import audit-3.0.7-2.el8

.audit.metadata

@@ -1 +1 @@
-fe9807c29de893c8e8bc4df8624e00a98ab2b32a SOURCES/audit-3.0-alpha9.tar.gz
+7c485e7c97eb25f7413eaf1dd3edb03ad0b2619f SOURCES/audit-3.0.7.tar.gz

.gitignore

@@ -1 +1 @@
-SOURCES/audit-3.0-alpha9.tar.gz
+SOURCES/audit-3.0.7.tar.gz

SOURCES/audit-3.0-bpf-record.patch

@@ -1,38 +0,0 @@
-From 9e0cf4082ddbefab8558ce1349e22f6f1777040d Mon Sep 17 00:00:00 2001
-From: olsajiri <42811547+olsajiri@users.noreply.github.com>
-Date: Wed, 11 Dec 2019 17:57:39 +0100
-Subject: [PATCH] Add support for AUDIT_BPF event (#104)
-
-Signed-off-by: Jiri Olsa <jolsa@redhat.com>
----
- lib/libaudit.h    | 4 ++++
- lib/msg_typetab.h | 1 +
- 2 files changed, 5 insertions(+)
-
-diff --git a/lib/libaudit.h b/lib/libaudit.h
-index ac22e2c..0eea55f 100644
---- a/lib/libaudit.h
-+++ b/lib/libaudit.h
-@@ -290,6 +290,10 @@ extern "C" {
- #define AUDIT_TIME_ADJNTPVAL	1333 /* NTP value adjustment */
- #endif
- 
-+#ifndef AUDIT_BPF
-+#define AUDIT_BPF		1334 /* BPF load/unload */
-+#endif
-+
- #ifndef AUDIT_MAC_CALIPSO_ADD
- #define AUDIT_MAC_CALIPSO_ADD	1418 /* NetLabel: add CALIPSO DOI entry */
- #endif
-diff --git a/lib/msg_typetab.h b/lib/msg_typetab.h
-index d668f34..81b1ea5 100644
---- a/lib/msg_typetab.h
-+++ b/lib/msg_typetab.h
-@@ -125,6 +125,7 @@ _S(AUDIT_KERN_MODULE,                "KERN_MODULE"                   )
- _S(AUDIT_FANOTIFY,                   "FANOTIFY"                      )
- _S(AUDIT_TIME_INJOFFSET,             "TIME_INJOFFSET"                )
- _S(AUDIT_TIME_ADJNTPVAL,             "TIME_ADJNTPVAL"                )
-+_S(AUDIT_BPF,                        "BPF"                           )
- _S(AUDIT_AVC,                        "AVC"                           )
- _S(AUDIT_SELINUX_ERR,                "SELINUX_ERR"                   )
- _S(AUDIT_AVC_PATH,                   "AVC_PATH"                      )

SOURCES/audit-3.0-clang-warnings.patch

@@ -1,36 +0,0 @@
-commit b4b63a18e044e507b9091f01aef91d4b3beff97d
-Author: Steve Grubb <sgrubb@redhat.com>
-Date:   Mon Nov 4 16:54:44 2019 -0500
-
-    Fix 2 clang reported warnings
-
-diff --git a/audisp/plugins/syslog/audisp-syslog.c b/audisp/plugins/syslog/audisp-syslog.c
-index 2515e0b..9daa021 100644
---- a/audisp/plugins/syslog/audisp-syslog.c
-+++ b/audisp/plugins/syslog/audisp-syslog.c
-@@ -181,7 +181,7 @@ static inline void write_syslog(char *s)
- 			mptr = stpcpy(mptr, fval ? fval : "?");
- 			mptr = stpcpy(mptr, " ");
- 			rc = auparse_next_field(au);
--			if (!header && strcmp(fname, "type") == 0) {
-+			if (!header && fname && strcmp(fname, "type") == 0) {
- 				mptr = stpcpy(mptr, "msg=audit(");
- 
- 				time_t t = auparse_get_time(au);
-diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
-index 54452e8..e709456 100644
---- a/src/ausearch-lol.c
-+++ b/src/ausearch-lol.c
-@@ -324,8 +324,11 @@ int lol_add_record(lol *lo, char *buff)
- 	}
- 
- 	// Eat standalone EOE, main event was already marked complete
--	if (e.type == AUDIT_EOE)
-+	if (e.type == AUDIT_EOE) {
-+		free((char *)e.node);
-+		free(n.message);
- 		return 0;
-+	}
- 
- 	// Create new event and fill it in
- 	l = malloc(sizeof(llist));

