rpm/audit
SHA256
1
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

Accepting request 588035 from security

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/588035
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=86
This commit is contained in:
Dominique Leuenberger 2018-03-26 09:51:53 +00:00 committed by Git OBS Bridge
commit e5a6970bfd
8 changed files with 388 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README-BEFORE-ADDING-PATCHES
View File

@ -1,13 +1,16 @@
All patches need to have a patch description header similar to what is used in
SUSE kernel git tree. Patches added without this will be reverted. Thanks.
All patches need to have a kernel-style patch description header.
From: Name <email>
PATCHES LACKING THIS OR NOT CORRECTLY FOLLOWING DESCRIPTION BELOW WILL BE
REJECTED OR REVERTED
From: Joe Smoe <joe@smoe.com>
Subject: Summary of fix
Date: date
References: bnc#xxxxxx (bugzilla reference if applicable)
Upstream: yes (provide repo/commit-id in description) or no (provide reason)
Signed-Off-by: Name <email> (same as From: if committer is patch author)
Date: Date of fix
References: Bugzilla reference [bsc#xxxx]
References: URL of relevant discussion thread, opensuse or upstream ML etc
Git-commit: Full SHA of upstream commit [if applicable]
Git-repo: [if different from https://github.com/linux-audit/audit-userspace.git]
Patch-mainline: revision of audit package or explanation if not [i.e v2.8.1 or "queued with maintainer" or "never; because ...." ]
Signed-Off-by: Joe Smoe <joe@smoe.com>
Short paragraph describing problem/fix.
References to upstream repo-path/commit-id if applicable.

3
audit-2.8.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1becde92ff6e81798fa8878820ab2497d867036a6596f55109504b37c8b33b6c
size 1120440

3
audit-2.8.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:67b59b2b77afee9ed87afa4d80ffc8e6f3a1f4bbedd5f2871f387c952147bcba
size 1121970

