OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=20

2008-09-29 15:28:30 +00:00 · 2008-09-29 15:28:30 +00:00 · ed84d1ced9
commit ed84d1ced9
parent 21943c9ab5
9 changed files with 149 additions and 44 deletions
--- a/audit-1.7.4.tar.bz2
+++ b/audit-1.7.4.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:aeb9652be811b7f4a695031dfd115c6d2209fe08601335772e727a183d756b06
-size 626976
--- a/audit-1.7.7.tar.bz2
+++ b/audit-1.7.7.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bd635c98f200d0b436e69fb2cb074386dd9f557ca7e2479e1de0cb0f7b2eea6d
+size 934496
--- a/audit-no-gss.patch
+++ b/audit-no-gss.patch
@ -0,0 +1,16 @@
+From: Tony Jones <tonyj@suse.de>
+Subject: Disable GSS options from config file
+Upsteam: never
+
+Disable GSS/Kerberos options from config file. They are disabled from configure
+but need manual removal here.
+
+--- audit-1.7.7/init.d/auditd.conf.orig	2008-09-26 02:40:48.458847000 +0200
+++ audit-1.7.7/init.d/auditd.conf	2008-09-26 02:41:13.600681000 +0200
+@@ -26,6 +26,3 @@
+ tcp_listen_queue = 5
+ ##tcp_client_ports = 1024-65535
+ tcp_client_max_idle = 0
+-enable_krb5 = no
+-krb5_principal = auditd
+-##krb5_key_file = /etc/audit/audit.key
--- a/audit-no_python.patch
+++ b/audit-no_python.patch
@ -6,37 +6,46 @@ Python code is disabled for audit.spec.  Built manually by audit-libs-python.spe
 This is apparantly necessary due to the SuSE build system.  Bit of a PITA but
 there you have it.

--- audit-1.6.8/configure.ac.old	2008-02-29 22:20:13.248763000 +0100
-+++ audit-1.6.8/configure.ac	2008-02-29 22:23:10.703128000 +0100
+--- audit-1.7.7/configure.ac.orig	2008-09-23 01:24:06.345492000 +0200
+++ audit-1.7.7/configure.ac	2008-09-23 01:25:15.325453000 +0200
@@ -39,7 +39,6 @@
 AM_INIT_AUTOMAKE
 AM_PROG_LIBTOOL
 AC_SUBST(LIBTOOL_DEPS)
 -AM_PATH_PYTHON
+ OLDLIBS="$LIBS"
+ m4_include([src/libev/libev.m4])
+ libev_LIBS="$LIBS"
+@@ -195,7 +195,8 @@
+ AC_SUBST(LIBWRAP_LIBS)
+ AC_SUBST(libev_LIBS)
 
- echo .
- echo Checking for programs
-@@ -124,7 +124,8 @@
- fi
- AM_CONDITIONAL(HAVE_PRELUDE, test x$have_prelude = xyes)
- 
-AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
+-AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
 +# SuSE: remove swig/Makefile + bindings/Makefile + bindings/python/Makefile
-+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
+AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
 
 echo .
 echo "
-
--- audit-1.6.8/Makefile.am.old	2008-02-29 22:25:06.872840000 +0100
-+++ audit-1.6.8/Makefile.am	2008-02-29 22:25:40.149532000 +0100
-@@ -21,7 +21,8 @@
+--- audit-1.7.7/Makefile.am.orig	2008-09-23 01:24:26.915901000 +0200
+++ audit-1.7.7/Makefile.am	2008-09-23 01:25:43.035708000 +0200
+@@ -21,8 +21,8 @@
 #   Rickard E. (Rik) Faith <faith@redhat.com>
 #
 
-SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d \
+-SUBDIRS = lib auparse src/mt src/libev src audisp tools swig bindings init.d \
+-	docs
 +# SuSE: remove swig + bindings
-+SUBDIRS = lib auparse src/mt src audisp tools init.d \
- 	docs
- EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \
+SUBDIRS = lib auparse src/mt src/libev src audisp tools init.d docs
+ EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \
 	contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \
+ 	contrib/stig.rules contrib/skeleton.c contrib/avc_snap \
+--- audit-1.7.7/auparse/Makefile.am.orig	2008-09-23 20:45:53.245409000 +0200
+++ audit-1.7.7/auparse/Makefile.am	2008-09-23 20:46:02.659985000 +0200
+@@ -20,7 +20,6 @@
+ #   Steve Grubb <sgrubb@redhat.com>
+ #
 
+-SUBDIRS = test
+ CLEANFILES = $(BUILT_SOURCES)
+ CONFIG_CLEAN_FILES = Makefile.in *.loT *.rej *.orig
+ AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g
--- a/audit-no_sca.patch
+++ b/audit-no_sca.patch
@ -4,26 +4,24 @@ Upsteam: never

 Disable system-config-audit.  A Yast equivalent would be useful though.

--- audit-1.6.8/configure.ac.old	2007-07-25 02:13:48.399097000 +0200
-+++ audit-1.6.8/configure.ac	2007-07-25 02:14:25.113347000 +0200
-@@ -108,7 +108,6 @@
- fi
- AM_CONDITIONAL(HAVE_PRELUDE, test x$have_prelude = xyes)
+--- audit-1.7.7/configure.ac.orig	2008-09-23 00:59:29.976782000 +0200
+++ audit-1.7.7/configure.ac	2008-09-23 01:19:31.984128000 +0200
+@@ -195,7 +195,6 @@
+ AC_SUBST(LIBWRAP_LIBS)
+ AC_SUBST(libev_LIBS)
 
 -AC_CONFIG_SUBDIRS([system-config-audit])
- AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
+ AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile audisp/plugins/zos-remote/policy/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile)
 
 echo .
-
--- audit-1.6.8/Makefile.am.old	2008-02-29 21:53:11.791067000 +0100
-+++ audit-1.6.8/Makefile.am	2008-02-29 21:53:24.682161000 +0100
+--- audit-1.7.7/Makefile.am.orig	2008-09-23 01:20:05.010072000 +0200
+++ audit-1.7.7/Makefile.am	2008-09-23 01:20:10.039036000 +0200
@@ -22,7 +22,7 @@
 #
 
- SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d \
+ SUBDIRS = lib auparse src/mt src/libev src audisp tools swig bindings init.d \
 -	docs system-config-audit
 +	docs
- EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \
+ EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \
 	contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \
- 	contrib/skeleton.c contrib/avc_snap contrib/avc_syslog \
-
+ 	contrib/stig.rules contrib/skeleton.c contrib/avc_snap \
--- a/audit-secondary.changes
+++ b/audit-secondary.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Sep 26 23:27:36 CEST 2008 - tonyj@suse.de
+
+- Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change
+  history)
+
 -------------------------------------------------------------------
 Fri Aug  1 17:12:46 CEST 2008 - ro@suse.de

--- a/audit-secondary.spec
+++ b/audit-secondary.spec
@ -1,5 +1,5 @@
 #
-# spec file for package audit-secondary (Version 1.7.4)
+# spec file for package audit-secondary (Version 1.7.7)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -25,8 +25,8 @@ BuildRequires:  audit audit-devel gcc-c++ openldap2-devel pkg-config python-deve
 Summary:        Python Bindings for libaudit
 License:        GPL v2 or later
 Group:          System/Monitoring
-Version:        1.7.4
-Release:        3
+Version:        1.7.7
+Release:        1
 Url:            http://people.redhat.com/sgrubb/audit/
 Source0:        audit-%{version}.tar.bz2
 Patch0:         audit-no_sca.patch
@ -108,6 +108,10 @@ make DESTDIR=$RPM_BUILD_ROOT/_tmp install -C docs
 # Clean up some unneeded library files
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_auparse.a
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_auparse.la
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.a
+rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.la
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py%{py_ver}.egg-info
 # Cleanup plugins
 # audispd-zos-remote uses ldap which is in /usr/lib so move to /usr/sbin
@ -120,6 +124,9 @@ mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man8/audispd-zos-remote.8 $RPM_BUILD_ROOT/%{_
 mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man5/zos-remote.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5
 rm -rf $RPM_BUILD_ROOT/_tmp

+%check
+make check
+
 %clean
 rm -rf $RPM_BUILD_ROOT

@ -143,6 +150,9 @@ rm -rf $RPM_BUILD_ROOT
 %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz

 %changelog
+* Sat Sep 27 2008 tonyj@suse.de
+- Update from 1.7.4 to 1.7.7 (see audit.changes for upstream change
+  history)
 * Fri Aug 01 2008 ro@suse.de
 - disable debuginfo for secondary specfile
 * Wed Jun 25 2008 tonyj@suse.de
--- a/audit.changes
+++ b/audit.changes
@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Fri Sep 26 23:27:59 CEST 2008 - tonyj@suse.de
+
+- Update from 1.7.4 to 1.7.7.  GSS support disabled for present
+- Redhat changelog for 1.7.5 - 1.7.7 follows:
+  * Wed Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.7-1
+  - Bug fixes for gss code in remote logging (DJ Delorie)
+  - Fix ausearch -i to keep the node field in the output
+  - ausyscall now does strstr match on syscall names
+  - Makefile cleanup (Philipp Hahn)
+  - Add watched syscall support to audisp-prelude
+  - Use the right define for tcp_wrappers in auditd
+  - Expose encoding API for fields being logged from user space
+  
+  * Wed Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.6-1
+  - Update event record list and aureport classifications (Yu Zhiguo/Peng Haitao)
+  - Add subject to audit daemon events (Chu Li)
+  - Fix parsing of acct & exe fields in user records (Peng Haitao)
+  - Make client error handling in audisp-remote robust (DJ Delorie)
+  - Add tcp_wrappers support for auditd
+  - Updated syscall tables for 2.6.27 kernel
+  - Add heartbeat exchange to remote logging protocol (DJ Delorie)
+  - Audit connect/disconnect of remote clients
+  - In ausearch, collect pid from AVC records (Peng Haitao)
+  - Add auparse_get_field_type function to describe field's contents
+  - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
+  
+  * Mon Aug 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.5-1
+  - Update system-config-audit to 0.4.8
+  - Whole lot of bug fixes - see ChangeLog for details
+  - Reimplement auditd main loop using libev
+  - Add TCP listener to auditd to receive remote events
+
 -------------------------------------------------------------------
 Tue Aug  5 03:13:56 CEST 2008 - tonyj@suse.de

--- a/audit.spec
+++ b/audit.spec
@ -1,5 +1,5 @@
 #
-# spec file for package audit (Version 1.7.4)
+# spec file for package audit (Version 1.7.7)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -19,10 +19,10 @@


 Name:           audit
-BuildRequires:  gcc-c++
+BuildRequires:  gcc-c++ tcpd-devel
 Summary:        User Space Tools for 2.6 Kernel Auditing
-Version:        1.7.4
-Release:        13
+Version:        1.7.7
+Release:        1
 License:        GPL v2 or later
 Group:          System/Monitoring
 Url:            http://people.redhat.com/sgrubb/audit/
@ -32,6 +32,7 @@ Source2:        auditd.sysconfig
 Patch0:         audit-no_sca.patch
 Patch1:         audit-no_python.patch
 Patch2:         audit-no_plugins.patch
+Patch3:         audit-no-gss.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       %{name}-libs = %{version}-%{release}
 PreReq:         %insserv_prereq %fillup_prereq
@ -84,12 +85,13 @@ Authors:
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 autoreconf -fi
 export CFLAGS="%{optflags} -fno-strict-aliasing"
 export CXXFLAGS="$CFLAGS"
-./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor
+./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --libexecdir=%{_prefix}/lib/%{name} --with-apparmor --with-libwrap
 pushd src/mt
 	make libaudit.h
 popd
@ -127,6 +129,9 @@ touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
 # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
 touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf

+%check
+make check
+
 %clean
 rm -rf $RPM_BUILD_ROOT

@ -168,7 +173,6 @@ fi
 %{_includedir}/auparse.h
 %{_includedir}/auparse-defs.h
 %{_mandir}/man3/*
-%{_mandir}/man5/ausearch-expression.5.gz

 %files
 %defattr(-,root,root,-)
@ -183,6 +187,7 @@ fi
 %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
 %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
 %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
+%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
 %attr(750,root,root) /sbin/auditctl
 %attr(750,root,root) /sbin/auditd
 %attr(755,root,root) /sbin/ausearch
@ -209,6 +214,34 @@ fi
 %attr(755,root,root) /usr/bin/ausyscall

 %changelog
+* Sat Sep 27 2008 tonyj@suse.de
+- Update from 1.7.4 to 1.7.7.  GSS support disabled for present
+- Redhat changelog for 1.7.5 - 1.7.7 follows:
+  * Wed Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.7-1
+  - Bug fixes for gss code in remote logging (DJ Delorie)
+  - Fix ausearch -i to keep the node field in the output
+  - ausyscall now does strstr match on syscall names
+  - Makefile cleanup (Philipp Hahn)
+  - Add watched syscall support to audisp-prelude
+  - Use the right define for tcp_wrappers in auditd
+  - Expose encoding API for fields being logged from user space
+  * Wed Sep 11 2008 Steve Grubb <sgrubb@redhat.com> 1.7.6-1
+  - Update event record list and aureport classifications (Yu Zhiguo/Peng Haitao)
+  - Add subject to audit daemon events (Chu Li)
+  - Fix parsing of acct & exe fields in user records (Peng Haitao)
+  - Make client error handling in audisp-remote robust (DJ Delorie)
+  - Add tcp_wrappers support for auditd
+  - Updated syscall tables for 2.6.27 kernel
+  - Add heartbeat exchange to remote logging protocol (DJ Delorie)
+  - Audit connect/disconnect of remote clients
+  - In ausearch, collect pid from AVC records (Peng Haitao)
+  - Add auparse_get_field_type function to describe field's contents
+  - Add GSS/Kerberos encryption to the remote protocol (DJ Delorie)
+  * Mon Aug 25 2008 Steve Grubb <sgrubb@redhat.com> 1.7.5-1
+  - Update system-config-audit to 0.4.8
+  - Whole lot of bug fixes - see ChangeLog for details
+  - Reimplement auditd main loop using libev
+  - Add TCP listener to auditd to receive remote events
 * Tue Aug 05 2008 tonyj@suse.de
 - Remove audit rules on audit stop (bnc#409093)
 * Wed Jun 25 2008 tonyj@suse.de