From bcda57a93a906d0dfe1eee94ee17d8a62d3d3132 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 21 2020 18:56:13 +0000 Subject: import audit-3.0-0.16.20191104git1c2f876.el8 --- diff --git a/.audit.metadata b/.audit.metadata index ab146fb..363ea1c 100644 --- a/.audit.metadata +++ b/.audit.metadata @@ -1 +1 @@ -5205dd634a26512d69d75ca27171c70b70f102f0 SOURCES/audit-3.0-alpha8.tar.gz +fe9807c29de893c8e8bc4df8624e00a98ab2b32a SOURCES/audit-3.0-alpha9.tar.gz diff --git a/.gitignore b/.gitignore index fa16155..de9fa84 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/audit-3.0-alpha8.tar.gz +SOURCES/audit-3.0-alpha9.tar.gz diff --git a/SOURCES/audit-3.0-clang-warnings.patch b/SOURCES/audit-3.0-clang-warnings.patch new file mode 100644 index 0000000..a8bea31 --- /dev/null +++ b/SOURCES/audit-3.0-clang-warnings.patch @@ -0,0 +1,36 @@ +commit b4b63a18e044e507b9091f01aef91d4b3beff97d +Author: Steve Grubb +Date: Mon Nov 4 16:54:44 2019 -0500 + + Fix 2 clang reported warnings + +diff --git a/audisp/plugins/syslog/audisp-syslog.c b/audisp/plugins/syslog/audisp-syslog.c +index 2515e0b..9daa021 100644 +--- a/audisp/plugins/syslog/audisp-syslog.c ++++ b/audisp/plugins/syslog/audisp-syslog.c +@@ -181,7 +181,7 @@ static inline void write_syslog(char *s) + mptr = stpcpy(mptr, fval ? fval : "?"); + mptr = stpcpy(mptr, " "); + rc = auparse_next_field(au); +- if (!header && strcmp(fname, "type") == 0) { ++ if (!header && fname && strcmp(fname, "type") == 0) { + mptr = stpcpy(mptr, "msg=audit("); + + time_t t = auparse_get_time(au); +diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c +index 54452e8..e709456 100644 +--- a/src/ausearch-lol.c ++++ b/src/ausearch-lol.c +@@ -324,8 +324,11 @@ int lol_add_record(lol *lo, char *buff) + } + + // Eat standalone EOE, main event was already marked complete +- if (e.type == AUDIT_EOE) ++ if (e.type == AUDIT_EOE) { ++ free((char *)e.node); ++ free(n.message); + return 0; ++ } + + // Create new event and fill it in + l = malloc(sizeof(llist)); diff --git a/SOURCES/audit-3.0-user-event.patch b/SOURCES/audit-3.0-user-event.patch new file mode 100644 index 0000000..99aaf0f --- /dev/null +++ b/SOURCES/audit-3.0-user-event.patch @@ -0,0 +1,35 @@ +diff --git a/src/auditctl.c b/src/auditctl.c +index ac08e47..1150911 100644 +--- a/src/auditctl.c ++++ b/src/auditctl.c +@@ -809,6 +809,7 @@ static int setopt(int count, int lineno, char *vars[]) + retval = -1; + } else { + const char*s = optarg; ++ char *umsg; + while (*s) { + if (*s < 32) { + audit_msg(LOG_ERR, +@@ -817,11 +818,18 @@ static int setopt(int count, int lineno, char *vars[]) + } + s++; + } ++ if (asprintf(&umsg, "text=%s", optarg) < 0) { ++ audit_msg(LOG_ERR, "Can't create user event"); ++ return -1; ++ } + if (audit_log_user_message( fd, AUDIT_USER, +- optarg, NULL, NULL, NULL, 1) <= 0) +- retval = -1; +- else +- return -2; // success - no reply for this ++ umsg, NULL, NULL, NULL, 1) <= 0) ++ retval = -1; ++ else { ++ free(umsg); ++ return -2; // success - no reply for this ++ } ++ free(umsg); + } + break; + case 'R': diff --git a/SPECS/audit.spec b/SPECS/audit.spec index 28a7d3c..827edd2 100644 --- a/SPECS/audit.spec +++ b/SPECS/audit.spec @@ -1,23 +1,26 @@ %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} -Summary: User space tools for 2.6 kernel auditing +Summary: User space tools for kernel auditing Name: audit Version: 3.0 -Release: 0.11.20190507gitf58ec40%{?dist} +Release: 0.16.20191104git1c2f876%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ -Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha8.tar.gz +Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha9.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt +Patch1: audit-3.0-clang-warnings.patch +Patch2: audit-3.0-user-event.patch BuildRequires: gcc swig BuildRequires: openldap-devel BuildRequires: krb5-devel libcap-ng-devel BuildRequires: kernel-headers >= 2.6.29 -Requires: %{name}-libs%{?