292
audit-python3.patch Normal file
View File

@ -0,0 +1,292 @@
From: Tomas Chvatal <tchvatal@suse.com>
Date: Wed Feb 7 09:26:35 UTC 2018
Subject: Convert tests to run under python3
References: https://github.com/linux-audit/audit-userspace/pull/39
Patch-mainline: no; pending with maintainer
Adjust auparse_test to run with python3 and python2
Index: audit-2.8.1/auparse/test/auparse_test.py
===================================================================
--- audit-2.8.1.orig/auparse/test/auparse_test.py
+++ audit-2.8.1/auparse/test/auparse_test.py
@@ -1,5 +1,7 @@
#!/usr/bin/env python
+from __future__ import print_function
+
import os
srcdir = os.getenv('srcdir')
@@ -30,29 +32,29 @@ def walk_test(au):
au.reset()
while True:
if not au.first_record():
- print "Error getting first record"
+ print("Error getting first record")
sys.exit(1)
- print "event %d has %d records" % (event_cnt, au.get_num_records())
+ print("event %d has %d records" % (event_cnt, au.get_num_records()))
record_cnt = 1
while True:
- print " record %d of type %d(%s) has %d fields" % \
+ print(" record %d of type %d(%s) has %d fields" % \
(record_cnt,
au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
- au.get_num_fields())
- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
+ au.get_num_fields()))
+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
event = au.get_timestamp()
if event is None:
- print "Error getting timestamp - aborting"
+ print("Error getting timestamp - aborting")
sys.exit(1)
- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
au.first_field()
while True:
- print " %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
+ print(" %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
if not au.next_field(): break
- print
+ print("")
record_cnt += 1
if not au.next_record(): break
event_cnt += 1
@@ -62,25 +64,25 @@ def walk_test(au):
def light_test(au):
while True:
if not au.first_record():
- print "Error getting first record"
+ print("Error getting first record")
sys.exit(1)
- print "event has %d records" % (au.get_num_records())
+ print("event has %d records" % (au.get_num_records()))
record_cnt = 1
while True:
- print " record %d of type %d(%s) has %d fields" % \
+ print(" record %d of type %d(%s) has %d fields" % \
(record_cnt,
au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
- au.get_num_fields())
- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
+ au.get_num_fields()))
+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
event = au.get_timestamp()
if event is None:
- print "Error getting timestamp - aborting"
+ print("Error getting timestamp - aborting")
sys.exit(1)
- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
- print
+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
+ print("")
record_cnt += 1
if not au.next_record(): break
if not au.parse_next_event(): break
@@ -97,9 +99,9 @@ def simple_search(au, source, where):
au.search_add_item("auid", "=", val, auparse.AUSEARCH_RULE_CLEAR)
au.search_set_stop(where)
if not au.search_next_event():
- print "Error searching for auid"
+ print("Error searching for auid")
else:
- print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
+ print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
def compound_search(au, how):
au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
@@ -115,119 +117,119 @@ def compound_search(au, how):
au.search_set_stop(auparse.AUSEARCH_STOP_FIELD)
if not au.search_next_event():
- print "Error searching for auid"
+ print("Error searching for auid")
else:
- print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
+ print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
def feed_callback(au, cb_event_type, event_cnt):
if cb_event_type == auparse.AUPARSE_CB_EVENT_READY:
if not au.first_record():
- print "Error getting first record"
+ print("Error getting first record")
sys.exit(1)
- print "event %d has %d records" % (event_cnt[0], au.get_num_records())
+ print("event %d has %d records" % (event_cnt[0], au.get_num_records()))
record_cnt = 1
while True:
- print " record %d of type %d(%s) has %d fields" % \
+ print(" record %d of type %d(%s) has %d fields" % \
(record_cnt,
au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
- au.get_num_fields())
- print " line=%d file=%s" % (au.get_line_number(), au.get_filename())
+ au.get_num_fields()))
+ print(" line=%d file=%s" % (au.get_line_number(), au.get_filename()))
event = au.get_timestamp()
if event is None:
- print "Error getting timestamp - aborting"
+ print("Error getting timestamp - aborting")
sys.exit(1)
- print " event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
+ print(" event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
au.first_field()
while True:
- print " %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
+ print(" %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
if not au.next_field(): break
- print
+ print("")
record_cnt += 1
if not au.next_record(): break
event_cnt[0] += 1
