SHA256
1
0
forked from pool/audit
audit/audit-no-gss.patch
Enzo Matsumiya 0ee158a589 Accepting request 900434 from home:ematsumiya:branches:security
- Adjust spec files to support new version
- Include one fix for libev

- Update to version 3.0.2
- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
- Optionally interpret auid in auditctl -l
- Update some syscall argument interpretations
- In auditd, do not allow spaces in the hostname name format
- Big documentation cleanup (MIZUTA Takeshi)
- Update syscall table to the 5.12 kernel
- Update the auparse normalizer for new event types
- Fix compiler warnings in ids subsystem
- Block a couple signals from flush & reconfigure threads
- In auditd, don't wait on flush thread when exiting
- Output error message if the path of input files are too long ausearch/report

Included fixes from 3.0.1
- Update syscall table to the 5.11 kernel
- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
- Only enable periodic timers when listening on the network
- Upgrade libev to 4.33
- Add auparse_new_buffer function to auparse library
- Use the select libev backend unless aggregating events
- Add sudoers to some base audit rules
- Update the auparse normalizer for some new syscalls and event types

Included fixes from 3.0
- Generate checkpoint file even when no results are returned (Burn Alting)
- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
- Convert auparse_test to run with python3 (Tomáš Chvátal)
- Drop support for prelude
- Adjust backlog_wait_time in rules to the kernel default (#1482848)
- Remove ids key syntax checking of rules in auditctl
- Use SIGCONT to dump auditd internal state (#1504251)
- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
- Fix parsing of uid & success for ausearch
- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
- Hide lru symbols in auparse
- Add systemd process protections
- Fix aureport summary time range reporting
- Allow unlimited retries on startup for remote logging
- Add queue_depth to remote logging stats and increase default queue_depth size
- Fix segfault on shutdown
- Merge auditd and audispd code
- Close on execute init_pipe fd (#1587995)
- Breakout audisp syslog plugin to be standalone program
- Create a common internal library to reduce code
- Move all audispd config files under /etc/audit/
- Move audispd.conf settings into auditd.conf
- Add queue depth statistics to internal state dump report
- Add network statistics to internal state dump report
- SIGUSR now also restarts queue processing if its suspended
- Update lookup tables for the 4.18 kernel
- Add auparse_normalizer support for SOFTWARE_UPDATE event
- Add 30-ospp-v42.rules to meet new Common Criteria requirements
- Deprecate enable_krb and replace with transport config opt for remote logging
- Mark netlabel events as simple events so that get processed quicker
- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
- In aureport, fix segfault in file report
- Add auparse_normalizer support for labeled networking events
- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
- In ausearch/auparse, event aging is off by a second
- In ausearch/auparse, correct event ordering to process oldest first
- Migrate auparse python test to python3
- auparse_reset was not clearing everything it should
- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
- In ausearch/report, lightly parse selinux portion of USER_AVC events
- Add bpf syscall command argument interpretation to auparse
- In ausearch/report, limit record size when malformed
- Port af_unix plugin to libev
- In auditd, fix extract_type function for network originating events
- In auditd, calculate right size and location for network originating events
- Make legacy script wait for auditd to terminate (#1643567)
- Treat all network originating events as VER2 so dispatcher doesn't format it
- If an event has a node name make it VER2 so dispatcher doesnt format it
- In audisp-remote do an initial connection attempt (#1625156)
- In auditd, allow expression of space left as a percentage (#1650670)
- On PPC64LE systems, only allow 64 bit rules (#1462178)
- Make some parts of auditd state report optional based on config
- Update to libev-4.25
- Fix ausearch when checkpointing a single file (Burn Alting)
- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
- In ausearch, do not checkpt if stdin is input source
- In libev, remove __cold__ attribute for functions to allow proper hardening
- Add tests to configure.ac for openldap support
- Make systemd support files use /run rather than /var/run (Christian Hesse)
- Fix minor memory leak in auditd kerberos credentials code
- Allow exclude and user filter by executable name (Ondrej Mosnacek)
- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
- In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Add substitue functions for strndupa & rawmemchr
- Fix memleak in auparse caused by corrected event ordering
- Fix legacy reload script to reload audit rules when daemon is reloaded
- Support for unescaping in trusted messages (Dmitry Voronin)
- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
- In aureport, fix segfault for malformed USER_CMD events
- Add exe field to audit_log_user_command in libaudit
- In auditctl support filter on socket address families (Richard Guy Briggs)
- Deprecate support for Alpha & IA64 processors
- If space_left_action is rotate, allow it every time (#1718444)
- In auparse, drop standalone EOE events
- Add milliseconds column for ausearch extra time csv format
- Fix aureport first event reporting when no start given
- In audisp-remote, add new config item for startup connection errors
- Remove dependency on chkconfig
- Install rules to /usr/share/audit/sample-rules/
- Split up ospp rules to make SCAP scanning easier (#1746018)
- In audisp-syslog, support interpreting records (#1497279)
- Audit USER events now sends msg as name value pair
- Add support for AUDIT_BPF event
- Auditd should not process AUDIT_REPLACE events
- Update syscall tables to the 5.5 kernel
- Improve personality interpretation by using PERS_MASK
- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
- Change auparse python bindings to shared object (Issue #121)
- Add error messages for watch permissions
- If audit rules file doesn't exist log error message instead of info message
- Revise error message for unmatched options in auditctl
- In audisp-remote, fixup remote endpoint disappearin in ascii format
- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
- In auditctl, add support for sending a signal to auditd