SOURCES/audit-3.0-user-event.patch

@@ -1,35 +0,0 @@
-diff --git a/src/auditctl.c b/src/auditctl.c
-index ac08e47..1150911 100644
---- a/src/auditctl.c
-+++ b/src/auditctl.c
-@@ -809,6 +809,7 @@ static int setopt(int count, int lineno, char *vars[])
- 			retval = -1;
- 		} else {
- 			const char*s = optarg;
-+			char *umsg;
- 			while (*s) {
- 				if (*s < 32) {
- 					audit_msg(LOG_ERR,
-@@ -817,11 +818,18 @@ static int setopt(int count, int lineno, char *vars[])
- 				}
- 				s++;
- 			}
-+			if (asprintf(&umsg, "text=%s", optarg) < 0) {
-+				audit_msg(LOG_ERR, "Can't create user event");
-+				return -1;
-+			}
- 			if (audit_log_user_message( fd, AUDIT_USER,
--					optarg, NULL, NULL, NULL, 1) <= 0)
--			retval = -1;
--		else
--			return -2;  // success - no reply for this
-+					umsg, NULL, NULL, NULL, 1) <= 0)
-+				retval = -1;
-+			else {
-+				free(umsg);
-+				return -2;  // success - no reply for this
-+			}
-+			free(umsg);
- 		}
- 		break;
- 	case 'R':

SPECS/audit.spec

@@ -2,17 +2,14 @@
 
 Summary: User space tools for kernel auditing
 Name: audit
-Version: 3.0
+Version: 3.0.7
-Release: 0.17.20191104git1c2f876%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://people.redhat.com/sgrubb/audit/
-Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}-alpha9.tar.gz
+Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
-Patch1: audit-3.0-clang-warnings.patch
-Patch2: audit-3.0-user-event.patch
-Patch3: audit-3.0-bpf-record.patch
 
-BuildRequires: gcc swig
+BuildRequires: gcc swig make
 BuildRequires: openldap-devel
 BuildRequires: krb5-devel libcap-ng-devel
 BuildRequires: kernel-headers >= 2.6.29
@@ -85,14 +82,11 @@ Management Facility) database, through an IBM Tivoli Directory Server
 
 %prep
 %setup -q
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
 cp %{SOURCE1} .
 
 %build
-%configure --sbindir=/sbin --libdir=/%{_lib} --with-python=no \
+%configure --with-python=no \
-           --with-python3=yes \
+	   --with-python3=yes \
 	   --enable-gssapi-krb5=yes --with-arm --with-aarch64 \
 	   --with-libcap-ng=yes --enable-zos-remote \
 	   --enable-systemd
@@ -108,26 +102,13 @@ mkdir -p --mode=0700 $RPM_BUILD_ROOT/%{_var}/log/audit
 mkdir -p $RPM_BUILD_ROOT/%{_var}/spool/audit
 make DESTDIR=$RPM_BUILD_ROOT install
 
-mkdir -p $RPM_BUILD_ROOT/%{_libdir}
-curdir=`pwd`
-cd $RPM_BUILD_ROOT/%{_libdir}
-LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.1.*.*\``
-ln -s ../../%{_lib}/$LIBNAME libaudit.so
-LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.0.*.*\``
-ln -s ../../%{_lib}/$LIBNAME libauparse.so
-cd $curdir
 # Remove these items so they don't get picked up.
-rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so
+rm -f $RPM_BUILD_ROOT/%{_libdir}/libaudit.a
-rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so
+rm -f $RPM_BUILD_ROOT/%{_libdir}/libauparse.a
-rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.a
-rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.a
 
 find $RPM_BUILD_ROOT -name '*.la' -delete
 find $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages -name '*.a' -delete
 