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
-print "Starting Test 1, iterate..."
+print("Starting Test 1, iterate...")
while au.parse_next_event():
if au.find_field("auid"):
- print "%s=%s" % (au.get_field_name(), au.get_field_str())
- print "interp auid=%s" % (au.interpret_field())
+ print("%s=%s" % (au.get_field_name(), au.get_field_str()))
+ print("interp auid=%s" % (au.interpret_field()))
else:
- print "Error iterating to auid"
-print "Test 1 Done\n"
+ print("Error iterating to auid")
+print("Test 1 Done\n")
# Reset, now lets go to beginning and walk the list manually */
-print "Starting Test 2, walk events, records, and fields..."
+print("Starting Test 2, walk events, records, and fields...")
au.reset()
walk_test(au)
-print "Test 2 Done\n"
+print("Test 2 Done\n")
# Reset, now lets go to beginning and walk the list manually */
-print "Starting Test 3, walk events, records of 1 buffer..."
+print("Starting Test 3, walk events, records of 1 buffer...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER, buf[1])
au.reset()
light_test(au);
-print "Test 3 Done\n"
+print("Test 3 Done\n")
-print "Starting Test 4, walk events, records of 1 file..."
+print("Starting Test 4, walk events, records of 1 file...")
au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
walk_test(au);
-print "Test 4 Done\n"
+print("Test 4 Done\n")
-print "Starting Test 5, walk events, records of 2 files..."
+print("Starting Test 5, walk events, records of 2 files...")
au = auparse.AuParser(auparse.AUSOURCE_FILE_ARRAY, files);
walk_test(au);
-print "Test 5 Done\n"
+print("Test 5 Done\n")
-print "Starting Test 6, search..."
+print("Starting Test 6, search...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
au.search_add_item("auid", "=", "500", auparse.AUSEARCH_RULE_CLEAR)
au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
if au.search_next_event():
- print "Error search found something it shouldn't have"
+ print("Error search found something it shouldn't have")
else:
- print "auid = 500 not found...which is correct"
+ print("auid = 500 not found...which is correct")
au.search_clear()
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
#au.search_add_item("auid", "exists", None, auparse.AUSEARCH_RULE_CLEAR)
au.search_add_item("auid", "exists", "", auparse.AUSEARCH_RULE_CLEAR)
au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
if not au.search_next_event():
- print "Error searching for existence of auid"
-print "auid exists...which is correct"
-print "Testing BUFFER_ARRAY, stop on field"
+ print("Error searching for existence of auid")
+print("auid exists...which is correct")
+print("Testing BUFFER_ARRAY, stop on field")
simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_FIELD)
-print "Testing BUFFER_ARRAY, stop on record"
+print("Testing BUFFER_ARRAY, stop on record")
simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_RECORD)
-print "Testing BUFFER_ARRAY, stop on event"
+print("Testing BUFFER_ARRAY, stop on event")
simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_EVENT)
-print "Testing test.log, stop on field"
+print("Testing test.log, stop on field")
simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_FIELD)
-print "Testing test.log, stop on record"
+print("Testing test.log, stop on record")
simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_RECORD)
-print "Testing test.log, stop on event"
+print("Testing test.log, stop on event")
simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_EVENT)
-print "Test 6 Done\n"
+print("Test 6 Done\n")
-print "Starting Test 7, compound search..."
+print("Starting Test 7, compound search...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
compound_search(au, auparse.AUSEARCH_RULE_AND)
compound_search(au, auparse.AUSEARCH_RULE_OR)
-print "Test 7 Done\n"
+print("Test 7 Done\n")
-print "Starting Test 8, regex search..."
+print("Starting Test 8, regex search...")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
-print "Doing regex match...\n"
+print("Doing regex match...\n")
au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
-print "Test 8 Done\n"
+print("Test 8 Done\n")
# Note: this should match Test 2 exactly
# Note: this should match Test 2 exactly
-print "Starting Test 9, buffer feed..."
+print("Starting Test 9, buffer feed...")
au = auparse.AuParser(auparse.AUSOURCE_FEED);
event_cnt = 1
au.add_callback(feed_callback, [event_cnt])
@@ -241,10 +243,10 @@ for s in buf:
beg += chunk_len
au.feed(data)
au.flush_feed()
-print "Test 9 Done\n"
+print("Test 9 Done\n")
# Note: this should match Test 4 exactly
-print "Starting Test 10, file feed..."
+print("Starting Test 10, file feed...")
au = auparse.AuParser(auparse.AUSOURCE_FEED);
event_cnt = 1
au.add_callback(feed_callback, [event_cnt])
@@ -254,9 +256,9 @@ while True:
if not data: break
au.feed(data)
au.flush_feed()
-print "Test 10 Done\n"
+print("Test 10 Done\n")
-print "Finished non-admin tests\n"
+print("Finished non-admin tests\n")
au = None
sys.exit(0)