- Remove audit-fno-common.patch: fixed in upstream
- Remove audit-python3.patch: fixed in upstream

old: security/audit
new: home:ematsumiya:branches:security/audit rev None
Index: audit-no-gss.patch
===================================================================
--- audit-no-gss.patch (revision 118)
+++ audit-no-gss.patch (revision 17)
@@ -11,11 +11,12 @@
 
 --- a/init.d/auditd.conf
 +++ b/init.d/auditd.conf
-@@ -30,7 +30,4 @@ tcp_listen_queue = 5
- tcp_max_per_addr = 1
+@@ -30,8 +30,6 @@ tcp_max_per_addr = 1
  ##tcp_client_ports = 1024-65535
  tcp_client_max_idle = 0
--enable_krb5 = no
+ transport = TCP
 -krb5_principal = auditd
 -##krb5_key_file = /etc/audit/audit.key
  distribute_network = no
+ q_depth = 400
+ overflow_action = SYSLOG
Index: audit-plugins-path.patch
===================================================================
--- audit-plugins-path.patch (revision 118)
+++ audit-plugins-path.patch (revision 17)
@@ -5,19 +5,8 @@
 Adjust location of plugins built by audit-secondary.  These should never have
 been in /sbin plus some (for SUSE) require lib dependancies on /usr/lib
 
---- audit-1.7.2/audisp/plugins/prelude/au-prelude.conf.orig	2008-04-23 11:56:11.946681000 +0200
-+++ audit-1.7.2/audisp/plugins/prelude/au-prelude.conf	2008-04-23 11:56:22.789827000 +0200
-@@ -5,7 +5,7 @@
- 
- active = no
- direction = out
--path = /sbin/audisp-prelude
-+path = /usr/sbin/audisp-prelude
- type = always
- #args =
- format = string
---- audit-1.7.2/audisp/plugins/remote/au-remote.conf.orig	2008-04-23 11:56:11.976660000 +0200
-+++ audit-1.7.2/audisp/plugins/remote/au-remote.conf	2008-04-23 11:56:30.958657000 +0200
+--- a/audisp/plugins/remote/au-remote.conf
++++ b/audisp/plugins/remote/au-remote.conf
 @@ -5,7 +5,7 @@
  
  active = no
@@ -27,8 +16,8 @@
  type = always
  #args =
  format = string
---- audit-1.7.2/audisp/plugins/zos-remote/audispd-zos-remote.conf.orig	2008-04-23 11:56:11.993637000 +0200
-+++ audit-1.7.2/audisp/plugins/zos-remote/audispd-zos-remote.conf	2008-04-23 11:56:40.533070000 +0200
+--- a/audisp/plugins/zos-remote/audispd-zos-remote.conf
++++ b/audisp/plugins/zos-remote/audispd-zos-remote.conf
 @@ -8,7 +8,7 @@
  
