Hello community, here is the log from the commit of package audit.15249 for openSUSE:Leap:15.2:Update checked in at 2020-12-08 10:22:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/audit.15249 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.audit.15249.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "audit.15249" Tue Dec 8 10:22:38 2020 rev:1 rq:853207 version:2.8.1 Changes: -------- New Changes file: --- /dev/null 2020-11-18 17:46:03.679371574 +0100 +++ /work/SRC/openSUSE:Leap:15.2:Update/.audit.15249.new.5913/audit-secondary.changes 2020-12-08 10:22:40.642994249 +0100 @@ -0,0 +1,316 @@ +------------------------------------------------------------------- +Wed Dec 2 11:51:00 UTC 2020 - Alexander Bergmann <[email protected]> + +- Enable Aarch64 processor support. (bsc#1179515) + +------------------------------------------------------------------- +Fri Feb 7 19:27:33 UTC 2020 - Tony Jones <[email protected]> + +- Resolve build errors when using glibc-devel-5.3 (bsc#1163040) + New patch: audit-make-audit_filter_exclude-definition-optional.patch + +------------------------------------------------------------------- +Fri Mar 16 19:57:42 UTC 2018 - [email protected] + +- Change openldap dependency to client only (bsc#1085003) + +------------------------------------------------------------------- +Wed Jan 17 15:25:55 UTC 2018 - [email protected] + +- Add conditions around python plugins to allow us to conditionalize + them in enviroment without python2 + +------------------------------------------------------------------- +Thu Nov 9 16:21:23 UTC 2017 - [email protected] + +- Rename python binding packages to match current python packaging + standards +- Update python build dependencies to resolve future split of + python2/3 + +------------------------------------------------------------------- +Sat Nov 4 21:11:35 UTC 2017 - [email protected] + +- Update to version 2.8.1. See audit.spec (libaudit1) for upstream + changelog +- Remove audit-implicit-writev.patch (fixed upstream across 2 + commits) + * 3b30db20ad983274989ce9a522120c3c225436b3 + * 07132c22314e9abbe64d1031fd8734243285bb3f +- Cleanup with spec-cleaner + +------------------------------------------------------------------- +Fri Aug 18 08:50:02 UTC 2017 - [email protected] + +- Add audit-implicit-writev.patch: include sys/uio.h to ensure + readv and writev are declared. + +------------------------------------------------------------------- +Mon Jul 24 13:59:06 UTC 2017 - [email protected] + +- Rectify RPM groups, diversify descriptions. +- Remove mentions of static libraries because they are not built. + +------------------------------------------------------------------- +Tue Jul 18 18:33:40 UTC 2017 - [email protected] + +- Update to version 2.7.7. See audit.spec (libaudit1) for upstream + changelog + Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking + service (bsc#1042781). + Add config: audit-stop.rules + Refresh patch: audit-allow-manual-stop.patch + Refresh patch: audit-no-gss.patch + +------------------------------------------------------------------- +Fri Apr 1 14:59:05 UTC 2016 - [email protected] + +- Version update to 2.5. See audit.spec (libaudit1) for upstream + changelog +- Cleanup with spec-cleaner +- Sort out bit /sbin /usr/sbin/ installation +- Install the rules as documentation +- Remove needless %py_requires from python subpkgs + +------------------------------------------------------------------- +Fri Aug 21 19:00:36 UTC 2015 - [email protected] + +- Update to version 2.4.4. See audit.spec (libaudit1) for upstream + changelog +- Add python3 bindings for libaudit and libauparse +- Remove patch 'audit-no_m4_dir.patch' + (added Fri Apr 26 11:14:39 UTC 2013 by [email protected]) + No idea what earlier 'automake' build error this was trying to fix but + it broke the handling of "--without-libcap-ng". Anyways, no build error + occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build + +------------------------------------------------------------------- +Tue Sep 2 17:35:12 UTC 2014 - [email protected] + +- Update to version 2.4. See audit.spec (libaudit1) for upstream + changelog + Drop patch: auditd-donot-start-if-kernel-cmdline-disabled.patch + +------------------------------------------------------------------- +Fri Aug 15 14:24:33 UTC 2014 - [email protected] + +- If the system has been booted with audit=0 in the kernel cmdline + auditd.service must refrain from starting as the relevant