diff --git a/.audit.metadata b/.audit.metadata index ed32e02..c907f4c 100644 --- a/.audit.metadata +++ b/.audit.metadata @@ -1 +1 @@ -7c485e7c97eb25f7413eaf1dd3edb03ad0b2619f SOURCES/audit-3.0.7.tar.gz +45cffb1ded9a57a79b33547f58228131d3eb14a6 SOURCES/audit-3.1.2.tar.gz diff --git a/.gitignore b/.gitignore index 945427a..4c835b4 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/audit-3.0.7.tar.gz +SOURCES/audit-3.1.2.tar.gz diff --git a/SOURCES/audit-3.0.7-gcc-flags.patch b/SOURCES/audit-3.0.7-gcc-flags.patch deleted file mode 100644 index 7b0f296..0000000 --- a/SOURCES/audit-3.0.7-gcc-flags.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 36beaefbb4ecb0a222ac68ec9f17f854a82f7235 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Mon, 14 Feb 2022 15:30:09 -0500 -Subject: [PATCH] Adjust compile flags - ---- - audisp/plugins/remote/Makefile.am | 2 +- - auparse/Makefile.am | 2 +- - configure.ac | 15 +++++++++++++++ - src/Makefile.am | 2 +- - 4 files changed, 18 insertions(+), 3 deletions(-) - -diff --git a/audisp/plugins/remote/Makefile.am b/audisp/plugins/remote/Makefile.am -index 217d477c5..1ac77ee8d 100644 ---- a/audisp/plugins/remote/Makefile.am -+++ b/audisp/plugins/remote/Makefile.am -@@ -36,7 +36,7 @@ TESTS = $(check_PROGRAMS) - - audisp_remote_DEPENDENCIES = ${top_builddir}/common/libaucommon.la - audisp_remote_SOURCES = audisp-remote.c remote-config.c queue.c --audisp_remote_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -Wundef -+audisp_remote_CFLAGS = -fPIE -DPIE -g -D_REENTRANT -D_GNU_SOURCE -Wundef ${WFLAGS} - audisp_remote_LDFLAGS = -pie -Wl,-z,relro -Wl,-z,now - audisp_remote_LDADD = $(CAPNG_LDADD) $(gss_libs) ${top_builddir}/common/libaucommon.la - -diff --git a/auparse/Makefile.am b/auparse/Makefile.am -index b34b6c042..1eb5352cf 100644 ---- a/auparse/Makefile.am -+++ b/auparse/Makefile.am -@@ -26,7 +26,7 @@ SUBDIRS = test - EXTRA_DIST = expression-design.txt - CLEANFILES = $(BUILT_SOURCES) - CONFIG_CLEAN_FILES = *.loT *.rej *.orig --AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG} -Wno-pointer-sign -Wno-enum-compare -Wno-switch -+AM_CFLAGS = -fPIC -DPIC -D_GNU_SOURCE -g ${DEBUG} -Wno-pointer-sign -Wno-enum-compare -Wno-switch ${WFLAGS} - AM_CPPFLAGS = -I. -I${top_srcdir} -I${top_srcdir}/src -I${top_srcdir}/lib -I${top_srcdir}/common - LIBS = - -diff --git a/configure.ac b/configure.ac -index e40d41e14..e74fd7036 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -341,6 +341,21 @@ else - fi - ],WARNS="$ALLWARNS") - -+WFLAGS="" -+AC_MSG_CHECKING(for -Wformat-truncation) -+TMPCFLAGS="${CFLAGS}" -+CFLAGS="${CFLAGS} -Wformat-truncation" -+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[WFLAGS="-Wno-format-truncation" -+ AC_MSG_RESULT(yes)], -+ [AC_MSG_RESULT(no)]) -+CFLAGS="${TMPCFLAGS}" -+CFLAGS="${CFLAGS} -Wunused-but-set-variable" -+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[WFLAGS="${WFLAGS} -Wno-unused-but-set-variable" -+ AC_MSG_RESULT(yes)], -+ [AC_MSG_RESULT(no)]) -+CFLAGS="${TMPCFLAGS}" -+AC_SUBST(WFLAGS) -+ - withval="" - AC_MSG_CHECKING(whether to include arm eabi processor support) - AC_ARG_WITH(arm, -diff --git a/src/Makefile.am