  active = no
@@ -36,5 +25,5 @@
 -path = /sbin/audispd-zos-remote
 +path = /usr/sbin/audispd-zos-remote
  type = always 
- args = /etc/audisp/zos-remote.conf
+ args = /etc/audit/zos-remote.conf
  format = string
Index: audit-secondary.changes
===================================================================
--- audit-secondary.changes (revision 118)
+++ audit-secondary.changes (revision 17)
@@ -1,4 +1,129 @@
 -------------------------------------------------------------------
+Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Update to version 3.0.2
+- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
+- Optionally interpret auid in auditctl -l
+- Update some syscall argument interpretations
+- In auditd, do not allow spaces in the hostname name format
+- Big documentation cleanup (MIZUTA Takeshi)
+- Update syscall table to the 5.12 kernel
+- Update the auparse normalizer for new event types
+- Fix compiler warnings in ids subsystem
+- Block a couple signals from flush & reconfigure threads
+- In auditd, don't wait on flush thread when exiting
+- Output error message if the path of input files are too long ausearch/report
+
+Included fixes from 3.0.1
+- Update syscall table to the 5.11 kernel
+- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
+- Only enable periodic timers when listening on the network
+- Upgrade libev to 4.33
+- Add auparse_new_buffer function to auparse library
+- Use the select libev backend unless aggregating events
+- Add sudoers to some base audit rules
+- Update the auparse normalizer for some new syscalls and event types
+
+Included fixes from 3.0
+- Generate checkpoint file even when no results are returned (Burn Alting)
+- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
+- Convert auparse_test to run with python3 (Tomáš Chvátal)
+- Drop support for prelude
+- Adjust backlog_wait_time in rules to the kernel default (#1482848)
+- Remove ids key syntax checking of rules in auditctl
+- Use SIGCONT to dump auditd internal state (#1504251)
+- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
+- Fix parsing of uid & success for ausearch
+- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
+- Hide lru symbols in auparse
+- Add systemd process protections
+- Fix aureport summary time range reporting
+- Allow unlimited retries on startup for remote logging
+- Add queue_depth to remote logging stats and increase default queue_depth size
+- Fix segfault on shutdown
+- Merge auditd and audispd code
+- Close on execute init_pipe fd (#1587995)
+- Breakout audisp syslog plugin to be standalone program
+- Create a common internal library to reduce code
+- Move all audispd config files under /etc/audit/
+- Move audispd.conf settings into auditd.conf
+- Add queue depth statistics to internal state dump report
+- Add network statistics to internal state dump report
+- SIGUSR now also restarts queue processing if its suspended
+- Update lookup tables for the 4.18 kernel
+- Add auparse_normalizer support for SOFTWARE_UPDATE event
+- Add 30-ospp-v42.rules to meet new Common Criteria requirements
+- Deprecate enable_krb and replace with transport config opt for remote logging
+- Mark netlabel events as simple events so that get processed quicker
+- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
+- In aureport, fix segfault in file report
+- Add auparse_normalizer support for labeled networking events
+- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
+- In ausearch/auparse, event aging is off by a second
+- In ausearch/auparse, correct event ordering to process oldest first
+- Migrate auparse python test to python3
+- auparse_reset was not clearing everything it should
+- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
+- In ausearch/report, lightly parse selinux portion of USER_AVC events
+- Add bpf syscall command argument interpretation to auparse
+- In ausearch/report, limit record size when malformed
+- Port af_unix plugin to libev
+- In auditd, fix extract_type function for network originating events
+- In auditd, calculate right size and location for network originating events
+- Make legacy script wait for auditd to terminate (#1643567)
+- Treat all network originating events as VER2 so dispatcher doesn't format it
+- If an event has a node name make it VER2 so dispatcher doesnt format it
+- In audisp-remote do an initial connection attempt (#1625156)
+- In auditd, allow expression of space left as a percentage (#1650670)
+- On PPC64LE systems, only allow 64 bit rules (#1462178)
+- Make some parts of auditd state report optional based on config
+- Update to libev-4.25
+- Fix ausearch when checkpointing a single file (Burn Alting)
+- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
+- In ausearch, do not checkpt if stdin is input source
+- In libev, remove __cold__ attribute for functions to allow proper hardening
+- Add tests to configure.ac for openldap support
+- Make systemd support files use /run rather than /var/run (Christian Hesse)
+- Fix minor memory leak in auditd kerberos credentials code
+- Allow exclude and user filter by executable name (Ondrej Mosnacek)
+- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
+- In ausearch/report fix --end to use midnight time instead of now (#1671338)
+- Add substitue functions for strndupa & rawmemchr
+- Fix memleak in auparse caused by corrected event ordering
+- Fix legacy reload script to reload audit rules when daemon is reloaded
+- Support for unescaping in trusted messages (Dmitry Voronin)
+- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
+- In aureport, fix segfault for malformed USER_CMD events
+- Add exe field to audit_log_user_command in libaudit
+- In auditctl support filter on socket address families (Richard Guy Briggs)
+- Deprecate support for Alpha & IA64 processors
+- If space_left_action is rotate, allow it every time (#1718444)
+- In auparse, drop standalone EOE events
+- Add milliseconds column for ausearch extra time csv format
+- Fix aureport first event reporting when no start given
+- In audisp-remote, add new config item for startup connection errors
+- Remove dependency on chkconfig
+- Install rules to /usr/share/audit/sample-rules/
+- Split up ospp rules to make SCAP scanning easier (#1746018)
+- In audisp-syslog, support interpreting records (#1497279)
+- Audit USER events now sends msg as name value pair
+- Add support for AUDIT_BPF event
+- Auditd should not process AUDIT_REPLACE events
+- Update syscall tables to the 5.5 kernel
+- Improve personality interpretation by using PERS_MASK
+- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
+- Change auparse python bindings to shared object (Issue #121)
+- Add error messages for watch permissions
+- If audit rules file doesn't exist log error message instead of info message
+- Revise error message for unmatched options in auditctl
+- In audisp-remote, fixup remote endpoint disappearin in ascii format
+- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
+- In auditctl, add support for sending a signal to auditd
+
+- Removes audit-fno-common.patch: fixed in upstream
+- Removes audit-python3.patch: fixed in upstream
+
+-------------------------------------------------------------------
 Mon Feb  1 18:13:18 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
 
 - Do not explicitly provide group(audit) in system-users-audit:
@@ -24,7 +149,7 @@
 -------------------------------------------------------------------
 Mon Jan 13 17:39:03 UTC 2020 - Tony Jones <tonyj@suse.com>
 
-- Update to version 2.6.5:
+- Update to version 2.8.5:
   * Fix segfault on shutdown
   * Fix hang on startup (#1587995)
   * Add sleep to script to dump state so file is ready when needed
Index: audit-secondary.spec
===================================================================
--- audit-secondary.spec (revision 118)
+++ audit-secondary.spec (revision 17)
@@ -22,7 +22,7 @@
 # The seperation is required to minimize unnecessary build cycles.
 %define 	_name audit
 Name:           audit-secondary
-Version:        2.8.5
+Version:        3.0.2
 Release:        0
 Summary:        Linux kernel audit subsystem utilities
 License:        GPL-2.0-or-later
@@ -34,9 +34,8 @@
 Patch2:         audit-no-gss.patch
 Patch3:         audit-allow-manual-stop.patch
 Patch4:         audit-ausearch-do-not-require-tclass.patch
-Patch5:         audit-python3.patch
-Patch6:         audit-fno-common.patch
-Patch7:         change-default-log_group.patch
+Patch5:         change-default-log_group.patch
+Patch6:         libev-werror.patch
 BuildRequires:  audit-devel = %{version}
 BuildRequires:  autoconf >= 2.12
 BuildRequires:  gcc-c++
@@ -55,6 +54,7 @@
 BuildRequires:  sysuser-tools
 BuildRequires:  tcpd-devel
 BuildRequires:  pkgconfig(libcap-ng)
+Provides:       bundled(libev) = 4.33
 
 %description
 The audit package contains the user space utilities for storing and
@@ -127,14 +127,13 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
-%patch7 -p1
 
 %if %{without python2} && %{with python3}
 # Fix python env call in tests if we only have Python3.
 # If both versions are present, python2 bindings are preferred by the tests and
 # unconditionally using /usr/bin/python3 breaks the tests
 # Probably the correct solution is to run the tests twice if both are present.
-sed -i -e 's:#!/usr/bin/env python:#!/usr/bin/python3:g' auparse/test/auparse_test.py
+perl -i -lpe 's{#!/usr/bin/env python\S+}{#!/usr/bin/python3}' auparse/test/auparse_test.py
 %endif
 