36
audit-secondary.changes
View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Fri Mar 16 19:44:45 UTC 2018 - tonyj@suse.com
- Change openldap dependency to client only (bsc#1085003)
- Resolve issue with previous change if both Python2 and Python3 are
present, tests were failing as python2 bindings are preferred in this
case.
-------------------------------------------------------------------
Thu Feb 22 11:00:16 UTC 2018 - meissner@suse.com
- reverted -j1 force ppc specific only
-------------------------------------------------------------------
Wed Feb 7 09:26:35 UTC 2018 - tchvatal@suse.com
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
-------------------------------------------------------------------
Tue Feb 6 13:24:43 UTC 2018 - normand@linux.vnet.ibm.com
- force -j1 for PowerPC make check to avoid build failure
(lookup_test.o: file not recognized: File truncated)
-------------------------------------------------------------------
Wed Jan 17 15:25:55 UTC 2018 - tchvatal@suse.com

25
audit-secondary.spec
View File

@ -22,10 +22,10 @@
# The seperation is required to minimize unnecessary build cycles.
%define _name audit
Name: audit-secondary
Version: 2.8.1
Version: 2.8.2
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0+
License: GPL-2.0-or-later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
@ -33,12 +33,13 @@ Patch1: audit-plugins-path.patch
Patch2: audit-no-gss.patch
Patch3: audit-allow-manual-stop.patch
Patch4: audit-ausearch-do-not-require-tclass.patch
Patch5: audit-python3.patch
BuildRequires: audit-devel = %{version}
BuildRequires: autoconf >= 2.12
BuildRequires: gcc-c++
BuildRequires: kernel-headers >= 2.6.30
BuildRequires: libldapcpp-devel
BuildRequires: libtool
BuildRequires: openldap2-devel
BuildRequires: pkgconfig
%if %{with python2}
BuildRequires: python2-devel
@ -58,7 +59,7 @@ Linux kernel.
%package -n audit
Summary: User Space Tools for Kernel Auditing
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: System/Monitoring
Requires: %{_name}-libs = %{version}
Requires: coreutils
@ -71,7 +72,7 @@ Linux kernel.
%package -n python2-audit
Summary: Python Bindings for libaudit
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: Development/Languages/Python
Provides: audit-libs-python = %{version}
Obsoletes: audit-libs-python < %{version}
@ -82,7 +83,7 @@ by python.
%package -n python3-audit
Summary: Python3 Bindings for libaudit
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: Development/Languages/Python
Provides: audit-libs-python3 = %{version}
Obsoletes: audit-libs-python3 < %{version}
@ -93,9 +94,8 @@ by python3.
%package -n audit-audispd-plugins
Summary: Default plugins for the audit dispatcher
License: GPL-2.0+
License: GPL-2.0-or-later
Group: System/Monitoring
Requires: openldap2
%description -n audit-audispd-plugins
The audit-audispd-plugins package contains plugin components for the
@ -111,6 +111,15 @@ rm -rf audisp/plugins/prelude
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%if %{without python2} && %{with python3}
# Fix python env call in tests if we only have Python3.
# If both versions are present, python2 bindings are preferred by the tests and
# unconditionally using /usr/bin/python3 breaks the tests
# Probably the correct solution is to run the tests twice if both are present.
sed -i -e 's:#!/usr/bin/env python:#!/usr/bin/python3:g' auparse/test/auparse_test.py
%endif
%build
autoreconf -fi

23
audit.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Fri Mar 16 19:41:29 UTC 2018 - tonyj@suse.com
- Update header in audit-python3.patch
- Update patch guidelines in README-BEFORE-ADDING-PATCHES
-------------------------------------------------------------------
Wed Feb 7 09:26:35 UTC 2018 - tchvatal@suse.com
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
-------------------------------------------------------------------
Sat Nov 4 21:12:09 UTC 2017 - aavindraa@gmail.com

10
audit.spec
View File

@ -17,10 +17,10 @@
Name: audit
Version: 2.8.1
Version: 2.8.2
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0+
License: GPL-2.0-or-later
Group: System/Monitoring
Url: http://people.redhat.com/sgrubb/audit/
Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@ -41,7 +41,7 @@ Linux kernel.
%package -n libaudit1
Summary: Library for interfacing with the kernel audit subsystem
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: System/Libraries
Obsoletes: %{name}-libs < 2.0.4
Provides: %{name}-libs = %{version}
@ -52,7 +52,7 @@ applications to use the audit framework.
%package -n libauparse0
Summary: Library for parsing and interpreting audit events
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: System/Libraries
%description -n libauparse0
@ -61,7 +61,7 @@ parse audit records.
%package -n audit-devel
Summary: Header files for libaudit
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Requires: libaudit1 = %{version}
Requires: libauparse0 = %{version}