b/src/Makefile.am -index 9c68b42db..2bebf8d50 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -25,7 +25,7 @@ CONFIG_CLEAN_FILES = *.rej *.orig - SUBDIRS = test - AM_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/lib -I${top_srcdir}/src/libev -I${top_srcdir}/auparse -I${top_srcdir}/audisp -I${top_srcdir}/common - sbin_PROGRAMS = auditd auditctl aureport ausearch autrace --AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign -+AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign ${WFLAGS} - noinst_HEADERS = auditd-config.h auditd-event.h auditd-listen.h ausearch-llist.h ausearch-options.h auditctl-llist.h aureport-options.h ausearch-parse.h aureport-scan.h ausearch-lookup.h ausearch-int.h auditd-dispatch.h ausearch-string.h ausearch-nvpair.h ausearch-common.h ausearch-avc.h ausearch-time.h ausearch-lol.h auditctl-listing.h ausearch-checkpt.h - - auditd_SOURCES = auditd.c auditd-event.c auditd-config.c auditd-reconfig.c auditd-sendmail.c auditd-dispatch.c diff --git a/SOURCES/audit-3.0.8-auparse-path-norm.patch b/SOURCES/audit-3.0.8-auparse-path-norm.patch deleted file mode 100644 index 2fb20fb..0000000 --- a/SOURCES/audit-3.0.8-auparse-path-norm.patch +++ /dev/null @@ -1,31 +0,0 @@ -From becc1c297279f757835943e2cad63992134511f9 Mon Sep 17 00:00:00 2001 -From: Sergio Correia -Date: Mon, 7 Mar 2022 13:11:09 -0300 -Subject: [PATCH] auparse: fix off-by-one issue in path_norm() (#242) - -When defining dest = rpath + 1, we end up having the first char of -`dest' as NULL -- since `rpath' points to `working', which is a static -buffer. - -With the first char as NULL, path_norm() ends up producing an empty string. - -This commit fixes the issue reported in this [1] mailing list post. - -[1] https://listman.redhat.com/archives/linux-audit/2022-February/018844.html ---- - auparse/interpret.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/auparse/interpret.c b/auparse/interpret.c -index c8a0d96dd..df593c44c 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -895,7 +895,7 @@ static char *path_norm(const char *name) - return strdup(name); - - rpath = working; -- dest = rpath + 1; -+ dest = rpath; - rpath_limit = rpath + PATH_MAX; - - for (start = name; *start; start = end) { diff --git a/SOURCES/audit-3.0.8-drop-protecthome.patch b/SOURCES/audit-3.0.8-drop-protecthome.patch deleted file mode 100644 index a9a70de..0000000 --- a/SOURCES/audit-3.0.8-drop-protecthome.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c426507a501efde0367a09a81e917d1d10722b78 Mon Sep 17 00:00:00 2001 -From: Sergio Correia -Date: Thu, 31 Mar 2022 15:00:57 -0300 -Subject: [PATCH] Drop ProtectHome from auditd.service as it interferes with - rules - -Upstream: https://github.com/linux-audit/audit-userspace/commit/12cf14ed ---- - init.d/auditd.service | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/init.d/auditd.service b/init.d/auditd.service -index e801281..0a4c498 100644 ---- a/init.d/auditd.service -+++ b/init.d/auditd.service -@@ -36,7 +36,6 @@ MemoryDenyWriteExecute=true - LockPersonality=true - ProtectControlGroups=true - ProtectKernelModules=true --ProtectHome=true - RestrictRealtime=true - - [Install] --- -2.35.1 - diff --git a/SOURCES/audit-3.0.8-flex-array-workaround.patch b/SOURCES/audit-3.0.8-flex-array-workaround.patch deleted file mode 100644 index e9bd391..0000000 --- a/SOURCES/audit-3.0.8-flex-array-workaround.