 %build
@@ -144,15 +143,18 @@
 export LDFLAGS="-Wl,-z,relro,-z,now"
 # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
 %configure \
+%ifarch aarch64
+	--with-aarch64 \
+%endif
 	--enable-systemd \
 	--libexecdir=%{_libexecdir}/%{_name} \
 	--with-apparmor \
 	--with-libwrap \
 	--with-libcap-ng=yes \
-%ifarch aarch64
-	--with-aarch64 \
-%endif
-	--disable-static
+	--disable-static \
+	%{?_with_python3} \
+	%{?_without_python}
+
 make %{?_smp_mflags}
 
 %sysusers_generate_pre %{SOURCE1} audit
@@ -197,7 +199,7 @@
 #USR-MERGE
 %if !0%{?usrmerged}
 mkdir %{buildroot}/sbin/
-for prog in auditctl auditd ausearch autrace audispd aureport augenrules; do
+for prog in auditctl auditd ausearch autrace aureport augenrules; do
   ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog
 done
 %endif
@@ -235,8 +237,7 @@
 
 %files -n audit
 %license COPYING
-%doc README ChangeLog rules/[0-9]* rules/README-rules init.d/auditd.cron
-%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
+%doc README ChangeLog rules init.d/auditd.cron
 %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
 %attr(644,root,root) %{_mandir}/man8/auditd.8.gz
 %attr(644,root,root) %{_mandir}/man8/aureport.8.gz
@@ -247,7 +248,6 @@
 %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
 %attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
 %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
-%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
 %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
 %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
 %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
@@ -256,7 +256,6 @@
 /sbin/auditd
 /sbin/ausearch
 /sbin/autrace
-/sbin/audispd
 /sbin/augenrules
 /sbin/aureport
 %endif
@@ -265,29 +264,28 @@
 %attr(755,root,root) %{_sbindir}/ausearch
 %attr(750,root,root) %{_sbindir}/autrace
 %attr(750,root,root) %{_sbindir}/augenrules
-%attr(750,root,root) %{_sbindir}/audispd
+%attr(750,root,root) %{_sbindir}/audisp-syslog
 %attr(755,root,root) %{_bindir}/aulast
 %attr(755,root,root) %{_bindir}/aulastlog
 %attr(755,root,root) %{_bindir}/ausyscall
 %attr(755,root,root) %{_sbindir}/aureport
 %attr(755,root,root) %{_bindir}/auvirt
 %dir %attr(750,root,root) %{_sysconfdir}/audit
-%attr(750,root,root) %dir %{_sysconfdir}/audisp
-%attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf
+%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/syslog.conf
 %ghost %{_sysconfdir}/auditd.conf
 %ghost %{_sysconfdir}/audit.rules
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf
 %dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
 %dir %attr(750,root,audit) %{_localstatedir}/log/audit
 %ghost %config(noreplace) %attr(640,root,audit) %{_localstatedir}/log/audit/audit.log
 %dir %attr(700,root,root) %{_localstatedir}/spool/audit
 %{_unitdir}/auditd.service
 %{_sbindir}/rcauditd
+%{_datadir}/audit/
 
 %files -n system-group-audit
 %{_sysusersdir}/system-group-audit.conf
@@ -301,23 +299,24 @@
 
 %if %{with python3}
 %files -n python3-audit
-%attr(755,root,root) %{python3_sitearch}/_audit.so
-%attr(755,root,root) %{python3_sitearch}/auparse.so
-%{python3_sitearch}/audit.py*
+%defattr(-,root,root,-)
+%attr(755,root,root) %{python3_sitearch}/*
 %endif
 
 %files -n audit-audispd-plugins
 %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
 %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
 %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
+%attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
-%attr(750,root,root) %dir %{_sysconfdir}/audisp
-%attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/zos-remote.conf
+%attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz
+%attr(750,root,root) %dir %{_sysconfdir}/audit
+%attr(750,root,root) %dir %{_sysconfdir}/audit/plugins.d
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/audispd-zos-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/zos-remote.conf
 %attr(750,root,root) %{_sbindir}/audisp-remote
 %attr(750,root,root) %{_sbindir}/audispd-zos-remote
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audisp-remote.conf
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/au-remote.conf
 
 %changelog
Index: audit.changes
===================================================================
--- audit.changes (revision 118)
+++ audit.changes (revision 17)
@@ -1,4 +1,129 @@
 -------------------------------------------------------------------
+Mon Jun 14 20:54:49 CEST 2021 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Update to version 3.0.2
+- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
+- Optionally interpret auid in auditctl -l
+- Update some syscall argument interpretations
+- In auditd, do not allow spaces in the hostname name format
+- Big documentation cleanup (MIZUTA Takeshi)
+- Update syscall table to the 5.12 kernel
+- Update the auparse normalizer for new event types
+- Fix compiler warnings in ids subsystem
+- Block a couple signals from flush & reconfigure threads
+- In auditd, don't wait on flush thread when exiting
+- Output error message if the path of input files are too long ausearch/report
+
+Included fixes from 3.0.1
+- Update syscall table to the 5.11 kernel
+- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
+- Only enable periodic timers when listening on the network
+- Upgrade libev to 4.33
+- Add auparse_new_buffer function to auparse library
+- Use the select libev backend unless aggregating events
+- Add sudoers to some base audit rules
+- Update the auparse normalizer for some new syscalls and event types
+
+Included fixes from 3.0
+- Generate checkpoint file even when no results are returned (Burn Alting)
+- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
+- Convert auparse_test to run with python3 (Tomáš Chvátal)
+- Drop support for prelude
+- Adjust backlog_wait_time in rules to the kernel default (#1482848)
+- Remove ids key syntax checking of rules in auditctl
+- Use SIGCONT to dump auditd internal state (#1504251)
+- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
+- Fix parsing of uid & success for ausearch
+- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
+- Hide lru symbols in auparse
+- Add systemd process protections
+- Fix aureport summary time range reporting
+- Allow unlimited retries on startup for remote logging
+- Add queue_depth to remote logging stats and increase default queue_depth size
+- Fix segfault on shutdown
+- Merge auditd and audispd code
+- Close on execute init_pipe fd (#1587995)
+- Breakout audisp syslog plugin to be standalone program
+- Create a common internal library to reduce code
+- Move all audispd config files under /etc/audit/
+- Move audispd.conf settings into auditd.conf
+- Add queue depth statistics to internal state dump report
+- Add network statistics to internal state dump report
+- SIGUSR now also restarts queue processing if its suspended
+- Update lookup tables for the 4.18 kernel
+- Add auparse_normalizer support for SOFTWARE_UPDATE event
+- Add 30-ospp-v42.rules to meet new Common Criteria requirements
+- Deprecate enable_krb and replace with transport config opt for remote logging
+- Mark netlabel events as simple events so that get processed quicker
+- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
+- In aureport, fix segfault in file report
+- Add auparse_normalizer support for labeled networking events
+- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
+- In ausearch/auparse, event aging is off by a second
+- In ausearch/auparse, correct event ordering to process oldest first
+- Migrate auparse python test to python3
+- auparse_reset was not clearing everything it should
+- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
+- In ausearch/report, lightly parse selinux portion of USER_AVC events
+- Add bpf syscall command argument interpretation to auparse
+- In ausearch/report, limit record size when malformed
+- Port af_unix plugin to libev
+- In auditd, fix extract_type function for network originating events
+- In auditd, calculate right size and location for network originating events
+- Make legacy script wait for auditd to terminate (#1643567)
+- Treat all network originating events as VER2 so dispatcher doesn't format it
+- If an event has a node name make it VER2 so dispatcher doesnt format it
+- In audisp-remote do an initial connection attempt (#1625156)
+- In auditd, allow expression of space left as a percentage (#1650670)
+- On PPC64LE systems, only allow 64 bit rules (#1462178)
+- Make some parts of auditd state report optional based on config
+- Update to libev-4.25
+- Fix ausearch when checkpointing a single file (Burn Alting)
+- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
+- In ausearch, do not checkpt if stdin is input source
+- In libev, remove __cold__ attribute for functions to allow proper hardening
+- Add tests to configure.ac for openldap support
+- Make systemd support files use /run rather than /var/run (Christian Hesse)
+- Fix minor memory leak in auditd kerberos credentials code
+- Allow exclude and user filter by executable name (Ondrej Mosnacek)
+- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
+- In ausearch/report fix --end to use midnight time instead of now (#1671338)
+- Add substitue functions for strndupa & rawmemchr
+- Fix memleak in auparse caused by corrected event ordering
+- Fix legacy reload script to reload audit rules when daemon is reloaded
+- Support for unescaping in trusted messages (Dmitry Voronin)
+- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
+- In aureport, fix segfault for malformed USER_CMD events
+- Add exe field to audit_log_user_command in libaudit
+- In auditctl support filter on socket address families (Richard Guy Briggs)
+- Deprecate support for Alpha & IA64 processors
+- If space_left_action is rotate, allow it every time (#1718444)
+- In auparse, drop standalone EOE events
+- Add milliseconds column for ausearch extra time csv format
+- Fix aureport first event reporting when no start given
+- In audisp-remote, add new config item for startup connection errors
+- Remove dependency on chkconfig
+- Install rules to /usr/share/audit/sample-rules/
+- Split up ospp rules to make SCAP scanning easier (#1746018)
+- In audisp-syslog, support interpreting records (#1497279)
+- Audit USER events now sends msg as name value pair
+- Add support for AUDIT_BPF event
+- Auditd should not process AUDIT_REPLACE events
+- Update syscall tables to the 5.5 kernel
+- Improve personality interpretation by using PERS_MASK
+- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
+- Change auparse python bindings to shared object (Issue #121)
+- Add error messages for watch permissions
+- If audit rules file doesn't exist log error message instead of info message
+- Revise error message for unmatched options in auditctl
+- In audisp-remote, fixup remote endpoint disappearin in ascii format
+- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
+- In auditctl, add support for sending a signal to auditd
+
+- Remove audit-fno-common.patch: fixed in upstream
+- Remove audit-python3.patch: fixed in upstream
+
+-------------------------------------------------------------------
 Wed Dec  2 11:49:28 UTC 2020 - Alexander Bergmann <abergmann@suse.com>
 
 - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) 
@@ -12,7 +137,7 @@
 -------------------------------------------------------------------
 Mon Jan 13 17:39:03 UTC 2020 - Tony Jones <tonyj@suse.com>
 
-- Update to version 2.6.5:
+- Update to version 2.8.5:
   * Fix segfault on shutdown
   * Fix hang on startup (#1587995)
   * Add sleep to script to dump state so file is ready when needed
Index: audit.spec
===================================================================
--- audit.spec (revision 118)
+++ audit.spec (revision 17)
@@ -17,7 +17,7 @@
 
