From a55063808749fed0a0d4dcb6f4df1d5733f8b2ace800cfa2b1474ea8c8379edc Mon Sep 17 00:00:00 2001 From: Tony Jones Date: Tue, 2 Sep 2014 23:07:21 +0000 Subject: [PATCH] Accepting request 247315 from home:jones_tony:branches:security OBS-URL: https://build.opensuse.org/request/show/247315 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=72 --- audit-2.3.6.tar.gz | 3 - audit-2.4.tar.gz | 3 + audit-add-ppc64le-mach-support.patch | 85 +++++++++++++++++++ audit-allow-manual-stop.patch | 4 +- audit-secondary.changes | 7 ++ audit-secondary.spec | 5 +- audit.changes | 40 +++++++++ audit.spec | 5 +- ...not-start-if-kernel-cmdline-disabled.patch | 20 ----- 9 files changed, 143 insertions(+), 29 deletions(-) delete mode 100644 audit-2.3.6.tar.gz create mode 100644 audit-2.4.tar.gz create mode 100644 audit-add-ppc64le-mach-support.patch delete mode 100644 auditd-donot-start-if-kernel-cmdline-disabled.patch diff --git a/audit-2.3.6.tar.gz b/audit-2.3.6.tar.gz deleted file mode 100644 index 43f1200..0000000 --- a/audit-2.3.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e4309bae77c5cc4b39684c0d951e7dd7502837a60405c95ebe27b5370d5e2545 -size 929688 diff --git a/audit-2.4.tar.gz b/audit-2.4.tar.gz new file mode 100644 index 0000000..234d5a2 --- /dev/null +++ b/audit-2.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6e5d39e7af9d00477ef60f824be8c93bd23a227869d6993ff36b7e7fa28fe99b +size 937809 diff --git a/audit-add-ppc64le-mach-support.patch b/audit-add-ppc64le-mach-support.patch new file mode 100644 index 0000000..b06f477 --- /dev/null +++ b/audit-add-ppc64le-mach-support.patch @@ -0,0 +1,85 @@ +From: Tony Jones +Subject: audit: add ppc64le mach support +References: bnc#891861 +Commit-id: https://fedorahosted.org/audit/changeset/1013 +Signed-off-by: Tony Jones + +--- + lib/libaudit.c | 5 +++++ + lib/libaudit.h | 6 +++++- + lib/lookup_table.c | 3 +++ + lib/machinetab.h | 1 + + 4 files changed, 14 insertions(+), 1 deletion(-) + +--- a/lib/machinetab.h ++++ b/lib/machinetab.h +@@ -27,6 +27,7 @@ _S(MACH_X86, "i686" ) + _S(MACH_86_64, "x86_64" ) + _S(MACH_IA64, "ia64" ) + _S(MACH_PPC64, "ppc64" ) ++_S(MACH_PPC64LE, "ppc64le") + _S(MACH_PPC, "ppc" ) + _S(MACH_S390X, "s390x" ) + _S(MACH_S390, "s390" ) +--- a/lib/lookup_table.c ++++ b/lib/lookup_table.c +@@ -70,6 +70,7 @@ static const struct int_transtab elftab[ + { MACH_86_64, AUDIT_ARCH_X86_64 }, + { MACH_IA64, AUDIT_ARCH_IA64 }, + { MACH_PPC64, AUDIT_ARCH_PPC64 }, ++ { MACH_PPC64LE, AUDIT_ARCH_PPC64LE}, + { MACH_PPC, AUDIT_ARCH_PPC }, + { MACH_S390X, AUDIT_ARCH_S390X }, + { MACH_S390, AUDIT_ARCH_S390 }, +@@ -123,6 +124,7 @@ int audit_name_to_syscall(const char *sc + found = ia64_syscall_s2i(sc, &res); + break; + case MACH_PPC64: ++ case MACH_PPC64LE: + case MACH_PPC: + found = ppc_syscall_s2i(sc, &res); + break; +@@ -169,6 +171,7 @@ const char *audit_syscall_to_name(int sc + case MACH_IA64: + return ia64_syscall_i2s(sc); + case MACH_PPC64: ++ case MACH_PPC64LE: + case MACH_PPC: + return ppc_syscall_i2s(sc); + case MACH_S390X: +--- a/lib/libaudit.c ++++ b/lib/libaudit.c +@@ -1128,6 +1128,11 @@ int audit_determine_machine(const char * + return -6; + break; + #endif ++ case MACH_PPC64LE: ++ if (bits != __AUDIT_ARCH_64BIT) ++ return -6; ++ break; ++ + case MACH_86_64: /* fallthrough */ + case MACH_PPC64: /* fallthrough */ + case MACH_S390X: /* fallthrough */ +--- a/lib/libaudit.h ++++ b/lib/libaudit.h +@@ -339,6 +339,9 @@ extern "C" { + #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) + #endif + ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif + + ////////////////////////////////////////////////////// + // This is an external ABI. Any changes in here will +@@ -418,7 +421,8 @@ typedef enum { + MACH_S390, + MACH_ALPHA, + MACH_ARM, +- MACH_AARCH64 ++ MACH_AARCH64, ++ MACH_PPC64LE + } machine_t; + + /* These are the valid audit failure tunable enum values */ diff --git a/audit-allow-manual-stop.patch b/audit-allow-manual-stop.patch index 21b18f3..8c0df75 100644 --- a/audit-allow-manual-stop.patch +++ b/audit-allow-manual-stop.patch @@ -14,10 +14,10 @@ SuSE since we lack the ability to use a custom stop/restart --- a/init.d/auditd.service +++ b/init.d/auditd.service @@ -4,7 +4,6 @@ DefaultDependencies=no - After=local-fs.target + After=local-fs.target systemd-tmpfiles-setup.service Conflicts=shutdown.target Before=sysinit.target shutdown.target -RefuseManualStop=yes + ConditionKernelCommandLine=!audit=0 [Service] - ExecStart=/sbin/auditd -n diff --git a/audit-secondary.changes b/audit-secondary.changes index 89270d6..375b6a0 100644 --- a/audit-secondary.changes +++ b/audit-secondary.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Sep 2 17:35:12 UTC 2014 - tonyj@suse.com + +- Update to version 2.4. See audit.spec (libaudit1) for upstream + changelog + Drop patch: auditd-donot-start-if-kernel-cmdline-disabled.patch + ------------------------------------------------------------------- Fri Aug 15 14:24:33 UTC 2014 - crrodriguez@opensuse.org diff --git a/audit-secondary.spec b/audit-secondary.spec index f5e6ac5..b2de148 100644 --- a/audit-secondary.spec +++ b/audit-secondary.spec @@ -30,7 +30,7 @@ BuildRequires: swig Summary: Secondary packages for audit License: GPL-2.0+ Group: System/Monitoring -Version: 2.3.6 +Version: 2.4 Release: 0 Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz @@ -39,7 +39,6 @@ Patch2: audit-no-gss.patch Patch3: audit-no_m4_dir.patch Patch4: audit-allow-manual-stop.patch Patch5: audit-ausearch-do-not-require-tclass.patch -Patch6: auditd-donot-start-if-kernel-cmdline-disabled.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: audit-devel = %{version} BuildRequires: autoconf >= 2.12 @@ -97,7 +96,6 @@ rm -rf audisp/plugins/prelude %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 %build autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" @@ -140,6 +138,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_auparse.la rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.a rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.la rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py%{py_ver}.egg-info +rm -f $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/audit.pc # cleanup files handled by audit.spec rm -rf $RPM_BUILD_ROOT/%{_includedir} rm -f $RPM_BUILD_ROOT/%{_libdir}/lib{audit,auparse}.* diff --git a/audit.changes b/audit.changes index 2d06b5f..204f39b 100644 --- a/audit.changes +++ b/audit.