testing/audit
SHA256
7
0
Fork 0
forked from pool/audit
Code Pull Requests Activity

Factory #1

Merged
dgarcia merged 10 commits from factory into main 2025-10-08 12:55:08 +02:00
Conversation 0 Commits 10 Files Changed 15 +560 -244
dgarcia commented 2025-10-06 14:26:09 +02:00
Owner
Copy Link
No description provided.
dgarcia added 10 commits 2025-10-06 14:26:09 +02:00
- Update to 4.0 42402f11b7 
* Includes fixes since v3.1.1
  * Enhance support for newer (5.0+) kernels
- Update spec:
  * Move rules-related files into new subpackage `audit-rules':
    * Files moved:
	- /sbin/auditctl, /sbin/augenrules,
	  /etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules}
	- manpages for auditctl, augenrules, and audit.rules
	- /etc/audit is now owned by `audit-rules' as well
    * Add new file /usr/lib/systemd/system/audit-rules.service
    * Remove in-house create-augenrules-service.patch that generated
      augenrules.service systemd unit service
    * Remove ownership of /usr/share/audit
    * Create /usr/share/audit-rules directory on %install
  * Remove audit-userspace-517-compat.patch (fixed upstream)
  * Remove libev-werror.patch (fixed upstream)
  * Remove audit-allow-manual-stop.patch (fixed upstream)
  * Add fix-auparse-test.patch (downstream):
    Upstream tests uses a static value (42) for 'gdm' uid/gid (based
    on Fedora values, apparently).  Replace these occurrences with
    'unknown(123456)'
  * Replace '--with-python' with '--with-python3' on %configure
  * Remove autrace and auvirt references (upstream)
  * Replace README with README.md
- Drop `--enable-systemd' from %configure as SysV-style scripts
  aren't supported in upstream since
  113ae191758c ("Drop support for SysVinit")
- Update to 4.0
  * Includes fixes since v3.1.1
  * Enhance support for newer (5.0+) kernels
- Update spec:
  * Add fix-auparse-test.patch (downstream):
    Upstream tests uses a static value (42) for 'gdm' uid/gid (based
    on Fedora values, apparently).  Replace these occurrences with
    'unknown(123456)'
  * Replace '--with-python' with '--with-python3' on %configure
  * Add new headers 'audit_logging.h' and 'audit-records.h' for
    audit-devel

TODO: fix build for SLE/Leap

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=153
reinstate %dir /etc/audit in the audit package 3f0a4c9486 
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=154
- Update audit-secondary.spec: 90ef868a13 
* Add "Requires: audit-rules" for audit package
  * Remove preun/postun handling of audit-rules.service
- Update to 4.0
  - Drop python2 support
  - Drop auvirt and autrace programs
  - Drop SysVinit support
  - Require the use of the 5.0 or later kernel headers
  - New README.md file
  - Rewrite legacy service functions in terms of systemctl
  - Consolidate and update end of event detection to a common function
  - Split off rule loading from auditd.service into audit-rules.service
  - Refactor libaudit.h to split out logging functions and record numbers
  - Speed up aureport --summary reports
  - Limit libaudit python bindings to logging functions
  - Add a metrics function for auparse
  - Change auditctl to use pidfd_send_signal for signaling auditd
  - Adjust watches to optimize syscalls hooked when watch file access
  - Drop nispom rules
  - Add intepretations for fsconfig, fsopen, fsmount, & move_mount
  - Many code fixups (cgzones)
  - Update syscall and interpretation tables to the 6.8 kernel
  (from v3.1.2)
  - When processing a run level change, make auditd exit
  - In auditd, fix return code when rules added in immutable mode
  - In auparse, when files are given, also consider EUID for access
  - Auparse now interprets unnamed/anonymous sockets (Enzo Matsumiya)
  - Disable Python bindings from setting rules due to swig bug (S. Trofimovich)
  - Update all lookup tables for the 6.5 kernel
  - Don't be as paranoid about auditctl -R file permissions
  - In ausearch, correct subject/object search to be an and if both are given
  - Adjust formats for 64 bit time_t
  - Fix segfault in python bindings around the feed API
  - Add feed_has_data, get_record_num, and get/goto_field_num to python bindings
- Update spec:
  * Move rules-related files into new subpackage `audit-rules':
    * Files moved:
	- /sbin/auditctl, /sbin/augenrules,
	  /etc/audit/{audit.rules,rules.d/audit.rules,audit-stop.rules}
	- manpages for auditctl, augenrules, and audit.rules
	- /etc/audit is now owned by `audit-rules' as well
    * Add new file /usr/lib/systemd/system/audit-rules.service
    * Remove in-house create-augenrules-service.patch that generated
      augenrules.service systemd unit service
    * Remove ownership of /usr/share/audit
    * Create /usr/share/audit-rules directory on %install
  * Remove audit-userspace-517-compat.patch (fixed upstream)
  * Remove libev-werror.patch (fixed upstream)
  * Remove audit-allow-manual-stop.patch (fixed upstream)
  * Add fix-auparse-test.patch (downstream):
    Upstream tests uses a static value (42) for 'gdm' uid/gid (based
    on Fedora values, apparently).  Replace these occurrences with
    'unknown(123456)'
  * Replace '--with-python' with '--with-python3' on %configure
  * Remove autrace and auvirt references (upstream)
  * Replace README with README.md
- Drop `--enable-systemd' from %configure as SysV-style scripts
  aren't supported in upstream since
  113ae191758c ("Drop support for SysVinit")

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=155
Accepting request 1204507 from security 66d350687b 
OBS-URL: https://build.opensuse.org/request/show/1204507
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=106
- Readd audit-allow-manual-stop.patch (removed by mistake) 1878dbbb84 
- Fix plugin termination when using systemd service units (bsc#1215377)
  * add auditd.service-fix-plugin-termination.patch

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=157
Accepting request 1205295 from security 757054e43f 
OBS-URL: https://build.opensuse.org/request/show/1205295
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=107
- Update audit.spec (bsc#1231236): 239d018a6e 
* add requirement for 'awk' package
  * move some %post logic from audit to audit-rules

- Update audit.spec: add requirement for 'awk' package (bsc#1231236)

OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=159
Accepting request 1207244 from security a74a4e8524 
OBS-URL: https://build.opensuse.org/request/show/1207244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=108
Accepting request 1285096 from home:wfrisch:branches:security 840c70f82a 
third time's the charm

- Update to 4.0.2
  - Fix musl C builds
  - Many code cleanups (Yugend)
  - Use atomic variables if available for signal related flags
  - Dont rotate audit logs when auditd is in debug mode
  - Fix a couple memory leaks on error paths
  - Correct output when displaying rules with exe/path/dir (Attila Lakatos)
  - Fix auparse lookup test to not use the system libaupaurse
  - Improve auparse metrics
  - Update auparse normalizer for recent syscalls
  - Make status report uniform
- Update to 4.0.1
  - Update TRUSTED_APP interpretation to look for known fields
  - In auditd plugins, allow variable amount of arguments (Attila Lakatos)
  - Fix augenrules to work correctly when kernel is in immutable mode
  - Add ausearch_cur_event to auparse library (Attila Lakatos)
  - Add audisp-filter plugin (Attila Lakatos)
  - Improve sorting speed of aureport --summary reports
  - auditd & audit-rules.service pick up paths automatically (Laurent Bigonville)
  - Update auparse normalizer for new syscalls

old: security/audit
new: home:wfrisch:branches:security/audit rev None
Index: audit-secondary.changes
===================================================================
--- audit-secondary.changes (revision 160)
+++ audit-secondary.changes (revision 2)
@@ -1,4 +1,29 @@
 -------------------------------------------------------------------
+Tue Jun 10 14:24:47 UTC 2025 - Wolfgang Frisch <wolfgang.frisch@suse.com>

OBS-URL: https://build.opensuse.org/request/show/1285096
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=161
Accepting request 1285116 from security 12499e1e82 
OBS-URL: https://build.opensuse.org/request/show/1285116
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=109
dgarcia merged commit b03c4e956e into main 2025-10-08 12:55:08 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm adrianSuSE autogits-devel dgarcia dirkmueller gitea_test yudaike
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: testing/audit#1
Delete Branch "factory"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?