From 4cd295e351c2c3036381d104df2b3a507f3f8cb84a7b4499aab067feeeaaa712 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 5 May 2010 18:41:23 +0000 Subject: [PATCH] Accepting request 39398 from security checked in (request 39398) OBS-URL: https://build.opensuse.org/request/show/39398 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=11 --- audit-1.7.13.tar.bz2 | 3 ++ audit-2.0.4.tar.bz2 | 3 -- audit-no-gss.patch | 2 +- audit-no_plugins.patch | 20 ++++++------ audit-no_python.patch | 22 ++++++++----- audit-no_sca.patch | 27 ++++++++++++++++ audit-secondary.changes | 6 ---- audit-secondary.spec | 27 +++++++--------- audit.changes | 60 ++++------------------------------ audit.spec | 71 +++++++++++++++++------------------------ 10 files changed, 104 insertions(+), 137 deletions(-) create mode 100644 audit-1.7.13.tar.bz2 delete mode 100644 audit-2.0.4.tar.bz2 create mode 100644 audit-no_sca.patch diff --git a/audit-1.7.13.tar.bz2 b/audit-1.7.13.tar.bz2 new file mode 100644 index 0000000..e4f21e8 --- /dev/null +++ b/audit-1.7.13.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:053ebd92c6b8c1dac67f6cde59073798eb365c97bb73281b18b09b1b8bee5682 +size 905282 diff --git a/audit-2.0.4.tar.bz2 b/audit-2.0.4.tar.bz2 deleted file mode 100644 index f88e68b..0000000 --- a/audit-2.0.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:606e3802f022e11791edb40cd93a1d1708c5fc40db56a2bbbba5fa6e61298a95 -size 617863 diff --git a/audit-no-gss.patch b/audit-no-gss.patch index 527b7dd..f5e28d8 100644 --- a/audit-no-gss.patch +++ b/audit-no-gss.patch @@ -8,7 +8,7 @@ but need manual removal here. --- audit-1.7.7/init.d/auditd.conf.orig 2008-09-26 02:40:48.458847000 +0200 +++ audit-1.7.7/init.d/auditd.conf 2008-09-26 02:41:13.600681000 +0200 @@ -26,6 +26,3 @@ - tcp_max_per_addr = 1 + tcp_listen_queue = 5 ##tcp_client_ports = 1024-65535 tcp_client_max_idle = 0 -enable_krb5 = no diff --git a/audit-no_plugins.patch b/audit-no_plugins.patch index 6a16152..1756242 100644 --- a/audit-no_plugins.patch +++ b/audit-no_plugins.patch @@ -5,8 +5,10 @@ Upsteam: never Non builtin plugins is build as part of phase2 by audit-secondary.spec. Conf files for builtins are still installed ---- audit-1.7.2/audisp/plugins/Makefile.am.orig 2008-04-22 17:20:29.022441000 +0200 -+++ audit-1.7.2/audisp/plugins/Makefile.am 2008-04-22 17:20:36.657804000 +0200 +Index: audit-1.7.13/audisp/plugins/Makefile.am +=================================================================== +--- audit-1.7.13.orig/audisp/plugins/Makefile.am ++++ audit-1.7.13/audisp/plugins/Makefile.am @@ -22,7 +22,7 @@ CONFIG_CLEAN_FILES = *.loT *.rej *.orig @@ -16,14 +18,14 @@ Conf files for builtins are still installed #SUBDIRS = builtins zos-remote if HAVE_PRELUDE SUBDIRS += prelude - ---- audit-1.7.2/docs/Makefile.am.orig 2008-04-22 17:21:45.409978000 +0200 -+++ audit-1.7.2/docs/Makefile.am 2008-04-22 17:21:59.923451000 +0200 -@@ -49,6 +49,5 @@ +Index: audit-1.7.13/docs/Makefile.am +=================================================================== +--- audit-1.7.13.orig/docs/Makefile.am ++++ audit-1.7.13/docs/Makefile.am +@@ -52,5 +52,5 @@ ausearch_add_expression.3 ausearch_add_t ausearch_clear.3 \ ausearch_next_event.3 ausearch_set_stop.3 \ autrace.8 get_auditfail_action.3 set_aumessage_mode.3 \ --audispd.8 audispd.conf.5 audispd-zos-remote.8 libaudit.conf.5 \ --zos-remote.conf.5 -+audispd.8 audispd.conf.5 libaudit.conf.5 +-audispd.8 audispd.conf.5 audispd-zos-remote.8 