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Tue Sep 2 17:33:11 UTC 2014 - tonyj@suse.com + +- Update to version 2.4 + + Changelog 2.4 + - Optionally parse loginuids, (e)uids, & (e)gids in ausearch/report + - In auvirt, anomaly events don't have uuid (#1111448) + - Fix category handling in various records (#1120286) + - Fix ausearch handling of session id on 32 bit systems + - Set systemd startup to wait until systemd-tmpfiles-setup.service (#1097314) + - Interpret a0 of socketcall and ipccall syscalls + - Add pkgconfig file for libaudit + - Add go language bindings for limited use of libaudit + - Fix ausearch handling of exit code on 32 bit systems + - Fix bug in aureport string linked list handling + - Document week-ago time setting in ausearch/report man page + - Update tables for 3.16 kernel + - In aulast, on bad logins only record user_login proof and use it + - Add libaudit API for kernel features + - If audit=0 on kernel cmnd line, skip systemd activation (Cristian Rodríguez) + - Add checkpoint --start option to ausearch (Burn Alting) + - Fix arch matching in ausearch + - Add --loginuid-immutable option to auditctl + - Fix memory leak in auditd when log_format is set to NOLOG + - Update auditctl to display features in the status command + - Add ausearch_add_timestamp_item_ex() to auparse + + Changelog 2.3.7 + - Limit number of options in a rule in libaudit + - Auditctl cannot load rule with lots of syscalls (#1089713) + - In ausearch, fix checkpointing when inode is reused by new log (Burn Alting) + - Add PROCTITLE and FEATURE_CHANGE event types + +------------------------------------------------------------------- +Tue Sep 2 17:33:11 UTC 2014 - tonyj@suse.com + +- Add support for ppc64le (bnc#891861) + New patch: audit-add-ppc64le-mach-support.patch + ------------------------------------------------------------------- Tue Apr 15 00:50:50 UTC 2014 - tonyj@suse.com diff --git a/audit.spec b/audit.spec index c234d38..9e47614 100644 --- a/audit.spec +++ b/audit.spec @@ -20,13 +20,14 @@ Name: audit Summary: First part of auditing package License: GPL-2.0+ Group: System/Monitoring -Version: 2.3.6 +Version: 2.4 Release: 0 Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: baselibs.conf Source2: README-BEFORE-ADDING-PATCHES Patch1: audit-no_m4_dir.patch +Patch2: audit-add-ppc64le-mach-support.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf >= 2.12 BuildRequires: gcc-c++ @@ -76,6 +77,7 @@ libraries. %prep %setup -q -n %{name}-%{version} %patch1 -p1 +%patch2 -p1 %build autoreconf -fi @@ -137,5 +139,6 @@ install -m 0644 init.d/libaudit.conf $RPM_BUILD_ROOT/etc %{_includedir}/auparse.h %{_includedir}/auparse-defs.h %{_mandir}/man3/* +%{_libdir}/pkgconfig/audit.pc %changelog diff --git a/auditd-donot-start-if-kernel-cmdline-disabled.patch b/auditd-donot-start-if-kernel-cmdline-disabled.patch deleted file mode 100644 index 219209c..0000000 --- a/auditd-donot-start-if-kernel-cmdline-disabled.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Cristian Rodríguez -Subject: If the audit subsystem is disabled in the cmdline, do not start service -Date: Fri Aug 15 14:17:53 UTC 2014 -Upstream: Not yet , submitted Aug 14 2014 -Signed-Off-by: Cristian Rodríguez - -If the system is booted with audit=0 in the kernel command line -the service must not be started as the audit subsystem is permanently -disabled until next boot. - ---- audit-2.3.6.orig/init.d/auditd.service -+++ audit-2.3.6/init.d/auditd.service -@@ -4,6 +4,7 @@ DefaultDependencies=no - After=local-fs.target - Conflicts=shutdown.target - Before=sysinit.target shutdown.target -+ConditionKernelCommandLine=!audit=0 - - [Service] - ExecStart=/sbin/auditd -n