kernel + subsystem will be permanently disabled. + add patch: auditd-donot-start-if-kernel-cmdline-disabled.patch + +------------------------------------------------------------------- +Thu Jul 10 06:21:55 UTC 2014 - [email protected] + +- Do not require tclass field to be present when searching for AVC + records (bnc#878687) + add patch: audit-ausearch-do-not-require-tclass.patch + +------------------------------------------------------------------- +Tue Apr 15 00:52:16 UTC 2014 - [email protected] + +- Update to version 2.3.6. See audit.spec (libaudit1) for upstream + changelog + +------------------------------------------------------------------- +Wed Mar 26 18:41:33 UTC 2014 - [email protected] + +- fix systemd warning: + "Configuration file /usr/lib/systemd/system/auditd.service + is marked world-inaccessible. + This has no effect as configuration data is accessible + via APIs without restrictions" +* indeed restricting access to unit files using filesystem + permissions is non-sense. + +------------------------------------------------------------------- +Thu Feb 27 16:28:31 UTC 2014 - [email protected] + +- Add systemd requires (bnc#865849) + +------------------------------------------------------------------- +Tue Feb 4 00:06:30 UTC 2014 - [email protected] + +- Update to version 2.3.3. See audit.spec (libaudit1) for upstream + changelog + +------------------------------------------------------------------- +Tue Nov 26 18:28:58 UTC 2013 - [email protected] + +- Update to version 2.3.2. See audit.spec (libaudit1) for upstream + changelog +- Drop patch 'audit-fix-implicit-defn.patch' (upstream) +- Add patch 'audit-allow-manual-stop.patch' to reinstate service + stop/restart. +- /etc/sysconfig/audit still existed but was no longer referenced + by systemd, so remove +- Delete audit-no_plugins.patch, it was stale (no longer referenced + by specfiles) but had not been removed. + +------------------------------------------------------------------- +Wed Oct 2 12:48:50 UTC 2013 - [email protected] + +- (re-)add rcauditd as symlink to /usr/sbin/service + +------------------------------------------------------------------- +Thu Jun 27 15:17:16 UTC 2013 - [email protected] + +- Eliminate build cycles. audit.spec now builds only libs/devel. + Remainder (including daemon) built from audit-secondary.spec +- Add patch 'audit-fix-implicit-defn.patch' to fix implicit definition + warning. + +------------------------------------------------------------------- +Mon Mar 25 17:27:47 UTC 2013 - [email protected] + +- Buildrequires cap-ng library + +------------------------------------------------------------------- +Tue Jan 22 12:34:00 UTC 2013 - [email protected] + +- Executing autoreconf requires autoconf + +------------------------------------------------------------------- +Fri Oct 12 13:00:30 UTC 2012 - [email protected] + +- Update to version 2.2.1, see audit's changes + +------------------------------------------------------------------- +Tue Feb 28 21:58:24 UTC 2012 - [email protected] + +- Update to version 2.1.3. See audit.spec upstream changelog + +------------------------------------------------------------------- +Sat Sep 17 13:38:42 UTC 2011 - [email protected] + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Fri May 20 16:54:38 UTC 2011 - [email protected] + +- Adjust license of audit-libs-python to be LGPLv2.1 or later. + +------------------------------------------------------------------- +Wed Apr 27 00:05:50 UTC 2011 - [email protected] + +- Upgrade to version 2.1.1 (see audit.changes for upstream change + history) ++++ 119 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.audit.15249.new.5913/audit-secondary.changes New Changes file: --- /dev/null 2020-11-18 17:46:03.679371574 +0100 +++ /work/SRC/openSUSE:Leap:15.2:Update/.audit.15249.new.5913/audit.changes 2020-12-08 10:22:40.718994316 +0100 @@ -0,0 +1,1206 @@ +------------------------------------------------------------------- +Wed Dec 2 11:49:28 UTC 2020 - Alexander Bergmann <[email protected]> + +- Enable Aarch64 processor support. (bsc#1179515) + +------------------------------------------------------------------- +Fri Feb 7 19:27:33 UTC 2020 - Tony Jones <[email protected]> + +- Resolve build errors when using glibc-devel-5.3 (bsc#1163040) + New patch: audit-make-audit_filter_exclude-definition-optional.patch + +------------------------------------------------------------------- +Sat Nov 4 21:12:09 UTC 2017 - [email protected] + +- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes) + * many features added to auparse_normalize + * cli option added to auditd and audispd for setting config dir + * in auditd, restore the umask after creating a log file + * option added to auditd for skipping email verification +- Full changelog: http://people.redhat.com/sgrubb/audit/ChangeLog + +------------------------------------------------------------------- +Mon Jul 24 13:59:06 UTC 2017 - [email protected] + +- Rectify RPM groups, diversify descriptions. +- Remove mentions of static libraries because they are not built. + +------------------------------------------------------------------- +Tue Jul 18 18:32:56 UTC 2017 - [email protected] + +- Update to version 2.7.7 release + Changelog: https://people.redhat.com/sgrubb/audit/ChangeLog + +------------------------------------------------------------------- +Sat Apr 2 18:14:51 UTC 2016 - [email protected] + +- Create folder for the m4 file from previous commit to avoid install + failure + +------------------------------------------------------------------- +Fri Apr 1 14:15:58 UTC 2016 - [email protected] + +- Version update to 2.5 release +- Refresh two patches and README to contain SUSE and not SuSE + * audit-allow-manual-stop.patch + * audit-plugins-path.patch +- Cleanup with spec-cleaner and do not use subshells but rather use + -C parameter of make +- Install m4 file to the devel package + +------------------------------------------------------------------- +Wed Dec 2 12:14:38 UTC 2015 - [email protected] + +- Do not depend on insserv nor fillup; the package provides + neither sysconfig nor sysvinit files + +------------------------------------------------------------------- +Fri Aug 21 18:58:18 UTC 2015 - [email protected] + +- Update to version 2.4.4 (bsc#941922, CVE-2015-5186) +- Remove patch 'audit-no_m4_dir.patch' + (added Fri Apr 26 11:14:39 UTC 2013 by [email protected]) + No idea what earlier 'automake' build error this was trying to fix but + it broke the handling of "--without-libcap-ng". Anyways, no build error + occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build +- Require pkgconfig for build + + Changelog 2.4.4 + - Fix linked list correctness in ausearch/report + - Add more cross compile fixups (Clayton Shotwell) + - Update auparse python bindings + - Update libev to 4.20 + - Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling + + Changelog 2.4.3 + - Add python3 support for libaudit + - Cleanup automake warnings + - Add AuParser_search_add_timestamp_item_ex to python bindings + - Add AuParser_get_type_name to python bindings + - Correct processing of obj_gid in auditctl (Aleksander Zdyb) + - Make plugin config file parsing more robust for long lines (#1235457) + - Make auditctl status print lost field as unsigned number + - Add interpretation mode for auditctl -s + - Add python3 support to auparse library + - Make --enable-zos-remote a build time configuration option (Clayton Shotwell) + - Updates for cross compiling (Clayton Shotwell) + - Add MAC_CHECK audit event type + - Add libauparse pkgconfig file (Aleksander Zdyb) + + Changelog 2.4.2 + - Ausearch should parse exe field in SECCOMP events + - Improve output for short mode interpretations in auparse + - Add CRYPTO_IKE_SA and CRYPTO_IPSEC_SA events + - If auditctl is reading rules from a file, send messages to syslog (#1144252) + - Correct lookup of ppc64le when determining machine type + - Increase time buffer for wide character numbers in ausearch/report (#1200314) + - In aureport, add USER_TTY events to tty report + - In audispd, limit reporting of queue full messages (#1203810) + - In auditctl, don't segfault when invalid options passed (#1206516) + - In autrace, remove some older unimplemented syscalls for aarch64 (#1185892) + - In auditctl, correct lookup of aarch64 in arch field (#1186313) + - Update lookup tables for 4.1 kernel + +------------------------------------------------------------------- +Mon Nov 24 14:55:22 UTC 2014 - [email protected] + +- Update to version 2.4.1 + + Changelog 2.4.1 + - Make python3 support easier + - Add support for ppc64le (Tony Jones) + - Add some translations for a1 of ioctl system calls + - Add command & virtualization reports to aureport + - Update aureport config report for new events + - Add account modification summary report to aureport + - Add GRP_MGMT and GRP_CHAUTHTOK event types + - Correct aureport account change reports + - Add integrity event report to aureport + - Add config change summary report to aureport + - Adjust some syslogging level settings in audispd + - Improve parsing performance in everything + - When ausearch outputs a line, use the previously parsed values (Burn Alting) + - Improve searching and interpreting groups in events + - Fully interpret the proctitle field in auparse + - Correct libaudit and auditctl support for kernel features + - Add support for backlog_time_wait setting via auditctl + - Update syscall tables for the 3.18 kernel + - Ignore DNS failure for email validation in auditd (#1138674) + - Allow rotate as action for space_left and disk_full in auditd.conf + - Correct login summary report of aureport + - Auditctl syscalls can be comma separated list now + - Update rules for new subsystems and capabilities + +- Drop patch audit-add-ppc64le-mach-support.patch (already upstream) + +------------------------------------------------------------------- +Tue Sep 2 17:33:11 UTC 2014 - [email protected] + +- Update to version 2.4 + + Changelog 2.4 + - Optionally parse loginuids, (e)uids, & (e)gids in ausearch/report + - In auvirt, anomaly events don't have uuid (#1111448) + - Fix category handling in various records (#1120286) + - Fix ausearch handling of session id on 32 bit systems + - Set systemd startup to wait until systemd-tmpfiles-setup.service (#1097314) + - Interpret a0 of socketcall and ipccall syscalls + - Add pkgconfig file for libaudit + - Add go language bindings for limited use of libaudit + - Fix ausearch handling of exit code on 32 bit systems + - Fix bug in aureport string linked list handling + - Document week-ago time setting in ausearch/report man page + - Update tables for 3.16 kernel + - In aulast, on bad logins only record user_login proof and use it + - Add libaudit API for kernel features + - If audit=0 on kernel cmnd line, skip systemd activation (Cristian RodrÃguez) + - Add checkpoint --start option to ausearch (Burn Alting) + - Fix arch matching in ausearch + - Add --loginuid-immutable option to auditctl + - Fix memory leak in auditd when log_format is set to NOLOG + - Update auditctl to display features in the status command + - Add ausearch_add_timestamp_item_ex() to auparse + + Changelog 2.3.7 + - Limit number of options in a rule in libaudit + - Auditctl cannot load rule with lots of syscalls (#1089713) + - In ausearch, fix checkpointing when inode is reused by new log (Burn Alting) + - Add PROCTITLE and FEATURE_CHANGE event types + +------------------------------------------------------------------- +Tue Sep 2 17:33:11 UTC 2014 - [email protected] + +- Add support for ppc64le (bnc#891861) + New patch: audit-add-ppc64le-mach-support.patch + +------------------------------------------------------------------- +Tue Apr 15 00:50:50 UTC 2014 - [email protected] + +- Update to version 2.3.6 + + Changelog 2.3.6 + - Add an option to auditctl to interpret a0 - a3 of syscall rules when listing + - Improve ARM and AARCH64 support (AKASHI Takahiro) + - Add ausearch --checkpoint feature (Burn Alting) + - Add --arch option to ausearch + - Improve too long config line in audispd, auditd, and auparse (#1071580) + - Fix aulast to accept the new AUDIT_LOGIN record format + - Remove clear_config symbol in auparse + + Changelog 2.3.5 + - In CRYPTO_KEY_USER events, do not interpret the 'fp' field + - Change formatting of rules listing in auditctl to look like audit.rules + - Change auditctl to do all netlink comm and then print rules + - Add a debug option to ausearch to find skipped events + - Parse subject, auid, and ses in LOGIN events (3.14 kernel changed format) + - In auditd, when shifting logs, ignore the num_logs setting (#950158) + - Allow passing a directory as the input file for ausearch/report (LC Bruzenak) ++++ 1009 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.audit.15249.new.5913/audit.changes New: ---- README-BEFORE-ADDING-PATCHES audit-2.8.1.tar.gz audit-allow-manual-stop.patch audit-ausearch-do-not-require-tclass.patch audit-make-audit_filter_exclude-definition-optional.patch audit-no-gss.patch audit-plugins-path.patch audit-secondary.changes audit-secondary.spec audit.changes audit.spec baselibs.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ audit-secondary.spec ++++++ # # spec file for package audit-secondary # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %bcond_without python2 %bcond_without python3 # This package contains all audit functionality except for audit-libs. # The seperation is required to minimize unnecessary build cycles. %define _name audit Name: audit-secondary Version: 2.8.1 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0+ Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz Patch1: audit-plugins-path.patch Patch2: audit-no-gss.patch Patch3: audit-allow-manual-stop.patch Patch4: audit-ausearch-do-not-require-tclass.patch Patch5: audit-make-audit_filter_exclude-definition-optional.patch BuildRequires: audit-devel = %{version} BuildRequires: autoconf >= 2.12 BuildRequires: gcc-c++ BuildRequires: kernel-headers >= 2.6.30 BuildRequires: libtool BuildRequires: libldapcpp-devel BuildRequires: pkgconfig %if %{with python2} BuildRequires: python2-devel %endif %if %{with python3} BuildRequires: python3-devel %endif BuildRequires: swig BuildRequires: systemd-rpm-macros BuildRequires: tcpd-devel BuildRequires: pkgconfig(libcap-ng) %description The audit package contains the user space utilities for storing and processing the records generated by the audit subsystem in the Linux kernel. %package -n audit Summary: User Space Tools for Kernel Auditing License: LGPL-2.1+ Group: System/Monitoring Requires: %{_name}-libs = %{version} Requires: coreutils %{?systemd_requires} %description -n audit The audit package contains the user space utilities for storing and processing the audit records generated by the audit subsystem in the Linux kernel. %package -n python2-audit Summary: Python Bindings for libaudit License: LGPL-2.1+ Group: Development/Languages/Python Provides: audit-libs-python = %{version} Obsoletes: audit-libs-python < %{version} %description -n python2-audit The audit-libs-python package contains the bindings for using libaudit by python. %package -n python3-audit Summary: Python3 Bindings for libaudit License: LGPL-2.1+ Group: Development/Languages/Python Provides: audit-libs-python3 = %{version} Obsoletes: audit-libs-python3 < %{version} %description -n python3-audit The audit-libs-python3 package contains the bindings for using libaudit by python3. %package -n audit-audispd-plugins Summary: Default plugins for the audit dispatcher License: GPL-2.0+ Group: System/Monitoring %description -n audit-audispd-plugins The audit-audispd-plugins package contains plugin components for the audit dispatcher (audispd). %prep # remove selinux policy rm -rf audisp/plugins/zos-remote/policy # we don't build prelude rm -rf audisp/plugins/prelude %setup -q -n %{_name}-%{version} %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" export LDFLAGS="-Wl,-z,relro,-z,now" # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch %configure \ --enable-systemd \ --libexecdir=%{_libexecdir}/%{_name} \ --with-apparmor \ --with-libwrap \ --with-libcap-ng=yes \ %ifarch aarch64 --with-aarch64 \ %endif --disable-static make %{?_smp_mflags} %install %make_install mkdir -p %{buildroot}%{_localstatedir}/log/audit/ touch %{buildroot}%{_localstatedir}/log/audit/audit.log mkdir -p %{buildroot}%{_localstatedir}/spool/audit/ # For ghost below, so that old location files will still be there when # post copy runs mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/ mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/rules.d/ touch %{buildroot}%{_sysconfdir}/{auditd.conf,audit.rules} %{buildroot}%{_sysconfdir}/audit/auditd.conf # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp touch -r ./audit.spec %{buildroot}%{_sysconfdir}/libaudit.conf # Starting with audit 2.5 no config is installed so start with no rules install -m 0644 rules/10-no-audit.rules %{buildroot}%{_sysconfdir}/%{_name}/rules.d/audit.rules # delete redhat scripts, use ours rm -rf %{buildroot}%{_sysconfdir}/sysconfig/auditd rm -rf %{buildroot}%{_initddir}/auditd rm -rf %{buildroot}%{_sysconfdir}/rc.d/init.d # delete redhat systemd legacy scripts, our systemd doesn't support the feature # https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html rm -rf %{buildroot}%{_libexecdir}/audit # Clean up some unneeded library files rm -f %{buildroot}/%{_libdir}/python*/site-packages/{_audit,_auparse,auparse}.{a,la} rm -rf %{buildroot}/%{_libdir}/python*/site-packages/__pycache__ # cleanup makefiles for the rules (installed by %%docs command) rm -f %{buildroot}/%{_libdir}/pkgconfig/{audit,auparse}.pc # cleanup files handled by audit.spec rm -rf %{buildroot}/%{_datadir}/aclocal/ rm -rf %{buildroot}/%{_includedir} rm -f %{buildroot}/%{_libdir}/lib{audit,auparse}.* rm -f %{buildroot}%{_sysconfdir}/libaudit.conf rm -f %{buildroot}/%{_mandir}/man5/libaudit.conf.5 rm -rf %{buildroot}/%{_mandir}/man3 # Cleanup plugins #USR-MERGE mkdir %{buildroot}/sbin/ for prog in auditctl auditd ausearch autrace audispd aureport augenrules; do ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog done #END-USR-MERGE # rcauditd symlink ln -s service %{buildroot}%{_sbindir}/rcauditd chmod 0644 %{buildroot}%{_unitdir}/auditd.service %check make %{?_smp_mflags} check %post -n audit # Save existing audit files if any (from old locations) if [ -f %{_sysconfdir}/auditd.conf ]; then mv %{_sysconfdir}/audit/auditd.conf %{_sysconfdir}/audit/auditd.conf.new mv %{_sysconfdir}/auditd.conf %{_sysconfdir}/audit/auditd.conf fi if [ -f %{_sysconfdir}/audit.rules ]; then mv %{_sysconfdir}/audit.rules %{_sysconfdir}/audit/audit.rules elif [ ! -f %{_sysconfdir}/audit/audit.rules ]; then cp %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules fi %service_add_post auditd.service %pre -n audit %service_add_pre auditd.service %preun -n audit %service_del_preun auditd.service %postun -n audit %service_del_postun auditd.service %files -n audit %doc README COPYING ChangeLog rules/[0-9]* rules/README-rules init.d/auditd.cron %attr(644,root,root) %{_mandir}/man8/audispd.8.gz %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz %attr(644,root,root) %{_mandir}/man8/auditd.8.gz %attr(644,root,root) %{_mandir}/man8/aureport.8.gz %attr(644,root,root) %{_mandir}/man8/ausearch.8.gz %attr(644,root,root) %{_mandir}/man8/autrace.8.gz %attr(644,root,root) %{_mandir}/man8/aulast.8.gz %attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz %attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz %attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz %attr(644,root,root) %{_mandir}/man8/auvirt.8.gz %attr(644,root,root) %{_mandir}/man8/augenrules.8.gz /sbin/auditctl %attr(750,root,root) %{_sbindir}/auditctl /sbin/auditd %attr(750,root,root) %{_sbindir}/auditd /sbin/ausearch %attr(755,root,root) %{_sbindir}/ausearch /sbin/autrace %attr(750,root,root) %{_sbindir}/autrace /sbin/audispd %attr(750,root,root) %{_sbindir}/augenrules /sbin/augenrules %attr(750,root,root) %{_sbindir}/audispd %attr(755,root,root) %{_bindir}/aulast %attr(755,root,root) %{_bindir}/aulastlog %attr(755,root,root) %{_bindir}/ausyscall /sbin/aureport %attr(755,root,root) %{_sbindir}/aureport %attr(755,root,root) %{_bindir}/auvirt %dir %attr(750,root,root) %{_sysconfdir}/audit %attr(750,root,root) %dir %{_sysconfdir}/audisp %attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/af_unix.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/syslog.conf %ghost %{_sysconfdir}/auditd.conf %ghost %{_sysconfdir}/audit.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/auditd.conf %dir %attr(750,root,root) %{_sysconfdir}/audit/rules.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/rules.d/audit.rules %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audispd.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules %dir %attr(700,root,root) %{_localstatedir}/log/audit %ghost %config(noreplace) %{_localstatedir}/log/audit/audit.log %dir %attr(700,root,root) %{_localstatedir}/spool/audit %{_unitdir}/auditd.service %{_sbindir}/rcauditd %if %{with python2} %files -n python2-audit %attr(755,root,root) %{python2_sitearch}/_audit.so %attr(755,root,root) %{python2_sitearch}/auparse.so %{python2_sitearch}/audit.py* %endif %if %{with python3} %files -n python3-audit %attr(755,root,root) %{python3_sitearch}/_audit.so %attr(755,root,root) %{python3_sitearch}/auparse.so %{python3_sitearch}/audit.py* %endif %files -n audit-audispd-plugins %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %attr(750,root,root) %dir %{_sysconfdir}/audisp %attr(750,root,root) %dir %{_sysconfdir}/audisp/plugins.d %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/audispd-zos-remote.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/zos-remote.conf %attr(750,root,root) %{_sbindir}/audisp-remote %attr(750,root,root) %{_sbindir}/audispd-zos-remote %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/audisp-remote.conf %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audisp/plugins.d/au-remote.conf %changelog ++++++ audit.spec ++++++ # # spec file for package audit # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: audit Version: 2.8.1 Release: 0 Summary: Linux kernel audit subsystem utilities License: GPL-2.0+ Group: System/Monitoring Url: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: baselibs.conf Source2: README-BEFORE-ADDING-PATCHES Patch1: audit-make-audit_filter_exclude-definition-optional.patch BuildRequires: autoconf >= 2.12 BuildRequires: gcc-c++ BuildRequires: kernel-headers >= 2.6.30 BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: tcpd-devel Requires: %{name}-libs = %{version} %description The audit package contains the user space utilities for storing and processing the records generated by the audit subsystem in the Linux kernel. %package -n libaudit1 Summary: Library for interfacing with the kernel audit subsystem License: LGPL-2.1+ Group: System/Libraries Obsoletes: %{name}-libs < 2.0.4 Provides: %{name}-libs = %{version} %description -n libaudit1 The libaudit package contains the shared libraries needed for applications to use the audit framework. %package -n libauparse0 Summary: Library for parsing and interpreting audit events License: LGPL-2.1+ Group: System/Libraries %description -n libauparse0 The libauparse package contains the shared libraries needed to parse audit records. %package -n audit-devel Summary: Header files for libaudit License: LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: libaudit1 = %{version} Requires: libauparse0 = %{version} %description -n audit-devel The audit-devel package contains the header files needed for developing applications that need to use the audit framework libraries. %prep %setup -q %patch1 -p1 %build autoreconf -fi export CFLAGS="%{optflags} -fno-strict-aliasing" export CXXFLAGS="$CFLAGS" export LDFLAGS="-Wl,-z,relro,-z,now" # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch %configure \ --enable-systemd \ --libexecdir=%{_libexecdir}/%{name} \ --with-apparmor \ --with-libwrap \ --without-libcap-ng \ --disable-static \ %ifarch aarch64 --with-aarch64 \ %endif --without-python make %{?_smp_mflags} -C lib make %{?_smp_mflags} -C auparse make %{?_smp_mflags} -C docs %install make DESTDIR=%{buildroot} install -C lib make DESTDIR=%{buildroot} install -C auparse make DESTDIR=%{buildroot} install -C docs rm -rf %{buildroot}/%{_mandir}/man[578] mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}/%{_includedir} mkdir -p %{buildroot}/%{_mandir}/man5 # We manually install this since Makefile doesn't install -m 0644 lib/libaudit.h %{buildroot}/%{_includedir} install -D -m 0644 ./m4/audit.m4 %{buildroot}%{_datadir}/aclocal/audit.m4 # Install libaudit.conf files by hand install -m 0644 docs/libaudit.conf.5 %{buildroot}/%{_mandir}/man5 install -m 0644 init.d/libaudit.conf %{buildroot}%{_sysconfdir} find %{buildroot} -type f -name "*.la" -delete -print %check make %{?_smp_mflags} check -C lib make %{?_smp_mflags} check -C auparse %post -n libaudit1 -p /sbin/ldconfig %post -n libauparse0 -p /sbin/ldconfig %postun -n libaudit1 -p /sbin/ldconfig %postun -n libauparse0 -p /sbin/ldconfig %files -n libaudit1 %{_libdir}/libaudit.so.* %config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf %{_mandir}/man5/libaudit.conf.5%{ext_man} %files -n libauparse0 %{_libdir}/libauparse.so.* %files -n audit-devel %doc contrib/skeleton.c contrib/plugin %{_libdir}/libaudit.so %{_libdir}/libauparse.so %{_includedir}/libaudit.h %{_includedir}/auparse.h %{_includedir}/auparse-defs.h %{_mandir}/man3/* %{_datadir}/aclocal/audit.m4 %{_libdir}/pkgconfig/audit.pc %{_libdir}/pkgconfig/auparse.pc %changelog ++++++ README-BEFORE-ADDING-PATCHES ++++++ All patches need to have a patch description header similar to what is used in SUSE kernel git tree. Patches added without this will be reverted. Thanks. From: Name <email> Subject: Summary of fix Date: date References: bnc#xxxxxx (bugzilla reference if applicable) Upstream: yes (provide repo/commit-id in description) or no (provide reason) Signed-Off-by: Name <email> (same as From: if committer is patch author) Short paragraph describing problem/fix. References to upstream repo-path/commit-id if applicable. ++++++ audit-allow-manual-stop.patch ++++++ From: Tony Jones <[email protected]> Subject: allow service stop References: https://lists.fedoraproject.org/pipermail/devel/2012-June/169411.html References: https://www.redhat.com/archives/linux-audit/2013-July/msg00048.html --- legacy-actions is Fedora specific, so blocking manual stop won't work for SUSE since we lack the ability to use a custom stop/restart init.d/auditd.service | 1 - 1 file changed, 1 deletion(-) --- a/init.d/auditd.service +++ b/init.d/auditd.service @@ -7,7 +7,6 @@ DefaultDependencies=no After=local-fs.target systemd-tmpfiles-setup.service Conflicts=shutdown.target Before=sysinit.target shutdown.target -RefuseManualStop=yes ConditionKernelCommandLine=!audit=0 Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation ++++++ audit-ausearch-do-not-require-tclass.patch ++++++ From: William Preston <[email protected]> Subject: ausearch is looking for the "tclass" field in the entries, which doesn't make sense for apparmor. References: bnc#878687 References: https://www.redhat.com/archives/linux-audit/2014-May/msg00094.html https://www.redhat.com/archives/linux-audit/2014-June/msg00001.html Upstream: never Signed-off-by: Tony Jones <[email protected]> --- src/ausearch-parse.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) --- a/src/ausearch-parse.c +++ b/src/ausearch-parse.c @@ -1735,17 +1735,15 @@ static int parse_avc(const lnode *n, sea // Now get the class...its at the end, so we do things different str = strstr(term, "tclass="); - if (str == NULL) { - rc = 9; - goto err; + if (str) { + str += 7; + term = strchr(str, ' '); + if (term) + *term = 0; + an.avc_class = strdup(str); + if (term) + *term = ' '; } - str += 7; - term = strchr(str, ' '); - if (term) - *term = 0; - an.avc_class = strdup(str); - if (term) - *term = ' '; if (audit_avc_init(s) == 0) { alist_append(s->avc, &an); ++++++ audit-make-audit_filter_exclude-definition-optional.patch ++++++ From: Steve Grubb <[email protected]> Date: Mon Jun 4 08:45:36 2018 -0400 Subject: Make AUDIT_FILTER_EXCLUDE definition optional Git-commit: 6b99375dc1a4fd0f337a82ec1707e75fcf369824 References: bsc#1163040 Signed-off-by: Tony Jones <[email protected]> Make AUDIT_FILTER_EXCLUDE definition optional diff --git a/lib/libaudit.h b/lib/libaudit.h index b681e8d..509d813 100644 --- a/lib/libaudit.h +++ b/lib/libaudit.h @@ -289,7 +289,9 @@ extern "C" { #ifndef AUDIT_FILTER_FS #define AUDIT_FILTER_FS 0x06 /* FS record filter in __audit_inode_child */ #endif +#ifndef AUDIT_FILTER_EXCLUDE #define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE +#endif #define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */ #define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */ ++++++ audit-no-gss.patch ++++++ From: Tony Jones <[email protected]> Subject: Disable GSS options from config file Upsteam: never Disable GSS/Kerberos options from config file. They are disabled from configure but need manual removal here. --- init.d/auditd.conf | 3 --- 1 file changed, 3 deletions(-) --- a/init.d/auditd.conf +++ b/init.d/auditd.conf @@ -30,7 +30,4 @@ tcp_listen_queue = 5 tcp_max_per_addr = 1 ##tcp_client_ports = 1024-65535 tcp_client_max_idle = 0 -enable_krb5 = no -krb5_principal = auditd -##krb5_key_file = /etc/audit/audit.key distribute_network = no ++++++ audit-plugins-path.patch ++++++ From: Tony Jones <[email protected]> Subject: Adjust location of plugins built by audit-secondary Upsteam: never Adjust location of plugins built by audit-secondary. These should never have been in /sbin plus some (for SUSE) require lib dependancies on /usr/lib --- audit-1.7.2/audisp/plugins/prelude/au-prelude.conf.orig 2008-04-23 11:56:11.946681000 +0200 +++ audit-1.7.2/audisp/plugins/prelude/au-prelude.conf 2008-04-23 11:56:22.789827000 +0200 @@ -5,7 +5,7 @@ active = no direction = out -path = /sbin/audisp-prelude +path = /usr/sbin/audisp-prelude type = always #args = format = string --- audit-1.7.2/audisp/plugins/remote/au-remote.conf.orig 2008-04-23 11:56:11.976660000 +0200 +++ audit-1.7.2/audisp/plugins/remote/au-remote.conf 2008-04-23 11:56:30.958657000 +0200 @@ -5,7 +5,7 @@ active = no direction = out -path = /sbin/audisp-remote +path = /usr/sbin/audisp-remote type = always #args = format = string --- audit-1.7.2/audisp/plugins/zos-remote/audispd-zos-remote.conf.orig 2008-04-23 11:56:11.993637000 +0200 +++ audit-1.7.2/audisp/plugins/zos-remote/audispd-zos-remote.conf 2008-04-23 11:56:40.533070000 +0200 @@ -8,7 +8,7 @@ active = no direction = out -path = /sbin/audispd-zos-remote +path = /usr/sbin/audispd-zos-remote type = always args = /etc/audisp/zos-remote.conf format = string ++++++ baselibs.conf ++++++ libaudit1 obsoletes "audit-libs-<targettype> < 2.0.4" libauparse0 audit-devel requires -audit-<targettype> requires "libaudit1-<targettype> = <version>" requires "libauparse0-<targettype> = <version>" _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