 
 Name:           audit
-Version:        2.8.5
+Version:        3.0.2
 Release:        0
 Summary:        Linux kernel audit subsystem utilities
 License:        GPL-2.0-or-later
@@ -35,6 +35,7 @@
 BuildRequires:  tcpd-devel
 Requires:       libaudit1 = %{version}
 Requires:       libauparse0 = %{version}
+Provides:       bundled(libev) = 4.33
 
 %description
 The audit package contains the user space utilities for storing and
@@ -79,27 +80,30 @@
 
 %build
 autoreconf -fi
+cp INSTALL.tmp INSTALl
 export CFLAGS="%{optflags} -fno-strict-aliasing"
 export CXXFLAGS="$CFLAGS"
 export LDFLAGS="-Wl,-z,relro,-z,now"
 # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
 %configure \
+%ifarch aarch64
+	--with-aarch64 \
+%endif
 	--enable-systemd \
 	--libexecdir=%{_libexecdir}/%{name} \
 	--with-apparmor \
-	--with-libwrap \
-	--without-libcap-ng \
+	--with-libcap-ng=no \
 	--disable-static \
-	--without-python \
-%ifarch aarch64
-       --with-aarch64 \
-%endif
+	--with-python=no \
 	--disable-zos-remote
+
+make %{?_smp_mflags} -C common
 make %{?_smp_mflags} -C lib
 make %{?_smp_mflags} -C auparse
 make %{?_smp_mflags} -C docs
 
 %install
+%make_install -C common
 %make_install -C lib
 %make_install -C auparse
 %make_install -C docs
@@ -134,7 +138,7 @@
 %{_libdir}/libauparse.so.*
 