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i -index 21aafca..8c48123 100644 ---- a/bindings/swig/src/auditswig.i -+++ b/bindings/swig/src/auditswig.i -@@ -39,7 +39,7 @@ signed - #define __attribute(X) /*nothing*/ - typedef unsigned __u32; - typedef unsigned uid_t; --%include "/usr/include/linux/audit.h" -+%include "../lib/audit.h" - #define __extension__ /*nothing*/ - %include - %include "../lib/libaudit.h" -diff --git a/lib/audit.h b/lib/audit.h -index 51d7f2b..b2f306d 100644 ---- a/lib/audit.h -+++ b/lib/audit.h -@@ -514,7 +514,7 @@ struct audit_rule_data { - __u32 values[AUDIT_MAX_FIELDS]; - __u32 fieldflags[AUDIT_MAX_FIELDS]; - __u32 buflen; /* total length of string fields */ -- char buf[]; /* string fields buffer */ -+ char buf[0]; /* string fields buffer */ - }; - - #endif /* _LINUX_AUDIT_H_ */ -diff --git a/lib/libaudit.h b/lib/libaudit.h -index 08b7d22..6b7408c 100644 ---- a/lib/libaudit.h -+++ b/lib/libaudit.h -@@ -32,7 +32,7 @@ extern "C" { - #include - #include - #include --#include -+#include "audit.h" - #include - #include - diff --git a/SOURCES/audit-3.0.8-undo-flex-array.patch b/SOURCES/audit-3.0.8-undo-flex-array.patch deleted file mode 100644 index 917eaf3..0000000 --- a/SOURCES/audit-3.0.8-undo-flex-array.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/usr/include/libaudit.h b/usr/include/libaudit.h -index 6b7408c..08b7d22 100644 ---- a/usr/include/libaudit.h -+++ b/usr/include/libaudit.h -@@ -32,7 +32,7 @@ extern "C" { - #include - #include - #include --#include "audit.h" -+#include - #include - #include - diff --git a/SOURCES/audit-3.1-fanotify-records.patch b/SOURCES/audit-3.1-fanotify-records.patch deleted file mode 100644 index b3195b9..0000000 --- a/SOURCES/audit-3.1-fanotify-records.patch +++ /dev/null @@ -1,122 +0,0 @@ -From d1aec22f62b1cd95c16b26b67a9268ed27713f84 Mon Sep 17 00:00:00 2001 -From: Steve Grubb -Date: Tue, 7 Feb 2023 10:32:11 -0500 -Subject: [PATCH] Add support for new FANOTIFY record fields - ---- - ChangeLog | 1 + - auparse/auparse-defs.h | 5 ++-- - auparse/interpret.c | 65 +++++++++++++++++++++++++++++++++++++++++- - auparse/typetab.h | 4 +++ - 4 files changed, 72 insertions(+), 3 deletions(-) - -diff --git a/auparse/auparse-defs.h b/auparse/auparse-defs.h -index 7c0ac76..81a85a4 100644 ---- a/auparse/auparse-defs.h -+++ b/auparse/auparse-defs.h -@@ -88,7 +88,8 @@ typedef enum { AUPARSE_TYPE_UNCLASSIFIED, AUPARSE_TYPE_UID, AUPARSE_TYPE_GID, - AUPARSE_TYPE_NETACTION, AUPARSE_TYPE_MACPROTO, - AUPARSE_TYPE_IOCTL_REQ, AUPARSE_TYPE_ESCAPED_KEY, - AUPARSE_TYPE_ESCAPED_FILE, AUPARSE_TYPE_FANOTIFY, -- AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE -+ AUPARSE_TYPE_NLMCGRP, AUPARSE_TYPE_RESOLVE, AUPARSE_TYPE_TRUST, -+ AUPARSE_TYPE_FAN_TYPE, AUPARSE_TYPE_FAN_INFO - } auparse_type_t; - - /* This type determines what escaping if any gets applied to interpreted fields */ -diff --git a/auparse/interpret.c