROOT install

-mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
-cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd
 mkdir -p $RPM_BUILD_ROOT/var/log/audit/
 touch $RPM_BUILD_ROOT/var/log/audit/audit.log
 mkdir -p $RPM_BUILD_ROOT/var/spool/audit/
 # For ghost below, so that old location files will still be there when
 # post copy runs
-touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
+touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules} $RPM_BUILD_ROOT/etc/audit/auditd.conf
 # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
 touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf

@ -128,6 +124,9 @@ touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
 rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd
 rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd
 rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d
+# delete redhat systemd legacy scripts, our systemd doesn't support the feature
+# https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html
+rm -rf $RPM_BUILD_ROOT/usr/lib/audit
 # Clean up some unneeded library files
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la
@ -147,7 +146,7 @@ rm -rf $RPM_BUILD_ROOT/%{_mandir}/man3
 # audisp-remote shouldn't be in /sbin either, it's not 'essential'
 mv $RPM_BUILD_ROOT/sbin/{audispd-zos-remote,audisp-remote} $RPM_BUILD_ROOT/usr/sbin
 #USR-MERGE
-for prog in auditctl auditd ausearch autrace audispd aureport; do
+for prog in auditctl auditd ausearch autrace audispd aureport augenrules; do
  [ \! -f %{buildroot}/sbin/$prog ] || mv %{buildroot}/sbin/$prog %{buildroot}/usr/sbin/$prog
  ln -s %{_prefix}/sbin/$prog %{buildroot}/sbin/$prog
 done
@ -159,15 +158,15 @@ done
 make check

 %post -n audit
-%{fillup_only -n auditd}
-# Save existing audit files if any (from old location)
+# Save existing audit files if any (from old locations)
 if [ -f /etc/auditd.conf ]; then
   mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new
   mv /etc/auditd.conf /etc/audit/auditd.conf
 fi
 if [ -f /etc/audit.rules ]; then
-   mv /etc/audit/audit.rules /etc/audit/audit.rules.new
   mv /etc/audit.rules /etc/audit/audit.rules
+elif [ ! -f /etc/audit/audit.rules ]; then
+   cp /etc/audit/rules.d/audit.rules /etc/audit/audit.rules
 fi
 %service_add_post auditd.service