 %files -n audit-devel
-%doc contrib/skeleton.c contrib/plugin
+%doc contrib/plugin
 %{_libdir}/libaudit.so
 %{_libdir}/libauparse.so
 %{_includedir}/libaudit.h
Index: change-default-log_group.patch
===================================================================
--- change-default-log_group.patch (revision 118)
+++ change-default-log_group.patch (revision 17)
@@ -16,6 +16,6 @@
  log_file = /var/log/audit/audit.log
 -log_group = root
 +log_group = audit
- log_format = RAW
+ log_format = ENRICHED
  flush = INCREMENTAL_ASYNC
  freq = 50
Index: audit-3.0.2.tar.gz
===================================================================
Binary file audit-3.0.2.tar.gz (revision 17) added
Index: libev-werror.patch
===================================================================
--- libev-werror.patch (added)
+++ libev-werror.patch (revision 17)
@@ -0,0 +1,26 @@
+From: Jan Engelhardt <jengelh@inai.de>
+Date: 2021-06-02 16:18:03.256597842 +0200
+
+Cherry-pick http://cvs.schmorp.de/libev/ev_iouring.c?view=log&r1=1.25
+to fix some terrible code.
+
+[   50s] ev_iouring.c: In function 'iouring_sqe_submit':
+[   50s] ev_iouring.c:300:1: error: no return statement in function returning non-void [-Werror=return-type]
+
+---
+ src/libev/ev_iouring.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: audit-3.0.1/src/libev/ev_iouring.c
+===================================================================
+--- audit-3.0.1.orig/src/libev/ev_iouring.c
++++ audit-3.0.1/src/libev/ev_iouring.c
+@@ -287,7 +287,7 @@ iouring_sqe_get (EV_P)
+ }
+ 
+ inline_size
+-struct io_uring_sqe *
++void
+ iouring_sqe_submit (EV_P_ struct io_uring_sqe *sqe)
+ {
+   unsigned idx = sqe - EV_SQES;
Index: audit-2.8.5.tar.gz
===================================================================
Binary file audit-2.8.5.tar.gz (revision 118) deleted
Index: audit-fno-common.patch
===================================================================
--- audit-fno-common.patch (revision 118)
+++ audit-fno-common.patch (deleted)
@@ -1,24 +0,0 @@
-From: Tony Jones <tonyj@suse.de>
-Subject: Resolve errors when compiling with -fno-common
-Git-commmit: 017e6c6ab95df55f34e339d2139def83e5dada1f
-References: bsc#1160384
-Upsteam: pending
-
-Header definitios need to be external when building with -fno-common (which
-is default in GCC 10).
-
-Fixes: ff25054df7ed
-Signed-off-by: Tony Jones <tonyj@suse.de>
-
---- a/src/ausearch-common.h
-+++ b/src/ausearch-common.h
-@@ -50,7 +50,7 @@ extern pid_t event_pid;
- extern int event_exact_match;
- extern uid_t event_uid, event_euid, event_loginuid;
- extern const char *event_tuid, *event_teuid, *event_tauid;
--slist *event_node_list;
-+extern slist *event_node_list;
- extern const char *event_comm;
- extern const char *event_filename;
- extern const char *event_hostname;
-
Index: audit-python3.patch
===================================================================
--- audit-python3.patch (revision 118)
+++ audit-python3.patch (deleted)
@@ -1,292 +0,0 @@
-From: Tomas Chvatal <tchvatal@suse.com>
-Date: Wed Feb  7 09:26:35 UTC 2018
-Subject: Convert tests to run under python3
-References: https://github.com/linux-audit/audit-userspace/pull/39
-Patch-mainline: no; pending with maintainer
-
-Adjust auparse_test to run with python3 and python2
-
-Index: audit-2.8.1/auparse/test/auparse_test.py
-===================================================================
---- audit-2.8.1.orig/auparse/test/auparse_test.py
-+++ audit-2.8.1/auparse/test/auparse_test.py
-@@ -1,5 +1,7 @@
- #!/usr/bin/env python
- 
-+from __future__ import print_function
-+
- import os
- srcdir = os.getenv('srcdir')
- 
-@@ -30,29 +32,29 @@ def walk_test(au):
-     au.reset()
-     while True:
-         if not au.first_record():
--            print "Error getting first record"
-+            print("Error getting first record")
-             sys.exit(1)
- 
--        print "event %d has %d records" % (event_cnt, au.get_num_records())
-+        print("event %d has %d records" % (event_cnt, au.get_num_records()))
- 
-         record_cnt = 1
-         while True:
--            print "    record %d of type %d(%s) has %d fields" % \
-+            print("    record %d of type %d(%s) has %d fields" % \
-                   (record_cnt,
-                    au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
--                   au.get_num_fields())
--            print "    line=%d file=%s" % (au.get_line_number(), au.get_filename())
-+                   au.get_num_fields()))
-+            print("    line=%d file=%s" % (au.get_line_number(), au.get_filename()))
-             event = au.get_timestamp()
-             if event is None:
--                print "Error getting timestamp - aborting"
-+                print("Error getting timestamp - aborting")
-                 sys.exit(1)
- 
--            print "    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
-+            print("    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
-             au.first_field()
-             while True:
--                print "        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
-+                print("        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
-                 if not au.next_field(): break
--            print
-+            print("")
-             record_cnt += 1
-             if not au.next_record(): break
-         event_cnt += 1
-@@ -62,25 +64,25 @@ def walk_test(au):
- def light_test(au):
-     while True:
-         if not au.first_record():
--            print "Error getting first record"
-+            print("Error getting first record")
-             sys.exit(1)
- 
--        print "event has %d records" % (au.get_num_records())
-+        print("event has %d records" % (au.get_num_records()))
- 
-         record_cnt = 1
-         while True:
--            print "    record %d of type %d(%s) has %d fields" % \
-+            print("    record %d of type %d(%s) has %d fields" % \
-                   (record_cnt,
-                    au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
--                   au.get_num_fields())
--            print "    line=%d file=%s" % (au.get_line_number(), au.get_filename())
-+                   au.get_num_fields()))
-+            print("    line=%d file=%s" % (au.get_line_number(), au.get_filename()))
-             event = au.get_timestamp()
-             if event is None:
--                print "Error getting timestamp - aborting"
-+                print("Error getting timestamp - aborting")
-                 sys.exit(1)
- 
--            print "    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
--            print
-+            print("    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
-+            print("")
-             record_cnt += 1
-             if not au.next_record(): break
-         if not au.parse_next_event(): break
-@@ -97,9 +99,9 @@ def simple_search(au, source, where):
-     au.search_add_item("auid", "=", val, auparse.AUSEARCH_RULE_CLEAR)
-     au.search_set_stop(where)
-     if not au.search_next_event():
--        print "Error searching for auid"
-+        print("Error searching for auid")
-     else:
--        print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
-+        print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
- 
- def compound_search(au, how):
-     au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
-@@ -115,119 +117,119 @@ def compound_search(au, how):
- 
-     au.search_set_stop(auparse.AUSEARCH_STOP_FIELD)
-     if not au.search_next_event():
--        print "Error searching for auid"
-+        print("Error searching for auid")
-     else:
--        print "Found %s = %s" % (au.get_field_name(), au.get_field_str())
-+        print("Found %s = %s" % (au.get_field_name(), au.get_field_str()))
- 
- def feed_callback(au, cb_event_type, event_cnt):