zos-remote.conf.5 ++audispd.8 audispd.conf.5 diff --git a/audit-no_python.patch b/audit-no_python.patch index 2a9bf29..b325291 100644 --- a/audit-no_python.patch +++ b/audit-no_python.patch @@ -6,9 +6,11 @@ Python code is disabled for audit.spec. Built manually by audit-libs-python.spe This is apparantly necessary due to the SuSE build system. Bit of a PITA but there you have it. ---- audit-1.7.7/configure.ac.orig 2008-09-23 01:24:06.345492000 +0200 -+++ audit-1.7.7/configure.ac 2008-09-23 01:25:15.325453000 +0200 -@@ -39,7 +39,6 @@ +Index: audit-1.7.13/configure.ac +=================================================================== +--- audit-1.7.13.orig/configure.ac ++++ audit-1.7.13/configure.ac +@@ -39,7 +39,6 @@ AC_CANONICAL_TARGET AM_INIT_AUTOMAKE AM_PROG_LIBTOOL AC_SUBST(LIBTOOL_DEPS) @@ -16,7 +18,7 @@ there you have it. OLDLIBS="$LIBS" m4_include([src/libev/libev.m4]) libev_LIBS="$LIBS" -@@ -195,7 +195,8 @@ +@@ -202,7 +201,8 @@ AC_SUBST(libev_LIBS) AC_SUBST(LIBPRELUDE_CFLAGS) AC_SUBST(LIBPRELUDE_LDFLAGS) @@ -26,8 +28,10 @@ there you have it. echo . echo " ---- audit-1.7.7/Makefile.am.orig 2008-09-23 01:24:26.915901000 +0200 -+++ audit-1.7.7/Makefile.am 2008-09-23 01:25:43.035708000 +0200 +Index: audit-1.7.13/Makefile.am +=================================================================== +--- audit-1.7.13.orig/Makefile.am ++++ audit-1.7.13/Makefile.am @@ -21,8 +21,8 @@ # Rickard E. (Rik) Faith # @@ -39,8 +43,10 @@ there you have it. EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \ contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \ contrib/stig.rules contrib/skeleton.c contrib/avc_snap \ ---- audit-1.7.7/auparse/Makefile.am.orig 2008-09-23 20:45:53.245409000 +0200 -+++ audit-1.7.7/auparse/Makefile.am 2008-09-23 20:46:02.659985000 +0200 +Index: audit-1.7.13/auparse/Makefile.am +=================================================================== +--- audit-1.7.13.orig/auparse/Makefile.am ++++ audit-1.7.13/auparse/Makefile.am @@ -20,7 +20,6 @@ # Steve Grubb # diff --git a/audit-no_sca.patch b/audit-no_sca.patch new file mode 100644 index 0000000..295cabf --- /dev/null +++ b/audit-no_sca.patch @@ -0,0 +1,27 @@ +From: Tony Jones +Subject: Disable system-config-audit +Upsteam: never + +Disable system-config-audit. A Yast equivalent would be useful though. + +--- audit-1.7.7/configure.ac.orig 2008-09-23 00:59:29.976782000 +0200 ++++ audit-1.7.7/configure.ac 2008-09-23 01:19:31.984128000 +0200 +@@ -195,7 +195,6 @@ + AC_SUBST(LIBPRELUDE_CFLAGS) + AC_SUBST(LIBPRELUDE_LDFLAGS) + +-AC_CONFIG_SUBDIRS([system-config-audit]) + AC_OUTPUT(Makefile lib/Makefile lib/test/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile src/libev/Makefile src/test/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile audisp/plugins/Makefile audisp/plugins/builtins/Makefile audisp/plugins/prelude/Makefile audisp/plugins/remote/Makefile audisp/plugins/zos-remote/Makefile bindings/Makefile bindings/python/Makefile tools/Makefile tools/aulast/Makefile tools/aulastlog/Makefile tools/ausyscall/Makefile) + + echo . +--- audit-1.7.7/Makefile.am.orig 2008-09-23 01:20:05.010072000 +0200 ++++ audit-1.7.7/Makefile.am 2008-09-23 01:20:10.039036000 +0200 +@@ -22,7 +22,7 @@ + # + + SUBDIRS = lib auparse src/mt src/libev src audisp tools swig bindings init.d \ +- docs system-config-audit ++ docs + EXTRA_DIST = ChangeLog AUTHORS NEWS README INSTALL audit.spec \ + contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \ + contrib/stig.rules contrib/skeleton.c contrib/avc_snap \ diff --git a/audit-secondary.changes b/audit-secondary.changes index c05ce06..1ec9d6d 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Tue May 4 10:51:33 CEST 2010 - tonyj@suse.de - -- Upgrade to version 2.0.4 (see audit.changes for upstream change - history) - ------------------------------------------------------------------- Sat Jun 20 12:33:00 CEST 2009 - cmorve69@yahoo.es diff --git a/audit-secondary.spec b/audit-secondary.spec index f3cb88d..ced8996 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -1,5 +1,5 @@ # -# spec file for package audit-secondary (Version 2.0.4) +# spec file for package audit-secondary (Version 1.7.13) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,23 +18,24 @@ # norootforbuild # nodebuginfo -%define _name audit Name: audit-secondary -BuildRequires: gcc-c++ openldap2-devel pkg-config python-devel swig +%define _name audit +BuildRequires: audit audit-devel gcc-c++ openldap2-devel pkg-config python-devel swig Summary: Python Bindings for libaudit License: GPLv2+ Group: System/Monitoring -Version: 2.0.4 -Release: 1 +Version: 1.7.13 +Release: 5 Url: http://people.redhat.com/sgrubb/audit/ Source0: audit-%{version}.tar.bz2 +Patch0: audit-no_sca.patch Patch1: audit-plugins-path.patch Patch2: audit-as_needed.patch -Requires: audit = %{version} +Requires: audit = %{version}-%{release} +Requires: audit-libs = %{version}-%{release} BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq -BuildRequires: audit-devel = %{version} %description The audit-libs-python package contains the bindings for using libaudit @@ -83,7 +84,8 @@ Authors: rm -rf audisp/plugins/zos-remote/policy # we don't build prelude rm -rf audisp/plugins/prelude -%setup -q -n %{_name}-%{version} +%setup -q -n audit-%{version} +%patch0 -p1 %patch1 -p1 %patch2 @@ -91,11 +93,8 @@ rm -rf audisp/plugins/prelude autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" -%configure --sbindir=/sbin \ - --libdir=/%{_lib} --libexecdir=%{_prefix}/lib/%{name} \ - --with-apparmor \ - --disable-static --with-pic -%{__make} %{?jobs:-j%jobs} +./configure --prefix=%{_prefix} --sbindir=/sbin --mandir=%{_mandir} --libdir=/%{_lib} --sysconfdir=/etc --with-apparmor +make %install mkdir -p $RPM_BUILD_ROOT/usr/sbin @@ -140,8 +139,6 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz -%attr(750,root,root) %dir /etc/audisp -%attr(750,root,root) %dir /etc/audisp/plugins.d %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf %config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf %attr(750,root,root) /usr/sbin/audispd-zos-remote diff --git a/audit.changes b/audit.changes index 9a17ac1..fc4b4fd 100644 --- a/audit.changes +++ b/audit.changes @@ -1,60 +1,12 @@ ------------------------------------------------------------------- -Tue May 4 10:51:58 CEST 2010 - tonyj@suse.de +Sun Dec 13 15:39:09 CET 2009 - jengelh@medozas.de -- Update to version 2.0.4. This is a major version update, - libaudit.so has changed version. There is no backward compatibility. - audit-libs has been split into libaudit1 and libauparse0. +- add baselibs.conf as a source -- Redhat changelog for 2.0 - 2.0.4 follows: - * 2.0.4 - - Make alpha processor support optional - - Add support for the arm eabi processor - - add a compatible regexp processing capability to auparse (Miloslav Trmač) - - Fix regression in parsing user space originating records in aureport - - Add tcp_max_per_addr