From 97e319769c14eb361a0bbc655dce9e631dd885e452a5c8e20935b935e933592e Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Sun, 1 Aug 2021 14:31:28 +0000 Subject: [PATCH 1/3] Accepting request 909447 from home:ematsumiya:branches:security - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists OBS-URL: https://build.opensuse.org/request/show/909447 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=124 --- audit-3.0.2.tar.gz | 3 --- audit-3.0.3.tar.gz | 3 +++ audit-no-gss.patch | 2 +- audit-secondary.changes | 13 +++++++++++++ audit-secondary.spec | 2 +- audit.changes | 13 +++++++++++++ audit.spec | 2 +- 7 files changed, 32 insertions(+), 6 deletions(-) delete mode 100644 audit-3.0.2.tar.gz create mode 100644 audit-3.0.3.tar.gz diff --git a/audit-3.0.2.tar.gz b/audit-3.0.2.tar.gz deleted file mode 100644 index e4cda53..0000000 --- a/audit-3.0.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18ae558900eb1c85a8d68c42f70f8e71a8f763c2c661ec8e89cccd26edc2d506 -size 1184356 diff --git a/audit-3.0.3.tar.gz b/audit-3.0.3.tar.gz new file mode 100644 index 0000000..ed330ac --- /dev/null +++ b/audit-3.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:22a17adc2e524c25531e2abf28d655bd49eabc38b0c357c81094b0b8369a73e6 +size 593405 diff --git a/audit-no-gss.patch b/audit-no-gss.patch index f1e71bf..10c50af 100644 --- a/audit-no-gss.patch +++ b/audit-no-gss.patch @@ -18,5 +18,5 @@ but need manual removal here. -krb5_principal = auditd -##krb5_key_file = /etc/audit/audit.key distribute_network = no - q_depth = 400 + q_depth = 1200 overflow_action = SYSLOG diff --git a/audit-secondary.changes b/audit-secondary.changes index 4036ca6..2395dd8 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Jul 30 18:14:14 CEST 2021 - Enzo Matsumiya + +- Update to version 3.0.3: + * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined + * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids + * Change auparse_feed_has_data in auparse to include incomplete events + * Auditd, stop linking against -lrt + * Add ProtectHome and RestrictRealtime to auditd.service + * In auditd, read up to 3 netlink packets in a row + * In auditd, do not validate path to plugin unless active + * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists + ------------------------------------------------------------------- Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya diff --git a/audit-secondary.spec b/audit-secondary.spec index 84610a5..3222b5d 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -22,7 +22,7 @@ # The seperation is required to minimize unnecessary build cycles. %define _name audit Name: audit-secondary -Version: 3.0.2 +Version: 3.0.3 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later diff --git a/audit.changes b/audit.changes index 5c25663..3daef48 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Jul 30 18:14:14 CEST 2021 - Enzo Matsumiya + +- Update to version 3.0.3: + * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined + * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids + * Change auparse_feed_has_data in auparse to include incomplete events + * Auditd, stop linking against -lrt + * Add ProtectHome and RestrictRealtime to auditd.service + * In auditd, read up to 3 netlink packets in a row + * In auditd, do not validate path to plugin unless active + * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists + ------------------------------------------------------------------- Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya diff --git a/audit.spec b/audit.spec index 047cb77..9bc4055 100644 --- a/audit.spec +++ b/audit.spec @@ -17,7 +17,7 @@ Name: audit -Version: 3.0.2 +Version: 3.0.3 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later From ebf7ab7764f88b0dda5f1b7323422e7b23cfff59c56fec343c386d5cf4b346d5 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 3 Aug 2021 15:56:42 +0000 Subject: [PATCH 2/3] - use https source urls OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=125 --- audit-3.0.3.tar.gz | 4 ++-- audit-secondary.spec | 4 ++-- audit.changes | 1 + audit.spec | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/audit-3.0.3.tar.gz b/audit-3.0.3.tar.gz index ed330ac..02b03b8 100644 --- a/audit-3.0.3.tar.gz +++ b/audit-3.0.3.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:22a17adc2e524c25531e2abf28d655bd49eabc38b0c357c81094b0b8369a73e6 -size 593405 +oid sha256:23777e1dc9a80a2ee06a4d442a6a0a9bcbf1ae7ee4b5738a220ff619738cc904 +size 1186684 diff --git a/audit-secondary.spec b/audit-secondary.spec index 3222b5d..65a6efe 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -27,8 +27,8 @@ Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later Group: System/Monitoring -URL: http://people.redhat.com/sgrubb/audit/ -Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz +URL: https://people.redhat.com/sgrubb/audit/ +Source0: https://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Source1: system-group-audit.conf Patch1: audit-plugins-path.patch Patch2: audit-no-gss.patch diff --git a/audit.changes b/audit.changes index 3daef48..fe83d86 100644 --- a/audit.changes +++ b/audit.changes @@ -10,6 +10,7 @@ Fri Jul 30 18:14:14 CEST 2021 - Enzo Matsumiya * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists +- use https source urls ------------------------------------------------------------------- Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya diff --git a/audit.spec b/audit.spec index 9bc4055..2df0023 100644 --- a/audit.spec +++ b/audit.spec @@ -22,8 +22,8 @@ Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0-or-later Group: System/Monitoring -URL: http://people.redhat.com/sgrubb/audit/ -Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz +URL: https://people.redhat.com/sgrubb/audit/ +Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: baselibs.conf Source2: README-BEFORE-ADDING-PATCHES Patch0: change-default-log_group.patch From d083951a315e2b2366c5ac49e739f4b5be7960b83abdab7e6d9d7ea7f46f631f Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 3 Aug 2021 15:56:57 +0000 Subject: [PATCH 3/3] - use https source urls OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=126 --- audit-secondary.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/audit-secondary.changes b/audit-secondary.changes index 2395dd8..a4585c9 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -10,6 +10,7 @@ Fri Jul 30 18:14:14 CEST 2021 - Enzo Matsumiya * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists +- use https source urls ------------------------------------------------------------------- Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya