Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package audit for openSUSE:Factory checked
in at 2023-02-19 18:18:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/audit (Old)
and /work/SRC/openSUSE:Factory/.audit.new.22824 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "audit"
Sun Feb 19 18:18:35 2023 rev:103 rq:1066163 version:3.0.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/audit/audit-secondary.changes 2022-04-17
23:49:31.046280509 +0200
+++ /work/SRC/openSUSE:Factory/.audit.new.22824/audit-secondary.changes
2023-02-19 18:18:38.521359057 +0100
@@ -1,0 +2,43 @@
+Tue Dec 27 10:21:56 UTC 2022 - Ludwig Nussel <lnus...@suse.com>
+
+- Replace transitional %usrmerged macro with regular version check
(boo#1206798)
+
+-------------------------------------------------------------------
+Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya <ematsum...@suse.de>
+
+- Enable build for ARM (32-bit)
+- Update to version 3.0.9:
+ * In auditd, release the async flush lock on stop
+ * Don't allow auditd to log directly into /var/log when log_group is non-zero
+ * Cleanup krb5 memory leaks on error paths
+ * Update auditd.cron to use auditctl --signal
+ * In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
+ * In auparse, special case kernel module name interpretation
+ * If overflow_action is ignore, don't treat as an error
+ (3.0.8)
+ * Add gcc function attributes for access and allocation
+ * Add some more man pages (MIZUTA Takeshi)
+ * In auditd, change the reinitializing of the plugin queue
+ * Fix path normalization in auparse (Sergio Correia)
+ * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo
Matsumiya)
+ * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
+ * Drop ProtectHome from auditd.service as it interferes with rules
+ (3.0.7)
+ * Add support for the OPENAT2 record type (Richard Guy Briggs)
+ * In auditd, close the logging file descriptor when logging is suspended
+ * Update the capabilities lookup table to match 5.16 kernel
+ * Improve interpretation of renamat & faccessat family of syscalls
+ * Update syscall table for the 5.16 kernel
+ * Reduce dependency from initscripts to initscripts-service
+- Refresh patches (context adjusment):
+ * audit-allow-manual-stop.patch
+ * audit-ausearch-do-not-require-tclass.patch
+ * audit-no-gss.patch
+ * enable-stop-rules.patch
+ * fix-hardened-service.patch
+ * harden_auditd.service.patch
+- Remove patches (fixed by version update):
+ * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
+ * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/audit/audit.changes 2022-04-17
23:49:31.150280651 +0200
+++ /work/SRC/openSUSE:Factory/.audit.new.22824/audit.changes 2023-02-19
18:18:38.617359667 +0100
@@ -1,0 +2,38 @@
+Thu Dec 15 19:17:35 UTC 2022 - Enzo Matsumiya <ematsum...@suse.de>
+
+- Enable build for ARM (32-bit)
+- Update to version 3.0.9:
+ * In auditd, release the async flush lock on stop
+ * Don't allow auditd to log directly into /var/log when log_group is non-zero
+ * Cleanup krb5 memory leaks on error paths
+ * Update auditd.cron to use auditctl --signal
+ * In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
+ * In auparse, special case kernel module name interpretation
+ * If overflow_action is ignore, don't treat as an error
+ (3.0.8)
+ * Add gcc function attributes for access and allocation
+ * Add some more man pages (MIZUTA Takeshi)
+ * In auditd, change the reinitializing of the plugin queue
+ * Fix path normalization in auparse (Sergio Correia)
+ * In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo
Matsumiya)
+ * In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
+ * Drop ProtectHome from auditd.service as it interferes with rules
+ (3.0.7)
+ * Add support for the OPENAT2 record type (Richard Guy Briggs)
+ * In auditd, close the logging file descriptor when logging is suspended
+ * Update the capabilities lookup table to match 5.16 kernel
+ * Improve interpretation of renamat & faccessat family of syscalls
+ * Update syscall table for the 5.16 kernel
+ * Reduce dependency from initscripts to initscripts-service
+- Refresh patches (context adjusment):
+ * audit-allow-manual-stop.patch
+ * audit-ausearch-do-not-require-tclass.patch
+ * audit-no-gss.patch
+ * enable-stop-rules.patch
+ * fix-hardened-service.patch
+ * harden_auditd.service.patch
+- Remove patches (fixed by version update):
+ * libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
+ * audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
+
+-------------------------------------------------------------------
@@ -1016 +1053,0 @@
--------------------------------------------------------------------
@@ -1017,0 +1055 @@
+-------------------------------------------------------------------
Old:
----
audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
audit-3.0.6.tar.gz
libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
New:
----
audit-3.0.9.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ audit-secondary.spec ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.353364344 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.357364369 +0100