option in auditd.conf to limit concurrent connections - - Rearrange shutdown of auditd to allow DAEMON_END event more time - - * 2.0.3 - - In auditd, tell libev to stop processing a connection when idle timeout - - In auditd, tell libev to stop processing a connection when shutting down - - Interpret CAPSET records in ausearch/auparse - - * 2.0.2 - - If audisp-remote plugin has a queue at exit, use non-zero exit code - - Fix autrace to use the exit filter - - In audisp-remote, add a sigchld handler - - In auditd, check for duplicate remote connections before accepting - - Remove trailing ':' if any are at the end of acct fields in ausearch - - Update remote logging code to do better sanity check of data - - Fix audisp-prelude to prefer files if multiple path records are encountered - - Add libaudit.conf man page - - In auditd, disconnect idle clients - - * 2.0.1 - - Aulast now reads daemon_start events for the kernel version of reboot - - Clarify the man pages for ausearch/report regarding locale and date formats - - Fix getloginuid for python bindings - - Disable the audispd af_unix plugin by default - - Add a couple new init script actions for LSB 3.2 - - In audisp-remote plugin, timeout network reads (#514090) - - Make some error logging in audisp-remote plugin more prominent - - Add audit.rules man page - - Interpret the session field in audit events - - * 2.0 - - Remove system-config-audit - - Get rid of () from userspace originating events - - Removed old syscall rules API - not needed since 2.6.16 - - Remove all use of the old rule structs from API - - Fix uninitialized variable in auditd log rotation - - Add libcap-ng support for audispd plugins - - Removed ancient defines that are part of kernel 2.6.29 headers - - Bump soname number for libaudit - - In auditctl, deprecate the entry filter and move rules to exit filter - - Parse integrity audit records in ausearch/report (Mimi Zohar) - - Updated syscall table for 2.6.31 kernel - - Remove support for the legacy negate syscall rule operator - - In auditd reset syslog warnings if disk space becomes available +------------------------------------------------------------------- +Tue Nov 3 19:11:33 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 ------------------------------------------------------------------- Mon Sep 28 16:23:29 CEST 2009 - crrodriguez@suse.de diff --git a/audit.spec b/audit.spec index 7f72cf7..d6f6840 100644 --- a/audit.spec +++ b/audit.spec @@ -1,7 +1,7 @@ # -# spec file for package audit (Version 2.0.4) +# spec file for package audit (Version 1.7.13) # -# Copyright (c) 2.0.49 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,24 +17,26 @@ # norootforbuild + Name: audit BuildRequires: gcc-c++ tcpd-devel -BuildRequires: kernel-headers >= 2.6.29 Summary: User Space Tools for 2.6 Kernel Auditing -Version: 2.0.4 -Release: 1 +Version: 1.7.13 +Release: 5 License: GPLv2+ Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: %{name}-%{version}.tar.bz2 Source1: auditd.init Source2: auditd.sysconfig +Source3: baselibs.conf +Patch0: audit-no_sca.patch Patch1: audit-no_python.patch Patch2: audit-no_plugins.patch Patch3: audit-no-gss.patch Patch4: audit-as_needed.