b/auparse/interpret.c -index 373851f..f106056 100644 ---- a/auparse/interpret.c -+++ b/auparse/interpret.c -@@ -2372,6 +2372,60 @@ static const char *print_openat2_resolve(const char *val) - return strdup(buf); - } - -+static const char *print_trust(const char *val) -+{ -+ const char *out; -+ -+ if (strcmp(val, "0") == 0) -+ out = strdup("no"); -+ else if (strcmp(val, "1") == 0) -+ out = strdup("yes"); -+ else -+ out = strdup("unknown"); -+ -+ return out; -+} -+ -+// fan_type always preceeds fan_info -+static int last_type = 2; -+static const char *print_fan_type(const char *val) -+{ -+ const char *out; -+ -+ if (strcmp(val, "0") == 0) { -+ out = strdup("none"); -+ last_type = 0; -+ } else if (strcmp(val, "1") == 0) { -+ out = strdup("rule_info"); -+ last_type = 1; -+ } else { -+ out = strdup("unknown"); -+ last_type = 2; -+ } -+ -+ return out; -+} -+ -+static const char *print_fan_info(const char *val) -+{ -+ const char *out; -+ if (last_type == 1) { -+ errno = 0; -+ unsigned long info = strtoul(val, NULL, 16); -+ if (errno) { -+ if (asprintf(&out, "conversion error(%s)", val) < 0) -+ out = NULL; -+ return out; -+ } else { -+ if (asprintf(&out, "%lu", info) < 0) -+ out = NULL; -+ return out; -+ } -+ } else -+ out = strdup(val); -+ return out; -+} -+ - static const char *print_a0(const char *val, const idata *id) - { - char *out; -@@ -3286,6 +3340,15 @@ unknown: - case AUPARSE_TYPE_RESOLVE: - out = print_openat2_resolve(id->val); - break; -+ case AUPARSE_TYPE_TRUST: -+ out = print_trust(id->val); -+ break; -+ case AUPARSE_TYPE_FAN_TYPE: -+ out = print_fan_type(id->val); -+ break; -+ case AUPARSE_TYPE_FAN_INFO: -+ out = print_fan_info(id->val); -+ break; - case AUPARSE_TYPE_MAC_LABEL: - case AUPARSE_TYPE_UNCLASSIFIED: - default: -diff --git a/auparse/typetab.h b/auparse/typetab.h -index 0e37d02..5c8fca8 100644 ---- a/auparse/typetab.h -+++ b/auparse/typetab.h -@@ -145,3 +145,7 @@ _S(AUPARSE_TYPE_ESCAPED, "sw" ) - _S(AUPARSE_TYPE_ESCAPED, "root_dir" ) - _S(AUPARSE_TYPE_NLMCGRP, "nl-mcgrp" ) - _S(AUPARSE_TYPE_RESOLVE, "resolve" ) -+_S(AUPARSE_TYPE_TRUST, "subj_trust" ) -+_S(AUPARSE_TYPE_TRUST, "obj_trust" ) -+_S(AUPARSE_TYPE_FAN_TYPE, "fan_type" ) -+_S(AUPARSE_TYPE_FAN_INFO, "fan_info" ) --- -2.41.0 - diff --git a/SPECS/audit.spec b/SPECS/audit.spec index 2533d84..fc7a275 100644 --- a/SPECS/audit.spec +++ b/SPECS/audit.spec @@ -1,21 +1,14 @@ Summary: User space tools for kernel auditing Name: audit -Version: 3.0.7 -Release: 104%{?dist} +Version: 3.1.2 +Release: 2%{?dist} License: GPLv2+ URL: http://people.redhat.com/sgrubb/audit/ Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Patch1: 0001-Add-ausysrulevalidate.patch -Patch2: audit-3.0.7-gcc-flags.patch -Patch3: audit-3.0.8-auparse-path-norm.patch -Patch4: audit-3.0.8-drop-protecthome.patch -Patch5: audit-3.0.8-flex-array-workaround.patch -Patch6: audit-3.0.8-undo-flex-array.patch - -Patch7: audit-3.1-fanotify-records.patch BuildRequires: make gcc swig BuildRequires: openldap-devel @@ -98,14 +91,6 @@ Management Facility) database, through an IBM Tivoli Directory Server %setup -q cp %{SOURCE1} . %patch -P 1 -p1 -%patch -P 2 -p1 -%patch -P 3 -p1 -%patch -P 4 -p1 - -cp /usr/include/linux/audit.h lib/ -%patch -P 5 -p1 - -%patch -P 7 -p1 autoreconf -fv --install @@ -116,8 +101,8 @@ sed -i 's/ ids / /' audisp/plugins/Makefile.in %configure --with-python=no \ --with-python3=yes \ --enable-gssapi-krb5=yes --with-arm --with-aarch64 \ - --with-libcap-ng=yes --enable-zos-remote \ - --enable-systemd --enable-experimental + --with-libcap-ng=yes --enable-zos-remote --without-golang \ + --enable-systemd --enable-experimental --with-io_uring make CFLAGS="%{optflags}" %{?_smp_mflags} @@ -134,6 +119,7 @@ make DESTDIR=$RPM_BUILD_ROOT install # Validate sample rules shipped. for r in $RPM_BUILD_ROOT/%{_datadir}/%{name}/sample-rules/*.rules; do PYTHONPATH=$RPM_BUILD_ROOT/%{python3_sitearch} \ + LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir} \ %{_builddir}/%{name}-%{version}/contrib/ausysrulevalidate \ --update --rules-file "${r}" done @@ -149,13 +135,6 @@ find $RPM_BUILD_ROOT/%{_libdir}/python%{python3_version}/site-packages -name '*. touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz -# undo the workaround -cur=`pwd` -cd $RPM_BUILD_ROOT -patch -p1 < %{PATCH6} -find . -name '*.orig' -delete -cd $cur - %check make check # Get rid of make files so that they don't get packaged. @@ -175,7 +154,6 @@ fi %systemd_post auditd.service %preun -%systemd_preun auditd.service if [ $1 -eq 0 ]; then /sbin/service auditd stop > /dev/null 2>&1 fi @@ -257,7 +235,6 @@ fi %ghost %config(noreplace) %attr(600,root,root) /etc/audit/rules.d/audit.rules %ghost %config(noreplace) %attr(640,root,root) /etc/audit/audit.rules %config(noreplace) %attr(640,root,root) /etc/audit/audit-stop.rules -%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf %files -n audispd-plugins %config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf @@ -265,13 +242,16 @@ fi %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf %config(noreplace) %attr(640,root,root) /etc/audit/audisp-statsd.conf %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-statsd.conf +%config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/af_unix.conf %attr(750,root,root) %{_sbindir}/audisp-remote %attr(750,root,root) %{_sbindir}/audisp-syslog +%attr(750,root,root) %{_sbindir}/audisp-af_unix %attr(750,root,root) %{_sbindir}/audisp-statsd %attr(700,root,root) %dir %{_var}/spool/audit %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-syslog.8.gz +%attr(644,root,root) %{_mandir}/man8/audisp-af_unix.8.gz %attr(644,root,root) %{_mandir}/man8/audisp-statsd.8.gz %files -n audispd-plugins-zos @@ -282,9 +262,17 @@ fi %attr(750,root,root) %{_sbindir}/audispd-zos-remote %changelog +* Wed Nov 08 2023 Sergio Correia - 3.1.2-2 +- Remove %systemd_preun from %preun scriptlet, as it was causing troubles when removing audit + Related: RHEL-14896 + +* Fri Oct 27 2023 Sergio Correia - 3.1.2-1 +- New upstream release, 3.1.2 + Resolves: RHEL-14896 + * Thu Jun 22 2023 Radovan Sroka - 3.0.7-104 - Introduce new fanotify record fields -Resolves: rhbz#2216666 + Resolves: rhbz#2216666 * Mon May 02 2022 Sergio Correia - 3.0.7-103 - Drop ProtectHome from auditd.service as it interferes with rules