-# Move the pkgconfig file
-mv $RPM_BUILD_ROOT/%{_lib}/pkgconfig $RPM_BUILD_ROOT%{_libdir}
-
 # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
 touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
 touch -r ./audit.spec $RPM_BUILD_ROOT/usr/share/man/man5/libaudit.conf.5.gz
@@ -164,8 +145,8 @@ fi
 %files libs
 %{!?_licensedir:%global license %%doc}
 %license lgpl-2.1.txt
-/%{_lib}/libaudit.so.1*
+%{_libdir}/libaudit.so.1*
-/%{_lib}/libauparse.*
+%{_libdir}/libauparse.*
 %config(noreplace) %attr(640,root,root) /etc/libaudit.conf
 %{_mandir}/man5/libaudit.conf.5.gz
 
@@ -188,6 +169,7 @@ fi
 %doc README ChangeLog init.d/auditd.cron
 %{!?_licensedir:%global license %%doc}
 %license COPYING
+%attr(755,root,root) %{_datadir}/%{name}
 %attr(644,root,root) %{_datadir}/%{name}/sample-rules/*
 %attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
 %attr(644,root,root) %{_mandir}/man8/auditd.8.gz
@@ -203,12 +185,12 @@ fi
 %attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
 %attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
 %attr(644,root,root) %{_mandir}/man5/auditd-plugins.5.gz
-%attr(755,root,root) /sbin/auditctl
+%attr(755,root,root) %{_sbindir}/auditctl
-%attr(755,root,root) /sbin/auditd
+%attr(755,root,root) %{_sbindir}/auditd
-%attr(755,root,root) /sbin/ausearch
+%attr(755,root,root) %{_sbindir}/ausearch
-%attr(755,root,root) /sbin/aureport
+%attr(755,root,root) %{_sbindir}/aureport
-%attr(750,root,root) /sbin/autrace
+%attr(750,root,root) %{_sbindir}/autrace
-%attr(755,root,root) /sbin/augenrules
+%attr(755,root,root) %{_sbindir}/augenrules
 %attr(755,root,root) %{_bindir}/aulast
 %attr(755,root,root) %{_bindir}/aulastlog
 %attr(755,root,root) %{_bindir}/ausyscall
@@ -222,6 +204,7 @@ fi
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/rotate
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/state
 %attr(750,root,root) %{_libexecdir}/initscripts/legacy-actions/auditd/stop
+%attr(750,root,root) %{_libexecdir}/audit-functions
 %ghost %{_localstatedir}/run/auditd.state
 %attr(-,root,-) %dir %{_var}/log/audit
 %attr(750,root,root) %dir /etc/audit
@@ -237,8 +220,8 @@ fi
 %config(noreplace) %attr(640,root,root) /etc/audit/audisp-remote.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/au-remote.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/syslog.conf
-%attr(750,root,root) /sbin/audisp-remote
+%attr(750,root,root) %{_sbindir}/audisp-remote
-%attr(750,root,root) /sbin/audisp-syslog
+%attr(750,root,root) %{_sbindir}/audisp-syslog
 %attr(700,root,root) %dir %{_var}/spool/audit
 %attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
 %attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
@@ -249,9 +232,25 @@ fi
 %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
 %config(noreplace) %attr(640,root,root) /etc/audit/plugins.d/audispd-zos-remote.conf
 %config(noreplace) %attr(640,root,root) /etc/audit/zos-remote.conf
-%attr(750,root,root) /sbin/audispd-zos-remote
+%attr(750,root,root) %{_sbindir}/audispd-zos-remote
 
 %changelog
+* Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-2
+- Adjust sample-rules dir permissions
+  Resolves: rhbz#2054727 - /usr/share/audit/sample-rules is no longer readable by non-root users
+
+* Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-1
+- New upstream release - 3.0.7
+  Related: rhbz#1939406
+
+* Thu Jan 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.5-1
+- Rebase audit package on 8.6
+  Resolves: rhbz#1939406
+  Resolves: rhbz#1906065
+  Resolves: rhbz#1921447
+  Resolves: rhbz#1927884
+  Resolves: rhbz#1921658
+
 * Wed Jan 08 2020 Steve Grubb <sgrubb@redhat.com> 3.0-0.17.20191104git1c2f876
 resolves: rhbz#1757986 - Rebase audit package on 8.2 for updates (bpf patch)