-     if cb_event_type == auparse.AUPARSE_CB_EVENT_READY:
-         if not au.first_record():
--            print "Error getting first record"
-+            print("Error getting first record")
-             sys.exit(1)
- 
--        print "event %d has %d records" % (event_cnt[0], au.get_num_records())
-+        print("event %d has %d records" % (event_cnt[0], au.get_num_records()))
- 
-         record_cnt = 1
-         while True:
--            print "    record %d of type %d(%s) has %d fields" % \
-+            print("    record %d of type %d(%s) has %d fields" % \
-                   (record_cnt,
-                    au.get_type(), audit.audit_msg_type_to_name(au.get_type()),
--                   au.get_num_fields())
--            print "    line=%d file=%s" % (au.get_line_number(), au.get_filename())
-+                   au.get_num_fields()))
-+            print("    line=%d file=%s" % (au.get_line_number(), au.get_filename()))
-             event = au.get_timestamp()
-             if event is None:
--                print "Error getting timestamp - aborting"
-+                print("Error getting timestamp - aborting")
-                 sys.exit(1)
- 
--            print "    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host))
-+            print("    event time: %d.%d:%d, host=%s" % (event.sec, event.milli, event.serial, none_to_null(event.host)))
-             au.first_field()
-             while True:
--                print "        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field())
-+                print("        %s=%s (%s)" % (au.get_field_name(), au.get_field_str(), au.interpret_field()))
-                 if not au.next_field(): break
--            print
-+            print("")
-             record_cnt += 1
-             if not au.next_record(): break
-         event_cnt[0] += 1
- 
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
- 
--print "Starting Test 1, iterate..."
-+print("Starting Test 1, iterate...")
- while au.parse_next_event():
-     if au.find_field("auid"):
--        print "%s=%s" % (au.get_field_name(), au.get_field_str())
--        print "interp auid=%s" % (au.interpret_field())
-+        print("%s=%s" % (au.get_field_name(), au.get_field_str()))
-+        print("interp auid=%s" % (au.interpret_field()))
-     else:
--        print "Error iterating to auid"
--print "Test 1 Done\n"
-+        print("Error iterating to auid")
-+print("Test 1 Done\n")
- 
- # Reset, now lets go to beginning and walk the list manually */
--print "Starting Test 2, walk events, records, and fields..."
-+print("Starting Test 2, walk events, records, and fields...")
- au.reset()
- walk_test(au)
--print "Test 2 Done\n"
-+print("Test 2 Done\n")
- 
- # Reset, now lets go to beginning and walk the list manually */
--print "Starting Test 3, walk events, records of 1 buffer..."
-+print("Starting Test 3, walk events, records of 1 buffer...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER, buf[1])
- au.reset()
- light_test(au);
--print "Test 3 Done\n"
-+print("Test 3 Done\n")
- 
--print "Starting Test 4, walk events, records of 1 file..."
-+print("Starting Test 4, walk events, records of 1 file...")
- au = auparse.AuParser(auparse.AUSOURCE_FILE, srcdir + "/test.log");
- walk_test(au); 
--print "Test 4 Done\n"
-+print("Test 4 Done\n")
- 
--print "Starting Test 5, walk events, records of 2 files..."
-+print("Starting Test 5, walk events, records of 2 files...")
- au = auparse.AuParser(auparse.AUSOURCE_FILE_ARRAY, files);
- walk_test(au);
--print "Test 5 Done\n"
-+print("Test 5 Done\n")
- 
--print "Starting Test 6, search..."
-+print("Starting Test 6, search...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
- au.search_add_item("auid", "=", "500", auparse.AUSEARCH_RULE_CLEAR)
- au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
- if au.search_next_event():
--    print "Error search found something it shouldn't have"
-+    print("Error search found something it shouldn't have")
- else:
--    print "auid = 500 not found...which is correct"
-+    print("auid = 500 not found...which is correct")
- au.search_clear()
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
- #au.search_add_item("auid", "exists", None, auparse.AUSEARCH_RULE_CLEAR)
- au.search_add_item("auid", "exists", "", auparse.AUSEARCH_RULE_CLEAR)
- au.search_set_stop(auparse.AUSEARCH_STOP_EVENT)
- if not au.search_next_event():
--    print "Error searching for existence of auid"
--print "auid exists...which is correct"
--print "Testing BUFFER_ARRAY, stop on field"
-+    print("Error searching for existence of auid")
-+print("auid exists...which is correct")
-+print("Testing BUFFER_ARRAY, stop on field")
- simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_FIELD)
--print "Testing BUFFER_ARRAY, stop on record"
-+print("Testing BUFFER_ARRAY, stop on record")
- simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_RECORD)
--print "Testing BUFFER_ARRAY, stop on event"
-+print("Testing BUFFER_ARRAY, stop on event")
- simple_search(au, auparse.AUSOURCE_BUFFER_ARRAY, auparse.AUSEARCH_STOP_EVENT)
--print "Testing test.log, stop on field"
-+print("Testing test.log, stop on field")
- simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_FIELD)
--print "Testing test.log, stop on record"
-+print("Testing test.log, stop on record")
- simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_RECORD)
--print "Testing test.log, stop on event"
-+print("Testing test.log, stop on event")
- simple_search(au, auparse.AUSOURCE_FILE, auparse.AUSEARCH_STOP_EVENT)
--print "Test 6 Done\n"
-+print("Test 6 Done\n")
- 
--print "Starting Test 7, compound search..."
-+print("Starting Test 7, compound search...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
- compound_search(au, auparse.AUSEARCH_RULE_AND)
- compound_search(au, auparse.AUSEARCH_RULE_OR)
--print "Test 7 Done\n"
-+print("Test 7 Done\n")
- 
--print "Starting Test 8, regex search..."
-+print("Starting Test 8, regex search...")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
--print "Doing regex match...\n"
-+print("Doing regex match...\n")
- au = auparse.AuParser(auparse.AUSOURCE_BUFFER_ARRAY, buf)
--print "Test 8 Done\n"
-+print("Test 8 Done\n")
- 
- # Note: this should match Test 2 exactly
- # Note: this should match Test 2 exactly
--print "Starting Test 9, buffer feed..."
-+print("Starting Test 9, buffer feed...")
- au = auparse.AuParser(auparse.AUSOURCE_FEED);
- event_cnt = 1
- au.add_callback(feed_callback, [event_cnt])
-@@ -241,10 +243,10 @@ for s in buf:
-         beg += chunk_len
-         au.feed(data)
- au.flush_feed()
--print "Test 9 Done\n"
-+print("Test 9 Done\n")
- 
- # Note: this should match Test 4 exactly
--print "Starting Test 10, file feed..."
-+print("Starting Test 10, file feed...")
- au = auparse.AuParser(auparse.AUSOURCE_FEED);
- event_cnt = 1
- au.add_callback(feed_callback, [event_cnt])
-@@ -254,9 +256,9 @@ while True:
-     if not data: break
-     au.feed(data)
- au.flush_feed()
--print "Test 10 Done\n"
-+print("Test 10 Done\n")
- 
--print "Finished non-admin tests\n"
-+print("Finished non-admin tests\n")
- 
- au = None
- sys.exit(0)

OBS-URL: https://build.opensuse.org/request/show/900434
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=119
2021-06-16 17:16:06 +00:00

23 lines
569 B
Diff

From: Tony Jones <tonyj@suse.de>
Subject: Disable GSS options from config file
Upsteam: never
Disable GSS/Kerberos options from config file. They are disabled from configure
but need manual removal here.
---
init.d/auditd.conf | 3 ---
1 file changed, 3 deletions(-)
--- a/init.d/auditd.conf
+++ b/init.d/auditd.conf
@@ -30,8 +30,6 @@ tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
transport = TCP
-krb5_principal = auditd
-##krb5_key_file = /etc/audit/audit.key
distribute_network = no
q_depth = 400
overflow_action = SYSLOG