@@ -1,7 +1,7 @@
#
# spec file for package audit-secondary
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
# The seperation is required to minimize unnecessary build cycles.
%define _name audit
Name: audit-secondary
-Version: 3.0.6
+Version: 3.0.9
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later
@@ -42,8 +42,6 @@
Patch10: enable-stop-rules.patch
Patch11: create-augenrules-service.patch
Patch12: audit-userspace-517-compat.patch
-Patch13: audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
-Patch14: libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
BuildRequires: audit-devel = %{version}
BuildRequires: autoconf >= 2.12
BuildRequires: kernel-headers >= 2.6.30
@@ -147,6 +145,9 @@
%ifarch aarch64
--with-aarch64 \
%endif
+%ifarch arm
+ --with-arm \
+%endif
--enable-systemd \
--libexecdir=%{_libexecdir}/%{_name} \
--with-apparmor \
@@ -198,7 +199,7 @@
rm -rf %{buildroot}/%{_mandir}/man3
# Cleanup plugins
#USR-MERGE
-%if !0%{?usrmerged}
+%if 0%{?suse_version} < 1550
mkdir %{buildroot}/sbin/
for prog in auditctl auditd ausearch autrace aureport augenrules; do
ln -s %{_sbindir}/$prog %{buildroot}/sbin/$prog
@@ -257,7 +258,7 @@
%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
%attr(644,root,root) %{_mandir}/man8/augenrules.8.gz
-%if !0%{?usrmerged}
+%if 0%{?suse_version} < 1550
/sbin/auditctl
/sbin/auditd
/sbin/ausearch
++++++ audit.spec ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.381364522 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.385364547 +0100
@@ -1,7 +1,7 @@
#
# spec file for package audit
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: audit
-Version: 3.0.6
+Version: 3.0.9
Release: 0
Summary: Linux kernel audit subsystem utilities
License: GPL-2.0-or-later
@@ -86,6 +86,9 @@
%ifarch aarch64
--with-aarch64 \
%endif
+%ifarch arm
+ --with-arm \
+%endif
--enable-systemd \
--libexecdir=%{_libexecdir}/%{name} \
--with-apparmor \
++++++ audit-3.0.6.tar.gz -> audit-3.0.9.tar.gz ++++++
++++ 29741 lines of diff (skipped)
++++++ audit-allow-manual-stop.patch ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.657366276 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.661366301 +0100
@@ -11,14 +11,16 @@
init.d/auditd.service | 1 -
1 file changed, 1 deletion(-)
---- a/init.d/auditd.service
-+++ b/init.d/auditd.service
-@@ -11,7 +11,6 @@
+Index: audit-3.0.9/init.d/auditd.service
+===================================================================
+--- audit-3.0.9.orig/init.d/auditd.service
++++ audit-3.0.9/init.d/auditd.service
+@@ -11,7 +11,6 @@ After=local-fs.target systemd-tmpfiles-s
Before=sysinit.target shutdown.target
##Before=shutdown.target
Conflicts=shutdown.target
-RefuseManualStop=yes
ConditionKernelCommandLine=!audit=0
- Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
+ ConditionKernelCommandLine=!audit=off
++++++ audit-ausearch-do-not-require-tclass.patch ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.673366377 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.677366402 +0100
@@ -9,9 +9,11 @@
src/ausearch-parse.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
---- a/src/ausearch-parse.c
-+++ b/src/ausearch-parse.c
-@@ -2061,17 +2061,15 @@ other_avc:
+Index: audit-3.0.9/src/ausearch-parse.c
