SHA256
1
0
forked from pool/audit

Accepting request 50024 from security

checked in (request 50024)

OBS-URL: https://build.opensuse.org/request/show/50024
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=21
This commit is contained in:
OBS User autobuild 2010-10-07 23:12:16 +00:00 committed by Git OBS Bridge
parent ac0c7391c5
commit d92fcc232e
12 changed files with 49 additions and 109 deletions

View File

@ -4,10 +4,10 @@ SuSE kernel git tree. Patches added without this will be reverted. Thanks.
From: Name <email> From: Name <email>
Subject: Summary of fix Subject: Summary of fix
Date: date Date: date
References: bnc#xxxxxx (bugzilla reference if applicable) References: bnc#xxxxxx (bugzilla reference)
Upstream: yes (provide repo/commit-id in description) or no (provide reason)
Signed-Off-by: Name <email> (same as From: if committer is patch author) Signed-Off-by: Name <email> (same as From: if committer is patch author)
Short paragraph describing problem/fix. Short paragraph describing problem/fix.
References to upstream repo-path/commit-id if applicable. References to upstream repo/commit-id if applicable.

3
audit-2.0.4.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:606e3802f022e11791edb40cd93a1d1708c5fc40db56a2bbbba5fa6e61298a95
size 617863

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:50761b5ceea7c7cd2833d9dc611ce6dec440ddfb238c8a60e36fffd104ec3df6
size 618300

17
audit-as_needed.patch Normal file
View File

@ -0,0 +1,17 @@
From: Cristian Morales Vega <cmorve69@yahoo.es>
Subject: Fix --as-needed build
Upsteam: never
audit_LDADD is overriding LDADD, so -lpthread is missing. Fixed with -pthread in auditd_CFLAGS.
--- src/Makefile.am
+++ src/Makefile.am
@@ -31,7 +31,7 @@
noinst_HEADERS = auditd-config.h auditd-event.h auditd-listen.h ausearch-llist.h ausearch-options.h auditctl-llist.h aureport-options.h ausearch-parse.h aureport-scan.h ausearch-lookup.h ausearch-int.h auditd-dispatch.h ausearch-string.h ausearch-nvpair.h ausearch-common.h ausearch-avc.h ausearch-time.h ausearch-lol.h
auditd_SOURCES = auditd.c auditd-event.c auditd-config.c auditd-reconfig.c auditd-sendmail.c auditd-dispatch.c auditd-listen.c
-auditd_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing
+auditd_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pthread
auditd_LDFLAGS = -pie -Wl,-z,relro
auditd_DEPENDENCIES = mt/libauditmt.a libev/libev.a
auditd_LDADD = @LIBWRAP_LIBS@ @libev_LIBS@ -Llibev -lev -lrt -lm $(gss_libs)

View File

@ -5,13 +5,9 @@ Upsteam: never
Disable GSS/Kerberos options from config file. They are disabled from configure Disable GSS/Kerberos options from config file. They are disabled from configure
but need manual removal here. but need manual removal here.
--- --- audit-1.7.7/init.d/auditd.conf.orig 2008-09-26 02:40:48.458847000 +0200
init.d/auditd.conf | 3 --- +++ audit-1.7.7/init.d/auditd.conf 2008-09-26 02:41:13.600681000 +0200
1 file changed, 3 deletions(-) @@ -26,6 +26,3 @@
--- a/init.d/auditd.conf
+++ b/init.d/auditd.conf
@@ -27,6 +27,3 @@ tcp_listen_queue = 5
tcp_max_per_addr = 1 tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535 ##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0 tcp_client_max_idle = 0

View File

@ -5,13 +5,8 @@ Upsteam: never
Non builtin plugins is build as part of phase2 by audit-secondary.spec. Non builtin plugins is build as part of phase2 by audit-secondary.spec.
Conf files for builtins are still installed Conf files for builtins are still installed
--- --- audit-1.7.2/audisp/plugins/Makefile.am.orig 2008-04-22 17:20:29.022441000 +0200
audisp/plugins/Makefile.am | 2 +- +++ audit-1.7.2/audisp/plugins/Makefile.am 2008-04-22 17:20:36.657804000 +0200
docs/Makefile.am | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
--- a/audisp/plugins/Makefile.am
+++ b/audisp/plugins/Makefile.am
@@ -22,7 +22,7 @@ @@ -22,7 +22,7 @@
CONFIG_CLEAN_FILES = *.loT *.rej *.orig CONFIG_CLEAN_FILES = *.loT *.rej *.orig
@ -21,9 +16,10 @@ Conf files for builtins are still installed
#SUBDIRS = builtins zos-remote #SUBDIRS = builtins zos-remote
if HAVE_PRELUDE if HAVE_PRELUDE
SUBDIRS += prelude SUBDIRS += prelude
--- a/docs/Makefile.am
+++ b/docs/Makefile.am --- audit-1.7.2/docs/Makefile.am.orig 2008-04-22 17:21:45.409978000 +0200
@@ -53,6 +53,5 @@ ausearch_add_expression.3 ausearch_add_t +++ audit-1.7.2/docs/Makefile.am 2008-04-22 17:21:59.923451000 +0200
@@ -49,6 +49,5 @@
ausearch_clear.3 \ ausearch_clear.3 \
ausearch_next_event.3 ausearch_set_stop.3 \ ausearch_next_event.3 ausearch_set_stop.3 \
autrace.8 get_auditfail_action.3 set_aumessage_mode.3 \ autrace.8 get_auditfail_action.3 set_aumessage_mode.3 \

View File

@ -6,15 +6,9 @@ Python code is disabled for audit.spec. Built manually by audit-libs-python.spe
This is apparantly necessary due to the SuSE build system. Bit of a PITA but This is apparantly necessary due to the SuSE build system. Bit of a PITA but
there you have it. there you have it.
--- --- audit-1.7.7/configure.ac.orig 2008-09-23 01:24:06.345492000 +0200
Makefile.am | 4 ++-- +++ audit-1.7.7/configure.ac 2008-09-23 01:25:15.325453000 +0200
auparse/Makefile.am | 1 - @@ -39,7 +39,6 @@
configure.ac | 4 ++--
3 files changed, 4 insertions(+), 5 deletions(-)
--- a/configure.ac
+++ b/configure.ac
@@ -40,7 +40,6 @@ AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE AM_INIT_AUTOMAKE
AM_PROG_LIBTOOL AM_PROG_LIBTOOL
AC_SUBST(LIBTOOL_DEPS) AC_SUBST(LIBTOOL_DEPS)
@ -22,7 +16,7 @@ there you have it.
OLDLIBS="$LIBS" OLDLIBS="$LIBS"
m4_include([src/libev/libev.m4]) m4_include([src/libev/libev.m4])
libev_LIBS="$LIBS" libev_LIBS="$LIBS"
@@ -231,7 +230,8 @@ AC_SUBST(libev_LIBS) @@ -195,7 +195,8 @@
AC_SUBST(LIBPRELUDE_CFLAGS) AC_SUBST(LIBPRELUDE_CFLAGS)
AC_SUBST(LIBPRELUDE_LDFLAGS) AC_SUBST(LIBPRELUDE_LDFLAGS)
@ -32,8 +26,8 @@ there you have it.
echo . echo .
echo " echo "
--- a/Makefile.am --- audit-1.7.7/Makefile.am.orig 2008-09-23 01:24:26.915901000 +0200
+++ b/Makefile.am +++ audit-1.7.7/Makefile.am 2008-09-23 01:25:43.035708000 +0200
@@ -21,8 +21,8 @@ @@ -21,8 +21,8 @@
# Rickard E. (Rik) Faith <faith@redhat.com> # Rickard E. (Rik) Faith <faith@redhat.com>
# #
@ -45,8 +39,8 @@ there you have it.
EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \ EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \
contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \ contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \
contrib/stig.rules contrib/skeleton.c contrib/avc_snap \ contrib/stig.rules contrib/skeleton.c contrib/avc_snap \
--- a/auparse/Makefile.am --- audit-1.7.7/auparse/Makefile.am.orig 2008-09-23 20:45:53.245409000 +0200
+++ b/auparse/Makefile.am +++ audit-1.7.7/auparse/Makefile.am 2008-09-23 20:46:02.659985000 +0200
@@ -20,7 +20,6 @@ @@ -20,7 +20,6 @@
# Steve Grubb <sgrubb@redhat.com> # Steve Grubb <sgrubb@redhat.com>
# #

View File

@ -1,31 +0,0 @@
From: aj@suse.de
Subject: Use oom_score_adj on newer kernels
Date: 2010-09-27
Signed-Off-by: Andreas Jaeger <aj@suse.de>
I see in dmesg on my 2.6.36 kernel:
[ 19.424535] auditd (2576): /proc/2576/oom_adj is deprecated, please use /proc/2576/oom_score_adj instead.
Since oom_adj is deprecated, let's use oom_score_adj.
Index: src/auditd.c
===================================================================
--- src/auditd.c.orig
+++ src/auditd.c
@@ -265,7 +265,15 @@ static int write_pid_file(void)
static void avoid_oom_killer(void)
{
int oomfd;
-
+
+ /* Newer kernels (noticed in 2.6.36) */
+ oomfd = open("/proc/self/oom_score_adj", O_NOFOLLOW | O_WRONLY);
+ if (oomfd >= 0) {
+ (void)write(oomfd, "0", 1);
+ close(oomfd);
+ return;
+ }
+ /* Older kernel */
oomfd = open("/proc/self/oom_adj", O_NOFOLLOW | O_WRONLY);
if (oomfd >= 0) {
(void)write(oomfd, "-17", 3);

View File

@ -1,9 +1,3 @@
-------------------------------------------------------------------
Wed Sep 29 00:22:38 UTC 2010 - tonyj@novell.com
- Upgrade to version 2.0.5 (see audit.changes for upstream change
history)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de

View File

@ -1,5 +1,5 @@
# #
# spec file for package audit-secondary (Version 2.0.5) # spec file for package audit-secondary (Version 2.0.4)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -25,11 +25,12 @@ BuildRequires: gcc-c++ openldap2-devel pkg-config python-devel swig
Summary: Python Bindings for libaudit Summary: Python Bindings for libaudit
License: GPLv2+ License: GPLv2+
Group: System/Monitoring Group: System/Monitoring
Version: 2.0.5 Version: 2.0.4
Release: 1 Release: 7
Url: http://people.redhat.com/sgrubb/audit/ Url: http://people.redhat.com/sgrubb/audit/
Source0: audit-%{version}.tar.bz2 Source0: audit-%{version}.tar.bz2
Patch1: audit-plugins-path.patch Patch1: audit-plugins-path.patch
Patch2: audit-as_needed.patch
Requires: audit = %{version} Requires: audit = %{version}
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %insserv_prereq %fillup_prereq PreReq: %insserv_prereq %fillup_prereq
@ -84,6 +85,7 @@ rm -rf audisp/plugins/zos-remote/policy
rm -rf audisp/plugins/prelude rm -rf audisp/plugins/prelude
%setup -q -n %{_name}-%{version} %setup -q -n %{_name}-%{version}
%patch1 -p1 %patch1 -p1
%patch2
%build %build
autoreconf -fi autoreconf -fi

View File

@ -1,31 +1,3 @@
-------------------------------------------------------------------
Tue Sep 28 22:41:14 UTC 2010 - tonyj@novell.com
- Update to version 2.0.5 (drop: audit-as_needed.patch)
- Update README-BEFORE-ADDING-PATCHES
- Upstream 2.0.5 changelog:
- Make auparse handle empty AUSOURCE_FILE_ARRAY correctly (Miloslav Trmač)
- On i386, audit rules do not work on inode's with a large number (#554553)
- Fix displaying of inode values to be unsigned integers when listing rules
- Correct Makefile install of audispd (Jason Tang)
- Syscall table updates for 2.6.34 kernel
- Add definitions for service start and stop
- Fix handling of ignore errors in auditctl
- Fix gssapi support to build with new linker options
- Add virtualization event types
- Update aureport program help and man pages to show all options
-------------------------------------------------------------------
Tue Sep 28 07:22:05 UTC 2010 - aj@suse.de
- Annotate patch audit-oom_score_adj.
-------------------------------------------------------------------
Mon Sep 27 08:47:32 UTC 2010 - aj@suse.de
- Use /proc/<pid>/oom_score_adj if available.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de

View File

@ -1,5 +1,5 @@
# #
# spec file for package audit (Version 2.0.5) # spec file for package audit (Version 2.0.4)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -22,8 +22,8 @@ Name: audit
BuildRequires: gcc-c++ tcpd-devel BuildRequires: gcc-c++ tcpd-devel
BuildRequires: kernel-headers >= 2.6.29 BuildRequires: kernel-headers >= 2.6.29
Summary: User Space Tools for 2.6 Kernel Auditing Summary: User Space Tools for 2.6 Kernel Auditing
Version: 2.0.5 Version: 2.0.4
Release: 1 Release: 7
License: GPLv2+ License: GPLv2+
Group: System/Monitoring Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/ Url: http://people.redhat.com/sgrubb/audit/
@ -35,7 +35,7 @@ Source4: README-BEFORE-ADDING-PATCHES
Patch1: audit-no_python.patch Patch1: audit-no_python.patch
Patch2: audit-no_plugins.patch Patch2: audit-no_plugins.patch
Patch3: audit-no-gss.patch Patch3: audit-no-gss.patch
Patch4: audit-oom_score_adj.patch Patch4: audit-as_needed.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-libs = %{version} Requires: %{name}-libs = %{version}
PreReq: %insserv_prereq %fillup_prereq PreReq: %insserv_prereq %fillup_prereq