_isa} = %{version}-%{release} BuildRequires: systemd + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires(post): systemd coreutils -Requires(preun): systemd -Requires(postun): systemd coreutils +Requires(preun): systemd initscripts +Requires(postun): systemd coreutils initscripts %description The audit package contains the user space utilities for @@ -79,10 +82,10 @@ incoming audit events, as they happen, to a configured z/OS SMF (Service Management Facility) database, through an IBM Tivoli Directory Server (ITDS) set for Remote Audit service. -%enable_gotoolset7 - %prep %setup -q +%patch1 -p1 +%patch2 -p1 cp %{SOURCE1} . %build @@ -90,7 +93,7 @@ cp %{SOURCE1} . --with-python3=yes \ --enable-gssapi-krb5=yes --with-arm --with-aarch64 \ --with-libcap-ng=yes --enable-zos-remote \ - --enable-systemd + --enable-systemd make CFLAGS="%{optflags}" %{?_smp_mflags} @@ -136,8 +139,8 @@ rm -f rules/Makefile* # Copy default rules into place on new installation files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w` if [ "$files" -eq 0 ] ; then - if [ -e /usr/share/doc/audit/rules/10-base-config.rules ] ; then - cp /usr/share/doc/audit/rules/10-base-config.rules /etc/audit/rules.d/audit.rules + if [ -e %{_datadir}/%{name}/sample-rules/10-base-config.rules ] ; then + cp %{_datadir}/%{name}/sample-rules/10-base-config.rules /etc/audit/rules.d/audit.rules else touch /etc/audit/rules.d/audit.rules fi @@ -148,12 +151,12 @@ fi %preun %systemd_preun auditd.service if [ $1 -eq 0 ]; then - /sbin/service auditd stop > /dev/null 2>&1 + /sbin/service auditd stop > /dev/null 2>&1 fi %postun if [ $1 -ge 1 ]; then - /sbin/service auditd condrestart > /dev/null 2>&1 || : + /sbin/service auditd condrestart > /dev/null 2>&1 || : fi %files libs @@ -180,9 +183,10 @@ fi %attr(755,root,root) %{python3_sitearch}/* %files -%doc README ChangeLog rules init.d/auditd.cron +%doc README ChangeLog init.d/auditd.cron %{!?_licensedir:%global license %%doc} %license COPYING +%attr(644,root,root) %{_datadir}/%{name}/sample-rules/* %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz %attr(644,root,root) %{_mandir}/man8/auditd.8.gz %attr(644,root,root) %{_mandir}/man8/aureport.8.gz @@ -202,7 +206,7 @@ fi %attr(755,root,root) /sbin/ausearch %attr(755,root,root) /sbin/aureport %attr(750,root,root) /sbin/autrace -%attr(750,root,root) /sbin/augenrules +%attr(755,root,root) /sbin/augenrules %attr(755,root,root) %{_bindir}/aulast %attr(755,root,root) %{_bindir}/aulastlog %attr(755,root,root) %{_bindir}/ausyscall @@ -217,7 +221,7 @@ fi %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop %ghost %{_localstatedir}/run/auditd.state -%attr(750,root,root) %dir %{_var}/log/audit +%attr(-,root,-) %dir %{_var}/log/audit %attr(750,root,root) %dir /etc/audit %attr(750,root,root) %dir /etc/audit/rules.d %attr(750,root,root) %dir /etc/audit/plugins.d @@ -246,6 +250,22 @@ fi %attr(750,root,root) /sbin/audispd-zos-remote %changelog +* Thu Nov 28 2019 Steve Grubb 3.0-0.18.20191104git1c2f876 +resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin + +* Mon Nov 04 2019 Steve Grubb 3.0-0.15.20191104git1c2f876 +resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates +resolves: rhbz#1767054 - move audit rules to shared data directory +resolves: rhbz#1746018 - Breakup 30-ospp-v42.rules into more granular files +resolves: rhbz#1740798 - auditctl(8) needs clarification for backlog_limit +resolves: rhbz#1497279 - Add option to interpret fields in audit syslog plugin + +* Thu Jul 25 2019 Steve Grubb 3.0-0.13.20190607gitf58ec40 +resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes + +* Sat Jul 13 2019 Steve Grubb 3.0-0.12.20190607gitf58ec40 +resolves: rhbz#1695638 - Rebase audit package to pick up latest bugfixes + * Mon Jun 10 2019 Steve Grubb 3.0-0.11.20190607gitf58ec40 resolves: rhbz#1643567 - service auditd stop exits prematurely resolves: rhbz#1693470 - libauparse memory leak