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires: %{name}-libs = %{version} +Requires: %{name}-libs = %{version}-%{release} PreReq: %insserv_prereq %fillup_prereq %description @@ -42,57 +44,52 @@ The audit package contains the user space utilities for storing and processing the audit records generated by the audit subsystem in the Linux 2.6 kernel. + + Authors: -------- Steve Grubb -%package -n libaudit1 +%package libs Summary: Dynamic library for libaudit License: GPLv2+ Group: System/Monitoring -Obsoletes: %{name}-libs < 2.0.4 -Provides: %{name}-libs = %{version} +# bug437293 +%ifarch ppc64 +Obsoletes: audit-libs-64bit +%endif +# -%description -n libaudit1 -The libaudit package contains the dynamic libraries needed for +%description libs +The audit-libs package contains the dynamic libraries needed for applications to use the audit framework. -Authors: --------- - Steve Grubb -%package -n libauparse0 -Summary: Dynamic library for libauparse -License: GPLv2+ -Group: System/Monitoring - -%description -n libauparse0 -The libauparse package contains the dynamic libraries needed to -parse audit records. Authors: -------- Steve Grubb - %package devel Summary: Header files and static library for libaudit License: LGPLv2.1+ Group: Development/Libraries/C and C++ -Requires: libaudit1 = %{version} -Requires: libauparse0 = %{version} +Requires: %{name}-libs = %{version} glibc-devel %description devel The audit-devel package contains the static libraries and header files needed for developing applications that need to use the audit framework libraries. + + Authors: -------- Steve Grubb %prep %setup -q +%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 @@ -104,9 +101,9 @@ export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch %configure --sbindir=/sbin \ - --libdir=/%{_lib} --libexecdir=%{_prefix}/lib/%{name} \ - --with-apparmor --with-libwrap --with-libcap-ng=yes \ - --disable-static --with-pic + --libdir=/%{_lib} --libexecdir=%{_prefix}/lib/%{name} \ + --with-apparmor --with-libwrap \ + --disable-static --with-pic %{__make} %{?jobs:-j%jobs} %install @@ -119,12 +116,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_includedir} mkdir -p $RPM_BUILD_ROOT/%{_libdir} # We manually install this since Makefile doesn't install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir} - for libname in libaudit libauparse;do %{__ln_s} -v /%{_lib}/$(readlink %{buildroot}/%{_lib}/$libname.so) %{buildroot}%{_libdir}/$libname.so %{__rm} -v %{buildroot}/%{_lib}/$libname.{so,la} done - mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd # delete redhat script, use ours @@ -140,17 +135,16 @@ touch $RPM_BUILD_ROOT/var/log/audit/audit.log touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules} # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf + %check make check %clean rm -rf $RPM_BUILD_ROOT -%post -n libaudit1 -p /sbin/ldconfig -%post -n libauparse0 -p /sbin/ldconfig +%post libs -p /sbin/ldconfig -%postun -n libaudit1 -p /sbin/ldconfig -%postun -n libauparse0 -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig %post %{fillup_and_insserv -yn auditd auditd} @@ -171,15 +165,11 @@ fi %restart_on_update auditd %{insserv_cleanup} -%files -n libaudit1 +%files libs %defattr(-,root,root) /%{_lib}/libaudit.* -%config(noreplace) %attr(640,root,root) /etc/libaudit.conf -%{_mandir}/man5/libaudit.conf.5* - -%files -n libauparse0 -%defattr(-,root,root) /%{_lib}/libauparse.* +%config(noreplace) %attr(640,root,root) /etc/libaudit.conf %files devel %defattr(-,root,root) @@ -203,7 +193,6 @@ fi %attr(644,root,root) %{_mandir}/man8/aulast.8.gz %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz -%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz