New upstream release

audit-2.6-man.patch

@@ -0,0 +1,18 @@
+diff -ur audit-2.6.orig/docs/auditd.conf.5 audit-2.6/docs/auditd.conf.5
+--- audit-2.6.orig/docs/auditd.conf.5	2016-06-22 14:42:34.000000000 -0400
++++ audit-2.6/docs/auditd.conf.5	2016-06-22 15:56:24.511250872 -0400
+@@ -24,10 +24,11 @@
+ Normally you want this so the default is yes.
+ .TP
+ .I log_format
+-The log format describes how the information should be stored on disk. There are 2 options: raw and nolog.
+-If set to
++The log format describes how the information should be stored on disk. There are 2 options: raw and enriched. The nolog option is deprecated. If set to
+ .IR RAW ,
+-the audit records will be stored in a format exactly as the kernel sends it. 
++the audit records will be stored in a format exactly as the kernel sends it. The
++.IR ENRICHED
++option will resolve all uid, gid, syscall, architecture, and socket address information before writing the event to disk. This aids in making sense of events created on one system but reported/analized on another system.
+ The 
+ .I NOLOG
+ option is now deprecated. If you were setting this format, now you should set

audit.spec

@@ -3,12 +3,13 @@
 Summary: User space tools for 2.6 kernel auditing
 Name: audit
 Version: 2.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://people.redhat.com/sgrubb/audit/
 Source0: http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
+Patch1: audit-2.6-man.patch
 BuildRequires: openldap-devel
 BuildRequires: swig
 BuildRequires: python-devel
@@ -305,7 +306,7 @@ fi
 %attr(750,root,root) /sbin/audispd-zos-remote
 
 %changelog
-* Wed Jun 22 2016 Steve Grubb <sgrubb@redhat.com> 2.6-1
+* Wed Jun 22 2016 Steve Grubb <sgrubb@redhat.com> 2.6-2
 - New upstream release
 
 * Fri Apr 29 2016 Steve Grubb <sgrubb@redhat.com> 2.5.2-1