@ -197,20 +196,23 @@ fi
 %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
 %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
 %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
-%attr(750,root,root) /sbin/auditctl
+%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
+/sbin/auditctl
 %attr(750,root,root) /usr/sbin/auditctl
-%attr(750,root,root) /sbin/auditd
+/sbin/auditd
 %attr(750,root,root) /usr/sbin/auditd
-%attr(755,root,root) /sbin/ausearch
+/sbin/ausearch
 %attr(755,root,root) /usr/sbin/ausearch
-%attr(750,root,root) /sbin/autrace
+/sbin/autrace
 %attr(750,root,root) /usr/sbin/autrace
-%attr(750,root,root) /sbin/audispd
+/sbin/audispd
+%attr(750,root,root) /usr/sbin/augenrules
+/sbin/augenrules
 %attr(750,root,root) /usr/sbin/audispd
 %attr(755,root,root) /usr/bin/aulast
 %attr(755,root,root) /usr/bin/aulastlog
 %attr(755,root,root) /usr/bin/ausyscall
-%attr(755,root,root) /sbin/aureport
+/sbin/aureport
 %attr(755,root,root) /usr/sbin/aureport
 %attr(755,root,root) /usr/bin/auvirt
 %dir %attr(750,root,root) /etc/audit
@ -221,9 +223,9 @@ fi
 %ghost /etc/auditd.conf
 %ghost /etc/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
-%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
+%dir %attr(750,root,root) /etc/audit/rules.d
+%config %attr(640,root,root) /etc/audit/rules.d/audit.rules
 %config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
-/var/adm/fillup-templates/sysconfig.auditd
 %dir %attr(700,root,root) /var/log/audit
 %ghost %config(noreplace) /var/log/audit/audit.log
 %dir %attr(700,root,root) /var/spool/audit
--- a/audit.changes
+++ b/audit.changes
@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Tue Nov 26 18:26:57 UTC 2013 - tonyj@suse.com
+
+- Update to version 2.3.2
+
+ Changelog 2.3.2
+ - Put RefuseManualStop in the right systemd section (#969345)
+ - Add legacy restart scripts for systemd support
+ - Add more syscall argument interpretations
+ - Add 'unset' keyword for uid & gid values in auditctl
+ - In ausearch, parse obj in IPC records
+ - In ausearch, parse subj in DAEMON_ROTATE records
+ - Fix interpretation of MQ_OPEN and MQ_NOTIFY events
+ - In auditd, restart dispatcher on SIGHUP if it had previously exited
+ - In audispd, exit when no active plugins are detected on reconfigure
+ - In audispd, clear signal mask set by libev so that SIGHUP works again
+ - In audispd, track binary plugins and restart if binary was updated
+ - In audispd, make sure we send signals to the correct process
+ - In auditd, clear signal mask when spawning any child process
+ - In audispd, make builtin plugins respond to SIGHUP
+ - In auparse, interpret mode flags of open syscall if O_CREAT is passed
+ - In audisp-remote, don't make address lookup always a permanent failure
+ - In audisp-remote, remove EOE events more efficiently
+ - In auditd, log the reason when email account is not valid
+ - In audisp-remote, change default remote_ending action to reconnect
+ - Add support for Aarch64 processors
+ 
+ Changelog 2.3.1
+ - Rearrange auditd setting enabled and pid to avoid a race (#910568)
+ - Interpret the ocomm field from OBJ_PID records 
+ - Fix missing 'then' statement in sysvinit script
+ - Switch ausearch to use libauparse for interpretting fields
+ - In libauparse, interpret prctl arg0, sched_setscheduler arg1
+ - In auparse, check source_list isn't NULL when opening next file (Liequan Che)
+ - In libauparse, interpret send* flags argument
+ - In libauparse, interpret level and name options for set/getsockopt
+ - In ausearch/report, don't flush events until last file (Burn Alting)
+ - Don't use systemctl to stop the audit daemon
+ 
+ Changelog 2.3
+ - The clone(2) man page is really clone(3), fix interpretation of clone syscall
+ - Add systemd support for reload (#901533)
+ - Allow -F msgtype on the user filter
+ - Add legacy support for resuming logging under systemd (#830780)
+ - Add legacy support for rotating logs under systemd (#916611)
+ - In auditd, collect SIGUSR2 info for DAEMON_RESUME events
+ - Updated man pages
+ - Update libev to 4.15
+ - Update syscall tables for 3.9 kernel
+ - Interpret MQ_OPEN events
+ - Add augenrules support (Burn Alting)
+ - Consume less stack sending audit events
+
 -------------------------------------------------------------------
 Fri Jun 28 09:30:54 UTC 2013 - coolo@suse.com

--- a/audit.spec
+++ b/audit.spec
@ -20,13 +20,12 @@ Name:           audit
 Summary:        First part of auditing package
 License:        GPL-2.0+
 Group:          System/Monitoring
-Version:        2.2.3
+Version:        2.3.2
 Release:        0
 Url:            http://people.redhat.com/sgrubb/audit/
 Source0:        http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
-Source2:        auditd.sysconfig
-Source3:        baselibs.conf
-Source4:        README-BEFORE-ADDING-PATCHES
+Source1:        baselibs.conf
+Source2:        README-BEFORE-ADDING-PATCHES
 Patch1:         audit-no_m4_dir.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  autoconf >= 2.12
--- a/auditd.sysconfig
+++ b/auditd.sysconfig
@ -1,15 +0,0 @@
-#
-## Type: string
-## Default: "yes"
-#
-# This option is used to determine if rules & watches should be deleted on
-# shutdown. This is beneficial in most cases so that a watch doesn't linger
-# on a drive that is being unmounted. If set to no, it will NOT be cleaned up.
-AUDITD_CLEAN_STOP="yes"
-#
-## Type: yesno
-## Default: yes
-#
-# This option disables syscall auditing by default. This can also be
-# accomplished by auditctl -e.
-AUDITD_DISABLE_CONTEXTS="yes"