+===================================================================
+--- audit-3.0.9.orig/src/ausearch-parse.c
++++ audit-3.0.9/src/ausearch-parse.c
+@@ -2062,17 +2062,15 @@ other_avc:
// Now get the class...its at the end, so we do things different
str = strstr(term, "tclass=");
++++++ audit-no-gss.patch ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.685366453 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.689366479 +0100
@@ -9,8 +9,10 @@
init.d/auditd.conf | 3 ---
1 file changed, 3 deletions(-)
---- a/init.d/auditd.conf
-+++ b/init.d/auditd.conf
+Index: audit-3.0.9/init.d/auditd.conf
+===================================================================
+--- audit-3.0.9.orig/init.d/auditd.conf
++++ audit-3.0.9/init.d/auditd.conf
@@ -30,8 +30,6 @@ tcp_max_per_addr = 1
##tcp_client_ports = 1024-65535
tcp_client_max_idle = 0
@@ -18,6 +20,6 @@
-krb5_principal = auditd
-##krb5_key_file = /etc/audit/audit.key
distribute_network = no
- q_depth = 1200
+ q_depth = 2000
overflow_action = SYSLOG
++++++ create-augenrules-service.patch ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.729366733 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.729366733 +0100
@@ -1,7 +1,7 @@
-Index: audit-3.0.6/init.d/augenrules.service
+Index: audit-3.0.9/init.d/augenrules.service
===================================================================
--- /dev/null
-+++ audit-3.0.6/init.d/augenrules.service
++++ audit-3.0.9/init.d/augenrules.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=auditd rules generation
@@ -32,13 +32,13 @@
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ReadWritePaths=/etc/audit
-Index: audit-3.0.6/init.d/auditd.service
+Index: audit-3.0.9/init.d/auditd.service
===================================================================
---- audit-3.0.6.orig/init.d/auditd.service
-+++ audit-3.0.6/init.d/auditd.service
-@@ -13,15 +13,16 @@ Before=sysinit.target shutdown.target
- Conflicts=shutdown.target
- ConditionKernelCommandLine=!audit=0
+--- audit-3.0.9.orig/init.d/auditd.service
++++ audit-3.0.9/init.d/auditd.service
+@@ -15,15 +15,16 @@ ConditionKernelCommandLine=!audit=0
+ ConditionKernelCommandLine=!audit=off
+
Documentation=man:auditd(8) https://github.com/linux-audit/audit-documentation
+Requires=augenrules.service
+# This unit clears rules on stop, so make sure that augenrules runs again
@@ -57,7 +57,7 @@
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
# By default we clear the rules on exit. To disable this, comment
# the next line after copying the file to /etc/systemd/system/auditd.service
-@@ -45,7 +46,6 @@ ProtectClock=true
+@@ -46,7 +47,6 @@ ProtectClock=true
ProtectKernelTunables=true
ProtectKernelLogs=true
# end of automatic additions
@@ -65,28 +65,29 @@
[Install]
WantedBy=multi-user.target
-Index: audit-3.0.6/init.d/Makefile.am
+Index: audit-3.0.9/init.d/Makefile.am
===================================================================
---- audit-3.0.6.orig/init.d/Makefile.am
-+++ audit-3.0.6/init.d/Makefile.am
-@@ -26,7 +26,7 @@ EXTRA_DIST = auditd.init auditd.service
+--- audit-3.0.9.orig/init.d/Makefile.am
++++ audit-3.0.9/init.d/Makefile.am
+@@ -26,7 +26,8 @@ EXTRA_DIST = auditd.init auditd.service
auditd.cron libaudit.conf auditd.condrestart \
auditd.reload auditd.restart auditd.resume \
auditd.rotate auditd.state auditd.stop \
-- audit-stop.rules augenrules
-+ audit-stop.rules augenrules augenrules.service
+- audit-stop.rules augenrules audit-functions
++ audit-stop.rules augenrules audit-functions \
++ augenrules.service
libconfig = libaudit.conf
if ENABLE_SYSTEMD
initdir = /usr/lib/systemd/system
-@@ -53,6 +53,7 @@ if ENABLE_SYSTEMD
- mkdir -p ${DESTDIR}${initdir}
+@@ -54,6 +55,7 @@ if ENABLE_SYSTEMD
mkdir -p ${DESTDIR}${legacydir}
+ mkdir -p ${DESTDIR}${libexecdir}
$(INSTALL_SCRIPT) -D -m 644 ${srcdir}/auditd.service
${DESTDIR}${initdir}
+ $(INSTALL_SCRIPT) -D -m 644 ${srcdir}/augenrules.service
${DESTDIR}${initdir}
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.rotate
${DESTDIR}${legacydir}/rotate
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.resume
${DESTDIR}${legacydir}/resume
$(INSTALL_SCRIPT) -D -m 750 ${srcdir}/auditd.reload
${DESTDIR}${legacydir}/reload
-@@ -70,6 +71,7 @@ uninstall-hook:
+@@ -72,6 +74,7 @@ uninstall-hook:
rm ${DESTDIR}${sysconfdir}/${libconfig}
if ENABLE_SYSTEMD
rm ${DESTDIR}${initdir}/auditd.service
++++++ enable-stop-rules.patch ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.741366809 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.745366834 +0100
@@ -11,11 +11,11 @@
Signed-off-by: Enzo Matsumiya <ematsum...@suse.de>
-Index: audit-3.0.6/init.d/auditd.service
+Index: audit-3.0.9/init.d/auditd.service
===================================================================
---- audit-3.0.6.orig/init.d/auditd.service
-+++ audit-3.0.6/init.d/auditd.service
-@@ -23,9 +23,9 @@ ExecStart=/sbin/auditd
+--- audit-3.0.9.orig/init.d/auditd.service
++++ audit-3.0.9/init.d/auditd.service
+@@ -25,9 +25,9 @@ ExecStart=/sbin/auditd
## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
ExecStartPost=-/sbin/augenrules --load
#ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
++++++ fix-hardened-service.patch ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.757366911 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.761366936 +0100
@@ -12,9 +12,11 @@
Signed-off-by: Enzo Matsumiya <ematsum...@suse.de>
---- a/init.d/auditd.service
-+++ b/init.d/auditd.service
-@@ -37,12 +37,12 @@ RestrictRealtime=true
+Index: audit-3.0.9/init.d/auditd.service
+===================================================================
+--- audit-3.0.9.orig/init.d/auditd.service
++++ audit-3.0.9/init.d/auditd.service
+@@ -41,12 +41,12 @@ RestrictRealtime=true
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
++++++ harden_auditd.service.patch ++++++
--- /var/tmp/diff_new_pack.Tf1cLg/_old 2023-02-19 18:18:39.773367012 +0100
+++ /var/tmp/diff_new_pack.Tf1cLg/_new 2023-02-19 18:18:39.777367038 +0100
@@ -1,8 +1,10 @@
---- a/init.d/auditd.service
-+++ b/init.d/auditd.service
-@@ -34,6 +34,15 @@ ProtectControlGroups=true
+Index: audit-3.0.9/init.d/auditd.service
+===================================================================
+--- audit-3.0.9.orig/init.d/auditd.service
++++ audit-3.0.9/init.d/auditd.service
+@@ -38,6 +38,15 @@ LockPersonality=true
+ ProtectControlGroups=true
ProtectKernelModules=true
- ProtectHome=true
RestrictRealtime=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
